monomind 1.11.13 → 1.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (389) hide show
  1. package/.claude/agents/generated/channel-intelligence-director.md +87 -0
  2. package/.claude/agents/generated/chief-growth-officer.md +88 -0
  3. package/.claude/agents/generated/content-seo-strategist.md +90 -0
  4. package/.claude/agents/generated/developer-community-strategist.md +91 -0
  5. package/.claude/agents/generated/outreach-partnership-strategist.md +90 -0
  6. package/.claude/agents/generated/social-media-strategist.md +91 -0
  7. package/.claude/agents/generated/video-visual-strategist.md +90 -0
  8. package/.claude/commands/mastermind/idea.md +1 -1
  9. package/.claude/helpers/auto-memory-hook.mjs +13 -4
  10. package/.claude/helpers/control-start.cjs +5 -0
  11. package/.claude/helpers/event-logger.cjs +114 -0
  12. package/.claude/helpers/handlers/adr-draft-handler.cjs +19 -5
  13. package/.claude/helpers/handlers/agent-start-handler.cjs +13 -4
  14. package/.claude/helpers/handlers/compact-handler.cjs +2 -0
  15. package/.claude/helpers/handlers/edit-handler.cjs +1 -1
  16. package/.claude/helpers/handlers/gates-handler.cjs +3 -0
  17. package/.claude/helpers/handlers/graph-status-handler.cjs +14 -8
  18. package/.claude/helpers/handlers/loops-status-handler.cjs +5 -2
  19. package/.claude/helpers/handlers/route-handler.cjs +13 -6
  20. package/.claude/helpers/handlers/session-handler.cjs +11 -4
  21. package/.claude/helpers/handlers/session-restore-handler.cjs +21 -11
  22. package/.claude/helpers/handlers/task-handler.cjs +13 -5
  23. package/.claude/helpers/intelligence.cjs +7 -2
  24. package/.claude/helpers/loop-tracker.cjs +15 -3
  25. package/.claude/helpers/memory.cjs +6 -1
  26. package/.claude/helpers/router.cjs +5 -2
  27. package/.claude/helpers/session.cjs +2 -0
  28. package/.claude/helpers/statusline.cjs +10 -2
  29. package/.claude/helpers/utils/micro-agents.cjs +20 -4
  30. package/.claude/scheduled_tasks.lock +1 -1
  31. package/.claude/settings.json +92 -1
  32. package/.claude/skills/mastermind/_protocol.md +23 -13
  33. package/.claude/skills/mastermind/architect.md +6 -9
  34. package/.claude/skills/mastermind/build.md +3 -3
  35. package/.claude/skills/mastermind/content.md +3 -3
  36. package/.claude/skills/mastermind/createorg.md +2 -2
  37. package/.claude/skills/mastermind/finance.md +3 -3
  38. package/.claude/skills/mastermind/idea.md +5 -3
  39. package/.claude/skills/mastermind/marketing.md +3 -3
  40. package/.claude/skills/mastermind/monitor.md +2 -2
  41. package/.claude/skills/mastermind/release.md +3 -3
  42. package/.claude/skills/mastermind/research.md +3 -3
  43. package/.claude/skills/mastermind/review.md +3 -3
  44. package/.claude/skills/mastermind/runorg.md +153 -86
  45. package/.claude/skills/mastermind/sales.md +3 -3
  46. package/README.md +286 -129
  47. package/package.json +19 -2
  48. package/packages/@monomind/cli/README.md +286 -129
  49. package/packages/@monomind/cli/bundled-graph/dist/src/build.js +73 -0
  50. package/packages/@monomind/cli/bundled-graph/dist/src/cluster.js +120 -0
  51. package/packages/@monomind/cli/bundled-graph/package.json +57 -0
  52. package/packages/@monomind/cli/dist/src/agents/halt-signal.d.ts +25 -0
  53. package/packages/@monomind/cli/dist/src/agents/halt-signal.js +76 -0
  54. package/packages/@monomind/cli/dist/src/agents/index.d.ts +18 -0
  55. package/packages/@monomind/cli/dist/src/agents/index.js +13 -0
  56. package/packages/@monomind/cli/dist/src/agents/managed-agent.d.ts +41 -0
  57. package/packages/@monomind/cli/dist/src/agents/managed-agent.js +69 -0
  58. package/packages/@monomind/cli/dist/src/agents/prompt-experiment.d.ts +23 -0
  59. package/packages/@monomind/cli/dist/src/agents/prompt-experiment.js +49 -0
  60. package/packages/@monomind/cli/dist/src/agents/prompt-version-manager.d.ts +22 -0
  61. package/packages/@monomind/cli/dist/src/agents/prompt-version-manager.js +80 -0
  62. package/packages/@monomind/cli/dist/src/agents/registry-builder.js +2 -0
  63. package/packages/@monomind/cli/dist/src/agents/registry-query.d.ts +71 -0
  64. package/packages/@monomind/cli/dist/src/agents/registry-query.js +125 -0
  65. package/packages/@monomind/cli/dist/src/agents/score-decay.d.ts +19 -0
  66. package/packages/@monomind/cli/dist/src/agents/score-decay.js +22 -0
  67. package/packages/@monomind/cli/dist/src/agents/shared-instructions-loader.d.ts +13 -0
  68. package/packages/@monomind/cli/dist/src/agents/shared-instructions-loader.js +40 -0
  69. package/packages/@monomind/cli/dist/src/agents/specialization-scorer.d.ts +54 -0
  70. package/packages/@monomind/cli/dist/src/agents/specialization-scorer.js +212 -0
  71. package/packages/@monomind/cli/dist/src/agents/termination-watcher.d.ts +30 -0
  72. package/packages/@monomind/cli/dist/src/agents/termination-watcher.js +84 -0
  73. package/packages/@monomind/cli/dist/src/agents/trigger-index.d.ts +20 -0
  74. package/packages/@monomind/cli/dist/src/agents/trigger-index.js +38 -0
  75. package/packages/@monomind/cli/dist/src/agents/trigger-scanner.d.ts +64 -0
  76. package/packages/@monomind/cli/dist/src/agents/trigger-scanner.js +308 -0
  77. package/packages/@monomind/cli/dist/src/agents/version-diff.d.ts +18 -0
  78. package/packages/@monomind/cli/dist/src/agents/version-diff.js +64 -0
  79. package/packages/@monomind/cli/dist/src/agents/version-store.d.ts +60 -0
  80. package/packages/@monomind/cli/dist/src/agents/version-store.js +235 -0
  81. package/packages/@monomind/cli/dist/src/autopilot-state.js +10 -5
  82. package/packages/@monomind/cli/dist/src/benchmarks/benchmark-runner.js +13 -0
  83. package/packages/@monomind/cli/dist/src/benchmarks/metric-evaluators.js +20 -9
  84. package/packages/@monomind/cli/dist/src/benchmarks/pretrain/index.d.ts +45 -0
  85. package/packages/@monomind/cli/dist/src/benchmarks/pretrain/index.js +404 -0
  86. package/packages/@monomind/cli/dist/src/browser/actions.js +10 -3
  87. package/packages/@monomind/cli/dist/src/browser/browser.js +12 -2
  88. package/packages/@monomind/cli/dist/src/browser/cdp.js +21 -3
  89. package/packages/@monomind/cli/dist/src/browser/har.js +27 -5
  90. package/packages/@monomind/cli/dist/src/commands/agent-wasm.d.ts +14 -0
  91. package/packages/@monomind/cli/dist/src/commands/agent-wasm.js +333 -0
  92. package/packages/@monomind/cli/dist/src/commands/agent.js +11 -8
  93. package/packages/@monomind/cli/dist/src/commands/analyze.js +36 -21
  94. package/packages/@monomind/cli/dist/src/commands/autopilot.js +12 -4
  95. package/packages/@monomind/cli/dist/src/commands/benchmark.js +51 -8
  96. package/packages/@monomind/cli/dist/src/commands/browse.js +5 -2
  97. package/packages/@monomind/cli/dist/src/commands/claims.js +29 -11
  98. package/packages/@monomind/cli/dist/src/commands/cleanup.js +25 -5
  99. package/packages/@monomind/cli/dist/src/commands/config.js +15 -7
  100. package/packages/@monomind/cli/dist/src/commands/daemon.js +6 -0
  101. package/packages/@monomind/cli/dist/src/commands/deployment.js +34 -19
  102. package/packages/@monomind/cli/dist/src/commands/doctor.js +151 -20
  103. package/packages/@monomind/cli/dist/src/commands/guidance.js +15 -2
  104. package/packages/@monomind/cli/dist/src/commands/hive-mind.js +37 -14
  105. package/packages/@monomind/cli/dist/src/commands/hooks.js +42 -25
  106. package/packages/@monomind/cli/dist/src/commands/init.js +9 -4
