mneme-ai 2.60.0 → 2.62.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/index.d.ts.map +1 -1
  2. package/dist/index.js +234 -0
  3. package/dist/index.js.map +1 -1
  4. package/package.json +5 -5
package/dist/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAuIA,wBAAsB,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CA6jLvD"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAuIA,wBAAsB,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAsxLvD"}
package/dist/index.js CHANGED
@@ -4682,6 +4682,240 @@ export async function run(argv) {
4682
4682
  process.exitCode = 1;
4683
4683
  }
4684
4684
  });
4685
+ // v2.62.0 — MIRRAGE: live conscience for AI agents via MCP reverse-channel.
4686
+ // Agent calls `mneme.mirrage.scan {draft}` BEFORE shipping; per-sentence
4687
+ // nudges (5-level conscience ladder) + suggested edit + ship-block on
4688
+ // critical findings.
4689
+ const mirrageParent = program
4690
+ .command("mirrage")
4691
+ .description("v2.62 — live conscience. Default action = ledger audit.")
4692
+ .action(async () => {
4693
+ try {
4694
+ const core = await import("@mneme-ai/core");
4695
+ const led = core.mirrage.verifyLedgerChain(process.cwd());
4696
+ const rows = core.mirrage.readLedger(process.cwd());
4697
+ process.stdout.write(JSON.stringify({ ok: led.ok, rows: led.rows, brokenAt: led.brokenAt, recent: rows.slice(-10) }, null, 2) + "\n");
4698
+ }
4699
+ catch (e) {
4700
+ process.stdout.write(JSON.stringify({ ok: false, error: e.message }) + "\n");
4701
+ process.exitCode = 1;
4702
+ }
4703
+ });
4704
+ mirrageParent.command("scan")
4705
+ .description("Scan a draft for refutable claims. Returns per-sentence nudges + suggested edit + ship-block decision.")
4706
+ .requiredOption("--draft <text>", "Draft text (or use --stdin)")
4707
+ .requiredOption("--agent <id>", "Requesting agent identifier")
4708
+ .option("--cursor <n>", "Streaming mode: only scan sentences ending before this offset", (v) => Number(v))
4709
+ .option("--min-risk <n>", "Risk threshold below which no nudge is emitted (default 0.30)", (v) => Number(v), 0.30)
4710
+ .option("--banner", "Render ASCII banner instead of JSON")
4711
+ .action(async (opts) => {
4712
+ try {
4713
+ const core = await import("@mneme-ai/core");
4714
+ const r = core.mirrage.scanDraft({
4715
+ draft: opts.draft,
4716
+ agent: opts.agent,
4717
+ cursorPos: opts.cursor,
4718
+ minRisk: opts.minRisk ?? 0.30,
4719
+ cwd: process.cwd(),
4720
+ });
4721
+ if (opts.banner)
4722
+ process.stdout.write(core.mirrage.renderBanner(r) + "\n");
4723
+ else
4724
+ process.stdout.write(JSON.stringify(r, null, 2) + "\n");
4725
+ if (r.blocksShip)
4726
+ process.exitCode = 1;
4727
+ }
4728
+ catch (e) {
4729
+ process.stdout.write(JSON.stringify({ ok: false, error: e.message }) + "\n");
4730
+ process.exitCode = 1;
4731
+ }
4732
+ });
4733
+ mirrageParent.command("ack")
4734
+ .description("Acknowledge a nudge (closes alert + bumps fatigue counter + optional cross-agent wisdom broadcast).")
4735
+ .requiredOption("--scan-id <id>", "Scan id from a prior scan")
4736
+ .requiredOption("--nudge-id <id>", "Nudge id within that scan")
4737
+ .requiredOption("--agent <id>", "Acknowledging agent")
4738
+ .option("--broadcast", "Append lesson to cross-agent wisdom feed")
4739
+ .option("--sentence <text>", "Sentence (required if --broadcast)")
4740
+ .option("--level <l>", "Conscience level (hint/suggestion/warning/block/reject)")
4741
+ .option("--reason <r>", "Why the agent acked")
4742
+ .option("--fingerprint <fp>", "Fingerprint hash (for fatigue gating)")
4743
+ .action(async (opts) => {
4744
+ try {
4745
+ const core = await import("@mneme-ai/core");
4746
+ const r = core.mirrage.acknowledgeNudge({
4747
+ scanId: opts.scanId,
4748
+ nudgeId: opts.nudgeId,
4749
+ agent: opts.agent,
4750
+ broadcast: opts.broadcast === true,
4751
+ sentence: opts.sentence,
4752
+ level: opts.level,
4753
+ reason: opts.reason,
4754
+ fingerprint: opts.fingerprint,
4755
+ cwd: process.cwd(),
4756
+ });
4757
+ process.stdout.write(JSON.stringify(r, null, 2) + "\n");
4758
+ }
4759
+ catch (e) {
4760
+ process.stdout.write(JSON.stringify({ ok: false, error: e.message }) + "\n");
4761
+ process.exitCode = 1;
4762
+ }
4763
+ });
4764
+ mirrageParent.command("wisdom")
4765
+ .description("Show cross-agent wisdom feed (lessons broadcast after nudge acks).")
