mindforge-cc 5.6.0 → 6.0.0-alpha
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.agent/CLAUDE.md +16 -7
- package/.agent/mindforge/health.md +6 -0
- package/.agent/mindforge/help.md +6 -0
- package/.agent/mindforge/security-scan.md +6 -1
- package/.agent/mindforge/status.md +10 -5
- package/.claude/CLAUDE.md +14 -12
- package/.mindforge/engine/integrity.json +12 -0
- package/.mindforge/engine/nexus-tracer.js +7 -111
- package/.mindforge/governance/policies/sovereign-default.json +16 -0
- package/.mindforge/org/skills/MANIFEST.md +10 -34
- package/.planning/RISK-AUDIT.jsonl +48 -0
- package/CHANGELOG.md +140 -17
- package/MINDFORGE.md +8 -5
- package/README.md +67 -7
- package/RELEASENOTES.md +54 -1
- package/SECURITY.md +38 -0
- package/bin/autonomous/auto-runner.js +14 -0
- package/bin/autonomous/intent-harvester.js +80 -0
- package/bin/autonomous/mesh-self-healer.js +67 -0
- package/bin/dashboard/frontend/index.html +241 -1
- package/bin/dashboard/revops-api.js +47 -0
- package/bin/dashboard/server.js +1 -0
- package/bin/engine/feedback-loop.js +36 -1
- package/bin/engine/logic-drift-detector.js +97 -0
- package/bin/engine/nexus-tracer.js +61 -22
- package/bin/engine/remediation-engine.js +72 -0
- package/bin/engine/sre-manager.js +63 -9
- package/bin/governance/impact-analyzer.js +75 -15
- package/bin/governance/policy-engine.js +120 -45
- package/bin/governance/quantum-crypto.js +90 -0
- package/bin/governance/ztai-manager.js +37 -1
- package/bin/installer-core.js +38 -7
- package/bin/mindforge-cli.js +30 -0
- package/bin/models/cloud-broker.js +89 -11
- package/bin/models/performance-stats.json +22 -0
- package/bin/revops/debt-monitor.js +60 -0
- package/bin/revops/market-evaluator.js +79 -0
- package/bin/revops/roi-engine.js +65 -0
- package/bin/revops/router-steering-v2.js +73 -0
- package/bin/revops/velocity-forecaster.js +59 -0
- package/bin/wizard/theme.js +5 -1
- package/docs/CAPABILITIES-MANIFEST.md +64 -0
- package/docs/INTELLIGENCE-MESH.md +21 -23
- package/docs/MIND-FORGE-REFERENCE-V6.md +96 -0
- package/docs/architecture/README.md +4 -4
- package/docs/architecture/V5-ENTERPRISE.md +51 -34
- package/docs/architecture/V6-SOVEREIGN.md +43 -0
- package/docs/commands-reference.md +4 -1
- package/docs/feature-dashboard.md +9 -3
- package/docs/governance-guide.md +78 -40
- package/docs/registry/AGENTS.md +37 -0
- package/docs/registry/COMMANDS.md +87 -0
- package/docs/registry/HOOKS.md +38 -0
- package/docs/registry/PERSONAS.md +64 -0
- package/docs/registry/README.md +27 -0
- package/docs/registry/SKILLS.md +142 -0
- package/docs/registry/WORKFLOWS.md +72 -0
- package/docs/user-guide.md +36 -6
- package/docs/usp-features.md +63 -352
- package/package.json +2 -2
|
@@ -10,6 +10,8 @@ const path = require('path');
|
|
|
10
10
|
const crypto = require('crypto');
|
|
11
11
|
const ztai = require('../governance/ztai-manager');
|
|
12
12
|
const SREManager = require('./sre-manager');
|
|
13
|
+
const driftDetector = require('./logic-drift-detector'); // v6.1 Pillar X
|
|
14
|
+
const remediationEngine = require('./remediation-engine'); // v6.1 Pillar X
|
|
13
15
|
|
|
14
16
|
class NexusTracer {
|
|
15
17
|
constructor(config = {}) {
|
|
@@ -21,9 +23,12 @@ class NexusTracer {
|
|
|
21
23
|
this.enableZtai = config.enableZtai !== false;
|
|
22
24
|
this.sreManager = new SREManager();
|
|
23
25
|
|
|
24
|
-
// v5
|
|
25
|
-
this.RES_THRESHOLD = 0.8;
|
|
26
|
-
this.entropyCache = new Map();
|
|
26
|
+
// v5/v6: Reasoning Entropy Monitoring (RES)
|
|
27
|
+
this.RES_THRESHOLD = 0.8;
|
|
28
|
+
this.entropyCache = new Map();
|
|
29
|
+
|
|
30
|
+
// v6.1: Neural Drift Remediation (NDR)
|
|
31
|
+
this.DRIFT_SAMPLE_RATE = 1.0;
|
|
27
32
|
|
|
28
33
|
// v5 Pillar IV: Agentic SBOM
|
|
29
34
|
this.sbom = {
|
|
@@ -45,7 +50,7 @@ class NexusTracer {
|
|
|
45
50
|
/**
|
|
46
51
|
* Start a new ART span.
