mindforge-cc 5.3.0 → 5.4.0

package/CHANGELOG.md

@@ -1,5 +1,19 @@
 # Changelog
 
+## [5.4.0] — Beast Mode Hardening — 2026-03-28
+
+🚀 **MindForge v5.4.0 — Enterprise Resilience (Hardened Edition)**
+
+This update elevates the v5.3.0 "Hyper-Enterprise" features to maximum robustness ("Beast Mode"), implementing critical safety systems and advanced observability.
+
+### 🛡️ Beast Mode Hardening (v5.4.0)
+
+- **Circuit Breaker Pattern**: Implemented a stateful `CircuitBreaker` in `federated-sync.js` to prevent network floods. Automatically disables mesh sync for 1 hour after 3 consecutive EIS failures.
+- **Critical-Path Protection**: Automated "Blast Radius" score of 100 in `impact-analyzer.js` for sensitive files (`.env`, `*.pem`, `id_rsa`, `package-lock.json`, etc.).
+- **Recursive Depth Penalty**: Introduced a 1.5x impact multiplier for actions deeper than 5 directory levels, preventing mass-scale silent modifications.
+- **Failure Telemetry**: Added `sync-history.jsonl` and `sync-telemetry.jsonl` for detailed conflict resolution and error auditability.
+- **Resilient Execution**: Raised default scores for `EXECUTE` and `GRANT` actions to increase governance oversight.
+
 ## [5.3.0] — Dynamic Blast Radius — 2026-03-28
 
 🚀 **MindForge v5.3.0 — Pillar II Implementation (APO v2)**

package/RELEASENOTES.md

@@ -1,3 +1,15 @@
+# MindForge v5.4.0 — Beast Mode Hardening
+## Top Summary
+The v5.4.0 release elevates the "Hyper-Enterprise" features to maximum robustness ("Beast Mode"), implementing critical safety systems, automated blast-radius protection for sensitive files, and advanced failure telemetry.
+
+## Highlights
+- **Circuit Breaker Pattern**: Stateful resilience in `federated-sync.js` to prevent network floods during outages.
+- **Critical-Path Protection**: Automated "Blast Radius" score of 100 for high-risk files (secrets, locks, audits).
+- **Depth-Aware Governance**: 1.5x impact multiplier for deep directory modifications to prevent mass-scale silent regressions.
+- **Enhanced Observability**: Detailed conflict resolution and sync telemetry logs for enterprise auditing.
+
+---
+
 # MindForge v5.3.0 — Dynamic Blast Radius
 ## Top Summary
 The v5.3.0 release introduces real-time impact analysis and automated risk-based guardrails for agentic actions, preventing architectural regressions and accidental deletions.

package/bin/governance/impact-analyzer.js

@@ -1,15 +1,25 @@
 /**
- * MindForge v5.3.0 — Impact Analyzer (Dynamic Blast Radius)
+ * MindForge v5.4.0 — Impact Analyzer (Hardened Edition)
  * Calculates the 'Blast Radius' score of a proposed intent.
  */
 'use strict';
 
 class ImpactAnalyzer {
+  static CRITICAL_PATHS = [
+    '.env',
+    'id_rsa',
+    '*.pem',
+    'package-lock.json',
+    'yarn.lock',
+    'AUDIT.jsonl',
+    'STATE.md'
+  ];
+
   static SENSITIVE_NAMESPACES = [
     '.mindforge',
     'bin/',
     'config/',
-    '.env',
+    '.agent/',
     'security/'
   ];
 
@@ -17,30 +27,44 @@ class ImpactAnalyzer {
     'READ': 1,
     'WRITE': 5,
     'DELETE': 10,
-    'EXECUTE': 8,
-    'GRANT': 15
+    'EXECUTE': 15, // Raised from 8
+    'GRANT': 20    // Raised from 15
   };
 
   /**
-   * Scores an intent based on action type and target path sensitivity.
+   * Scores an intent based on action type, target path sensitivity, and recursion depth.
    * Score Range: 0 - 100
    */
   static analyze(intent) {
     const { action, target, namespace } = intent;
     
+    // 1. Critical Path Protection (Score 100)
+    const isCritical = this.CRITICAL_PATHS.some(cp => 
+      (target && (target.endsWith(cp) || target.includes(`/${cp}`)))
+    );
+
+    if (isCritical && (action === 'WRITE' || action === 'DELETE')) {
+      return 100; // Automatic CRITICAL block
+    }
+
     let score = this.ACTION_SCORES[action] || 5;
     
