memorix 1.1.7 → 1.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (174) hide show
  1. package/CHANGELOG.md +13 -0
  2. package/CLAUDE.md +6 -1
  3. package/README.md +21 -0
  4. package/README.zh-CN.md +21 -0
  5. package/TEAM.md +86 -86
  6. package/dist/cli/index.js +730 -150
  7. package/dist/cli/index.js.map +1 -1
  8. package/dist/dashboard/static/index.html +201 -201
  9. package/dist/dashboard/static/style.css +3584 -3584
  10. package/dist/index.js +15 -8
  11. package/dist/index.js.map +1 -1
  12. package/dist/memcode-runtime/CHANGELOG.md +13 -0
  13. package/dist/memcode-runtime/package.json +4 -4
  14. package/dist/sdk.js +15 -8
  15. package/dist/sdk.js.map +1 -1
  16. package/docs/AGENT_OPERATOR_PLAYBOOK.md +18 -0
  17. package/docs/DESIGN_DECISIONS.md +357 -357
  18. package/docs/SETUP.md +10 -0
  19. package/docs/dev-log/progress.txt +35 -26
  20. package/package.json +1 -1
  21. package/src/audit/index.ts +156 -156
  22. package/src/cli/commands/agent-integrations.ts +623 -0
  23. package/src/cli/commands/audit-list.ts +89 -89
  24. package/src/cli/commands/background.ts +659 -659
  25. package/src/cli/commands/cleanup.ts +255 -255
  26. package/src/cli/commands/doctor.ts +23 -0
  27. package/src/cli/commands/formation.ts +48 -48
  28. package/src/cli/commands/git-hook-install.ts +111 -111
  29. package/src/cli/commands/handoff.ts +66 -66
  30. package/src/cli/commands/hooks-status.ts +63 -63
  31. package/src/cli/commands/ingest-commit.ts +153 -153
  32. package/src/cli/commands/ingest-image.ts +73 -73
  33. package/src/cli/commands/ingest-log.ts +180 -180
  34. package/src/cli/commands/ingest.ts +44 -44
  35. package/src/cli/commands/integrate-shared.ts +15 -15
  36. package/src/cli/commands/lock.ts +96 -96
  37. package/src/cli/commands/message.ts +121 -121
  38. package/src/cli/commands/poll.ts +70 -70
  39. package/src/cli/commands/purge-all-memory.ts +85 -85
  40. package/src/cli/commands/purge-project-memory.ts +83 -83
  41. package/src/cli/commands/reasoning.ts +132 -132
  42. package/src/cli/commands/repair.ts +60 -0
  43. package/src/cli/commands/retention.ts +108 -108
  44. package/src/cli/commands/serve-shared.ts +118 -118
  45. package/src/cli/commands/setup.ts +3 -3
  46. package/src/cli/commands/skills.ts +123 -123
  47. package/src/cli/commands/task.ts +192 -192
  48. package/src/cli/commands/transfer.ts +73 -73
  49. package/src/cli/commands/uninstall-project-artifacts.ts +85 -85
  50. package/src/cli/index.ts +3 -1
  51. package/src/cli/tui/ChatView.tsx +234 -234
  52. package/src/cli/tui/CommandBar.tsx +312 -312
  53. package/src/cli/tui/ContextRail.tsx +118 -118
  54. package/src/cli/tui/HeaderBar.tsx +72 -72
  55. package/src/cli/tui/LogoBanner.tsx +51 -51
  56. package/src/cli/tui/Panels.tsx +632 -632
  57. package/src/cli/tui/Sidebar.tsx +179 -179
  58. package/src/cli/tui/chat-service.ts +742 -742
  59. package/src/cli/tui/data.ts +547 -547
  60. package/src/cli/tui/index.ts +41 -41
  61. package/src/cli/tui/markdown-render.tsx +371 -371
  62. package/src/cli/tui/theme.ts +178 -178
  63. package/src/cli/tui/use-mouse.ts +157 -157
  64. package/src/cli/tui/useNavigation.ts +56 -56
  65. package/src/cli/update-checker.ts +211 -211
  66. package/src/cli/version.ts +7 -7
  67. package/src/cli/workbench.ts +1 -1
  68. package/src/codegraph/context-pack.ts +5 -1
  69. package/src/codegraph/lite-provider.ts +5 -1
  70. package/src/codegraph/project-context.ts +5 -1
  71. package/src/compact/token-budget.ts +74 -74
  72. package/src/config/behavior.ts +59 -59