|
|
47
52
|
*/
|
|
48
|
-
startSpan(name, attributes = {}, parentSpanId = null) {
|
|
53
|
+
async startSpan(name, attributes = {}, parentSpanId = null) {
|
|
49
54
|
const spanId = `sp_${crypto.randomBytes(6).toString('hex')}`;
|
|
50
55
|
const startTime = new Date().toISOString();
|
|
51
56
|
|
|
@@ -59,6 +64,8 @@ class NexusTracer {
|
|
|
59
64
|
attributes: {
|
|
60
65
|
...attributes,
|
|
61
66
|
service: 'mindforge-nexus',
|
|
67
|
+
host: require('os').hostname(),
|
|
68
|
+
pid: process.pid
|
|
62
69
|
}
|
|
63
70
|
};
|
|
64
71
|
|
|
@@ -81,7 +88,7 @@ class NexusTracer {
|
|
|
81
88
|
}
|
|
82
89
|
|
|
83
90
|
// Record span start in AUDIT.jsonl
|
|
84
|
-
this._recordEvent('span_started', {
|
|
91
|
+
await this._recordEvent('span_started', {
|
|
85
92
|
span_id: spanId,
|
|
86
93
|
parent_span_id: parentSpanId,
|
|
87
94
|
span_name: name,
|
|
@@ -95,7 +102,7 @@ class NexusTracer {
|
|
|
95
102
|
/**
|
|
96
103
|
* End an active span.
|
|
97
104
|
*/
|
|
98
|
-
endSpan(spanId, status = 'success', metadata = {}) {
|
|
105
|
+
async endSpan(spanId, status = 'success', metadata = {}) {
|
|
99
106
|
const span = this.activeSpans.get(spanId);
|
|
100
107
|
if (!span) return;
|
|
101
108
|
|
|
@@ -107,7 +114,7 @@ class NexusTracer {
|
|
|
107
114
|
this.sreManager.terminateEnclave(span.attributes.enclave_id);
|
|
108
115
|
}
|
|
109
116
|
|
|
110
|
-
this._recordEvent('span_completed', {
|
|
117
|
+
await this._recordEvent('span_completed', {
|
|
111
118
|
span_id: spanId,
|
|
112
119
|
status,
|
|
113
120
|
...metadata
|
|
@@ -119,25 +126,52 @@ class NexusTracer {
|
|
|
119
126
|
/**
|
|
120
127
|
* Record a Reasoning Trace event (ART granularity).