  107. package/packages/@monomind/cli/dist/src/commands/issues.js +29 -26
  108. package/packages/@monomind/cli/dist/src/commands/mcp.js +11 -5
  109. package/packages/@monomind/cli/dist/src/commands/memory.js +10 -0
  110. package/packages/@monomind/cli/dist/src/commands/migrate.js +5 -5
  111. package/packages/@monomind/cli/dist/src/commands/monograph.js +18 -5
  112. package/packages/@monomind/cli/dist/src/commands/monovector/backup.js +8 -2
  113. package/packages/@monomind/cli/dist/src/commands/monovector/benchmark.js +20 -7
  114. package/packages/@monomind/cli/dist/src/commands/monovector/import.js +15 -0
  115. package/packages/@monomind/cli/dist/src/commands/monovector/migrate.js +4 -1
  116. package/packages/@monomind/cli/dist/src/commands/monovector/optimize.js +11 -0
  117. package/packages/@monomind/cli/dist/src/commands/monovector/setup.js +11 -1
  118. package/packages/@monomind/cli/dist/src/commands/neural.js +1 -1
  119. package/packages/@monomind/cli/dist/src/commands/performance.js +20 -7
  120. package/packages/@monomind/cli/dist/src/commands/platforms.js +90 -8
  121. package/packages/@monomind/cli/dist/src/commands/plugins.js +12 -5
  122. package/packages/@monomind/cli/dist/src/commands/process.js +33 -10
  123. package/packages/@monomind/cli/dist/src/commands/progress.js +5 -3
  124. package/packages/@monomind/cli/dist/src/commands/providers.js +5 -5
  125. package/packages/@monomind/cli/dist/src/commands/replay.js +8 -2
  126. package/packages/@monomind/cli/dist/src/commands/route.js +27 -7
  127. package/packages/@monomind/cli/dist/src/commands/security.js +4 -0
  128. package/packages/@monomind/cli/dist/src/commands/session.js +12 -1
  129. package/packages/@monomind/cli/dist/src/commands/start.js +11 -4
  130. package/packages/@monomind/cli/dist/src/commands/status.js +7 -4
  131. package/packages/@monomind/cli/dist/src/commands/swarm.js +27 -13
  132. package/packages/@monomind/cli/dist/src/commands/task.js +26 -11
  133. package/packages/@monomind/cli/dist/src/commands/tokens.js +7 -2
  134. package/packages/@monomind/cli/dist/src/commands/transfer-store.js +36 -22
  135. package/packages/@monomind/cli/dist/src/commands/ui.js +68 -0
  136. package/packages/@monomind/cli/dist/src/commands/update.js +15 -3
  137. package/packages/@monomind/cli/dist/src/commands/workflow.js +39 -6
  138. package/packages/@monomind/cli/dist/src/consensus/audit-writer.js +18 -7
  139. package/packages/@monomind/cli/dist/src/consensus/index.d.ts +7 -0
  140. package/packages/@monomind/cli/dist/src/consensus/index.js +6 -0
  141. package/packages/@monomind/cli/dist/src/consensus/vote-signer.js +25 -8
  142. package/packages/@monomind/cli/dist/src/context/context-provider.d.ts +44 -0
  143. package/packages/@monomind/cli/dist/src/context/context-provider.js +25 -0
  144. package/packages/@monomind/cli/dist/src/context/git-state-provider.d.ts +12 -0
  145. package/packages/@monomind/cli/dist/src/context/git-state-provider.js +34 -0
  146. package/packages/@monomind/cli/dist/src/context/index.d.ts +12 -0
  147. package/packages/@monomind/cli/dist/src/context/index.js +12 -0
  148. package/packages/@monomind/cli/dist/src/context/project-conventions-provider.d.ts +15 -0
  149. package/packages/@monomind/cli/dist/src/context/project-conventions-provider.js +19 -0
  150. package/packages/@monomind/cli/dist/src/context/prompt-assembler.d.ts +26 -0
  151. package/packages/@monomind/cli/dist/src/context/prompt-assembler.js +93 -0
  152. package/packages/@monomind/cli/dist/src/context/task-history-provider.d.ts +24 -0
  153. package/packages/@monomind/cli/dist/src/context/task-history-provider.js +32 -0
  154. package/packages/@monomind/cli/dist/src/context/user-preferences-provider.d.ts +14 -0
  155. package/packages/@monomind/cli/dist/src/context/user-preferences-provider.js +27 -0
  156. package/packages/@monomind/cli/dist/src/dlq/dlq-reader.d.ts +31 -0
  157. package/packages/@monomind/cli/dist/src/dlq/dlq-reader.js +81 -0
  158. package/packages/@monomind/cli/dist/src/dlq/dlq-writer.d.ts +24 -0
  159. package/packages/@monomind/cli/dist/src/dlq/dlq-writer.js +65 -0
  160. package/packages/@monomind/cli/dist/src/dlq/index.d.ts +10 -0
  161. package/packages/@monomind/cli/dist/src/dlq/index.js +7 -0
  162. package/packages/@monomind/cli/dist/src/eval/dataset-manager.d.ts +33 -0
  163. package/packages/@monomind/cli/dist/src/eval/dataset-manager.js +107 -0
  164. package/packages/@monomind/cli/dist/src/eval/dataset-runner.d.ts +23 -0
  165. package/packages/@monomind/cli/dist/src/eval/dataset-runner.js +59 -0
  166. package/packages/@monomind/cli/dist/src/eval/index.d.ts +10 -0
  167. package/packages/@monomind/cli/dist/src/eval/index.js +7 -0
  168. package/packages/@monomind/cli/dist/src/eval/trace-collector.d.ts +40 -0
  169. package/packages/@monomind/cli/dist/src/eval/trace-collector.js +102 -0
  170. package/packages/@monomind/cli/dist/src/index.js +7 -3
  171. package/packages/@monomind/cli/dist/src/infrastructure/in-memory-repositories.d.ts +68 -0
  172. package/packages/@monomind/cli/dist/src/infrastructure/in-memory-repositories.js +264 -0
  173. package/packages/@monomind/cli/dist/src/init/executor.js +14 -11
  174. package/packages/@monomind/cli/dist/src/init/shared-instructions-generator.js +20 -4
  175. package/packages/@monomind/cli/dist/src/init/statusline-generator.js +33 -12
  176. package/packages/@monomind/cli/dist/src/interactive/interrupt.d.ts +22 -0
  177. package/packages/@monomind/cli/dist/src/interactive/interrupt.js +71 -0
  178. package/packages/@monomind/cli/dist/src/mcp/deprecation-injector.d.ts +25 -0
  179. package/packages/@monomind/cli/dist/src/mcp/deprecation-injector.js +48 -0
  180. package/packages/@monomind/cli/dist/src/mcp/tool-registry.d.ts +61 -0
  181. package/packages/@monomind/cli/dist/src/mcp/tool-registry.js +246 -0
  182. package/packages/@monomind/cli/dist/src/mcp-tools/a2a-tools.js +98 -13
  183. package/packages/@monomind/cli/dist/src/mcp-tools/agent-tools.js +16 -3
  184. package/packages/@monomind/cli/dist/src/mcp-tools/analyze-tools.js +80 -17
  185. package/packages/@monomind/cli/dist/src/mcp-tools/browser-tools.js +84 -22
  186. package/packages/@monomind/cli/dist/src/mcp-tools/claims-tools.js +35 -7
  187. package/packages/@monomind/cli/dist/src/mcp-tools/config-tools.js +82 -17
  188. package/packages/@monomind/cli/dist/src/mcp-tools/coordination-tools.js +37 -4
  189. package/packages/@monomind/cli/dist/src/mcp-tools/daa-tools.js +49 -7
  190. package/packages/@monomind/cli/dist/src/mcp-tools/embeddings-tools.js +45 -18
  191. package/packages/@monomind/cli/dist/src/mcp-tools/github-tools.js +75 -25
  192. package/packages/@monomind/cli/dist/src/mcp-tools/guidance-tools.js +32 -10
  193. package/packages/@monomind/cli/dist/src/mcp-tools/hive-mind-tools.js +91 -20
  194. package/packages/@monomind/cli/dist/src/mcp-tools/hooks-tools.js +188 -29
  195. package/packages/@monomind/cli/dist/src/mcp-tools/memory-tools.js +25 -7
  196. package/packages/@monomind/cli/dist/src/mcp-tools/monograph-compat.js +11 -2
  197. package/packages/@monomind/cli/dist/src/mcp-tools/monograph-tools.js +148 -26
  198. package/packages/@monomind/cli/dist/src/mcp-tools/neural-tools.js +44 -9
  199. package/packages/@monomind/cli/dist/src/mcp-tools/performance-tools.js +45 -10
  200. package/packages/@monomind/cli/dist/src/mcp-tools/progress-tools.js +7 -4
