monomind 1.11.13 → 1.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/agents/generated/channel-intelligence-director.md +87 -0
- package/.claude/agents/generated/chief-growth-officer.md +88 -0
- package/.claude/agents/generated/content-seo-strategist.md +90 -0
- package/.claude/agents/generated/developer-community-strategist.md +91 -0
- package/.claude/agents/generated/outreach-partnership-strategist.md +90 -0
- package/.claude/agents/generated/social-media-strategist.md +91 -0
- package/.claude/agents/generated/video-visual-strategist.md +90 -0
- package/.claude/commands/mastermind/idea.md +1 -1
- package/.claude/helpers/auto-memory-hook.mjs +13 -4
- package/.claude/helpers/control-start.cjs +5 -0
- package/.claude/helpers/event-logger.cjs +114 -0
- package/.claude/helpers/handlers/adr-draft-handler.cjs +19 -5
- package/.claude/helpers/handlers/agent-start-handler.cjs +13 -4
- package/.claude/helpers/handlers/compact-handler.cjs +2 -0
- package/.claude/helpers/handlers/edit-handler.cjs +1 -1
- package/.claude/helpers/handlers/gates-handler.cjs +3 -0
- package/.claude/helpers/handlers/graph-status-handler.cjs +14 -8
- package/.claude/helpers/handlers/loops-status-handler.cjs +5 -2
- package/.claude/helpers/handlers/route-handler.cjs +13 -6
- package/.claude/helpers/handlers/session-handler.cjs +11 -4
- package/.claude/helpers/handlers/session-restore-handler.cjs +21 -11
- package/.claude/helpers/handlers/task-handler.cjs +13 -5
- package/.claude/helpers/intelligence.cjs +7 -2
- package/.claude/helpers/loop-tracker.cjs +15 -3
- package/.claude/helpers/memory.cjs +6 -1
- package/.claude/helpers/router.cjs +5 -2
- package/.claude/helpers/session.cjs +2 -0
- package/.claude/helpers/statusline.cjs +10 -2
- package/.claude/helpers/utils/micro-agents.cjs +20 -4
- package/.claude/scheduled_tasks.lock +1 -1
- package/.claude/settings.json +92 -1
- package/.claude/skills/mastermind/_protocol.md +23 -13
- package/.claude/skills/mastermind/architect.md +6 -9
- package/.claude/skills/mastermind/build.md +3 -3
- package/.claude/skills/mastermind/content.md +3 -3
- package/.claude/skills/mastermind/createorg.md +2 -2
- package/.claude/skills/mastermind/finance.md +3 -3
- package/.claude/skills/mastermind/idea.md +5 -3
- package/.claude/skills/mastermind/marketing.md +3 -3
- package/.claude/skills/mastermind/monitor.md +2 -2
- package/.claude/skills/mastermind/release.md +3 -3
- package/.claude/skills/mastermind/research.md +3 -3
- package/.claude/skills/mastermind/review.md +3 -3
- package/.claude/skills/mastermind/runorg.md +153 -86
- package/.claude/skills/mastermind/sales.md +3 -3
- package/README.md +286 -129
- package/package.json +19 -2
- package/packages/@monomind/cli/README.md +286 -129
- package/packages/@monomind/cli/bundled-graph/dist/src/build.js +73 -0
- package/packages/@monomind/cli/bundled-graph/dist/src/cluster.js +120 -0
- package/packages/@monomind/cli/bundled-graph/package.json +57 -0
- package/packages/@monomind/cli/dist/src/agents/halt-signal.d.ts +25 -0
- package/packages/@monomind/cli/dist/src/agents/halt-signal.js +76 -0
- package/packages/@monomind/cli/dist/src/agents/index.d.ts +18 -0
- package/packages/@monomind/cli/dist/src/agents/index.js +13 -0
- package/packages/@monomind/cli/dist/src/agents/managed-agent.d.ts +41 -0
- package/packages/@monomind/cli/dist/src/agents/managed-agent.js +69 -0
- package/packages/@monomind/cli/dist/src/agents/prompt-experiment.d.ts +23 -0
- package/packages/@monomind/cli/dist/src/agents/prompt-experiment.js +49 -0
- package/packages/@monomind/cli/dist/src/agents/prompt-version-manager.d.ts +22 -0
- package/packages/@monomind/cli/dist/src/agents/prompt-version-manager.js +80 -0
- package/packages/@monomind/cli/dist/src/agents/registry-builder.js +2 -0
- package/packages/@monomind/cli/dist/src/agents/registry-query.d.ts +71 -0
- package/packages/@monomind/cli/dist/src/agents/registry-query.js +125 -0
- package/packages/@monomind/cli/dist/src/agents/score-decay.d.ts +19 -0
- package/packages/@monomind/cli/dist/src/agents/score-decay.js +22 -0
- package/packages/@monomind/cli/dist/src/agents/shared-instructions-loader.d.ts +13 -0
- package/packages/@monomind/cli/dist/src/agents/shared-instructions-loader.js +40 -0
- package/packages/@monomind/cli/dist/src/agents/specialization-scorer.d.ts +54 -0
- package/packages/@monomind/cli/dist/src/agents/specialization-scorer.js +212 -0
- package/packages/@monomind/cli/dist/src/agents/termination-watcher.d.ts +30 -0
- package/packages/@monomind/cli/dist/src/agents/termination-watcher.js +84 -0
- package/packages/@monomind/cli/dist/src/agents/trigger-index.d.ts +20 -0
- package/packages/@monomind/cli/dist/src/agents/trigger-index.js +38 -0
- package/packages/@monomind/cli/dist/src/agents/trigger-scanner.d.ts +64 -0
- package/packages/@monomind/cli/dist/src/agents/trigger-scanner.js +308 -0
- package/packages/@monomind/cli/dist/src/agents/version-diff.d.ts +18 -0
- package/packages/@monomind/cli/dist/src/agents/version-diff.js +64 -0
- package/packages/@monomind/cli/dist/src/agents/version-store.d.ts +60 -0
- package/packages/@monomind/cli/dist/src/agents/version-store.js +235 -0
- package/packages/@monomind/cli/dist/src/autopilot-state.js +10 -5
- package/packages/@monomind/cli/dist/src/benchmarks/benchmark-runner.js +13 -0
- package/packages/@monomind/cli/dist/src/benchmarks/metric-evaluators.js +20 -9
- package/packages/@monomind/cli/dist/src/benchmarks/pretrain/index.d.ts +45 -0
- package/packages/@monomind/cli/dist/src/benchmarks/pretrain/index.js +404 -0
- package/packages/@monomind/cli/dist/src/browser/actions.js +10 -3
- package/packages/@monomind/cli/dist/src/browser/browser.js +12 -2
- package/packages/@monomind/cli/dist/src/browser/cdp.js +21 -3
- package/packages/@monomind/cli/dist/src/browser/har.js +27 -5
- package/packages/@monomind/cli/dist/src/commands/agent-wasm.d.ts +14 -0
- package/packages/@monomind/cli/dist/src/commands/agent-wasm.js +333 -0
- package/packages/@monomind/cli/dist/src/commands/agent.js +11 -8
- package/packages/@monomind/cli/dist/src/commands/analyze.js +36 -21
- package/packages/@monomind/cli/dist/src/commands/autopilot.js +12 -4
- package/packages/@monomind/cli/dist/src/commands/benchmark.js +51 -8
- package/packages/@monomind/cli/dist/src/commands/browse.js +5 -2
- package/packages/@monomind/cli/dist/src/commands/claims.js +29 -11
- package/packages/@monomind/cli/dist/src/commands/cleanup.js +25 -5
- package/packages/@monomind/cli/dist/src/commands/config.js +15 -7
- package/packages/@monomind/cli/dist/src/commands/daemon.js +6 -0
- package/packages/@monomind/cli/dist/src/commands/deployment.js +34 -19
- package/packages/@monomind/cli/dist/src/commands/doctor.js +151 -20
- package/packages/@monomind/cli/dist/src/commands/guidance.js +15 -2
- package/packages/@monomind/cli/dist/src/commands/hive-mind.js +37 -14
- package/packages/@monomind/cli/dist/src/commands/hooks.js +42 -25
- package/packages/@monomind/cli/dist/src/commands/init.js +9 -4
- package/packages/@monomind/cli/dist/src/commands/issues.js +29 -26
- package/packages/@monomind/cli/dist/src/commands/mcp.js +11 -5
- package/packages/@monomind/cli/dist/src/commands/memory.js +10 -0
- package/packages/@monomind/cli/dist/src/commands/migrate.js +5 -5
- package/packages/@monomind/cli/dist/src/commands/monograph.js +18 -5
- package/packages/@monomind/cli/dist/src/commands/monovector/backup.js +8 -2
- package/packages/@monomind/cli/dist/src/commands/monovector/benchmark.js +20 -7
- package/packages/@monomind/cli/dist/src/commands/monovector/import.js +15 -0
- package/packages/@monomind/cli/dist/src/commands/monovector/migrate.js +4 -1
