mindforge-cc 5.4.0 → 5.6.0

package/CHANGELOG.md

@@ -1,7 +1,39 @@
 # Changelog
 
+## [5.6.0] - 2026-03-28
+### Added
+- **Pillar IV: Supply Chain Trust (Binary Runtime Attestation)**.
+- Cryptographic skill signing in `SkillRegistry` via ZTAIManager Tier 3 Enclaves.
+- JIT Attestation in `SkillValidator` to verify skill integrity before agent execution.
+- `SIGNATURES.json` tracking for all enterprise-grade skills.
+
+## [5.5.0] - 2026-03-28
+### Added
+- **Pillar III: Predictive Agentic Reliability (Reasoning Entropy Monitoring)**.
+- Reasoning Entropy Scoring (RES) in `NexusTracer` to detect semantic stagnation and loops.
+- Proactive Self-Healing trigger for high-similarity thought sequences.
+- Steering Vector generation in `TemporalHindsight` to break agentic deadlocks.
+
 ## [5.4.0] — Beast Mode Hardening — 2026-03-28
 
+# Release Notes - MindForge v5.6.0 "Sentinel Execution"
+
+MindForge v5.6.0 introduces the final pillars of the Hyper-Enterprise roadmap: Proactive Reliability and Zero-Trust Skill Execution.
+
+## Highlights
+- **Reasoning Entropy Monitoring (PAR)**: Proactively prevents token-burning reasoning loops.
+- **Binary Runtime Attestation (ZTS)**: Cryptographically ensures that skills have not been tampered with before they are loaded by the agent.
+
+---
+
+## [5.6.0] - Sentinel Execution
+- Implemented JIT Attestation for Skill Registry.
+- Added Skill Signing utility in `mindforge-cc sign`.
+
+## [5.5.0] - Predictive Reliability
+- Implemented RES (Reasoning Entropy Scoring) in Nexus Tracer.
+- Added Steering Vector injection for proactive loop breaking.
+
 🚀 **MindForge v5.4.0 — Enterprise Resilience (Hardened Edition)**
 
 This update elevates the v5.3.0 "Hyper-Enterprise" features to maximum robustness ("Beast Mode"), implementing critical safety systems and advanced observability.

package/bin/engine/nexus-tracer.js

@@ -21,6 +21,10 @@ class NexusTracer {
     this.enableZtai = config.enableZtai !== false;
     this.sreManager = new SREManager();
 
+    // v5 Pillar III: Reasoning Entropy Monitoring (RES)
+    this.RES_THRESHOLD = 0.8; // Similarity threshold for stagnation
+    this.entropyCache = new Map(); // spanId -> [thoughtHistories]
+
     // v5 Pillar IV: Agentic SBOM
     this.sbom = {
       manifest_version: '1.0.0',
@@ -123,12 +127,74 @@ class NexusTracer {
       sanitizedThought = this.sreManager.sanitizeThoughtChain(thought, span.attributes.enclave_id);
     }
 
