npm - monomind - Versions diffs - 1.8.0 → 1.9.0 - Mend

monomind 1.8.0 → 1.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (566) hide show

package/packages/@monomind/cli/dist/src/memory/sona-optimizer.d.ts CHANGED Viewed

@@ -177,7 +177,14 @@ export declare class SONAOptimizer {
      */
     private prunePatterns;
     /**
-     * Validate pattern structure
+     * Validate pattern structure with strict bounds.
+     * SECURITY: confidence/keywords/agent fields must be bounds-checked to
+     * defeat poisoning. typeof NaN === 'number' and typeof Infinity === 'number'
+     * pass the loose typeof check; without bounds, an attacker who writes
+     * sona-patterns.json (poisoned bundle, malicious test fixture, co-located
+     * compromise) can inject `confidence: 1e308` to deterministically win
+     * every routing decision via findBestPatternMatch's `score = matchRatio *
+     * confidence`. Mirrors the pattern in intelligence.ts:loadFromDisk.
      */
     private validatePattern;
     /**

package/packages/@monomind/cli/dist/src/memory/sona-optimizer.js CHANGED Viewed

@@ -13,7 +13,7 @@
  *
  * @module v1/cli/memory/sona-optimizer
  */
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'fs';
+import { existsSync, mkdirSync, readFileSync, renameSync, writeFileSync } from 'fs';
 import { dirname, join } from 'path';
 // ============================================================================
 // Constants
@@ -483,17 +483,32 @@ export class SONAOptimizer {
         }
     }
     /**
-     * Validate pattern structure
+     * Validate pattern structure with strict bounds.
+     * SECURITY: confidence/keywords/agent fields must be bounds-checked to
+     * defeat poisoning. typeof NaN === 'number' and typeof Infinity === 'number'
+     * pass the loose typeof check; without bounds, an attacker who writes
+     * sona-patterns.json (poisoned bundle, malicious test fixture, co-located
+     * compromise) can inject `confidence: 1e308` to deterministically win
+     * every routing decision via findBestPatternMatch's `score = matchRatio *
+     * confidence`. Mirrors the pattern in intelligence.ts:loadFromDisk.
      */
     validatePattern(pattern) {
         if (!pattern || typeof pattern !== 'object')
             return false;
         const p = pattern;
-        return (Array.isArray(p.keywords) &&
-            typeof p.agent === 'string' &&
-            typeof p.confidence === 'number' &&
-            typeof p.successCount === 'number' &&
-            typeof p.failureCount === 'number');
+        if (!Array.isArray(p.keywords) || p.keywords.length > 64)
+            return false;
+        if (!p.keywords.every(k => typeof k === 'string' && k.length > 0 && k.length <= 128))
+            return false;
+        if (typeof p.agent !== 'string' || p.agent.length === 0 || p.agent.length > 128)
+            return false;
+        if (typeof p.confidence !== 'number' || !Number.isFinite(p.confidence) || p.confidence < 0 || p.confidence > 1)
+            return false;
+        if (typeof p.successCount !== 'number' || !Number.isFinite(p.successCount) || p.successCount < 0 || p.successCount > 1e9)
+            return false;
+        if (typeof p.failureCount !== 'number' || !Number.isFinite(p.failureCount) || p.failureCount < 0 || p.failureCount > 1e9)
+            return false;
+        return true;
     }
     /**
      * Load patterns from disk
@@ -557,7 +572,9 @@ export class SONAOptimizer {
                     savedAt: new Date().toISOString(),
                 },
             };
-            writeFileSync(fullPath, JSON.stringify(state, null, 2));
+            const tmp = fullPath + '.tmp';
+            writeFileSync(tmp, JSON.stringify(state, null, 2));
+            renameSync(tmp, fullPath);
             return true;
         }
         catch (err) {

package/packages/@monomind/cli/dist/src/observability/replay-reader.d.ts ADDED Viewed