- package/packages/@monomind/cli/dist/src/commands/monovector/optimize.js +11 -0
- package/packages/@monomind/cli/dist/src/commands/monovector/setup.js +11 -1
- package/packages/@monomind/cli/dist/src/commands/neural.js +1 -1
- package/packages/@monomind/cli/dist/src/commands/performance.js +20 -7
- package/packages/@monomind/cli/dist/src/commands/platforms.js +90 -8
- package/packages/@monomind/cli/dist/src/commands/plugins.js +12 -5
- package/packages/@monomind/cli/dist/src/commands/process.js +33 -10
- package/packages/@monomind/cli/dist/src/commands/progress.js +5 -3
- package/packages/@monomind/cli/dist/src/commands/providers.js +5 -5
- package/packages/@monomind/cli/dist/src/commands/replay.js +8 -2
- package/packages/@monomind/cli/dist/src/commands/route.js +27 -7
- package/packages/@monomind/cli/dist/src/commands/security.js +4 -0
- package/packages/@monomind/cli/dist/src/commands/session.js +12 -1
- package/packages/@monomind/cli/dist/src/commands/start.js +11 -4
- package/packages/@monomind/cli/dist/src/commands/status.js +7 -4
- package/packages/@monomind/cli/dist/src/commands/swarm.js +27 -13
- package/packages/@monomind/cli/dist/src/commands/task.js +26 -11
- package/packages/@monomind/cli/dist/src/commands/tokens.js +7 -2
- package/packages/@monomind/cli/dist/src/commands/transfer-store.js +36 -22
- package/packages/@monomind/cli/dist/src/commands/ui.js +68 -0
- package/packages/@monomind/cli/dist/src/commands/update.js +15 -3
- package/packages/@monomind/cli/dist/src/commands/workflow.js +39 -6
- package/packages/@monomind/cli/dist/src/consensus/audit-writer.js +18 -7
- package/packages/@monomind/cli/dist/src/consensus/index.d.ts +7 -0
- package/packages/@monomind/cli/dist/src/consensus/index.js +6 -0
- package/packages/@monomind/cli/dist/src/consensus/vote-signer.js +25 -8
- package/packages/@monomind/cli/dist/src/context/context-provider.d.ts +44 -0
- package/packages/@monomind/cli/dist/src/context/context-provider.js +25 -0
- package/packages/@monomind/cli/dist/src/context/git-state-provider.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/context/git-state-provider.js +34 -0
- package/packages/@monomind/cli/dist/src/context/index.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/context/index.js +12 -0
- package/packages/@monomind/cli/dist/src/context/project-conventions-provider.d.ts +15 -0
- package/packages/@monomind/cli/dist/src/context/project-conventions-provider.js +19 -0
- package/packages/@monomind/cli/dist/src/context/prompt-assembler.d.ts +26 -0
- package/packages/@monomind/cli/dist/src/context/prompt-assembler.js +93 -0
- package/packages/@monomind/cli/dist/src/context/task-history-provider.d.ts +24 -0
- package/packages/@monomind/cli/dist/src/context/task-history-provider.js +32 -0
- package/packages/@monomind/cli/dist/src/context/user-preferences-provider.d.ts +14 -0
- package/packages/@monomind/cli/dist/src/context/user-preferences-provider.js +27 -0
- package/packages/@monomind/cli/dist/src/dlq/dlq-reader.d.ts +31 -0
- package/packages/@monomind/cli/dist/src/dlq/dlq-reader.js +81 -0
- package/packages/@monomind/cli/dist/src/dlq/dlq-writer.d.ts +24 -0
- package/packages/@monomind/cli/dist/src/dlq/dlq-writer.js +65 -0
- package/packages/@monomind/cli/dist/src/dlq/index.d.ts +10 -0
- package/packages/@monomind/cli/dist/src/dlq/index.js +7 -0
- package/packages/@monomind/cli/dist/src/eval/dataset-manager.d.ts +33 -0
- package/packages/@monomind/cli/dist/src/eval/dataset-manager.js +107 -0
- package/packages/@monomind/cli/dist/src/eval/dataset-runner.d.ts +23 -0
- package/packages/@monomind/cli/dist/src/eval/dataset-runner.js +59 -0
- package/packages/@monomind/cli/dist/src/eval/index.d.ts +10 -0
- package/packages/@monomind/cli/dist/src/eval/index.js +7 -0
- package/packages/@monomind/cli/dist/src/eval/trace-collector.d.ts +40 -0
- package/packages/@monomind/cli/dist/src/eval/trace-collector.js +102 -0
- package/packages/@monomind/cli/dist/src/index.js +7 -3
- package/packages/@monomind/cli/dist/src/infrastructure/in-memory-repositories.d.ts +68 -0
- package/packages/@monomind/cli/dist/src/infrastructure/in-memory-repositories.js +264 -0
- package/packages/@monomind/cli/dist/src/init/executor.js +14 -11
- package/packages/@monomind/cli/dist/src/init/shared-instructions-generator.js +20 -4
- package/packages/@monomind/cli/dist/src/init/statusline-generator.js +33 -12
- package/packages/@monomind/cli/dist/src/interactive/interrupt.d.ts +22 -0
- package/packages/@monomind/cli/dist/src/interactive/interrupt.js +71 -0
- package/packages/@monomind/cli/dist/src/mcp/deprecation-injector.d.ts +25 -0
- package/packages/@monomind/cli/dist/src/mcp/deprecation-injector.js +48 -0
- package/packages/@monomind/cli/dist/src/mcp/tool-registry.d.ts +61 -0
- package/packages/@monomind/cli/dist/src/mcp/tool-registry.js +246 -0
- package/packages/@monomind/cli/dist/src/mcp-tools/a2a-tools.js +98 -13
- package/packages/@monomind/cli/dist/src/mcp-tools/agent-tools.js +16 -3
- package/packages/@monomind/cli/dist/src/mcp-tools/analyze-tools.js +80 -17
- package/packages/@monomind/cli/dist/src/mcp-tools/browser-tools.js +84 -22
- package/packages/@monomind/cli/dist/src/mcp-tools/claims-tools.js +35 -7
- package/packages/@monomind/cli/dist/src/mcp-tools/config-tools.js +82 -17
- package/packages/@monomind/cli/dist/src/mcp-tools/coordination-tools.js +37 -4
- package/packages/@monomind/cli/dist/src/mcp-tools/daa-tools.js +49 -7
- package/packages/@monomind/cli/dist/src/mcp-tools/embeddings-tools.js +45 -18
- package/packages/@monomind/cli/dist/src/mcp-tools/github-tools.js +75 -25
- package/packages/@monomind/cli/dist/src/mcp-tools/guidance-tools.js +32 -10
- package/packages/@monomind/cli/dist/src/mcp-tools/hive-mind-tools.js +91 -20
- package/packages/@monomind/cli/dist/src/mcp-tools/hooks-tools.js +188 -29
- package/packages/@monomind/cli/dist/src/mcp-tools/memory-tools.js +25 -7
- package/packages/@monomind/cli/dist/src/mcp-tools/monograph-compat.js +11 -2
- package/packages/@monomind/cli/dist/src/mcp-tools/monograph-tools.js +148 -26
- package/packages/@monomind/cli/dist/src/mcp-tools/neural-tools.js +44 -9
- package/packages/@monomind/cli/dist/src/mcp-tools/performance-tools.js +45 -10
- package/packages/@monomind/cli/dist/src/mcp-tools/progress-tools.js +7 -4
- package/packages/@monomind/cli/dist/src/mcp-tools/request-tracker.js +15 -1
- package/packages/@monomind/cli/dist/src/mcp-tools/security-tools.js +61 -9
- package/packages/@monomind/cli/dist/src/mcp-tools/session-tools.js +45 -14
- package/packages/@monomind/cli/dist/src/mcp-tools/swarm-tools.js +15 -3
- package/packages/@monomind/cli/dist/src/mcp-tools/system-tools.js +14 -7
- package/packages/@monomind/cli/dist/src/mcp-tools/task-tools.js +52 -10
- package/packages/@monomind/cli/dist/src/mcp-tools/terminal-tools.js +40 -6
- package/packages/@monomind/cli/dist/src/mcp-tools/transfer-tools.js +37 -4
- package/packages/@monomind/cli/dist/src/mcp-tools/wasm-agent-tools.d.ts +9 -0
- package/packages/@monomind/cli/dist/src/mcp-tools/wasm-agent-tools.js +230 -0
- package/packages/@monomind/cli/dist/src/mcp-tools/workflow-tools.js +29 -6
- package/packages/@monomind/cli/dist/src/memory/ewc-consolidation.js +26 -10
- package/packages/@monomind/cli/dist/src/memory/intelligence.js +80 -19
- package/packages/@monomind/cli/dist/src/memory/memory-bridge.js +21 -2
- package/packages/@monomind/cli/dist/src/memory/memory-initializer.js +67 -3
- package/packages/@monomind/cli/dist/src/memory/sona-optimizer.js +14 -4
- package/packages/@monomind/cli/dist/src/model/complexity-scorer.d.ts +21 -0
- package/packages/@monomind/cli/dist/src/model/complexity-scorer.js +106 -0
- package/packages/@monomind/cli/dist/src/model/index.d.ts +4 -0
