mindforge-cc 6.7.0 → 8.0.0

package/bin/engine/nexus-tracer.js

@@ -10,8 +10,11 @@ const path = require('path');
 const crypto = require('crypto');
 const ztai = require('../governance/ztai-manager');
 const SREManager = require('./sre-manager');
+const configManager = require('../governance/config-manager');
 const driftDetector = require('./logic-drift-detector'); // v6.1 Pillar X
 const remediationEngine = require('./remediation-engine'); // v6.1 Pillar X
+const logicValidator = require('./logic-validator'); // v7 Pillar X
+const vectorHub = require('../memory/vector-hub'); // v8 Pillar XV
 
 class NexusTracer {
   constructor(config = {}) {
@@ -22,19 +25,21 @@ class NexusTracer {
     this.did = config.did || null; // Active Agent DID
     this.enableZtai = config.enableZtai !== false;
     this.sreManager = new SREManager();
+    this.vhInitialized = false;
 
-    // v5/v6: Reasoning Entropy Monitoring (RES)
-    this.RES_THRESHOLD = 0.8; 
+    // v7: Centralized Thresholds
+    this.RES_THRESHOLD = configManager.get('governance.res_threshold', 0.8); 
     this.entropyCache = new Map(); 
 
     // v6.1: Neural Drift Remediation (NDR)
     this.DRIFT_SAMPLE_RATE = 1.0; 
 
-    // v5 Pillar IV: Agentic SBOM
+    // v7: Agentic SBOM with Arbitrage
     this.sbom = {
-      manifest_version: '1.0.0',
+      manifest_version: '1.1.0',
       models: new Set(),
       skills: new Set(),
+      arbitrage_total: 0,
       startTime: new Date().toISOString()
     };
   }
@@ -148,15 +153,26 @@ class NexusTracer {
 
     // v6.1 Pillar X: Neural Drift Remediation (NDR)
     const driftReport = driftDetector.analyze(spanId, sanitizedThought);
-    if (driftReport.status === 'DRIFT_DETECTED') {
-      const remediation = await remediationEngine.trigger(spanId, driftReport);
+
+    // v7 Pillar X: Semantic Logic Validation
+    const validationResult = await logicValidator.validate(sanitizedThought, { span_id: spanId });
+    
+    if (driftReport.status === 'DRIFT_DETECTED' || !validationResult.is_valid) {
+      const remediation = await remediationEngine.trigger(spanId, {
+        ...driftReport,
+        invalid_logic: !validationResult.is_valid
+      });
       
       await this._recordEvent('drift_remediation_event', {
         span_id: spanId,
         score: driftReport.drift_score,
         strategy: remediation.strategy,
         remediation_id: remediation.remediation_id,
-        markers: driftReport.markers
+        markers: driftReport.markers,
+        validation: {
+          is_valid: validationResult.is_valid,
+          critique: validationResult.critique
+        }
       });
     }
 
@@ -247,7 +263,6 @@ class NexusTracer {
     if (this.enableZtai && this.did) {
       try {
         entry.did = this.did;
-        // Sign the stringified entry WITHOUT the signature field itself
         const payload = JSON.stringify(entry);
         entry.signature = await ztai.signData(this.did, payload);
       } catch (err) {
@@ -255,6 +270,27 @@ class NexusTracer {
       }
     }
 
+    // v8: SQLite Persistence (VectorHub)
+    try {
+      if (!this.vhInitialized) {
+        await vectorHub.init();
+        this.vhInitialized = true;
+      }
+      await vectorHub.recordTrace({
+        id: entry.id,
+        trace_id: entry.trace_id,
+        span_id: data.span_id || null,
+        event: event,
+        timestamp: entry.timestamp,
+        agent: data.agent || null,
+        content: data.thought || data.span_name || data.strategy || null,
+        metadata: entry,
+        drift_score: data.drift_score || 0
+      });
+    } catch (err) {
+      console.warn(`[NexusTracer] VectorHub persist failed: ${err.message}`);
+    }
+
     try {
       if (!fs.existsSync(path.dirname(this.auditPath))) {
         fs.mkdirSync(path.dirname(this.auditPath), { recursive: true });