  73. package/src/dashboard/project-classification.ts +64 -64
  74. package/src/dashboard/static/index.html +201 -201
  75. package/src/dashboard/static/style.css +3584 -3584
  76. package/src/embedding/fastembed-provider.ts +142 -142
  77. package/src/embedding/transformers-provider.ts +111 -111
  78. package/src/git/extractor.ts +209 -209
  79. package/src/git/hooks-path.ts +85 -85
  80. package/src/git/noise-filter.ts +210 -210
  81. package/src/hooks/installers/index.ts +4 -4
  82. package/src/hooks/official-skills.ts +1 -1
  83. package/src/hooks/pattern-detector.ts +173 -173
  84. package/src/hooks/rules/memorix-agent-rules.md +2 -2
  85. package/src/hooks/significance-filter.ts +250 -250
  86. package/src/llm/memory-manager.ts +328 -328
  87. package/src/llm/provider.ts +885 -885
  88. package/src/llm/quality.ts +248 -248
  89. package/src/memory/attribution-guard.ts +249 -249
  90. package/src/memory/auto-relations.ts +107 -107
  91. package/src/memory/consolidation.ts +302 -302
  92. package/src/memory/disclosure-policy.ts +141 -141
  93. package/src/memory/entity-extractor.ts +197 -197
  94. package/src/memory/formation/evaluate.ts +217 -217
  95. package/src/memory/formation/extract.ts +361 -361
  96. package/src/memory/formation/index.ts +417 -417
  97. package/src/memory/formation/resolve.ts +344 -344
  98. package/src/memory/formation/types.ts +315 -315
  99. package/src/memory/freshness.ts +122 -122
  100. package/src/memory/graph.ts +197 -197
  101. package/src/memory/refs.ts +94 -94
  102. package/src/memory/retention.ts +433 -433
  103. package/src/memory/secret-filter.ts +79 -79
  104. package/src/memory/session.ts +523 -523
  105. package/src/multimodal/image-loader.ts +143 -143
  106. package/src/orchestrate/adapters/claude-stream.ts +192 -192
  107. package/src/orchestrate/adapters/claude.ts +111 -111
  108. package/src/orchestrate/adapters/codex-stream.ts +134 -134
  109. package/src/orchestrate/adapters/codex.ts +41 -41
  110. package/src/orchestrate/adapters/gemini-stream.ts +166 -166
  111. package/src/orchestrate/adapters/gemini.ts +42 -42
  112. package/src/orchestrate/adapters/index.ts +73 -73
  113. package/src/orchestrate/adapters/opencode-stream.ts +143 -143
  114. package/src/orchestrate/adapters/opencode.ts +47 -47
  115. package/src/orchestrate/adapters/spawn-helper.ts +286 -286
  116. package/src/orchestrate/adapters/types.ts +77 -77
  117. package/src/orchestrate/capability-router.ts +284 -284
  118. package/src/orchestrate/context-compact.ts +188 -188
  119. package/src/orchestrate/cost-tracker.ts +219 -219
  120. package/src/orchestrate/error-recovery.ts +191 -191
  121. package/src/orchestrate/evidence.ts +140 -140
  122. package/src/orchestrate/ledger.ts +110 -110
  123. package/src/orchestrate/memorix-bridge.ts +380 -380
  124. package/src/orchestrate/output-budget.ts +80 -80
  125. package/src/orchestrate/permission.ts +152 -152
  126. package/src/orchestrate/pipeline-trace.ts +131 -131
  127. package/src/orchestrate/prompt-builder.ts +155 -155
  128. package/src/orchestrate/ring-buffer.ts +37 -37
  129. package/src/orchestrate/task-graph.ts +389 -389
  130. package/src/orchestrate/verify-gate.ts +219 -219
  131. package/src/orchestrate/worktree.ts +232 -232
  132. package/src/project/aliases.ts +374 -374
  133. package/src/project/detector.ts +268 -268
  134. package/src/rules/adapters/claude-code.ts +99 -99
  135. package/src/rules/adapters/codex.ts +97 -97
  136. package/src/rules/adapters/copilot.ts +124 -124
  137. package/src/rules/adapters/cursor.ts +114 -114
  138. package/src/rules/adapters/kiro.ts +126 -126