- package/packages/@monomind/cli/dist/src/model/index.js +4 -0
- package/packages/@monomind/cli/dist/src/model/model-settings.d.ts +22 -0
- package/packages/@monomind/cli/dist/src/model/model-settings.js +33 -0
- package/packages/@monomind/cli/dist/src/model/model-tier-resolver.d.ts +24 -0
- package/packages/@monomind/cli/dist/src/model/model-tier-resolver.js +65 -0
- package/packages/@monomind/cli/dist/src/monovector/capabilities.d.ts +34 -0
- package/packages/@monomind/cli/dist/src/monovector/capabilities.js +37 -0
- package/packages/@monomind/cli/dist/src/monovector/command-outcomes.js +43 -7
- package/packages/@monomind/cli/dist/src/monovector/coverage-router.js +8 -4
- package/packages/@monomind/cli/dist/src/monovector/coverage-tools.js +6 -3
- package/packages/@monomind/cli/dist/src/monovector/diff-classifier.js +13 -0
- package/packages/@monomind/cli/dist/src/monovector/route-outcomes.d.ts +2 -1
- package/packages/@monomind/cli/dist/src/monovector/route-outcomes.js +46 -4
- package/packages/@monomind/cli/dist/src/observability/replay-reader.d.ts +1 -1
- package/packages/@monomind/cli/dist/src/orchestration/index.d.ts +7 -0
- package/packages/@monomind/cli/dist/src/orchestration/index.js +6 -0
- package/packages/@monomind/cli/dist/src/orchestration/mode-dispatcher.d.ts +11 -0
- package/packages/@monomind/cli/dist/src/orchestration/mode-dispatcher.js +31 -0
- package/packages/@monomind/cli/dist/src/orchestration/routing-modes.d.ts +68 -0
- package/packages/@monomind/cli/dist/src/orchestration/routing-modes.js +180 -0
- package/packages/@monomind/cli/dist/src/plugins/manager.js +8 -3
- package/packages/@monomind/cli/dist/src/plugins/store/discovery.js +46 -2
- package/packages/@monomind/cli/dist/src/plugins/store/search.js +5 -4
- package/packages/@monomind/cli/dist/src/plugins/tests/demo-plugin-store.d.ts +7 -0
- package/packages/@monomind/cli/dist/src/plugins/tests/demo-plugin-store.js +126 -0
- package/packages/@monomind/cli/dist/src/plugins/tests/standalone-test.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/plugins/tests/standalone-test.js +188 -0
- package/packages/@monomind/cli/dist/src/plugins/tests/test-plugin-store.d.ts +7 -0
- package/packages/@monomind/cli/dist/src/plugins/tests/test-plugin-store.js +206 -0
- package/packages/@monomind/cli/dist/src/production/circuit-breaker.js +17 -3
- package/packages/@monomind/cli/dist/src/production/error-handler.js +3 -0
- package/packages/@monomind/cli/dist/src/production/monitoring.js +20 -3
- package/packages/@monomind/cli/dist/src/production/rate-limiter.js +13 -4
- package/packages/@monomind/cli/dist/src/production/retry.js +17 -9
- package/packages/@monomind/cli/dist/src/routing/embed-worker.js +6 -2
- package/packages/@monomind/cli/dist/src/routing/embedder.js +0 -0
- package/packages/@monomind/cli/dist/src/routing/llm-caller.js +13 -2
- package/packages/@monomind/cli/dist/src/routing/route-layer-factory.js +18 -3
- package/packages/@monomind/cli/dist/src/runtime/headless.d.ts +60 -0
- package/packages/@monomind/cli/dist/src/runtime/headless.js +284 -0
- package/packages/@monomind/cli/dist/src/services/agentic-flow-bridge.d.ts +50 -0
- package/packages/@monomind/cli/dist/src/services/agentic-flow-bridge.js +95 -0
- package/packages/@monomind/cli/dist/src/services/claim-service.d.ts +1 -0
- package/packages/@monomind/cli/dist/src/services/claim-service.js +8 -0
- package/packages/@monomind/cli/dist/src/services/config-file-manager.js +14 -2
- package/packages/@monomind/cli/dist/src/services/container-worker-pool.d.ts +197 -0
- package/packages/@monomind/cli/dist/src/services/container-worker-pool.js +623 -0
- package/packages/@monomind/cli/dist/src/services/headless-worker-executor.js +18 -2
- package/packages/@monomind/cli/dist/src/services/index.d.ts +13 -0
- package/packages/@monomind/cli/dist/src/services/index.js +11 -0
- package/packages/@monomind/cli/dist/src/services/worker-daemon.js +53 -12
- package/packages/@monomind/cli/dist/src/services/worker-queue.d.ts +201 -0
- package/packages/@monomind/cli/dist/src/services/worker-queue.js +594 -0
- package/packages/@monomind/cli/dist/src/swarm/communication-graph.d.ts +25 -0
- package/packages/@monomind/cli/dist/src/swarm/communication-graph.js +77 -0
- package/packages/@monomind/cli/dist/src/swarm/flow-enforcer.d.ts +31 -0
- package/packages/@monomind/cli/dist/src/swarm/flow-enforcer.js +61 -0
- package/packages/@monomind/cli/dist/src/swarm/flow-visualizer.d.ts +19 -0
- package/packages/@monomind/cli/dist/src/swarm/flow-visualizer.js +68 -0
- package/packages/@monomind/cli/dist/src/transfer/anonymization/index.d.ts +0 -3
- package/packages/@monomind/cli/dist/src/transfer/anonymization/index.js +16 -1
- package/packages/@monomind/cli/dist/src/transfer/deploy-seraphine.d.ts +13 -0
- package/packages/@monomind/cli/dist/src/transfer/deploy-seraphine.js +205 -0
- package/packages/@monomind/cli/dist/src/transfer/export.js +8 -0
- package/packages/@monomind/cli/dist/src/transfer/ipfs/upload.js +33 -3
- package/packages/@monomind/cli/dist/src/transfer/serialization/cfp.js +9 -3
- package/packages/@monomind/cli/dist/src/transfer/storage/gcs.js +37 -3
- package/packages/@monomind/cli/dist/src/transfer/store/discovery.js +45 -3
- package/packages/@monomind/cli/dist/src/transfer/store/download.js +5 -0
- package/packages/@monomind/cli/dist/src/transfer/store/publish.js +13 -1
- package/packages/@monomind/cli/dist/src/transfer/store/registry.d.ts +8 -0
- package/packages/@monomind/cli/dist/src/transfer/store/registry.js +30 -5
- package/packages/@monomind/cli/dist/src/transfer/store/search.js +20 -5
- package/packages/@monomind/cli/dist/src/transfer/store/tests/standalone-test.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/transfer/store/tests/standalone-test.js +190 -0
- package/packages/@monomind/cli/dist/src/transfer/test-seraphine.d.ts +6 -0
- package/packages/@monomind/cli/dist/src/transfer/test-seraphine.js +105 -0
- package/packages/@monomind/cli/dist/src/transfer/tests/test-store.d.ts +7 -0
- package/packages/@monomind/cli/dist/src/transfer/tests/test-store.js +214 -0
- package/packages/@monomind/cli/dist/src/update/checker.js +59 -7
- package/packages/@monomind/cli/dist/src/update/executor.js +50 -3
- package/packages/@monomind/cli/dist/src/update/index.js +18 -1
- package/packages/@monomind/cli/dist/src/update/rate-limiter.d.ts +6 -0
- package/packages/@monomind/cli/dist/src/update/rate-limiter.js +79 -7
- package/packages/@monomind/cli/dist/src/update/validator.js +52 -1
- package/packages/@monomind/cli/dist/src/workflow/condition-evaluator.d.ts +10 -0
- package/packages/@monomind/cli/dist/src/workflow/condition-evaluator.js +82 -0
- package/packages/@monomind/cli/dist/src/workflow/context-resolver.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/workflow/context-resolver.js +23 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-builder.d.ts +17 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-builder.js +129 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-executor.d.ts +9 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-executor.js +116 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-types.d.ts +41 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-types.js +8 -0
- package/packages/@monomind/cli/dist/src/workflow/dsl-parser.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/workflow/dsl-parser.js +20 -0
- package/packages/@monomind/cli/dist/src/workflow/dsl-schema.d.ts +165 -0
- package/packages/@monomind/cli/dist/src/workflow/dsl-schema.js +82 -0
- package/packages/@monomind/cli/dist/src/workflow/index.d.ts +13 -0
- package/packages/@monomind/cli/dist/src/workflow/index.js +11 -0