@@ -0,0 +1,40 @@
+/**
+ * ReplayReader
+ *
+ * Reads session files from .monomind/sessions/ for replay and listing.
+ * Session files follow the pattern session-{id}.json. current.json is a
+ * regular file (not a symlink) pointing to the active session data.
+ */
+export interface SessionSummary {
+    id: string;
+    startedAt: string;
+    endedAt?: string;
+    tokenUsage?: {
+        total?: number;
+    };
+    taskCount?: number;
+    filePath: string;
+}
+export interface SessionReplay extends SessionSummary {
+    raw: Record<string, unknown>;
+}
+export declare class ReplayReader {
+    private sessionsDir;
+    constructor(cwd?: string);
+    /**
+     * Find and return the session data for a given session ID.
+     * The ID may be a bare ID (e.g. "session-1234567890") or a timestamp number.
+     * Falls back to current.json if the id matches the current session.
+     */
+    show(sessionId: string): Promise<SessionReplay | null>;
+    /**
+     * List sessions ordered by startedAt descending (most recent first).
+     * current.json is excluded — only persisted session-*.json files are listed.
+     */
+    list(limit?: number): Promise<SessionSummary[]>;
+    private parseReplay;
+    private parseSummary;
+    private buildSummary;
+    private readJson;
+}
+//# sourceMappingURL=replay-reader.d.ts.map

package/packages/@monomind/cli/dist/src/observability/replay-reader.js ADDED Viewed

@@ -0,0 +1,138 @@
+/**
+ * ReplayReader
+ *
+ * Reads session files from .monomind/sessions/ for replay and listing.
+ * Session files follow the pattern session-{id}.json. current.json is a
+ * regular file (not a symlink) pointing to the active session data.
+ */
+import { readdirSync, readFileSync, existsSync, statSync } from 'fs';
+import { join, sep, resolve } from 'path';
+export class ReplayReader {
+    sessionsDir;
+    constructor(cwd = process.cwd()) {
+        this.sessionsDir = join(cwd, '.monomind', 'sessions');
+    }
+    /**
+     * Find and return the session data for a given session ID.
+     * The ID may be a bare ID (e.g. "session-1234567890") or a timestamp number.
+     * Falls back to current.json if the id matches the current session.
+     */
+    async show(sessionId) {
+        if (!existsSync(this.sessionsDir)) {
+            return null;
+        }
+        // Normalize: allow bare numeric IDs or full "session-<id>" form
+        const normalized = sessionId.startsWith('session-')
+            ? sessionId
+            : `session-${sessionId}`;
+        // Guard against path traversal (e.g. sessionId = "../../../etc/passwd")
+        const filePath = join(this.sessionsDir, `${normalized}.json`);
+        if (!resolve(filePath).startsWith(resolve(this.sessionsDir) + sep))
+            return null;
+        if (existsSync(filePath)) {
+            return this.parseReplay(filePath);
+        }
+        // Fall back to current.json if the id matches
+        const currentPath = join(this.sessionsDir, 'current.json');
+        if (existsSync(currentPath)) {
+            const current = this.parseReplay(currentPath);
+            if (current && (current.id === sessionId || current.id === normalized)) {
+                return current;
+            }
+        }
+        return null;
+    }
+    /**
+     * List sessions ordered by startedAt descending (most recent first).
+     * current.json is excluded — only persisted session-*.json files are listed.