  139. package/src/rules/adapters/trae.ts +56 -56
  140. package/src/rules/adapters/windsurf.ts +83 -83
  141. package/src/rules/syncer.ts +235 -235
  142. package/src/sdk.ts +327 -327
  143. package/src/search/intent-detector.ts +289 -289
  144. package/src/search/query-expansion.ts +52 -52
  145. package/src/server/formation-timeout.ts +27 -27
  146. package/src/skills/mini-skills.ts +386 -386
  147. package/src/store/chat-store.ts +119 -119
  148. package/src/store/file-lock.ts +100 -100
  149. package/src/store/graph-store.ts +249 -249
  150. package/src/store/mini-skill-store.ts +349 -349
  151. package/src/store/obs-store.ts +255 -255
  152. package/src/store/persistence-json.ts +212 -212
  153. package/src/store/persistence.ts +291 -291
  154. package/src/store/project-affinity.ts +195 -195
  155. package/src/store/session-store.ts +259 -259
  156. package/src/store/sqlite-store.ts +339 -339
  157. package/src/team/event-bus.ts +76 -76
  158. package/src/team/file-locks.ts +173 -173
  159. package/src/team/handoff.ts +167 -167
  160. package/src/team/messages.ts +203 -203
  161. package/src/team/poll.ts +132 -132
  162. package/src/team/tasks.ts +211 -211
  163. package/src/wiki/generator.ts +237 -237
  164. package/src/wiki/knowledge-graph.ts +334 -334
  165. package/src/wiki/types.ts +85 -85
  166. package/src/workspace/mcp-adapters/codex.ts +191 -191
  167. package/src/workspace/mcp-adapters/copilot.ts +105 -105
  168. package/src/workspace/mcp-adapters/cursor.ts +53 -53
  169. package/src/workspace/mcp-adapters/kiro.ts +64 -64
  170. package/src/workspace/mcp-adapters/opencode.ts +123 -123
  171. package/src/workspace/mcp-adapters/trae.ts +134 -134
  172. package/src/workspace/mcp-adapters/windsurf.ts +91 -91
  173. package/src/workspace/sanitizer.ts +60 -60
  174. package/src/workspace/workflow-sync.ts +131 -131
@@ -1,80 +1,80 @@
1
- /**
2
- * Output Budget — Phase 7, Step 4: Trim large outputs to a token-friendly size.
3
- *
4
- * When gate outputs, agent tail outputs, or other large strings need to be
5
- * embedded in prompts (e.g., fix prompts, ledger entries), this module trims
6
- * them to a configurable budget while preserving the most useful parts
7
- * (beginning + end).
8
- *
9
- * Full output is optionally persisted to disk for debugging.
10
- */
11
-
12
- import { writeFileSync, mkdirSync } from 'node:fs';
13
- import { join, dirname } from 'node:path';
14
-
15
- // ── Constants ──────────────────────────────────────────────────────
16
-
17
- /** Default output budget in bytes */
18
- export const DEFAULT_OUTPUT_BUDGET = 4096;
19
-
20
- // ── Core ───────────────────────────────────────────────────────────
21
-
22
- /**
23
- * Trim text to a byte budget. If the text exceeds the budget, keep
24
- * the first half and last half with an omission marker in between.
25
- *
26
- * Returns the trimmed text. Never throws.
27
- */
28
- export function trimToBudget(text: string, budget: number = DEFAULT_OUTPUT_BUDGET): string {
29
- if (text.length <= budget) return text;
30
-
31
- const half = Math.floor(budget / 2) - 40; // Reserve space for marker
32
- if (half <= 0) return text.slice(0, budget);
33
-
34
- const omitted = text.length - half * 2;
35
- return (
36
- text.slice(0, half) +
37
- `\n\n... (${omitted} bytes omitted — full output saved to disk) ...\n\n` +
38
- text.slice(-half)
39
- );
40
- }
41
-
42
- /**
43
- * Persist full output to a file and return the trimmed version.
44
- *
45
- * If disk write fails, returns the trimmed text without file reference.
46
- * Never throws.