+    // v5 Pillar III: PES (Proactive Equilibrium Scoring)
+    const entropy = this.calculateEntropy(spanId, sanitizedThought);
+    const isStagnant = entropy > this.RES_THRESHOLD;
+
     this._recordEvent('reasoning_trace', {
       span_id: spanId,
       agent,
       thought: sanitizedThought,
-      resolution
+      resolution,
+      entropy: parseFloat(entropy.toFixed(4)),
+      is_stagnant: isStagnant
     });
+
+    if (isStagnant) {
+      const history = this.entropyCache.get(spanId) || [];
+      const stagnationCount = history.filter(h => h.entropy > this.RES_THRESHOLD).length;
+
+      if (stagnationCount >= 3) {
+        this._recordEvent('vulnerability_detected', {
+          span_id: spanId,
+          type: 'REASONING_LOOP',
+          severity: 'HIGH',
+          description: 'Agent reasoning entropy dropped below threshold (stagnation detected). Triggering proactive RCA.',
+          entropy_score: entropy
+        });
+        
+        // Signal proactive recovery
+        this.recordSelfHeal(spanId, {
+          type: 'PROACTIVE_RCA',
+          cause: 'REASONING_STAGNATION',
+          suggestion: 'Entropy threshold exceeded. Switch reasoning strategy.'
+        });
+      }
+    }
+  }
+
+  /**
+   * Calculates "Reasoning Entropy" (Similarity to previous thoughts).
+   * Range 0.0 (High Entropy/New) to 1.0 (Low Entropy/Repetitive).
+   */
+  calculateEntropy(spanId, currentThought) {
+    if (!this.entropyCache.has(spanId)) {
+      this.entropyCache.set(spanId, []);
+    }
+    const history = this.entropyCache.get(spanId);
+    
+    if (history.length === 0) {
+      history.push({ thought: currentThought, entropy: 0 });
+      return 0;
+    }
+
+    // Simple Jaccard Similarity approach for stagnation detection
+    const getTokens = (str) => new Set(str.toLowerCase().split(/\s+/).filter(t => t.length > 3));
+    const currentTokens = getTokens(currentThought);
+    
+    let maxSimilarity = 0;
+    for (const prev of history) {
+      const prevTokens = getTokens(prev.thought);
+      const intersection = new Set([...currentTokens].filter(x => prevTokens.has(x)));
+      const union = new Set([...currentTokens, ...prevTokens]);
+      const similarity = union.size === 0 ? 0 : intersection.size / union.size;
+      if (similarity > maxSimilarity) maxSimilarity = similarity;
+    }
+
+    history.push({ thought: currentThought, entropy: maxSimilarity });
+    if (history.length > 5) history.shift(); // Sliding window of 5 thoughts
+
+    return maxSimilarity;
   }
 
   /**

package/bin/engine/temporal-hindsight.js

@@ -83,6 +83,33 @@ class TemporalHindsight {
       autoApplyStatus: 'PENDING_SIGNATURE',
     };
   }
+
+  /**
+   * v5 Pillar III: Proactive Loop Recovery
+   * Generates a "Steering Vector" to break agentic Reasoning Stagnation.
+   */
+  handleProactiveRecovery(traceId, entropyScore) {
+    console.log(`[TemporalHindsight] Proactive Recovery triggered for trace ${traceId} (Entropy: ${entropyScore})`);
+    
+    const steeringVectors = [
+      "CRITICAL: Stagnation detected. You have repeated similar reasoning steps 3 times. STOP your current approach and decompose the problem into smaller, independent sub-tasks.",
+      "STATIONARY LOOP: Your recent thoughts show high similarity. Change your technical layer—if you were editing code, try running a diagnostic command instead.",
+      "REASONING DEADLOCK: Entropy too low. Request human intervention or switch to the 'Architect' persona to re-evaluate the plan.",
+      "DIVERGENCE ALERT: Proactive reset. Clear your context window of the last 3 reasoning steps and start fresh from the last successful checkpoint."
+    ];
+
+    // Pick a vector based on entropy severity
+    const index = Math.min(Math.floor(entropyScore * steeringVectors.length), steeringVectors.length - 1);
+    
+    return {
+      timestamp: new Date().toISOString(),
+      trace_id: traceId,
+      event: 'STEERING_VECTOR_GENERATED',
+      entropy: entropyScore,
+      instruction: steeringVectors[index],
+      action: 'INJECT_SYSTEM_PROMPT'
+    };
+  }
 }
 
 module.exports = TemporalHindsight;

package/bin/skill-registry.js

@@ -19,7 +19,7 @@ function main() {
   }
 
   // Handle cases where the action might be missing if called incorrectly
-  const validActions = ['install', 'register', 'audit'];
+  const validActions = ['install', 'register', 'audit', 'sign'];
   if (!validActions.includes(ACTION)) {
     console.error(`❌ Invalid or missing action: ${ACTION}`);
     console.error(`   Expected one of: ${validActions.join(', ')}`);
@@ -36,12 +36,77 @@ function main() {
     case 'audit':
       handleAudit();
       break;
+    case 'sign':
+      handleSign();
+      break;
     default:
       console.error(`❌ Unknown action: ${ACTION}`);
       process.exit(1);
   }
 }
 