  201. package/packages/@monomind/cli/dist/src/mcp-tools/request-tracker.js +15 -1
  202. package/packages/@monomind/cli/dist/src/mcp-tools/security-tools.js +61 -9
  203. package/packages/@monomind/cli/dist/src/mcp-tools/session-tools.js +45 -14
  204. package/packages/@monomind/cli/dist/src/mcp-tools/swarm-tools.js +15 -3
  205. package/packages/@monomind/cli/dist/src/mcp-tools/system-tools.js +14 -7
  206. package/packages/@monomind/cli/dist/src/mcp-tools/task-tools.js +52 -10
  207. package/packages/@monomind/cli/dist/src/mcp-tools/terminal-tools.js +40 -6
  208. package/packages/@monomind/cli/dist/src/mcp-tools/transfer-tools.js +37 -4
  209. package/packages/@monomind/cli/dist/src/mcp-tools/wasm-agent-tools.d.ts +9 -0
  210. package/packages/@monomind/cli/dist/src/mcp-tools/wasm-agent-tools.js +230 -0
  211. package/packages/@monomind/cli/dist/src/mcp-tools/workflow-tools.js +29 -6
  212. package/packages/@monomind/cli/dist/src/memory/ewc-consolidation.js +26 -10
  213. package/packages/@monomind/cli/dist/src/memory/intelligence.js +80 -19
  214. package/packages/@monomind/cli/dist/src/memory/memory-bridge.js +21 -2
  215. package/packages/@monomind/cli/dist/src/memory/memory-initializer.js +67 -3
  216. package/packages/@monomind/cli/dist/src/memory/sona-optimizer.js +14 -4
  217. package/packages/@monomind/cli/dist/src/model/complexity-scorer.d.ts +21 -0
  218. package/packages/@monomind/cli/dist/src/model/complexity-scorer.js +106 -0
  219. package/packages/@monomind/cli/dist/src/model/index.d.ts +4 -0
  220. package/packages/@monomind/cli/dist/src/model/index.js +4 -0
  221. package/packages/@monomind/cli/dist/src/model/model-settings.d.ts +22 -0
  222. package/packages/@monomind/cli/dist/src/model/model-settings.js +33 -0
  223. package/packages/@monomind/cli/dist/src/model/model-tier-resolver.d.ts +24 -0
  224. package/packages/@monomind/cli/dist/src/model/model-tier-resolver.js +65 -0
  225. package/packages/@monomind/cli/dist/src/monovector/capabilities.d.ts +34 -0
  226. package/packages/@monomind/cli/dist/src/monovector/capabilities.js +37 -0
  227. package/packages/@monomind/cli/dist/src/monovector/command-outcomes.js +43 -7
  228. package/packages/@monomind/cli/dist/src/monovector/coverage-router.js +8 -4
  229. package/packages/@monomind/cli/dist/src/monovector/coverage-tools.js +6 -3
  230. package/packages/@monomind/cli/dist/src/monovector/diff-classifier.js +13 -0
  231. package/packages/@monomind/cli/dist/src/monovector/route-outcomes.d.ts +2 -1
  232. package/packages/@monomind/cli/dist/src/monovector/route-outcomes.js +46 -4
  233. package/packages/@monomind/cli/dist/src/observability/replay-reader.d.ts +1 -1
  234. package/packages/@monomind/cli/dist/src/orchestration/index.d.ts +7 -0
  235. package/packages/@monomind/cli/dist/src/orchestration/index.js +6 -0
  236. package/packages/@monomind/cli/dist/src/orchestration/mode-dispatcher.d.ts +11 -0
  237. package/packages/@monomind/cli/dist/src/orchestration/mode-dispatcher.js +31 -0
  238. package/packages/@monomind/cli/dist/src/orchestration/routing-modes.d.ts +68 -0
  239. package/packages/@monomind/cli/dist/src/orchestration/routing-modes.js +180 -0
  240. package/packages/@monomind/cli/dist/src/plugins/manager.js +8 -3
  241. package/packages/@monomind/cli/dist/src/plugins/store/discovery.js +46 -2
  242. package/packages/@monomind/cli/dist/src/plugins/store/search.js +5 -4
  243. package/packages/@monomind/cli/dist/src/plugins/tests/demo-plugin-store.d.ts +7 -0
  244. package/packages/@monomind/cli/dist/src/plugins/tests/demo-plugin-store.js +126 -0
  245. package/packages/@monomind/cli/dist/src/plugins/tests/standalone-test.d.ts +12 -0
  246. package/packages/@monomind/cli/dist/src/plugins/tests/standalone-test.js +188 -0
  247. package/packages/@monomind/cli/dist/src/plugins/tests/test-plugin-store.d.ts +7 -0
  248. package/packages/@monomind/cli/dist/src/plugins/tests/test-plugin-store.js +206 -0
  249. package/packages/@monomind/cli/dist/src/production/circuit-breaker.js +17 -3
  250. package/packages/@monomind/cli/dist/src/production/error-handler.js +3 -0
  251. package/packages/@monomind/cli/dist/src/production/monitoring.js +20 -3
  252. package/packages/@monomind/cli/dist/src/production/rate-limiter.js +13 -4
  253. package/packages/@monomind/cli/dist/src/production/retry.js +17 -9
  254. package/packages/@monomind/cli/dist/src/routing/embed-worker.js +6 -2
  255. package/packages/@monomind/cli/dist/src/routing/embedder.js +0 -0
  256. package/packages/@monomind/cli/dist/src/routing/llm-caller.js +13 -2
  257. package/packages/@monomind/cli/dist/src/routing/route-layer-factory.js +18 -3
  258. package/packages/@monomind/cli/dist/src/runtime/headless.d.ts +60 -0
  259. package/packages/@monomind/cli/dist/src/runtime/headless.js +284 -0
  260. package/packages/@monomind/cli/dist/src/services/agentic-flow-bridge.d.ts +50 -0
  261. package/packages/@monomind/cli/dist/src/services/agentic-flow-bridge.js +95 -0
  262. package/packages/@monomind/cli/dist/src/services/claim-service.d.ts +1 -0
  263. package/packages/@monomind/cli/dist/src/services/claim-service.js +8 -0
  264. package/packages/@monomind/cli/dist/src/services/config-file-manager.js +14 -2
  265. package/packages/@monomind/cli/dist/src/services/container-worker-pool.d.ts +197 -0
  266. package/packages/@monomind/cli/dist/src/services/container-worker-pool.js +623 -0
  267. package/packages/@monomind/cli/dist/src/services/headless-worker-executor.js +18 -2
  268. package/packages/@monomind/cli/dist/src/services/index.d.ts +13 -0
  269. package/packages/@monomind/cli/dist/src/services/index.js +11 -0
  270. package/packages/@monomind/cli/dist/src/services/worker-daemon.js +53 -12
  271. package/packages/@monomind/cli/dist/src/services/worker-queue.d.ts +201 -0
  272. package/packages/@monomind/cli/dist/src/services/worker-queue.js +594 -0
  273. package/packages/@monomind/cli/dist/src/swarm/communication-graph.d.ts +25 -0
  274. package/packages/@monomind/cli/dist/src/swarm/communication-graph.js +77 -0
  275. package/packages/@monomind/cli/dist/src/swarm/flow-enforcer.d.ts +31 -0
  276. package/packages/@monomind/cli/dist/src/swarm/flow-enforcer.js +61 -0
  277. package/packages/@monomind/cli/dist/src/swarm/flow-visualizer.d.ts +19 -0
  278. package/packages/@monomind/cli/dist/src/swarm/flow-visualizer.js +68 -0
  279. package/packages/@monomind/cli/dist/src/transfer/anonymization/index.d.ts +0 -3
  280. package/packages/@monomind/cli/dist/src/transfer/anonymization/index.js +16 -1
  281. package/packages/@monomind/cli/dist/src/transfer/deploy-seraphine.d.ts +13 -0
  282. package/packages/@monomind/cli/dist/src/transfer/deploy-seraphine.js +205 -0
  283. package/packages/@monomind/cli/dist/src/transfer/export.js +8 -0
  284. package/packages/@monomind/cli/dist/src/transfer/ipfs/upload.js +33 -3
  285. package/packages/@monomind/cli/dist/src/transfer/serialization/cfp.js +9 -3
  286. package/packages/@monomind/cli/dist/src/transfer/storage/gcs.js +37 -3
  287. package/packages/@monomind/cli/dist/src/transfer/store/discovery.js +45 -3
  288. package/packages/@monomind/cli/dist/src/transfer/store/download.js +5 -0
  289. package/packages/@monomind/cli/dist/src/transfer/store/publish.js +13 -1
  290. package/packages/@monomind/cli/dist/src/transfer/store/registry.d.ts +8 -0