47
- */
48
- export function trimAndPersist(
49
- text: string,
50
- filePath: string,
51
- budget: number = DEFAULT_OUTPUT_BUDGET,
52
- ): { trimmed: string; persisted: boolean; fullPath?: string } {
53
- if (text.length <= budget) {
54
- return { trimmed: text, persisted: false };
55
- }
56
-
57
- // Persist full output to disk (best-effort)
58
- let persisted = false;
59
- try {
60
- mkdirSync(dirname(filePath), { recursive: true });
61
- writeFileSync(filePath, text, 'utf-8');
62
- persisted = true;
63
- } catch {
64
- // Disk write failed — degrade gracefully
65
- }
66
-
67
- const half = Math.floor(budget / 2) - 60; // Reserve space for marker + path
68
- if (half <= 0) {
69
- return { trimmed: text.slice(0, budget), persisted, fullPath: persisted ? filePath : undefined };
70
- }
71
-
72
- const omitted = text.length - half * 2;
73
- const pathNote = persisted ? ` Full output at: ${filePath}` : '';
74
- const trimmed =
75
- text.slice(0, half) +
76
- `\n\n... (${omitted} bytes omitted.${pathNote}) ...\n\n` +
77
- text.slice(-half);
78
-
79
- return { trimmed, persisted, fullPath: persisted ? filePath : undefined };
80
- }
1
+ /**
2
+ * Output Budget — Phase 7, Step 4: Trim large outputs to a token-friendly size.
3
+ *
4
+ * When gate outputs, agent tail outputs, or other large strings need to be
5
+ * embedded in prompts (e.g., fix prompts, ledger entries), this module trims
6
+ * them to a configurable budget while preserving the most useful parts
7
+ * (beginning + end).
8
+ *
9
+ * Full output is optionally persisted to disk for debugging.
10
+ */
11
+
12
+ import { writeFileSync, mkdirSync } from 'node:fs';
13
+ import { join, dirname } from 'node:path';
14
+
15
+ // ── Constants ──────────────────────────────────────────────────────
16
+
17
+ /** Default output budget in bytes */
18
+ export const DEFAULT_OUTPUT_BUDGET = 4096;
19
+
20
+ // ── Core ───────────────────────────────────────────────────────────
21
+
22
+ /**
23
+ * Trim text to a byte budget. If the text exceeds the budget, keep
24
+ * the first half and last half with an omission marker in between.
25
+ *
26
+ * Returns the trimmed text. Never throws.
27
+ */
28
+ export function trimToBudget(text: string, budget: number = DEFAULT_OUTPUT_BUDGET): string {
29
+ if (text.length <= budget) return text;
30
+
31
+ const half = Math.floor(budget / 2) - 40; // Reserve space for marker
32
+ if (half <= 0) return text.slice(0, budget);
33
+
34
+ const omitted = text.length - half * 2;
35
+ return (
36
+ text.slice(0, half) +
37
+ `\n\n... (${omitted} bytes omitted — full output saved to disk) ...\n\n` +
38
+ text.slice(-half)
39
+ );
40
+ }
41
+
42
+ /**
43
+ * Persist full output to a file and return the trimmed version.
44
+ *
45
+ * If disk write fails, returns the trimmed text without file reference.
46
+ * Never throws.
47
+ */
48
+ export function trimAndPersist(
49
+ text: string,
50
+ filePath: string,
51
+ budget: number = DEFAULT_OUTPUT_BUDGET,
52
+ ): { trimmed: string; persisted: boolean; fullPath?: string } {
53
+ if (text.length <= budget) {
54
+ return { trimmed: text, persisted: false };
55
+ }
56
+
57
+ // Persist full output to disk (best-effort)
58
+ let persisted = false;
59
+ try {
60
+ mkdirSync(dirname(filePath), { recursive: true });
61
+ writeFileSync(filePath, text, 'utf-8');
62
+ persisted = true;
63
+ } catch {
64
+ // Disk write failed — degrade gracefully
65
+ }
66
+
67
+ const half = Math.floor(budget / 2) - 60; // Reserve space for marker + path
68
+ if (half <= 0) {
69
+ return { trimmed: text.slice(0, budget), persisted, fullPath: persisted ? filePath : undefined };
70
+ }
71
+
72
+ const omitted = text.length - half * 2;
73
+ const pathNote = persisted ? ` Full output at: ${filePath}` : '';
74
+ const trimmed =
75
+ text.slice(0, half) +
76
+ `\n\n... (${omitted} bytes omitted.${pathNote}) ...\n\n` +
77
+ text.slice(-half);
78
+
79
+ return { trimmed, persisted, fullPath: persisted ? filePath : undefined };
80
+ }
@@ -1,152 +1,152 @@
1
- /**
2
- * Permission — Phase 7, Step 10: Risk classification + monitoring for agent tools.
