memorix 1.1.7 → 1.1.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +13 -0
- package/CLAUDE.md +6 -1
- package/README.md +21 -0
- package/README.zh-CN.md +21 -0
- package/TEAM.md +86 -86
- package/dist/cli/index.js +730 -150
- package/dist/cli/index.js.map +1 -1
- package/dist/dashboard/static/index.html +201 -201
- package/dist/dashboard/static/style.css +3584 -3584
- package/dist/index.js +15 -8
- package/dist/index.js.map +1 -1
- package/dist/memcode-runtime/CHANGELOG.md +13 -0
- package/dist/memcode-runtime/package.json +4 -4
- package/dist/sdk.js +15 -8
- package/dist/sdk.js.map +1 -1
- package/docs/AGENT_OPERATOR_PLAYBOOK.md +18 -0
- package/docs/DESIGN_DECISIONS.md +357 -357
- package/docs/SETUP.md +10 -0
- package/docs/dev-log/progress.txt +35 -26
- package/package.json +1 -1
- package/src/audit/index.ts +156 -156
- package/src/cli/commands/agent-integrations.ts +623 -0
- package/src/cli/commands/audit-list.ts +89 -89
- package/src/cli/commands/background.ts +659 -659
- package/src/cli/commands/cleanup.ts +255 -255
- package/src/cli/commands/doctor.ts +23 -0
- package/src/cli/commands/formation.ts +48 -48
- package/src/cli/commands/git-hook-install.ts +111 -111
- package/src/cli/commands/handoff.ts +66 -66
- package/src/cli/commands/hooks-status.ts +63 -63
- package/src/cli/commands/ingest-commit.ts +153 -153
- package/src/cli/commands/ingest-image.ts +73 -73
- package/src/cli/commands/ingest-log.ts +180 -180
- package/src/cli/commands/ingest.ts +44 -44
- package/src/cli/commands/integrate-shared.ts +15 -15
- package/src/cli/commands/lock.ts +96 -96
- package/src/cli/commands/message.ts +121 -121
- package/src/cli/commands/poll.ts +70 -70
- package/src/cli/commands/purge-all-memory.ts +85 -85
- package/src/cli/commands/purge-project-memory.ts +83 -83
- package/src/cli/commands/reasoning.ts +132 -132
- package/src/cli/commands/repair.ts +60 -0
- package/src/cli/commands/retention.ts +108 -108
- package/src/cli/commands/serve-shared.ts +118 -118
- package/src/cli/commands/setup.ts +3 -3
- package/src/cli/commands/skills.ts +123 -123
- package/src/cli/commands/task.ts +192 -192
- package/src/cli/commands/transfer.ts +73 -73
- package/src/cli/commands/uninstall-project-artifacts.ts +85 -85
- package/src/cli/index.ts +3 -1
- package/src/cli/tui/ChatView.tsx +234 -234
- package/src/cli/tui/CommandBar.tsx +312 -312
- package/src/cli/tui/ContextRail.tsx +118 -118
- package/src/cli/tui/HeaderBar.tsx +72 -72
- package/src/cli/tui/LogoBanner.tsx +51 -51
- package/src/cli/tui/Panels.tsx +632 -632
- package/src/cli/tui/Sidebar.tsx +179 -179
- package/src/cli/tui/chat-service.ts +742 -742
- package/src/cli/tui/data.ts +547 -547
- package/src/cli/tui/index.ts +41 -41
- package/src/cli/tui/markdown-render.tsx +371 -371
- package/src/cli/tui/theme.ts +178 -178
- package/src/cli/tui/use-mouse.ts +157 -157
- package/src/cli/tui/useNavigation.ts +56 -56
- package/src/cli/update-checker.ts +211 -211
- package/src/cli/version.ts +7 -7
- package/src/cli/workbench.ts +1 -1
- package/src/codegraph/context-pack.ts +5 -1
- package/src/codegraph/lite-provider.ts +5 -1
- package/src/codegraph/project-context.ts +5 -1
- package/src/compact/token-budget.ts +74 -74
- package/src/config/behavior.ts +59 -59
- package/src/dashboard/project-classification.ts +64 -64
- package/src/dashboard/static/index.html +201 -201
- package/src/dashboard/static/style.css +3584 -3584
- package/src/embedding/fastembed-provider.ts +142 -142
- package/src/embedding/transformers-provider.ts +111 -111
- package/src/git/extractor.ts +209 -209
- package/src/git/hooks-path.ts +85 -85
- package/src/git/noise-filter.ts +210 -210
- package/src/hooks/installers/index.ts +4 -4
- package/src/hooks/official-skills.ts +1 -1
- package/src/hooks/pattern-detector.ts +173 -173
- package/src/hooks/rules/memorix-agent-rules.md +2 -2
- package/src/hooks/significance-filter.ts +250 -250
- package/src/llm/memory-manager.ts +328 -328
- package/src/llm/provider.ts +885 -885
- package/src/llm/quality.ts +248 -248
- package/src/memory/attribution-guard.ts +249 -249
- package/src/memory/auto-relations.ts +107 -107
- package/src/memory/consolidation.ts +302 -302