  291. package/packages/@monomind/cli/dist/src/transfer/store/registry.js +30 -5
  292. package/packages/@monomind/cli/dist/src/transfer/store/search.js +20 -5
  293. package/packages/@monomind/cli/dist/src/transfer/store/tests/standalone-test.d.ts +12 -0
  294. package/packages/@monomind/cli/dist/src/transfer/store/tests/standalone-test.js +190 -0
  295. package/packages/@monomind/cli/dist/src/transfer/test-seraphine.d.ts +6 -0
  296. package/packages/@monomind/cli/dist/src/transfer/test-seraphine.js +105 -0
  297. package/packages/@monomind/cli/dist/src/transfer/tests/test-store.d.ts +7 -0
  298. package/packages/@monomind/cli/dist/src/transfer/tests/test-store.js +214 -0
  299. package/packages/@monomind/cli/dist/src/update/checker.js +59 -7
  300. package/packages/@monomind/cli/dist/src/update/executor.js +50 -3
  301. package/packages/@monomind/cli/dist/src/update/index.js +18 -1
  302. package/packages/@monomind/cli/dist/src/update/rate-limiter.d.ts +6 -0
  303. package/packages/@monomind/cli/dist/src/update/rate-limiter.js +79 -7
  304. package/packages/@monomind/cli/dist/src/update/validator.js +52 -1
  305. package/packages/@monomind/cli/dist/src/workflow/condition-evaluator.d.ts +10 -0
  306. package/packages/@monomind/cli/dist/src/workflow/condition-evaluator.js +82 -0
  307. package/packages/@monomind/cli/dist/src/workflow/context-resolver.d.ts +12 -0
  308. package/packages/@monomind/cli/dist/src/workflow/context-resolver.js +23 -0
  309. package/packages/@monomind/cli/dist/src/workflow/dag-builder.d.ts +17 -0
  310. package/packages/@monomind/cli/dist/src/workflow/dag-builder.js +129 -0
  311. package/packages/@monomind/cli/dist/src/workflow/dag-executor.d.ts +9 -0
  312. package/packages/@monomind/cli/dist/src/workflow/dag-executor.js +116 -0
  313. package/packages/@monomind/cli/dist/src/workflow/dag-types.d.ts +41 -0
  314. package/packages/@monomind/cli/dist/src/workflow/dag-types.js +8 -0
  315. package/packages/@monomind/cli/dist/src/workflow/dsl-parser.d.ts +12 -0
  316. package/packages/@monomind/cli/dist/src/workflow/dsl-parser.js +20 -0
  317. package/packages/@monomind/cli/dist/src/workflow/dsl-schema.d.ts +165 -0
  318. package/packages/@monomind/cli/dist/src/workflow/dsl-schema.js +82 -0
  319. package/packages/@monomind/cli/dist/src/workflow/index.d.ts +13 -0
  320. package/packages/@monomind/cli/dist/src/workflow/index.js +11 -0
  321. package/packages/@monomind/cli/dist/src/workflow/template-engine.d.ts +11 -0
  322. package/packages/@monomind/cli/dist/src/workflow/template-engine.js +40 -0
  323. package/packages/@monomind/cli/dist/src/workflow/workflow-executor.d.ts +29 -0
  324. package/packages/@monomind/cli/dist/src/workflow/workflow-executor.js +227 -0
  325. package/packages/@monomind/cli/package.json +9 -10
  326. package/packages/@monomind/guidance/dist/adversarial.d.ts +284 -0
  327. package/packages/@monomind/guidance/dist/adversarial.js +572 -0
  328. package/packages/@monomind/guidance/dist/analyzer.d.ts +530 -0
  329. package/packages/@monomind/guidance/dist/analyzer.js +2518 -0
  330. package/packages/@monomind/guidance/dist/artifacts.d.ts +283 -0
  331. package/packages/@monomind/guidance/dist/artifacts.js +356 -0
  332. package/packages/@monomind/guidance/dist/authority.d.ts +290 -0
  333. package/packages/@monomind/guidance/dist/authority.js +558 -0
  334. package/packages/@monomind/guidance/dist/capabilities.d.ts +209 -0
  335. package/packages/@monomind/guidance/dist/capabilities.js +485 -0
  336. package/packages/@monomind/guidance/dist/coherence.d.ts +233 -0
  337. package/packages/@monomind/guidance/dist/coherence.js +372 -0
  338. package/packages/@monomind/guidance/dist/compiler.d.ts +87 -0
  339. package/packages/@monomind/guidance/dist/compiler.js +419 -0
  340. package/packages/@monomind/guidance/dist/conformance-kit.d.ts +225 -0
  341. package/packages/@monomind/guidance/dist/conformance-kit.js +629 -0
  342. package/packages/@monomind/guidance/dist/continue-gate.d.ts +214 -0
  343. package/packages/@monomind/guidance/dist/continue-gate.js +353 -0
  344. package/packages/@monomind/guidance/dist/crypto-utils.d.ts +17 -0
  345. package/packages/@monomind/guidance/dist/crypto-utils.js +24 -0
  346. package/packages/@monomind/guidance/dist/evolution.d.ts +282 -0
  347. package/packages/@monomind/guidance/dist/evolution.js +500 -0
  348. package/packages/@monomind/guidance/dist/gates.d.ts +79 -0
  349. package/packages/@monomind/guidance/dist/gates.js +302 -0
  350. package/packages/@monomind/guidance/dist/gateway.d.ts +206 -0
  351. package/packages/@monomind/guidance/dist/gateway.js +452 -0
  352. package/packages/@monomind/guidance/dist/generators.d.ts +153 -0
  353. package/packages/@monomind/guidance/dist/generators.js +682 -0
  354. package/packages/@monomind/guidance/dist/headless.d.ts +177 -0
  355. package/packages/@monomind/guidance/dist/headless.js +342 -0
  356. package/packages/@monomind/guidance/dist/hooks.d.ts +109 -0
  357. package/packages/@monomind/guidance/dist/hooks.js +347 -0
  358. package/packages/@monomind/guidance/dist/index.d.ts +205 -0
  359. package/packages/@monomind/guidance/dist/index.js +321 -0
  360. package/packages/@monomind/guidance/dist/ledger.d.ts +162 -0
  361. package/packages/@monomind/guidance/dist/ledger.js +375 -0
  362. package/packages/@monomind/guidance/dist/manifest-validator.d.ts +289 -0
  363. package/packages/@monomind/guidance/dist/manifest-validator.js +838 -0
  364. package/packages/@monomind/guidance/dist/memory-gate.d.ts +222 -0
  365. package/packages/@monomind/guidance/dist/memory-gate.js +382 -0
  366. package/packages/@monomind/guidance/dist/meta-governance.d.ts +265 -0
  367. package/packages/@monomind/guidance/dist/meta-governance.js +348 -0
  368. package/packages/@monomind/guidance/dist/optimizer.d.ts +104 -0
  369. package/packages/@monomind/guidance/dist/optimizer.js +329 -0
  370. package/packages/@monomind/guidance/dist/persistence.d.ts +189 -0
  371. package/packages/@monomind/guidance/dist/persistence.js +464 -0
  372. package/packages/@monomind/guidance/dist/proof.d.ts +185 -0
  373. package/packages/@monomind/guidance/dist/proof.js +238 -0
  374. package/packages/@monomind/guidance/dist/retriever.d.ts +116 -0
  375. package/packages/@monomind/guidance/dist/retriever.js +394 -0
  376. package/packages/@monomind/guidance/dist/ruvbot-integration.d.ts +370 -0
  377. package/packages/@monomind/guidance/dist/ruvbot-integration.js +738 -0
  378. package/packages/@monomind/guidance/dist/temporal.d.ts +426 -0
  379. package/packages/@monomind/guidance/dist/temporal.js +658 -0
  380. package/packages/@monomind/guidance/dist/trust.d.ts +283 -0
  381. package/packages/@monomind/guidance/dist/trust.js +473 -0
  382. package/packages/@monomind/guidance/dist/truth-anchors.d.ts +276 -0
  383. package/packages/@monomind/guidance/dist/truth-anchors.js +488 -0
  384. package/packages/@monomind/guidance/dist/types.d.ts +378 -0
  385. package/packages/@monomind/guidance/dist/types.js +10 -0
  386. package/packages/@monomind/guidance/dist/uncertainty.d.ts +372 -0
  387. package/packages/@monomind/guidance/dist/uncertainty.js +619 -0
  388. package/packages/@monomind/guidance/dist/wasm-kernel.d.ts +48 -0
  389. package/packages/@monomind/guidance/dist/wasm-kernel.js +158 -0
@@ -0,0 +1,31 @@
1
+ /**
2
+ * FlowEnforcer (Task 40)
3
+ *
4
+ * Checks messages against the communication graph and records violations.
