monomind 1.11.13 → 1.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/agents/generated/channel-intelligence-director.md +87 -0
- package/.claude/agents/generated/chief-growth-officer.md +88 -0
- package/.claude/agents/generated/content-seo-strategist.md +90 -0
- package/.claude/agents/generated/developer-community-strategist.md +91 -0
- package/.claude/agents/generated/outreach-partnership-strategist.md +90 -0
- package/.claude/agents/generated/social-media-strategist.md +91 -0
- package/.claude/agents/generated/video-visual-strategist.md +90 -0
- package/.claude/commands/mastermind/idea.md +1 -1
- package/.claude/helpers/auto-memory-hook.mjs +13 -4
- package/.claude/helpers/control-start.cjs +5 -0
- package/.claude/helpers/event-logger.cjs +114 -0
- package/.claude/helpers/handlers/adr-draft-handler.cjs +19 -5
- package/.claude/helpers/handlers/agent-start-handler.cjs +13 -4
- package/.claude/helpers/handlers/compact-handler.cjs +2 -0
- package/.claude/helpers/handlers/edit-handler.cjs +1 -1
- package/.claude/helpers/handlers/gates-handler.cjs +3 -0
- package/.claude/helpers/handlers/graph-status-handler.cjs +14 -8
- package/.claude/helpers/handlers/loops-status-handler.cjs +5 -2
- package/.claude/helpers/handlers/route-handler.cjs +13 -6
- package/.claude/helpers/handlers/session-handler.cjs +11 -4
- package/.claude/helpers/handlers/session-restore-handler.cjs +21 -11
- package/.claude/helpers/handlers/task-handler.cjs +13 -5
- package/.claude/helpers/intelligence.cjs +7 -2
- package/.claude/helpers/loop-tracker.cjs +15 -3
- package/.claude/helpers/memory.cjs +6 -1
- package/.claude/helpers/router.cjs +5 -2
- package/.claude/helpers/session.cjs +2 -0
- package/.claude/helpers/statusline.cjs +10 -2
- package/.claude/helpers/utils/micro-agents.cjs +20 -4
- package/.claude/scheduled_tasks.lock +1 -1
- package/.claude/settings.json +92 -1
- package/.claude/skills/mastermind/_protocol.md +23 -13
- package/.claude/skills/mastermind/architect.md +6 -9
- package/.claude/skills/mastermind/build.md +3 -3
- package/.claude/skills/mastermind/content.md +3 -3
- package/.claude/skills/mastermind/createorg.md +2 -2
- package/.claude/skills/mastermind/finance.md +3 -3
- package/.claude/skills/mastermind/idea.md +5 -3
- package/.claude/skills/mastermind/marketing.md +3 -3
- package/.claude/skills/mastermind/monitor.md +2 -2
- package/.claude/skills/mastermind/release.md +3 -3
- package/.claude/skills/mastermind/research.md +3 -3
- package/.claude/skills/mastermind/review.md +3 -3
- package/.claude/skills/mastermind/runorg.md +153 -86
- package/.claude/skills/mastermind/sales.md +3 -3
- package/README.md +286 -129
- package/package.json +19 -2
- package/packages/@monomind/cli/README.md +286 -129
- package/packages/@monomind/cli/bundled-graph/dist/src/build.js +73 -0
- package/packages/@monomind/cli/bundled-graph/dist/src/cluster.js +120 -0
- package/packages/@monomind/cli/bundled-graph/package.json +57 -0
- package/packages/@monomind/cli/dist/src/agents/halt-signal.d.ts +25 -0
- package/packages/@monomind/cli/dist/src/agents/halt-signal.js +76 -0
- package/packages/@monomind/cli/dist/src/agents/index.d.ts +18 -0
- package/packages/@monomind/cli/dist/src/agents/index.js +13 -0
- package/packages/@monomind/cli/dist/src/agents/managed-agent.d.ts +41 -0
- package/packages/@monomind/cli/dist/src/agents/managed-agent.js +69 -0
- package/packages/@monomind/cli/dist/src/agents/prompt-experiment.d.ts +23 -0
- package/packages/@monomind/cli/dist/src/agents/prompt-experiment.js +49 -0
- package/packages/@monomind/cli/dist/src/agents/prompt-version-manager.d.ts +22 -0
- package/packages/@monomind/cli/dist/src/agents/prompt-version-manager.js +80 -0
- package/packages/@monomind/cli/dist/src/agents/registry-builder.js +2 -0
- package/packages/@monomind/cli/dist/src/agents/registry-query.d.ts +71 -0
- package/packages/@monomind/cli/dist/src/agents/registry-query.js +125 -0
- package/packages/@monomind/cli/dist/src/agents/score-decay.d.ts +19 -0
- package/packages/@monomind/cli/dist/src/agents/score-decay.js +22 -0
- package/packages/@monomind/cli/dist/src/agents/shared-instructions-loader.d.ts +13 -0
- package/packages/@monomind/cli/dist/src/agents/shared-instructions-loader.js +40 -0
- package/packages/@monomind/cli/dist/src/agents/specialization-scorer.d.ts +54 -0
- package/packages/@monomind/cli/dist/src/agents/specialization-scorer.js +212 -0
- package/packages/@monomind/cli/dist/src/agents/termination-watcher.d.ts +30 -0
- package/packages/@monomind/cli/dist/src/agents/termination-watcher.js +84 -0
- package/packages/@monomind/cli/dist/src/agents/trigger-index.d.ts +20 -0
- package/packages/@monomind/cli/dist/src/agents/trigger-index.js +38 -0
- package/packages/@monomind/cli/dist/src/agents/trigger-scanner.d.ts +64 -0
- package/packages/@monomind/cli/dist/src/agents/trigger-scanner.js +308 -0
- package/packages/@monomind/cli/dist/src/agents/version-diff.d.ts +18 -0
- package/packages/@monomind/cli/dist/src/agents/version-diff.js +64 -0
- package/packages/@monomind/cli/dist/src/agents/version-store.d.ts +60 -0
- package/packages/@monomind/cli/dist/src/agents/version-store.js +235 -0
- package/packages/@monomind/cli/dist/src/autopilot-state.js +10 -5
- package/packages/@monomind/cli/dist/src/benchmarks/benchmark-runner.js +13 -0
- package/packages/@monomind/cli/dist/src/benchmarks/metric-evaluators.js +20 -9
- package/packages/@monomind/cli/dist/src/benchmarks/pretrain/index.d.ts +45 -0
- package/packages/@monomind/cli/dist/src/benchmarks/pretrain/index.js +404 -0
- package/packages/@monomind/cli/dist/src/browser/actions.js +10 -3
- package/packages/@monomind/cli/dist/src/browser/browser.js +12 -2
- package/packages/@monomind/cli/dist/src/browser/cdp.js +21 -3
- package/packages/@monomind/cli/dist/src/browser/har.js +27 -5
- package/packages/@monomind/cli/dist/src/commands/agent-wasm.d.ts +14 -0
- package/packages/@monomind/cli/dist/src/commands/agent-wasm.js +333 -0
- package/packages/@monomind/cli/dist/src/commands/agent.js +11 -8
- package/packages/@monomind/cli/dist/src/commands/analyze.js +36 -21
- package/packages/@monomind/cli/dist/src/commands/autopilot.js +12 -4
- package/packages/@monomind/cli/dist/src/commands/benchmark.js +51 -8
- package/packages/@monomind/cli/dist/src/commands/browse.js +5 -2
- package/packages/@monomind/cli/dist/src/commands/claims.js +29 -11
- package/packages/@monomind/cli/dist/src/commands/cleanup.js +25 -5
- package/packages/@monomind/cli/dist/src/commands/config.js +15 -7
- package/packages/@monomind/cli/dist/src/commands/daemon.js +6 -0
- package/packages/@monomind/cli/dist/src/commands/deployment.js +34 -19
- package/packages/@monomind/cli/dist/src/commands/doctor.js +151 -20
- package/packages/@monomind/cli/dist/src/commands/guidance.js +15 -2
- package/packages/@monomind/cli/dist/src/commands/hive-mind.js +37 -14
- package/packages/@monomind/cli/dist/src/commands/hooks.js +42 -25
- package/packages/@monomind/cli/dist/src/commands/init.js +9 -4
- package/packages/@monomind/cli/dist/src/commands/issues.js +29 -26