- package/src/memory/disclosure-policy.ts +141 -141
- package/src/memory/entity-extractor.ts +197 -197
- package/src/memory/formation/evaluate.ts +217 -217
- package/src/memory/formation/extract.ts +361 -361
- package/src/memory/formation/index.ts +417 -417
- package/src/memory/formation/resolve.ts +344 -344
- package/src/memory/formation/types.ts +315 -315
- package/src/memory/freshness.ts +122 -122
- package/src/memory/graph.ts +197 -197
- package/src/memory/refs.ts +94 -94
- package/src/memory/retention.ts +433 -433
- package/src/memory/secret-filter.ts +79 -79
- package/src/memory/session.ts +523 -523
- package/src/multimodal/image-loader.ts +143 -143
- package/src/orchestrate/adapters/claude-stream.ts +192 -192
- package/src/orchestrate/adapters/claude.ts +111 -111
- package/src/orchestrate/adapters/codex-stream.ts +134 -134
- package/src/orchestrate/adapters/codex.ts +41 -41
- package/src/orchestrate/adapters/gemini-stream.ts +166 -166
- package/src/orchestrate/adapters/gemini.ts +42 -42
- package/src/orchestrate/adapters/index.ts +73 -73
- package/src/orchestrate/adapters/opencode-stream.ts +143 -143
- package/src/orchestrate/adapters/opencode.ts +47 -47
- package/src/orchestrate/adapters/spawn-helper.ts +286 -286
- package/src/orchestrate/adapters/types.ts +77 -77
- package/src/orchestrate/capability-router.ts +284 -284
- package/src/orchestrate/context-compact.ts +188 -188
- package/src/orchestrate/cost-tracker.ts +219 -219
- package/src/orchestrate/error-recovery.ts +191 -191
- package/src/orchestrate/evidence.ts +140 -140
- package/src/orchestrate/ledger.ts +110 -110
- package/src/orchestrate/memorix-bridge.ts +380 -380
- package/src/orchestrate/output-budget.ts +80 -80
- package/src/orchestrate/permission.ts +152 -152
- package/src/orchestrate/pipeline-trace.ts +131 -131
- package/src/orchestrate/prompt-builder.ts +155 -155
- package/src/orchestrate/ring-buffer.ts +37 -37
- package/src/orchestrate/task-graph.ts +389 -389
- package/src/orchestrate/verify-gate.ts +219 -219
- package/src/orchestrate/worktree.ts +232 -232
- package/src/project/aliases.ts +374 -374
- package/src/project/detector.ts +268 -268
- package/src/rules/adapters/claude-code.ts +99 -99
- package/src/rules/adapters/codex.ts +97 -97
- package/src/rules/adapters/copilot.ts +124 -124
- package/src/rules/adapters/cursor.ts +114 -114
- package/src/rules/adapters/kiro.ts +126 -126
- package/src/rules/adapters/trae.ts +56 -56
- package/src/rules/adapters/windsurf.ts +83 -83
- package/src/rules/syncer.ts +235 -235
- package/src/sdk.ts +327 -327
- package/src/search/intent-detector.ts +289 -289
- package/src/search/query-expansion.ts +52 -52
- package/src/server/formation-timeout.ts +27 -27
- package/src/skills/mini-skills.ts +386 -386
- package/src/store/chat-store.ts +119 -119
- package/src/store/file-lock.ts +100 -100
- package/src/store/graph-store.ts +249 -249
- package/src/store/mini-skill-store.ts +349 -349
- package/src/store/obs-store.ts +255 -255
- package/src/store/persistence-json.ts +212 -212
- package/src/store/persistence.ts +291 -291
- package/src/store/project-affinity.ts +195 -195
- package/src/store/session-store.ts +259 -259
- package/src/store/sqlite-store.ts +339 -339
- package/src/team/event-bus.ts +76 -76
- package/src/team/file-locks.ts +173 -173
- package/src/team/handoff.ts +167 -167
- package/src/team/messages.ts +203 -203
- package/src/team/poll.ts +132 -132
- package/src/team/tasks.ts +211 -211
- package/src/wiki/generator.ts +237 -237
- package/src/wiki/knowledge-graph.ts +334 -334
- package/src/wiki/types.ts +85 -85
- package/src/workspace/mcp-adapters/codex.ts +191 -191
- package/src/workspace/mcp-adapters/copilot.ts +105 -105
- package/src/workspace/mcp-adapters/cursor.ts +53 -53
- package/src/workspace/mcp-adapters/kiro.ts +64 -64
- package/src/workspace/mcp-adapters/opencode.ts +123 -123
- package/src/workspace/mcp-adapters/trae.ts +134 -134
- package/src/workspace/mcp-adapters/windsurf.ts +91 -91
- package/src/workspace/sanitizer.ts +60 -60
- package/src/workspace/workflow-sync.ts +131 -131
|
@@ -1,80 +1,80 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Output Budget — Phase 7, Step 4: Trim large outputs to a token-friendly size.
