nemoris 0.1.0 → 0.1.2

package/src/daemon/healing-tick.js

@@ -1,87 +1,87 @@
-import { BUILT_IN_RULES, matchRule, isCoolingDown } from "./rules.js";
-
-export class HealingTick {
-  constructor({ repairLog, ruleStaging, executeAction, notify, queueNurseJob }) {
-    this.repairLog = repairLog;
-    this.ruleStaging = ruleStaging;
-    this.executeAction = executeAction;
-    this.notify = notify || (async () => {});
-    this.queueNurseJob = queueNurseJob || (async () => {});
-    this._running = false;
-    this._failureQueue = [];
-  }
-
-  isRunning() {
-    return this._running;
-  }
-
-  _getAllRules() {
-    const staged = this.ruleStaging.getActiveRules();
-    return [...BUILT_IN_RULES, ...staged];
-  }
-
-  async runTick(failures) {
-    if (this._running) return { skipped: true };
-    this._running = true;
-    try {
-      const results = [];
-      for (const failure of failures) {
-        results.push(await this._processFailure(failure));
-      }
-      return { skipped: false, results };
-    } finally {
-      this._running = false;
-    }
-  }
-
-  async handleFailure(failure) {
-    return this.runTick([failure]);
-  }
-
-  async _processFailure({ type, context }) {
-    const allRules = this._getAllRules();
-    const rule = matchRule(type, context, allRules);
-
-    if (!rule) {
-      this.repairLog.write({
-        source: "daemon", type,
-        context: context ? JSON.stringify(context) : null,
-        action: "escalate", result: "escalated",
-        severity: "critical", escalated: 1
-      });
-      await this.queueNurseJob({ type, context });
-      return;
-    }
-
-    if (isCoolingDown(rule, this.repairLog)) return;
-
-    const success = await this.executeAction(rule.action, context);
-
-    this.repairLog.write({
-      source: "daemon", type,
-      context: context ? JSON.stringify(context) : null,
-      action: rule.action,
-      result: success ? "resolved" : "unresolved",
-      severity: rule.severity
-    });
-
-    if (rule.severity === "notable" || rule.severity === "critical") {
-      await this.notify(rule.severity, `[${type}] Action: ${rule.action}, Result: ${success ? "resolved" : "unresolved"}`);
-    }
-  }
-
-  promoteReadyRules() {
-    const pending = this.ruleStaging.getPendingAutoPromote();
-    for (const rule of pending) {
-      this.ruleStaging.promote(rule.id);
-    }
-    return pending.length;
-  }
-
-  runMaintenanceSweep() {
-    const expiredRules = this.ruleStaging.expirePending();
-    const prunedEntries = this.repairLog.pruneResolved(90);
-    const promoted = this.promoteReadyRules();
-    return { expiredRules, prunedEntries, promoted };
-  }
-}
+import { BUILT_IN_RULES, matchRule, isCoolingDown } from "./rules.js";
+
+export class HealingTick {
+  constructor({ repairLog, ruleStaging, executeAction, notify, queueNurseJob }) {
+    this.repairLog = repairLog;
+    this.ruleStaging = ruleStaging;
+    this.executeAction = executeAction;
+    this.notify = notify || (async () => {});
+    this.queueNurseJob = queueNurseJob || (async () => {});
+    this._running = false;
+    this._failureQueue = [];
+  }
+
+  isRunning() {
+    return this._running;
+  }
+
+  _getAllRules() {
+    const staged = this.ruleStaging.getActiveRules();
+    return [...BUILT_IN_RULES, ...staged];
+  }
+
+  async runTick(failures) {
+    if (this._running) return { skipped: true };
+    this._running = true;
+    try {
+      const results = [];
+      for (const failure of failures) {
+        results.push(await this._processFailure(failure));
+      }
+      return { skipped: false, results };
+    } finally {
+      this._running = false;
+    }
+  }
+
+  async handleFailure(failure) {
+    return this.runTick([failure]);
+  }
+
+  async _processFailure({ type, context }) {
+    const allRules = this._getAllRules();
+    const rule = matchRule(type, context, allRules);
+
+    if (!rule) {
+      this.repairLog.write({
+        source: "daemon", type,
+        context: context ? JSON.stringify(context) : null,
+        action: "escalate", result: "escalated",
+        severity: "critical", escalated: 1
+      });
+      await this.queueNurseJob({ type, context });
+      return;
+    }
+
+    if (isCoolingDown(rule, this.repairLog)) return;
+
+    const success = await this.executeAction(rule.action, context);
+
+    this.repairLog.write({
+      source: "daemon", type,
+      context: context ? JSON.stringify(context) : null,
+      action: rule.action,
+      result: success ? "resolved" : "unresolved",
+      severity: rule.severity
+    });
+
+    if (rule.severity === "notable" || rule.severity === "critical") {
+      await this.notify(rule.severity, `[${type}] Action: ${rule.action}, Result: ${success ? "resolved" : "unresolved"}`);
+    }
+  }
+
+  promoteReadyRules() {
+    const pending = this.ruleStaging.getPendingAutoPromote();
+    for (const rule of pending) {
+      this.ruleStaging.promote(rule.id);
+    }
+    return pending.length;
+  }
+
+  runMaintenanceSweep() {
+    const expiredRules = this.ruleStaging.expirePending();
+    const prunedEntries = this.repairLog.pruneResolved(90);
+    const promoted = this.promoteReadyRules();
+    return { expiredRules, prunedEntries, promoted };
+  }
+}

