monomind 1.11.13 → 1.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/agents/generated/channel-intelligence-director.md +87 -0
- package/.claude/agents/generated/chief-growth-officer.md +88 -0
- package/.claude/agents/generated/content-seo-strategist.md +90 -0
- package/.claude/agents/generated/developer-community-strategist.md +91 -0
- package/.claude/agents/generated/outreach-partnership-strategist.md +90 -0
- package/.claude/agents/generated/social-media-strategist.md +91 -0
- package/.claude/agents/generated/video-visual-strategist.md +90 -0
- package/.claude/commands/mastermind/idea.md +1 -1
- package/.claude/helpers/auto-memory-hook.mjs +13 -4
- package/.claude/helpers/control-start.cjs +5 -0
- package/.claude/helpers/event-logger.cjs +114 -0
- package/.claude/helpers/handlers/adr-draft-handler.cjs +19 -5
- package/.claude/helpers/handlers/agent-start-handler.cjs +13 -4
- package/.claude/helpers/handlers/compact-handler.cjs +2 -0
- package/.claude/helpers/handlers/edit-handler.cjs +1 -1
- package/.claude/helpers/handlers/gates-handler.cjs +3 -0
- package/.claude/helpers/handlers/graph-status-handler.cjs +14 -8
- package/.claude/helpers/handlers/loops-status-handler.cjs +5 -2
- package/.claude/helpers/handlers/route-handler.cjs +13 -6
- package/.claude/helpers/handlers/session-handler.cjs +11 -4
- package/.claude/helpers/handlers/session-restore-handler.cjs +21 -11
- package/.claude/helpers/handlers/task-handler.cjs +13 -5
- package/.claude/helpers/intelligence.cjs +7 -2
- package/.claude/helpers/loop-tracker.cjs +15 -3
- package/.claude/helpers/memory.cjs +6 -1
- package/.claude/helpers/router.cjs +5 -2
- package/.claude/helpers/session.cjs +2 -0
- package/.claude/helpers/statusline.cjs +10 -2
- package/.claude/helpers/utils/micro-agents.cjs +20 -4
- package/.claude/scheduled_tasks.lock +1 -1
- package/.claude/settings.json +92 -1
- package/.claude/skills/mastermind/_protocol.md +23 -13
- package/.claude/skills/mastermind/architect.md +6 -9
- package/.claude/skills/mastermind/build.md +3 -3
- package/.claude/skills/mastermind/content.md +3 -3
- package/.claude/skills/mastermind/createorg.md +2 -2
- package/.claude/skills/mastermind/finance.md +3 -3
- package/.claude/skills/mastermind/idea.md +5 -3
- package/.claude/skills/mastermind/marketing.md +3 -3
- package/.claude/skills/mastermind/monitor.md +2 -2
- package/.claude/skills/mastermind/release.md +3 -3
- package/.claude/skills/mastermind/research.md +3 -3
- package/.claude/skills/mastermind/review.md +3 -3
- package/.claude/skills/mastermind/runorg.md +153 -86
- package/.claude/skills/mastermind/sales.md +3 -3
- package/README.md +286 -129
- package/package.json +19 -2
- package/packages/@monomind/cli/README.md +286 -129
- package/packages/@monomind/cli/bundled-graph/dist/src/build.js +73 -0
- package/packages/@monomind/cli/bundled-graph/dist/src/cluster.js +120 -0
- package/packages/@monomind/cli/bundled-graph/package.json +57 -0
- package/packages/@monomind/cli/dist/src/agents/halt-signal.d.ts +25 -0
- package/packages/@monomind/cli/dist/src/agents/halt-signal.js +76 -0
- package/packages/@monomind/cli/dist/src/agents/index.d.ts +18 -0
- package/packages/@monomind/cli/dist/src/agents/index.js +13 -0
- package/packages/@monomind/cli/dist/src/agents/managed-agent.d.ts +41 -0
- package/packages/@monomind/cli/dist/src/agents/managed-agent.js +69 -0
- package/packages/@monomind/cli/dist/src/agents/prompt-experiment.d.ts +23 -0
- package/packages/@monomind/cli/dist/src/agents/prompt-experiment.js +49 -0
- package/packages/@monomind/cli/dist/src/agents/prompt-version-manager.d.ts +22 -0
- package/packages/@monomind/cli/dist/src/agents/prompt-version-manager.js +80 -0
- package/packages/@monomind/cli/dist/src/agents/registry-builder.js +2 -0
- package/packages/@monomind/cli/dist/src/agents/registry-query.d.ts +71 -0
- package/packages/@monomind/cli/dist/src/agents/registry-query.js +125 -0
- package/packages/@monomind/cli/dist/src/agents/score-decay.d.ts +19 -0
- package/packages/@monomind/cli/dist/src/agents/score-decay.js +22 -0
- package/packages/@monomind/cli/dist/src/agents/shared-instructions-loader.d.ts +13 -0
- package/packages/@monomind/cli/dist/src/agents/shared-instructions-loader.js +40 -0
- package/packages/@monomind/cli/dist/src/agents/specialization-scorer.d.ts +54 -0
- package/packages/@monomind/cli/dist/src/agents/specialization-scorer.js +212 -0
- package/packages/@monomind/cli/dist/src/agents/termination-watcher.d.ts +30 -0
- package/packages/@monomind/cli/dist/src/agents/termination-watcher.js +84 -0
- package/packages/@monomind/cli/dist/src/agents/trigger-index.d.ts +20 -0
- package/packages/@monomind/cli/dist/src/agents/trigger-index.js +38 -0
- package/packages/@monomind/cli/dist/src/agents/trigger-scanner.d.ts +64 -0
- package/packages/@monomind/cli/dist/src/agents/trigger-scanner.js +308 -0
- package/packages/@monomind/cli/dist/src/agents/version-diff.d.ts +18 -0
- package/packages/@monomind/cli/dist/src/agents/version-diff.js +64 -0
- package/packages/@monomind/cli/dist/src/agents/version-store.d.ts +60 -0
- package/packages/@monomind/cli/dist/src/agents/version-store.js +235 -0
- package/packages/@monomind/cli/dist/src/autopilot-state.js +10 -5
- package/packages/@monomind/cli/dist/src/benchmarks/benchmark-runner.js +13 -0
- package/packages/@monomind/cli/dist/src/benchmarks/metric-evaluators.js +20 -9
- package/packages/@monomind/cli/dist/src/benchmarks/pretrain/index.d.ts +45 -0
- package/packages/@monomind/cli/dist/src/benchmarks/pretrain/index.js +404 -0
- package/packages/@monomind/cli/dist/src/browser/actions.js +10 -3
- package/packages/@monomind/cli/dist/src/browser/browser.js +12 -2
- package/packages/@monomind/cli/dist/src/browser/cdp.js +21 -3
- package/packages/@monomind/cli/dist/src/browser/har.js +27 -5
- package/packages/@monomind/cli/dist/src/commands/agent-wasm.d.ts +14 -0
- package/packages/@monomind/cli/dist/src/commands/agent-wasm.js +333 -0
- package/packages/@monomind/cli/dist/src/commands/agent.js +11 -8
- package/packages/@monomind/cli/dist/src/commands/analyze.js +36 -21
- package/packages/@monomind/cli/dist/src/commands/autopilot.js +12 -4
- package/packages/@monomind/cli/dist/src/commands/benchmark.js +51 -8
- package/packages/@monomind/cli/dist/src/commands/browse.js +5 -2
- package/packages/@monomind/cli/dist/src/commands/claims.js +29 -11
- package/packages/@monomind/cli/dist/src/commands/cleanup.js +25 -5
- package/packages/@monomind/cli/dist/src/commands/config.js +15 -7
- package/packages/@monomind/cli/dist/src/commands/daemon.js +6 -0
- package/packages/@monomind/cli/dist/src/commands/deployment.js +34 -19
- package/packages/@monomind/cli/dist/src/commands/doctor.js +151 -20
- package/packages/@monomind/cli/dist/src/commands/guidance.js +15 -2
- package/packages/@monomind/cli/dist/src/commands/hive-mind.js +37 -14
- package/packages/@monomind/cli/dist/src/commands/hooks.js +42 -25
- package/packages/@monomind/cli/dist/src/commands/init.js +9 -4
- package/packages/@monomind/cli/dist/src/commands/issues.js +29 -26
- package/packages/@monomind/cli/dist/src/commands/mcp.js +11 -5
- package/packages/@monomind/cli/dist/src/commands/memory.js +10 -0
- package/packages/@monomind/cli/dist/src/commands/migrate.js +5 -5
- package/packages/@monomind/cli/dist/src/commands/monograph.js +18 -5
- package/packages/@monomind/cli/dist/src/commands/monovector/backup.js +8 -2
- package/packages/@monomind/cli/dist/src/commands/monovector/benchmark.js +20 -7
- package/packages/@monomind/cli/dist/src/commands/monovector/import.js +15 -0
- package/packages/@monomind/cli/dist/src/commands/monovector/migrate.js +4 -1
- package/packages/@monomind/cli/dist/src/commands/monovector/optimize.js +11 -0
- package/packages/@monomind/cli/dist/src/commands/monovector/setup.js +11 -1
- package/packages/@monomind/cli/dist/src/commands/neural.js +1 -1
- package/packages/@monomind/cli/dist/src/commands/performance.js +20 -7
- package/packages/@monomind/cli/dist/src/commands/platforms.js +90 -8
- package/packages/@monomind/cli/dist/src/commands/plugins.js +12 -5
- package/packages/@monomind/cli/dist/src/commands/process.js +33 -10