|
|
3
|
-
*
|
|
4
|
-
* When gate outputs, agent tail outputs, or other large strings need to be
|
|
5
|
-
* embedded in prompts (e.g., fix prompts, ledger entries), this module trims
|
|
6
|
-
* them to a configurable budget while preserving the most useful parts
|
|
7
|
-
* (beginning + end).
|
|
8
|
-
*
|
|
9
|
-
* Full output is optionally persisted to disk for debugging.
|
|
10
|
-
*/
|
|
11
|
-
|
|
12
|
-
import { writeFileSync, mkdirSync } from 'node:fs';
|
|
13
|
-
import { join, dirname } from 'node:path';
|
|
14
|
-
|
|
15
|
-
// ── Constants ──────────────────────────────────────────────────────
|
|
16
|
-
|
|
17
|
-
/** Default output budget in bytes */
|
|
18
|
-
export const DEFAULT_OUTPUT_BUDGET = 4096;
|
|
19
|
-
|
|
20
|
-
// ── Core ───────────────────────────────────────────────────────────
|
|
21
|
-
|
|
22
|
-
/**
|
|
23
|
-
* Trim text to a byte budget. If the text exceeds the budget, keep
|
|
24
|
-
* the first half and last half with an omission marker in between.
|
|
25
|
-
*
|
|
26
|
-
* Returns the trimmed text. Never throws.
|
|
27
|
-
*/
|
|
28
|
-
export function trimToBudget(text: string, budget: number = DEFAULT_OUTPUT_BUDGET): string {
|
|
29
|
-
if (text.length <= budget) return text;
|
|
30
|
-
|
|
31
|
-
const half = Math.floor(budget / 2) - 40; // Reserve space for marker
|
|
32
|
-
if (half <= 0) return text.slice(0, budget);
|
|
33
|
-
|
|
34
|
-
const omitted = text.length - half * 2;
|
|
35
|
-
return (
|
|
36
|
-
text.slice(0, half) +
|
|
37
|
-
`\n\n... (${omitted} bytes omitted — full output saved to disk) ...\n\n` +
|
|
38
|
-
text.slice(-half)
|
|
39
|
-
);
|
|
40
|
-
}
|
|
41
|
-
|
|
42
|
-
/**
|
|
43
|
-
* Persist full output to a file and return the trimmed version.
|
|
44
|
-
*
|
|
45
|
-
* If disk write fails, returns the trimmed text without file reference.
|
|
46
|
-
* Never throws.
