monomind 1.11.13 → 1.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/agents/generated/channel-intelligence-director.md +87 -0
- package/.claude/agents/generated/chief-growth-officer.md +88 -0
- package/.claude/agents/generated/content-seo-strategist.md +90 -0
- package/.claude/agents/generated/developer-community-strategist.md +91 -0
- package/.claude/agents/generated/outreach-partnership-strategist.md +90 -0
- package/.claude/agents/generated/social-media-strategist.md +91 -0
- package/.claude/agents/generated/video-visual-strategist.md +90 -0
- package/.claude/commands/mastermind/idea.md +1 -1
- package/.claude/helpers/auto-memory-hook.mjs +13 -4
- package/.claude/helpers/control-start.cjs +5 -0
- package/.claude/helpers/event-logger.cjs +114 -0
- package/.claude/helpers/handlers/adr-draft-handler.cjs +19 -5
- package/.claude/helpers/handlers/agent-start-handler.cjs +13 -4
- package/.claude/helpers/handlers/compact-handler.cjs +2 -0
- package/.claude/helpers/handlers/edit-handler.cjs +1 -1
- package/.claude/helpers/handlers/gates-handler.cjs +3 -0
- package/.claude/helpers/handlers/graph-status-handler.cjs +14 -8
- package/.claude/helpers/handlers/loops-status-handler.cjs +5 -2
- package/.claude/helpers/handlers/route-handler.cjs +13 -6
- package/.claude/helpers/handlers/session-handler.cjs +11 -4
- package/.claude/helpers/handlers/session-restore-handler.cjs +21 -11
- package/.claude/helpers/handlers/task-handler.cjs +13 -5
- package/.claude/helpers/intelligence.cjs +7 -2
- package/.claude/helpers/loop-tracker.cjs +15 -3
- package/.claude/helpers/memory.cjs +6 -1
- package/.claude/helpers/router.cjs +5 -2
- package/.claude/helpers/session.cjs +2 -0
- package/.claude/helpers/statusline.cjs +10 -2
- package/.claude/helpers/utils/micro-agents.cjs +20 -4
- package/.claude/scheduled_tasks.lock +1 -1
- package/.claude/settings.json +92 -1
- package/.claude/skills/mastermind/_protocol.md +23 -13
- package/.claude/skills/mastermind/architect.md +6 -9
- package/.claude/skills/mastermind/build.md +3 -3
- package/.claude/skills/mastermind/content.md +3 -3
- package/.claude/skills/mastermind/createorg.md +2 -2
- package/.claude/skills/mastermind/finance.md +3 -3
- package/.claude/skills/mastermind/idea.md +5 -3
- package/.claude/skills/mastermind/marketing.md +3 -3
- package/.claude/skills/mastermind/monitor.md +2 -2
- package/.claude/skills/mastermind/release.md +3 -3
- package/.claude/skills/mastermind/research.md +3 -3
- package/.claude/skills/mastermind/review.md +3 -3
- package/.claude/skills/mastermind/runorg.md +153 -86
- package/.claude/skills/mastermind/sales.md +3 -3
- package/README.md +286 -129
- package/package.json +19 -2
- package/packages/@monomind/cli/README.md +286 -129
- package/packages/@monomind/cli/bundled-graph/dist/src/build.js +73 -0
- package/packages/@monomind/cli/bundled-graph/dist/src/cluster.js +120 -0
- package/packages/@monomind/cli/bundled-graph/package.json +57 -0
- package/packages/@monomind/cli/dist/src/agents/halt-signal.d.ts +25 -0
- package/packages/@monomind/cli/dist/src/agents/halt-signal.js +76 -0
- package/packages/@monomind/cli/dist/src/agents/index.d.ts +18 -0
- package/packages/@monomind/cli/dist/src/agents/index.js +13 -0
- package/packages/@monomind/cli/dist/src/agents/managed-agent.d.ts +41 -0
- package/packages/@monomind/cli/dist/src/agents/managed-agent.js +69 -0
- package/packages/@monomind/cli/dist/src/agents/prompt-experiment.d.ts +23 -0
- package/packages/@monomind/cli/dist/src/agents/prompt-experiment.js +49 -0
- package/packages/@monomind/cli/dist/src/agents/prompt-version-manager.d.ts +22 -0
- package/packages/@monomind/cli/dist/src/agents/prompt-version-manager.js +80 -0
- package/packages/@monomind/cli/dist/src/agents/registry-builder.js +2 -0
- package/packages/@monomind/cli/dist/src/agents/registry-query.d.ts +71 -0
- package/packages/@monomind/cli/dist/src/agents/registry-query.js +125 -0
- package/packages/@monomind/cli/dist/src/agents/score-decay.d.ts +19 -0
- package/packages/@monomind/cli/dist/src/agents/score-decay.js +22 -0
- package/packages/@monomind/cli/dist/src/agents/shared-instructions-loader.d.ts +13 -0
- package/packages/@monomind/cli/dist/src/agents/shared-instructions-loader.js +40 -0
- package/packages/@monomind/cli/dist/src/agents/specialization-scorer.d.ts +54 -0
- package/packages/@monomind/cli/dist/src/agents/specialization-scorer.js +212 -0
- package/packages/@monomind/cli/dist/src/agents/termination-watcher.d.ts +30 -0
- package/packages/@monomind/cli/dist/src/agents/termination-watcher.js +84 -0
- package/packages/@monomind/cli/dist/src/agents/trigger-index.d.ts +20 -0
- package/packages/@monomind/cli/dist/src/agents/trigger-index.js +38 -0
- package/packages/@monomind/cli/dist/src/agents/trigger-scanner.d.ts +64 -0
- package/packages/@monomind/cli/dist/src/agents/trigger-scanner.js +308 -0
- package/packages/@monomind/cli/dist/src/agents/version-diff.d.ts +18 -0
- package/packages/@monomind/cli/dist/src/agents/version-diff.js +64 -0
- package/packages/@monomind/cli/dist/src/agents/version-store.d.ts +60 -0
- package/packages/@monomind/cli/dist/src/agents/version-store.js +235 -0
- package/packages/@monomind/cli/dist/src/autopilot-state.js +10 -5
- package/packages/@monomind/cli/dist/src/benchmarks/benchmark-runner.js +13 -0
- package/packages/@monomind/cli/dist/src/benchmarks/metric-evaluators.js +20 -9
- package/packages/@monomind/cli/dist/src/benchmarks/pretrain/index.d.ts +45 -0
- package/packages/@monomind/cli/dist/src/benchmarks/pretrain/index.js +404 -0
- package/packages/@monomind/cli/dist/src/browser/actions.js +10 -3
- package/packages/@monomind/cli/dist/src/browser/browser.js +12 -2
- package/packages/@monomind/cli/dist/src/browser/cdp.js +21 -3
- package/packages/@monomind/cli/dist/src/browser/har.js +27 -5
- package/packages/@monomind/cli/dist/src/commands/agent-wasm.d.ts +14 -0
- package/packages/@monomind/cli/dist/src/commands/agent-wasm.js +333 -0
- package/packages/@monomind/cli/dist/src/commands/agent.js +11 -8
- package/packages/@monomind/cli/dist/src/commands/analyze.js +36 -21
- package/packages/@monomind/cli/dist/src/commands/autopilot.js +12 -4
- package/packages/@monomind/cli/dist/src/commands/benchmark.js +51 -8
- package/packages/@monomind/cli/dist/src/commands/browse.js +5 -2
- package/packages/@monomind/cli/dist/src/commands/claims.js +29 -11
- package/packages/@monomind/cli/dist/src/commands/cleanup.js +25 -5
- package/packages/@monomind/cli/dist/src/commands/config.js +15 -7
- package/packages/@monomind/cli/dist/src/commands/daemon.js +6 -0
- package/packages/@monomind/cli/dist/src/commands/deployment.js +34 -19
- package/packages/@monomind/cli/dist/src/commands/doctor.js +151 -20
- package/packages/@monomind/cli/dist/src/commands/guidance.js +15 -2
- package/packages/@monomind/cli/dist/src/commands/hive-mind.js +37 -14
- package/packages/@monomind/cli/dist/src/commands/hooks.js +42 -25
- package/packages/@monomind/cli/dist/src/commands/init.js +9 -4
- package/packages/@monomind/cli/dist/src/commands/issues.js +29 -26
- package/packages/@monomind/cli/dist/src/commands/mcp.js +11 -5
- package/packages/@monomind/cli/dist/src/commands/memory.js +10 -0
- package/packages/@monomind/cli/dist/src/commands/migrate.js +5 -5
- package/packages/@monomind/cli/dist/src/commands/monograph.js +18 -5
- package/packages/@monomind/cli/dist/src/commands/monovector/backup.js +8 -2