- package/packages/@monomind/cli/dist/src/commands/progress.js +5 -3
- package/packages/@monomind/cli/dist/src/commands/providers.js +5 -5
- package/packages/@monomind/cli/dist/src/commands/replay.js +8 -2
- package/packages/@monomind/cli/dist/src/commands/route.js +27 -7
- package/packages/@monomind/cli/dist/src/commands/security.js +4 -0
- package/packages/@monomind/cli/dist/src/commands/session.js +12 -1
- package/packages/@monomind/cli/dist/src/commands/start.js +11 -4
- package/packages/@monomind/cli/dist/src/commands/status.js +7 -4
- package/packages/@monomind/cli/dist/src/commands/swarm.js +27 -13
- package/packages/@monomind/cli/dist/src/commands/task.js +26 -11
- package/packages/@monomind/cli/dist/src/commands/tokens.js +7 -2
- package/packages/@monomind/cli/dist/src/commands/transfer-store.js +36 -22
- package/packages/@monomind/cli/dist/src/commands/ui.js +68 -0
- package/packages/@monomind/cli/dist/src/commands/update.js +15 -3
- package/packages/@monomind/cli/dist/src/commands/workflow.js +39 -6
- package/packages/@monomind/cli/dist/src/consensus/audit-writer.js +18 -7
- package/packages/@monomind/cli/dist/src/consensus/index.d.ts +7 -0
- package/packages/@monomind/cli/dist/src/consensus/index.js +6 -0
- package/packages/@monomind/cli/dist/src/consensus/vote-signer.js +25 -8
- package/packages/@monomind/cli/dist/src/context/context-provider.d.ts +44 -0
- package/packages/@monomind/cli/dist/src/context/context-provider.js +25 -0
- package/packages/@monomind/cli/dist/src/context/git-state-provider.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/context/git-state-provider.js +34 -0
- package/packages/@monomind/cli/dist/src/context/index.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/context/index.js +12 -0
- package/packages/@monomind/cli/dist/src/context/project-conventions-provider.d.ts +15 -0
- package/packages/@monomind/cli/dist/src/context/project-conventions-provider.js +19 -0
- package/packages/@monomind/cli/dist/src/context/prompt-assembler.d.ts +26 -0
- package/packages/@monomind/cli/dist/src/context/prompt-assembler.js +93 -0
- package/packages/@monomind/cli/dist/src/context/task-history-provider.d.ts +24 -0
- package/packages/@monomind/cli/dist/src/context/task-history-provider.js +32 -0
- package/packages/@monomind/cli/dist/src/context/user-preferences-provider.d.ts +14 -0
- package/packages/@monomind/cli/dist/src/context/user-preferences-provider.js +27 -0
- package/packages/@monomind/cli/dist/src/dlq/dlq-reader.d.ts +31 -0
- package/packages/@monomind/cli/dist/src/dlq/dlq-reader.js +81 -0
- package/packages/@monomind/cli/dist/src/dlq/dlq-writer.d.ts +24 -0
- package/packages/@monomind/cli/dist/src/dlq/dlq-writer.js +65 -0
- package/packages/@monomind/cli/dist/src/dlq/index.d.ts +10 -0
- package/packages/@monomind/cli/dist/src/dlq/index.js +7 -0
- package/packages/@monomind/cli/dist/src/eval/dataset-manager.d.ts +33 -0
- package/packages/@monomind/cli/dist/src/eval/dataset-manager.js +107 -0
- package/packages/@monomind/cli/dist/src/eval/dataset-runner.d.ts +23 -0
- package/packages/@monomind/cli/dist/src/eval/dataset-runner.js +59 -0
- package/packages/@monomind/cli/dist/src/eval/index.d.ts +10 -0
- package/packages/@monomind/cli/dist/src/eval/index.js +7 -0
- package/packages/@monomind/cli/dist/src/eval/trace-collector.d.ts +40 -0
- package/packages/@monomind/cli/dist/src/eval/trace-collector.js +102 -0
- package/packages/@monomind/cli/dist/src/index.js +7 -3
- package/packages/@monomind/cli/dist/src/infrastructure/in-memory-repositories.d.ts +68 -0
- package/packages/@monomind/cli/dist/src/infrastructure/in-memory-repositories.js +264 -0
- package/packages/@monomind/cli/dist/src/init/executor.js +14 -11
- package/packages/@monomind/cli/dist/src/init/shared-instructions-generator.js +20 -4
- package/packages/@monomind/cli/dist/src/init/statusline-generator.js +33 -12
- package/packages/@monomind/cli/dist/src/interactive/interrupt.d.ts +22 -0
- package/packages/@monomind/cli/dist/src/interactive/interrupt.js +71 -0
- package/packages/@monomind/cli/dist/src/mcp/deprecation-injector.d.ts +25 -0
- package/packages/@monomind/cli/dist/src/mcp/deprecation-injector.js +48 -0
- package/packages/@monomind/cli/dist/src/mcp/tool-registry.d.ts +61 -0
- package/packages/@monomind/cli/dist/src/mcp/tool-registry.js +246 -0
- package/packages/@monomind/cli/dist/src/mcp-tools/a2a-tools.js +98 -13
- package/packages/@monomind/cli/dist/src/mcp-tools/agent-tools.js +16 -3
- package/packages/@monomind/cli/dist/src/mcp-tools/analyze-tools.js +80 -17
- package/packages/@monomind/cli/dist/src/mcp-tools/browser-tools.js +84 -22
- package/packages/@monomind/cli/dist/src/mcp-tools/claims-tools.js +35 -7
- package/packages/@monomind/cli/dist/src/mcp-tools/config-tools.js +82 -17
- package/packages/@monomind/cli/dist/src/mcp-tools/coordination-tools.js +37 -4
- package/packages/@monomind/cli/dist/src/mcp-tools/daa-tools.js +49 -7
- package/packages/@monomind/cli/dist/src/mcp-tools/embeddings-tools.js +45 -18
- package/packages/@monomind/cli/dist/src/mcp-tools/github-tools.js +75 -25
- package/packages/@monomind/cli/dist/src/mcp-tools/guidance-tools.js +32 -10
- package/packages/@monomind/cli/dist/src/mcp-tools/hive-mind-tools.js +91 -20
- package/packages/@monomind/cli/dist/src/mcp-tools/hooks-tools.js +188 -29
- package/packages/@monomind/cli/dist/src/mcp-tools/memory-tools.js +25 -7
- package/packages/@monomind/cli/dist/src/mcp-tools/monograph-compat.js +11 -2
- package/packages/@monomind/cli/dist/src/mcp-tools/monograph-tools.js +148 -26
- package/packages/@monomind/cli/dist/src/mcp-tools/neural-tools.js +44 -9
- package/packages/@monomind/cli/dist/src/mcp-tools/performance-tools.js +45 -10
- package/packages/@monomind/cli/dist/src/mcp-tools/progress-tools.js +7 -4
- package/packages/@monomind/cli/dist/src/mcp-tools/request-tracker.js +15 -1
- package/packages/@monomind/cli/dist/src/mcp-tools/security-tools.js +61 -9
- package/packages/@monomind/cli/dist/src/mcp-tools/session-tools.js +45 -14
- package/packages/@monomind/cli/dist/src/mcp-tools/swarm-tools.js +15 -3
- package/packages/@monomind/cli/dist/src/mcp-tools/system-tools.js +14 -7
- package/packages/@monomind/cli/dist/src/mcp-tools/task-tools.js +52 -10
- package/packages/@monomind/cli/dist/src/mcp-tools/terminal-tools.js +40 -6
- package/packages/@monomind/cli/dist/src/mcp-tools/transfer-tools.js +37 -4
- package/packages/@monomind/cli/dist/src/mcp-tools/wasm-agent-tools.d.ts +9 -0
- package/packages/@monomind/cli/dist/src/mcp-tools/wasm-agent-tools.js +230 -0
- package/packages/@monomind/cli/dist/src/mcp-tools/workflow-tools.js +29 -6
- package/packages/@monomind/cli/dist/src/memory/ewc-consolidation.js +26 -10
- package/packages/@monomind/cli/dist/src/memory/intelligence.js +80 -19
- package/packages/@monomind/cli/dist/src/memory/memory-bridge.js +21 -2
- package/packages/@monomind/cli/dist/src/memory/memory-initializer.js +67 -3
- package/packages/@monomind/cli/dist/src/memory/sona-optimizer.js +14 -4
- package/packages/@monomind/cli/dist/src/model/complexity-scorer.d.ts +21 -0
- package/packages/@monomind/cli/dist/src/model/complexity-scorer.js +106 -0
- package/packages/@monomind/cli/dist/src/model/index.d.ts +4 -0
- package/packages/@monomind/cli/dist/src/model/index.js +4 -0
- package/packages/@monomind/cli/dist/src/model/model-settings.d.ts +22 -0
- package/packages/@monomind/cli/dist/src/model/model-settings.js +33 -0
- package/packages/@monomind/cli/dist/src/model/model-tier-resolver.d.ts +24 -0
- package/packages/@monomind/cli/dist/src/model/model-tier-resolver.js +65 -0
- package/packages/@monomind/cli/dist/src/monovector/capabilities.d.ts +34 -0
- package/packages/@monomind/cli/dist/src/monovector/capabilities.js +37 -0
- package/packages/@monomind/cli/dist/src/monovector/command-outcomes.js +43 -7
- package/packages/@monomind/cli/dist/src/monovector/coverage-router.js +8 -4
- package/packages/@monomind/cli/dist/src/monovector/coverage-tools.js +6 -3
- package/packages/@monomind/cli/dist/src/monovector/diff-classifier.js +13 -0
- package/packages/@monomind/cli/dist/src/monovector/route-outcomes.d.ts +2 -1