-    // Check for sensitive namespace overlap
+    // 2. Sensitive Namespace Multiplier
     const isSensitive = this.SENSITIVE_NAMESPACES.some(ns => 
       (target && target.includes(ns)) || (namespace && namespace.includes(ns))
     );
 
     if (isSensitive) {
-      score *= 4; // Quadruple impact for sensitive areas
+      score *= 4; 
+    }
+
+    // 3. Recursive Depth Penalty (Beast Mode)
+    if (target && target.split('/').length > 5) {
+      score *= 1.5; // Deeper actions are riskier (mass-scale silent mods)
     }
 
     // Cap the score at 100
-    return Math.min(score, 100);
+    return Math.min(Math.round(score), 100);
   }
 
   /**

package/bin/memory/federated-sync.js

@@ -17,6 +17,56 @@ class FederatedSync {
     this.client = new EISClient(config);
     this.localStore = Store;
     this.syncHistoryPath = path.join(Store.getPaths().MEMORY_DIR, 'sync-history.jsonl');
+    this.circuitBreakerPath = path.join(Store.getPaths().MEMORY_DIR, 'circuit-breaker.json');
+    this.MAX_FAILURES = 3;
+    this.COOLDOWN_MS = 3600000; // 1 hour
+  }
+
+  /**
+   * [BEAST] Checks if the circuit is open.
+   */
+  isCircuitOpen() {
+    if (!fs.existsSync(this.circuitBreakerPath)) return false;
+    try {
+      const state = JSON.parse(fs.readFileSync(this.circuitBreakerPath, 'utf8'));
+      if (state.status === 'OPEN' && (Date.now() - state.trippedAt < this.COOLDOWN_MS)) {
+        return true;
+      }
+      // Reset if cooldown passed
+      if (state.status === 'OPEN') {
+        this.resetCircuit();
+      }
+      return false;
+    } catch {
+      return false;
+    }
+  }
+
+  tripCircuit(reason) {
+    console.warn(`[BEAST] ⚠️ Circuit Breaker TRIPPED: ${reason}. Mesh sync disabled for 1hr.`);
+    const state = { status: 'OPEN', trippedAt: Date.now(), reason };
+    fs.writeFileSync(this.circuitBreakerPath, JSON.stringify(state, null, 2));
+  }
+
+  resetCircuit() {
+    if (fs.existsSync(this.circuitBreakerPath)) {
+      fs.unlinkSync(this.circuitBreakerPath);
+    }
+  }
+
+  handleSyncFailure(err) {
+    const statsPath = path.join(this.localStore.getPaths().MEMORY_DIR, 'sync-stats.json');
+    let stats = { failures: 0 };
+    if (fs.existsSync(statsPath)) {
+      stats = JSON.parse(fs.readFileSync(statsPath, 'utf8'));
+    }
+    stats.failures = (stats.failures || 0) + 1;
+    stats.last_error = err.message;
+    fs.writeFileSync(statsPath, JSON.stringify(stats, null, 2));
+
+    if (stats.failures >= this.MAX_FAILURES) {
+      this.tripCircuit(err.message);
+    }
   }
 
   /**
@@ -24,37 +74,58 @@ class FederatedSync {
    * This pushes local high-confidence entries and pulls new organizational knowledge.
    */
   async fullSync() {
-    console.log('🔄 Initiating Federated Intelligence Sync (Pillar 1)...');
-    
-    // 1. Get promotable entries (Tiers 1-3)
-    const localEntries = this.localStore.readAll(false).filter(e => e.confidence > 0.8 && !e.deprecated);
-    
-    // 2. Filter out already synced entries
-    const unsynced = localEntries.filter(e => !e.global && !this.isRecentlySynced(e.id));
-    
-    // 3. Push to EIS
-    if (unsynced.length > 0) {
-      const auth = await this.client.getAuthHeader('push', 'kb/global');
-      const results = await this.client.push(unsynced, { headers: auth });
-      this.logSyncEvent(results);
+    if (this.isCircuitOpen()) {
+      console.warn('🛑 Federated Intelligence Sync: Circuit is OPEN. Skipping network calls.');
+      return { status: 'CIRCUIT_OPEN' };
     }
+
+    console.log('🔄 Initiating Federated Intelligence Sync (v5.4.0 BEAST)...');
     