3
- *
4
- * Classifies tool calls by risk tier and records them for post-run audit.
5
- * Does NOT block or restrict agent tools (Non-Invasiveness principle).
6
- * The primary use case is monitoring and reporting:
7
- * - Which high-risk tools were used and how often
8
- * - Whether agents used filesystem-destructive or network operations
9
- * - Per-task risk summary in the evidence directory
10
- *
11
- * Three tiers:
12
- * - safe: read-only operations (Read, Grep, List, etc.)
13
- * - moderate: write operations (Edit, Write, Execute safe commands)
14
- * - dangerous: destructive/network/exec operations (Delete, Bash, Deploy, etc.)
15
- */
16
-
17
- // ── Types ──────────────────────────────────────────────────────────
18
-
19
- export type RiskTier = 'safe' | 'moderate' | 'dangerous';
20
-
21
- export interface ToolUsageRecord {
22
- tool: string;
23
- tier: RiskTier;
24
- count: number;
25
- firstSeen: number;
26
- lastSeen: number;
27
- }
28
-
29
- export interface TaskRiskProfile {
30
- taskId: string;
31
- /** Highest risk tier used by this task */
32
- maxTier: RiskTier;
33
- /** Total tool calls */
34
- totalCalls: number;
35
- /** Tool usage breakdown */
36
- tools: ToolUsageRecord[];
37
- }
38
-
39
- // ── Classification Registry ────────────────────────────────────────
40
-
41
- const SAFE_TOOLS = new Set([
42
- 'read_file', 'grep_search', 'find_by_name', 'list_dir', 'code_search',
43
- 'read_notebook', 'read_url_content', 'view_content_chunk',
44
- 'memorix_search', 'memorix_detail', 'memorix_search_reasoning',
45
- 'mcp_query', 'search_web',
46
- ]);
47
-
48
- const MODERATE_TOOLS = new Set([
49
- 'edit', 'multi_edit', 'write_to_file', 'edit_notebook',
50
- 'memorix_store', 'memorix_store_reasoning', 'memorix_resolve',
51
- 'memorix_session_start', 'memorix_handoff', 'memorix_poll',
52
- 'git_commit', 'git_add', 'git_checkout',
53
- ]);
54
-
55
- const DANGEROUS_TOOLS = new Set([
56
- 'run_command', 'bash', 'execute_command', 'terminal',
57
- 'delete_file', 'remove_directory',
58
- 'deploy_web_app', 'browser_navigate', 'browser_click',
59
- 'http_request', 'fetch_url',
60
- ]);
61
-
62
- // ── Core ───────────────────────────────────────────────────────────
63
-
64
- /**
65
- * Classify a tool name into a risk tier.
66
- * Unknown tools default to 'moderate' (conservative but not alarming).
67
- */
68
- export function classifyTool(toolName: string): RiskTier {
69
- const name = toolName.toLowerCase().replace(/[^a-z0-9_]/g, '_');
70
- if (SAFE_TOOLS.has(name)) return 'safe';
71
- if (DANGEROUS_TOOLS.has(name)) return 'dangerous';
72
- if (MODERATE_TOOLS.has(name)) return 'moderate';
73
- // Heuristic fallback: tools with 'write', 'delete', 'exec', 'run' in name
74
- if (/delete|remove|exec|run|deploy|bash|terminal/.test(name)) return 'dangerous';
75
- if (/write|edit|create|update|store|commit/.test(name)) return 'moderate';
76
- return 'moderate'; // Unknown → moderate (safe default)
77
- }
78
-
79
- /**
80
- * Task-level tool usage tracker. Create one per dispatched task.