- package/packages/@monomind/cli/dist/src/commands/mcp.js +11 -5
- package/packages/@monomind/cli/dist/src/commands/memory.js +10 -0
- package/packages/@monomind/cli/dist/src/commands/migrate.js +5 -5
- package/packages/@monomind/cli/dist/src/commands/monograph.js +18 -5
- package/packages/@monomind/cli/dist/src/commands/monovector/backup.js +8 -2
- package/packages/@monomind/cli/dist/src/commands/monovector/benchmark.js +20 -7
- package/packages/@monomind/cli/dist/src/commands/monovector/import.js +15 -0
- package/packages/@monomind/cli/dist/src/commands/monovector/migrate.js +4 -1
- package/packages/@monomind/cli/dist/src/commands/monovector/optimize.js +11 -0
- package/packages/@monomind/cli/dist/src/commands/monovector/setup.js +11 -1
- package/packages/@monomind/cli/dist/src/commands/neural.js +1 -1
- package/packages/@monomind/cli/dist/src/commands/performance.js +20 -7
- package/packages/@monomind/cli/dist/src/commands/platforms.js +90 -8
- package/packages/@monomind/cli/dist/src/commands/plugins.js +12 -5
- package/packages/@monomind/cli/dist/src/commands/process.js +33 -10
- package/packages/@monomind/cli/dist/src/commands/progress.js +5 -3
- package/packages/@monomind/cli/dist/src/commands/providers.js +5 -5
- package/packages/@monomind/cli/dist/src/commands/replay.js +8 -2
- package/packages/@monomind/cli/dist/src/commands/route.js +27 -7
- package/packages/@monomind/cli/dist/src/commands/security.js +4 -0
- package/packages/@monomind/cli/dist/src/commands/session.js +12 -1
- package/packages/@monomind/cli/dist/src/commands/start.js +11 -4
- package/packages/@monomind/cli/dist/src/commands/status.js +7 -4
- package/packages/@monomind/cli/dist/src/commands/swarm.js +27 -13
- package/packages/@monomind/cli/dist/src/commands/task.js +26 -11
- package/packages/@monomind/cli/dist/src/commands/tokens.js +7 -2
- package/packages/@monomind/cli/dist/src/commands/transfer-store.js +36 -22
- package/packages/@monomind/cli/dist/src/commands/ui.js +68 -0
- package/packages/@monomind/cli/dist/src/commands/update.js +15 -3
- package/packages/@monomind/cli/dist/src/commands/workflow.js +39 -6
- package/packages/@monomind/cli/dist/src/consensus/audit-writer.js +18 -7
- package/packages/@monomind/cli/dist/src/consensus/index.d.ts +7 -0
- package/packages/@monomind/cli/dist/src/consensus/index.js +6 -0
- package/packages/@monomind/cli/dist/src/consensus/vote-signer.js +25 -8
- package/packages/@monomind/cli/dist/src/context/context-provider.d.ts +44 -0
- package/packages/@monomind/cli/dist/src/context/context-provider.js +25 -0
- package/packages/@monomind/cli/dist/src/context/git-state-provider.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/context/git-state-provider.js +34 -0
- package/packages/@monomind/cli/dist/src/context/index.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/context/index.js +12 -0
- package/packages/@monomind/cli/dist/src/context/project-conventions-provider.d.ts +15 -0
- package/packages/@monomind/cli/dist/src/context/project-conventions-provider.js +19 -0
- package/packages/@monomind/cli/dist/src/context/prompt-assembler.d.ts +26 -0
- package/packages/@monomind/cli/dist/src/context/prompt-assembler.js +93 -0
- package/packages/@monomind/cli/dist/src/context/task-history-provider.d.ts +24 -0
- package/packages/@monomind/cli/dist/src/context/task-history-provider.js +32 -0
- package/packages/@monomind/cli/dist/src/context/user-preferences-provider.d.ts +14 -0
- package/packages/@monomind/cli/dist/src/context/user-preferences-provider.js +27 -0
- package/packages/@monomind/cli/dist/src/dlq/dlq-reader.d.ts +31 -0
- package/packages/@monomind/cli/dist/src/dlq/dlq-reader.js +81 -0
- package/packages/@monomind/cli/dist/src/dlq/dlq-writer.d.ts +24 -0
- package/packages/@monomind/cli/dist/src/dlq/dlq-writer.js +65 -0
- package/packages/@monomind/cli/dist/src/dlq/index.d.ts +10 -0
- package/packages/@monomind/cli/dist/src/dlq/index.js +7 -0
- package/packages/@monomind/cli/dist/src/eval/dataset-manager.d.ts +33 -0
- package/packages/@monomind/cli/dist/src/eval/dataset-manager.js +107 -0
- package/packages/@monomind/cli/dist/src/eval/dataset-runner.d.ts +23 -0
- package/packages/@monomind/cli/dist/src/eval/dataset-runner.js +59 -0
- package/packages/@monomind/cli/dist/src/eval/index.d.ts +10 -0
- package/packages/@monomind/cli/dist/src/eval/index.js +7 -0
- package/packages/@monomind/cli/dist/src/eval/trace-collector.d.ts +40 -0
- package/packages/@monomind/cli/dist/src/eval/trace-collector.js +102 -0
- package/packages/@monomind/cli/dist/src/index.js +7 -3
- package/packages/@monomind/cli/dist/src/infrastructure/in-memory-repositories.d.ts +68 -0
- package/packages/@monomind/cli/dist/src/infrastructure/in-memory-repositories.js +264 -0
- package/packages/@monomind/cli/dist/src/init/executor.js +14 -11
- package/packages/@monomind/cli/dist/src/init/shared-instructions-generator.js +20 -4
- package/packages/@monomind/cli/dist/src/init/statusline-generator.js +33 -12
- package/packages/@monomind/cli/dist/src/interactive/interrupt.d.ts +22 -0
- package/packages/@monomind/cli/dist/src/interactive/interrupt.js +71 -0
- package/packages/@monomind/cli/dist/src/mcp/deprecation-injector.d.ts +25 -0
- package/packages/@monomind/cli/dist/src/mcp/deprecation-injector.js +48 -0
- package/packages/@monomind/cli/dist/src/mcp/tool-registry.d.ts +61 -0
- package/packages/@monomind/cli/dist/src/mcp/tool-registry.js +246 -0
- package/packages/@monomind/cli/dist/src/mcp-tools/a2a-tools.js +98 -13
- package/packages/@monomind/cli/dist/src/mcp-tools/agent-tools.js +16 -3
- package/packages/@monomind/cli/dist/src/mcp-tools/analyze-tools.js +80 -17
- package/packages/@monomind/cli/dist/src/mcp-tools/browser-tools.js +84 -22
- package/packages/@monomind/cli/dist/src/mcp-tools/claims-tools.js +35 -7
- package/packages/@monomind/cli/dist/src/mcp-tools/config-tools.js +82 -17
- package/packages/@monomind/cli/dist/src/mcp-tools/coordination-tools.js +37 -4
- package/packages/@monomind/cli/dist/src/mcp-tools/daa-tools.js +49 -7
- package/packages/@monomind/cli/dist/src/mcp-tools/embeddings-tools.js +45 -18
- package/packages/@monomind/cli/dist/src/mcp-tools/github-tools.js +75 -25
- package/packages/@monomind/cli/dist/src/mcp-tools/guidance-tools.js +32 -10
- package/packages/@monomind/cli/dist/src/mcp-tools/hive-mind-tools.js +91 -20
- package/packages/@monomind/cli/dist/src/mcp-tools/hooks-tools.js +188 -29
- package/packages/@monomind/cli/dist/src/mcp-tools/memory-tools.js +25 -7
- package/packages/@monomind/cli/dist/src/mcp-tools/monograph-compat.js +11 -2
- package/packages/@monomind/cli/dist/src/mcp-tools/monograph-tools.js +148 -26
- package/packages/@monomind/cli/dist/src/mcp-tools/neural-tools.js +44 -9
- package/packages/@monomind/cli/dist/src/mcp-tools/performance-tools.js +45 -10
- package/packages/@monomind/cli/dist/src/mcp-tools/progress-tools.js +7 -4
- package/packages/@monomind/cli/dist/src/mcp-tools/request-tracker.js +15 -1
- package/packages/@monomind/cli/dist/src/mcp-tools/security-tools.js +61 -9
- package/packages/@monomind/cli/dist/src/mcp-tools/session-tools.js +45 -14