- package/packages/@monomind/cli/dist/src/monovector/route-outcomes.js +46 -4
- package/packages/@monomind/cli/dist/src/observability/replay-reader.d.ts +1 -1
- package/packages/@monomind/cli/dist/src/orchestration/index.d.ts +7 -0
- package/packages/@monomind/cli/dist/src/orchestration/index.js +6 -0
- package/packages/@monomind/cli/dist/src/orchestration/mode-dispatcher.d.ts +11 -0
- package/packages/@monomind/cli/dist/src/orchestration/mode-dispatcher.js +31 -0
- package/packages/@monomind/cli/dist/src/orchestration/routing-modes.d.ts +68 -0
- package/packages/@monomind/cli/dist/src/orchestration/routing-modes.js +180 -0
- package/packages/@monomind/cli/dist/src/plugins/manager.js +8 -3
- package/packages/@monomind/cli/dist/src/plugins/store/discovery.js +46 -2
- package/packages/@monomind/cli/dist/src/plugins/store/search.js +5 -4
- package/packages/@monomind/cli/dist/src/plugins/tests/demo-plugin-store.d.ts +7 -0
- package/packages/@monomind/cli/dist/src/plugins/tests/demo-plugin-store.js +126 -0
- package/packages/@monomind/cli/dist/src/plugins/tests/standalone-test.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/plugins/tests/standalone-test.js +188 -0
- package/packages/@monomind/cli/dist/src/plugins/tests/test-plugin-store.d.ts +7 -0
- package/packages/@monomind/cli/dist/src/plugins/tests/test-plugin-store.js +206 -0
- package/packages/@monomind/cli/dist/src/production/circuit-breaker.js +17 -3
- package/packages/@monomind/cli/dist/src/production/error-handler.js +3 -0
- package/packages/@monomind/cli/dist/src/production/monitoring.js +20 -3
- package/packages/@monomind/cli/dist/src/production/rate-limiter.js +13 -4
- package/packages/@monomind/cli/dist/src/production/retry.js +17 -9
- package/packages/@monomind/cli/dist/src/routing/embed-worker.js +6 -2
- package/packages/@monomind/cli/dist/src/routing/embedder.js +0 -0
- package/packages/@monomind/cli/dist/src/routing/llm-caller.js +13 -2
- package/packages/@monomind/cli/dist/src/routing/route-layer-factory.js +18 -3
- package/packages/@monomind/cli/dist/src/runtime/headless.d.ts +60 -0
- package/packages/@monomind/cli/dist/src/runtime/headless.js +284 -0
- package/packages/@monomind/cli/dist/src/services/agentic-flow-bridge.d.ts +50 -0
- package/packages/@monomind/cli/dist/src/services/agentic-flow-bridge.js +95 -0
- package/packages/@monomind/cli/dist/src/services/claim-service.d.ts +1 -0
- package/packages/@monomind/cli/dist/src/services/claim-service.js +8 -0
- package/packages/@monomind/cli/dist/src/services/config-file-manager.js +14 -2
- package/packages/@monomind/cli/dist/src/services/container-worker-pool.d.ts +197 -0
- package/packages/@monomind/cli/dist/src/services/container-worker-pool.js +623 -0
- package/packages/@monomind/cli/dist/src/services/headless-worker-executor.js +18 -2
- package/packages/@monomind/cli/dist/src/services/index.d.ts +13 -0
- package/packages/@monomind/cli/dist/src/services/index.js +11 -0
- package/packages/@monomind/cli/dist/src/services/worker-daemon.js +53 -12
- package/packages/@monomind/cli/dist/src/services/worker-queue.d.ts +201 -0
- package/packages/@monomind/cli/dist/src/services/worker-queue.js +594 -0
- package/packages/@monomind/cli/dist/src/swarm/communication-graph.d.ts +25 -0
- package/packages/@monomind/cli/dist/src/swarm/communication-graph.js +77 -0
- package/packages/@monomind/cli/dist/src/swarm/flow-enforcer.d.ts +31 -0
- package/packages/@monomind/cli/dist/src/swarm/flow-enforcer.js +61 -0
- package/packages/@monomind/cli/dist/src/swarm/flow-visualizer.d.ts +19 -0
- package/packages/@monomind/cli/dist/src/swarm/flow-visualizer.js +68 -0
- package/packages/@monomind/cli/dist/src/transfer/anonymization/index.d.ts +0 -3
- package/packages/@monomind/cli/dist/src/transfer/anonymization/index.js +16 -1
- package/packages/@monomind/cli/dist/src/transfer/deploy-seraphine.d.ts +13 -0
- package/packages/@monomind/cli/dist/src/transfer/deploy-seraphine.js +205 -0
- package/packages/@monomind/cli/dist/src/transfer/export.js +8 -0
- package/packages/@monomind/cli/dist/src/transfer/ipfs/upload.js +33 -3
- package/packages/@monomind/cli/dist/src/transfer/serialization/cfp.js +9 -3
- package/packages/@monomind/cli/dist/src/transfer/storage/gcs.js +37 -3
- package/packages/@monomind/cli/dist/src/transfer/store/discovery.js +45 -3
- package/packages/@monomind/cli/dist/src/transfer/store/download.js +5 -0
- package/packages/@monomind/cli/dist/src/transfer/store/publish.js +13 -1
- package/packages/@monomind/cli/dist/src/transfer/store/registry.d.ts +8 -0
- package/packages/@monomind/cli/dist/src/transfer/store/registry.js +30 -5
- package/packages/@monomind/cli/dist/src/transfer/store/search.js +20 -5
- package/packages/@monomind/cli/dist/src/transfer/store/tests/standalone-test.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/transfer/store/tests/standalone-test.js +190 -0
- package/packages/@monomind/cli/dist/src/transfer/test-seraphine.d.ts +6 -0
- package/packages/@monomind/cli/dist/src/transfer/test-seraphine.js +105 -0
- package/packages/@monomind/cli/dist/src/transfer/tests/test-store.d.ts +7 -0
- package/packages/@monomind/cli/dist/src/transfer/tests/test-store.js +214 -0
- package/packages/@monomind/cli/dist/src/update/checker.js +59 -7
- package/packages/@monomind/cli/dist/src/update/executor.js +50 -3
- package/packages/@monomind/cli/dist/src/update/index.js +18 -1
- package/packages/@monomind/cli/dist/src/update/rate-limiter.d.ts +6 -0
- package/packages/@monomind/cli/dist/src/update/rate-limiter.js +79 -7
- package/packages/@monomind/cli/dist/src/update/validator.js +52 -1
- package/packages/@monomind/cli/dist/src/workflow/condition-evaluator.d.ts +10 -0
- package/packages/@monomind/cli/dist/src/workflow/condition-evaluator.js +82 -0
- package/packages/@monomind/cli/dist/src/workflow/context-resolver.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/workflow/context-resolver.js +23 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-builder.d.ts +17 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-builder.js +129 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-executor.d.ts +9 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-executor.js +116 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-types.d.ts +41 -0
- package/packages/@monomind/cli/dist/src/workflow/dag-types.js +8 -0
- package/packages/@monomind/cli/dist/src/workflow/dsl-parser.d.ts +12 -0
- package/packages/@monomind/cli/dist/src/workflow/dsl-parser.js +20 -0
- package/packages/@monomind/cli/dist/src/workflow/dsl-schema.d.ts +165 -0
- package/packages/@monomind/cli/dist/src/workflow/dsl-schema.js +82 -0
- package/packages/@monomind/cli/dist/src/workflow/index.d.ts +13 -0
- package/packages/@monomind/cli/dist/src/workflow/index.js +11 -0
- package/packages/@monomind/cli/dist/src/workflow/template-engine.d.ts +11 -0
- package/packages/@monomind/cli/dist/src/workflow/template-engine.js +40 -0
- package/packages/@monomind/cli/dist/src/workflow/workflow-executor.d.ts +29 -0
- package/packages/@monomind/cli/dist/src/workflow/workflow-executor.js +227 -0
- package/packages/@monomind/cli/package.json +9 -10
- package/packages/@monomind/guidance/dist/adversarial.d.ts +284 -0
- package/packages/@monomind/guidance/dist/adversarial.js +572 -0
- package/packages/@monomind/guidance/dist/analyzer.d.ts +530 -0
- package/packages/@monomind/guidance/dist/analyzer.js +2518 -0
- package/packages/@monomind/guidance/dist/artifacts.d.ts +283 -0
- package/packages/@monomind/guidance/dist/artifacts.js +356 -0
- package/packages/@monomind/guidance/dist/authority.d.ts +290 -0
- package/packages/@monomind/guidance/dist/authority.js +558 -0
- package/packages/@monomind/guidance/dist/capabilities.d.ts +209 -0
- package/packages/@monomind/guidance/dist/capabilities.js +485 -0
- package/packages/@monomind/guidance/dist/coherence.d.ts +233 -0
- package/packages/@monomind/guidance/dist/coherence.js +372 -0
- package/packages/@monomind/guidance/dist/compiler.d.ts +87 -0
- package/packages/@monomind/guidance/dist/compiler.js +419 -0
- package/packages/@monomind/guidance/dist/conformance-kit.d.ts +225 -0
- package/packages/@monomind/guidance/dist/conformance-kit.js +629 -0