- package/packages/@monomind/cli/dist/src/commands/monovector/benchmark.js +20 -7
- package/packages/@monomind/cli/dist/src/commands/monovector/import.js +15 -0
- package/packages/@monomind/cli/dist/src/commands/monovector/migrate.js +4 -1
- package/packages/@monomind/cli/dist/src/commands/monovector/optimize.js +11 -0
- package/packages/@monomind/cli/dist/src/commands/monovector/setup.js +11 -1
- package/packages/@monomind/cli/dist/src/commands/neural.js +1 -1
- package/packages/@monomind/cli/dist/src/commands/performance.js +20 -7
- package/packages/@monomind/cli/dist/src/commands/platforms.js +90 -8
- package/packages/@monomind/cli/dist/src/commands/plugins.js +12 -5
- package/packages/@monomind/cli/dist/src/commands/process.js +33 -10
- package/packages/@monomind/cli/dist/src/commands/progress.js +5 -3
- package/packages/@monomind/cli/dist/src/commands/providers.js +5 -5
- package/packages/@monomind/cli/dist/src/commands/replay.js +8 -2
- package/packages/@monomind/cli/dist/src/commands/route.js +27 -7
- package/packages/@monomind/cli/dist/src/commands/security.js +4 -0
- package/packages/@monomind/cli/dist/src/commands/session.js +12 -1
- package/packages/@monomind/cli/dist/src/commands/start.js +11 -4
- package/packages/@monomind/cli/dist/src/commands/status.js +7 -4
- package/packages/@monomind/cli/dist/src/commands/swarm.js +27 -13
- package/packages/@monomind/cli/dist/src/commands/task.js +26 -11
- package/packages/@monomind/cli/dist/src/commands/tokens.js +7 -2
- package/packages/@monomind/cli/dist/src/commands/transfer-store.js +36 -22
- package/packages/@monomind/cli/dist/src/commands/ui.js +68 -0
- package/packages/@monomind/cli/dist/src/commands/update.js +15 -3
- package/packages/@monomind/cli/dist/src/commands/workflow.js +39 -6
- package/packages/@monomind/cli/dist/src/consensus/audit-writer.js +18 -7
- package/packages/@monomind/cli/dist/src/consensus/index.d.ts +7 -0
- package/packages/@monomind/cli/dist/src/consensus/index.js +6 -0
- package/packages/@monomind/cli/dist/src/consensus/vote-signer.js +25 -8
- package/packages/@monomind/cli/dist/src/context/context-provider.d.ts +44 -0
- package/packages/@monomind/cli/dist/src/context/context-provider.js +25 -0
- package/packages/@monomind/cli/dist/src/context/git-state-provider.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/context/git-state-provider.js +34 -0
- package/packages/@monomind/cli/dist/src/context/index.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/context/index.js +12 -0
- package/packages/@monomind/cli/dist/src/context/project-conventions-provider.d.ts +15 -0
- package/packages/@monomind/cli/dist/src/context/project-conventions-provider.js +19 -0
- package/packages/@monomind/cli/dist/src/context/prompt-assembler.d.ts +26 -0
- package/packages/@monomind/cli/dist/src/context/prompt-assembler.js +93 -0
- package/packages/@monomind/cli/dist/src/context/task-history-provider.d.ts +24 -0
- package/packages/@monomind/cli/dist/src/context/task-history-provider.js +32 -0
- package/packages/@monomind/cli/dist/src/context/user-preferences-provider.d.ts +14 -0
- package/packages/@monomind/cli/dist/src/context/user-preferences-provider.js +27 -0
- package/packages/@monomind/cli/dist/src/dlq/dlq-reader.d.ts +31 -0
- package/packages/@monomind/cli/dist/src/dlq/dlq-reader.js +81 -0
- package/packages/@monomind/cli/dist/src/dlq/dlq-writer.d.ts +24 -0
- package/packages/@monomind/cli/dist/src/dlq/dlq-writer.js +65 -0
- package/packages/@monomind/cli/dist/src/dlq/index.d.ts +10 -0
- package/packages/@monomind/cli/dist/src/dlq/index.js +7 -0
- package/packages/@monomind/cli/dist/src/eval/dataset-manager.d.ts +33 -0
- package/packages/@monomind/cli/dist/src/eval/dataset-manager.js +107 -0
- package/packages/@monomind/cli/dist/src/eval/dataset-runner.d.ts +23 -0
- package/packages/@monomind/cli/dist/src/eval/dataset-runner.js +59 -0
- package/packages/@monomind/cli/dist/src/eval/index.d.ts +10 -0
- package/packages/@monomind/cli/dist/src/eval/index.js +7 -0
- package/packages/@monomind/cli/dist/src/eval/trace-collector.d.ts +40 -0
- package/packages/@monomind/cli/dist/src/eval/trace-collector.js +102 -0
- package/packages/@monomind/cli/dist/src/index.js +7 -3
- package/packages/@monomind/cli/dist/src/infrastructure/in-memory-repositories.d.ts +68 -0
- package/packages/@monomind/cli/dist/src/infrastructure/in-memory-repositories.js +264 -0
- package/packages/@monomind/cli/dist/src/init/executor.js +14 -11
- package/packages/@monomind/cli/dist/src/init/shared-instructions-generator.js +20 -4
- package/packages/@monomind/cli/dist/src/init/statusline-generator.js +33 -12
- package/packages/@monomind/cli/dist/src/interactive/interrupt.d.ts +22 -0
- package/packages/@monomind/cli/dist/src/interactive/interrupt.js +71 -0
- package/packages/@monomind/cli/dist/src/mcp/deprecation-injector.d.ts +25 -0
- package/packages/@monomind/cli/dist/src/mcp/deprecation-injector.js +48 -0
- package/packages/@monomind/cli/dist/src/mcp/tool-registry.d.ts +61 -0
- package/packages/@monomind/cli/dist/src/mcp/tool-registry.js +246 -0
- package/packages/@monomind/cli/dist/src/mcp-tools/a2a-tools.js +98 -13
- package/packages/@monomind/cli/dist/src/mcp-tools/agent-tools.js +16 -3
- package/packages/@monomind/cli/dist/src/mcp-tools/analyze-tools.js +80 -17
- package/packages/@monomind/cli/dist/src/mcp-tools/browser-tools.js +84 -22
- package/packages/@monomind/cli/dist/src/mcp-tools/claims-tools.js +35 -7
- package/packages/@monomind/cli/dist/src/mcp-tools/config-tools.js +82 -17
- package/packages/@monomind/cli/dist/src/mcp-tools/coordination-tools.js +37 -4
- package/packages/@monomind/cli/dist/src/mcp-tools/daa-tools.js +49 -7
- package/packages/@monomind/cli/dist/src/mcp-tools/embeddings-tools.js +45 -18
- package/packages/@monomind/cli/dist/src/mcp-tools/github-tools.js +75 -25
- package/packages/@monomind/cli/dist/src/mcp-tools/guidance-tools.js +32 -10
- package/packages/@monomind/cli/dist/src/mcp-tools/hive-mind-tools.js +91 -20
- package/packages/@monomind/cli/dist/src/mcp-tools/hooks-tools.js +188 -29
- package/packages/@monomind/cli/dist/src/mcp-tools/memory-tools.js +25 -7
- package/packages/@monomind/cli/dist/src/mcp-tools/monograph-compat.js +11 -2
- package/packages/@monomind/cli/dist/src/mcp-tools/monograph-tools.js +148 -26
- package/packages/@monomind/cli/dist/src/mcp-tools/neural-tools.js +44 -9
- package/packages/@monomind/cli/dist/src/mcp-tools/performance-tools.js +45 -10
- package/packages/@monomind/cli/dist/src/mcp-tools/progress-tools.js +7 -4
- package/packages/@monomind/cli/dist/src/mcp-tools/request-tracker.js +15 -1
- package/packages/@monomind/cli/dist/src/mcp-tools/security-tools.js +61 -9
- package/packages/@monomind/cli/dist/src/mcp-tools/session-tools.js +45 -14
- package/packages/@monomind/cli/dist/src/mcp-tools/swarm-tools.js +15 -3
- package/packages/@monomind/cli/dist/src/mcp-tools/system-tools.js +14 -7
- package/packages/@monomind/cli/dist/src/mcp-tools/task-tools.js +52 -10
- package/packages/@monomind/cli/dist/src/mcp-tools/terminal-tools.js +40 -6
- package/packages/@monomind/cli/dist/src/mcp-tools/transfer-tools.js +37 -4
- package/packages/@monomind/cli/dist/src/mcp-tools/wasm-agent-tools.d.ts +9 -0
- package/packages/@monomind/cli/dist/src/mcp-tools/wasm-agent-tools.js +230 -0
- package/packages/@monomind/cli/dist/src/mcp-tools/workflow-tools.js +29 -6