- package/packages/@monomind/cli/dist/src/mcp-tools/swarm-tools.js +15 -3
- package/packages/@monomind/cli/dist/src/mcp-tools/system-tools.js +14 -7
- package/packages/@monomind/cli/dist/src/mcp-tools/task-tools.js +52 -10
- package/packages/@monomind/cli/dist/src/mcp-tools/terminal-tools.js +40 -6
- package/packages/@monomind/cli/dist/src/mcp-tools/transfer-tools.js +37 -4
- package/packages/@monomind/cli/dist/src/mcp-tools/wasm-agent-tools.d.ts +9 -0
- package/packages/@monomind/cli/dist/src/mcp-tools/wasm-agent-tools.js +230 -0
- package/packages/@monomind/cli/dist/src/mcp-tools/workflow-tools.js +29 -6
- package/packages/@monomind/cli/dist/src/memory/ewc-consolidation.js +26 -10
- package/packages/@monomind/cli/dist/src/memory/intelligence.js +80 -19
- package/packages/@monomind/cli/dist/src/memory/memory-bridge.js +21 -2
- package/packages/@monomind/cli/dist/src/memory/memory-initializer.js +67 -3
- package/packages/@monomind/cli/dist/src/memory/sona-optimizer.js +14 -4
- package/packages/@monomind/cli/dist/src/model/complexity-scorer.d.ts +21 -0
- package/packages/@monomind/cli/dist/src/model/complexity-scorer.js +106 -0
- package/packages/@monomind/cli/dist/src/model/index.d.ts +4 -0
- package/packages/@monomind/cli/dist/src/model/index.js +4 -0
- package/packages/@monomind/cli/dist/src/model/model-settings.d.ts +22 -0
- package/packages/@monomind/cli/dist/src/model/model-settings.js +33 -0
- package/packages/@monomind/cli/dist/src/model/model-tier-resolver.d.ts +24 -0
- package/packages/@monomind/cli/dist/src/model/model-tier-resolver.js +65 -0
- package/packages/@monomind/cli/dist/src/monovector/capabilities.d.ts +34 -0
- package/packages/@monomind/cli/dist/src/monovector/capabilities.js +37 -0
- package/packages/@monomind/cli/dist/src/monovector/command-outcomes.js +43 -7
- package/packages/@monomind/cli/dist/src/monovector/coverage-router.js +8 -4
- package/packages/@monomind/cli/dist/src/monovector/coverage-tools.js +6 -3
- package/packages/@monomind/cli/dist/src/monovector/diff-classifier.js +13 -0
- package/packages/@monomind/cli/dist/src/monovector/route-outcomes.d.ts +2 -1
- package/packages/@monomind/cli/dist/src/monovector/route-outcomes.js +46 -4
- package/packages/@monomind/cli/dist/src/observability/replay-reader.d.ts +1 -1
- package/packages/@monomind/cli/dist/src/orchestration/index.d.ts +7 -0
- package/packages/@monomind/cli/dist/src/orchestration/index.js +6 -0
- package/packages/@monomind/cli/dist/src/orchestration/mode-dispatcher.d.ts +11 -0
- package/packages/@monomind/cli/dist/src/orchestration/mode-dispatcher.js +31 -0
- package/packages/@monomind/cli/dist/src/orchestration/routing-modes.d.ts +68 -0
- package/packages/@monomind/cli/dist/src/orchestration/routing-modes.js +180 -0
- package/packages/@monomind/cli/dist/src/plugins/manager.js +8 -3
- package/packages/@monomind/cli/dist/src/plugins/store/discovery.js +46 -2
- package/packages/@monomind/cli/dist/src/plugins/store/search.js +5 -4
- package/packages/@monomind/cli/dist/src/plugins/tests/demo-plugin-store.d.ts +7 -0
- package/packages/@monomind/cli/dist/src/plugins/tests/demo-plugin-store.js +126 -0
- package/packages/@monomind/cli/dist/src/plugins/tests/standalone-test.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/plugins/tests/standalone-test.js +188 -0
- package/packages/@monomind/cli/dist/src/plugins/tests/test-plugin-store.d.ts +7 -0
- package/packages/@monomind/cli/dist/src/plugins/tests/test-plugin-store.js +206 -0
- package/packages/@monomind/cli/dist/src/production/circuit-breaker.js +17 -3
- package/packages/@monomind/cli/dist/src/production/error-handler.js +3 -0
- package/packages/@monomind/cli/dist/src/production/monitoring.js +20 -3
- package/packages/@monomind/cli/dist/src/production/rate-limiter.js +13 -4
- package/packages/@monomind/cli/dist/src/production/retry.js +17 -9
- package/packages/@monomind/cli/dist/src/routing/embed-worker.js +6 -2
- package/packages/@monomind/cli/dist/src/routing/embedder.js +0 -0
- package/packages/@monomind/cli/dist/src/routing/llm-caller.js +13 -2
- package/packages/@monomind/cli/dist/src/routing/route-layer-factory.js +18 -3
- package/packages/@monomind/cli/dist/src/runtime/headless.d.ts +60 -0
- package/packages/@monomind/cli/dist/src/runtime/headless.js +284 -0
- package/packages/@monomind/cli/dist/src/services/agentic-flow-bridge.d.ts +50 -0
- package/packages/@monomind/cli/dist/src/services/agentic-flow-bridge.js +95 -0
- package/packages/@monomind/cli/dist/src/services/claim-service.d.ts +1 -0
- package/packages/@monomind/cli/dist/src/services/claim-service.js +8 -0
- package/packages/@monomind/cli/dist/src/services/config-file-manager.js +14 -2
- package/packages/@monomind/cli/dist/src/services/container-worker-pool.d.ts +197 -0
- package/packages/@monomind/cli/dist/src/services/container-worker-pool.js +623 -0
- package/packages/@monomind/cli/dist/src/services/headless-worker-executor.js +18 -2
- package/packages/@monomind/cli/dist/src/services/index.d.ts +13 -0
- package/packages/@monomind/cli/dist/src/services/index.js +11 -0
- package/packages/@monomind/cli/dist/src/services/worker-daemon.js +53 -12
- package/packages/@monomind/cli/dist/src/services/worker-queue.d.ts +201 -0
- package/packages/@monomind/cli/dist/src/services/worker-queue.js +594 -0
- package/packages/@monomind/cli/dist/src/swarm/communication-graph.d.ts +25 -0
- package/packages/@monomind/cli/dist/src/swarm/communication-graph.js +77 -0
- package/packages/@monomind/cli/dist/src/swarm/flow-enforcer.d.ts +31 -0
- package/packages/@monomind/cli/dist/src/swarm/flow-enforcer.js +61 -0
- package/packages/@monomind/cli/dist/src/swarm/flow-visualizer.d.ts +19 -0
- package/packages/@monomind/cli/dist/src/swarm/flow-visualizer.js +68 -0
- package/packages/@monomind/cli/dist/src/transfer/anonymization/index.d.ts +0 -3
- package/packages/@monomind/cli/dist/src/transfer/anonymization/index.js +16 -1
- package/packages/@monomind/cli/dist/src/transfer/deploy-seraphine.d.ts +13 -0
- package/packages/@monomind/cli/dist/src/transfer/deploy-seraphine.js +205 -0
- package/packages/@monomind/cli/dist/src/transfer/export.js +8 -0
- package/packages/@monomind/cli/dist/src/transfer/ipfs/upload.js +33 -3
- package/packages/@monomind/cli/dist/src/transfer/serialization/cfp.js +9 -3
- package/packages/@monomind/cli/dist/src/transfer/storage/gcs.js +37 -3
- package/packages/@monomind/cli/dist/src/transfer/store/discovery.js +45 -3
- package/packages/@monomind/cli/dist/src/transfer/store/download.js +5 -0
- package/packages/@monomind/cli/dist/src/transfer/store/publish.js +13 -1
- package/packages/@monomind/cli/dist/src/transfer/store/registry.d.ts +8 -0
- package/packages/@monomind/cli/dist/src/transfer/store/registry.js +30 -5
- package/packages/@monomind/cli/dist/src/transfer/store/search.js +20 -5
- package/packages/@monomind/cli/dist/src/transfer/store/tests/standalone-test.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/transfer/store/tests/standalone-test.js +190 -0
- package/packages/@monomind/cli/dist/src/transfer/test-seraphine.d.ts +6 -0