package/bin/engine/orbital-guardian.js

@@ -0,0 +1,84 @@
+/**
+ * MindForge v8 — Orbital Governance
+ * Component: Orbital Guardian (Pillar XVIII)
+ * 
+ * Manages hardware-bound/biometric attestations for high-blast-radius actions.
+ */
+'use strict';
+
+const vectorHub = require('../memory/vector-hub');
+const ztaiManager = require('../governance/ztai-manager');
+const crypto = require('node:crypto');
+
+class OrbitalGuardian {
+  constructor() {
+    this.vhInitialized = false;
+  }
+
+  async ensureInit() {
+    if (!this.vhInitialized) {
+      await vectorHub.init();
+      this.vhInitialized = true;
+    }
+  }
+
+  /**
+   * Generates a new hardware-attested approval report.
+   * Mimics a biometric/HSM handshake.
+   */
+  async attest(requestId, did, payload) {
+    await this.ensureInit();
+    console.log(`[ORBITAL-GUARDIAN] Requesting Hardware Attestation for [${requestId}] via [${did}]`);
+
+    const agent = ztaiManager.getAgent(did);
+    if (!agent || agent.tier < 3) {
+      throw new Error(`[ORBITAL-GUARDIAN] DID ${did} has insufficient Trust Tier for Orbital Attestation.`);
+    }
+
+    // 1. Sign the attestation payload using the Hardware Enclave provider
+    const attestationPayload = await ztaiManager.signData(did, JSON.stringify({
+      requestId,
+      payload,
+      timestamp: new Date().toISOString()
+    }));
+
+    const attestation = {
+      id: `att_${crypto.randomBytes(4).toString('hex')}`,
+      request_id: requestId,
+      status: 'APPROVED',
+      attestation_payload: attestationPayload,
+      timestamp: new Date().toISOString()
+    };
+
+    // 2. Persist to SQLite (Source of truth for v8 Governance Dashboard)
+    await vectorHub.db.insertInto('attestations')
+      .values(attestation)
+      .execute();
+
+    console.log(`[ORBITAL-GUARDIAN] Attestation SUCCESS: ${attestation.id}`);
+    return attestation;
+  }
+
+  /**
+   * Verifies if a request has a valid hardware bypass.
+   */
+  async verify(requestId) {
+    await this.ensureInit();
+    
+    const record = await vectorHub.db.selectFrom('attestations')
+      .selectAll()
+      .where('request_id', '=', requestId)
+      .where('status', '=', 'APPROVED')
+      .executeTakeFirst();
+
+    if (!record) return { verified: false };
+
+    return {
+      verified: true,
+      id: record.id,
+      timestamp: record.timestamp
+    };
+  }
+}
+
+module.exports = new OrbitalGuardian();

package/bin/engine/remediation-engine.js

@@ -7,7 +7,9 @@
  */
 'use strict';
 
-const driftDetector = require('./logic-drift-detector');
+const remediationQueue = require('../revops/remediation-queue');
+const logicValidator = require('./logic-validator');
+const semanticHub = require('../memory/semantic-hub');
 
 class RemediationEngine {
   constructor() {
@@ -25,7 +27,7 @@ class RemediationEngine {
 
     // Tiered Remediation Logic
     if (drift_score > 0.9) strategy = 'REASONING_RESTART';
-    else if (drift_score > 0.8) strategy = 'GOLDEN_TRACE_INJECTION';
+    else if (drift_score > 0.8 || report.invalid_logic) strategy = 'GOLDEN_TRACE_INJECTION';
     else if (drift_score > 0.75) strategy = 'CONTEXT_COMPRESSION';
 
     if (strategy === 'NOT_REQUIRED') return { status: 'STABLE', strategy };
@@ -38,18 +40,19 @@ class RemediationEngine {
       effectiveness_prediction: 0.85
     };
 
-    console.log(`[Remediation] Triggered ${strategy} for ${spanId} (Drift: ${drift_score})`);
+    console.log(`[Remediation] Triggered ${strategy} for ${spanId} (Score: ${drift_score})`);
     