- package/packages/@monomind/cli/dist/src/memory/ewc-consolidation.js +26 -10
- package/packages/@monomind/cli/dist/src/memory/intelligence.js +80 -19
- package/packages/@monomind/cli/dist/src/memory/memory-bridge.js +21 -2
- package/packages/@monomind/cli/dist/src/memory/memory-initializer.js +67 -3
- package/packages/@monomind/cli/dist/src/memory/sona-optimizer.js +14 -4
- package/packages/@monomind/cli/dist/src/model/complexity-scorer.d.ts +21 -0
- package/packages/@monomind/cli/dist/src/model/complexity-scorer.js +106 -0
- package/packages/@monomind/cli/dist/src/model/index.d.ts +4 -0
- package/packages/@monomind/cli/dist/src/model/index.js +4 -0
- package/packages/@monomind/cli/dist/src/model/model-settings.d.ts +22 -0
- package/packages/@monomind/cli/dist/src/model/model-settings.js +33 -0
- package/packages/@monomind/cli/dist/src/model/model-tier-resolver.d.ts +24 -0
- package/packages/@monomind/cli/dist/src/model/model-tier-resolver.js +65 -0
- package/packages/@monomind/cli/dist/src/monovector/capabilities.d.ts +34 -0
- package/packages/@monomind/cli/dist/src/monovector/capabilities.js +37 -0
- package/packages/@monomind/cli/dist/src/monovector/command-outcomes.js +43 -7
- package/packages/@monomind/cli/dist/src/monovector/coverage-router.js +8 -4
- package/packages/@monomind/cli/dist/src/monovector/coverage-tools.js +6 -3
- package/packages/@monomind/cli/dist/src/monovector/diff-classifier.js +13 -0
- package/packages/@monomind/cli/dist/src/monovector/route-outcomes.d.ts +2 -1
- package/packages/@monomind/cli/dist/src/monovector/route-outcomes.js +46 -4
- package/packages/@monomind/cli/dist/src/observability/replay-reader.d.ts +1 -1
- package/packages/@monomind/cli/dist/src/orchestration/index.d.ts +7 -0
- package/packages/@monomind/cli/dist/src/orchestration/index.js +6 -0
- package/packages/@monomind/cli/dist/src/orchestration/mode-dispatcher.d.ts +11 -0
- package/packages/@monomind/cli/dist/src/orchestration/mode-dispatcher.js +31 -0
- package/packages/@monomind/cli/dist/src/orchestration/routing-modes.d.ts +68 -0
- package/packages/@monomind/cli/dist/src/orchestration/routing-modes.js +180 -0
- package/packages/@monomind/cli/dist/src/plugins/manager.js +8 -3
- package/packages/@monomind/cli/dist/src/plugins/store/discovery.js +46 -2
- package/packages/@monomind/cli/dist/src/plugins/store/search.js +5 -4
- package/packages/@monomind/cli/dist/src/plugins/tests/demo-plugin-store.d.ts +7 -0
- package/packages/@monomind/cli/dist/src/plugins/tests/demo-plugin-store.js +126 -0
- package/packages/@monomind/cli/dist/src/plugins/tests/standalone-test.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/plugins/tests/standalone-test.js +188 -0
- package/packages/@monomind/cli/dist/src/plugins/tests/test-plugin-store.d.ts +7 -0
- package/packages/@monomind/cli/dist/src/plugins/tests/test-plugin-store.js +206 -0
- package/packages/@monomind/cli/dist/src/production/circuit-breaker.js +17 -3
- package/packages/@monomind/cli/dist/src/production/error-handler.js +3 -0
- package/packages/@monomind/cli/dist/src/production/monitoring.js +20 -3
- package/packages/@monomind/cli/dist/src/production/rate-limiter.js +13 -4
- package/packages/@monomind/cli/dist/src/production/retry.js +17 -9
- package/packages/@monomind/cli/dist/src/routing/embed-worker.js +6 -2
- package/packages/@monomind/cli/dist/src/routing/embedder.js +0 -0
- package/packages/@monomind/cli/dist/src/routing/llm-caller.js +13 -2
- package/packages/@monomind/cli/dist/src/routing/route-layer-factory.js +18 -3
- package/packages/@monomind/cli/dist/src/runtime/headless.d.ts +60 -0
- package/packages/@monomind/cli/dist/src/runtime/headless.js +284 -0
- package/packages/@monomind/cli/dist/src/services/agentic-flow-bridge.d.ts +50 -0
- package/packages/@monomind/cli/dist/src/services/agentic-flow-bridge.js +95 -0
- package/packages/@monomind/cli/dist/src/services/claim-service.d.ts +1 -0
- package/packages/@monomind/cli/dist/src/services/claim-service.js +8 -0
- package/packages/@monomind/cli/dist/src/services/config-file-manager.js +14 -2
- package/packages/@monomind/cli/dist/src/services/container-worker-pool.d.ts +197 -0
- package/packages/@monomind/cli/dist/src/services/container-worker-pool.js +623 -0
- package/packages/@monomind/cli/dist/src/services/headless-worker-executor.js +18 -2
- package/packages/@monomind/cli/dist/src/services/index.d.ts +13 -0
- package/packages/@monomind/cli/dist/src/services/index.js +11 -0
- package/packages/@monomind/cli/dist/src/services/worker-daemon.js +53 -12
- package/packages/@monomind/cli/dist/src/services/worker-queue.d.ts +201 -0
- package/packages/@monomind/cli/dist/src/services/worker-queue.js +594 -0
- package/packages/@monomind/cli/dist/src/swarm/communication-graph.d.ts +25 -0
- package/packages/@monomind/cli/dist/src/swarm/communication-graph.js +77 -0
- package/packages/@monomind/cli/dist/src/swarm/flow-enforcer.d.ts +31 -0
- package/packages/@monomind/cli/dist/src/swarm/flow-enforcer.js +61 -0
- package/packages/@monomind/cli/dist/src/swarm/flow-visualizer.d.ts +19 -0
- package/packages/@monomind/cli/dist/src/swarm/flow-visualizer.js +68 -0
- package/packages/@monomind/cli/dist/src/transfer/anonymization/index.d.ts +0 -3
- package/packages/@monomind/cli/dist/src/transfer/anonymization/index.js +16 -1
- package/packages/@monomind/cli/dist/src/transfer/deploy-seraphine.d.ts +13 -0
- package/packages/@monomind/cli/dist/src/transfer/deploy-seraphine.js +205 -0
- package/packages/@monomind/cli/dist/src/transfer/export.js +8 -0
- package/packages/@monomind/cli/dist/src/transfer/ipfs/upload.js +33 -3
- package/packages/@monomind/cli/dist/src/transfer/serialization/cfp.js +9 -3
- package/packages/@monomind/cli/dist/src/transfer/storage/gcs.js +37 -3
- package/packages/@monomind/cli/dist/src/transfer/store/discovery.js +45 -3
- package/packages/@monomind/cli/dist/src/transfer/store/download.js +5 -0
- package/packages/@monomind/cli/dist/src/transfer/store/publish.js +13 -1
- package/packages/@monomind/cli/dist/src/transfer/store/registry.d.ts +8 -0
- package/packages/@monomind/cli/dist/src/transfer/store/registry.js +30 -5
- package/packages/@monomind/cli/dist/src/transfer/store/search.js +20 -5
- package/packages/@monomind/cli/dist/src/transfer/store/tests/standalone-test.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/transfer/store/tests/standalone-test.js +190 -0
- package/packages/@monomind/cli/dist/src/transfer/test-seraphine.d.ts +6 -0
- package/packages/@monomind/cli/dist/src/transfer/test-seraphine.js +105 -0
- package/packages/@monomind/cli/dist/src/transfer/tests/test-store.d.ts +7 -0
- package/packages/@monomind/cli/dist/src/transfer/tests/test-store.js +214 -0
- package/packages/@monomind/cli/dist/src/update/checker.js +59 -7
- package/packages/@monomind/cli/dist/src/update/executor.js +50 -3
- package/packages/@monomind/cli/dist/src/update/index.js +18 -1
- package/packages/@monomind/cli/dist/src/update/rate-limiter.d.ts +6 -0
- package/packages/@monomind/cli/dist/src/update/rate-limiter.js +79 -7
- package/packages/@monomind/cli/dist/src/update/validator.js +52 -1
- package/packages/@monomind/cli/dist/src/workflow/condition-evaluator.d.ts +10 -0
- package/packages/@monomind/cli/dist/src/workflow/condition-evaluator.js +82 -0