- package/packages/@monomind/guidance/dist/continue-gate.d.ts +214 -0
- package/packages/@monomind/guidance/dist/continue-gate.js +353 -0
- package/packages/@monomind/guidance/dist/crypto-utils.d.ts +17 -0
- package/packages/@monomind/guidance/dist/crypto-utils.js +24 -0
- package/packages/@monomind/guidance/dist/evolution.d.ts +282 -0
- package/packages/@monomind/guidance/dist/evolution.js +500 -0
- package/packages/@monomind/guidance/dist/gates.d.ts +79 -0
- package/packages/@monomind/guidance/dist/gates.js +302 -0
- package/packages/@monomind/guidance/dist/gateway.d.ts +206 -0
- package/packages/@monomind/guidance/dist/gateway.js +452 -0
- package/packages/@monomind/guidance/dist/generators.d.ts +153 -0
- package/packages/@monomind/guidance/dist/generators.js +682 -0
- package/packages/@monomind/guidance/dist/headless.d.ts +177 -0
- package/packages/@monomind/guidance/dist/headless.js +342 -0
- package/packages/@monomind/guidance/dist/hooks.d.ts +109 -0
- package/packages/@monomind/guidance/dist/hooks.js +347 -0
- package/packages/@monomind/guidance/dist/index.d.ts +205 -0
- package/packages/@monomind/guidance/dist/index.js +321 -0
- package/packages/@monomind/guidance/dist/ledger.d.ts +162 -0
- package/packages/@monomind/guidance/dist/ledger.js +375 -0
- package/packages/@monomind/guidance/dist/manifest-validator.d.ts +289 -0
- package/packages/@monomind/guidance/dist/manifest-validator.js +838 -0
- package/packages/@monomind/guidance/dist/memory-gate.d.ts +222 -0
- package/packages/@monomind/guidance/dist/memory-gate.js +382 -0
- package/packages/@monomind/guidance/dist/meta-governance.d.ts +265 -0
- package/packages/@monomind/guidance/dist/meta-governance.js +348 -0
- package/packages/@monomind/guidance/dist/optimizer.d.ts +104 -0
- package/packages/@monomind/guidance/dist/optimizer.js +329 -0
- package/packages/@monomind/guidance/dist/persistence.d.ts +189 -0
- package/packages/@monomind/guidance/dist/persistence.js +464 -0
- package/packages/@monomind/guidance/dist/proof.d.ts +185 -0
- package/packages/@monomind/guidance/dist/proof.js +238 -0
- package/packages/@monomind/guidance/dist/retriever.d.ts +116 -0
- package/packages/@monomind/guidance/dist/retriever.js +394 -0
- package/packages/@monomind/guidance/dist/ruvbot-integration.d.ts +370 -0
- package/packages/@monomind/guidance/dist/ruvbot-integration.js +738 -0
- package/packages/@monomind/guidance/dist/temporal.d.ts +426 -0
- package/packages/@monomind/guidance/dist/temporal.js +658 -0
- package/packages/@monomind/guidance/dist/trust.d.ts +283 -0
- package/packages/@monomind/guidance/dist/trust.js +473 -0
- package/packages/@monomind/guidance/dist/truth-anchors.d.ts +276 -0
- package/packages/@monomind/guidance/dist/truth-anchors.js +488 -0
- package/packages/@monomind/guidance/dist/types.d.ts +378 -0
- package/packages/@monomind/guidance/dist/types.js +10 -0
- package/packages/@monomind/guidance/dist/uncertainty.d.ts +372 -0
- package/packages/@monomind/guidance/dist/uncertainty.js +619 -0
- package/packages/@monomind/guidance/dist/wasm-kernel.d.ts +48 -0
- package/packages/@monomind/guidance/dist/wasm-kernel.js +158 -0
|
@@ -0,0 +1,214 @@
|
|
|
1
|
+
#!/usr/bin/env npx tsx
|
|
2
|
+
/**
|
|
3
|
+
* Pattern Store Test Suite
|
|
4
|
+
* Tests list, search, download, and publish functionality
|
|
5
|
+
*/
|
|
6
|
+
import { createDiscoveryService } from '../store/discovery.js';
|
|
7
|
+
import { searchPatterns, getSearchSuggestions, getTagCloud } from '../store/search.js';
|
|
8
|
+
import { createDownloader } from '../store/download.js';
|
|
9
|
+
import { createPublisher } from '../store/publish.js';
|
|
10
|
+
import { createSeraphineGenesis } from '../models/seraphine.js';
|
|
11
|
+
// Test results tracking
|
|
12
|
+
const results = [];
|
|
13
|
+
function logTest(name, passed, details) {
|
|
14
|
+
results.push({ test: name, passed, details });
|
|
15
|
+
const icon = passed ? '✅' : '❌';
|
|
16
|
+
console.log(`${icon} ${name}${details ? `: ${details}` : ''}`);
|
|
17
|
+
}
|
|
18
|
+
async function runTests() {
|
|
19
|
+
console.log('');
|
|
20
|
+
console.log('╔══════════════════════════════════════════════════════════╗');
|
|
21
|
+
console.log('║ PATTERN STORE TEST SUITE ║');
|
|
22
|
+
console.log('║ Testing List, Search, Download, Publish ║');
|
|
23
|
+
console.log('╚══════════════════════════════════════════════════════════╝');
|
|
24
|
+
console.log('');
|
|
25
|
+
// ==========================================================================
|
|
26
|
+
// 1. DISCOVERY TESTS
|
|
27
|
+
// ==========================================================================
|
|
28
|
+
console.log('─── Discovery Tests ───────────────────────────────────────');
|
|
29
|
+
try {
|
|
30
|
+
const discovery = createDiscoveryService();
|
|
31
|
+
logTest('Discovery service created', true);
|
|
32
|
+
// List registries
|
|
33
|
+
const registries = discovery.listRegistries();
|
|
34
|
+
logTest('List registries', registries.length > 0, `Found ${registries.length} registries`);
|
|
35
|
+
// Discover registry
|
|
36
|
+
const result = await discovery.discoverRegistry();
|
|
37
|
+
logTest('Discover registry', result.success, result.success
|
|
38
|
+
? `Loaded ${result.registry?.patterns.length || 0} patterns`
|
|
39
|
+
: result.error);
|
|
40
|
+
// Cache test
|
|
41
|
+
if (result.success) {
|
|
42
|
+
const cachedResult = await discovery.discoverRegistry();
|
|
43
|
+
logTest('Cache hit', cachedResult.fromCache, 'Second request from cache');
|
|
44
|
+
}
|
|
45
|
+
console.log('');
|
|
46
|
+
// ==========================================================================
|
|
47
|
+
// 2. SEARCH TESTS
|
|
48
|
+
// ==========================================================================
|
|
49
|
+
console.log('─── Search Tests ──────────────────────────────────────────');
|
|
50
|
+
if (result.success && result.registry) {
|
|
51
|
+
const registry = result.registry;
|
|
52
|
+
// Basic search
|
|
53
|
+
const basicSearch = searchPatterns(registry);
|
|
54
|
+
logTest('Basic search', basicSearch.patterns.length > 0, `Found ${basicSearch.total} patterns`);
|
|
55
|
+
// Query search
|
|
56
|
+
const querySearch = searchPatterns(registry, { query: 'routing' });
|
|
57
|
+
logTest('Query search', true, `Query "routing" found ${querySearch.patterns.length} patterns`);
|
|
58
|
+
// Category filter
|
|
59
|
+
const categorySearch = searchPatterns(registry, { category: 'routing' });
|
|
60
|
+
logTest('Category filter', true, `Category "routing" found ${categorySearch.patterns.length} patterns`);
|
|
61
|
+
// Tag search
|
|
62
|
+
const tagSearch = searchPatterns(registry, { tags: ['genesis'] });
|
|
63
|
+
logTest('Tag search', true, `Tag "genesis" found ${tagSearch.patterns.length} patterns`);
|
|
64
|
+
// Verified filter
|
|
65
|
+
const verifiedSearch = searchPatterns(registry, { verified: true });
|
|
66
|
+
logTest('Verified filter', true, `Verified patterns: ${verifiedSearch.patterns.length}`);
|
|
67
|
+
// Sort by downloads
|
|
68
|
+
const sortedSearch = searchPatterns(registry, {
|
|
69
|
+
sortBy: 'downloads',
|
|
70
|
+
sortOrder: 'desc',
|
|
71
|
+
});
|
|
72
|
+
logTest('Sort by downloads', true, `Top pattern: ${sortedSearch.patterns[0]?.displayName || 'none'}`);
|
|
73
|
+
// Pagination
|
|
74
|
+
const page1 = searchPatterns(registry, { limit: 5, offset: 0 });
|
|
75
|
+
logTest('Pagination', page1.pageSize === 5, `Page 1 with ${page1.patterns.length} patterns, hasMore: ${page1.hasMore}`);
|
|
76
|
+
// Search suggestions
|
|
77
|
+
const suggestions = getSearchSuggestions(registry, 'rou');
|
|
78
|
+
logTest('Search suggestions', suggestions.length >= 0, `Suggestions for "rou": ${suggestions.slice(0, 3).join(', ')}`);
|
|
79
|
+
// Tag cloud
|
|
80
|
+
const tagCloud = getTagCloud(registry);
|
|
81
|
+
logTest('Tag cloud', tagCloud.size > 0, `${tagCloud.size} unique tags`);
|
|
82
|
+
}
|
|
83
|
+
console.log('');
|
|
84
|
+
// ==========================================================================
|
|
85
|
+
// 3. DOWNLOAD TESTS
|
|
86
|
+
// ==========================================================================
|
|
87
|
+