-    this.activeRemediations.add(action);
-    
-    // Simulating specific remediation actions
+    // v7: Finalize with Stateful Queueing
+    await remediationQueue.enqueue(action);
+
+    // Mock implementation of remediation execution
     this._executeStrategy(strategy, spanId);
 
     return action;
   }
 
   /**
-   * Mock implementation of remediation strategies.
+   * functional implementation of remediation strategies.
    */
   async _executeStrategy(strategy, spanId) {
     switch(strategy) {
@@ -59,7 +62,13 @@ class RemediationEngine {
         break;
       case 'GOLDEN_TRACE_INJECTION':
         console.log(`[Remediation] Injecting successful trace heuristics into ${spanId}`);
-        // Logic to pull from Semantic Hub successful past traces
+        const traces = await semanticHub.getGoldenTraces();
+        if (traces.length > 0) {
+           const bestTrace = traces[0];
+           console.log(`[Remediation] Injected Golden Trace: ${bestTrace.id} (Skill: ${bestTrace.skill})`);
+        } else {
+           console.warn(`[Remediation] No Golden Traces found in SemanticHub for injection.`);
+        }
         break;
     }
   }

package/bin/engine/skill-evolver.js

@@ -0,0 +1,105 @@
+/**
+ * MindForge v8 — Autonomous Skill Evolution (ASE)
+ * Component: Skill Evolver (Pillar XVII)
+ * 
+ * Mines successful reasoning patterns to synthesize new reusable skills.
+ */
+'use strict';
+
+const vectorHub = require('../memory/vector-hub');
+const semanticHub = require('../memory/semantic-hub');
+const configManager = require('../governance/config-manager');
+const crypto = require('node:crypto');
+
+class SkillEvolver {
+  constructor() {
+    this.vhInitialized = false;
+    this.threshold = configManager.get('ase.max_drift_threshold', 0.1);
+    this.minCount = configManager.get('ase.min_success_count', 3);
+  }
+
+  async ensureInit() {
+    if (!this.vhInitialized) {
+      await vectorHub.init();
+      this.vhInitialized = true;
+    }
+  }
+
+  /**
+   * Main evolution loop.
+   */
+  async evolve() {
+    await this.ensureInit();
+    console.log('[ASE] Starting skill evolution cycle...');
+
+    // 1. Mine Golden Traces (Drift < 0.1)
+    const goldenTraces = await vectorHub.db.selectFrom('traces')
+      .selectAll()
+      .where('drift_score', '<', this.threshold)
+      .where('event', '=', 'reasoning_trace')
+      .execute();
+
+    if (goldenTraces.length < this.minCount) {
+      console.log(`[ASE] Only ${goldenTraces.length} golden traces found. Threshold is ${this.minCount}. Evolution deferred.`);
+      return [];
+    }
+
+    // 2. Identify Patterns (Group by shared agent + metadata intent)
+    const candidates = this._clusterTraces(goldenTraces);
+    const evolvedSkills = [];
+
+    for (const cluster of candidates) {
+      if (cluster.traces.length >= this.minCount) {
+        const skill = await this._synthesize(cluster);
+        await semanticHub.saveSkill(skill);
+        evolvedSkills.push(skill);
+      }
+    }
+
+    console.log(`[ASE] Evolution complete. Synthesized ${evolvedSkills.length} new skills.`);
+    return evolvedSkills;
+  }
+
+  /**
+   * Internal heuristic for clustering similar reasoning spans.
+   */
+  _clusterTraces(traces) {
+    const clusters = new Map();
+
+    for (const t of traces) {
+      const metadata = JSON.parse(t.metadata || '{}');
+      // Group by agent and the first 20 chars of thought as a simple proxy for 'intent'
+      const key = `${t.agent || 'unknown'}:${t.content.substring(0, 20)}`;
+      
+      if (!clusters.has(key)) {
+        clusters.set(key, { traces: [], agent: t.agent, intent: t.content.substring(0, 50) });
+      }
+      clusters.get(key).traces.push(t);
+    }
+
+    return Array.from(clusters.values());
+  }
+
+  /**
+   * Synthesize a skill from a cluster of successful traces.
+   */
+  async _synthesize(cluster) {
+    const id = `ev_${crypto.randomBytes(4).toString('hex')}`;
+    const timestamp = new Date().toISOString();
+    
+    // Abstract the strategy from the trace content
+    const summary = cluster.traces.map(t => `- ${t.content}`).join('\n');
+    
+    return {
+      id,
+      name: `Synthesized Skill (${cluster.agent}) - ${id}`,
+      description: `Autonomous adaptation from ${cluster.traces.length} successful golden traces.\nPatterns identified:\n${summary}`,
+      success_rate: 1.0, // Initial confidence is high due to mining golden traces
+      is_autonomous: true,
+      source_trace_id: cluster.traces[0].trace_id,
+      path: `ase/evolved/${id}.skill.md`
+    };
+  }
+}
+
+module.exports = new SkillEvolver();