81
- */
82
- export class TaskToolTracker {
83
- private tools = new Map<string, ToolUsageRecord>();
84
- readonly taskId: string;
85
-
86
- constructor(taskId: string) {
87
- this.taskId = taskId;
88
- }
89
-
90
- /** Record a tool call. Call this when an agent uses a tool. */
91
- record(toolName: string): void {
92
- const tier = classifyTool(toolName);
93
- const now = Date.now();
94
- const existing = this.tools.get(toolName);
95
-
96
- if (existing) {
97
- existing.count++;
98
- existing.lastSeen = now;
99
- } else {
100
- this.tools.set(toolName, {
101
- tool: toolName,
102
- tier,
103
- count: 1,
104
- firstSeen: now,
105
- lastSeen: now,
106
- });
107
- }
108
- }
109
-
110
- /** Get the risk profile for this task. */
111
- getProfile(): TaskRiskProfile {
112
- const tools = Array.from(this.tools.values());
113
- const totalCalls = tools.reduce((sum, t) => sum + t.count, 0);
114
-
115
- let maxTier: RiskTier = 'safe';
116
- for (const t of tools) {
117
- if (t.tier === 'dangerous') { maxTier = 'dangerous'; break; }
118
- if (t.tier === 'moderate') maxTier = 'moderate';
119
- }
120
-
121
- return {
122
- taskId: this.taskId,
123
- maxTier,
124
- totalCalls,
125
- tools,
126
- };
127
- }
128
-
129
- /** Format a human-readable risk summary. */
130
- formatSummary(): string {
131
- const profile = this.getProfile();
132
- const lines = [`Risk: ${profile.maxTier} (${profile.totalCalls} tool calls)`];
133
-
134
- const dangerous = profile.tools.filter(t => t.tier === 'dangerous');
135
- if (dangerous.length > 0) {
136
- lines.push(' Dangerous tools:');
137
- for (const t of dangerous) {
138
- lines.push(` - ${t.tool}: ${t.count}x`);
139
- }
140
- }
141
-
142
- return lines.join('\n');
143
- }
144
- }
145
-
146
- /**
147
- * Compare two risk tiers. Returns positive if a > b, negative if a < b, 0 if equal.
148
- */
149
- export function compareTiers(a: RiskTier, b: RiskTier): number {
150
- const order: Record<RiskTier, number> = { safe: 0, moderate: 1, dangerous: 2 };
151
- return order[a] - order[b];
152
- }
1
+ /**
2
+ * Permission — Phase 7, Step 10: Risk classification + monitoring for agent tools.
3
+ *
4
+ * Classifies tool calls by risk tier and records them for post-run audit.
5
+ * Does NOT block or restrict agent tools (Non-Invasiveness principle).
6
+ * The primary use case is monitoring and reporting:
7
+ * - Which high-risk tools were used and how often
8
+ * - Whether agents used filesystem-destructive or network operations
9
+ * - Per-task risk summary in the evidence directory
10
+ *
11
+ * Three tiers:
12
+ * - safe: read-only operations (Read, Grep, List, etc.)
13
+ * - moderate: write operations (Edit, Write, Execute safe commands)
14
+ * - dangerous: destructive/network/exec operations (Delete, Bash, Deploy, etc.)
15
+ */
16
+
17
+ // ── Types ──────────────────────────────────────────────────────────
18
+
19
+ export type RiskTier = 'safe' | 'moderate' | 'dangerous';
20
+
21
+ export interface ToolUsageRecord {
22
+ tool: string;
23
+ tier: RiskTier;
24
+ count: number;
25
+ firstSeen: number;
26
+ lastSeen: number;
27
+ }
28
+
29
+ export interface TaskRiskProfile {
30
+ taskId: string;
31
+ /** Highest risk tier used by this task */
32
+ maxTier: RiskTier;
33
+ /** Total tool calls */
34
+ totalCalls: number;
35
+ /** Tool usage breakdown */
36
+ tools: ToolUsageRecord[];
37
+ }
38
+
39
+ // ── Classification Registry ────────────────────────────────────────
40
+
41
+ const SAFE_TOOLS = new Set([
42
+ 'read_file', 'grep_search', 'find_by_name', 'list_dir', 'code_search',
43
+ 'read_notebook', 'read_url_content', 'view_content_chunk',
44
+ 'memorix_search', 'memorix_detail', 'memorix_search_reasoning',
45
+ 'mcp_query', 'search_web',
46
+ ]);
47
+
48
+ const MODERATE_TOOLS = new Set([
49
+ 'edit', 'multi_edit', 'write_to_file', 'edit_notebook',
50
+ 'memorix_store', 'memorix_store_reasoning', 'memorix_resolve',
51
+ 'memorix_session_start', 'memorix_handoff', 'memorix_poll',
52
+ 'git_commit', 'git_add', 'git_checkout',
53
+ ]);
54
+
55
+ const DANGEROUS_TOOLS = new Set([
56
+ 'run_command', 'bash', 'execute_command', 'terminal',
57
+ 'delete_file', 'remove_directory',
58
+ 'deploy_web_app', 'browser_navigate', 'browser_click',
59
+ 'http_request', 'fetch_url',
60
+ ]);
61
+
62
+ // ── Core ───────────────────────────────────────────────────────────
63
+
64
+ /**
65
+ * Classify a tool name into a risk tier.