- package/packages/@monomind/cli/dist/src/workflow/context-resolver.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/workflow/context-resolver.js +23 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-builder.d.ts +17 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-builder.js +129 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-executor.d.ts +9 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-executor.js +116 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-types.d.ts +41 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-types.js +8 -0
- package/packages/@monomind/cli/dist/src/workflow/dsl-parser.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/workflow/dsl-parser.js +20 -0
- package/packages/@monomind/cli/dist/src/workflow/dsl-schema.d.ts +165 -0
- package/packages/@monomind/cli/dist/src/workflow/dsl-schema.js +82 -0
- package/packages/@monomind/cli/dist/src/workflow/index.d.ts +13 -0
- package/packages/@monomind/cli/dist/src/workflow/index.js +11 -0
- package/packages/@monomind/cli/dist/src/workflow/template-engine.d.ts +11 -0
- package/packages/@monomind/cli/dist/src/workflow/template-engine.js +40 -0
- package/packages/@monomind/cli/dist/src/workflow/workflow-executor.d.ts +29 -0
- package/packages/@monomind/cli/dist/src/workflow/workflow-executor.js +227 -0
- package/packages/@monomind/cli/package.json +9 -10
- package/packages/@monomind/guidance/dist/adversarial.d.ts +284 -0
- package/packages/@monomind/guidance/dist/adversarial.js +572 -0
- package/packages/@monomind/guidance/dist/analyzer.d.ts +530 -0
- package/packages/@monomind/guidance/dist/analyzer.js +2518 -0
- package/packages/@monomind/guidance/dist/artifacts.d.ts +283 -0
- package/packages/@monomind/guidance/dist/artifacts.js +356 -0
- package/packages/@monomind/guidance/dist/authority.d.ts +290 -0
- package/packages/@monomind/guidance/dist/authority.js +558 -0
- package/packages/@monomind/guidance/dist/capabilities.d.ts +209 -0
- package/packages/@monomind/guidance/dist/capabilities.js +485 -0
- package/packages/@monomind/guidance/dist/coherence.d.ts +233 -0
- package/packages/@monomind/guidance/dist/coherence.js +372 -0
- package/packages/@monomind/guidance/dist/compiler.d.ts +87 -0
- package/packages/@monomind/guidance/dist/compiler.js +419 -0
- package/packages/@monomind/guidance/dist/conformance-kit.d.ts +225 -0
- package/packages/@monomind/guidance/dist/conformance-kit.js +629 -0
- package/packages/@monomind/guidance/dist/continue-gate.d.ts +214 -0
- package/packages/@monomind/guidance/dist/continue-gate.js +353 -0
- package/packages/@monomind/guidance/dist/crypto-utils.d.ts +17 -0
- package/packages/@monomind/guidance/dist/crypto-utils.js +24 -0
- package/packages/@monomind/guidance/dist/evolution.d.ts +282 -0
- package/packages/@monomind/guidance/dist/evolution.js +500 -0
- package/packages/@monomind/guidance/dist/gates.d.ts +79 -0
- package/packages/@monomind/guidance/dist/gates.js +302 -0
- package/packages/@monomind/guidance/dist/gateway.d.ts +206 -0
- package/packages/@monomind/guidance/dist/gateway.js +452 -0
- package/packages/@monomind/guidance/dist/generators.d.ts +153 -0
- package/packages/@monomind/guidance/dist/generators.js +682 -0
- package/packages/@monomind/guidance/dist/headless.d.ts +177 -0
- package/packages/@monomind/guidance/dist/headless.js +342 -0
- package/packages/@monomind/guidance/dist/hooks.d.ts +109 -0
- package/packages/@monomind/guidance/dist/hooks.js +347 -0
- package/packages/@monomind/guidance/dist/index.d.ts +205 -0
- package/packages/@monomind/guidance/dist/index.js +321 -0
- package/packages/@monomind/guidance/dist/ledger.d.ts +162 -0
- package/packages/@monomind/guidance/dist/ledger.js +375 -0
- package/packages/@monomind/guidance/dist/manifest-validator.d.ts +289 -0
- package/packages/@monomind/guidance/dist/manifest-validator.js +838 -0
- package/packages/@monomind/guidance/dist/memory-gate.d.ts +222 -0
- package/packages/@monomind/guidance/dist/memory-gate.js +382 -0
- package/packages/@monomind/guidance/dist/meta-governance.d.ts +265 -0
- package/packages/@monomind/guidance/dist/meta-governance.js +348 -0
- package/packages/@monomind/guidance/dist/optimizer.d.ts +104 -0
- package/packages/@monomind/guidance/dist/optimizer.js +329 -0
- package/packages/@monomind/guidance/dist/persistence.d.ts +189 -0
- package/packages/@monomind/guidance/dist/persistence.js +464 -0
- package/packages/@monomind/guidance/dist/proof.d.ts +185 -0
- package/packages/@monomind/guidance/dist/proof.js +238 -0
- package/packages/@monomind/guidance/dist/retriever.d.ts +116 -0
- package/packages/@monomind/guidance/dist/retriever.js +394 -0
- package/packages/@monomind/guidance/dist/ruvbot-integration.d.ts +370 -0
- package/packages/@monomind/guidance/dist/ruvbot-integration.js +738 -0
- package/packages/@monomind/guidance/dist/temporal.d.ts +426 -0
- package/packages/@monomind/guidance/dist/temporal.js +658 -0
- package/packages/@monomind/guidance/dist/trust.d.ts +283 -0
- package/packages/@monomind/guidance/dist/trust.js +473 -0
- package/packages/@monomind/guidance/dist/truth-anchors.d.ts +276 -0
- package/packages/@monomind/guidance/dist/truth-anchors.js +488 -0
- package/packages/@monomind/guidance/dist/types.d.ts +378 -0
- package/packages/@monomind/guidance/dist/types.js +10 -0
- package/packages/@monomind/guidance/dist/uncertainty.d.ts +372 -0
- package/packages/@monomind/guidance/dist/uncertainty.js +619 -0
- package/packages/@monomind/guidance/dist/wasm-kernel.d.ts +48 -0
- package/packages/@monomind/guidance/dist/wasm-kernel.js +158 -0
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
* @module v1/cli/commands/benchmark
|
|
6
6
|
*/
|
|
7
7
|
import { output } from '../output.js';
|
|
8
|
-
import { writeFileSync, renameSync, readFileSync, existsSync, mkdirSync } from 'node:fs';
|
|
8
|
+
import { writeFileSync, renameSync, readFileSync, existsSync, mkdirSync, statSync } from 'node:fs';
|
|
9
9
|
import { join } from 'node:path';
|
|
10
10
|
import { BenchmarkRunner } from '../benchmarks/benchmark-runner.js';
|
|
11
11
|
// ============================================================================
|
|
@@ -63,9 +63,12 @@ const neuralCommand = {
|
|
|
63
63
|
{ command: 'monomind benchmark neural -d 768 -n 5000', description: 'Higher dimension, more vectors' },
|
|
64
64
|
],
|
|
65
65
|
action: async (ctx) => {
|
|
66
|
-
const
|
|
67
|
-
const
|
|
68
|
-
const
|
|
66
|
+
const iterationsRaw = parseInt(ctx.flags.iterations || '100', 10);
|
|
67
|
+
const iterations = Number.isFinite(iterationsRaw) ? Math.max(1, Math.min(iterationsRaw, 10_000)) : 100;
|
|
68
|
+
const dimensionRaw = parseInt(ctx.flags.dimension || '384', 10);
|
|
69
|
+
const dimension = Number.isFinite(dimensionRaw) ? Math.max(1, Math.min(dimensionRaw, 4096)) : 384;
|
|
70
|
+
const numVectorsRaw = parseInt(ctx.flags.vectors || '1000', 10);
|
|
71
|
+
const numVectors = Number.isFinite(numVectorsRaw) ? Math.max(1, Math.min(numVectorsRaw, 100_000)) : 1000;
|
|
69
72
|
const outputFormat = ctx.flags.output || 'text';
|
|
70
73
|
output.writeln();
|
|
71
74
|
output.writeln(output.bold('Neural Operations Benchmark'));
|
|
@@ -228,7 +231,8 @@ const memoryCommand = {
|
|
|
228
231
|
{ command: 'monomind benchmark memory', description: 'Run memory benchmarks' },
|
|
229
232
|
],
|
|
230
233
|
action: async (ctx) => {
|
|
231
|
-
const
|
|
234
|
+
const iterationsRaw = parseInt(ctx.flags.iterations || '100', 10);
|
|
235
|
+