5
+ * No database dependency — violations stored in memory.
6
+ */
7
+ import type { FlowViolation } from '../../../shared/src/types/communication-flow.js';
8
+ import type { CommunicationGraph } from './communication-graph.js';
9
+ export declare class FlowEnforcer {
10
+ private readonly graph;
11
+ private readonly swarmId;
12
+ private readonly enforce;
13
+ private readonly violations;
14
+ private static readonly MAX_VIOLATIONS;
15
+ constructor(graph: CommunicationGraph, swarmId: string, enforceMode: boolean);
16
+ /**
17
+ * Check whether a message is authorized and record any violation.
18
+ *
19
+ * Returns BOTH `authorized` (the policy decision) and `enforced` (whether the
20
+ * decision is actually applied). Callers must read both — taking action based
21
+ * solely on `authorized` would let `enforce=false` silently bypass the policy.
22
+ */
23
+ checkAndRecord(fromSlug: string, toSlug: string, messageContent: string): {
24
+ authorized: boolean;
25
+ enforced: boolean;
26
+ violation?: FlowViolation;
27
+ };
28
+ /** Return all recorded violations */
29
+ getViolations(): FlowViolation[];
30
+ }
31
+ //# sourceMappingURL=flow-enforcer.d.ts.map
@@ -0,0 +1,61 @@
1
+ /**
2
+ * FlowEnforcer (Task 40)
3
+ *
4
+ * Checks messages against the communication graph and records violations.
5
+ * No database dependency — violations stored in memory.
6
+ */
7
+ import { randomUUID } from 'crypto';
8
+ export class FlowEnforcer {
9
+ graph;
10
+ swarmId;
11
+ enforce;
12
+ violations = [];
13
+ static MAX_VIOLATIONS = 1000;
14
+ constructor(graph, swarmId, enforceMode) {
15
+ this.graph = graph;
16
+ this.swarmId = swarmId;
17
+ this.enforce = enforceMode;
18
+ }
19
+ /**
20
+ * Check whether a message is authorized and record any violation.
21
+ *
22
+ * Returns BOTH `authorized` (the policy decision) and `enforced` (whether the
23
+ * decision is actually applied). Callers must read both — taking action based
24
+ * solely on `authorized` would let `enforce=false` silently bypass the policy.
25
+ */
26
+ checkAndRecord(fromSlug, toSlug, messageContent) {
27
+ if (this.graph.isAuthorized(fromSlug, toSlug)) {
28
+ return { authorized: true, enforced: this.enforce };
29
+ }
30
+ const violation = {
31
+ violationId: randomUUID(),
32
+ swarmId: this.swarmId,
33
+ fromAgentSlug: fromSlug,
34
+ toAgentSlug: toSlug,
35
+ // Truncated preview only; for sensitive traffic, redact via a hook before
36
+ // it reaches this enforcer. Cap means an attacker can't fill memory with
37
+ // long messages either.
38
+ messagePreview: messageContent.slice(0, 120),
39
+ detectedAt: new Date().toISOString(),
40
+ action: this.enforce ? 'blocked' : 'logged',
41
+ };
42
+ // FIFO eviction so a sustained attack can't grow violations to GB-scale.
43
+ if (this.violations.length >= FlowEnforcer.MAX_VIOLATIONS) {
44
+ this.violations.shift();
45
+ }
46
+ this.violations.push(violation);
47
+ return {
48
+ // Policy decision: NOT authorized. Whether the caller blocks the send is
49
+ // governed by `enforced`, which is exposed separately so callers cannot
50
+ // accidentally treat audit-mode as "permitted".
51
+ authorized: false,
52
+ enforced: this.enforce,
53
+ violation,
54
+ };
55
+ }
56
+ /** Return all recorded violations */
57
+ getViolations() {
58
+ return [...this.violations];
59
+ }
60
+ }
61
+ //# sourceMappingURL=flow-enforcer.js.map
@@ -0,0 +1,19 @@
1
+ /**
2
+ * Flow Visualizer (Task 40)
3
+ *
4
+ * ASCII and DOT (Graphviz) renderers for communication flow edges.
5
+ */
6
+ import type { FlowEdge } from '../../../shared/src/types/communication-flow.js';
7
+ /**
8
+ * Render edges as human-readable ASCII art.
9
+ * Empty edges produce a single-line "unrestricted" notice.
10
+ */
11
+ export declare function toAscii(edges: FlowEdge[], title?: string): string;
12
+ /**
13
+ * Render edges as a DOT language digraph (Graphviz compatible).
14
+ * Slugs are escaped so a malicious slug cannot inject DOT attributes
15
+ * (e.g., URL="javascript:..." would be rendered as a clickable link
16
+ * by Graphviz's SVG output without escaping).
17
+ */
18
+ export declare function toDOT(edges: FlowEdge[], graphName?: string): string;
19
+ //# sourceMappingURL=flow-visualizer.d.ts.map
@@ -0,0 +1,68 @@
1
+ /**
2
+ * Flow Visualizer (Task 40)
3
+ *
4
+ * ASCII and DOT (Graphviz) renderers for communication flow edges.
5
+ */
6
+ /** Escape a slug for safe DOT identifier interpolation. */
7
+ function dotEscape(s) {
8
+ return String(s ?? '').replace(/\\/g, '\\\\').replace(/"/g, '\\"');
9
+ }
10
+ /** Strip newlines/CR for safe ASCII line emission (log-injection defense). */
11
+ function asciiSafe(s) {
12
+ return String(s ?? '').replace(/[\r\n\x00-\x1f\x7f]/g, '?');
13
+ }
14
+ /** Restrict graph names to a safe DOT identifier — graph_name must be an ID. */
15
+ function safeGraphName(name) {
16
+ return /^[a-zA-Z_][a-zA-Z0-9_]{0,63}$/.test(name) ? name : 'swarm_flow';
17
+ }
18
+ const MAX_DISPLAY_EDGES = 500;
19
+ /**
20
+ * Render edges as human-readable ASCII art.
21
+ * Empty edges produce a single-line "unrestricted" notice.