- package/packages/@monomind/cli/dist/src/workflow/template-engine.d.ts +11 -0
- package/packages/@monomind/cli/dist/src/workflow/template-engine.js +40 -0
- package/packages/@monomind/cli/dist/src/workflow/workflow-executor.d.ts +29 -0
- package/packages/@monomind/cli/dist/src/workflow/workflow-executor.js +227 -0
- package/packages/@monomind/cli/package.json +9 -10
- package/packages/@monomind/guidance/dist/adversarial.d.ts +284 -0
- package/packages/@monomind/guidance/dist/adversarial.js +572 -0
- package/packages/@monomind/guidance/dist/analyzer.d.ts +530 -0
- package/packages/@monomind/guidance/dist/analyzer.js +2518 -0
- package/packages/@monomind/guidance/dist/artifacts.d.ts +283 -0
- package/packages/@monomind/guidance/dist/artifacts.js +356 -0
- package/packages/@monomind/guidance/dist/authority.d.ts +290 -0
- package/packages/@monomind/guidance/dist/authority.js +558 -0
- package/packages/@monomind/guidance/dist/capabilities.d.ts +209 -0
- package/packages/@monomind/guidance/dist/capabilities.js +485 -0
- package/packages/@monomind/guidance/dist/coherence.d.ts +233 -0
- package/packages/@monomind/guidance/dist/coherence.js +372 -0
- package/packages/@monomind/guidance/dist/compiler.d.ts +87 -0
- package/packages/@monomind/guidance/dist/compiler.js +419 -0
- package/packages/@monomind/guidance/dist/conformance-kit.d.ts +225 -0
- package/packages/@monomind/guidance/dist/conformance-kit.js +629 -0
- package/packages/@monomind/guidance/dist/continue-gate.d.ts +214 -0
- package/packages/@monomind/guidance/dist/continue-gate.js +353 -0
- package/packages/@monomind/guidance/dist/crypto-utils.d.ts +17 -0
- package/packages/@monomind/guidance/dist/crypto-utils.js +24 -0
- package/packages/@monomind/guidance/dist/evolution.d.ts +282 -0
- package/packages/@monomind/guidance/dist/evolution.js +500 -0
- package/packages/@monomind/guidance/dist/gates.d.ts +79 -0
- package/packages/@monomind/guidance/dist/gates.js +302 -0
- package/packages/@monomind/guidance/dist/gateway.d.ts +206 -0
- package/packages/@monomind/guidance/dist/gateway.js +452 -0
- package/packages/@monomind/guidance/dist/generators.d.ts +153 -0
- package/packages/@monomind/guidance/dist/generators.js +682 -0
- package/packages/@monomind/guidance/dist/headless.d.ts +177 -0
- package/packages/@monomind/guidance/dist/headless.js +342 -0
- package/packages/@monomind/guidance/dist/hooks.d.ts +109 -0
- package/packages/@monomind/guidance/dist/hooks.js +347 -0
- package/packages/@monomind/guidance/dist/index.d.ts +205 -0
- package/packages/@monomind/guidance/dist/index.js +321 -0
- package/packages/@monomind/guidance/dist/ledger.d.ts +162 -0
- package/packages/@monomind/guidance/dist/ledger.js +375 -0
- package/packages/@monomind/guidance/dist/manifest-validator.d.ts +289 -0
- package/packages/@monomind/guidance/dist/manifest-validator.js +838 -0
- package/packages/@monomind/guidance/dist/memory-gate.d.ts +222 -0
- package/packages/@monomind/guidance/dist/memory-gate.js +382 -0
- package/packages/@monomind/guidance/dist/meta-governance.d.ts +265 -0
- package/packages/@monomind/guidance/dist/meta-governance.js +348 -0
- package/packages/@monomind/guidance/dist/optimizer.d.ts +104 -0
- package/packages/@monomind/guidance/dist/optimizer.js +329 -0
- package/packages/@monomind/guidance/dist/persistence.d.ts +189 -0
- package/packages/@monomind/guidance/dist/persistence.js +464 -0
- package/packages/@monomind/guidance/dist/proof.d.ts +185 -0
- package/packages/@monomind/guidance/dist/proof.js +238 -0
- package/packages/@monomind/guidance/dist/retriever.d.ts +116 -0
- package/packages/@monomind/guidance/dist/retriever.js +394 -0
- package/packages/@monomind/guidance/dist/ruvbot-integration.d.ts +370 -0
- package/packages/@monomind/guidance/dist/ruvbot-integration.js +738 -0
- package/packages/@monomind/guidance/dist/temporal.d.ts +426 -0
- package/packages/@monomind/guidance/dist/temporal.js +658 -0
- package/packages/@monomind/guidance/dist/trust.d.ts +283 -0
- package/packages/@monomind/guidance/dist/trust.js +473 -0
- package/packages/@monomind/guidance/dist/truth-anchors.d.ts +276 -0
- package/packages/@monomind/guidance/dist/truth-anchors.js +488 -0
- package/packages/@monomind/guidance/dist/types.d.ts +378 -0
- package/packages/@monomind/guidance/dist/types.js +10 -0
- package/packages/@monomind/guidance/dist/uncertainty.d.ts +372 -0
- package/packages/@monomind/guidance/dist/uncertainty.js +619 -0
- package/packages/@monomind/guidance/dist/wasm-kernel.d.ts +48 -0
- package/packages/@monomind/guidance/dist/wasm-kernel.js +158 -0
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* FlowEnforcer (Task 40)
|
|
3
|
+
*
|
|
4
|
+
* Checks messages against the communication graph and records violations.
|
|
5
|
+
* No database dependency — violations stored in memory.
|
|
6
|
+
*/
|
|
7
|
+
import type { FlowViolation } from '../../../shared/src/types/communication-flow.js';
|
|
8
|
+
import type { CommunicationGraph } from './communication-graph.js';
|
|
9
|
+
export declare class FlowEnforcer {
|
|
10
|
+
private readonly graph;
|
|
11
|
+
private readonly swarmId;
|
|
12
|
+
private readonly enforce;
|
|
13
|
+
private readonly violations;
|
|
14
|
+
private static readonly MAX_VIOLATIONS;
|
|
15
|
+
constructor(graph: CommunicationGraph, swarmId: string, enforceMode: boolean);
|
|
16
|
+
/**
|
|
17
|
+
* Check whether a message is authorized and record any violation.
|
|
18
|
+
*
|
|
19
|
+
* Returns BOTH `authorized` (the policy decision) and `enforced` (whether the
|
|
20
|
+
* decision is actually applied). Callers must read both — taking action based
|
|
21
|
+
* solely on `authorized` would let `enforce=false` silently bypass the policy.
|
|
22
|
+
*/
|
|
23
|
+
checkAndRecord(fromSlug: string, toSlug: string, messageContent: string): {
|
|
24
|
+
authorized: boolean;
|
|
25
|
+
enforced: boolean;
|
|
26
|
+
violation?: FlowViolation;
|
|
27
|
+
};
|
|
28
|
+
/** Return all recorded violations */
|
|
29
|
+
getViolations(): FlowViolation[];
|
|
30
|
+
}
|
|
31
|
+
//# sourceMappingURL=flow-enforcer.d.ts.map
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* FlowEnforcer (Task 40)
|
|
3
|
+
*
|
|
4
|
+
* Checks messages against the communication graph and records violations.
|
|
5
|
+
* No database dependency — violations stored in memory.
|
|
6
|
+
*/
|
|
7
|
+
import { randomUUID } from 'crypto';
|
|
8
|
+
export class FlowEnforcer {
|
|
9
|
+
graph;
|
|
10
|
+
swarmId;
|
|
11
|
+
enforce;
|
|
12
|
+
violations = [];
|
|
13
|
+
static MAX_VIOLATIONS = 1000;
|
|
14
|
+
constructor(graph, swarmId, enforceMode) {
|
|
15
|
+
this.graph = graph;
|
|
16
|
+
this.swarmId = swarmId;
|
|
17
|
+
this.enforce = enforceMode;
|
|
18
|
+
}
|
|
19
|
+
/**
|
|
20
|
+
* Check whether a message is authorized and record any violation.
|
|
21
|
+
*
|
|
22
|
+
* Returns BOTH `authorized` (the policy decision) and `enforced` (whether the
|
|
23
|
+
* decision is actually applied). Callers must read both — taking action based
|
|
24
|
+
* solely on `authorized` would let `enforce=false` silently bypass the policy.
|
|
25
|
+
*/
|
|
26
|
+
checkAndRecord(fromSlug, toSlug, messageContent) {
|
|
27
|
+
if (this.graph.isAuthorized(fromSlug, toSlug)) {
|
|
28
|
+
return { authorized: true, enforced: this.enforce };
|
|
29
|
+
}
|
|
30
|
+
const violation = {
|
|
31
|
+
violationId: randomUUID(),
|
|
32
|
+
swarmId: this.swarmId,
|
|
33
|
+
fromAgentSlug: fromSlug,
|
|
34
|
+
toAgentSlug: toSlug,
|
|
35
|
+
// Truncated preview only; for sensitive traffic, redact via a hook before
|
|
36
|
+
// it reaches this enforcer. Cap means an attacker can't fill memory with
|
|
37
|
+
// long messages either.