|
|
47
|
-
*/
|
|
48
|
-
export function trimAndPersist(
|
|
49
|
-
text: string,
|
|
50
|
-
filePath: string,
|
|
51
|
-
budget: number = DEFAULT_OUTPUT_BUDGET,
|
|
52
|
-
): { trimmed: string; persisted: boolean; fullPath?: string } {
|
|
53
|
-
if (text.length <= budget) {
|
|
54
|
-
return { trimmed: text, persisted: false };
|
|
55
|
-
}
|
|
56
|
-
|
|
57
|
-
// Persist full output to disk (best-effort)
|
|
58
|
-
let persisted = false;
|
|
59
|
-
try {
|
|
60
|
-
mkdirSync(dirname(filePath), { recursive: true });
|
|
61
|
-
writeFileSync(filePath, text, 'utf-8');
|
|
62
|
-
persisted = true;
|
|
63
|
-
} catch {
|
|
64
|
-
// Disk write failed — degrade gracefully
|
|
65
|
-
}
|
|
66
|
-
|
|
67
|
-
const half = Math.floor(budget / 2) - 60; // Reserve space for marker + path
|
|
68
|
-
if (half <= 0) {
|
|
69
|
-
return { trimmed: text.slice(0, budget), persisted, fullPath: persisted ? filePath : undefined };
|
|
70
|
-
}
|
|
71
|
-
|
|
72
|
-
const omitted = text.length - half * 2;
|
|
73
|
-
const pathNote = persisted ? ` Full output at: ${filePath}` : '';
|
|
74
|
-
const trimmed =
|
|
75
|
-
text.slice(0, half) +
|
|
76
|
-
`\n\n... (${omitted} bytes omitted.${pathNote}) ...\n\n` +
|
|
77
|
-
text.slice(-half);
|
|
78
|
-
|
|
79
|
-
return { trimmed, persisted, fullPath: persisted ? filePath : undefined };
|
|
80
|
-
}
|
|
1
|
+
/**
|
|
2
|
+
* Output Budget — Phase 7, Step 4: Trim large outputs to a token-friendly size.
|
|
3
|
+
*
|
|
4
|
+
* When gate outputs, agent tail outputs, or other large strings need to be
|
|
5
|
+
* embedded in prompts (e.g., fix prompts, ledger entries), this module trims
|
|
6
|
+
* them to a configurable budget while preserving the most useful parts
|
|
7
|
+
* (beginning + end).
|
|
8
|
+
*
|
|
9
|
+
* Full output is optionally persisted to disk for debugging.
|
|
10
|
+
*/
|
|
11
|
+
|
|
12
|
+
import { writeFileSync, mkdirSync } from 'node:fs';
|
|
13
|
+
import { join, dirname } from 'node:path';
|
|
14
|
+
|
|
15
|
+
// ── Constants ──────────────────────────────────────────────────────
|
|
16
|
+
|
|
17
|
+
/** Default output budget in bytes */
|
|
18
|
+
export const DEFAULT_OUTPUT_BUDGET = 4096;
|
|
19
|
+
|
|
20
|
+
// ── Core ───────────────────────────────────────────────────────────
|
|
21
|
+
|
|
22
|
+
/**
|
|
23
|
+
* Trim text to a byte budget. If the text exceeds the budget, keep
|
|
24
|
+
* the first half and last half with an omission marker in between.
|
|
25
|
+
*
|
|
26
|
+
* Returns the trimmed text. Never throws.
|
|
27
|
+
*/
|
|
28
|
+
export function trimToBudget(text: string, budget: number = DEFAULT_OUTPUT_BUDGET): string {
|
|
29
|
+
if (text.length <= budget) return text;
|
|
30
|
+
|
|
31
|
+
const half = Math.floor(budget / 2) - 40; // Reserve space for marker
|
|
32
|
+
if (half <= 0) return text.slice(0, budget);
|
|
33
|
+
|
|
34
|
+
const omitted = text.length - half * 2;
|
|
35
|
+
return (
|
|
36
|
+
text.slice(0, half) +
|
|
37
|
+
`\n\n... (${omitted} bytes omitted — full output saved to disk) ...\n\n` +
|
|
38
|
+
text.slice(-half)
|
|
39
|
+
);
|
|
40
|
+
}
|
|
41
|
+
|
|
42
|
+
/**
|
|
43
|
+
* Persist full output to a file and return the trimmed version.
|
|
44
|
+
*
|
|
45
|
+
* If disk write fails, returns the trimmed text without file reference.
|
|
46
|
+
* Never throws.