|
|
121
128
|
*/
|
|
122
|
-
recordReasoning(spanId, agent, thought, resolution = 'none') {
|
|
129
|
+
async recordReasoning(spanId, agent, thought, resolution = 'none') {
|
|
123
130
|
const span = this.activeSpans.get(spanId);
|
|
124
131
|
let sanitizedThought = thought;
|
|
125
132
|
|
|
126
133
|
if (span && span.attributes.enclave_id) {
|
|
127
|
-
|
|
134
|
+
const result = this.sreManager.sanitizeThoughtChain(thought, span.attributes.enclave_id);
|
|
135
|
+
|
|
136
|
+
if (result.status === 'SRE-ISOLATED') {
|
|
137
|
+
// Log the ZK proof instead of the raw thought
|
|
138
|
+
await this._recordEvent('sre_proof_logged', {
|
|
139
|
+
span_id: spanId,
|
|
140
|
+
agent,
|
|
141
|
+
certificate: result,
|
|
142
|
+
resolution
|
|
143
|
+
});
|
|
144
|
+
return; // Skip standard reasoning trace for isolated content
|
|
145
|
+
}
|
|
146
|
+
sanitizedThought = result.content || thought;
|
|
147
|
+
}
|
|
148
|
+
|
|
149
|
+
// v6.1 Pillar X: Neural Drift Remediation (NDR)
|
|
150
|
+
const driftReport = driftDetector.analyze(spanId, sanitizedThought);
|
|
151
|
+
if (driftReport.status === 'DRIFT_DETECTED') {
|
|
152
|
+
const remediation = await remediationEngine.trigger(spanId, driftReport);
|
|
153
|
+
|
|
154
|
+
await this._recordEvent('drift_remediation_event', {
|
|
155
|
+
span_id: spanId,
|
|
156
|
+
score: driftReport.drift_score,
|
|
157
|
+
strategy: remediation.strategy,
|
|
158
|
+
remediation_id: remediation.remediation_id,
|
|
159
|
+
markers: driftReport.markers
|
|
160
|
+
});
|
|
128
161
|
}
|
|
129
162
|
|
|
130
163
|
// v5 Pillar III: PES (Proactive Equilibrium Scoring)
|
|
131
164
|
const entropy = this.calculateEntropy(spanId, sanitizedThought);
|
|
132
165
|
const isStagnant = entropy > this.RES_THRESHOLD;
|
|
133
166
|
|
|
134
|
-
this._recordEvent('reasoning_trace', {
|
|
167
|
+
await this._recordEvent('reasoning_trace', {
|
|
135
168
|
span_id: spanId,
|
|
136
169
|
agent,
|
|
137
170
|
thought: sanitizedThought,
|
|
138
171
|
resolution,
|
|
139
172
|
entropy: parseFloat(entropy.toFixed(4)),
|
|
140
|
-
is_stagnant: isStagnant
|
|
173
|
+
is_stagnant: isStagnant,
|
|
174
|
+
drift_score: driftReport.drift_score // Inclusion for consolidated audit
|
|
141
175
|
});
|
|
142
176
|
|
|
143
177
|
if (isStagnant) {
|
|
@@ -145,7 +179,7 @@ class NexusTracer {
|
|
|
145
179
|
const stagnationCount = history.filter(h => h.entropy > this.RES_THRESHOLD).length;
|
|
146
180
|
|
|
147
181
|
if (stagnationCount >= 3) {
|
|
148
|
-
this._recordEvent('vulnerability_detected', {
|
|
182
|
+
await this._recordEvent('vulnerability_detected', {
|
|
149
183
|
span_id: spanId,
|
|
150
184
|
type: 'REASONING_LOOP',
|
|
151
185
|
severity: 'HIGH',
|
|
@@ -154,7 +188,7 @@ class NexusTracer {
|
|
|
154
188
|
});
|
|
155
189
|
|
|
156
190
|
// Signal proactive recovery
|
|
157
|
-
this.recordSelfHeal(spanId, {
|
|
191
|
+
await this.recordSelfHeal(spanId, {
|
|
158
192
|
type: 'PROACTIVE_RCA',
|
|
159
193
|
cause: 'REASONING_STAGNATION',
|
|
160
194
|
suggestion: 'Entropy threshold exceeded. Switch reasoning strategy.'
|
|
@@ -200,7 +234,7 @@ class NexusTracer {
|
|
|
200
234
|
/**
|
|
201
235
|
* Internal AUDIT writer.