console.log('─── Download Tests ────────────────────────────────────────');
|
|
88
|
+
if (result.success && result.registry && result.registry.patterns.length > 0) {
|
|
89
|
+
const pattern = result.registry.patterns[0];
|
|
90
|
+
const downloader = createDownloader();
|
|
91
|
+
logTest('Downloader created', true);
|
|
92
|
+
// Download with progress
|
|
93
|
+
let progressCalled = false;
|
|
94
|
+
const downloadResult = await downloader.downloadPattern(pattern, {
|
|
95
|
+
verify: true,
|
|
96
|
+
}, (progress) => {
|
|
97
|
+
progressCalled = true;
|
|
98
|
+
});
|
|
99
|
+
logTest('Download pattern', downloadResult.success, downloadResult.success
|
|
100
|
+
? `Downloaded ${downloadResult.size} bytes`
|
|
101
|
+
: 'Failed');
|
|
102
|
+
logTest('Progress callback', progressCalled, progressCalled ? 'Progress events received' : 'No progress events');
|
|
103
|
+
logTest('Checksum verification', downloadResult.verified !== undefined, `Verified: ${downloadResult.verified}`);
|
|
104
|
+
// Cache stats
|
|
105
|
+
const cacheStats = downloader.getCacheStats();
|
|
106
|
+
logTest('Cache statistics', cacheStats.count >= 0, `${cacheStats.count} items, ${cacheStats.totalSize} bytes`);
|
|
107
|
+
}
|
|
108
|
+
console.log('');
|
|
109
|
+
// ==========================================================================
|
|
110
|
+
// 4. PUBLISH TESTS
|
|
111
|
+
// ==========================================================================
|
|
112
|
+
console.log('─── Publish Tests ─────────────────────────────────────────');
|
|
113
|
+
const cfp = createSeraphineGenesis();
|
|
114
|
+
const publisher = createPublisher();
|
|
115
|
+
logTest('Publisher created', true);
|
|
116
|
+
// Validation
|
|
117
|
+
const validation = publisher.validateForPublish(cfp, {
|
|
118
|
+
name: 'test-pattern',
|
|
119
|
+
displayName: 'Test Pattern',
|
|
120
|
+
description: 'A test pattern for validation',
|
|
121
|
+
categories: ['testing'],
|
|
122
|
+
tags: ['test', 'validation', 'demo'],
|
|
123
|
+
license: 'MIT',
|
|
124
|
+
anonymize: 'standard',
|
|
125
|
+
});
|
|
126
|
+
logTest('Publish validation', validation.length === 0, validation.length === 0 ? 'All validations passed' : validation.join(', '));
|
|
127
|
+
// Preview
|
|
128
|
+
const preview = publisher.createPreview(cfp, {
|
|
129
|
+
name: 'seraphine-genesis',
|
|
130
|
+
displayName: 'Seraphine Genesis',
|
|
131
|
+
description: 'The foundational pattern model',
|
|
132
|
+
categories: ['routing', 'coordination'],
|
|
133
|
+
tags: ['genesis', 'foundational'],
|
|
134
|
+
license: 'MIT',
|
|
135
|
+
anonymize: 'standard',
|
|
136
|
+
});
|
|
137
|
+
logTest('Publish preview', preview !== null, `Preview created for ${preview.name}`);
|
|
138
|
+
// Publish (mock)
|
|
139
|
+
const publishResult = await publisher.publishPattern(cfp, {
|
|
140
|
+
name: 'test-pattern',
|
|
141
|
+
displayName: 'Test Pattern',
|
|
142
|
+
description: 'A test pattern published to IPFS',
|
|
143
|
+
categories: ['testing'],
|
|
144
|
+
tags: ['test', 'demo', 'hello-world'],
|
|
145
|
+
license: 'MIT',
|
|
146
|
+
anonymize: 'standard',
|
|
147
|
+
});
|
|
148
|
+
logTest('Publish to IPFS', publishResult.success, publishResult.success
|
|
149
|
+
? `CID: ${publishResult.cid.slice(0, 20)}...`
|
|
150
|
+
: publishResult.message);
|
|
151
|
+
console.log('');
|
|
152
|
+
// ==========================================================================
|
|
153
|
+
// 5. INTEGRATION TEST
|
|
154
|
+
// ==========================================================================
|
|
155
|
+
console.log('─── Integration Test ──────────────────────────────────────');
|
|
156
|
+
// Full workflow: discover -> search -> download
|
|
157
|
+
const store = createDiscoveryService();
|
|
158
|
+
const discoverResult = await store.discoverRegistry();
|
|
159
|
+
if (discoverResult.success && discoverResult.registry) {
|
|
160
|
+
const searchResult = searchPatterns(discoverResult.registry, {
|
|
161
|
+
query: 'seraphine',
|
|
162
|
+
});
|
|
163
|
+
if (searchResult.patterns.length > 0) {
|
|
164
|
+
const dl = createDownloader();
|
|
165
|
+
const dlResult = await dl.downloadPattern(searchResult.patterns[0], {
|
|
166
|
+
verify: true,
|
|
167
|
+
});
|
|
168
|
+
logTest('Full workflow', dlResult.success, 'Discover → Search → Download completed');
|
|
169
|
+
}
|
|
170
|
+
else {
|
|
171
|
+
logTest('Full workflow', true, 'Discover → Search completed (no download)');
|
|
172
|
+
}
|
|
173
|
+
}
|
|
174
|
+
}
|
|
175
|
+
catch (error) {
|
|
176
|
+
console.error('Test error:', error);
|
|
177
|
+
logTest('Test suite', false, `Error: ${error}`);
|
|
178
|
+
}
|
|
179
|
+
// ==========================================================================
|
|
180
|
+
// SUMMARY
|
|
181
|
+
// ==========================================================================
|
|
182
|
+
console.log('');
|
|
183
|
+
console.log('═══════════════════════════════════════════════════════════');
|
|
184
|
+
console.log(' TEST SUMMARY ');
|
|
185
|
+
console.log('═══════════════════════════════════════════════════════════');
|
|
186
|
+
console.log('');
|
|
187
|
+
const passed = results.filter(r => r.passed).length;
|
|
188
|
+
const failed = results.filter(r => !r.passed).length;
|
|
189
|
+
const total = results.length;
|
|
190
|
+
console.log(` Total Tests: ${total}`);
|
|
191
|
+
console.log(` ✅ Passed: ${passed}`);
|
|
192
|
+
console.log(` ❌ Failed: ${failed}`);
|
|
193
|
+
console.log('');
|
|
194
|
+
if (failed === 0) {
|
|
195
|
+
console.log(' 🎉 All tests passed!');
|
|
196
|
+
console.log('');
|
|
197
|
+
console.log(' 📦 Store Features Verified:');
|
|
198
|
+
console.log(' - Registry discovery via IPNS');
|
|
199
|
+
console.log(' - Pattern search with filters');
|
|
200
|
+
console.log(' - Download with verification');
|
|
201
|
+
console.log(' - Publish with anonymization');
|
|
202
|
+
console.log('');
|
|
203
|
+
}
|
|
204
|
+
else {
|
|
205
|
+
console.log(' ⚠️ Some tests failed. Please review the output above.');
|
|
206
|
+
}
|
|
207
|
+
process.exit(failed > 0 ? 1 : 0);
|
|
208
|
+
}
|
|
209
|
+
// Run tests
|
|
210
|
+
runTests().catch(error => {
|
|
211
|
+
console.error('Fatal error:', error);
|
|
212
|
+
process.exit(1);
|
|
213
|
+
});
|
|
214
|
+
//# sourceMappingURL=test-store.js.map
|
|
@@ -4,7 +4,19 @@
|
|
|
4
4
|
*/
|
|
5
5
|
import { createRequire } from 'module';
|
|
6
6
|
import { execFileSync } from 'child_process';
|
|
7
|
-
|
|
7
|
+
// Inline semver shim — avoids external dependency
|
|
8
|
+
const semver = {
|
|
9
|
+
valid: (v) => /^\d+\.\d+\.\d+/.test(v || '') ? v : null,
|
|
10
|
+
eq: (a, b) => a === b,
|
|
11
|
+
major: (v) => parseInt((v || '0').split('.')[0], 10),
|
|
12
|
+
minor: (v) => parseInt((v || '0').split('.')[1] || '0', 10),
|
|
13
|
+
patch: (v) => parseInt(((v || '0').split('.')[2] || '0').replace(/[^0-9].*/, ''), 10),
|
|
14
|
+
gt: (a, b) => {
|
|
15
|
+
const [aMaj, aMin, aPat] = (a || '0').split('.').map(n => parseInt(n, 10) || 0);
|
|
16
|
+
const [bMaj, bMin, bPat] = (b || '0').split('.').map(n => parseInt(n, 10) || 0);
|
|
17
|
+
return aMaj !== bMaj ? aMaj > bMaj : aMin !== bMin ? aMin > bMin : aPat > bPat;
|
|
18
|
+
},
|
|
19
|
+
};
|
|
8
20
|
import { reserveCheck, recordCheck, getCachedVersions } from './rate-limiter.js';
|
|
9
21
|
const require = createRequire(import.meta.url);
|
|
10
22
|
const DEFAULT_CONFIG = {
|
|
@@ -45,6 +57,13 @@ const NPM_NAME_RE = /^(@[a-z0-9-~][a-z0-9-._~]*\/)?[a-z0-9-~][a-z0-9-._~]*$/i;
|
|
|
45
57
|
function isValidNpmName(name) {
|
|
46
58
|
return NPM_NAME_RE.test(name) && !name.includes('..') && name.length <= 214;
|
|
47
59
|
}
|
|
60
|
+
// Cap registry response at 5 MB. The full npm registry payload for a package
|
|
61
|
+
// can include the entire `versions` object (dozens of version entries with
|
|
62
|
+
// dist/scripts/dependencies for each). A spoofed or compromised registry
|
|
63
|
+
// endpoint could stream an arbitrarily large body; AbortSignal.timeout(5000)
|
|
64
|
+
// only enforces a wall-clock deadline and does NOT cap bytes. Without this
|
|
65
|
+
// cap, fetchPackageInfo will buffer an unbounded body into memory (OOM).