+     */
+    async list(limit = 20) {
+        if (!existsSync(this.sessionsDir)) {
+            return [];
+        }
+        let entries;
+        try {
+            entries = readdirSync(this.sessionsDir);
+        }
+        catch {
+            return [];
+        }
+        const summaries = [];
+        for (const entry of entries) {
+            if (!entry.startsWith('session-') || !entry.endsWith('.json')) {
+                continue;
+            }
+            const filePath = join(this.sessionsDir, entry);
+            const summary = this.parseSummary(filePath);
+            if (summary) {
+                summaries.push(summary);
+            }
+        }
+        // Sort by startedAt descending; push invalid dates to the end
+        summaries.sort((a, b) => {
+            const ta = new Date(a.startedAt).getTime();
+            const tb = new Date(b.startedAt).getTime();
+            if (isNaN(ta) && isNaN(tb))
+                return 0;
+            if (isNaN(ta))
+                return 1;
+            if (isNaN(tb))
+                return -1;
+            return tb - ta;
+        });
+        return summaries.slice(0, limit);
+    }
+    // ── private helpers ──────────────────────────────────────────────────────────
+    parseReplay(filePath) {
+        const raw = this.readJson(filePath);
+        if (!raw)
+            return null;
+        const summary = this.buildSummary(raw, filePath);
+        if (!summary)
+            return null;
+        return { ...summary, raw };
+    }
+    parseSummary(filePath) {
+        const raw = this.readJson(filePath);
+        if (!raw)
+            return null;
+        return this.buildSummary(raw, filePath);
+    }
+    buildSummary(raw, filePath) {
+        const id = typeof raw.id === 'string' ? raw.id : null;
+        const startedAt = typeof raw.startedAt === 'string' ? raw.startedAt : null;
+        if (!id || !startedAt)
+            return null;
+        const endedAt = typeof raw.endedAt === 'string' ? raw.endedAt : undefined;
+        // tokenUsage is not present in current session files but kept optional per interface
+        const tokenUsage = raw.tokenUsage && typeof raw.tokenUsage === 'object'
+            ? raw.tokenUsage
+            : undefined;
+        // taskCount comes from metrics.tasks
+        const metrics = raw.metrics && typeof raw.metrics === 'object'
+            ? raw.metrics
+            : undefined;
+        const taskCount = metrics && typeof metrics.tasks === 'number' ? metrics.tasks : undefined;
+        return { id, startedAt, endedAt, tokenUsage, taskCount, filePath };
+    }
+    readJson(filePath) {
+        try {
+            // Hard size cap. Without this, a single planted multi-GB session-*.json
+            // (or a runaway log) crashes the CLI with allocation failure when
+            // any code path touches `list()` or `show()`.
+            const stat = statSync(filePath);
+            if (stat.size > 25 * 1024 * 1024)
+                return null;
+            const content = readFileSync(filePath, 'utf-8');
+            const parsed = JSON.parse(content);
+            if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+                return parsed;
+            }
+            return null;
+        }
+        catch {
+            return null;
+        }
+    }
+}
+//# sourceMappingURL=replay-reader.js.map