|
|
202
236
|
*/
|
|
203
|
-
_recordEvent(event, data) {
|
|
237
|
+
async _recordEvent(event, data) {
|
|
204
238
|
const entry = {
|
|
205
239
|
id: crypto.randomUUID(),
|
|
206
240
|
timestamp: new Date().toISOString(),
|
|
@@ -215,7 +249,7 @@ class NexusTracer {
|
|
|
215
249
|
entry.did = this.did;
|
|
216
250
|
// Sign the stringified entry WITHOUT the signature field itself
|
|
217
251
|
const payload = JSON.stringify(entry);
|
|
218
|
-
entry.signature = ztai.signData(this.did, payload);
|
|
252
|
+
entry.signature = await ztai.signData(this.did, payload);
|
|
219
253
|
} catch (err) {
|
|
220
254
|
console.warn(`[NexusTracer] ZTAI signing failed: ${err.message}`);
|
|
221
255
|
}
|
|
@@ -234,8 +268,8 @@ class NexusTracer {
|
|
|
234
268
|
/**
|
|
235
269
|
* Records a FinOps budget decision (Pillar V).
|
|
236
270
|
*/
|
|
237
|
-
recordFinOps(spanId, decision) {
|
|
238
|
-
this._recordEvent('finops_decision', {
|
|
271
|
+
async recordFinOps(spanId, decision) {
|
|
272
|
+
await this._recordEvent('finops_decision', {
|
|
239
273
|
span_id: spanId,
|
|
240
274
|
...decision
|
|
241
275
|
});
|
|
@@ -244,8 +278,8 @@ class NexusTracer {
|
|
|
244
278
|
/**
|
|
245
279
|
* Records a Self-Healing trigger event (Pillar VI).
|
|
246
280
|
*/
|
|
247
|
-
recordSelfHeal(spanId, report) {
|
|
248
|
-
this._recordEvent('self_heal_trigger', {
|
|
281
|
+
async recordSelfHeal(spanId, report) {
|
|
282
|
+
await this._recordEvent('self_heal_trigger', {
|
|
249
283
|
span_id: spanId,
|
|
250
284
|
...report
|
|
251
285
|
});
|
|
@@ -254,7 +288,7 @@ class NexusTracer {
|
|
|
254
288
|
/**
|
|
255
289
|
* Finalize and export the Agentic SBOM (Pillar IV).
|
|
256
290
|
*/
|
|
257
|
-
exportSBOM(outputPath = null) {
|
|
291
|
+
async exportSBOM(outputPath = null) {
|
|
258
292
|
const finalPath = outputPath || path.join(process.cwd(), '.planning', 'MANIFEST.sbom.json');
|
|
259
293
|
const manifest = {
|
|
260
294
|
...this.sbom,
|
|
@@ -269,7 +303,7 @@ class NexusTracer {
|
|
|
269
303
|
}
|
|
270
304
|
fs.writeFileSync(finalPath, JSON.stringify(manifest, null, 2));
|
|
271
305
|
|
|
272
|
-
this._recordEvent('sbom_exported', { path: finalPath });
|
|
306
|
+
await this._recordEvent('sbom_exported', { path: finalPath });
|
|
273
307
|
return finalPath;
|
|
274
308
|
} catch (err) {
|
|
275
309
|
console.error(`[NexusTracer] Failed to export SBOM: ${err.message}`);
|
|
@@ -278,4 +312,9 @@ class NexusTracer {
|
|
|
278
312
|
}
|
|
279
313
|
}
|
|
280
314
|
|
|
281
|
-
|
|
315
|
+
// Global Singleton Instance for easy mesh-wide access
|
|
316
|
+
const globalTracer = new NexusTracer();
|
|
317
|
+
|
|
318
|
+
// Export both the class and the global instance
|
|
319
|
+
module.exports = globalTracer;
|
|
320
|
+
module.exports.NexusTracer = NexusTracer;
|
|
@@ -0,0 +1,72 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* MindForge v6.1.0-alpha — Neural Drift Remediation (NDR)
|
|
3
|
+
* Component: Remediation Engine (Pillar X)
|
|
4
|
+
*
|
|
5
|
+
* Triggers corrective actions when logic drift or reasoning
|
|
6
|
+
* stagnation is detected.