|
|
47
|
+
*/
|
|
48
|
+
export function trimAndPersist(
|
|
49
|
+
text: string,
|
|
50
|
+
filePath: string,
|
|
51
|
+
budget: number = DEFAULT_OUTPUT_BUDGET,
|
|
52
|
+
): { trimmed: string; persisted: boolean; fullPath?: string } {
|
|
53
|
+
if (text.length <= budget) {
|
|
54
|
+
return { trimmed: text, persisted: false };
|
|
55
|
+
}
|
|
56
|
+
|
|
57
|
+
// Persist full output to disk (best-effort)
|
|
58
|
+
let persisted = false;
|
|
59
|
+
try {
|
|
60
|
+
mkdirSync(dirname(filePath), { recursive: true });
|
|
61
|
+
writeFileSync(filePath, text, 'utf-8');
|
|
62
|
+
persisted = true;
|
|
63
|
+
} catch {
|
|
64
|
+
// Disk write failed — degrade gracefully
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
const half = Math.floor(budget / 2) - 60; // Reserve space for marker + path
|
|
68
|
+
if (half <= 0) {
|
|
69
|
+
return { trimmed: text.slice(0, budget), persisted, fullPath: persisted ? filePath : undefined };
|
|
70
|
+
}
|
|
71
|
+
|
|
72
|
+
const omitted = text.length - half * 2;
|
|
73
|
+
const pathNote = persisted ? ` Full output at: ${filePath}` : '';
|
|
74
|
+
const trimmed =
|
|
75
|
+
text.slice(0, half) +
|
|
76
|
+
`\n\n... (${omitted} bytes omitted.${pathNote}) ...\n\n` +
|
|
77
|
+
text.slice(-half);
|
|
78
|
+
|
|
79
|
+
return { trimmed, persisted, fullPath: persisted ? filePath : undefined };
|
|
80
|
+
}
|
|
@@ -1,152 +1,152 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Permission — Phase 7, Step 10: Risk classification + monitoring for agent tools.
|
|
3
|
-
*
|
|
4
|
-
* Classifies tool calls by risk tier and records them for post-run audit.
|
|
5
|
-
* Does NOT block or restrict agent tools (Non-Invasiveness principle).
|
|
6
|
-
* The primary use case is monitoring and reporting:
|
|
7
|
-
* - Which high-risk tools were used and how often
|
|
8
|
-
* - Whether agents used filesystem-destructive or network operations
|
|
9
|
-
* - Per-task risk summary in the evidence directory
|
|
10
|
-
*
|
|
11
|
-
* Three tiers:
|
|
12
|
-
* - safe: read-only operations (Read, Grep, List, etc.)
|
|
13
|
-
* - moderate: write operations (Edit, Write, Execute safe commands)
|
|
14
|
-
* - dangerous: destructive/network/exec operations (Delete, Bash, Deploy, etc.)
|
|
15
|
-
*/
|
|
16
|
-
|
|
17
|
-
// ── Types ──────────────────────────────────────────────────────────
|
|
18
|
-
|
|
19
|
-
export type RiskTier = 'safe' | 'moderate' | 'dangerous';
|
|
20
|
-
|
|
21
|
-
export interface ToolUsageRecord {
|
|
22
|
-
tool: string;
|
|
23
|
-
tier: RiskTier;
|
|
24
|
-
count: number;
|
|
25
|
-
firstSeen: number;
|
|
26
|
-
lastSeen: number;
|
|
27
|
-
}
|
|
28
|
-
|
|
29
|
-
export interface TaskRiskProfile {
|
|
30
|
-
taskId: string;
|
|
31
|
-
/** Highest risk tier used by this task */
|
|
32
|
-
maxTier: RiskTier;
|
|
33
|
-
/** Total tool calls */
|
|
34
|
-
totalCalls: number;
|
|
35
|
-
/** Tool usage breakdown */
|
|
36
|
-
tools: ToolUsageRecord[];
|
|
37
|
-
}
|
|
38
|
-
|
|
39
|
-
// ── Classification Registry ────────────────────────────────────────
|
|
40
|
-
|
|
41
|
-
const SAFE_TOOLS = new Set([
|
|
42
|
-
'read_file', 'grep_search', 'find_by_name', 'list_dir', 'code_search',
|
|
43
|
-
'read_notebook', 'read_url_content', 'view_content_chunk',
|
|
44
|
-
'memorix_search', 'memorix_detail', 'memorix_search_reasoning',
|
|
45
|
-
'mcp_query', 'search_web',
|
|
46
|
-
]);
|
|
47
|
-
|
|
48
|
-
const MODERATE_TOOLS = new Set([
|
|
49
|
-
'edit', 'multi_edit', 'write_to_file', 'edit_notebook',
|
|
50
|
-
'memorix_store', 'memorix_store_reasoning', 'memorix_resolve',
|
|
51
|
-
'memorix_session_start', 'memorix_handoff', 'memorix_poll',
|
|
52
|
-
'git_commit', 'git_add', 'git_checkout',
|
|
53
|
-
]);
|
|
54
|
-
|
|
55
|
-
const DANGEROUS_TOOLS = new Set([
|
|
56
|
-
'run_command', 'bash', 'execute_command', 'terminal',
|
|
57
|
-
'delete_file', 'remove_directory',
|
|
58
|
-
'deploy_web_app', 'browser_navigate', 'browser_click',
|
|
59
|
-
'http_request', 'fetch_url',
|
|
60
|
-
]);
|
|
61
|
-
|
|
62
|
-
// ── Core ───────────────────────────────────────────────────────────
|
|
63
|
-
|
|
64
|
-
/**
|
|
65
|
-
* Classify a tool name into a risk tier.