const iterations = Number.isFinite(iterationsRaw) ? Math.max(1, Math.min(iterationsRaw, 10_000)) : 100;
|
|
232
236
|
const outputFormat = ctx.flags.output || 'text';
|
|
233
237
|
output.writeln();
|
|
234
238
|
output.writeln(output.bold('Memory Operations Benchmark'));
|
|
@@ -384,7 +388,15 @@ const allCommand = {
|
|
|
384
388
|
if (!existsSync(resultsDir)) {
|
|
385
389
|
mkdirSync(resultsDir, { recursive: true });
|
|
386
390
|
}
|
|
387
|
-
|
|
391
|
+
// Path traversal guard: resolve within resultsDir regardless of whether saveFile is absolute
|
|
392
|
+
const { resolve: resolvePath, basename } = await import('node:path');
|
|
393
|
+
const safeName = basename(saveFile);
|
|
394
|
+
const savePath = resolvePath(resultsDir, safeName);
|
|
395
|
+
const resolvedResultsDir = resolvePath(resultsDir);
|
|
396
|
+
if (!savePath.startsWith(resolvedResultsDir + '/') && savePath !== resolvedResultsDir) {
|
|
397
|
+
output.writeln(output.error(`Save path must be within ${resultsDir}`));
|
|
398
|
+
return { success: false, message: 'Invalid save path' };
|
|
399
|
+
}
|
|
388
400
|
const saveTmp2 = savePath + '.tmp';
|
|
389
401
|
writeFileSync(saveTmp2, JSON.stringify({
|
|
390
402
|
timestamp: new Date().toISOString(),
|
|
@@ -416,14 +428,30 @@ const regressionCommand = {
|
|
|
416
428
|
{ command: 'monomind benchmark regression -b agent-spawn -a output.txt --pin-baseline', description: 'Evaluate and pin results as new baseline' },
|
|
417
429
|
],
|
|
418
430
|
action: async (ctx) => {
|
|
419
|
-
const
|
|
431
|
+
const suiteDirRaw = ctx.flags.suite || '.monomind/benchmarks/definitions';
|
|
420
432
|
const benchmarkId = ctx.flags['benchmark-id'];
|
|
421
433
|
const agentOutputFile = ctx.flags['agent-output'];
|
|
422
434
|
const pinBaseline = ctx.flags['pin-baseline'] === true;
|
|
423
435
|
const outputFormat = ctx.flags.output || 'text';
|
|
436
|
+
// Validate benchmarkId to prevent path traversal in baseline file names
|
|
437
|
+
if (benchmarkId !== undefined) {
|
|
438
|
+
if (!/^[a-zA-Z0-9_-]{1,128}$/.test(benchmarkId)) {
|
|
439
|
+
output.writeln(output.error('Invalid benchmark-id: must contain only alphanumeric, dash, or underscore characters (max 128).'));
|
|
440
|
+
return { success: false, message: 'Invalid benchmark-id' };
|
|
441
|
+
}
|
|
442
|
+
}
|
|
424
443
|
const runner = new BenchmarkRunner();
|
|
425
444
|
const baselinesDir = join(process.cwd(), '.monomind', 'benchmarks', 'baselines');
|
|
426
|
-
|
|
445
|
+
// Path traversal guard for suiteDir
|
|
446
|
+
const { resolve: resolvePath2 } = await import('node:path');
|
|
447
|
+
const projectRoot = resolvePath2(process.cwd());
|
|
448
|
+
const resolvedSuiteDir = resolvePath2(process.cwd(), suiteDirRaw);
|
|
449
|
+
if (!resolvedSuiteDir.startsWith(projectRoot + '/') && resolvedSuiteDir !== projectRoot) {
|
|
450
|
+
output.writeln(output.error(`Suite directory must be within the project: ${projectRoot}`));
|
|
451
|
+
return { success: false, message: 'Invalid suite directory' };
|
|
452
|
+
}
|
|
453
|
+
const suiteDir = suiteDirRaw;
|
|
454
|
+
const definitions = runner.loadBenchmarks(resolvedSuiteDir);
|
|
427
455
|
if (definitions.length === 0) {
|
|
428
456
|
output.writeln(output.dim(`No benchmark definitions found in ${suiteDir}`));
|
|
429
457
|
output.writeln(output.dim('Create JSON files there to define quality benchmarks.'));
|
|
@@ -446,6 +474,15 @@ const regressionCommand = {
|
|
|
446
474
|
output.writeln(output.error(`Agent output file not found: ${agentOutputFile}`));
|
|
447
475
|
return { success: false, message: 'Agent output file not found' };
|
|
448
476
|
}
|
|
477
|
+
const MAX_AGENT_OUTPUT_BYTES = 10 * 1024 * 1024; // 10 MB
|
|
478
|
+
try {
|
|
479
|
+
const agentOutputStat = statSync(agentOutputFile);
|
|
480
|
+
if (agentOutputStat.size > MAX_AGENT_OUTPUT_BYTES) {
|
|
481
|
+
output.writeln(output.error(`Agent output file too large: ${agentOutputFile} (max 10 MB)`));
|
|
482
|
+
return { success: false, message: 'Agent output file too large' };
|
|
483
|
+
}
|
|
484
|
+
}
|
|
485
|
+
catch { /* existsSync already passed; ignore stat failure */ }
|
|
449
486
|
const agentOutput = readFileSync(agentOutputFile, 'utf-8');
|
|
450
487
|
const targetDefs = benchmarkId
|
|
451
488
|
? definitions.filter((d) => d.benchmarkId === benchmarkId)
|
|
@@ -473,8 +510,14 @@ const regressionCommand = {
|
|
|
473
510
|
output.writeln();
|
|
474
511
|
}
|
|
475
512
|
// Baseline comparison
|
|
513
|
+
const MAX_BASELINE_BYTES = 5 * 1024 * 1024; // 5 MB
|
|
476
514
|
const baselinePath = join(baselinesDir, `${benchmarkId ?? 'all'}.json`);
|
|
477
515
|
if (existsSync(baselinePath)) {
|
|
516
|
+
const baselineStat = statSync(baselinePath);
|
|
517
|
+
if (baselineStat.size > MAX_BASELINE_BYTES) {
|
|
518
|
+
output.writeln(output.error(`Baseline file too large (max 5 MB)`));
|
|
519
|
+
return { success: false, message: 'Baseline file too large' };
|
|
520
|
+
}
|
|
478
521
|
const baseline = JSON.parse(readFileSync(baselinePath, 'utf-8'));
|
|
479
522
|
const hasRegression = runner.detectRegression(results, baseline);
|
|
480
523
|
if (hasRegression) {
|
|
@@ -214,13 +214,16 @@ const waitCommand = {
|
|
|
214
214
|
const { client, sessionId } = await ensureConnected(_port);
|
|
215
215
|
const browser = await getBrowser();
|
|
216
216
|
if (ctx.flags.ms) {
|
|
217
|
-
|
|
217
|
+
const rawMs = ctx.flags.ms;
|
|
218
|
+
const waitMs = Number.isFinite(rawMs) ? Math.max(0, Math.min(rawMs, 60_000)) : 0; // cap at 60s
|
|
219
|
+
await new Promise((r) => setTimeout(r, waitMs));
|
|
218
220
|
output.printSuccess(`Waited ${ctx.flags.ms}ms`);
|
|
219
221
|
return { success: true };
|
|
220
222
|
}
|
|
221
223
|
if (ctx.flags.fn) {
|
|
222
224
|
const expr = ctx.flags.fn;
|
|
223
|
-
const
|
|
225
|
+
const rawTimeout = ctx.flags.timeout ?? 30000;
|
|
226
|
+
const timeout = Number.isFinite(rawTimeout) ? Math.max(100, Math.min(rawTimeout, 300_000)) : 30000; // cap at 5min
|
|
224
227
|
const interval = 200;
|
|
225
228
|
const deadline = Date.now() + timeout;
|
|
226
229
|
while (Date.now() < deadline) {
|
|
@@ -35,7 +35,7 @@ function safeParseJson(content) {
|
|
|
35
35
|
function loadClaimsConfig() {
|
|
36
36
|
const configPaths = getClaimsConfigPaths();
|
|
37
37
|
for (const configPath of configPaths) {
|
|
38
|
-
if (fs.existsSync(configPath)) {
|
|
38
|
+
if (fs.existsSync(configPath) && fs.statSync(configPath).size <= 1024 * 1024) {
|
|
39
39
|
const content = fs.readFileSync(configPath, 'utf-8');
|
|
40
40
|
return { config: safeParseJson(content), path: configPath };
|
|
41
41
|
}
|
|
@@ -153,13 +153,19 @@ const checkCommand = {
|
|
|
153
153
|
{ command: 'monomind claims check -c admin:delete -u user123', description: 'Check user permission' },
|
|
154
154
|
],
|
|
155
155
|
action: async (ctx) => {
|
|
156
|
-
const claim = ctx.flags.claim;
|
|
157
|
-
const user = ctx.flags.user || 'current';
|
|
158
|
-
const resource = ctx.flags.resource;
|
|
156
|
+
const claim = (ctx.flags.claim || '').slice(0, 256);
|
|
157
|
+
const user = (ctx.flags.user || 'current').slice(0, 128);
|
|
158
|
+
const resource = (ctx.flags.resource || '').slice(0, 256);
|
|
159
159
|
if (!claim) {
|
|
160
160
|
output.printError('Claim is required');
|
|
161
161
|
return { success: false, exitCode: 1 };
|
|
162
162
|
}
|
|
163
|
+
// Block prototype-polluting user or resource keys.