+async function handleSign() {
+  const skillName = ARGS[1];
+  const ztai = require('./governance/ztai-manager');
+  const crypto = require('node:crypto');
+
+  if (!skillName) {
+    console.error('❌ Missing skill name to sign');
+    process.exit(1);
+  }
+
+  // Find the skill file
+  const bases = [
+    '.mindforge/skills',
+    '.mindforge/org/skills',
+    '.mindforge/project-skills'
+  ];
+  
+  let targetPath = null;
+  for (const base of bases) {
+    const p = path.join(process.cwd(), base, skillName, 'SKILL.md');
+    if (fs.existsSync(p)) {
+      targetPath = p;
+      break;
+    }
+  }
+
+  if (!targetPath) {
+    console.error(`❌ Skill ${skillName} not found in any registry path.`);
+    process.exit(1);
+  }
+
+  console.log(`🛡️  Signing skill: ${skillName}...`);
+  const content = fs.readFileSync(targetPath, 'utf8');
+  const hash = crypto.createHash('sha256').update(content).digest('hex');
+
+  try {
+    // We use a dedicated System DID for skill signing (Tier 3)
+    const systemDid = await ztai.registerAgent('MindForge-System-Secretary', 3);
+    const signature = await ztai.signData(systemDid, hash);
+
+    const sigPath = path.join(process.cwd(), '.mindforge', 'org', 'skills', 'SIGNATURES.json');
+    let signatures = {};
+    if (fs.existsSync(sigPath)) {
+      signatures = JSON.parse(fs.readFileSync(sigPath, 'utf8'));
+    }
+
+    signatures[skillName] = {
+      hash,
+      signature,
+      did: systemDid,
+      timestamp: new Date().toISOString()
+    };
+
+    fs.writeFileSync(sigPath, JSON.stringify(signatures, null, 2));
+    console.log(`✅ Skill ${skillName} signed and registered in SIGNATURES.json`);
+    process.exit(0);
+  } catch (err) {
+    console.error(`❌ Signing failed: ${err.message}`);
+    process.exit(1);
+  }
+}
+
 function handleInstall() {
   const skillName = ARGS[1];
   const tierFlag = ARGS.indexOf('--tier');

package/bin/skill-validator.js

@@ -38,7 +38,33 @@ function main() {
   console.log('─'.repeat(60));
 
   const content = fs.readFileSync(filePath, 'utf8');
-  const results = { schema: [], content: [], quality: [], valid: true };
+  const results = { schema: [], content: [], quality: [], valid: true, attestation: { ok: true, msg: 'No signature found (optional)' } };
+
+  // ── Level 0: Binary Runtime Attestation (v5 Pillar IV) ──────────────────────
+  const sigPath = path.join(process.cwd(), '.mindforge', 'org', 'skills', 'SIGNATURES.json');
+  if (fs.existsSync(sigPath)) {
+    const crypto = require('node:crypto');
+    const ztai = require('./governance/ztai-manager');
+    const signatures = JSON.parse(fs.readFileSync(sigPath, 'utf8'));
+    const skillNameCandidate = path.basename(path.dirname(filePath));
+    const sigRecord = signatures[skillNameCandidate];
+
+    if (sigRecord) {
+      const currentHash = crypto.createHash('sha256').update(content).digest('hex');
+      const isHashValid = currentHash === sigRecord.hash;
+      const isSigValid = ztai.verifySignature(sigRecord.did, currentHash, sigRecord.signature);
+
+      if (!isHashValid || !isSigValid) {
+        results.attestation = { ok: false, msg: `INTEGRITY FAILURE: Signature mismatch [Hash: ${isHashValid}, Sig: ${isSigValid}]` };
+        results.valid = false;
+      } else {
+        results.attestation = { ok: true, msg: `VERIFIED: Signed by ${sigRecord.did}` };
+      }
+    } else if (ARGS.includes('--enterprise')) {
+      results.attestation = { ok: false, msg: 'REQUIRED: No signature found for this skill in Enterprise Mode' };
+      results.valid = false;
+    }
+  }
 
   // ── Level 1: Schema ─────────────────────────────────────────────────────────
   const fmMatch = content.match(/^---\n([\s\S]*?)\n---/);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mindforge-cc",
-  "version": "5.4.0",
+  "version": "5.6.0",
   "description": "MindForge - Enterprise Agentic Framework for Claude Code and Antigravity",
   "bin": {
     "mindforge-cc": "bin/install.js"