|
|
66
|
-
* Unknown tools default to 'moderate' (conservative but not alarming).
|
|
67
|
-
*/
|
|
68
|
-
export function classifyTool(toolName: string): RiskTier {
|
|
69
|
-
const name = toolName.toLowerCase().replace(/[^a-z0-9_]/g, '_');
|
|
70
|
-
if (SAFE_TOOLS.has(name)) return 'safe';
|
|
71
|
-
if (DANGEROUS_TOOLS.has(name)) return 'dangerous';
|
|
72
|
-
if (MODERATE_TOOLS.has(name)) return 'moderate';
|
|
73
|
-
// Heuristic fallback: tools with 'write', 'delete', 'exec', 'run' in name
|
|
74
|
-
if (/delete|remove|exec|run|deploy|bash|terminal/.test(name)) return 'dangerous';
|
|
75
|
-
if (/write|edit|create|update|store|commit/.test(name)) return 'moderate';
|
|
76
|
-
return 'moderate'; // Unknown → moderate (safe default)
|
|
77
|
-
}
|
|
78
|
-
|
|
79
|
-
/**
|
|
80
|
-
* Task-level tool usage tracker. Create one per dispatched task.
|
|
81
|
-
*/
|
|
82
|
-
export class TaskToolTracker {
|
|
83
|
-
private tools = new Map<string, ToolUsageRecord>();
|
|
84
|
-
readonly taskId: string;
|
|
85
|
-
|
|
86
|
-
constructor(taskId: string) {
|
|
87
|
-
this.taskId = taskId;
|
|
88
|
-
}
|
|
89
|
-
|
|
90
|
-
/** Record a tool call. Call this when an agent uses a tool. */
|
|
91
|
-
record(toolName: string): void {
|
|
92
|
-
const tier = classifyTool(toolName);
|
|
93
|
-
const now = Date.now();
|
|
94
|
-
const existing = this.tools.get(toolName);
|
|
95
|
-
|
|
96
|
-
if (existing) {
|
|
97
|
-
existing.count++;
|
|
98
|
-
existing.lastSeen = now;
|
|
99
|
-
} else {
|
|
100
|
-
this.tools.set(toolName, {
|
|
101
|
-
tool: toolName,
|
|
102
|
-
tier,
|
|
103
|
-
count: 1,
|
|
104
|
-
firstSeen: now,
|
|
105
|
-
lastSeen: now,
|
|
106
|
-
});
|
|
107
|
-
}
|
|
108
|
-
}
|
|
109
|
-
|
|
110
|
-
/** Get the risk profile for this task. */
|
|
111
|
-
getProfile(): TaskRiskProfile {
|
|
112
|
-
const tools = Array.from(this.tools.values());
|
|
113
|
-
const totalCalls = tools.reduce((sum, t) => sum + t.count, 0);
|
|
114
|
-
|
|
115
|
-
let maxTier: RiskTier = 'safe';
|
|
116
|
-
for (const t of tools) {
|
|
117
|
-
if (t.tier === 'dangerous') { maxTier = 'dangerous'; break; }
|
|
118
|
-
if (t.tier === 'moderate') maxTier = 'moderate';
|
|
119
|
-
}
|
|
120
|
-
|
|
121
|
-
return {
|
|
122
|
-
taskId: this.taskId,
|
|
123
|
-
maxTier,
|
|
124
|
-
totalCalls,
|
|
125
|
-
tools,
|
|
126
|
-
};
|
|
127
|
-
}
|
|
128
|
-
|
|
129
|
-
/** Format a human-readable risk summary. */
|
|
130
|
-
formatSummary(): string {
|
|
131
|
-
const profile = this.getProfile();
|
|
132
|
-
const lines = [`Risk: ${profile.maxTier} (${profile.totalCalls} tool calls)`];
|
|
133
|
-
|
|
134
|
-
const dangerous = profile.tools.filter(t => t.tier === 'dangerous');
|
|
135
|
-
if (dangerous.length > 0) {
|
|
136
|
-
lines.push(' Dangerous tools:');
|
|
137
|
-
for (const t of dangerous) {
|
|
138
|
-
lines.push(` - ${t.tool}: ${t.count}x`);
|
|
139
|
-
}
|
|
140
|
-
}
|
|
141
|
-
|
|
142
|
-
return lines.join('\n');
|
|
143
|
-
}
|
|
144
|
-
}
|
|
145
|
-
|
|
146
|
-
/**
|
|
147
|
-
* Compare two risk tiers. Returns positive if a > b, negative if a < b, 0 if equal.