|
|
164
|
+
const PROTO_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
|
|
165
|
+
if (PROTO_KEYS.has(user)) {
|
|
166
|
+
output.printError(`Forbidden user key: "${user}"`);
|
|
167
|
+
return { success: false, exitCode: 1 };
|
|
168
|
+
}
|
|
163
169
|
output.writeln();
|
|
164
170
|
output.writeln(output.bold('Claim Check'));
|
|
165
171
|
output.writeln(output.dim('─'.repeat(40)));
|
|
@@ -189,7 +195,7 @@ const checkCommand = {
|
|
|
189
195
|
defaultClaims: ['swarm:create', 'swarm:status', 'agent:spawn', 'agent:list', 'memory:read', 'memory:write', 'task:create'],
|
|
190
196
|
};
|
|
191
197
|
for (const configPath of claimsConfigPaths) {
|
|
192
|
-
if (fs.existsSync(configPath)) {
|
|
198
|
+
if (fs.existsSync(configPath) && fs.statSync(configPath).size <= 1024 * 1024) {
|
|
193
199
|
const content = fs.readFileSync(configPath, 'utf-8');
|
|
194
200
|
claimsConfig = { ...claimsConfig, ...safeParseJson(content) };
|
|
195
201
|
policySource = configPath;
|
|
@@ -283,9 +289,9 @@ const grantCommand = {
|
|
|
283
289
|
{ command: 'monomind claims grant -c agent:spawn -r developer', description: 'Grant to role' },
|
|
284
290
|
],
|
|
285
291
|
action: async (ctx) => {
|
|
286
|
-
const claim = ctx.flags.claim;
|
|
287
|
-
const user = ctx.flags.user;
|
|
288
|
-
const role = ctx.flags.role;
|
|
292
|
+
const claim = (ctx.flags.claim || '').slice(0, 256);
|
|
293
|
+
const user = (ctx.flags.user || '').slice(0, 128);
|
|
294
|
+
const role = (ctx.flags.role || '').slice(0, 64);
|
|
289
295
|
if (!claim) {
|
|
290
296
|
output.printError('Claim is required');
|
|
291
297
|
return { success: false, exitCode: 1 };
|
|
@@ -294,6 +300,12 @@ const grantCommand = {
|
|
|
294
300
|
output.printError('Either user or role is required');
|
|
295
301
|
return { success: false, exitCode: 1 };
|
|
296
302
|
}
|
|
303
|
+
// Block prototype-polluting user or role keys.
|
|
304
|
+
const PROTO_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
|
|
305
|
+
if ((user && PROTO_KEYS.has(user)) || (role && PROTO_KEYS.has(role))) {
|
|
306
|
+
output.printError('Forbidden user or role key');
|
|
307
|
+
return { success: false, exitCode: 1 };
|
|
308
|
+
}
|
|
297
309
|
try {
|
|
298
310
|
const { config, path: configPath } = loadClaimsConfig();
|
|
299
311
|
if (user) {
|
|
@@ -343,9 +355,9 @@ const revokeCommand = {
|
|
|
343
355
|
{ command: 'monomind claims revoke -c admin:* -r guest', description: 'Revoke from role' },
|
|
344
356
|
],
|
|
345
357
|
action: async (ctx) => {
|
|
346
|
-
const claim = ctx.flags.claim;
|
|
347
|
-
const user = ctx.flags.user;
|
|
348
|
-
const role = ctx.flags.role;
|
|
358
|
+
const claim = (ctx.flags.claim || '').slice(0, 256);
|
|
359
|
+
const user = (ctx.flags.user || '').slice(0, 128);
|
|
360
|
+
const role = (ctx.flags.role || '').slice(0, 64);
|
|
349
361
|
if (!claim) {
|
|
350
362
|
output.printError('Claim is required');
|
|
351
363
|
return { success: false, exitCode: 1 };
|
|
@@ -354,6 +366,12 @@ const revokeCommand = {
|
|
|
354
366
|
output.printError('Either user or role is required');
|
|
355
367
|
return { success: false, exitCode: 1 };
|
|
356
368
|
}
|
|
369
|
+
// Block prototype-polluting user or role keys.
|
|
370
|
+
const PROTO_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
|
|
371
|
+
if ((user && PROTO_KEYS.has(user)) || (role && PROTO_KEYS.has(role))) {
|
|
372
|
+
output.printError('Forbidden user or role key');
|
|
373
|
+
return { success: false, exitCode: 1 };
|
|
374
|
+
}
|
|
357
375
|
try {
|
|
358
376
|
const { config, path: configPath } = loadClaimsConfig();
|
|
359
377
|
let removed = false;
|
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
* github.com/monoes/monomind
|
|
6
6
|
*/
|
|
7
7
|
import { output } from '../output.js';
|
|
8
|
-
import { existsSync,
|
|
8
|
+
import { existsSync, lstatSync, rmSync, readdirSync } from 'fs';
|
|
9
9
|
import { join } from 'path';
|
|
10
10
|
/**
|
|
11
11
|
* Artifact directories and files that monomind/monomind may create
|
|
@@ -30,11 +30,27 @@ const KEEP_CONFIG_PATHS = [
|
|
|
30
30
|
join('.claude', 'settings.json'),
|
|
31
31
|
];
|
|
32
32
|
/**
|
|
33
|
-
*
|
|
33
|
+
* Maximum directory recursion depth for size calculation.
|
|
34
|
+
* Prevents stack overflow on deeply-nested or circular-symlink trees.
|
|
34
35
|
*/
|
|
35
|
-
|
|
36
|
+
const MAX_SIZE_DEPTH = 20;
|
|
37
|
+
/**
|
|
38
|
+
* Calculate the total size of a path (file or directory) in bytes.
|
|
39
|
+
*
|
|
40
|
+
* Uses lstatSync (not statSync) so that symlinks are never followed:
|
|
41
|
+
* a symlink counts only the size of the link itself, not its target.
|
|
42
|
+
* This prevents a crafted symlink (e.g. .claude -> /) from causing
|
|
43
|
+
* the cleanup command to recursively traverse the entire filesystem.