|
|
7
|
+
*/
|
|
8
|
+
'use strict';
|
|
9
|
+
|
|
10
|
+
const driftDetector = require('./logic-drift-detector');
|
|
11
|
+
|
|
12
|
+
class RemediationEngine {
|
|
13
|
+
constructor() {
|
|
14
|
+
this.activeRemediations = new Set();
|
|
15
|
+
}
|
|
16
|
+
|
|
17
|
+
/**
|
|
18
|
+
* Triggers a specific remediation workflow.
|
|
19
|
+
* @param {string} spanId
|
|
20
|
+
* @param {Object} report - From LogicDriftDetector
|
|
21
|
+
*/
|
|
22
|
+
async trigger(spanId, report) {
|
|
23
|
+
const { drift_score, markers } = report;
|
|
24
|
+
let strategy = 'NOT_REQUIRED';
|
|
25
|
+
|
|
26
|
+
// Tiered Remediation Logic
|
|
27
|
+
if (drift_score > 0.9) strategy = 'REASONING_RESTART';
|
|
28
|
+
else if (drift_score > 0.8) strategy = 'GOLDEN_TRACE_INJECTION';
|
|
29
|
+
else if (drift_score > 0.75) strategy = 'CONTEXT_COMPRESSION';
|
|
30
|
+
|
|
31
|
+
if (strategy === 'NOT_REQUIRED') return { status: 'STABLE', strategy };
|
|
32
|
+
|
|
33
|
+
const action = {
|
|
34
|
+
span_id: spanId,
|
|
35
|
+
strategy,
|
|
36
|
+
remediation_id: `rem_${Math.random().toString(36).substr(2, 6)}`,
|
|
37
|
+
timestamp: new Date().toISOString(),
|
|
38
|
+
effectiveness_prediction: 0.85
|
|
39
|
+
};
|
|
40
|
+
|
|
41
|
+
console.log(`[Remediation] Triggered ${strategy} for ${spanId} (Drift: ${drift_score})`);
|
|
42
|
+
|
|
43
|
+
this.activeRemediations.add(action);
|
|
44
|
+
|
|
45
|
+
// Simulating specific remediation actions
|
|
46
|
+
this._executeStrategy(strategy, spanId);
|
|
47
|
+
|
|
48
|
+
return action;
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
/**
|
|
52
|
+
* Mock implementation of remediation strategies.
|
|
53
|
+
*/
|
|
54
|
+
async _executeStrategy(strategy, spanId) {
|
|
55
|
+
switch(strategy) {
|
|
56
|
+
case 'REASONING_RESTART':
|
|
57
|
+
console.log(`[Remediation] Forcing reasoner reset for ${spanId}`);
|
|
58
|
+
// Logic to clear local thought window for span
|
|
59
|
+
break;
|
|
60
|
+
case 'GOLDEN_TRACE_INJECTION':
|
|
61
|
+
console.log(`[Remediation] Injecting successful trace heuristics into ${spanId}`);
|
|
62
|
+
// Logic to pull from Semantic Hub successful past traces
|
|
63
|
+
break;
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
|
|
67
|
+
getActiveRemediations() {
|
|
68
|
+
return Array.from(this.activeRemediations);
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
|
|
72
|
+
module.exports = new RemediationEngine();
|
|
@@ -6,6 +6,10 @@
|
|
|
6
6
|
|
|
7
7
|
const crypto = require('crypto');
|
|
8
8
|
|
|
9
|
+
// Simulated System DID for Enclave Proofs (Tier 3)
|
|
10
|
+
const ENCLAVE_PRIVATE_KEY = 'tier3-enclave-secret-key-sim'; // In production, this would be a TEE-bound private key
|
|
11
|
+
const SYSTEM_DID = 'did:mindforge:enclave:0xbeast';
|
|
12
|
+
|
|
9
13
|
class SREManager {
|
|
10
14
|
constructor() {
|
|
11
15
|
this.activeEnclaves = new Map();
|
|
@@ -26,7 +30,8 @@ class SREManager {
|
|
|
26
30
|
startedAt: new Date().toISOString(),
|
|
27
31
|
principal: context.did,
|
|
28
32
|
hasIP: true,
|
|
29
|
-
isolationLevel: 'Hardware-Enclave (Simulated)'
|
|
33
|
+
isolationLevel: 'Hardware-Enclave (Simulated)',
|
|
34
|
+
cumulativeHash: null // Root of the proof chain
|
|
30
35
|
});
|
|
31
36
|
|
|
32
37
|
console.log(`[SRE-INIT] Initialized Sovereign Reason Enclave: ${enclaveId} for ${context.did}`);
|
|
@@ -34,19 +39,68 @@ class SREManager {
|
|
|
34
39
|
}
|
|
35
40
|
|
|
36
41
|
/**
|
|
37
|
-
* Sanitizes a thought chain
|
|
38
|
-
* Ensures that sensitive IP or "zero-visibility" thoughts are isolated.