22
+ */
23
+ export function toAscii(edges, title) {
24
+ const lines = [];
25
+ if (title) {
26
+ lines.push(`=== ${asciiSafe(title)} ===`);
27
+ lines.push('');
28
+ }
29
+ if (edges.length === 0) {
30
+ lines.push('(unrestricted — all agents may communicate freely)');
31
+ return lines.join('\n');
32
+ }
33
+ const capped = edges.slice(0, MAX_DISPLAY_EDGES);
34
+ for (const [from, to] of capped) {
35
+ lines.push(` ${asciiSafe(from)} --> ${asciiSafe(to)}`);
36
+ }
37
+ if (edges.length > MAX_DISPLAY_EDGES) {
38
+ lines.push(` ... (${edges.length - MAX_DISPLAY_EDGES} more edges omitted)`);
39
+ }
40
+ return lines.join('\n');
41
+ }
42
+ /**
43
+ * Render edges as a DOT language digraph (Graphviz compatible).
44
+ * Slugs are escaped so a malicious slug cannot inject DOT attributes
45
+ * (e.g., URL="javascript:..." would be rendered as a clickable link
46
+ * by Graphviz's SVG output without escaping).
47
+ */
48
+ export function toDOT(edges, graphName) {
49
+ const name = safeGraphName(graphName ?? 'swarm_flow');
50
+ const lines = [];
51
+ lines.push(`digraph ${name} {`);
52
+ lines.push(' rankdir=LR;');
53
+ if (edges.length === 0) {
54
+ lines.push(' // unrestricted — no explicit edges');
55
+ }
56
+ else {
57
+ const capped = edges.slice(0, MAX_DISPLAY_EDGES);
58
+ for (const [from, to] of capped) {
59
+ lines.push(` "${dotEscape(from)}" -> "${dotEscape(to)}";`);
60
+ }
61
+ if (edges.length > MAX_DISPLAY_EDGES) {
62
+ lines.push(` // ... (${edges.length - MAX_DISPLAY_EDGES} more edges omitted)`);
63
+ }
64
+ }
65
+ lines.push('}');
66
+ return lines.join('\n');
67
+ }
68
+ //# sourceMappingURL=flow-visualizer.js.map
@@ -11,9 +11,6 @@ export declare function detectPII(content: string): PIIDetectionResult;
11
11
  * Redact PII from a string
12
12
  */
13
13
  export declare function redactPII(content: string): string;
14
- /**
15
- * Apply anonymization to CFP document
16
- */
17
14
  export declare function anonymizeCFP(cfp: CFPFormat, level: AnonymizationLevel): {
18
15
  cfp: CFPFormat;
19
16
  transforms: string[];
@@ -35,10 +35,15 @@ const REDACTIONS = {
35
35
  function hash(input) {
36
36
  return crypto.createHash('sha256').update(input).digest('hex');
37
37
  }
38
+ /** Maximum content size for PII scanning/redaction (4 MB). */
39
+ const MAX_SCAN_SIZE = 4 * 1024 * 1024;
38
40
  /**
39
41
  * Detect PII in a string
40
42
  */
41
43
  export function detectPII(content) {
44
+ if (content.length > MAX_SCAN_SIZE) {
45
+ throw new Error(`detectPII: content too large (${content.length} bytes; max ${MAX_SCAN_SIZE})`);
46
+ }
42
47
  const result = {
43
48
  found: false,
44
49
  count: 0,
@@ -85,6 +90,9 @@ function getSeverity(type) {
85
90
  * Redact PII from a string
86
91
  */
87
92
  export function redactPII(content) {
93
+ if (content.length > MAX_SCAN_SIZE) {
94
+ throw new Error(`redactPII: content too large (${content.length} bytes; max ${MAX_SCAN_SIZE})`);
95
+ }
88
96
  let result = content;
89
97
  for (const [type, pattern] of Object.entries(PII_PATTERNS)) {
90
98
  const replacement = REDACTIONS[type];
@@ -100,9 +108,16 @@ export function redactPII(content) {
100
108
  /**
101
109
  * Apply anonymization to CFP document
102
110
  */
111
+ /** Maximum CFP payload size accepted for anonymization (10 MB). */
112
+ const MAX_CFP_ANONYMIZE_SIZE = 10 * 1024 * 1024;
103
113
  export function anonymizeCFP(cfp, level) {
114
+ // Guard before deep clone to prevent OOM on a crafted large object
115
+ const serialized = JSON.stringify(cfp);
116
+ if (serialized.length > MAX_CFP_ANONYMIZE_SIZE) {
117
+ throw new Error(`anonymizeCFP: CFP payload too large (${serialized.length} bytes; max ${MAX_CFP_ANONYMIZE_SIZE})`);
118
+ }
104
119
  const transforms = [];
105
- const anonymized = JSON.parse(JSON.stringify(cfp));
120
+ const anonymized = JSON.parse(serialized);
106
121
  // Level: Minimal
107
122
  if (['minimal', 'standard', 'strict', 'paranoid'].includes(level)) {
108
123
  // Redact author display name
@@ -0,0 +1,13 @@
1
+ #!/usr/bin/env npx tsx
2
+ /**
3
+ * Deploy Seraphine Genesis Model
4
+ * Exports and uploads the first Monomind pattern model to IPFS
5
+ *
6
+ * Usage:
7
+ * npx tsx deploy-seraphine.ts
8
+ * npx tsx deploy-seraphine.ts --output ./patterns/
9
+ * npx tsx deploy-seraphine.ts --to-ipfs
10
+ * npx tsx deploy-seraphine.ts --to-ipfs --anonymize strict
11
+ */
12
+ export {};
13
+ //# sourceMappingURL=deploy-seraphine.d.ts.map
@@ -0,0 +1,205 @@
1
+ #!/usr/bin/env npx tsx
2
+ /**
3
+ * Deploy Seraphine Genesis Model
4
+ * Exports and uploads the first Monomind pattern model to IPFS
5
+ *
6
+ * Usage:
7
+ * npx tsx deploy-seraphine.ts
8
+ * npx tsx deploy-seraphine.ts --output ./patterns/
9
+ * npx tsx deploy-seraphine.ts --to-ipfs
10
+ * npx tsx deploy-seraphine.ts --to-ipfs --anonymize strict
11
+ */
12
+ import * as path from 'path';
13
+ import { fileURLToPath } from 'url';
14
+ const __filename = fileURLToPath(import.meta.url);
15
+ const __dirname = path.dirname(__filename);
16
+ import { createSeraphineGenesis, getSeraphineInfo } from './models/seraphine.js';
17
+ import { exportPatterns } from './export.js';
18
+ import { validateCFP } from './serialization/cfp.js';
19
+ import { scanCFPForPII } from './anonymization/index.js';
20
+ /**
21
+ * Parse CLI arguments
22
+ */
23
+ function parseArgs() {
24
+ const args = process.argv.slice(2);
25
+ const options = {
26
+ toIpfs: false,
27
+ anonymize: 'standard',
28
+ pin: true,
29
+ gateway: 'https://w3s.link',
30
+ validate: true,
31
+ verbose: false,
32
+ };
33
+ for (let i = 0; i < args.length; i++) {
34
+ const arg = args[i];
35
+ switch (arg) {
36
+ case '--output':
37
+ case '-o':
38
+ options.output = args[++i];
39
+ break;
40
+ case '--to-ipfs':
41
+ case '--ipfs':
42
+ options.toIpfs = true;
43
+ break;
44
+ case '--anonymize':
45
+ case '-a':
46
+ options.anonymize = args[++i];
47
+ break;
48
+ case '--no-pin':
49
+ options.pin = false;
50
+ break;
51
+ case '--gateway':
52
+ case '-g':
53
+ options.gateway = args[++i];
54
+ break;
55
+ case '--no-validate':
56
+ options.validate = false;
57
+ break;
58
+ case '--verbose':
59
+ case '-v':
60
+ options.verbose = true;
61
+ break;
62
+ case '--help':
63
+ case '-h':
64
+ printHelp();
65
+ process.exit(0);
66
+ }
67
+ }
68
+ return options;
69
+ }
70
+ /**
71
+ * Print help message
72
+ */
73
+ function printHelp() {
74
+ console.log(`
75
+ Seraphine Genesis Deployer
76
+ ==========================
77
+
78
+ Deploy the foundational Monomind pattern model.