|
|
38
|
+
messagePreview: messageContent.slice(0, 120),
|
|
39
|
+
detectedAt: new Date().toISOString(),
|
|
40
|
+
action: this.enforce ? 'blocked' : 'logged',
|
|
41
|
+
};
|
|
42
|
+
// FIFO eviction so a sustained attack can't grow violations to GB-scale.
|
|
43
|
+
if (this.violations.length >= FlowEnforcer.MAX_VIOLATIONS) {
|
|
44
|
+
this.violations.shift();
|
|
45
|
+
}
|
|
46
|
+
this.violations.push(violation);
|
|
47
|
+
return {
|
|
48
|
+
// Policy decision: NOT authorized. Whether the caller blocks the send is
|
|
49
|
+
// governed by `enforced`, which is exposed separately so callers cannot
|
|
50
|
+
// accidentally treat audit-mode as "permitted".
|
|
51
|
+
authorized: false,
|
|
52
|
+
enforced: this.enforce,
|
|
53
|
+
violation,
|
|
54
|
+
};
|
|
55
|
+
}
|
|
56
|
+
/** Return all recorded violations */
|
|
57
|
+
getViolations() {
|
|
58
|
+
return [...this.violations];
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
//# sourceMappingURL=flow-enforcer.js.map
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Flow Visualizer (Task 40)
|
|
3
|
+
*
|
|
4
|
+
* ASCII and DOT (Graphviz) renderers for communication flow edges.
|
|
5
|
+
*/
|
|
6
|
+
import type { FlowEdge } from '../../../shared/src/types/communication-flow.js';
|
|
7
|
+
/**
|
|
8
|
+
* Render edges as human-readable ASCII art.
|
|
9
|
+
* Empty edges produce a single-line "unrestricted" notice.
|
|
10
|
+
*/
|
|
11
|
+
export declare function toAscii(edges: FlowEdge[], title?: string): string;
|
|
12
|
+
/**
|
|
13
|
+
* Render edges as a DOT language digraph (Graphviz compatible).
|
|
14
|
+
* Slugs are escaped so a malicious slug cannot inject DOT attributes
|
|
15
|
+
* (e.g., URL="javascript:..." would be rendered as a clickable link
|
|
16
|
+
* by Graphviz's SVG output without escaping).
|
|
17
|
+
*/
|
|
18
|
+
export declare function toDOT(edges: FlowEdge[], graphName?: string): string;
|
|
19
|
+
//# sourceMappingURL=flow-visualizer.d.ts.map
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Flow Visualizer (Task 40)
|
|
3
|
+
*
|
|
4
|
+
* ASCII and DOT (Graphviz) renderers for communication flow edges.
|
|
5
|
+
*/
|
|
6
|
+
/** Escape a slug for safe DOT identifier interpolation. */
|
|
7
|
+
function dotEscape(s) {
|
|
8
|
+
return String(s ?? '').replace(/\\/g, '\\\\').replace(/"/g, '\\"');
|
|
9
|
+
}
|
|
10
|
+
/** Strip newlines/CR for safe ASCII line emission (log-injection defense). */
|
|
11
|
+
function asciiSafe(s) {
|
|
12
|
+
return String(s ?? '').replace(/[\r\n\x00-\x1f\x7f]/g, '?');
|
|
13
|
+
}
|
|
14
|
+
/** Restrict graph names to a safe DOT identifier — graph_name must be an ID. */
|
|
15
|
+
function safeGraphName(name) {
|
|
16
|
+
return /^[a-zA-Z_][a-zA-Z0-9_]{0,63}$/.test(name) ? name : 'swarm_flow';
|
|
17
|
+
}
|
|
18
|
+
const MAX_DISPLAY_EDGES = 500;
|
|
19
|
+
/**
|
|
20
|
+
* Render edges as human-readable ASCII art.
|
|
21
|
+
* Empty edges produce a single-line "unrestricted" notice.
|
|
22
|
+
*/
|
|
23
|
+
export function toAscii(edges, title) {
|
|
24
|
+
const lines = [];
|
|
25
|
+
if (title) {
|
|
26
|
+
lines.push(`=== ${asciiSafe(title)} ===`);
|
|
27
|
+
lines.push('');
|
|
28
|
+
}
|
|
29
|
+
if (edges.length === 0) {
|
|
30
|
+
lines.push('(unrestricted — all agents may communicate freely)');
|
|
31
|
+
return lines.join('\n');
|
|
32
|
+
}
|
|
33
|
+
const capped = edges.slice(0, MAX_DISPLAY_EDGES);
|
|
34
|
+
for (const [from, to] of capped) {
|
|
35
|
+
lines.push(` ${asciiSafe(from)} --> ${asciiSafe(to)}`);
|
|
36
|
+
}
|
|
37
|
+
if (edges.length > MAX_DISPLAY_EDGES) {
|
|
38
|
+
lines.push(` ... (${edges.length - MAX_DISPLAY_EDGES} more edges omitted)`);
|
|
39
|
+
}
|
|
40
|
+
return lines.join('\n');
|
|
41
|
+
}
|
|
42
|
+
/**
|
|
43
|
+
* Render edges as a DOT language digraph (Graphviz compatible).
|
|
44
|
+
* Slugs are escaped so a malicious slug cannot inject DOT attributes
|
|
45
|
+
* (e.g., URL="javascript:..." would be rendered as a clickable link
|
|
46
|
+
* by Graphviz's SVG output without escaping).
|
|
47
|
+
*/
|
|
48
|
+
export function toDOT(edges, graphName) {
|
|
49
|
+
const name = safeGraphName(graphName ?? 'swarm_flow');
|
|
50
|
+
const lines = [];
|
|
51
|
+
lines.push(`digraph ${name} {`);
|
|
52
|
+
lines.push(' rankdir=LR;');
|
|
53
|
+
if (edges.length === 0) {
|
|
54
|
+
lines.push(' // unrestricted — no explicit edges');
|
|
55
|
+
}
|
|
56
|
+
else {
|
|
57
|
+
const capped = edges.slice(0, MAX_DISPLAY_EDGES);
|
|
58
|
+
for (const [from, to] of capped) {
|
|
59
|
+
lines.push(` "${dotEscape(from)}" -> "${dotEscape(to)}";`);
|
|
60
|
+
}
|
|
61
|
+
if (edges.length > MAX_DISPLAY_EDGES) {
|
|
62
|
+
lines.push(` // ... (${edges.length - MAX_DISPLAY_EDGES} more edges omitted)`);
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
lines.push('}');
|
|
66
|
+
return lines.join('\n');
|
|
67
|
+
}
|
|
68
|
+
//# sourceMappingURL=flow-visualizer.js.map
|
|
@@ -11,9 +11,6 @@ export declare function detectPII(content: string): PIIDetectionResult;
|
|
|
11
11
|
* Redact PII from a string
|
|
12
12
|
*/
|
|
13
13
|
export declare function redactPII(content: string): string;
|
|
14
|
-
/**
|
|
15
|
-
* Apply anonymization to CFP document
|
|
16
|
-
*/
|
|
17
14
|
export declare function anonymizeCFP(cfp: CFPFormat, level: AnonymizationLevel): {
|
|
18
15
|
cfp: CFPFormat;
|
|
19
16
|
transforms: string[];
|
|
@@ -35,10 +35,15 @@ const REDACTIONS = {
|
|
|
35
35
|
function hash(input) {
|
|
36
36
|
return crypto.createHash('sha256').update(input).digest('hex');
|
|
37
37
|
}
|
|
38
|
+
/** Maximum content size for PII scanning/redaction (4 MB). */
|
|
39
|
+
const MAX_SCAN_SIZE = 4 * 1024 * 1024;
|
|
38
40
|
/**
|
|
39
41
|
* Detect PII in a string
|
|
40
42
|
*/
|
|
41
43
|
export function detectPII(content) {
|
|
44
|
+
if (content.length > MAX_SCAN_SIZE) {
|
|
45
|
+
throw new Error(`detectPII: content too large (${content.length} bytes; max ${MAX_SCAN_SIZE})`);
|
|
46
|
+
}
|
|
42
47
|
const result = {
|
|
43
48
|
found: false,
|
|
44
49
|
count: 0,
|
|
@@ -85,6 +90,9 @@ function getSeverity(type) {
|
|
|
85
90
|
* Redact PII from a string
|
|
86
91
|
*/
|
|
87
92
|
export function redactPII(content) {
|
|
93
|
+
if (content.length > MAX_SCAN_SIZE) {
|
|
94
|
+
throw new Error(`redactPII: content too large (${content.length} bytes; max ${MAX_SCAN_SIZE})`);
|
|
95
|
+
}
|
|
88
96
|
let result = content;
|
|
89
97
|
for (const [type, pattern] of Object.entries(PII_PATTERNS)) {
|
|
90
98
|
const replacement = REDACTIONS[type];