|
|
42
|
+
* Sanitizes a thought chain and generates a ZK-Proof Compliance Certificate.
|
|
43
|
+
* Ensures that sensitive IP or "zero-visibility" thoughts are isolated while proving audit-eligibility.
|
|
39
44
|
* @param {string} thoughtChain - The raw agentic thought chain.
|
|
40
|
-
* @
|
|
45
|
+
* @param {string} enclaveId - The active enclave ID.
|
|
46
|
+
* @param {Object} policyResult - Whether the content passed internal policy checks.
|
|
47
|
+
* @returns {Object} - ZK-Proof compliance certificate.
|
|
41
48
|
*/
|
|
42
|
-
sanitizeThoughtChain(thoughtChain, enclaveId) {
|
|
43
|
-
if (!this.activeEnclaves.has(enclaveId))
|
|
49
|
+
sanitizeThoughtChain(thoughtChain, enclaveId, policyResult = { passed: true }) {
|
|
50
|
+
if (!this.activeEnclaves.has(enclaveId)) {
|
|
51
|
+
return { status: 'PLAINTEXT', content: thoughtChain };
|
|
52
|
+
}
|
|
44
53
|
|
|
45
|
-
//
|
|
46
|
-
|
|
54
|
+
// v5 Pillar VI: Merkle-style Cumulative Hash Chain
|
|
55
|
+
const enclaveData = this.activeEnclaves.get(enclaveId);
|
|
56
|
+
const prevHash = enclaveData.cumulativeHash;
|
|
47
57
|
const digest = crypto.createHash('sha256').update(thoughtChain).digest('hex');
|
|
48
58
|
|
|
49
|
-
|
|
59
|
+
// Generate a simulated ZK-Proof Compliance Certificate
|
|
60
|
+
const proofPayload = {
|
|
61
|
+
enclaveId: enclaveId,
|
|
62
|
+
digest: digest,
|
|
63
|
+
prevHash: prevHash, // Links the chain
|
|
64
|
+
policyPassed: policyResult.passed,
|
|
65
|
+
timestamp: new Date().toISOString(),
|
|
66
|
+
principal: enclaveData.principal
|
|
67
|
+
};
|
|
68
|
+
|
|
69
|
+
// Sign the proof with the Enclave Private Key
|
|
70
|
+
const signature = crypto.createHmac('sha256', ENCLAVE_PRIVATE_KEY)
|
|
71
|
+
.update(JSON.stringify(proofPayload))
|
|
72
|
+
.digest('hex');
|
|
73
|
+
|
|
74
|
+
// Update the cumulative hash for the next block
|
|
75
|
+
const proofHash = crypto.createHash('sha256').update(signature).digest('hex');
|
|
76
|
+
enclaveData.cumulativeHash = proofHash;
|
|
77
|
+
|
|
78
|
+
const certificate = {
|
|
79
|
+
status: 'SRE-ISOLATED',
|
|
80
|
+
proof: proofPayload,
|
|
81
|
+
signature: signature,
|
|
82
|
+
proofHash: proofHash,
|
|
83
|
+
verificationDid: SYSTEM_DID,
|
|
84
|
+
message: `[SRE-ZK-PROOF] Confidential reasoning (sha256:${digest.substring(0, 8)}...) verified by Enclave Auditor.`
|
|
85
|
+
};
|
|
86
|
+
|
|
87
|
+
return certificate;
|
|
88
|
+
}
|
|
89
|
+
|
|
90
|
+
/**
|
|
91
|
+
* Verifies an SRE Compliance Certificate without seeing the original content.