package/bin/engine/test-remediation.js

@@ -0,0 +1,61 @@
+/**
+ * MindForge v7 — NDR Integration Test
+ * Verifies that logic drift triggers remediation and pulls from SemanticHub.
+ */
+'use strict';
+
+const fs = require('node:fs');
+const path = require('node:path');
+const os = require('node:os');
+const driftDetector = require('./logic-drift-detector');
+const remediationEngine = require('./remediation-engine');
+const semanticHub = require('../memory/semantic-hub');
+
+async function testNDR() {
+  console.log('--- NDR Pillar Test ---');
+
+  // 1. Setup Mock Semantic Hub Data
+  const globalPath = path.join(os.homedir(), '.mindforge/memory/global');
+  const patternFile = path.join(globalPath, 'pattern-library.jsonl');
+  
+  if (!fs.existsSync(globalPath)) {
+    fs.mkdirSync(globalPath, { recursive: true });
+  }
+
+  const mockTrace = {
+    id: 'gt_test_001',
+    type: 'golden-trace',
+    skill: 'testing',
+    tags: ['success', 'logic-fix'],
+    content: 'Always verify before you trust.'
+  };
+
+  fs.appendFileSync(patternFile, JSON.stringify(mockTrace) + '\n');
+  console.log('[Test Setup] Injected mock golden trace into global hub.');
+
+  // 2. Simulate Drift
+  const spanId = 'sp_test_drift';
+  const ramblingThought = 'I am thinking about the thing and the thing is a thing and I keep repeating the thing because things are things.';
+  
+  const report = driftDetector.analyze(spanId, ramblingThought);
+  console.log(`[Drift Detector] Report Status: ${report.status} (Score: ${report.drift_score})`);
+
+  if (report.status !== 'DRIFT_DETECTED') {
+    throw new Error('Drift detector failed to recognize rambling pattern');
+  }
+
+  // 3. Trigger Remediation
+  const action = await remediationEngine.trigger(spanId, report);
+  console.log(`[Remediation Engine] Action: ${action.strategy} (ID: ${action.remediation_id})`);
+
+  if (action.strategy !== 'GOLDEN_TRACE_INJECTION') {
+    throw new Error(`Expected GOLDEN_TRACE_INJECTION but got ${action.strategy}`);
+  }
+
+  console.log('PASSED');
+}
+
+testNDR().catch(err => {
+  console.error(`FAILED: ${err.message}`);
+  process.exit(1);
+});