|
|
@@ -100,9 +108,16 @@ export function redactPII(content) {
|
|
|
100
108
|
/**
|
|
101
109
|
* Apply anonymization to CFP document
|
|
102
110
|
*/
|
|
111
|
+
/** Maximum CFP payload size accepted for anonymization (10 MB). */
|
|
112
|
+
const MAX_CFP_ANONYMIZE_SIZE = 10 * 1024 * 1024;
|
|
103
113
|
export function anonymizeCFP(cfp, level) {
|
|
114
|
+
// Guard before deep clone to prevent OOM on a crafted large object
|
|
115
|
+
const serialized = JSON.stringify(cfp);
|
|
116
|
+
if (serialized.length > MAX_CFP_ANONYMIZE_SIZE) {
|
|
117
|
+
throw new Error(`anonymizeCFP: CFP payload too large (${serialized.length} bytes; max ${MAX_CFP_ANONYMIZE_SIZE})`);
|
|
118
|
+
}
|
|
104
119
|
const transforms = [];
|
|
105
|
-
const anonymized = JSON.parse(
|
|
120
|
+
const anonymized = JSON.parse(serialized);
|
|
106
121
|
// Level: Minimal
|
|
107
122
|
if (['minimal', 'standard', 'strict', 'paranoid'].includes(level)) {
|
|
108
123
|
// Redact author display name
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
#!/usr/bin/env npx tsx
|
|
2
|
+
/**
|
|
3
|
+
* Deploy Seraphine Genesis Model
|
|
4
|
+
* Exports and uploads the first Monomind pattern model to IPFS
|
|
5
|
+
*
|
|
6
|
+
* Usage:
|
|
7
|
+
* npx tsx deploy-seraphine.ts
|
|
8
|
+
* npx tsx deploy-seraphine.ts --output ./patterns/
|
|
9
|
+
* npx tsx deploy-seraphine.ts --to-ipfs
|
|
10
|
+
* npx tsx deploy-seraphine.ts --to-ipfs --anonymize strict
|
|
11
|
+
*/
|
|
12
|
+
export {};
|
|
13
|
+
//# sourceMappingURL=deploy-seraphine.d.ts.map
|
|
@@ -0,0 +1,205 @@
|
|
|
1
|
+
#!/usr/bin/env npx tsx
|
|
2
|
+
/**
|
|
3
|
+
* Deploy Seraphine Genesis Model
|
|
4
|
+
* Exports and uploads the first Monomind pattern model to IPFS
|
|
5
|
+
*
|
|
6
|
+
* Usage:
|
|
7
|
+
* npx tsx deploy-seraphine.ts
|
|
8
|
+
* npx tsx deploy-seraphine.ts --output ./patterns/
|
|
9
|
+
* npx tsx deploy-seraphine.ts --to-ipfs
|
|
10
|
+
* npx tsx deploy-seraphine.ts --to-ipfs --anonymize strict
|
|
11
|
+
*/
|
|
12
|
+
import * as path from 'path';
|
|
13
|
+
import { fileURLToPath } from 'url';
|
|
14
|
+
const __filename = fileURLToPath(import.meta.url);
|
|
15
|
+
const __dirname = path.dirname(__filename);
|
|
16
|
+
import { createSeraphineGenesis, getSeraphineInfo } from './models/seraphine.js';
|
|
17
|
+
import { exportPatterns } from './export.js';
|
|
18
|
+
import { validateCFP } from './serialization/cfp.js';
|
|
19
|
+
import { scanCFPForPII } from './anonymization/index.js';
|
|
20
|
+
/**
|
|
21
|
+
* Parse CLI arguments
|
|
22
|
+
*/
|
|
23
|
+
function parseArgs() {
|
|
24
|
+
const args = process.argv.slice(2);
|
|
25
|
+
const options = {
|
|
26
|
+
toIpfs: false,
|
|
27
|
+
anonymize: 'standard',
|
|
28
|
+
pin: true,
|
|
29
|
+
gateway: 'https://w3s.link',
|
|
30
|
+
validate: true,
|
|
31
|
+
verbose: false,
|
|
32
|
+
};
|
|
33
|
+
for (let i = 0; i < args.length; i++) {
|
|
34
|
+
const arg = args[i];
|
|
35
|
+
switch (arg) {
|
|
36
|
+
case '--output':
|
|
37
|
+
case '-o':
|
|
38
|
+
options.output = args[++i];
|
|
39
|
+
break;
|
|
40
|
+
case '--to-ipfs':
|
|
41
|
+
case '--ipfs':
|
|
42
|
+
options.toIpfs = true;
|
|
43
|
+
break;
|
|
44
|
+
case '--anonymize':
|
|
45
|
+
case '-a':
|
|
46
|
+
options.anonymize = args[++i];
|
|
47
|
+
break;
|
|
48
|
+
case '--no-pin':
|
|
49
|
+
options.pin = false;
|
|
50
|
+
break;
|
|
51
|
+
case '--gateway':
|
|
52
|
+
case '-g':
|
|
53
|
+
options.gateway = args[++i];
|
|
54
|
+
break;
|
|
55
|
+
case '--no-validate':
|
|
56
|
+
options.validate = false;
|
|
57
|
+
break;
|
|
58
|
+
case '--verbose':
|
|
59
|
+
case '-v':
|
|
60
|
+
options.verbose = true;
|
|
61
|
+
break;
|
|
62
|
+
case '--help':
|
|
63
|
+
case '-h':
|
|
64
|
+
printHelp();
|
|
65
|
+
process.exit(0);
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
return options;
|
|
69
|
+
}
|
|
70
|
+
/**
|
|
71
|
+
* Print help message
|
|
72
|
+
*/
|
|
73
|
+
function printHelp() {
|
|
74
|
+
console.log(`
|
|
75
|
+
Seraphine Genesis Deployer
|
|
76
|
+
==========================
|
|
77
|
+
|
|
78
|
+
Deploy the foundational Monomind pattern model.
|
|
79
|
+
|
|
80
|
+
Usage:
|
|
81
|
+
npx ts-node deploy-seraphine.ts [options]
|
|
82
|
+
|
|
83
|
+
Options:
|
|
84
|
+
--output, -o <path> Output file path
|
|
85
|
+
--to-ipfs, --ipfs Upload to IPFS
|
|
86
|
+
--anonymize, -a <level> Anonymization level (minimal|standard|strict|paranoid)
|
|
87
|
+
--gateway, -g <url> IPFS gateway URL
|
|
88
|
+
--no-pin Don't pin to pinning service
|
|
89
|
+
--no-validate Skip validation
|
|
90
|
+
--verbose, -v Verbose output
|
|
91
|
+
--help, -h Show this help
|
|
92
|
+
|
|
93
|
+
Examples:
|
|
94
|
+
npx ts-node deploy-seraphine.ts --output ./seraphine-genesis.cfp.json
|
|
95
|
+
npx ts-node deploy-seraphine.ts --to-ipfs --anonymize strict
|
|
96
|
+
npx ts-node deploy-seraphine.ts --to-ipfs --gateway https://dweb.link
|
|
97
|
+
`);
|
|
98
|
+
}
|
|
99
|
+
/**
|
|
100
|
+
* Main deploy function
|
|
101
|
+
*/
|
|
102
|
+
async function deploy() {
|
|
103
|
+
const options = parseArgs();
|
|
104
|
+
console.log('');
|
|
105
|
+
console.log('╔══════════════════════════════════════════════════════════╗');
|
|
106
|
+
console.log('║ SERAPHINE GENESIS MODEL DEPLOYMENT ║');
|
|
107
|
+
console.log('║ The First Monomind Pattern Model ║');
|
|
108
|
+
console.log('╚══════════════════════════════════════════════════════════╝');
|
|
109
|
+
console.log('');
|
|
110
|
+
// Step 1: Create Seraphine Genesis
|
|
111
|
+
console.log('📦 Creating Seraphine Genesis Model...');
|
|
112
|
+
const genesis = createSeraphineGenesis();
|
|
113
|
+
const info = getSeraphineInfo();
|
|
114
|
+
console.log(` Name: ${info.name}`);
|
|
115
|
+
console.log(` Version: ${info.version}`);
|
|
116
|
+
console.log(` Description: ${info.description.slice(0, 60)}...`);
|
|
117
|
+
console.log('');
|
|
118
|
+
console.log(' Pattern Counts:');
|
|
119
|
+
for (const [type, count] of Object.entries(info.patternCounts)) {
|
|
120
|
+
console.log(` - ${type}: ${count}`);
|
|
121
|
+
}
|
|
122
|
+
console.log('');
|
|
123
|
+
// Step 2: Validate
|
|
124
|
+
if (options.validate) {
|
|
125
|
+
console.log('✅ Validating CFP format...');
|
|
126
|
+
const validation = validateCFP(genesis);
|
|
127
|
+
if (!validation.valid) {
|
|
128
|
+
console.error('❌ Validation failed:');
|
|
129
|
+
for (const error of validation.errors) {
|
|
130
|
+
console.error(` - ${error}`);
|
|
131
|
+
}
|
|
132
|
+
process.exit(1);
|
|
133
|
+
}
|
|
134
|
+
console.log(' Format is valid!');
|
|