|
|
92
|
+
*/
|
|
93
|
+
verifyZKProof(certificate) {
|
|
94
|
+
if (certificate.status !== 'SRE-ISOLATED') return false;
|
|
95
|
+
|
|
96
|
+
const expectedSignature = crypto.createHmac('sha256', ENCLAVE_PRIVATE_KEY)
|
|
97
|
+
.update(JSON.stringify(certificate.proof))
|
|
98
|
+
.digest('hex');
|
|
99
|
+
|
|
100
|
+
const isValid = (expectedSignature === certificate.signature);
|
|
101
|
+
const policyPassed = certificate.proof.policyPassed;
|
|
102
|
+
|
|
103
|
+
return isValid && policyPassed;
|
|
50
104
|
}
|
|
51
105
|
|
|
52
106
|
/**
|
|
@@ -1,9 +1,12 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* MindForge
|
|
2
|
+
* MindForge v6.0.0 — Context-Aware Dynamic Impact Analysis (CADIA)
|
|
3
3
|
* Calculates the 'Blast Radius' score of a proposed intent.
|
|
4
4
|
*/
|
|
5
5
|
'use strict';
|
|
6
6
|
|
|
7
|
+
const fs = require('node:fs');
|
|
8
|
+
const path = require('node:path');
|
|
9
|
+
|
|
7
10
|
class ImpactAnalyzer {
|
|
8
11
|
static CRITICAL_PATHS = [
|
|
9
12
|
'.env',
|
|
@@ -27,18 +30,22 @@ class ImpactAnalyzer {
|
|
|
27
30
|
'READ': 1,
|
|
28
31
|
'WRITE': 5,
|
|
29
32
|
'DELETE': 10,
|
|
30
|
-
'EXECUTE': 15,
|
|
31
|
-
'GRANT': 20
|
|
33
|
+
'EXECUTE': 15,
|
|
34
|
+
'GRANT': 20
|
|
32
35
|
};
|
|
33
36
|
|
|
37
|
+
// Cache for session-based entropy tracking
|
|
38
|
+
static sessionState = new Map();
|
|
39
|
+
|
|
34
40
|
/**
|
|
35
|
-
* Scores an intent based on
|
|
41
|
+
* [CADIA] Scores an intent based on architectural influence, session entropy, and trust tiers.
|
|
36
42
|
* Score Range: 0 - 100
|
|
37
43
|
*/
|
|
38
|
-
static analyze(intent) {
|
|
44
|
+
static analyze(intent, context = {}) {
|
|
39
45
|
const { action, target, namespace } = intent;
|
|
40
|
-
|
|
41
|
-
|
|
46
|
+
const { sessionId = 'default', trustTier = 0, currentGoal = '' } = context;
|
|
47
|
+
|
|
48
|
+
// 1. Critical Path Protection (Hardened)
|
|
42
49
|
const isCritical = this.CRITICAL_PATHS.some(cp =>
|
|
43
50
|
(target && (target.endsWith(cp) || target.includes(`/${cp}`)))
|
|
44
51
|
);
|
|
@@ -49,33 +56,86 @@ class ImpactAnalyzer {
|
|
|
49
56
|
|
|
50
57
|
let score = this.ACTION_SCORES[action] || 5;
|
|
51
58
|
|
|
52
|
-
// 2.