- package/packages/@monomind/cli/dist/src/transfer/test-seraphine.js +105 -0
- package/packages/@monomind/cli/dist/src/transfer/tests/test-store.d.ts +7 -0
- package/packages/@monomind/cli/dist/src/transfer/tests/test-store.js +214 -0
- package/packages/@monomind/cli/dist/src/update/checker.js +59 -7
- package/packages/@monomind/cli/dist/src/update/executor.js +50 -3
- package/packages/@monomind/cli/dist/src/update/index.js +18 -1
- package/packages/@monomind/cli/dist/src/update/rate-limiter.d.ts +6 -0
- package/packages/@monomind/cli/dist/src/update/rate-limiter.js +79 -7
- package/packages/@monomind/cli/dist/src/update/validator.js +52 -1
- package/packages/@monomind/cli/dist/src/workflow/condition-evaluator.d.ts +10 -0
- package/packages/@monomind/cli/dist/src/workflow/condition-evaluator.js +82 -0
- package/packages/@monomind/cli/dist/src/workflow/context-resolver.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/workflow/context-resolver.js +23 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-builder.d.ts +17 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-builder.js +129 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-executor.d.ts +9 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-executor.js +116 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-types.d.ts +41 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-types.js +8 -0
- package/packages/@monomind/cli/dist/src/workflow/dsl-parser.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/workflow/dsl-parser.js +20 -0
- package/packages/@monomind/cli/dist/src/workflow/dsl-schema.d.ts +165 -0
- package/packages/@monomind/cli/dist/src/workflow/dsl-schema.js +82 -0
- package/packages/@monomind/cli/dist/src/workflow/index.d.ts +13 -0
- package/packages/@monomind/cli/dist/src/workflow/index.js +11 -0
- package/packages/@monomind/cli/dist/src/workflow/template-engine.d.ts +11 -0
- package/packages/@monomind/cli/dist/src/workflow/template-engine.js +40 -0
- package/packages/@monomind/cli/dist/src/workflow/workflow-executor.d.ts +29 -0
- package/packages/@monomind/cli/dist/src/workflow/workflow-executor.js +227 -0
- package/packages/@monomind/cli/package.json +9 -10
- package/packages/@monomind/guidance/dist/adversarial.d.ts +284 -0
- package/packages/@monomind/guidance/dist/adversarial.js +572 -0
- package/packages/@monomind/guidance/dist/analyzer.d.ts +530 -0
- package/packages/@monomind/guidance/dist/analyzer.js +2518 -0
- package/packages/@monomind/guidance/dist/artifacts.d.ts +283 -0
- package/packages/@monomind/guidance/dist/artifacts.js +356 -0
- package/packages/@monomind/guidance/dist/authority.d.ts +290 -0
- package/packages/@monomind/guidance/dist/authority.js +558 -0
- package/packages/@monomind/guidance/dist/capabilities.d.ts +209 -0
- package/packages/@monomind/guidance/dist/capabilities.js +485 -0
- package/packages/@monomind/guidance/dist/coherence.d.ts +233 -0
- package/packages/@monomind/guidance/dist/coherence.js +372 -0
- package/packages/@monomind/guidance/dist/compiler.d.ts +87 -0
- package/packages/@monomind/guidance/dist/compiler.js +419 -0
- package/packages/@monomind/guidance/dist/conformance-kit.d.ts +225 -0
- package/packages/@monomind/guidance/dist/conformance-kit.js +629 -0
- package/packages/@monomind/guidance/dist/continue-gate.d.ts +214 -0
- package/packages/@monomind/guidance/dist/continue-gate.js +353 -0
- package/packages/@monomind/guidance/dist/crypto-utils.d.ts +17 -0
- package/packages/@monomind/guidance/dist/crypto-utils.js +24 -0
- package/packages/@monomind/guidance/dist/evolution.d.ts +282 -0
- package/packages/@monomind/guidance/dist/evolution.js +500 -0
- package/packages/@monomind/guidance/dist/gates.d.ts +79 -0
- package/packages/@monomind/guidance/dist/gates.js +302 -0
- package/packages/@monomind/guidance/dist/gateway.d.ts +206 -0
- package/packages/@monomind/guidance/dist/gateway.js +452 -0
- package/packages/@monomind/guidance/dist/generators.d.ts +153 -0
- package/packages/@monomind/guidance/dist/generators.js +682 -0
- package/packages/@monomind/guidance/dist/headless.d.ts +177 -0
- package/packages/@monomind/guidance/dist/headless.js +342 -0
- package/packages/@monomind/guidance/dist/hooks.d.ts +109 -0
- package/packages/@monomind/guidance/dist/hooks.js +347 -0
- package/packages/@monomind/guidance/dist/index.d.ts +205 -0
- package/packages/@monomind/guidance/dist/index.js +321 -0
- package/packages/@monomind/guidance/dist/ledger.d.ts +162 -0
- package/packages/@monomind/guidance/dist/ledger.js +375 -0
- package/packages/@monomind/guidance/dist/manifest-validator.d.ts +289 -0
- package/packages/@monomind/guidance/dist/manifest-validator.js +838 -0
- package/packages/@monomind/guidance/dist/memory-gate.d.ts +222 -0
- package/packages/@monomind/guidance/dist/memory-gate.js +382 -0
- package/packages/@monomind/guidance/dist/meta-governance.d.ts +265 -0
- package/packages/@monomind/guidance/dist/meta-governance.js +348 -0
- package/packages/@monomind/guidance/dist/optimizer.d.ts +104 -0
- package/packages/@monomind/guidance/dist/optimizer.js +329 -0
- package/packages/@monomind/guidance/dist/persistence.d.ts +189 -0
- package/packages/@monomind/guidance/dist/persistence.js +464 -0
- package/packages/@monomind/guidance/dist/proof.d.ts +185 -0
- package/packages/@monomind/guidance/dist/proof.js +238 -0
- package/packages/@monomind/guidance/dist/retriever.d.ts +116 -0
- package/packages/@monomind/guidance/dist/retriever.js +394 -0
- package/packages/@monomind/guidance/dist/ruvbot-integration.d.ts +370 -0
- package/packages/@monomind/guidance/dist/ruvbot-integration.js +738 -0
- package/packages/@monomind/guidance/dist/temporal.d.ts +426 -0
- package/packages/@monomind/guidance/dist/temporal.js +658 -0
- package/packages/@monomind/guidance/dist/trust.d.ts +283 -0
- package/packages/@monomind/guidance/dist/trust.js +473 -0
- package/packages/@monomind/guidance/dist/truth-anchors.d.ts +276 -0
- package/packages/@monomind/guidance/dist/truth-anchors.js +488 -0
- package/packages/@monomind/guidance/dist/types.d.ts +378 -0
- package/packages/@monomind/guidance/dist/types.js +10 -0
- package/packages/@monomind/guidance/dist/uncertainty.d.ts +372 -0
- package/packages/@monomind/guidance/dist/uncertainty.js +619 -0
- package/packages/@monomind/guidance/dist/wasm-kernel.d.ts +48 -0
- package/packages/@monomind/guidance/dist/wasm-kernel.js +158 -0
|
@@ -17,6 +17,21 @@ const require = createRequire(import.meta.url);
|
|
|
17
17
|
let monofenceInstance = null;
|
|
18
18
|
// Track if we've attempted install this session
|
|
19
19
|
let installAttempted = false;
|
|
20
|
+
// ── Security input bounds ─────────────────────────────────────────────────────
|
|
21
|
+
// MonoFence runs multiple regex patterns over the entire input string (O(n × P)
|
|
22
|
+
// complexity where P is the pattern count). Uncapped input enables ReDoS-style
|
|
23
|
+
// denial-of-service. 64 KB is more than enough for any real threat-scan
|
|
24
|
+
// payload while preventing CPU exhaustion from megabyte-scale inputs.