135
|
+
console.log('');
|
|
136
|
+
}
|
|
137
|
+
// Step 3: Scan for PII
|
|
138
|
+
console.log('🔍 Scanning for PII...');
|
|
139
|
+
const piiScan = scanCFPForPII(genesis);
|
|
140
|
+
if (piiScan.found) {
|
|
141
|
+
console.log(` Found ${piiScan.count} PII items:`);
|
|
142
|
+
for (const [type, count] of Object.entries(piiScan.types)) {
|
|
143
|
+
console.log(` - ${type}: ${count}`);
|
|
144
|
+
}
|
|
145
|
+
console.log(' Will be redacted during export.');
|
|
146
|
+
}
|
|
147
|
+
else {
|
|
148
|
+
console.log(' No PII detected!');
|
|
149
|
+
}
|
|
150
|
+
console.log('');
|
|
151
|
+
// Step 4: Export
|
|
152
|
+
console.log(`📤 Exporting with ${options.anonymize} anonymization...`);
|
|
153
|
+
const exportOptions = {
|
|
154
|
+
output: options.output,
|
|
155
|
+
toIpfs: options.toIpfs,
|
|
156
|
+
anonymize: options.anonymize,
|
|
157
|
+
pin: options.pin,
|
|
158
|
+
gateway: options.gateway,
|
|
159
|
+
format: 'json',
|
|
160
|
+
redactPii: true,
|
|
161
|
+
};
|
|
162
|
+
// If no output specified and not uploading to IPFS, create default output
|
|
163
|
+
if (!options.output && !options.toIpfs) {
|
|
164
|
+
const defaultOutput = path.join(process.cwd(), 'seraphine-genesis.cfp.json');
|
|
165
|
+
exportOptions.output = defaultOutput;
|
|
166
|
+
}
|
|
167
|
+
const result = await exportPatterns(genesis, exportOptions);
|
|
168
|
+
console.log('');
|
|
169
|
+
console.log('═══════════════════════════════════════════════════════════');
|
|
170
|
+
console.log(' DEPLOYMENT COMPLETE ');
|
|
171
|
+
console.log('═══════════════════════════════════════════════════════════');
|
|
172
|
+
console.log('');
|
|
173
|
+
if (result.success) {
|
|
174
|
+
console.log('✅ Successfully deployed Seraphine Genesis!');
|
|
175
|
+
console.log('');
|
|
176
|
+
console.log(' 📊 Export Summary:');
|
|
177
|
+
console.log(` Patterns: ${result.patternCount}`);
|
|
178
|
+
console.log(` Size: ${result.size} bytes`);
|
|
179
|
+
console.log(` Anonymization: ${result.anonymizationLevel}`);
|
|
180
|
+
if (result.outputPath) {
|
|
181
|
+
console.log('');
|
|
182
|
+
console.log(` 📁 File: ${result.outputPath}`);
|
|
183
|
+
}
|
|
184
|
+
if (result.cid) {
|
|
185
|
+
console.log('');
|
|
186
|
+
console.log(' 🌐 IPFS:');
|
|
187
|
+
console.log(` CID: ${result.cid}`);
|
|
188
|
+
console.log(` Gateway URL: ${result.gateway}/ipfs/${result.cid}`);
|
|
189
|
+
}
|
|
190
|
+
console.log('');
|
|
191
|
+
console.log(' 🎉 Hello World! The genesis pattern has been deployed.');
|
|
192
|
+
console.log(' 🌟 This is the first Monomind pattern ever shared.');
|
|
193
|
+
console.log('');
|
|
194
|
+
}
|
|
195
|
+
else {
|
|
196
|
+
console.error('❌ Deployment failed!');
|
|
197
|
+
process.exit(1);
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
// Run if executed directly
|
|
201
|
+
deploy().catch(error => {
|
|
202
|
+
console.error('Fatal error:', error);
|
|
203
|
+
process.exit(1);
|
|
204
|
+
});
|
|
205
|
+
//# sourceMappingURL=deploy-seraphine.js.map
|
|
@@ -49,6 +49,14 @@ export async function exportPatterns(cfp, options = {}) {
|
|
|
49
49
|
// Write to file
|
|
50
50
|
const ext = getFileExtension(format);
|
|
51
51
|
outputPath = output.endsWith(ext) ? output : output + ext;
|
|
52
|
+
// Path traversal guard — output must resolve within the current working
|
|
53
|
+
// directory to prevent callers from writing to arbitrary filesystem paths.
|
|
54
|
+
const projectRoot = path.resolve(process.cwd());
|
|
55
|
+
const resolvedOutputPath = path.resolve(process.cwd(), outputPath);
|
|
56
|
+
if (!resolvedOutputPath.startsWith(projectRoot + path.sep) && resolvedOutputPath !== projectRoot) {
|
|
57
|
+
throw new Error(`Output path must resolve within the project directory: ${projectRoot}`);
|
|
58
|
+
}
|
|
59
|
+
outputPath = resolvedOutputPath;
|
|
52
60
|
// Ensure directory exists
|
|
53
61
|
const dir = path.dirname(outputPath);
|
|
54
62
|
if (!fs.existsSync(dir)) {
|
|
@@ -6,6 +6,14 @@
|
|
|
6
6
|
* @version 3.0.0
|
|
7
7
|
*/
|
|
8
8
|
import * as crypto from 'crypto';
|
|
9
|
+
/**
|
|
10
|
+
* Sanitize a user-supplied filename before embedding it inside a multipart
|
|
11
|
+
* Content-Disposition header. Strip all CR/LF characters (MIME header injection)
|
|
12
|
+
* and cap length to prevent oversized headers.
|
|
13
|
+
*/
|
|
14
|
+
function sanitizeFileName(name) {
|
|
15
|
+
return name.replace(/[\r\n]/g, '').slice(0, 200);
|
|
16
|
+
}
|
|
9
17
|
/**
|
|
10
18
|
* Get web3.storage token from environment or config
|
|
11
19
|
*/
|
|
@@ -42,7 +50,7 @@ async function uploadToWeb3Storage(content, options) {
|
|
|
42
50
|
'Get a free token at: https://web3.storage');
|
|
43
51
|
}
|
|
44
52
|
const endpoint = options.endpoint || 'https://api.web3.storage';
|
|
45
|
-
const name = options.name || 'pattern.cfp.json';
|
|
53
|
+
const name = sanitizeFileName(options.name || 'pattern.cfp.json');
|
|
46
54
|
console.log(`[IPFS] Uploading ${content.length} bytes to web3.storage...`);
|
|
47
55
|
// Create FormData-like body for upload
|
|
48
56
|
const boundary = '----WebKitFormBoundary' + crypto.randomBytes(16).toString('hex');
|
|
@@ -91,7 +99,7 @@ async function uploadToPinata(content, options) {
|
|
|
91
99
|
throw new Error('Pinata API credentials not found. Set PINATA_API_KEY and PINATA_API_SECRET.\n' +
|
|
92
100
|
'Get credentials at: https://pinata.cloud');
|
|
93
101
|
}
|
|
94
|
-
const name = options.name || 'pattern.cfp.json';
|
|
102
|
+
const name = sanitizeFileName(options.name || 'pattern.cfp.json');
|
|
95
103
|
console.log(`[IPFS] Uploading ${content.length} bytes to Pinata...`);
|
|
96
104
|
const boundary = '----WebKitFormBoundary' + crypto.randomBytes(16).toString('hex');
|
|
97
105
|
const metadata = JSON.stringify({ name });
|
|
@@ -277,14 +285,36 @@ export async function unpinContent(cid, options = {}) {
|
|
|
277
285
|
console.log(`[IPFS] Demo unpinned`);
|
|
278
286
|
return { success: true };
|
|
279
287
|
}
|
|
288
|
+
/** Allowlisted IPFS gateway hosts for SSRF prevention */
|
|
289
|
+
const ALLOWED_GATEWAY_HOSTS_UPLOAD = new Set([
|
|
290
|
+
'w3s.link',
|
|
291
|
+
'gateway.pinata.cloud',
|
|
292
|
+
'cloudflare-ipfs.com',
|
|
293
|
+
'ipfs.io',
|
|
294
|
+
'dweb.link',
|
|
295
|
+
]);
|
|
296
|
+
function isAllowedGateway(gateway) {
|
|
297
|
+
try {
|
|
298
|
+
const parsed = new URL(gateway);
|
|
299
|
+
return parsed.protocol === 'https:' && ALLOWED_GATEWAY_HOSTS_UPLOAD.has(parsed.hostname);
|
|
300
|
+
}
|
|
301
|
+
catch {
|
|
302
|
+
return false;
|
|
303
|
+
}
|