|
|
59
|
+
// 2. [NEW] Architectural Influence Engine (x2.5 multiplier)
|
|
60
|
+
if (this.isArchitecturallySignificant(target)) {
|
|
61
|
+
score *= 2.5;
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
// 3. Sensitive Namespace Multiplier (x4.0 multiplier)
|
|
53
65
|
const isSensitive = this.SENSITIVE_NAMESPACES.some(ns =>
|
|
54
66
|
(target && target.includes(ns)) || (namespace && namespace.includes(ns))
|
|
55
67
|
);
|
|
56
68
|
|
|
57
69
|
if (isSensitive) {
|
|
58
|
-
score *= 4;
|
|
70
|
+
score *= 4.0;
|
|
59
71
|
}
|
|
60
72
|
|
|
61
|
-
//
|
|
73
|
+
// 4. [NEW] Session Entropy Tracker (+15 penalty)
|
|
74
|
+
const sessCount = (this.sessionState.get(sessionId) || 0) + 1;
|
|
75
|
+
this.sessionState.set(sessionId, sessCount);
|
|
76
|
+
|
|
77
|
+
if (sessCount > 5) {
|
|
78
|
+
score += (sessCount - 5) * 15;
|
|
79
|
+
}
|
|
80
|
+
|
|
81
|
+
// 5. [NEW] Goal-to-Path Alignment (+40 penalty)
|
|
82
|
+
if (currentGoal && !this.isGoalAligned(target, currentGoal)) {
|
|
83
|
+
score += 40;
|
|
84
|
+
}
|
|
85
|
+
|
|
86
|
+
// 6. [NEW] ZTAI-Trust Scaling (Risk buffer)
|
|
87
|
+
const trustBuffer = trustTier * 10;
|
|
88
|
+
score = Math.max(0, score - trustBuffer);
|
|
89
|
+
|
|
90
|
+
// 7. Recursive Depth Scale
|
|
62
91
|
if (target && target.split('/').length > 5) {
|
|
63
|
-
score *= 1.
|
|
92
|
+
score *= 1.25;
|
|
64
93
|
}
|
|
65
94
|
|
|
66
|
-
// Cap the score at 100
|
|
67
95
|
return Math.min(Math.round(score), 100);
|
|
68
96
|
}
|
|
69
97
|
|
|
98
|
+
|
|
99
|
+
/**
|
|
100
|
+
* Identifies files with high architectural side-effects.
|
|
101
|
+
*/
|
|
102
|
+
static isArchitecturallySignificant(filePath) {
|
|
103
|
+
if (!filePath) return false;
|
|
104
|
+
const highWeightDirs = ['bin/governance', 'bin/engine', 'bin/models', '.mindforge/intelligence'];
|
|
105
|
+
const highWeightFiles = ['package.json', 'sdk/nexus-core.js', 'bin/mindforge-cli.js'];
|
|
106
|
+
|
|
107
|
+
return highWeightDirs.some(d => filePath.includes(d)) ||
|
|
108
|
+
highWeightFiles.some(f => filePath.endsWith(f));
|
|
109
|
+
}
|
|
110
|
+
|
|
70
111
|
/**
|
|
71
|
-
*
|
|
112
|
+
* Checks if the target path semantically aligns with the current active goal/phase.
|
|
72
113
|
*/
|
|
114
|
+
static isGoalAligned(filePath, currentGoal) {
|
|
115
|
+
if (!currentGoal || !filePath) return true; // Default to neutral if no goal set
|
|
116
|
+
|
|
117
|
+
// Simple heuristic: Does the goal mention the file or directory?
|
|
118
|
+
const normalizedGoal = currentGoal.toLowerCase();
|
|
119
|
+
const normalizedPath = filePath.toLowerCase();
|
|
120
|
+
|
|
121
|
+
// Extract domain (e.g., 'auth', 'ui', 'api')
|
|
122
|
+
const domain = normalizedPath.split('/')[0];
|
|
123
|
+
|
|
124
|
+
return normalizedGoal.includes(domain) ||
|
|
125
|
+
normalizedGoal.includes(path.basename(normalizedPath, path.extname(normalizedPath)));
|
|
126
|
+
}
|
|
127
|
+
|
|
73
128
|
static getRiskTier(score) {
|
|
74
|
-
if (score <
|
|
129
|
+
if (score < 25) return 'LOW';
|
|
75
130
|
if (score < 50) return 'MEDIUM';
|
|
76
|
-
if (score <
|
|
131
|
+
if (score < 75) return 'HIGH';
|
|
77
132
|
return 'CRITICAL';
|
|
78
133
|
}
|
|
134
|
+
|
|
135
|
+
static resetSession(sessionId) {
|
|
136
|
+
this.sessionState.delete(sessionId);
|
|
137
|
+
}
|
|
79
138
|
}
|
|
80
139
|
|
|
81
140
|
module.exports = ImpactAnalyzer;
|
|
141
|
+
|