|
|
25
|
+
const MAX_SECURITY_INPUT_LEN = 64 * 1024; // 64 KB
|
|
26
|
+
const MAX_SECURITY_K = 100;
|
|
27
|
+
const MAX_SECURITY_VERDICT_LEN = 512;
|
|
28
|
+
const MAX_SECURITY_THREAT_TYPE_LEN = 256;
|
|
29
|
+
const MAX_SECURITY_MITIGATION_STRATEGY_LEN = 512;
|
|
30
|
+
function capSecurityInput(raw, fieldName = 'input') {
|
|
31
|
+
if (typeof raw !== 'string')
|
|
32
|
+
throw new Error(`${fieldName} must be a string`);
|
|
33
|
+
return raw.length > MAX_SECURITY_INPUT_LEN ? raw.slice(0, MAX_SECURITY_INPUT_LEN) : raw;
|
|
34
|
+
}
|
|
20
35
|
/**
|
|
21
36
|
* Get or create MonoFence instance (throws if unavailable)
|
|
22
37
|
*/
|
|
@@ -79,7 +94,13 @@ const monofenceScanTool = {
|
|
|
79
94
|
required: ['input'],
|
|
80
95
|
},
|
|
81
96
|
handler: async (args) => {
|
|
82
|
-
|
|
97
|
+
let input;
|
|
98
|
+
try {
|
|
99
|
+
input = capSecurityInput(args.input);
|
|
100
|
+
}
|
|
101
|
+
catch (e) {
|
|
102
|
+
return { content: [{ type: 'text', text: JSON.stringify({ error: e.message }) }], isError: true };
|
|
103
|
+
}
|
|
83
104
|
const quick = args.quick;
|
|
84
105
|
try {
|
|
85
106
|
const defender = await getMonoFence();
|
|
@@ -153,9 +174,16 @@ const monofenceAnalyzeTool = {
|
|
|
153
174
|
required: ['input'],
|
|
154
175
|
},
|
|
155
176
|
handler: async (args) => {
|
|
156
|
-
|
|
177
|
+
let input;
|
|
178
|
+
try {
|
|
179
|
+
input = capSecurityInput(args.input);
|
|
180
|
+
}
|
|
181
|
+
catch (e) {
|
|
182
|
+
return { content: [{ type: 'text', text: JSON.stringify({ error: e.message }) }], isError: true };
|
|
183
|
+
}
|
|
157
184
|
const searchSimilar = args.searchSimilar !== false;
|
|
158
|
-
const
|
|
185
|
+
const rawK = args.k || 5;
|
|
186
|
+
const k = Number.isFinite(rawK) && rawK > 0 ? Math.min(Math.floor(rawK), MAX_SECURITY_K) : 5;
|
|
159
187
|
try {
|
|
160
188
|
const defender = await getMonoFence();
|
|
161
189
|
const result = await defender.detect(input);
|
|
@@ -282,11 +310,23 @@ const monofenceLearnTool = {
|
|
|
282
310
|
required: ['input', 'wasAccurate'],
|
|
283
311
|
},
|
|
284
312
|
handler: async (args) => {
|
|
285
|
-
|
|
313
|
+
let input;
|
|
314
|
+
try {
|
|
315
|
+
input = capSecurityInput(args.input);
|
|
316
|
+
}
|
|
317
|
+
catch (e) {
|
|
318
|
+
return { content: [{ type: 'text', text: JSON.stringify({ error: e.message }) }], isError: true };
|
|
319
|
+
}
|
|
286
320
|
const wasAccurate = args.wasAccurate;
|
|
287
|
-
const
|
|
288
|
-
const
|
|
289
|
-
|
|
321
|
+
const rawVerdict = args.verdict;
|
|
322
|
+
const verdict = typeof rawVerdict === 'string' && rawVerdict.length > MAX_SECURITY_VERDICT_LEN
|
|
323
|
+
? rawVerdict.slice(0, MAX_SECURITY_VERDICT_LEN) : rawVerdict;
|
|
324
|
+
const rawThreatType = args.threatType;
|
|
325
|
+
const threatType = typeof rawThreatType === 'string' && rawThreatType.length > MAX_SECURITY_THREAT_TYPE_LEN
|
|
326
|
+
? rawThreatType.slice(0, MAX_SECURITY_THREAT_TYPE_LEN) : rawThreatType;
|
|
327
|
+
const rawMitigationStrategy = args.mitigationStrategy;
|
|
328
|
+
const mitigationStrategy = typeof rawMitigationStrategy === 'string' && rawMitigationStrategy.length > MAX_SECURITY_MITIGATION_STRATEGY_LEN
|
|
329
|
+
? rawMitigationStrategy.slice(0, MAX_SECURITY_MITIGATION_STRATEGY_LEN) : rawMitigationStrategy;
|
|
290
330
|
const mitigationSuccess = args.mitigationSuccess;
|
|
291
331
|
try {
|
|
292
332
|
const defender = await getMonoFence();
|
|
@@ -344,7 +384,13 @@ const monofenceIsSafeTool = {
|
|
|
344
384
|
required: ['input'],
|
|
345
385
|
},
|
|
346
386
|
handler: async (args) => {
|
|
347
|
-
|
|
387
|
+
let input;
|
|
388
|
+
try {
|
|
389
|
+
input = capSecurityInput(args.input);
|
|
390
|
+
}
|
|
391
|
+
catch (e) {
|
|
392
|
+
return { content: [{ type: 'text', text: JSON.stringify({ error: e.message }) }], isError: true };
|
|
393
|
+
}
|
|
348
394
|
try {
|
|
349
395
|
await getMonoFence(); // triggers auto-install if package is missing
|
|
350
396
|
const { isSafe } = await import('monofence-ai');
|
|
@@ -384,7 +430,13 @@ const monofenceHasPIITool = {
|
|
|
384
430
|
required: ['input'],
|
|
385
431
|
},
|
|
386
432
|
handler: async (args) => {
|
|
387
|
-
|
|
433
|
+
let input;
|
|
434
|
+
try {
|
|
435
|
+
input = capSecurityInput(args.input);
|
|
436
|
+
}
|
|
437
|
+
catch (e) {
|
|
438
|
+
return { content: [{ type: 'text', text: JSON.stringify({ error: e.message }) }], isError: true };
|
|
439
|
+
}
|
|
388
440
|
try {
|
|
389
441
|
const defender = await getMonoFence();
|
|
390
442
|
const hasPII = defender.hasPII(input);
|
|
@@ -131,6 +131,19 @@ export const sessionTools = [
|
|
|
131
131
|
},
|
|
132
132
|
handler: async (input) => {
|
|
133
133
|
const sessionId = `session-${Date.now()}-${randomBytes(6).toString('hex')}`;
|
|
134
|
+
// Cap name and description: both are persisted verbatim to the session
|
|
135
|
+
// JSON file on disk. Without a cap, an attacker can inflate the session
|
|
136
|
+
// store by supplying a very long name or description.
|
|
137
|
+
const MAX_SESSION_NAME_LEN = 256;
|
|
138
|
+
const MAX_SESSION_DESC_LEN = 4 * 1024;
|
|
139
|
+
const rawSessionName = input.name;
|
|
140
|
+
const sessionName = typeof rawSessionName === 'string' && rawSessionName.length > MAX_SESSION_NAME_LEN
|
|
141
|
+
? rawSessionName.slice(0, MAX_SESSION_NAME_LEN)
|
|
142
|
+
: rawSessionName;
|
|
143
|
+
const rawSessionDesc = input.description;
|
|
144
|
+
const sessionDesc = typeof rawSessionDesc === 'string' && rawSessionDesc.length > MAX_SESSION_DESC_LEN
|
|
145
|
+
? rawSessionDesc.slice(0, MAX_SESSION_DESC_LEN)
|
|
146
|
+
: rawSessionDesc;
|
|
134
147
|
// Load related data based on options
|
|
135
148
|
const data = loadRelatedStores({
|
|
136
149
|
includeMemory: input.includeMemory,
|
|
@@ -146,8 +159,8 @@ export const sessionTools = [
|
|
|
146
159
|
};
|
|
147
160
|
const session = {
|
|
148
161
|
sessionId,
|
|
149
|
-
name:
|
|
150
|
-
description:
|
|
162
|
+
name: sessionName,
|
|
163
|
+
description: sessionDesc,
|
|
151
164
|
savedAt: new Date().toISOString(),
|
|
152
165
|
stats,
|
|
153
166
|
data: Object.keys(data).length > 0 ? data : undefined,
|
|
@@ -211,17 +224,25 @@ export const sessionTools = [
|
|
|
211
224
|
const { storeEntry } = await import('../memory/memory-initializer.js');
|
|
212
225
|
const memoryData = session.data.memory;
|
|
213
226
|
if (memoryData.entries) {
|
|
227
|
+
// Cap individual key and value lengths before writing to the DB.
|
|
228
|
+
// A malicious or corrupted session file could contain arbitrarily
|
|
229
|
+
// long strings; without caps these flow straight into the HNSW
|
|
230
|
+
// embedder and SQL layer, causing OOM or DoS.
|
|
231
|
+
const MAX_RESTORE_KEY = 1_000;
|
|
232
|
+
const MAX_RESTORE_VALUE = 100_000;
|
|
233
|
+
const MAX_RESTORE_NS = 200;
|
|
214
234
|
for (const entry of Object.values(memoryData.entries)) {
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
if (key
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
235
|
+
let key = entry.key || entry.id || '';
|
|
236
|
+
let value = entry.value || entry.content || '';
|
|
237
|
+
if (!key || !value)
|
|
238
|
+
continue;
|
|
239
|
+
if (key.length > MAX_RESTORE_KEY)
|
|
240
|
+
key = key.slice(0, MAX_RESTORE_KEY);
|
|
241
|
+
if (value.length > MAX_RESTORE_VALUE)
|
|
242
|
+
value = value.slice(0, MAX_RESTORE_VALUE);
|
|
243
|
+
const rawNs = entry.namespace || 'restored';
|
|
244
|
+
const namespace = rawNs.length > MAX_RESTORE_NS ? rawNs.slice(0, MAX_RESTORE_NS) : rawNs;
|
|
245
|
+
await storeEntry({ key, value, namespace, upsert: true });
|
|
225
246
|
}
|
|
226
247
|
}
|
|
227
248
|
}
|
|
@@ -353,14 +374,24 @@ export const sessionTools = [
|
|
|
353
374
|
const session = loadSession(sessionId);
|
|
354
375
|
if (session) {
|
|
355
376
|
const path = getSessionPath(sessionId);
|
|
356
|
-
|
|
377
|
+
// Guard against TOCTOU: the file could be deleted between loadSession()
|
|
378
|
+
// and statSync(). Catch ENOENT (and any other fs error) so the MCP
|
|
379
|
+
// handler never throws an unhandled exception; callers get a clean
|
|
380
|
+
// response instead of a server-side crash.