package/bin/engine/test-v7-blueprint.js

@@ -0,0 +1,44 @@
+/**
+ * MindForge v7 — Test Suite
+ * Blueprint Verification: NDR Pillar X
+ */
+'use strict';
+
+const tracer = require('./nexus-tracer');
+const remediationQueue = require('../revops/remediation-queue');
+const fs = require('node:fs');
+
+async function testNDRBlueprint() {
+  console.log('--- STARTING NDR BLUEPRINT VERIFICATION ---');
+
+  // Clear existing queue for clean test
+  if (fs.existsSync(remediationQueue.queuePath)) fs.unlinkSync(remediationQueue.queuePath);
+
+  // We need to create an active span to record reasoning
+  await tracer.startSpan('span_stable', { agent: 'mf-researcher' });
+  await tracer.startSpan('span_drift', { agent: 'mf-researcher' });
+
+  // 1. Simulate a Stable Thought (should have high confidence)
+  console.log('\n[TEST 1] Testing Stable reasoning...');
+  await tracer.recordReasoning('span_stable', 'mf-researcher', 'I will now analyze the dependencies and create a plan.');
+  
+  // 2. Simulate a Drifting Thought (should trigger validator critique)
+  console.log('\n[TEST 2] Testing Drifting reasoning (Self-Doubt)...');
+  await tracer.recordReasoning('span_drift', 'mf-researcher', 'I am not sure how to proceed, maybe I should wait and check the goal again.');
+
+  // 3. Verify Queue Persistence
+  const pending = remediationQueue.getPending();
+  console.log(`\n[RESULT] Pending Remediations in Queue: ${pending.length}`);
+  
+  if (pending.length > 0) {
+    console.log('--- NDR BLUEPRINT VERIFICATION PASSED ---');
+  } else {
+    console.error('--- NDR BLUEPRINT VERIFICATION FAILED: No remediation queued ---');
+    process.exit(1);
+  }
+}
+
+testNDRBlueprint().catch(err => {
+  console.error(err);
+  process.exit(1);
+});

package/bin/governance/config-manager.js

@@ -0,0 +1,85 @@
+/**
+ * MindForge v7 — Core Governance
+ * Component: Config Manager
+ * 
+ * Centralized configuration loader for MindForge system parameters.
+ */
+'use strict';
+
+const fs = require('node:fs');
+const path = require('node:path');
+
+class ConfigManager {
+  constructor() {
+    this.configPath = path.join(process.cwd(), '.mindforge', 'config.json');
+    this.config = null;
+    this._loadConfig();
+  }
+
+  _loadConfig() {
+    try {
+      if (fs.existsSync(this.configPath)) {
+        const raw = fs.readFileSync(this.configPath, 'utf8');
+        this.config = JSON.parse(raw);
+        console.log(`[ConfigManager] Loaded configuration from ${this.configPath}`);
+      } else {
+        console.warn(`[ConfigManager] Config file not found at ${this.configPath}. Using defaults.`);
+        this.config = { env: 'default' };
+      }
+    } catch (err) {
+      console.error(`[ConfigManager] Failed to load config: ${err.message}`);
+      this.config = { error: err.message };
+    }
+  }
+
+  get(key, defaultValue = null) {
+    const keys = key.split('.');
+    let value = this.config;
+
+    for (const k of keys) {
+      if (value && Object.prototype.hasOwnProperty.call(value, k)) {
+        value = value[k];
+      } else {
+        return defaultValue;
+      }
+    }
+    return value;
+  }
+
+  set(key, value) {
+    const keys = key.split('.');
+    let target = this.config;
+
+    for (let i = 0; i < keys.length - 1; i++) {
+      const k = keys[i];
+      if (!target[k]) target[k] = {};
+      target = target[k];
+    }
+    target[keys[keys.length - 1]] = value;
+    
+    this._save();
+    return value;
+  }
+
+  _save() {
+    try {
+      if (!fs.existsSync(path.dirname(this.configPath))) {
+        fs.mkdirSync(path.dirname(this.configPath), { recursive: true });
+      }
+      fs.writeFileSync(this.configPath, JSON.stringify(this.config, null, 2));
+    } catch (err) {
+      console.error(`[ConfigManager] Failed to save config: ${err.message}`);
+    }
+  }
+
+  getAll() {
+    return this.config;
+  }
+
+  reload() {
+    this._loadConfig();
+    return this.config;
+  }
+}
+
+module.exports = new ConfigManager();

package/bin/governance/policies/critical-data.json

@@ -0,0 +1 @@
+{"id":"pol_critical_001","effect":"PERMIT","max_impact":100,"conditions":{"resource":"STATE.md"}}

package/bin/governance/policy-engine.js

@@ -7,6 +7,7 @@
 const fs = require('node:fs');
 const path = require('node:path');
 const ImpactAnalyzer = require('./impact-analyzer');
+const policyGate = require('./policy-gate-hardened');
 