package/packages/@monomind/cli/dist/src/orchestration/routing-modes.js CHANGED Viewed

@@ -10,6 +10,18 @@ import { SharedScratchpad } from '../../../shared/src/scratchpad.js';
 // ---------------------------------------------------------------------------
 // Abstract executor
 // ---------------------------------------------------------------------------
+const SLUG_RE = /^[a-z0-9][a-z0-9\-]{0,63}$/;
+const MAX_TASK_BYTES = 64 * 1024;
+function assertSlug(value, name) {
+    if (!SLUG_RE.test(value))
+        throw new Error(`Invalid agent slug for ${name}: ${JSON.stringify(value)}`);
+}
+function assertTask(task) {
+    if (!task || task.trim().length === 0)
+        throw new Error('task must not be empty');
+    if (task.length > MAX_TASK_BYTES)
+        throw new Error(`task exceeds maximum length (${MAX_TASK_BYTES} bytes)`);
+}
 export class ModeExecutor {
     dispatcher;
     constructor(dispatcher) {
@@ -21,6 +33,8 @@ export class ModeExecutor {
 // ---------------------------------------------------------------------------
 export class RouteModeExecutor extends ModeExecutor {
     async execute(config) {
+        assertSlug(config.agentSlug, 'agentSlug');
+        assertTask(config.task);
         const start = Date.now();
         const result = await this.dispatcher.dispatch(config.agentSlug, config.task);
         return {
@@ -48,7 +62,7 @@ export function parsePlan(output) {
         const parsed = JSON.parse(raw);
         if (Array.isArray(parsed))
             return parsed.map(String);
-        if (Array.isArray(parsed.subtasks))
+        if (parsed !== null && typeof parsed === 'object' && Array.isArray(parsed.subtasks))
             return parsed.subtasks.map(String);
     }
     catch {
@@ -58,9 +72,12 @@ export function parsePlan(output) {
 }
 export class CoordinateModeExecutor extends ModeExecutor {
     async execute(config) {
+        assertTask(config.task);
         const start = Date.now();
         const plannerSlug = config.plannerSlug ?? 'planner';
         const synthesizerSlug = config.synthesizerSlug ?? 'hierarchical-coordinator';
+        assertSlug(plannerSlug, 'plannerSlug');
+        assertSlug(synthesizerSlug, 'synthesizerSlug');
         const maxSubtasks = config.maxSubtasks ?? 8;
         const totalTokens = { input: 0, output: 0 };
         const agents = [plannerSlug];
@@ -103,9 +120,18 @@ export class CoordinateModeExecutor extends ModeExecutor {
 // ---------------------------------------------------------------------------
 export class CollaborateModeExecutor extends ModeExecutor {
     async execute(config) {
+        assertTask(config.task);
+        assertSlug(config.agentA, 'agentA');
+        assertSlug(config.agentB, 'agentB');
         const start = Date.now();
-        const maxIterations = config.maxIterations ?? 5;
-        const convergencePhrase = config.convergencePhrase ?? 'APPROVED';
+        // Cap iterations: each iteration costs 2 LLM dispatches; an unbounded value
+        // turns this into an unbounded token-cost / OOM vector.
+        const maxIterations = Math.max(1, Math.min(config.maxIterations ?? 5, 20));
+        // Reject empty/short convergence phrase — empty string would make
+        // String(bResult.output).includes('') return true on iteration 1, bypassing
+        // the entire iterative review and locking in whatever Agent B produced.
+        const rawPhrase = (config.convergencePhrase ?? 'APPROVED').trim();
+        const convergencePhrase = rawPhrase.length >= 3 ? rawPhrase : 'APPROVED';
         const pad = new SharedScratchpad();
         const totalTokens = { input: 0, output: 0 };
         let lastOutput;
@@ -119,8 +145,12 @@ export class CollaborateModeExecutor extends ModeExecutor {
             pad.append(config.agentB, String(bResult.output));
             this.addTokens(totalTokens, bResult.tokenUsage);
             lastOutput = bResult.output;
-            // Convergence check
-            if (String(bResult.output).includes(convergencePhrase)) {
+            // Convergence check — require the phrase as a stand-alone token so that
+            // an attacker who controls Agent A's output cannot embed `APPROVED` in
+            // prose and force premature convergence on iteration 1.
+            const escaped = convergencePhrase.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+            const convergenceRe = new RegExp(`(^|\\W)${escaped}(\\W|$)`);
+            if (convergenceRe.test(String(bResult.output))) {
                 return {
                     mode: 'collaborate',
                     output: lastOutput,

package/packages/@monomind/cli/dist/src/parser.d.ts CHANGED Viewed

@@ -27,6 +27,14 @@ export declare class CommandParser {
     registerCommand(command: Command): void;
     getCommand(name: string): Command | undefined;
     getAllCommands(): Command[];
+    /**
+     * Reserved keys that would either pollute the prototype chain (`__proto__`,
+     * `constructor`, `prototype`) or shadow `Object.prototype` methods that
+     * downstream consumers commonly call (`hasOwnProperty`, `toString`,
+     * `valueOf`, `isPrototypeOf`, `propertyIsEnumerable`). All are rejected.
+     */
+    private static readonly RESERVED_FLAG_KEYS;
+    private setFlagSafe;
     parse(args: string[]): ParseResult;
     private parseFlag;
     private parseValue;