4766
+ .option("--limit <n>", "Max rows", (v) => Number(v), 20)
4767
+ .action(async (opts) => {
4768
+ try {
4769
+ const core = await import("@mneme-ai/core");
4770
+ const rows = core.mirrage.readWisdom(process.cwd());
4771
+ process.stdout.write(JSON.stringify({ ok: true, total: rows.length, recent: rows.slice(-(opts.limit ?? 20)) }, null, 2) + "\n");
4772
+ }
4773
+ catch (e) {
4774
+ process.stdout.write(JSON.stringify({ ok: false, error: e.message }) + "\n");
4775
+ process.exitCode = 1;
4776
+ }
4777
+ });
4778
+ mirrageParent.command("audit")
4779
+ .description("Verify the HMAC-chained nudge ledger + last N entries.")
4780
+ .option("--limit <n>", "Max rows", (v) => Number(v), 20)
4781
+ .action(async (opts) => {
4782
+ try {
4783
+ const core = await import("@mneme-ai/core");
4784
+ const led = core.mirrage.verifyLedgerChain(process.cwd());
4785
+ const rows = core.mirrage.readLedger(process.cwd());
4786
+ process.stdout.write(JSON.stringify({ ok: led.ok, totalRows: led.rows, brokenAt: led.brokenAt, recent: rows.slice(-(opts.limit ?? 20)) }, null, 2) + "\n");
4787
+ if (!led.ok)
4788
+ process.exitCode = 1;
4789
+ }
4790
+ catch (e) {
4791
+ process.stdout.write(JSON.stringify({ ok: false, error: e.message }) + "\n");
4792
+ process.exitCode = 1;
4793
+ }
4794
+ });
4795
+ // v2.61.0 — PASSPORT: capability-based security for MCP.
4796
+ // Agents request HMAC-signed passports before sensitive tool calls;
4797
+ // trust score gates issuance; delegation chain + revocation cascade
4798
+ // + HMAC-chained audit ledger.
4799
+ const passportParent = program
4800
+ .command("capability")
4801
+ .description("v2.61 — capability-based security. Default action = audit ledger.")
4802
+ .action(async () => {
4803
+ try {
4804
+ const core = await import("@mneme-ai/core");
4805
+ const led = core.passport.verifyLedgerChain(process.cwd());
4806
+ const rows = core.passport.readLedger(process.cwd());
4807
+ process.stdout.write(JSON.stringify({ ok: led.ok, rows: led.rows, brokenAt: led.brokenAt, recent: rows.slice(-10) }, null, 2) + "\n");
4808
+ }
4809
+ catch (e) {
4810
+ process.stdout.write(JSON.stringify({ ok: false, error: e.message }) + "\n");
4811
+ process.exitCode = 1;
4812
+ }
4813
+ });
4814
+ passportParent.command("request")
4815
+ .description("Request a passport for a sensitive tool. Trust score must clear tier threshold.")
4816
+ .requiredOption("--tool <name>", "Tool name (e.g. shell.exec)")
4817
+ .requiredOption("--agent <id>", "Requesting agent identifier")
4818
+ .option("--tier <t>", "Explicit risk tier (safe/read/write/network/destructive). Default: auto-classify from tool name.")
4819
+ .option("--env-confidence <n>", "Trust signal: NEMESIS env-scan confidence 0..1", (v) => Number(v))
4820
+ .option("--identity-verdict <v>", "Trust signal: NEMESIS verify_identity (CONFIRMED|DISPUTED|IMPOSSIBLE|INCONCLUSIVE)")
4821
+ .option("--hm-weight <n>", "Trust signal: HONEST_MIRROR weight 0..1", (v) => Number(v))
4822
+ .option("--stealth <n>", "Trust signal: STEALTH score 0..1 (inverted)", (v) => Number(v))
4823
+ .option("--history <n>", "Trust signal: historical approval rate 0..1", (v) => Number(v))
4824
+ .option("--scope <list>", "Comma-separated scope sub-restrictions", (v) => v.split(",").map((s) => s.trim()).filter(Boolean))
4825
+ .option("--parent <token>", "Parent passport token (for delegation)")
4826
+ .action(async (opts) => {
4827
+ try {
4828
+ const core = await import("@mneme-ai/core");
4829
+ const trustInputs = {
4830
+ envScanConfidence: opts.envConfidence,
4831
+ identityVerdict: opts.identityVerdict,
4832
+ honestMirrorWeight: opts.hmWeight,
4833
+ stealthScore: opts.stealth,
4834
+ historicalApprovalRate: opts.history,
4835
+ };
4836
+ const r = core.passport.issuePassport({
4837
+ tool: opts.tool,
4838
+ agent: opts.agent,
4839
+ tier: opts.tier,
4840
+ trustInputs,
4841
+ scope: opts.scope,
4842
+ parent: opts.parent,
4843
+ cwd: process.cwd(),
4844
+ });
4845
+ process.stdout.write(JSON.stringify(r, null, 2) + "\n");
4846
+ if (!r.ok)
4847
+ process.exitCode = 1;
4848
+ }
4849
+ catch (e) {
4850
+ process.stdout.write(JSON.stringify({ ok: false, error: e.message }) + "\n");
4851
+ process.exitCode = 1;
4852
+ }
4853
+ });
4854
+ passportParent.command("verify")
4855
+ .description("Verify a passport token (HMAC + TTL + revocation + optional expected tool/scope).")