79
+
80
+ Usage:
81
+ npx ts-node deploy-seraphine.ts [options]
82
+
83
+ Options:
84
+ --output, -o <path> Output file path
85
+ --to-ipfs, --ipfs Upload to IPFS
86
+ --anonymize, -a <level> Anonymization level (minimal|standard|strict|paranoid)
87
+ --gateway, -g <url> IPFS gateway URL
88
+ --no-pin Don't pin to pinning service
89
+ --no-validate Skip validation
90
+ --verbose, -v Verbose output
91
+ --help, -h Show this help
92
+
93
+ Examples:
94
+ npx ts-node deploy-seraphine.ts --output ./seraphine-genesis.cfp.json
95
+ npx ts-node deploy-seraphine.ts --to-ipfs --anonymize strict
96
+ npx ts-node deploy-seraphine.ts --to-ipfs --gateway https://dweb.link
97
+ `);
98
+ }
99
+ /**
100
+ * Main deploy function
101
+ */
102
+ async function deploy() {
103
+ const options = parseArgs();
104
+ console.log('');
105
+ console.log('╔══════════════════════════════════════════════════════════╗');
106
+ console.log('║ SERAPHINE GENESIS MODEL DEPLOYMENT ║');
107
+ console.log('║ The First Monomind Pattern Model ║');
108
+ console.log('╚══════════════════════════════════════════════════════════╝');
109
+ console.log('');
110
+ // Step 1: Create Seraphine Genesis
111
+ console.log('📦 Creating Seraphine Genesis Model...');
112
+ const genesis = createSeraphineGenesis();
113
+ const info = getSeraphineInfo();
114
+ console.log(` Name: ${info.name}`);
115
+ console.log(` Version: ${info.version}`);
116
+ console.log(` Description: ${info.description.slice(0, 60)}...`);
117
+ console.log('');
118
+ console.log(' Pattern Counts:');
119
+ for (const [type, count] of Object.entries(info.patternCounts)) {
120
+ console.log(` - ${type}: ${count}`);
121
+ }
122
+ console.log('');
123
+ // Step 2: Validate
124
+ if (options.validate) {
125
+ console.log('✅ Validating CFP format...');
126
+ const validation = validateCFP(genesis);
127
+ if (!validation.valid) {
128
+ console.error('❌ Validation failed:');
129
+ for (const error of validation.errors) {
130
+ console.error(` - ${error}`);
131
+ }
132
+ process.exit(1);
133
+ }
134
+ console.log(' Format is valid!');
135
+ console.log('');
136
+ }
137
+ // Step 3: Scan for PII
138
+ console.log('🔍 Scanning for PII...');
139
+ const piiScan = scanCFPForPII(genesis);
140
+ if (piiScan.found) {
141
+ console.log(` Found ${piiScan.count} PII items:`);
142
+ for (const [type, count] of Object.entries(piiScan.types)) {
143
+ console.log(` - ${type}: ${count}`);
144
+ }
145
+ console.log(' Will be redacted during export.');
146
+ }
147
+ else {
148
+ console.log(' No PII detected!');
149
+ }
150
+ console.log('');
151
+ // Step 4: Export
152
+ console.log(`📤 Exporting with ${options.anonymize} anonymization...`);
153
+ const exportOptions = {
154
+ output: options.output,
155
+ toIpfs: options.toIpfs,
156
+ anonymize: options.anonymize,
157
+ pin: options.pin,
158
+ gateway: options.gateway,
159
+ format: 'json',
160
+ redactPii: true,
161
+ };
162
+ // If no output specified and not uploading to IPFS, create default output
163
+ if (!options.output && !options.toIpfs) {
164
+ const defaultOutput = path.join(process.cwd(), 'seraphine-genesis.cfp.json');
165
+ exportOptions.output = defaultOutput;
166
+ }
167
+ const result = await exportPatterns(genesis, exportOptions);
168
+ console.log('');
169
+ console.log('═══════════════════════════════════════════════════════════');
170
+ console.log(' DEPLOYMENT COMPLETE ');
171
+ console.log('═══════════════════════════════════════════════════════════');
172
+ console.log('');
173
+ if (result.success) {
174
+ console.log('✅ Successfully deployed Seraphine Genesis!');
175
+ console.log('');
176
+ console.log(' 📊 Export Summary:');
177
+ console.log(` Patterns: ${result.patternCount}`);
178
+ console.log(` Size: ${result.size} bytes`);
179
+ console.log(` Anonymization: ${result.anonymizationLevel}`);
180
+ if (result.outputPath) {
181
+ console.log('');
182
+ console.log(` 📁 File: ${result.outputPath}`);
183
+ }
184
+ if (result.cid) {
185
+ console.log('');
186
+ console.log(' 🌐 IPFS:');
187
+ console.log(` CID: ${result.cid}`);
188
+ console.log(` Gateway URL: ${result.gateway}/ipfs/${result.cid}`);
189
+ }
190
+ console.log('');
191
+ console.log(' 🎉 Hello World! The genesis pattern has been deployed.');
192
+ console.log(' 🌟 This is the first Monomind pattern ever shared.');
193
+ console.log('');
194
+ }
195
+ else {
196
+ console.error('❌ Deployment failed!');
197
+ process.exit(1);
198
+ }
199
+ }
200
+ // Run if executed directly
201
+ deploy().catch(error => {
202
+ console.error('Fatal error:', error);
203
+ process.exit(1);
204
+ });
205
+ //# sourceMappingURL=deploy-seraphine.js.map
@@ -49,6 +49,14 @@ export async function exportPatterns(cfp, options = {}) {
49
49
  // Write to file
50
50
  const ext = getFileExtension(format);
51
51
  outputPath = output.endsWith(ext) ? output : output + ext;
52
+ // Path traversal guard — output must resolve within the current working
53
+ // directory to prevent callers from writing to arbitrary filesystem paths.
54
+ const projectRoot = path.resolve(process.cwd());
55
+ const resolvedOutputPath = path.resolve(process.cwd(), outputPath);
56
+ if (!resolvedOutputPath.startsWith(projectRoot + path.sep) && resolvedOutputPath !== projectRoot) {
57
+ throw new Error(`Output path must resolve within the project directory: ${projectRoot}`);
58
+ }
59
+ outputPath = resolvedOutputPath;
52
60
  // Ensure directory exists
53
61
  const dir = path.dirname(outputPath);
54
62
  if (!fs.existsSync(dir)) {
@@ -6,6 +6,14 @@
6
6
  * @version 3.0.0
7
7
  */
8
8
  import * as crypto from 'crypto';
9
+ /**
10
+ * Sanitize a user-supplied filename before embedding it inside a multipart
11
+ * Content-Disposition header. Strip all CR/LF characters (MIME header injection)
12
+ * and cap length to prevent oversized headers.