|
|
44
|
+
*/
|
|
45
|
+
function getSize(fullPath, depth = 0) {
|
|
46
|
+
if (depth > MAX_SIZE_DEPTH)
|
|
47
|
+
return 0;
|
|
36
48
|
try {
|
|
37
|
-
const stat =
|
|
49
|
+
const stat = lstatSync(fullPath);
|
|
50
|
+
if (stat.isSymbolicLink()) {
|
|
51
|
+
// Count only the symlink entry itself; never traverse the target.
|
|
52
|
+
return stat.size;
|
|
53
|
+
}
|
|
38
54
|
if (stat.isFile()) {
|
|
39
55
|
return stat.size;
|
|
40
56
|
}
|
|
@@ -42,7 +58,11 @@ function getSize(fullPath) {
|
|
|
42
58
|
let total = 0;
|
|
43
59
|
const entries = readdirSync(fullPath, { withFileTypes: true });
|
|
44
60
|
for (const entry of entries) {
|
|
45
|
-
|
|
61
|
+
// Skip symlinks at the entry level too — lstatSync below will still
|
|
62
|
+
// catch them, but checking here avoids unnecessary path joins.
|
|
63
|
+
if (!entry.isSymbolicLink()) {
|
|
64
|
+
total += getSize(join(fullPath, entry.name), depth + 1);
|
|
65
|
+
}
|
|
46
66
|
}
|
|
47
67
|
return total;
|
|
48
68
|
}
|
|
@@ -69,7 +69,7 @@ const getCommand = {
|
|
|
69
69
|
{ command: 'monomind config get -k memory.backend', description: 'Get memory backend' }
|
|
70
70
|
],
|
|
71
71
|
action: async (ctx) => {
|
|
72
|
-
const key = ctx.flags.key || ctx.args[0];
|
|
72
|
+
const key = (ctx.flags.key || ctx.args[0] || '').slice(0, 256);
|
|
73
73
|
if (!key) {
|
|
74
74
|
// Show all config from actual config file (fall back to defaults)
|
|
75
75
|
const config = configManager.getConfig(ctx.cwd);
|
|
@@ -102,6 +102,14 @@ const getCommand = {
|
|
|
102
102
|
});
|
|
103
103
|
return { success: true, data: flatEntries };
|
|
104
104
|
}
|
|
105
|
+
// Prototype pollution guard — mirrors the same check in setCommand.
|
|
106
|
+
const FORBIDDEN_KEY_SEGMENTS = new Set(['__proto__', 'constructor', 'prototype']);
|
|
107
|
+
for (const seg of key.split('.')) {
|
|
108
|
+
if (FORBIDDEN_KEY_SEGMENTS.has(seg)) {
|
|
109
|
+
output.printError(`Forbidden config key segment: "${seg}"`);
|
|
110
|
+
return { success: false, exitCode: 1 };
|
|
111
|
+
}
|
|
112
|
+
}
|
|
105
113
|
const value = configManager.get(ctx.cwd, key);
|
|
106
114
|
if (value === undefined) {
|
|
107
115
|
output.printError(`Configuration key not found: ${key}`);
|
|
@@ -141,8 +149,8 @@ const setCommand = {
|
|
|
141
149
|
{ command: 'monomind config set -k memory.backend -v agentdb', description: 'Set memory backend' }
|
|
142
150
|
],
|
|
143
151
|
action: async (ctx) => {
|
|
144
|
-
const key = ctx.flags.key || ctx.args[0];
|
|
145
|
-
const value = ctx.flags.value
|
|
152
|
+
const key = (ctx.flags.key || ctx.args[0] || '').slice(0, 256);
|
|
153
|
+
const value = (ctx.flags.value ?? ctx.args[1] ?? '');
|
|
146
154
|
if (!key || value === undefined) {
|
|
147
155
|
output.printError('Both key and value are required');
|
|
148
156
|
return { success: false, exitCode: 1 };
|
|
@@ -203,10 +211,10 @@ const providersCommand = {
|
|
|
203
211
|
{ name: 'gemini', model: 'gemini-2.0-flash', priority: 4, enabled: false, status: 'Disabled' }
|
|
204
212
|
];
|
|
205
213
|
// Handle mutation flags
|
|
206
|
-
const addProvider = ctx.flags.add;
|
|
207
|
-
const removeProvider = ctx.flags.remove;
|
|
208
|
-
const enableProvider = ctx.flags.enable;
|
|
209
|
-
const disableProvider = ctx.flags.disable;
|
|
214
|
+
const addProvider = ctx.flags.add?.slice(0, 64);
|
|
215
|
+
const removeProvider = ctx.flags.remove?.slice(0, 64);
|
|
216
|
+
const enableProvider = ctx.flags.enable?.slice(0, 64);
|
|
217
|
+
const disableProvider = ctx.flags.disable?.slice(0, 64);
|
|
210
218
|
if (addProvider || removeProvider || enableProvider || disableProvider) {
|
|
211
219
|
// Read current providers from config
|
|
212
220
|
let currentProviders = configManager.get(ctx.cwd, 'providers') || [];
|
|
@@ -327,6 +327,10 @@ async function killBackgroundDaemon(projectRoot) {
|
|
|
327
327
|
return false;
|
|
328
328
|
}
|
|
329
329
|
try {
|
|
330
|
+
if (fs.statSync(pidFile).size > 32) {
|
|
331
|
+
fs.unlinkSync(pidFile);
|
|
332
|
+
return false;
|
|
333
|
+
}
|
|
330
334
|
const pid = parseInt(fs.readFileSync(pidFile, 'utf-8').trim(), 10);
|
|
331
335
|
if (isNaN(pid)) {
|
|
332
336
|
fs.unlinkSync(pidFile);
|
|
@@ -376,6 +380,8 @@ function getBackgroundDaemonPid(projectRoot) {
|
|
|
376
380
|
return null;
|
|
377
381
|
}
|
|
378
382
|
try {
|
|
383
|
+
if (fs.statSync(pidFile).size > 32)
|
|
384
|
+
return null;
|
|
379
385
|
const pid = parseInt(fs.readFileSync(pidFile, 'utf-8').trim(), 10);
|
|
380
386
|
return isNaN(pid) ? null : pid;
|
|
381
387
|
}
|
|
@@ -19,11 +19,23 @@ function getStatePath(cwd) {
|
|
|
19
19
|
function emptyState() {
|
|
20
20
|
return { environments: {}, history: [], activeDeployment: undefined };
|
|
21
21
|
}
|
|
22
|
+
const MAX_DEPLOYMENT_STATE_BYTES = 10 * 1024 * 1024; // 10 MB
|
|
23
|
+
// Input length caps to prevent DoS via unbounded strings stored to disk
|
|
24
|
+
const MAX_ENV_NAME_LEN = 128;
|
|
25
|
+
const MAX_VERSION_LEN = 64;
|
|
26
|
+
const MAX_DESCRIPTION_LEN = 1024;
|
|
27
|
+
const MAX_URL_LEN = 2048;
|
|
28
|
+
const MAX_ENV_TYPE_LEN = 64;
|
|
29
|
+
const MAX_HISTORY_LIMIT = 1000;
|
|
30
|
+
const MAX_LOGS_LIMIT = 1000;
|
|
22
31
|
function loadDeploymentState(cwd) {
|
|
23
32
|
const filePath = getStatePath(cwd);
|
|
24
33
|
if (!fs.existsSync(filePath)) {
|
|
25
34
|
return emptyState();
|
|
26
35
|
}
|
|
36
|
+
if (fs.statSync(filePath).size > MAX_DEPLOYMENT_STATE_BYTES) {
|
|
37
|
+
return emptyState();
|
|
38
|
+
}
|
|
27
39
|
try {
|
|
28
40
|
const raw = fs.readFileSync(filePath, 'utf-8');
|
|
29
41
|
const parsed = JSON.parse(raw);
|
|
@@ -66,6 +78,9 @@ function readProjectVersion(cwd) {
|
|
|
66
78
|
if (!fs.existsSync(pkgPath)) {
|
|
67
79
|
return null;
|
|
68
80
|
}
|
|
81
|
+
if (fs.statSync(pkgPath).size > 1024 * 1024) {
|
|
82
|
+
return null;
|
|
83
|
+
}
|
|
69
84
|
try {
|
|
70
85
|
const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf-8'));
|
|
71
86
|
return pkg.version ?? null;
|
|
@@ -92,10 +107,10 @@ const deployCommand = {
|
|
|
92
107
|
],
|
|
93
108
|
action: async (ctx) => {
|
|
94
109
|
try {
|
|
95
|
-
const envName = String(ctx.flags['env'] || 'staging');
|
|
110
|
+