66
+ * Unknown tools default to 'moderate' (conservative but not alarming).
67
+ */
68
+ export function classifyTool(toolName: string): RiskTier {
69
+ const name = toolName.toLowerCase().replace(/[^a-z0-9_]/g, '_');
70
+ if (SAFE_TOOLS.has(name)) return 'safe';
71
+ if (DANGEROUS_TOOLS.has(name)) return 'dangerous';
72
+ if (MODERATE_TOOLS.has(name)) return 'moderate';
73
+ // Heuristic fallback: tools with 'write', 'delete', 'exec', 'run' in name
74
+ if (/delete|remove|exec|run|deploy|bash|terminal/.test(name)) return 'dangerous';
75
+ if (/write|edit|create|update|store|commit/.test(name)) return 'moderate';
76
+ return 'moderate'; // Unknown → moderate (safe default)
77
+ }
78
+
79
+ /**
80
+ * Task-level tool usage tracker. Create one per dispatched task.
81
+ */
82
+ export class TaskToolTracker {
83
+ private tools = new Map<string, ToolUsageRecord>();
84
+ readonly taskId: string;
85
+
86
+ constructor(taskId: string) {
87
+ this.taskId = taskId;
88
+ }
89
+
90
+ /** Record a tool call. Call this when an agent uses a tool. */
91
+ record(toolName: string): void {
92
+ const tier = classifyTool(toolName);
93
+ const now = Date.now();
94
+ const existing = this.tools.get(toolName);
95
+
96
+ if (existing) {
97
+ existing.count++;
98
+ existing.lastSeen = now;
99
+ } else {
100
+ this.tools.set(toolName, {
101
+ tool: toolName,
102
+ tier,
103
+ count: 1,
104
+ firstSeen: now,
105
+ lastSeen: now,
106
+ });
107
+ }
108
+ }
109
+
110
+ /** Get the risk profile for this task. */
111
+ getProfile(): TaskRiskProfile {
112
+ const tools = Array.from(this.tools.values());
113
+ const totalCalls = tools.reduce((sum, t) => sum + t.count, 0);
114
+
115
+ let maxTier: RiskTier = 'safe';
116
+ for (const t of tools) {
117
+ if (t.tier === 'dangerous') { maxTier = 'dangerous'; break; }
118
+ if (t.tier === 'moderate') maxTier = 'moderate';
119
+ }
120
+
121
+ return {
122
+ taskId: this.taskId,
123
+ maxTier,
124
+ totalCalls,
125
+ tools,
126
+ };
127
+ }
128
+
129
+ /** Format a human-readable risk summary. */
130
+ formatSummary(): string {
131
+ const profile = this.getProfile();
132
+ const lines = [`Risk: ${profile.maxTier} (${profile.totalCalls} tool calls)`];
133
+
134
+ const dangerous = profile.tools.filter(t => t.tier === 'dangerous');
135
+ if (dangerous.length > 0) {
136
+ lines.push(' Dangerous tools:');
137
+ for (const t of dangerous) {
138
+ lines.push(` - ${t.tool}: ${t.count}x`);
139
+ }
140
+ }
141
+
142
+ return lines.join('\n');
143
+ }
144
+ }
145
+
146
+ /**
147
+ * Compare two risk tiers. Returns positive if a > b, negative if a < b, 0 if equal.
148
+ */
149
+ export function compareTiers(a: RiskTier, b: RiskTier): number {
150
+ const order: Record<RiskTier, number> = { safe: 0, moderate: 1, dangerous: 2 };
151
+ return order[a] - order[b];
152
+ }