|
|
148
|
-
*/
|
|
149
|
-
export function compareTiers(a: RiskTier, b: RiskTier): number {
|
|
150
|
-
const order: Record<RiskTier, number> = { safe: 0, moderate: 1, dangerous: 2 };
|
|
151
|
-
return order[a] - order[b];
|
|
152
|
-
}
|
|
1
|
+
/**
|
|
2
|
+
* Permission — Phase 7, Step 10: Risk classification + monitoring for agent tools.
|
|
3
|
+
*
|
|
4
|
+
* Classifies tool calls by risk tier and records them for post-run audit.
|
|
5
|
+
* Does NOT block or restrict agent tools (Non-Invasiveness principle).
|
|
6
|
+
* The primary use case is monitoring and reporting:
|
|
7
|
+
* - Which high-risk tools were used and how often
|
|
8
|
+
* - Whether agents used filesystem-destructive or network operations
|
|
9
|
+
* - Per-task risk summary in the evidence directory
|
|
10
|
+
*
|
|
11
|
+
* Three tiers:
|
|
12
|
+
* - safe: read-only operations (Read, Grep, List, etc.)
|
|
13
|
+
* - moderate: write operations (Edit, Write, Execute safe commands)
|
|
14
|
+
* - dangerous: destructive/network/exec operations (Delete, Bash, Deploy, etc.)
|
|
15
|
+
*/
|
|
16
|
+
|
|
17
|
+
// ── Types ──────────────────────────────────────────────────────────
|
|
18
|
+
|
|
19
|
+
export type RiskTier = 'safe' | 'moderate' | 'dangerous';
|
|
20
|
+
|
|
21
|
+
export interface ToolUsageRecord {
|
|
22
|
+
tool: string;
|
|
23
|
+
tier: RiskTier;
|
|
24
|
+
count: number;
|
|
25
|
+
firstSeen: number;
|
|
26
|
+
lastSeen: number;
|
|
27
|
+
}
|
|
28
|
+
|
|
29
|
+
export interface TaskRiskProfile {
|
|
30
|
+
taskId: string;
|
|
31
|
+
/** Highest risk tier used by this task */
|
|
32
|
+
maxTier: RiskTier;
|
|
33
|
+
/** Total tool calls */
|
|
34
|
+
totalCalls: number;
|
|
35
|
+
/** Tool usage breakdown */
|
|
36
|
+
tools: ToolUsageRecord[];
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
// ── Classification Registry ────────────────────────────────────────
|
|
40
|
+
|
|
41
|
+
const SAFE_TOOLS = new Set([
|
|
42
|
+
'read_file', 'grep_search', 'find_by_name', 'list_dir', 'code_search',
|
|
43
|
+
'read_notebook', 'read_url_content', 'view_content_chunk',
|
|
44
|
+
'memorix_search', 'memorix_detail', 'memorix_search_reasoning',
|
|
45
|
+
'mcp_query', 'search_web',
|
|
46
|
+
]);
|
|
47
|
+
|
|
48
|
+
const MODERATE_TOOLS = new Set([
|
|
49
|
+
'edit', 'multi_edit', 'write_to_file', 'edit_notebook',
|
|
50
|
+
'memorix_store', 'memorix_store_reasoning', 'memorix_resolve',
|
|
51
|
+
'memorix_session_start', 'memorix_handoff', 'memorix_poll',
|
|
52
|
+
'git_commit', 'git_add', 'git_checkout',
|
|
53
|
+
]);
|
|
54
|
+
|
|
55
|
+
const DANGEROUS_TOOLS = new Set([
|
|
56
|
+
'run_command', 'bash', 'execute_command', 'terminal',
|
|
57
|
+
'delete_file', 'remove_directory',
|
|
58
|
+
'deploy_web_app', 'browser_navigate', 'browser_click',
|
|
59
|
+
'http_request', 'fetch_url',
|
|
60
|
+
]);
|
|
61
|
+
|
|
62
|
+
// ── Core ───────────────────────────────────────────────────────────
|
|
63
|
+
|
|
64
|
+
/**
|
|
65
|
+
* Classify a tool name into a risk tier.
|
|
66
|
+
* Unknown tools default to 'moderate' (conservative but not alarming).