|
|
66
|
+
const MAX_REGISTRY_RESPONSE_BYTES = 5 * 1024 * 1024; // 5 MB
|
|
48
67
|
async function fetchPackageInfo(packageName) {
|
|
49
68
|
if (!isValidNpmName(packageName))
|
|
50
69
|
return null;
|
|
@@ -56,7 +75,42 @@ async function fetchPackageInfo(packageName) {
|
|
|
56
75
|
if (!response.ok) {
|
|
57
76
|
return null;
|
|
58
77
|
}
|
|
59
|
-
|
|
78
|
+
// Reject immediately if Content-Length header exceeds cap
|
|
79
|
+
const contentLength = response.headers.get('content-length');
|
|
80
|
+
if (contentLength) {
|
|
81
|
+
const declared = parseInt(contentLength, 10);
|
|
82
|
+
if (Number.isFinite(declared) && declared > MAX_REGISTRY_RESPONSE_BYTES) {
|
|
83
|
+
return null;
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
// Stream body and enforce byte cap — prevents OOM if the server streams
|
|
87
|
+
// a large body that evades the Content-Length check (missing/wrong header).
|
|
88
|
+
if (!response.body)
|
|
89
|
+
return null;
|
|
90
|
+
const reader = response.body.getReader();
|
|
91
|
+
const chunks = [];
|
|
92
|
+
let totalBytes = 0;
|
|
93
|
+
while (true) {
|
|
94
|
+
const { done, value } = await reader.read();
|
|
95
|
+
if (done)
|
|
96
|
+
break;
|
|
97
|
+
if (value) {
|
|
98
|
+
totalBytes += value.byteLength;
|
|
99
|
+
if (totalBytes > MAX_REGISTRY_RESPONSE_BYTES) {
|
|
100
|
+
await reader.cancel();
|
|
101
|
+
return null;
|
|
102
|
+
}
|
|
103
|
+
chunks.push(value);
|
|
104
|
+
}
|
|
105
|
+
}
|
|
106
|
+
const buf = new Uint8Array(totalBytes);
|
|
107
|
+
let offset = 0;
|
|
108
|
+
for (const chunk of chunks) {
|
|
109
|
+
buf.set(chunk, offset);
|
|
110
|
+
offset += chunk.byteLength;
|
|
111
|
+
}
|
|
112
|
+
const text = new TextDecoder('utf-8').decode(buf);
|
|
113
|
+
return JSON.parse(text);
|
|
60
114
|
}
|
|
61
115
|
catch {
|
|
62
116
|
return null;
|
|
@@ -66,7 +120,8 @@ function getUpdateType(current, latest) {
|
|
|
66
120
|
if (!semver.valid(current) || !semver.valid(latest)) {
|
|
67
121
|
return 'none';
|
|
68
122
|
}
|
|
69
|
-
|
|
123
|
+
// Not an upgrade (equal or downgrade)
|
|
124
|
+
if (!semver.gt(latest, current)) {
|
|
70
125
|
return 'none';
|
|
71
126
|
}
|
|
72
127
|
if (semver.major(latest) > semver.major(current)) {
|
|
@@ -75,10 +130,7 @@ function getUpdateType(current, latest) {
|
|
|
75
130
|
if (semver.minor(latest) > semver.minor(current)) {
|
|
76
131
|
return 'minor';
|
|
77
132
|
}
|
|
78
|
-
|
|
79
|
-
return 'patch';
|
|
80
|
-
}
|
|
81
|
-
return 'none';
|
|
133
|
+
return 'patch';
|
|
82
134
|
}
|
|
83
135
|
function shouldAutoUpdate(updateType, priority, config) {
|
|
84
136
|
if (updateType === 'none')
|
|
@@ -6,11 +6,32 @@ import { execFile } from 'child_process';
|
|
|
6
6
|
import * as fs from 'fs';
|
|
7
7
|
import * as path from 'path';
|
|
8
8
|
import * as os from 'os';
|
|
9
|
-
import
|
|
9
|
+
import { validateUpdate } from './validator.js';
|
|
10
|
+
// Inline semver shim — avoids external dependency (semver is not in package.json)
|
|
11
|
+
const semver = {
|
|
12
|
+
valid: (v) => /^\d+\.\d+\.\d+/.test(v || '') ? v : null,
|
|
13
|
+
};
|
|
14
|
+
/**
|
|
15
|
+
* Validate a npm package name.
|
|
16
|
+
* Allows scoped (@scope/name) and unscoped names; rejects path-traversal,
|
|
17
|
+
* shell metacharacters, and names that are too long to be legitimate.
|
|
18
|
+
* See https://docs.npmjs.com/cli/v9/configuring-npm/package-json#name
|
|
19
|
+
*/
|
|
20
|
+
function isValidPackageName(name) {
|
|
21
|
+
if (typeof name !== 'string' || name.length === 0 || name.length > 214)
|
|
22
|
+
return false;
|
|
23
|
+
// Scoped: @scope/name — both parts: lowercase alnum + hyphens + underscores + dots
|
|
24
|
+
if (name.startsWith('@')) {
|
|
25
|
+
return /^@[a-z0-9][a-z0-9_.-]*\/[a-z0-9][a-z0-9_.-]*$/.test(name);
|
|
26
|
+
}
|
|
27
|
+
// Unscoped: must not start with . or _ (legacy rule)
|
|
28
|
+
return /^[a-z0-9][a-z0-9_.-]*$/.test(name);
|
|
29
|
+
}
|
|
30
|
+
/** Max bytes we will read from the on-disk update history file. */
|
|
31
|
+
const MAX_HISTORY_FILE_BYTES = 1 * 1024 * 1024; // 1 MB
|
|
10
32
|
function execFileAsync(cmd, args) {
|
|
11
33
|
return new Promise((resolve, reject) => execFile(cmd, args, (err) => (err ? reject(err) : resolve())));
|
|
12
34
|
}
|
|
13
|
-
import { validateUpdate } from './validator.js';
|
|
14
35
|
const HISTORY_FILE = path.join(os.homedir(), '.monomind', 'update-history.json');
|
|
15
36
|
const MAX_HISTORY_ENTRIES = 100;
|
|
16
37
|
function ensureDir() {
|
|
@@ -22,8 +43,29 @@ function ensureDir() {
|
|
|
22
43
|
export function loadHistory() {
|
|
23
44
|
try {
|
|
24
45
|
if (fs.existsSync(HISTORY_FILE)) {
|
|
46
|
+
// Guard against a bloated or attacker-crafted history file causing OOM.
|
|
47
|
+
const stat = fs.statSync(HISTORY_FILE);
|
|
48
|
+
if (stat.size > MAX_HISTORY_FILE_BYTES) {
|
|
49
|
+
return [];
|
|
50
|
+
}
|
|
25
51
|
const content = fs.readFileSync(HISTORY_FILE, 'utf-8');
|
|
26
|
-
|
|
52
|
+
const raw = JSON.parse(content);
|
|
53
|
+
if (!Array.isArray(raw))
|
|
54
|
+
return [];
|
|
55
|
+
// Sanitize each entry: reject any entry whose package name or version
|
|
56
|
+
// fails validation so that a tampered history file cannot inject
|
|
57
|
+
// arbitrary arguments into a subsequent npm install via rollbackUpdate().