const envName = String(ctx.flags['env'] || 'staging').slice(0, MAX_ENV_NAME_LEN);
|
|
96
111
|
const dryRun = Boolean(ctx.flags['dry-run']);
|
|
97
|
-
const description = ctx.flags['description'] ? String(ctx.flags['description']) : undefined;
|
|
98
|
-
let version = ctx.flags['version'] ? String(ctx.flags['version']) : null;
|
|
112
|
+
const description = ctx.flags['description'] ? String(ctx.flags['description']).slice(0, MAX_DESCRIPTION_LEN) : undefined;
|
|
113
|
+
let version = ctx.flags['version'] ? String(ctx.flags['version']).slice(0, MAX_VERSION_LEN) : null;
|
|
99
114
|
if (!version) {
|
|
100
115
|
version = readProjectVersion(ctx.cwd) || '0.0.0';
|
|
101
116
|
}
|
|
@@ -181,7 +196,7 @@ const statusCommand = {
|
|
|
181
196
|
action: async (ctx) => {
|
|
182
197
|
try {
|
|
183
198
|
const state = loadDeploymentState(ctx.cwd);
|
|
184
|
-
const filterEnv = ctx.flags['env'] ? String(ctx.flags['env']) : null;
|
|
199
|
+
const filterEnv = ctx.flags['env'] ? String(ctx.flags['env']).slice(0, MAX_ENV_NAME_LEN) : null;
|
|
185
200
|
output.writeln();
|
|
186
201
|
output.writeln(output.bold('Deployment Status'));
|
|
187
202
|
output.writeln();
|
|
@@ -277,13 +292,13 @@ const rollbackCommand = {
|
|
|
277
292
|
],
|
|
278
293
|
action: async (ctx) => {
|
|
279
294
|
try {
|
|
280
|
-
const envName = String(ctx.flags['env'] || '');
|
|
295
|
+
const envName = String(ctx.flags['env'] || '').slice(0, MAX_ENV_NAME_LEN);
|
|
281
296
|
if (!envName) {
|
|
282
297
|
output.printError('Environment is required', 'Use --env or -e to specify');
|
|
283
298
|
return { success: false, exitCode: 1 };
|
|
284
299
|
}
|
|
285
|
-
const targetVersion = ctx.flags['version'] ? String(ctx.flags['version']) : null;
|
|
286
|
-
const steps = parseInt(ctx.flags.steps || '1', 10);
|
|
300
|
+
const targetVersion = ctx.flags['version'] ? String(ctx.flags['version']).slice(0, MAX_VERSION_LEN) : null;
|
|
301
|
+
const steps = Math.min(Math.max(parseInt(ctx.flags.steps || '1', 10), 1), 100);
|
|
287
302
|
if (steps > 1) {
|
|
288
303
|
output.printWarning(`Multi-step rollback (--steps ${steps}) is not yet implemented. Rolling back 1 step only.`);
|
|
289
304
|
}
|
|
@@ -370,8 +385,8 @@ const historyCommand = {
|
|
|
370
385
|
action: async (ctx) => {
|
|
371
386
|
try {
|
|
372
387
|
const state = loadDeploymentState(ctx.cwd);
|
|
373
|
-
const filterEnv = ctx.flags['env'] ? String(ctx.flags['env']) : null;
|
|
374
|
-
const limit = Number(ctx.flags['limit']) || 10;
|
|
388
|
+
const filterEnv = ctx.flags['env'] ? String(ctx.flags['env']).slice(0, MAX_ENV_NAME_LEN) : null;
|
|
389
|
+
const limit = Math.min(Math.max(Number(ctx.flags['limit']) || 10, 1), MAX_HISTORY_LIMIT);
|
|
375
390
|
let records = [...state.history].reverse();
|
|
376
391
|
if (filterEnv) {
|
|
377
392
|
records = records.filter(r => r.environment === filterEnv);
|
|
@@ -455,7 +470,7 @@ const environmentsCommand = {
|
|
|
455
470
|
return { success: true };
|
|
456
471
|
}
|
|
457
472
|
if (action === 'add') {
|
|
458
|
-
const name = ctx.flags['name'] ? String(ctx.flags['name']) : null;
|
|
473
|
+
const name = ctx.flags['name'] ? String(ctx.flags['name']).slice(0, MAX_ENV_NAME_LEN) : null;
|
|
459
474
|
if (!name) {
|
|
460
475
|
output.printError('Environment name is required', 'Use --name or -n to specify');
|
|
461
476
|
return { success: false, exitCode: 1 };
|
|
@@ -464,8 +479,8 @@ const environmentsCommand = {
|
|
|
464
479
|
output.printWarning(`Environment '${name}' already exists`);
|
|
465
480
|
return { success: false, exitCode: 1 };
|
|
466
481
|
}
|
|
467
|
-
const envType = String(ctx.flags['type'] || 'local');
|
|
468
|
-
const url = ctx.flags['url'] ? String(ctx.flags['url']) : undefined;
|
|
482
|
+
const envType = String(ctx.flags['type'] || 'local').slice(0, MAX_ENV_TYPE_LEN);
|
|
483
|
+
const url = ctx.flags['url'] ? String(ctx.flags['url']).slice(0, MAX_URL_LEN) : undefined;
|
|
469
484
|
state.environments[name] = {
|
|
470
485
|
name,
|
|
471
486
|
type: envType,
|
|
@@ -481,7 +496,7 @@ const environmentsCommand = {
|
|
|
481
496
|
return { success: true };
|
|
482
497
|
}
|
|
483
498
|
if (action === 'remove') {
|
|
484
|
-
const name = ctx.flags['name'] ? String(ctx.flags['name']) : null;
|
|
499
|
+
const name = ctx.flags['name'] ? String(ctx.flags['name']).slice(0, MAX_ENV_NAME_LEN) : null;
|
|
485
500
|
if (!name) {
|
|
486
501
|
output.printError('Environment name is required', 'Use --name or -n to specify');
|
|
487
502
|
return { success: false, exitCode: 1 };
|
|
@@ -524,9 +539,9 @@ const logsCommand = {
|
|
|
524
539
|
action: async (ctx) => {
|
|
525
540
|
try {
|
|
526
541
|
const state = loadDeploymentState(ctx.cwd);
|
|
527
|
-
const filterEnv = ctx.flags['env'] ? String(ctx.flags['env']) : null;
|
|
528
|
-
const deploymentId = ctx.flags['deployment'] ? String(ctx.flags['deployment']) : null;
|
|
529
|
-
const limit = Number(ctx.flags['lines']) || 50;
|
|
542
|
+
const filterEnv = ctx.flags['env'] ? String(ctx.flags['env']).slice(0, MAX_ENV_NAME_LEN) : null;
|
|
543
|
+
const deploymentId = ctx.flags['deployment'] ? String(ctx.flags['deployment']).slice(0, 64) : null;
|
|
544
|
+
const limit = Math.min(Math.max(Number(ctx.flags['lines']) || 50, 1), MAX_LOGS_LIMIT);
|
|
530
545
|
output.writeln();
|
|
531
546
|
output.writeln(output.bold('Deployment Logs'));
|
|
532
547
|
output.writeln();
|
|
@@ -588,9 +603,9 @@ const releaseCommand = {
|
|
|
588
603
|
],
|
|
589
604
|
action: async (ctx) => {
|
|
590
605
|
try {
|
|
591
|
-
const envName = String(ctx.flags['env'] || 'production');
|
|
592
|
-
const description = ctx.flags['description'] ? String(ctx.flags['description']) : undefined;
|
|
593
|
-
let version = ctx.flags['version'] ? String(ctx.flags['version']) : null;
|
|
606
|
+
const envName = String(ctx.flags['env'] || 'production').slice(0, MAX_ENV_NAME_LEN);
|
|
607
|
+
const description = ctx.flags['description'] ? String(ctx.flags['description']).slice(0, MAX_DESCRIPTION_LEN) : undefined;
|
|
608
|
+
let version = ctx.flags['version'] ? String(ctx.flags['version']).slice(0, MAX_VERSION_LEN) : null;
|
|
594
609
|
if (!version) {
|
|
595
610
|
const pkgVersion = readProjectVersion(ctx.cwd);
|
|
596
611
|
if (!pkgVersion) {
|