|
|
67
|
+
*/
|
|
68
|
+
export function classifyTool(toolName: string): RiskTier {
|
|
69
|
+
const name = toolName.toLowerCase().replace(/[^a-z0-9_]/g, '_');
|
|
70
|
+
if (SAFE_TOOLS.has(name)) return 'safe';
|
|
71
|
+
if (DANGEROUS_TOOLS.has(name)) return 'dangerous';
|
|
72
|
+
if (MODERATE_TOOLS.has(name)) return 'moderate';
|
|
73
|
+
// Heuristic fallback: tools with 'write', 'delete', 'exec', 'run' in name
|
|
74
|
+
if (/delete|remove|exec|run|deploy|bash|terminal/.test(name)) return 'dangerous';
|
|
75
|
+
if (/write|edit|create|update|store|commit/.test(name)) return 'moderate';
|
|
76
|
+
return 'moderate'; // Unknown → moderate (safe default)
|
|
77
|
+
}
|
|
78
|
+
|
|
79
|
+
/**
|
|
80
|
+
* Task-level tool usage tracker. Create one per dispatched task.
|
|
81
|
+
*/
|
|
82
|
+
export class TaskToolTracker {
|
|
83
|
+
private tools = new Map<string, ToolUsageRecord>();
|
|
84
|
+
readonly taskId: string;
|
|
85
|
+
|
|
86
|
+
constructor(taskId: string) {
|
|
87
|
+
this.taskId = taskId;
|
|
88
|
+
}
|
|
89
|
+
|
|
90
|
+
/** Record a tool call. Call this when an agent uses a tool. */
|
|
91
|
+
record(toolName: string): void {
|
|
92
|
+
const tier = classifyTool(toolName);
|
|
93
|
+
const now = Date.now();
|
|
94
|
+
const existing = this.tools.get(toolName);
|
|
95
|
+
|
|
96
|
+
if (existing) {
|
|
97
|
+
existing.count++;
|
|
98
|
+
existing.lastSeen = now;
|
|
99
|
+
} else {
|
|
100
|
+
this.tools.set(toolName, {
|
|
101
|
+
tool: toolName,
|
|
102
|
+
tier,
|
|
103
|
+
count: 1,
|
|
104
|
+
firstSeen: now,
|
|
105
|
+
lastSeen: now,
|
|
106
|
+
});
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
|
|
110
|
+
/** Get the risk profile for this task. */
|
|
111
|
+
getProfile(): TaskRiskProfile {
|
|
112
|
+
const tools = Array.from(this.tools.values());
|
|
113
|
+
const totalCalls = tools.reduce((sum, t) => sum + t.count, 0);
|
|
114
|
+
|
|
115
|
+
let maxTier: RiskTier = 'safe';
|
|
116
|
+
for (const t of tools) {
|
|
117
|
+
if (t.tier === 'dangerous') { maxTier = 'dangerous'; break; }
|
|
118
|
+
if (t.tier === 'moderate') maxTier = 'moderate';
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
return {
|
|
122
|
+
taskId: this.taskId,
|
|
123
|
+
maxTier,
|
|
124
|
+
totalCalls,
|
|
125
|
+
tools,
|
|
126
|
+
};
|
|
127
|
+
}
|
|
128
|
+
|
|
129
|
+
/** Format a human-readable risk summary. */
|
|
130
|
+
formatSummary(): string {
|
|
131
|
+
const profile = this.getProfile();
|
|
132
|
+
const lines = [`Risk: ${profile.maxTier} (${profile.totalCalls} tool calls)`];
|
|
133
|
+
|
|
134
|
+
const dangerous = profile.tools.filter(t => t.tier === 'dangerous');
|
|
135
|
+
if (dangerous.length > 0) {
|
|
136
|
+
lines.push(' Dangerous tools:');
|
|
137
|
+
for (const t of dangerous) {
|
|
138
|
+
lines.push(` - ${t.tool}: ${t.count}x`);
|
|
139
|
+
}
|
|
140
|
+
}
|
|
141
|
+
|
|
142
|
+
return lines.join('\n');
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
|
|
146
|
+
/**
|
|
147
|
+
* Compare two risk tiers. Returns positive if a > b, negative if a < b, 0 if equal.
|
|
148
|
+
*/
|
|
149
|
+
export function compareTiers(a: RiskTier, b: RiskTier): number {
|
|
150
|
+
const order: Record<RiskTier, number> = { safe: 0, moderate: 1, dangerous: 2 };
|
|
151
|
+
return order[a] - order[b];
|
|
152
|
+
}
|