 class PolicyEngine {
   constructor(config = {}) {
@@ -25,7 +26,7 @@ class PolicyEngine {
   /**
    * Evaluates an agent's intent against all active policies using CADIA.
    */
-  evaluate(intent) {
+  async evaluate(intent) {
     const requestId = `pol_${Date.now()}_${Math.random().toString(36).slice(2, 7)}`;
     const sessionId = intent.sessionId || 'default_session';
     const currentGoal = this.getCurrentGoal();
@@ -67,22 +68,26 @@ class PolicyEngine {
     // 2. Pillar II (v6.0.0): Dynamic Blast Radius Enforcement with Tier 3 Bypass
     for (const policy of policies) {
       if (this.matches(policy, intent)) {
-        if (policy.max_impact && impactScore > policy.max_impact) {
+        if (policy.max_impact && impactScore >= policy.max_impact) {
           
-          // [PQAS] v7: Edge-Case Biometric Bypass for Risk > 95
+          // [PQAS] v7: Hardened Biometric Bypass for Risk > 95
           if (impactScore > 95) {
-            console.log(`[PQAS-BIOMETRIC] [${requestId}] CRITICAL RISK detected (${impactScore}). Triggering Last-Resort Biometric Challenge...`);
-            if (intent.biometric_approval !== 'APPROVED_BY_EXECUTIVE') {
+            const gateResult = await policyGate.evaluateBypass(intent, impactScore);
+            if (gateResult.status === 'WAIT_FOR_BIOMETRIC') {
               verdict = { 
                 verdict: 'DENY', 
-                reason: `PQAS Biometric Violation: High-impact mutation (${impactScore}) requires manual WebAuthn/Biometric steering.`, 
+                reason: gateResult.reason, 
                 requestId,
-                status: 'WAIT_FOR_BIOMETRIC'
+                status: 'WAIT_FOR_BIOMETRIC',
+                challenge_id: gateResult.challenge_id
               };
               this.logAudit(intent, impactScore, verdict);
               return verdict;
             }
-            console.log(`[PQAS-BIOMETRIC] [${requestId}] Biometric signature verified. Proceeding with high-risk mutation.`);
+            console.log(`[PQAS-GATE] [${requestId}] Biometric signature verified. Proceeding with high-risk mutation.`);
+            verdict = { verdict: 'PERMIT', reason: `Authorized via Biometric Bypass [${gateResult.signature || 'WEB-AUTHN-DEX'}]`, requestId };
+            this.logAudit(intent, impactScore, verdict);
+            return verdict;
           }
 
           // [ENTERPRISE] Tier 3 Reasoning/PQ Proof Bypass
@@ -183,28 +188,21 @@ class PolicyEngine {
   }
 
   /**
-   * Sovereign Intelligence (v6.2.0-alpha) status reporting.
-   * Used by /mindforge:status dashboard.
+   * Simple glob matching for policy conditions.
+   * Supports '*' (any string) and '?' (any character).
    */
-  getSovereignStatus() {
-    return {
-      pqas: {
-        active: true,
-        mode: 'Lattice-Based Sig/Encryption',
-        biometric_gating: 'ENABLED (>95 impact)',
-        last_integrity_check: new Date().toISOString()
-      },
-      proactive_homing: {
-        status: 'MANIFESTED',
-        auto_healing: 'ACTIVE',
-        drift_threshold: '15%'
-      },
-      policy_engine: {
-        version: '6.2.0-alpha',
-        sovereign_enforcement: 'STRICT',
-        total_policies: this.loadPolicies().length
-      }
-    };
+  globMatch(pattern, text) {
+    if (!pattern || !text) return false;
+    if (pattern === '*') return true;
+    
+    // Escape regex characters but keep * and ?
+    const regexStr = pattern
+      .replace(/[.+^${}()|[\]\\]/g, '\\$&')
+      .replace(/\*/g, '.*')
+      .replace(/\?/g, '.');
+      
+    const regex = new RegExp(`^${regexStr}$`, 'i');
+    return regex.test(text);
   }
 }