|
|
58
|
+
return raw.filter((e) => {
|
|
59
|
+
if (typeof e !== 'object' || e === null)
|
|
60
|
+
return false;
|
|
61
|
+
if (typeof e.package !== 'string' || !isValidPackageName(e.package))
|
|
62
|
+
return false;
|
|
63
|
+
if (typeof e.fromVersion !== 'string' || !semver.valid(e.fromVersion))
|
|
64
|
+
return false;
|
|
65
|
+
if (typeof e.toVersion !== 'string' || !semver.valid(e.toVersion))
|
|
66
|
+
return false;
|
|
67
|
+
return true;
|
|
68
|
+
});
|
|
27
69
|
}
|
|
28
70
|
}
|
|
29
71
|
catch {
|
|
@@ -68,6 +110,11 @@ export async function executeUpdate(update, installedPackages, dryRun = false) {
|
|
|
68
110
|
// Execute npm install — use execFile to avoid shell injection
|
|
69
111
|
const pkg = update.package;
|
|
70
112
|
const version = update.latestVersion;
|
|
113
|
+
// Validate both package name and version before constructing the npm arg
|
|
114
|
+
// to prevent argument injection via a crafted UpdateCheckResult.
|
|
115
|
+
if (!isValidPackageName(pkg)) {
|
|
116
|
+
throw new Error(`Invalid package name: ${pkg}`);
|
|
117
|
+
}
|
|
71
118
|
if (!semver.valid(version)) {
|
|
72
119
|
throw new Error(`Invalid version: ${version}`);
|
|
73
120
|
}
|
|
@@ -16,7 +16,24 @@ export { executeUpdate, executeMultipleUpdates, rollbackUpdate, getUpdateHistory
|
|
|
16
16
|
import { checkForUpdates, DEFAULT_CONFIG, getInstalledVersion } from './checker.js';
|
|
17
17
|
import { executeMultipleUpdates } from './executor.js';
|
|
18
18
|
import { getCachedVersions } from './rate-limiter.js';
|
|
19
|
-
|
|
19
|
+
// Inline semver shim — avoids external dependency (semver is not listed in package.json)
|
|
20
|
+
const semver = {
|
|
21
|
+
valid: (v) => /^\d+\.\d+\.\d+/.test(v || '') ? v : null,
|
|
22
|
+
gt: (a, b) => {
|
|
23
|
+
const [aMaj, aMin, aPat] = (a || '0').split('.').map(n => parseInt(n, 10) || 0);
|
|
24
|
+
const [bMaj, bMin, bPat] = (b || '0').split('.').map(n => parseInt(n, 10) || 0);
|
|
25
|
+
return aMaj !== bMaj ? aMaj > bMaj : aMin !== bMin ? aMin > bMin : aPat > bPat;
|
|
26
|
+
},
|
|
27
|
+
lte: (a, b) => {
|
|
28
|
+
const [aMaj, aMin, aPat] = (a || '0').split('.').map(n => parseInt(n, 10) || 0);
|
|
29
|
+
const [bMaj, bMin, bPat] = (b || '0').split('.').map(n => parseInt(n, 10) || 0);
|
|
30
|
+
if (aMaj !== bMaj)
|
|
31
|
+
return aMaj < bMaj;
|
|
32
|
+
if (aMin !== bMin)
|
|
33
|
+
return aMin < bMin;
|
|
34
|
+
return aPat <= bPat;
|
|
35
|
+
},
|
|
36
|
+
};
|
|
20
37
|
/**
|
|
21
38
|
* Synchronous — reads cached state from last check.
|
|
22
39
|
* Returns a short inline string for the CLI version tagline, e.g.
|
|
@@ -20,6 +20,12 @@ export declare function shouldCheckForUpdates(intervalHours?: number): {
|
|
|
20
20
|
* only after a successful reserveCheck, so that limit enforcement and
|
|
21
21
|
* increment happen in the same synchronous turn (no await gap between
|
|
22
22
|
* them), preventing two concurrent callers both seeing "allowed".
|
|
23
|
+
*
|
|
24
|
+
* IMPORTANT: performs a single loadState() → check → increment → saveState()
|
|
25
|
+
* cycle to eliminate the TOCTOU window that existed when this function
|
|
26
|
+
* delegated to shouldCheckForUpdates() (which called loadState() itself)
|
|
27
|
+
* and then called loadState() a second time to increment. Two callers
|
|
28
|
+
* sharing that gap could both see allowed=true and both increment.
|
|
23
29
|
*/
|
|
24
30
|
export declare function reserveCheck(intervalHours?: number): {
|
|
25
31
|
allowed: boolean;
|
|
@@ -8,6 +8,12 @@ import * as os from 'os';
|
|
|
8
8
|
const STATE_FILE = path.join(os.homedir(), '.monomind', 'update-state.json');
|
|
9
9
|
const DEFAULT_INTERVAL_HOURS = 24;
|
|
10
10
|
const MAX_CHECKS_PER_DAY = 10;
|
|
11
|
+
// Hard cap on how many package version entries we persist. Prevents an
|
|
12
|
+
// attacker who can write to the state file from inflating it unboundedly,
|
|
13
|
+
// and protects recordCheck() from DoS via a huge incoming packageVersions map.
|
|
14
|
+
const MAX_PACKAGE_VERSIONS = 100;
|
|
15
|
+
// Hard cap on the state file size we are willing to read into memory.
|
|
16
|
+
const MAX_STATE_FILE_BYTES = 1 * 1024 * 1024; // 1 MB
|
|
11
17
|
function ensureDir() {
|
|
12
18
|
const dir = path.dirname(STATE_FILE);
|
|
13
19
|
if (!fs.existsSync(dir)) {
|
|
@@ -25,8 +31,36 @@ function getDefaultState() {
|
|
|
25
31
|
export function loadState() {
|
|
26
32
|
try {
|
|
27
33
|
if (fs.existsSync(STATE_FILE)) {
|
|
34
|
+
// Guard against oversized state files (DoS / OOM) before reading
|
|
35
|
+
const stat = fs.statSync(STATE_FILE);
|
|
36
|
+
if (stat.size > MAX_STATE_FILE_BYTES) {
|
|
37
|
+
// State file is unreasonably large — discard and start fresh
|
|
38
|
+
try {
|
|
39
|
+
fs.unlinkSync(STATE_FILE);
|
|
40
|
+
}
|
|
41
|
+
catch { /* ignore */ }
|
|
42
|
+
return getDefaultState();
|
|
43
|
+
}
|
|
28
44
|
const content = fs.readFileSync(STATE_FILE, 'utf-8');
|
|
29
|
-
|
|
45
|
+
// Block prototype pollution via JSON.parse reviver
|
|
46
|
+
const state = JSON.parse(content, (key, value) => {
|
|
47
|
+
if (key === '__proto__' || key === 'constructor' || key === 'prototype')
|
|
48
|
+
return undefined;
|
|
49
|
+
return value;
|
|
50
|
+
});
|
|
51
|
+
// Validate that packageVersions is a plain object (not an array/primitive)
|
|
52
|
+
if (!state.packageVersions || typeof state.packageVersions !== 'object' || Array.isArray(state.packageVersions)) {
|
|
53
|
+
state.packageVersions = {};
|
|
54
|
+
}
|
|
55
|
+
// Cap the number of package version entries to prevent bloat
|
|
56
|
+
const versionKeys = Object.keys(state.packageVersions);
|
|
57
|
+
if (versionKeys.length > MAX_PACKAGE_VERSIONS) {
|
|
58
|
+
const capped = {};
|
|
59
|
+
for (const k of versionKeys.slice(0, MAX_PACKAGE_VERSIONS)) {
|
|
60
|
+
capped[k] = state.packageVersions[k];
|
|
61
|
+
}
|
|
62
|
+
state.packageVersions = capped;
|
|
63
|
+
}
|
|
30
64
|
// Reset counter if new day
|
|
31
65
|
const today = new Date().toISOString().split('T')[0];
|
|
32
66
|
if (state.date !== today) {
|
|
@@ -86,14 +120,41 @@ export function shouldCheckForUpdates(intervalHours = DEFAULT_INTERVAL_HOURS) {
|
|
|
86
120
|
* only after a successful reserveCheck, so that limit enforcement and
|
|
87
121
|
* increment happen in the same synchronous turn (no await gap between
|
|
88
122
|
* them), preventing two concurrent callers both seeing "allowed".
|
|
123
|
+
*
|
|
124
|
+
* IMPORTANT: performs a single loadState() → check → increment → saveState()
|
|
125
|
+
* cycle to eliminate the TOCTOU window that existed when this function
|
|
126
|
+
* delegated to shouldCheckForUpdates() (which called loadState() itself)
|
|
127
|
+
* and then called loadState() a second time to increment. Two callers
|
|
128
|
+
* sharing that gap could both see allowed=true and both increment.