|
304
|
+
}
|
|
280
305
|
/**
|
|
281
306
|
* Check if content exists on IPFS
|
|
282
307
|
*/
|
|
283
308
|
export async function checkContent(cid, gateway = 'https://w3s.link') {
|
|
309
|
+
if (!isAllowedGateway(gateway)) {
|
|
310
|
+
console.warn(`[IPFS] Blocked checkContent: gateway not in allowlist: ${gateway}`);
|
|
311
|
+
return { exists: false };
|
|
312
|
+
}
|
|
284
313
|
console.log(`[IPFS] Checking ${cid}...`);
|
|
285
314
|
try {
|
|
286
315
|
const response = await fetch(`${gateway}/ipfs/${cid}`, {
|
|
287
316
|
method: 'HEAD',
|
|
317
|
+
signal: AbortSignal.timeout(10000),
|
|
288
318
|
});
|
|
289
319
|
if (response.ok) {
|
|
290
320
|
const size = parseInt(response.headers.get('content-length') || '0', 10);
|
|
@@ -315,7 +345,7 @@ export function getIPNSURL(name, gateway = 'https://w3s.link') {
|
|
|
315
345
|
*/
|
|
316
346
|
async function uploadToLocalIPFS(content, options) {
|
|
317
347
|
const apiUrl = process.env.IPFS_API_URL || 'http://localhost:5001';
|
|
318
|
-
const name = options.name || 'pattern.cfp.json';
|
|
348
|
+
const name = sanitizeFileName(options.name || 'pattern.cfp.json');
|
|
319
349
|
console.log(`[IPFS] Uploading ${content.length} bytes to ${apiUrl}...`);
|
|
320
350
|
const boundary = '----IPFSBoundary' + crypto.randomBytes(16).toString('hex');
|
|
321
351
|
const body = Buffer.concat([
|
|
@@ -107,11 +107,17 @@ export function serializeToBuffer(cfp, format) {
|
|
|
107
107
|
return Buffer.from(json, 'utf-8');
|
|
108
108
|
}
|
|
109
109
|
}
|
|
110
|
+
/** Maximum CFP payload size (10 MB) — prevents OOM on crafted inputs. */
|
|
111
|
+
const MAX_CFP_SIZE = 10 * 1024 * 1024;
|
|
110
112
|
/**
|
|
111
113
|
* Deserialize CFP from string/buffer
|
|
112
114
|
*/
|
|
113
115
|
export function deserializeCFP(data) {
|
|
114
116
|
const str = typeof data === 'string' ? data : data.toString('utf-8');
|
|
117
|
+
// Guard against OOM before parsing
|
|
118
|
+
if (str.length > MAX_CFP_SIZE) {
|
|
119
|
+
throw new Error(`CFP payload too large (${str.length} bytes; max ${MAX_CFP_SIZE})`);
|
|
120
|
+
}
|
|
115
121
|
let parsed;
|
|
116
122
|
try {
|
|
117
123
|
parsed = JSON.parse(str);
|
|
@@ -119,9 +125,9 @@ export function deserializeCFP(data) {
|
|
|
119
125
|
catch (e) {
|
|
120
126
|
throw new Error(`Invalid CFP file: ${e instanceof Error ? e.message : String(e)}`);
|
|
121
127
|
}
|
|
122
|
-
// Validate magic bytes
|
|
128
|
+
// Validate magic bytes — use a fixed message to avoid reflecting arbitrary input
|
|
123
129
|
if (parsed.magic !== 'CFP1') {
|
|
124
|
-
throw new Error(
|
|
130
|
+
throw new Error('Invalid CFP format: unexpected magic bytes');
|
|
125
131
|
}
|
|
126
132
|
return parsed;
|
|
127
133
|
}
|
|
@@ -131,7 +137,7 @@ export function deserializeCFP(data) {
|
|
|
131
137
|
export function validateCFP(cfp) {
|
|
132
138
|
const errors = [];
|
|
133
139
|
if (cfp.magic !== 'CFP1') {
|
|
134
|
-
errors.push(
|
|
140
|
+
errors.push('Invalid magic bytes');
|
|
135
141
|
}
|
|
136
142
|
if (!cfp.version) {
|
|
137
143
|
errors.push('Missing version');
|
|
@@ -105,7 +105,24 @@ export async function uploadToGCS(content, options = {}) {
|
|
|
105
105
|
execFileSync('gcloud', uploadArgs, { encoding: 'utf-8', stdio: 'pipe', timeout: 60000 });
|
|
106
106
|
// Set metadata if provided
|
|
107
107
|
if (options.metadata && Object.keys(options.metadata).length > 0) {
|
|
108
|
-
|
|
108
|
+
// Cap metadata to prevent unbounded flag values; restrict key charset to
|
|
109
|
+
// alphanumeric/dash/underscore to avoid injection in --custom-metadata=<json>.
|
|
110
|
+
const MAX_META_KEY_LEN = 128;
|
|
111
|
+
const MAX_META_VAL_LEN = 512;
|
|
112
|
+
const MAX_META_ENTRIES = 20;
|
|
113
|
+
const safeMetadata = {};
|
|
114
|
+
let metaCount = 0;
|
|
115
|
+
for (const [k, v] of Object.entries(options.metadata)) {
|
|
116
|
+
if (metaCount >= MAX_META_ENTRIES)
|
|
117
|
+
break;
|
|
118
|
+
if (typeof k !== 'string' || typeof v !== 'string')
|
|
119
|
+
continue;
|
|
120
|
+
if (!/^[a-zA-Z0-9_-]+$/.test(k))
|
|
121
|
+
continue;
|
|
122
|
+
safeMetadata[k.slice(0, MAX_META_KEY_LEN)] = v.slice(0, MAX_META_VAL_LEN);
|
|
123
|
+
metaCount++;
|
|
124
|
+
}
|
|
125
|
+
const metadataJson = JSON.stringify(safeMetadata);
|
|
109
126
|
try {
|
|
110
127
|
const metaArgs = ['storage', 'objects', 'update', `gs://${config.bucket}/${objectPath}`, `--custom-metadata=${metadataJson}`];
|
|
111
128
|
if (config.projectId)
|
|
@@ -164,6 +181,15 @@ export async function downloadFromGCS(uri, config) {
|
|
|
164
181
|
if (cfg?.projectId)
|
|
165
182
|
downloadArgs.push(`--project=${cfg.projectId}`);
|
|
166
183
|
execFileSync('gcloud', downloadArgs, { encoding: 'utf-8', stdio: 'pipe' });
|
|
184
|
+
const MAX_GCS_DOWNLOAD_BYTES = 50 * 1024 * 1024; // 50 MB
|
|
185
|
+
const fileSize = fs.statSync(tempFile).size;
|
|
186
|
+
if (fileSize > MAX_GCS_DOWNLOAD_BYTES) {
|
|
187
|
+
const resolvedTemp2 = path.resolve(tempFile);
|
|
188
|
+
if (resolvedTemp2.startsWith(path.resolve(tempDir)))
|
|
189
|
+
fs.unlinkSync(tempFile);
|
|
190
|
+
console.error(`[GCS] Downloaded file exceeds size limit (${fileSize} > ${MAX_GCS_DOWNLOAD_BYTES} bytes)`);
|
|
191
|
+
return null;
|
|
192
|
+
}
|
|
167
193
|
const content = fs.readFileSync(tempFile);
|
|
168
194
|
const resolvedTemp = path.resolve(tempFile);
|
|
169
195
|
if (resolvedTemp.startsWith(path.resolve(tempDir))) {
|
|
@@ -215,9 +241,17 @@ export async function listGCSObjects(prefix, config) {
|
|
|
215
241
|
const listArgs = ['storage', 'ls', '-l', uri, '--format=json'];
|
|
216
242
|
if (cfg.projectId)
|
|
217
243
|
listArgs.push(`--project=${cfg.projectId}`);
|
|
218
|
-
const result = execFileSync('gcloud', listArgs, { encoding: 'utf-8', stdio: 'pipe' });
|
|
244
|
+
const result = execFileSync('gcloud', listArgs, { encoding: 'utf-8', stdio: 'pipe', maxBuffer: 10 * 1024 * 1024 });
|
|
245
|
+
// Guard against gcloud returning a huge JSON payload that could OOM Node.
|
|
246
|
+
const MAX_LIST_BYTES = 10 * 1024 * 1024; // 10 MB
|
|
247
|
+
if (result.length > MAX_LIST_BYTES) {
|
|
248
|
+
console.error(`[GCS] listGCSObjects response too large (${result.length} bytes), truncating`);
|
|
249
|
+
return [];
|
|
250
|
+
}
|
|
219
251
|
const objects = JSON.parse(result);
|
|
220
|
-
|
|
252
|
+
if (!Array.isArray(objects))
|
|
253
|
+
return [];
|
|
254
|
+
return objects.slice(0, 10_000).map((obj) => ({
|
|
221
255
|
name: obj.name,
|
|
222
256
|
size: obj.size || 0,
|
|
223
257
|
updated: obj.updated || new Date().toISOString(),
|