|
|
381
|
+
let fileSize = 0;
|
|
382
|
+
try {
|
|
383
|
+
fileSize = statSync(path).size;
|
|
384
|
+
}
|
|
385
|
+
catch {
|
|
386
|
+
// File deleted or inaccessible after loadSession succeeded
|
|
387
|
+
}
|
|
357
388
|
return {
|
|
358
389
|
sessionId: session.sessionId,
|
|
359
390
|
name: session.name,
|
|
360
391
|
description: session.description,
|
|
361
392
|
savedAt: session.savedAt,
|
|
362
393
|
stats: session.stats,
|
|
363
|
-
fileSize
|
|
394
|
+
fileSize,
|
|
364
395
|
hasData: {
|
|
365
396
|
memory: !!session.data?.memory,
|
|
366
397
|
tasks: !!session.data?.tasks,
|
|
@@ -64,7 +64,13 @@ export const swarmTools = [
|
|
|
64
64
|
handler: async (input) => {
|
|
65
65
|
const topology = input.topology || 'hierarchical-mesh';
|
|
66
66
|
const maxAgents = Math.min(Math.max(input.maxAgents || 8, 1), 50);
|
|
67
|
-
|
|
67
|
+
// Cap strategy and config string fields: all are persisted in the swarm
|
|
68
|
+
// JSON store. topology is already validated against VALID_TOPOLOGIES so
|
|
69
|
+
// an invalid long value is rejected; the others have no validation.
|
|
70
|
+
const MAX_SWARM_FIELD_LEN = 256;
|
|
71
|
+
const rawStrategy = input.strategy || 'specialized';
|
|
72
|
+
const strategy = typeof rawStrategy === 'string' && rawStrategy.length > MAX_SWARM_FIELD_LEN
|
|
73
|
+
? rawStrategy.slice(0, MAX_SWARM_FIELD_LEN) : rawStrategy;
|
|
68
74
|
const config = (input.config || {});
|
|
69
75
|
if (!VALID_TOPOLOGIES.has(topology)) {
|
|
70
76
|
return {
|
|
@@ -85,9 +91,15 @@ export const swarmTools = [
|
|
|
85
91
|
topology,
|
|
86
92
|
maxAgents,
|
|
87
93
|
strategy,
|
|
88
|
-
communicationProtocol:
|
|
94
|
+
communicationProtocol: (() => {
|
|
95
|
+
const raw = config.communicationProtocol || 'message-bus';
|
|
96
|
+
return typeof raw === 'string' && raw.length > MAX_SWARM_FIELD_LEN ? raw.slice(0, MAX_SWARM_FIELD_LEN) : raw;
|
|
97
|
+
})(),
|
|
89
98
|
autoScaling: config.autoScaling ?? true,
|
|
90
|
-
consensusMechanism:
|
|
99
|
+
consensusMechanism: (() => {
|
|
100
|
+
const raw = config.consensusMechanism || 'majority';
|
|
101
|
+
return typeof raw === 'string' && raw.length > MAX_SWARM_FIELD_LEN ? raw.slice(0, MAX_SWARM_FIELD_LEN) : raw;
|
|
102
|
+
})(),
|
|
91
103
|
},
|
|
92
104
|
createdAt: now,
|
|
93
105
|
updatedAt: now,
|
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
* - os module for system information
|
|
10
10
|
*/
|
|
11
11
|
import { getProjectCwd } from './types.js';
|
|
12
|
-
import { existsSync, readFileSync, writeFileSync, renameSync, mkdirSync } from 'node:fs';
|
|
12
|
+
import { existsSync, readFileSync, statSync, writeFileSync, renameSync, mkdirSync } from 'node:fs';
|
|
13
13
|
import { join, dirname } from 'node:path';
|
|
14
14
|
import { fileURLToPath } from 'node:url';
|
|
15
15
|
import * as os from 'node:os';
|
|
@@ -43,10 +43,11 @@ function ensureSystemDir() {
|
|
|
43
43
|
mkdirSync(dir, { recursive: true });
|
|
44
44
|
}
|
|
45
45
|
}
|
|
46
|
+
const MAX_SYSTEM_STORE_BYTES = 50 * 1024 * 1024; // 50 MB
|
|
46
47
|
function loadMetrics() {
|
|
47
48
|
try {
|
|
48
49
|
const path = getMetricsPath();
|
|
49
|
-
if (existsSync(path)) {
|
|
50
|
+
if (existsSync(path) && statSync(path).size <= MAX_SYSTEM_STORE_BYTES) {
|
|
50
51
|
return JSON.parse(readFileSync(path, 'utf-8'));
|
|
51
52
|
}
|
|
52
53
|
}
|
|
@@ -128,7 +129,9 @@ export const systemTools = [
|
|
|
128
129
|
},
|
|
129
130
|
handler: async (input) => {
|
|
130
131
|
const store = loadMetrics();
|
|
131
|
-
const
|
|
132
|
+
const VALID_CATEGORIES = new Set(['all', 'cpu', 'memory', 'agents', 'tasks', 'requests']);
|
|
133
|
+
const rawCategory = input.category || 'all';
|
|
134
|
+
const category = VALID_CATEGORIES.has(rawCategory) ? rawCategory : 'all';
|
|
132
135
|
// Get REAL system metrics via Node.js APIs
|
|
133
136
|
const memUsage = process.memoryUsage();
|
|
134
137
|
const loadAvg = os.loadavg();
|
|
@@ -182,7 +185,7 @@ export const systemTools = [
|
|
|
182
185
|
if (_metricsSource === 'none') {
|
|
183
186
|
try {
|
|
184
187
|
const agentStorePath = join(getProjectCwd(), STORAGE_DIR, 'agents', 'store.json');
|
|
185
|
-
if (existsSync(agentStorePath)) {
|
|
188
|
+
if (existsSync(agentStorePath) && statSync(agentStorePath).size <= MAX_SYSTEM_STORE_BYTES) {
|
|
186
189
|
const agentStore = JSON.parse(readFileSync(agentStorePath, 'utf-8'));
|
|
187
190
|
const agents = Object.values(agentStore.agents || {});
|
|
188
191
|
agentCounts = {
|
|
@@ -195,7 +198,7 @@ export const systemTools = [
|
|
|
195
198
|
catch { /* agent store not available */ }
|
|
196
199
|
try {
|
|
197
200
|
const taskStorePath = join(getProjectCwd(), STORAGE_DIR, 'tasks', 'store.json');
|
|
198
|
-
if (existsSync(taskStorePath)) {
|
|
201
|
+
if (existsSync(taskStorePath) && statSync(taskStorePath).size <= MAX_SYSTEM_STORE_BYTES) {
|
|
199
202
|
const taskStore = JSON.parse(readFileSync(taskStorePath, 'utf-8'));
|
|
200
203
|
const tasks = Object.values(taskStore.tasks || {});
|
|
201
204
|
taskCounts = {
|
|
@@ -438,7 +441,11 @@ export const systemTools = [
|
|
|
438
441
|
if (!input.confirm) {
|
|
439
442
|
return { success: false, error: 'Reset requires confirmation' };
|
|
440
443
|
}
|
|
441
|
-
|
|
444
|
+
// Validate component against the allowed set to prevent unbounded string
|
|
445
|
+
// reflection in the response message.
|
|
446
|
+
const VALID_COMPONENTS = new Set(['all', 'metrics', 'agents', 'tasks']);
|
|
447
|
+
const rawComponent = input.component || 'metrics';
|
|
448
|
+
const component = VALID_COMPONENTS.has(rawComponent) ? rawComponent : 'metrics';
|
|
442
449
|
// Reset metrics to defaults
|
|
443
450
|
const defaultMetrics = {
|
|
444
451
|
startTime: new Date().toISOString(),
|
|
@@ -530,7 +537,7 @@ export const systemTools = [
|
|
|
530
537
|
const storePath = join(getProjectCwd(), '.monomind', 'tasks', 'store.json');
|
|
531
538
|
let tasks = [];
|
|
532
539
|
try {
|
|
533
|
-
if (existsSync(storePath)) {
|
|
540
|
+
if (existsSync(storePath) && statSync(storePath).size <= MAX_SYSTEM_STORE_BYTES) {
|
|
534
541
|
const data = readFileSync(storePath, 'utf-8');
|
|
535
542
|
const store = JSON.parse(data);
|
|
536
543
|
tasks = Object.values(store.tasks || {});
|
|
@@ -71,15 +71,36 @@ export const taskTools = [
|
|
|
71
71
|
handler: async (input) => {
|
|
72
72
|
const store = loadTaskStore();
|
|
73
73
|
const taskId = `task-${Date.now()}-${randomBytes(4).toString('hex')}`;
|
|
74
|
+
// Cap all string fields: they are persisted verbatim to the task JSON store.