|
|
89
129
|
*/
|
|
90
130
|
export function reserveCheck(intervalHours = DEFAULT_INTERVAL_HOURS) {
|
|
91
|
-
|
|
92
|
-
if (
|
|
93
|
-
return
|
|
94
|
-
|
|
95
|
-
|
|
131
|
+
// Fast-path: environment gates that don't need file I/O
|
|
132
|
+
if (process.env.CI === 'true' || process.env.CONTINUOUS_INTEGRATION === 'true') {
|
|
133
|
+
return { allowed: false, reason: 'CI environment detected' };
|
|
134
|
+
}
|
|
135
|
+
if (process.env.MONOMIND_AUTO_UPDATE === 'false') {
|
|
136
|
+
return { allowed: false, reason: 'Auto-update disabled via environment' };
|
|
137
|
+
}
|
|
138
|
+
// Single load — check and increment in one synchronous cycle
|
|
96
139
|
const state = loadState();
|
|
140
|
+
if (process.env.MONOMIND_FORCE_UPDATE !== 'true') {
|
|
141
|
+
// Daily limit
|
|
142
|
+
if (state.checksToday >= MAX_CHECKS_PER_DAY) {
|
|
143
|
+
return { allowed: false, reason: `Daily check limit (${MAX_CHECKS_PER_DAY}) reached` };
|
|
144
|
+
}
|
|
145
|
+
// Time interval
|
|
146
|
+
if (state.lastCheck) {
|
|
147
|
+
const hoursSinceLastCheck = (Date.now() - new Date(state.lastCheck).getTime()) / (1000 * 60 * 60);
|
|
148
|
+
if (hoursSinceLastCheck < intervalHours) {
|
|
149
|
+
const nextCheck = Math.ceil(intervalHours - hoursSinceLastCheck);
|
|
150
|
+
return {
|
|
151
|
+
allowed: false,
|
|
152
|
+
reason: `Last check was ${Math.floor(hoursSinceLastCheck)}h ago (next check in ~${nextCheck}h)`,
|
|
153
|
+
};
|
|
154
|
+
}
|
|
155
|
+
}
|
|
156
|
+
}
|
|
157
|
+
// Reserve the slot: increment and persist before any async work begins
|
|
97
158
|
state.checksToday += 1;
|
|
98
159
|
state.lastCheck = new Date().toISOString();
|
|
99
160
|
saveState(state);
|
|
@@ -102,7 +163,18 @@ export function reserveCheck(intervalHours = DEFAULT_INTERVAL_HOURS) {
|
|
|
102
163
|
export function recordCheck(packageVersions) {
|
|
103
164
|
// Update only package versions; count/timestamp already incremented by reserveCheck
|
|
104
165
|
const state = loadState();
|
|
105
|
-
|
|
166
|
+
// Merge only string-valued keys to block prototype pollution and type confusion.
|
|
167
|
+
// Also enforce the total cap so a large incoming map cannot bloat the state file.
|
|
168
|
+
const FORBIDDEN = new Set(['__proto__', 'constructor', 'prototype']);
|
|
169
|
+
for (const [k, v] of Object.entries(packageVersions)) {
|
|
170
|
+
if (FORBIDDEN.has(k))
|
|
171
|
+
continue;
|
|
172
|
+
if (typeof k !== 'string' || typeof v !== 'string')
|
|
173
|
+
continue;
|
|
174
|
+
if (Object.keys(state.packageVersions).length >= MAX_PACKAGE_VERSIONS)
|
|
175
|
+
break;
|
|
176
|
+
state.packageVersions[k] = v;
|
|
177
|
+
}
|
|
106
178
|
saveState(state);
|
|
107
179
|
}
|
|
108
180
|
export function getCachedVersions() {
|
|
@@ -2,9 +2,42 @@
|
|
|
2
2
|
* Package validator for update compatibility
|
|
3
3
|
* Ensures updates don't break the ecosystem
|
|
4
4
|
*/
|
|
5
|
-
|
|
5
|
+
// Inline semver shim — avoids external dependency (semver is not listed in package.json)
|
|
6
|
+
const semver = {
|
|
7
|
+
valid: (v) => /^\d+\.\d+\.\d+/.test(v || '') ? v : null,
|
|
8
|
+
major: (v) => parseInt((v || '0').split('.')[0], 10),
|
|
9
|
+
gt: (a, b) => {
|
|
10
|
+
const [aMaj, aMin, aPat] = (a || '0').split('.').map(n => parseInt(n, 10) || 0);
|
|
11
|
+
const [bMaj, bMin, bPat] = (b || '0').split('.').map(n => parseInt(n, 10) || 0);
|
|
12
|
+
return aMaj !== bMaj ? aMaj > bMaj : aMin !== bMin ? aMin > bMin : aPat > bPat;
|
|
13
|
+
},
|
|
14
|
+
lt: (a, b) => {
|
|
15
|
+
const [aMaj, aMin, aPat] = (a || '0').split('.').map(n => parseInt(n, 10) || 0);
|
|
16
|
+
const [bMaj, bMin, bPat] = (b || '0').split('.').map(n => parseInt(n, 10) || 0);
|
|
17
|
+
return aMaj !== bMaj ? aMaj < bMaj : aMin !== bMin ? aMin < bMin : aPat < bPat;
|
|
18
|
+
},
|
|
19
|
+
};
|
|
20
|
+
// Maximum number of updates accepted in a single validateBulkUpdate call.
|
|
21
|
+
// Without this cap a caller can DoS the validator by passing thousands of
|
|
22
|
+
// update entries — each entry triggers validateUpdate which iterates over
|
|
23
|
+
// COMPATIBILITY_MATRIX and BREAKING_CHANGES.
|
|
24
|
+
const MAX_BULK_UPDATES = 50;
|
|
25
|
+
// Version strings must look like semver (major.minor.patch with optional pre-release)
|
|
26
|
+
// before we use them in string interpolation or comparisons.
|
|
27
|
+
const SEMVER_RE = /^\d+\.\d+\.\d+(-[\w.]+)?(\+[\w.]+)?$/;
|
|
28
|
+
// Package names: scoped (@scope/name) or plain, no shell-special chars.
|
|
29
|
+
const PKG_NAME_RE = /^(@[a-zA-Z0-9][a-zA-Z0-9_.-]*\/)?[a-zA-Z0-9][a-zA-Z0-9_.-]*$/;
|
|
30
|
+
function isSafeVersion(v) {
|
|
31
|
+
return typeof v === 'string' && v.length <= 64 && SEMVER_RE.test(v);
|
|
32
|
+
}
|
|
33
|
+
function isSafePackageName(p) {
|
|
34
|
+
return typeof p === 'string' && p.length <= 200 && PKG_NAME_RE.test(p);
|
|
35
|
+
}
|
|
6
36
|
// Known compatibility matrix between monomind packages
|
|
7
37
|
const COMPATIBILITY_MATRIX = {
|
|
38
|
+
'@monomind/cli': {
|
|
39
|
+
'@monomind/security': { minVersion: '3.0.0-alpha.1' },
|
|
40
|
+
},
|
|
8
41
|
'@monoes/monomindcli': {
|
|
9
42
|
'monofence-ai': { minVersion: '1.0.0' },
|
|
10
43
|
},
|
|
@@ -35,6 +68,18 @@ export function validateUpdate(packageName, fromVersion, toVersion, installedPac
|
|
|
35
68
|
warnings: [],
|
|
36
69
|
requiredPeerUpdates: [],
|
|
37
70
|
};
|
|
71
|
+
// Guard inputs: reject untrusted or malformed strings before they flow into
|
|
72
|
+
// error messages or semver comparisons (which assume well-formed input).
|
|
73
|
+
if (!isSafePackageName(packageName)) {
|
|
74
|
+
result.valid = false;
|
|
75
|
+
result.incompatibilities.push('Invalid package name');
|
|
76
|
+
return result;
|
|
77
|
+
}
|
|
78
|
+
if (!isSafeVersion(fromVersion) || !isSafeVersion(toVersion)) {
|
|
79
|
+
result.valid = false;
|
|
80
|
+
result.incompatibilities.push('Invalid version string(s)');
|
|
81
|
+
return result;
|
|
82
|
+
}
|
|
38
83
|
// Check if this is a major version bump
|
|
39
84
|
if (semver.valid(fromVersion) && semver.valid(toVersion)) {
|
|
40
85
|
const fromMajor = semver.major(fromVersion);
|
|
@@ -93,6 +138,12 @@ export function validateBulkUpdate(updates, currentPackages) {
|
|
|
93
138
|
warnings: [],
|
|
94
139
|
requiredPeerUpdates: [],
|
|
95
140
|
};
|
|
141
|
+
// Cap the number of updates to prevent DoS via large arrays
|
|
142
|
+
if (!Array.isArray(updates) || updates.length > MAX_BULK_UPDATES) {
|
|
143
|
+
combinedResult.valid = false;
|
|
144
|
+
combinedResult.incompatibilities.push(`Too many updates: max ${MAX_BULK_UPDATES} allowed per call`);
|
|
145
|
+
return combinedResult;
|
|
146
|
+
}
|
|
96
147
|
// Create a simulated state after all updates
|
|
97
148
|
const simulatedPackages = { ...currentPackages };
|
|
98
149
|
for (const update of updates) {
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Evaluate a simple boolean expression with variable substitution.
|
|
3
|
+
*
|
|
4
|
+
* 1. Replace `{{variable}}` references using the provided context.
|
|
5
|
+
* 2. Reject any expression containing dangerous patterns.
|
|
6
|
+
* 3. Validate that all remaining tokens are safe.
|
|
7
|
+
* 4. Evaluate using `new Function` with strict mode.
|
|
8
|
+
*/
|
|
9
|
+
export declare function evaluateCondition(expression: string, context: Record<string, unknown>): boolean;
|
|
10
|
+
//# sourceMappingURL=condition-evaluator.d.ts.map
|