13
+ */
14
+ function sanitizeFileName(name) {
15
+ return name.replace(/[\r\n]/g, '').slice(0, 200);
16
+ }
9
17
  /**
10
18
  * Get web3.storage token from environment or config
11
19
  */
@@ -42,7 +50,7 @@ async function uploadToWeb3Storage(content, options) {
42
50
  'Get a free token at: https://web3.storage');
43
51
  }
44
52
  const endpoint = options.endpoint || 'https://api.web3.storage';
45
- const name = options.name || 'pattern.cfp.json';
53
+ const name = sanitizeFileName(options.name || 'pattern.cfp.json');
46
54
  console.log(`[IPFS] Uploading ${content.length} bytes to web3.storage...`);
47
55
  // Create FormData-like body for upload
48
56
  const boundary = '----WebKitFormBoundary' + crypto.randomBytes(16).toString('hex');
@@ -91,7 +99,7 @@ async function uploadToPinata(content, options) {
91
99
  throw new Error('Pinata API credentials not found. Set PINATA_API_KEY and PINATA_API_SECRET.\n' +
92
100
  'Get credentials at: https://pinata.cloud');
93
101
  }
94
- const name = options.name || 'pattern.cfp.json';
102
+ const name = sanitizeFileName(options.name || 'pattern.cfp.json');
95
103
  console.log(`[IPFS] Uploading ${content.length} bytes to Pinata...`);
96
104
  const boundary = '----WebKitFormBoundary' + crypto.randomBytes(16).toString('hex');
97
105
  const metadata = JSON.stringify({ name });
@@ -277,14 +285,36 @@ export async function unpinContent(cid, options = {}) {
277
285
  console.log(`[IPFS] Demo unpinned`);
278
286
  return { success: true };
279
287
  }
288
+ /** Allowlisted IPFS gateway hosts for SSRF prevention */
289
+ const ALLOWED_GATEWAY_HOSTS_UPLOAD = new Set([
290
+ 'w3s.link',
291
+ 'gateway.pinata.cloud',
292
+ 'cloudflare-ipfs.com',
293
+ 'ipfs.io',
294
+ 'dweb.link',
295
+ ]);
296
+ function isAllowedGateway(gateway) {
297
+ try {
298
+ const parsed = new URL(gateway);
299
+ return parsed.protocol === 'https:' && ALLOWED_GATEWAY_HOSTS_UPLOAD.has(parsed.hostname);
300
+ }
301
+ catch {
302
+ return false;
303
+ }
304
+ }
280
305
  /**
281
306
  * Check if content exists on IPFS
282
307
  */
283
308
  export async function checkContent(cid, gateway = 'https://w3s.link') {
309
+ if (!isAllowedGateway(gateway)) {
310
+ console.warn(`[IPFS] Blocked checkContent: gateway not in allowlist: ${gateway}`);
311
+ return { exists: false };
312
+ }
284
313
  console.log(`[IPFS] Checking ${cid}...`);
285
314
  try {
286
315
  const response = await fetch(`${gateway}/ipfs/${cid}`, {
287
316
  method: 'HEAD',
317
+ signal: AbortSignal.timeout(10000),
288
318
  });
289
319
  if (response.ok) {
290
320
  const size = parseInt(response.headers.get('content-length') || '0', 10);
@@ -315,7 +345,7 @@ export function getIPNSURL(name, gateway = 'https://w3s.link') {
315
345
  */
316
346
  async function uploadToLocalIPFS(content, options) {
317
347
  const apiUrl = process.env.IPFS_API_URL || 'http://localhost:5001';
318
- const name = options.name || 'pattern.cfp.json';
348
+ const name = sanitizeFileName(options.name || 'pattern.cfp.json');
319
349
  console.log(`[IPFS] Uploading ${content.length} bytes to ${apiUrl}...`);
320
350
  const boundary = '----IPFSBoundary' + crypto.randomBytes(16).toString('hex');
321
351
  const body = Buffer.concat([
@@ -107,11 +107,17 @@ export function serializeToBuffer(cfp, format) {
107
107
  return Buffer.from(json, 'utf-8');
108
108
  }
109
109
  }
110
+ /** Maximum CFP payload size (10 MB) — prevents OOM on crafted inputs. */
111
+ const MAX_CFP_SIZE = 10 * 1024 * 1024;
110
112
  /**
111
113
  * Deserialize CFP from string/buffer
112
114
  */
113
115
  export function deserializeCFP(data) {
114
116
  const str = typeof data === 'string' ? data : data.toString('utf-8');
117
+ // Guard against OOM before parsing
118
+ if (str.length > MAX_CFP_SIZE) {
119
+ throw new Error(`CFP payload too large (${str.length} bytes; max ${MAX_CFP_SIZE})`);
120
+ }
115
121
  let parsed;
116
122
  try {
117
123
  parsed = JSON.parse(str);
@@ -119,9 +125,9 @@ export function deserializeCFP(data) {
119
125
  catch (e) {
120
126
  throw new Error(`Invalid CFP file: ${e instanceof Error ? e.message : String(e)}`);
121
127
  }
122
- // Validate magic bytes
128
+ // Validate magic bytes — use a fixed message to avoid reflecting arbitrary input
123
129
  if (parsed.magic !== 'CFP1') {
124
- throw new Error(`Invalid CFP format: expected magic 'CFP1', got '${parsed.magic}'`);
130
+ throw new Error('Invalid CFP format: unexpected magic bytes');
125
131
  }
126
132
  return parsed;
127
133
  }
@@ -131,7 +137,7 @@ export function deserializeCFP(data) {
131
137
  export function validateCFP(cfp) {
132
138
  const errors = [];
133
139
  if (cfp.magic !== 'CFP1') {
134
- errors.push(`Invalid magic bytes: ${cfp.magic}`);
140
+ errors.push('Invalid magic bytes');
135
141
  }
136
142
  if (!cfp.version) {
137
143
  errors.push('Missing version');
@@ -105,7 +105,24 @@ export async function uploadToGCS(content, options = {}) {
105
105
  execFileSync('gcloud', uploadArgs, { encoding: 'utf-8', stdio: 'pipe', timeout: 60000 });
106
106
  // Set metadata if provided
107
107
  if (options.metadata && Object.keys(options.metadata).length > 0) {
108
- const metadataJson = JSON.stringify(options.metadata);
108
+ // Cap metadata to prevent unbounded flag values; restrict key charset to
109
+ // alphanumeric/dash/underscore to avoid injection in --custom-metadata=<json>.
110
+ const MAX_META_KEY_LEN = 128;
111
+ const MAX_META_VAL_LEN = 512;
112
+ const MAX_META_ENTRIES = 20;
113
+ const safeMetadata = {};
114
+ let metaCount = 0;
115
+ for (const [k, v] of Object.entries(options.metadata)) {
116
+ if (metaCount >= MAX_META_ENTRIES)
117
+ break;
118
+ if (typeof k !== 'string' || typeof v !== 'string')
119
+ continue;
120
+ if (!/^[a-zA-Z0-9_-]+$/.test(k))
121
+ continue;
122
+ safeMetadata[k.slice(0, MAX_META_KEY_LEN)] = v.slice(0, MAX_META_VAL_LEN);
123
+ metaCount++;
124
+ }
125
+ const metadataJson = JSON.stringify(safeMetadata);
109
126
  try {
110
127
  const metaArgs = ['storage', 'objects', 'update', `gs://${config.bucket}/${objectPath}`, `--custom-metadata=${metadataJson}`];
111
128
  if (config.projectId)
@@ -164,6 +181,15 @@ export async function downloadFromGCS(uri, config) {
164
181
  if (cfg?.projectId)
165
182
  downloadArgs.push(`--project=${cfg.projectId}`);
166
183
  execFileSync('gcloud', downloadArgs, { encoding: 'utf-8', stdio: 'pipe' });
184
+ const MAX_GCS_DOWNLOAD_BYTES = 50 * 1024 * 1024; // 50 MB
185
+ const fileSize = fs.statSync(tempFile).size;
186
+ if (fileSize > MAX_GCS_DOWNLOAD_BYTES) {
187
+ const resolvedTemp2 = path.resolve(tempFile);
188
+ if (resolvedTemp2.startsWith(path.resolve(tempDir)))
189
+ fs.unlinkSync(tempFile);
190
+ console.error(`[GCS] Downloaded file exceeds size limit (${fileSize} > ${MAX_GCS_DOWNLOAD_BYTES} bytes)`);
191
+ return null;
192
+ }
167
193
  const content = fs.readFileSync(tempFile);
168
194
  const resolvedTemp = path.resolve(tempFile);
169
195
  if (resolvedTemp.startsWith(path.resolve(tempDir))) {
@@ -215,9 +241,17 @@ export async function listGCSObjects(prefix, config) {
215
241
  const listArgs = ['storage', 'ls', '-l', uri, '--format=json'];
216
242
  if (cfg.projectId)
217
243
  listArgs.push(`--project=${cfg.projectId}`);
218
- const result = execFileSync('gcloud', listArgs, { encoding: 'utf-8', stdio: 'pipe' });
244
+ const result = execFileSync('gcloud', listArgs, { encoding: 'utf-8', stdio: 'pipe', maxBuffer: 10 * 1024 * 1024 });
245
+ // Guard against gcloud returning a huge JSON payload that could OOM Node.
246
+ const MAX_LIST_BYTES = 10 * 1024 * 1024; // 10 MB
247
+ if (result.length > MAX_LIST_BYTES) {
248
+ console.error(`[GCS] listGCSObjects response too large (${result.length} bytes), truncating`);
249
+ return [];
250
+ }
219
251
  const objects = JSON.parse(result);
220
- return objects.map((obj) => ({
252
+ if (!Array.isArray(objects))
253
+ return [];
254
+ return objects.slice(0, 10_000).map((obj) => ({
221
255
  name: obj.name,
222
256
  size: obj.size || 0,
223
257
  updated: obj.updated || new Date().toISOString(),