package/packages/@monomind/cli/dist/src/parser.js CHANGED Viewed

@@ -96,6 +96,21 @@ export class CommandParser {
             return true;
         });
     }
+    /**
+     * Reserved keys that would either pollute the prototype chain (`__proto__`,
+     * `constructor`, `prototype`) or shadow `Object.prototype` methods that
+     * downstream consumers commonly call (`hasOwnProperty`, `toString`,
+     * `valueOf`, `isPrototypeOf`, `propertyIsEnumerable`). All are rejected.
+     */
+    static RESERVED_FLAG_KEYS = new Set([
+        '__proto__', 'constructor', 'prototype',
+        'hasOwnProperty', 'toString', 'valueOf', 'isPrototypeOf', 'propertyIsEnumerable',
+    ]);
+    setFlagSafe(flags, key, value) {
+        if (CommandParser.RESERVED_FLAG_KEYS.has(key))
+            return;
+        flags[key] = value;
+    }
     parse(args) {
         const result = {
             command: [],
@@ -193,25 +208,37 @@ export class CommandParser {
                 // --flag=value
                 const key = arg.slice(2, equalIndex);
                 const value = arg.slice(equalIndex + 1);
-                flags[this.normalizeKey(key)] = this.parseValue(value);
+                this.setFlagSafe(flags, this.normalizeKey(key), this.parseValue(value));
             }
             else if (arg.startsWith('--no-')) {
-                // --no-flag (boolean negation)
+                // --no-flag (boolean negation) — only accept for declared boolean flags
+                // so attackers can't covertly toggle off arbitrary security controls
+                // (--no-verify-signature, --no-confirm, etc.) when the underlying flag
+                // doesn't exist as a boolean option. Unknown --no-X is treated as a
+                // string flag passed verbatim, which validation can then reject.
                 const key = arg.slice(5);
-                flags[this.normalizeKey(key)] = false;
+                const normalizedKey = this.normalizeKey(key);
+                if (booleanFlags.has(normalizedKey)) {
+                    this.setFlagSafe(flags, normalizedKey, false);
+                }
+                else {
+                    // Record under the prefixed name so it surfaces as unknown rather
+                    // than silently downgrading any flag the user happens to spell.
+                    this.setFlagSafe(flags, this.normalizeKey('no-' + key), true);
+                }
             }
             else {
                 const key = arg.slice(2);
                 const normalizedKey = this.normalizeKey(key);
                 if (booleanFlags.has(normalizedKey)) {
-                    flags[normalizedKey] = true;
+                    this.setFlagSafe(flags, normalizedKey, true);
                 }
                 else if (nextIndex < args.length && !args[nextIndex].startsWith('-')) {
-                    flags[normalizedKey] = this.parseValue(args[nextIndex]);
+                    this.setFlagSafe(flags, normalizedKey, this.parseValue(args[nextIndex]));
                     nextIndex++;
                 }
                 else {
-                    flags[normalizedKey] = true;
+                    this.setFlagSafe(flags, normalizedKey, true);
                 }
             }
         }
@@ -223,21 +250,21 @@ export class CommandParser {
                 const key = aliases[chars] || chars;
                 const normalizedKey = this.normalizeKey(key);
                 if (booleanFlags.has(normalizedKey)) {
-                    flags[normalizedKey] = true;
+                    this.setFlagSafe(flags, normalizedKey, true);
                 }
                 else if (nextIndex < args.length && !args[nextIndex].startsWith('-')) {
-                    flags[normalizedKey] = this.parseValue(args[nextIndex]);
+                    this.setFlagSafe(flags, normalizedKey, this.parseValue(args[nextIndex]));
                     nextIndex++;
                 }
                 else {
-                    flags[normalizedKey] = true;
+                    this.setFlagSafe(flags, normalizedKey, true);
                 }
             }
             else {
                 // Multiple short flags combined (e.g., -abc)
                 for (const char of chars) {
                     const key = aliases[char] || char;
-                    flags[this.normalizeKey(key)] = true;
+                    this.setFlagSafe(flags, this.normalizeKey(key), true);
                 }
             }
         }
@@ -249,10 +276,17 @@ export class CommandParser {
             return true;
         if (value.toLowerCase() === 'false')
             return false;
-        // Number
-        const num = Number(value);
-        if (!isNaN(num) && value.trim() !== '')
-            return num;
+        // Number — only coerce if the string is unambiguously a canonical number.
+        // The previous code coerced any numeric-looking string, which silently
+        // dropped leading zeros ("00042" → 42), mangled IDs/tokens above
+        // Number.MAX_SAFE_INTEGER, and could cause tenant/identity mix-ups when
+        // downstream consumers strict-equal-compared against stored strings.
+        if (value.trim() !== '' && /^-?(0|[1-9]\d*)(\.\d+)?([eE][+-]?\d+)?$/.test(value)) {
+            const num = Number(value);
+            if (Number.isFinite(num) && Number.isSafeInteger(num) || (!Number.isInteger(num) && Number.isFinite(num))) {
+                return num;
+            }
+        }
         // String
         return value;
     }