-    // 4. [HARDEN] Delta Pull from EIS
-    const lastSync = this.getLastSyncTimestamp();
-    const authPull = await this.client.getAuthHeader('pull', 'kb/global');
-    const remoteEntries = await this.client.pull({ 
-      orgId: this.client.orgId,
-      since: lastSync,
-      headers: authPull 
-    });
+    try {
+      // 1. Get promotable entries (Tiers 1-3)
+      const localEntries = this.localStore.readAll(false).filter(e => e.confidence > 0.8 && !e.deprecated);
+      
+      // 2. Filter out already synced entries
+      const unsynced = localEntries.filter(e => !e.global && !this.isRecentlySynced(e.id));
+      
+      // 3. Push to EIS
+      if (unsynced.length > 0) {
+        const auth = await this.client.getAuthHeader('push', 'kb/global');
+        const results = await this.client.push(unsynced, { headers: auth });
+        this.logSyncEvent(results);
+      }
+      
+      // 4. [HARDEN] Delta Pull from EIS
+      const lastSync = this.getLastSyncTimestamp();
+      const authPull = await this.client.getAuthHeader('pull', 'kb/global');
+      const remoteEntries = await this.client.pull({ 
+        orgId: this.client.orgId,
+        since: lastSync,
+        headers: authPull 
+      });
 
-    if (remoteEntries.length > 0) {
-      this.mergeRemoteKnowledge(remoteEntries);
+      if (remoteEntries.length > 0) {
+        this.mergeRemoteKnowledge(remoteEntries);
+      }
+      
+      this.updateLastSyncTimestamp();
+      this.resetFailures(); // Reset on success
+      console.log(`✅ Federated Intelligence Mesh: Sync complete. (Delta since ${lastSync})`);
+      return { pushed: unsynced.length, pulled: remoteEntries.length };
+    } catch (err) {
+      console.error('❌ Federated Intelligence Sync FAILED:', err.message);
+      this.handleSyncFailure(err);
+      throw err;
+    }
+  }
+
+  resetFailures() {
+    const statsPath = path.join(this.localStore.getPaths().MEMORY_DIR, 'sync-stats.json');
+    if (fs.existsSync(statsPath)) {
+      const stats = JSON.parse(fs.readFileSync(statsPath, 'utf8'));
+      stats.failures = 0;
+      fs.writeFileSync(statsPath, JSON.stringify(stats, null, 2));
     }
-    
-    this.updateLastSyncTimestamp();
-    console.log(`✅ Federated Intelligence Mesh: Sync complete. (Delta since ${lastSync})`);
-    return { pushed: unsynced.length, pulled: remoteEntries.length };
   }
 
   getLastSyncTimestamp() {
@@ -133,6 +204,7 @@ class FederatedSync {
     if (similarity > 0.9) {
       if (new Date(remote.timestamp) > new Date(local.timestamp)) {
         this.writeToGlobalKB(remote, globalPath);
+        this.logConflictTelemetry(local.id, 'LWW', similarity);
         console.log(`  └─ [LWW] Auto-resolved via timestamp.`);
       }
       return;
@@ -143,6 +215,7 @@ class FederatedSync {
       console.log(`  └─ [ADS] Triggering Autonomous Knowledge Synthesis...`);
       const merged = await this.triggerADSMerging(local, remote);
       this.writeToGlobalKB(merged, globalPath);
+      this.logConflictTelemetry(local.id, 'ADS_MERGE', similarity);
       return;
     }
 
@@ -150,12 +223,25 @@ class FederatedSync {
     if (similarity > 0.6) {
       console.log(`  └─ [DHH] High disagreement. Triggering Nexus Handover...`);
       this.localStore.markConflict(local.id, remote);
+      this.logConflictTelemetry(local.id, 'DHH_HANDOVER', similarity);
       return;
     }
 
     // 4. Collision Isolation (< 0.6) - Topic Mismatch
     console.log(`  └─ [ISO] Semantic collision (Topic mismatch). Isolating entries.`);
     this.writeToGlobalKB({ ...remote, id: `${remote.id}_collision_${Date.now()}` }, globalPath);
+    this.logConflictTelemetry(local.id, 'COLLISION_ISOLATION', similarity);
+  }
+
+  logConflictTelemetry(id, resolution, similarity) {
+    const telePath = path.join(this.localStore.getPaths().MEMORY_DIR, 'sync-telemetry.jsonl');
+    const entry = JSON.stringify({
+      id,
+      resolution,
+      similarity,
+      timestamp: new Date().toISOString()
+    }) + '\n';
+    fs.appendFileSync(telePath, entry);
   }
 
   async triggerADSMerging(local, remote) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mindforge-cc",
-  "version": "5.3.0",
+  "version": "5.4.0",
   "description": "MindForge - Enterprise Agentic Framework for Claude Code and Antigravity",
   "bin": {
     "mindforge-cc": "bin/install.js"