|
|
75
|
+
const MAX_TASK_TYPE_LEN = 128;
|
|
76
|
+
const MAX_TASK_DESC_LEN = 64 * 1024; // 64 KB — realistic task descriptions
|
|
77
|
+
const MAX_TASK_ASSIGNEE_LEN = 256;
|
|
78
|
+
const MAX_TASK_ASSIGNEES = 100;
|
|
79
|
+
const MAX_TASK_TAG_LEN = 128;
|
|
80
|
+
const MAX_TASK_TAGS = 50;
|
|
81
|
+
const rawTaskType = input.type;
|
|
82
|
+
const taskType = typeof rawTaskType === 'string' && rawTaskType.length > MAX_TASK_TYPE_LEN
|
|
83
|
+
? rawTaskType.slice(0, MAX_TASK_TYPE_LEN) : rawTaskType;
|
|
84
|
+
const rawTaskDesc = input.description;
|
|
85
|
+
const taskDesc = typeof rawTaskDesc === 'string' && rawTaskDesc.length > MAX_TASK_DESC_LEN
|
|
86
|
+
? rawTaskDesc.slice(0, MAX_TASK_DESC_LEN) : rawTaskDesc;
|
|
87
|
+
const rawAssignTo = input.assignTo || [];
|
|
88
|
+
const assignedTo = Array.isArray(rawAssignTo)
|
|
89
|
+
? rawAssignTo.slice(0, MAX_TASK_ASSIGNEES).map(a => typeof a === 'string' && a.length > MAX_TASK_ASSIGNEE_LEN ? a.slice(0, MAX_TASK_ASSIGNEE_LEN) : a)
|
|
90
|
+
: [];
|
|
91
|
+
const rawTags = input.tags || [];
|
|
92
|
+
const tags = Array.isArray(rawTags)
|
|
93
|
+
? rawTags.slice(0, MAX_TASK_TAGS).map(t => typeof t === 'string' && t.length > MAX_TASK_TAG_LEN ? t.slice(0, MAX_TASK_TAG_LEN) : t)
|
|
94
|
+
: [];
|
|
74
95
|
const task = {
|
|
75
96
|
taskId,
|
|
76
|
-
type:
|
|
77
|
-
description:
|
|
97
|
+
type: taskType,
|
|
98
|
+
description: taskDesc,
|
|
78
99
|
priority: input.priority || 'normal',
|
|
79
100
|
status: 'pending',
|
|
80
101
|
progress: 0,
|
|
81
|
-
assignedTo
|
|
82
|
-
tags
|
|
102
|
+
assignedTo,
|
|
103
|
+
tags,
|
|
83
104
|
createdAt: new Date().toISOString(),
|
|
84
105
|
startedAt: null,
|
|
85
106
|
completedAt: null,
|
|
@@ -172,8 +193,13 @@ export const taskTools = [
|
|
|
172
193
|
}
|
|
173
194
|
// Sort by creation date (newest first)
|
|
174
195
|
tasks.sort((a, b) => new Date(b.createdAt).getTime() - new Date(a.createdAt).getTime());
|
|
175
|
-
// Apply limit
|
|
176
|
-
|
|
196
|
+
// Apply limit — cap to 1 000 to prevent returning the entire task store
|
|
197
|
+
// in one response, which could cause OOM on large deployments.
|
|
198
|
+
const MAX_TASK_LIMIT = 1_000;
|
|
199
|
+
const rawLimit = typeof input.limit === 'number' ? input.limit : 50;
|
|
200
|
+
const limit = Number.isFinite(rawLimit) && rawLimit > 0
|
|
201
|
+
? Math.min(Math.floor(rawLimit), MAX_TASK_LIMIT)
|
|
202
|
+
: 50;
|
|
177
203
|
tasks = tasks.slice(0, limit);
|
|
178
204
|
return {
|
|
179
205
|
tasks: tasks.map(t => ({
|
|
@@ -225,7 +251,7 @@ export const taskTools = [
|
|
|
225
251
|
const agentStorePath = join(getProjectCwd(), STORAGE_DIR, 'agents', 'store.json');
|
|
226
252
|
try {
|
|
227
253
|
let agentStore = { agents: {} };
|
|
228
|
-
if (existsSync(agentStorePath)) {
|
|
254
|
+
if (existsSync(agentStorePath) && statSync(agentStorePath).size <= MAX_TASK_STORE_BYTES) {
|
|
229
255
|
const agentRaw = JSON.parse(readFileSync(agentStorePath, 'utf-8'));
|
|
230
256
|
if (agentRaw && typeof agentRaw === 'object' && !Object.prototype.hasOwnProperty.call(agentRaw, '__proto__')) {
|
|
231
257
|
agentStore = agentRaw;
|
|
@@ -298,7 +324,15 @@ export const taskTools = [
|
|
|
298
324
|
task.progress = Math.min(100, Math.max(0, input.progress));
|
|
299
325
|
}
|
|
300
326
|
if (input.assignTo) {
|
|
301
|
-
|
|
327
|
+
// Cap array and element lengths — task_create already does this;
|
|
328
|
+
// task_update must apply the same guards so the on-disk store
|
|
329
|
+
// cannot be inflated via the update path.
|
|
330
|
+
const MAX_TASK_ASSIGNEE_LEN = 256;
|
|
331
|
+
const MAX_TASK_ASSIGNEES = 100;
|
|
332
|
+
const rawAssignTo = input.assignTo;
|
|
333
|
+
task.assignedTo = Array.isArray(rawAssignTo)
|
|
334
|
+
? rawAssignTo.slice(0, MAX_TASK_ASSIGNEES).map(a => typeof a === 'string' && a.length > MAX_TASK_ASSIGNEE_LEN ? a.slice(0, MAX_TASK_ASSIGNEE_LEN) : a)
|
|
335
|
+
: task.assignedTo;
|
|
302
336
|
}
|
|
303
337
|
saveTaskStore(store);
|
|
304
338
|
return {
|
|
@@ -343,7 +377,7 @@ export const taskTools = [
|
|
|
343
377
|
const agentStorePath = join(getProjectCwd(), STORAGE_DIR, 'agents', 'store.json');
|
|
344
378
|
let agentStore = { agents: {} };
|
|
345
379
|
try {
|
|
346
|
-
if (existsSync(agentStorePath)) {
|
|
380
|
+
if (existsSync(agentStorePath) && statSync(agentStorePath).size <= MAX_TASK_STORE_BYTES) {
|
|
347
381
|
agentStore = JSON.parse(readFileSync(agentStorePath, 'utf-8'));
|
|
348
382
|
}
|
|
349
383
|
}
|
|
@@ -426,7 +460,15 @@ export const taskTools = [
|
|
|
426
460
|
if (task) {
|
|
427
461
|
task.status = 'cancelled';
|
|
428
462
|
task.completedAt = new Date().toISOString();
|
|
429
|
-
|
|
463
|
+
// Cap reason: persisted verbatim to the task store on disk.
|
|
464
|
+
// Without a cap an attacker can inflate the store with an arbitrarily
|
|
465
|
+
// large cancellation reason string.
|
|
466
|
+
const MAX_CANCEL_REASON_LEN = 1024;
|
|
467
|
+
const rawReason = input.reason;
|
|
468
|
+
const cancelReason = typeof rawReason === 'string' && rawReason.length > MAX_CANCEL_REASON_LEN
|
|
469
|
+
? rawReason.slice(0, MAX_CANCEL_REASON_LEN)
|
|
470
|
+
: (rawReason || 'Cancelled by user');
|
|
471
|
+
task.result = { cancelReason };
|
|
430
472
|
saveTaskStore(store);
|
|
431
473
|
return {
|
|
432
474
|
success: true,
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { getProjectCwd } from './types.js';
|
|
2
|
-
import { existsSync, readFileSync, writeFileSync, renameSync, mkdirSync } from 'node:fs';
|
|
3
|
-
import { join } from 'node:path';
|
|
2
|
+
import { existsSync, readFileSync, statSync, writeFileSync, renameSync, mkdirSync } from 'node:fs';
|
|
3
|
+
import { join, resolve } from 'node:path';
|
|
4
|
+
import { homedir } from 'node:os';
|
|
4
5
|
import { execSync } from 'node:child_process';
|
|
5
6
|
import { randomBytes } from 'node:crypto';
|
|
6
7
|
// Storage paths
|
|
@@ -19,10 +20,11 @@ function ensureTerminalDir() {
|
|
|
19
20
|
mkdirSync(dir, { recursive: true });
|
|
20
21
|
}
|
|
21
22
|
}
|
|
23
|
+
const MAX_TERMINAL_STORE_BYTES = 10 * 1024 * 1024; // 10 MB
|
|
22
24
|
function loadTerminalStore() {
|
|
23
25
|
try {
|
|
24
26
|
const path = getTerminalPath();
|
|
25
|
-
if (existsSync(path)) {
|
|
27
|
+
if (existsSync(path) && statSync(path).size <= MAX_TERMINAL_STORE_BYTES) {
|
|
26
28
|
return JSON.parse(readFileSync(path, 'utf-8'));
|
|
27
29
|
}
|
|
28
30
|
}
|
|
@@ -74,14 +76,40 @@ export const terminalTools = [
|
|
|
74
76
|
safeEnv[k] = String(v);
|
|
75
77
|
}
|
|
76
78
|
}
|
|
79
|
+
// Validate workingDir: must exist, be a directory, and not escape to
|
|
80
|
+
// system-sensitive paths. Fall back to project cwd if invalid.