4856
+ .requiredOption("--token <t>", "Passport token to verify")
4857
+ .option("--tool <name>", "Optional expected tool")
4858
+ .option("--scope <list>", "Optional expected scope (comma-separated; all must be present)", (v) => v.split(",").map((s) => s.trim()).filter(Boolean))
4859
+ .action(async (opts) => {
4860
+ try {
4861
+ const core = await import("@mneme-ai/core");
4862
+ const r = core.passport.verifyPassport({ token: opts.token, expectedTool: opts.tool, expectedScope: opts.scope, cwd: process.cwd() });
4863
+ process.stdout.write(JSON.stringify(r, null, 2) + "\n");
4864
+ if (!r.valid)
4865
+ process.exitCode = 1;
4866
+ }
4867
+ catch (e) {
4868
+ process.stdout.write(JSON.stringify({ ok: false, error: e.message }) + "\n");
4869
+ process.exitCode = 1;
4870
+ }
4871
+ });
4872
+ passportParent.command("revoke")
4873
+ .description("Revoke a passport. Cascade revoke = also revokes every delegated descendant (default).")
4874
+ .option("--token <t>", "Passport token")
4875
+ .option("--jti <id>", "Direct jti (when you don't have the token)")
4876
+ .option("--no-cascade", "Disable cascade revoke of descendants")
4877
+ .action(async (opts) => {
4878
+ try {
4879
+ const core = await import("@mneme-ai/core");
4880
+ const r = core.passport.revokePassport({ token: opts.token, jti: opts.jti, cascade: opts.cascade !== false, cwd: process.cwd() });
4881
+ process.stdout.write(JSON.stringify(r, null, 2) + "\n");
4882
+ if (!r.ok)
4883
+ process.exitCode = 1;
4884
+ }
4885
+ catch (e) {
4886
+ process.stdout.write(JSON.stringify({ ok: false, error: e.message }) + "\n");
4887
+ process.exitCode = 1;
4888
+ }
4889
+ });
4890
+ passportParent.command("audit")
4891
+ .description("Verify the HMAC-chained passport ledger + show last N entries.")
4892
+ .option("--limit <n>", "How many entries to show", (v) => Number(v), 20)
4893
+ .action(async (opts) => {
4894
+ try {
4895
+ const core = await import("@mneme-ai/core");
4896
+ const led = core.passport.verifyLedgerChain(process.cwd());
4897
+ const rows = core.passport.readLedger(process.cwd());
4898
+ process.stdout.write(JSON.stringify({ ok: led.ok, totalRows: led.rows, brokenAt: led.brokenAt, recent: rows.slice(-(opts.limit ?? 20)) }, null, 2) + "\n");
4899
+ if (!led.ok)
4900
+ process.exitCode = 1;
4901
+ }
4902
+ catch (e) {
4903
+ process.stdout.write(JSON.stringify({ ok: false, error: e.message }) + "\n");
4904
+ process.exitCode = 1;
4905
+ }
4906
+ });
4907
+ passportParent.command("policy")
4908
+ .description("Show the current default policy (tier → minTrust + ttlMs).")
4909
+ .action(async () => {
4910
+ try {
4911
+ const core = await import("@mneme-ai/core");
4912
+ process.stdout.write(JSON.stringify({ policy: core.passport.DEFAULT_POLICY }, null, 2) + "\n");
4913
+ }
4914
+ catch (e) {
4915
+ process.stdout.write(JSON.stringify({ ok: false, error: e.message }) + "\n");
4916
+ process.exitCode = 1;
4917
+ }
4918
+ });
4685
4919
  // v2.60.0 — SKELETON KEY: MCP server security auditor.
4686
4920
  // First MCP security audit tool in the ecosystem. Discovers MCP
4687
4921
  // servers in Claude Desktop / Cursor / Continue / Cline configs +