|
|
81
|
+
let resolvedWorkingDir = getProjectCwd();
|
|
82
|
+
if (input.workingDir && typeof input.workingDir === 'string') {
|
|
83
|
+
const candidate = resolve(input.workingDir);
|
|
84
|
+
const projectCwd = getProjectCwd();
|
|
85
|
+
const home = homedir();
|
|
86
|
+
// Allow paths under project cwd or user home directory only.
|
|
87
|
+
const isUnderProject = candidate === projectCwd || candidate.startsWith(projectCwd + '/') || candidate.startsWith(projectCwd + '\\');
|
|
88
|
+
const isUnderHome = candidate === home || candidate.startsWith(home + '/') || candidate.startsWith(home + '\\');
|
|
89
|
+
if ((isUnderProject || isUnderHome) && existsSync(candidate)) {
|
|
90
|
+
try {
|
|
91
|
+
if (statSync(candidate).isDirectory()) {
|
|
92
|
+
resolvedWorkingDir = candidate;
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
catch {
|
|
96
|
+
// Leave resolvedWorkingDir as default
|
|
97
|
+
}
|
|
98
|
+
}
|
|
99
|
+
}
|
|
77
100
|
const id = `term-${Date.now()}-${randomBytes(4).toString('hex')}`;
|
|
101
|
+
// Cap session name: stored in terminal JSON store on disk.
|
|
102
|
+
const MAX_TERMINAL_NAME_LEN = 256;
|
|
103
|
+
const rawTerminalName = input.name || `Terminal ${Object.keys(store.sessions).length + 1}`;
|
|
104
|
+
const terminalName = typeof rawTerminalName === 'string' && rawTerminalName.length > MAX_TERMINAL_NAME_LEN
|
|
105
|
+
? rawTerminalName.slice(0, MAX_TERMINAL_NAME_LEN) : rawTerminalName;
|
|
78
106
|
const session = {
|
|
79
107
|
id,
|
|
80
|
-
name:
|
|
108
|
+
name: terminalName,
|
|
81
109
|
status: 'active',
|
|
82
110
|
createdAt: new Date().toISOString(),
|
|
83
111
|
lastActivity: new Date().toISOString(),
|
|
84
|
-
workingDir:
|
|
112
|
+
workingDir: resolvedWorkingDir,
|
|
85
113
|
history: [],
|
|
86
114
|
env: safeEnv,
|
|
87
115
|
};
|
|
@@ -114,7 +142,13 @@ export const terminalTools = [
|
|
|
114
142
|
handler: async (input) => {
|
|
115
143
|
const store = loadTerminalStore();
|
|
116
144
|
const sessionId = input.sessionId;
|
|
117
|
-
|
|
145
|
+
// Cap command: the metacharacter regex check at line 220 is O(n), and the
|
|
146
|
+
// raw command is stored verbatim in session history (up to 200 entries).
|
|
147
|
+
// A realistic shell command is well under 64 KB; cap there.
|
|
148
|
+
const MAX_TERMINAL_COMMAND_LEN = 64 * 1024;
|
|
149
|
+
const rawCommand = input.command;
|
|
150
|
+
const command = typeof rawCommand === 'string' && rawCommand.length > MAX_TERMINAL_COMMAND_LEN
|
|
151
|
+
? rawCommand.slice(0, MAX_TERMINAL_COMMAND_LEN) : rawCommand;
|
|
118
152
|
const FORBIDDEN_KEYS = new Set(['__proto__', 'constructor', 'prototype']);
|
|
119
153
|
// Reject inherited keys (incl. toString/hasOwnProperty/etc.) so a tampered
|
|
120
154
|
// store.json can't redirect bracket access into Object.prototype.
|
|
@@ -59,7 +59,13 @@ export const transferTools = [
|
|
|
59
59
|
handler: async (input) => {
|
|
60
60
|
try {
|
|
61
61
|
const { detectPII } = await import('../transfer/anonymization/index.js');
|
|
62
|
-
|
|
62
|
+
// detectPII runs multiple PII regexes over the entire string — O(n × patterns).
|
|
63
|
+
// Cap to 1 MB to prevent ReDoS-style DoS from oversized content.
|
|
64
|
+
const MAX_PII_CONTENT_LEN = 1024 * 1024; // 1 MB
|
|
65
|
+
const rawContent = input.content;
|
|
66
|
+
const content = typeof rawContent === 'string' && rawContent.length > MAX_PII_CONTENT_LEN
|
|
67
|
+
? rawContent.slice(0, MAX_PII_CONTENT_LEN) : rawContent;
|
|
68
|
+
const result = detectPII(content);
|
|
63
69
|
return createResult(result);
|
|
64
70
|
}
|
|
65
71
|
catch (error) {
|
|
@@ -88,7 +94,13 @@ export const transferTools = [
|
|
|
88
94
|
handler: async (input) => {
|
|
89
95
|
try {
|
|
90
96
|
const { resolveIPNS } = await import('../transfer/ipfs/client.js');
|
|
91
|
-
|
|
97
|
+
// Cap IPNS name length — uncapped strings may trigger O(n) path parsing
|
|
98
|
+
// inside the IPFS client or be reflected in error messages.
|
|
99
|
+
const MAX_IPNS_NAME_LEN = 512;
|
|
100
|
+
const rawName = input.name;
|
|
101
|
+
const name = typeof rawName === 'string' && rawName.length > MAX_IPNS_NAME_LEN
|
|
102
|
+
? rawName.slice(0, MAX_IPNS_NAME_LEN) : rawName;
|
|
103
|
+
const result = await resolveIPNS(name);
|
|
92
104
|
return createResult({ success: true, cid: result });
|
|
93
105
|
}
|
|
94
106
|
catch (error) {
|
|
@@ -132,7 +144,18 @@ export const transferTools = [
|
|
|
132
144
|
handler: async (input) => {
|
|
133
145
|
try {
|
|
134
146
|
const store = await getPatternStore();
|
|
135
|
-
|
|
147
|
+
// Cap query and limit to prevent DoS via large string or result set.
|
|
148
|
+
const MAX_TRANSFER_QUERY_LEN = 4 * 1024;
|
|
149
|
+
const MAX_TRANSFER_LIMIT = 500;
|
|
150
|
+
const inp = input;
|
|
151
|
+
const cappedInput = {
|
|
152
|
+
...inp,
|
|
153
|
+
query: typeof inp.query === 'string' && inp.query.length > MAX_TRANSFER_QUERY_LEN
|
|
154
|
+
? inp.query.slice(0, MAX_TRANSFER_QUERY_LEN) : inp.query,
|
|
155
|
+
limit: typeof inp.limit === 'number' && Number.isFinite(inp.limit)
|
|
156
|
+
? Math.min(Math.floor(Math.max(inp.limit, 1)), MAX_TRANSFER_LIMIT) : inp.limit,
|
|
157
|
+
};
|
|
158
|
+
const results = store.search(cappedInput);
|
|
136
159
|
return createResult(results);
|
|
137
160
|
}
|
|
138
161
|
catch (error) {
|
|
@@ -296,7 +319,17 @@ export const transferTools = [
|
|
|
296
319
|
if (!result.success || !result.registry) {
|
|
297
320
|
return createResult({ error: result.error || 'Failed to discover registry' }, true);
|
|
298
321
|
}
|
|
299
|
-
|
|
322
|
+
// Cap query and limit before forwarding to searchPlugins.
|
|
323
|
+
const MAX_PLUGIN_QUERY_LEN = 4 * 1024;
|
|
324
|
+
const MAX_PLUGIN_LIMIT = 500;
|
|
325
|
+
const rawOpts = input;
|
|
326
|
+
const opts = {
|
|
327
|
+
...rawOpts,
|
|
328
|
+
query: typeof rawOpts.query === 'string' && rawOpts.query.length > MAX_PLUGIN_QUERY_LEN
|
|
329
|
+
? rawOpts.query.slice(0, MAX_PLUGIN_QUERY_LEN) : rawOpts.query,
|
|
330
|
+
limit: typeof rawOpts.limit === 'number' && Number.isFinite(rawOpts.limit)
|
|
331
|
+
? Math.min(Math.floor(Math.max(rawOpts.limit, 1)), MAX_PLUGIN_LIMIT) : rawOpts.limit,
|
|
332
|
+
};
|
|
300
333
|
const searchResult = searchPlugins(result.registry, opts);
|
|
301
334
|
return createResult(searchResult);
|
|
302
335
|
}
|
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* WASM Agent MCP Tools
|
|
3
|
+
*
|
|
4
|
+
* Exposes @monoes/rvagent-wasm operations via MCP protocol.
|
|
5
|
+
* All tools gracefully degrade when the WASM package is not installed.
|
|
6
|
+
*/
|
|
7
|
+
import type { MCPTool } from './types.js';
|
|
8
|
+
export declare const wasmAgentTools: MCPTool[];
|
|
9
|
+
//# sourceMappingURL=wasm-agent-tools.d.ts.map
|