package/src/daemon/health-probes.js

@@ -1,90 +1,90 @@
-import { inspectOutboundUrl, OUTBOUND_ADDRESS_POLICY } from "../security/ssrf-check.js";
-
-const MEMORY_BLOAT_ROW_THRESHOLD = 10_000;
-const MEMORY_BLOAT_SIZE_THRESHOLD = 500 * 1024 * 1024; // 500MB
-const EMBEDDING_DRIFT_THRESHOLD = 0.10; // 10%
-
-export async function checkProvider(providerId, endpoint, fetchImpl) {
-  try {
-    // Health probes may hit operator-configured provider endpoints, so enforce
-    // the same outbound SSRF policy as live provider traffic.
-    const inspection = await inspectOutboundUrl(endpoint, {
-      addressPolicy: providerId === "ollama" ? OUTBOUND_ADDRESS_POLICY.REQUIRE_LOOPBACK : OUTBOUND_ADDRESS_POLICY.BLOCK_PRIVATE,
-      loopbackOnlyMessage: `Ollama base URL must resolve to loopback only; refusing ${endpoint}.`,
-      privateAddressMessage: `Provider request blocked — target resolves to a private/reserved IP address for ${providerId}.`,
-    });
-    if (!inspection.ok) {
-      return { status: "failure", type: "provider_blocked", provider: providerId, error: inspection.reason };
-    }
-    const res = await fetchImpl(endpoint, { method: "HEAD", signal: AbortSignal.timeout(5000) });
-    if (res.ok) return { status: "ok", provider: providerId };
-    if (res.status >= 500) return { status: "failure", type: "provider_5xx", provider: providerId, code: res.status };
-    if (res.status === 429) return { status: "failure", type: "provider_rate_limit", provider: providerId, code: 429 };
-    if (res.status === 401 || res.status === 403) return { status: "failure", type: "provider_auth", provider: providerId, code: res.status };
-    return { status: "failure", type: "provider_client_error", provider: providerId, code: res.status };
-  } catch (err) {
-    return { status: "failure", type: "provider_timeout", provider: providerId, error: err.message };
-  }
-}
-
-export async function checkMcp(serverId, client) {
-  if (!client || !client.isAlive()) {
-    return { status: "failure", type: "mcp_exit", server: serverId };
-  }
-  try {
-    const pong = await Promise.race([
-      client.ping ? client.ping() : Promise.resolve(true),
-      new Promise((_, reject) => setTimeout(() => reject(new Error("timeout")), 2000))
-    ]);
-    return { status: "ok", server: serverId };
-  } catch {
-    return { status: "failure", type: "mcp_timeout", server: serverId };
-  }
-}
-
-export function checkStaleJobs(stateStore) {
-  try {
-    const running = stateStore.db.prepare(
-      "SELECT job_id FROM interactive_jobs WHERE status = 'running' AND created_at < datetime('now', '-5 minutes')"
-    ).all();
-    if (running.length > 0) {
-      return { status: "failure", type: "stale_job", staleCount: running.length, jobIds: running.map(r => r.job_id) };
-    }
-    return { status: "ok" };
-  } catch {
-    return { status: "ok" };
-  }
-}
-
-export function checkDelivery(lastSendResult) {
-  if (!lastSendResult) return { status: "ok" };
-  if (!lastSendResult.ok) {
-    return {
-      status: "failure",
-      type: "delivery_api_fail",
-      error_code: lastSendResult.error_code,
-      description: lastSendResult.description
-    };
-  }
-  if (!lastSendResult.result?.message_id) {
-    return { status: "failure", type: "delivery_silent_drop" };
-  }
-  return { status: "ok", message_id: lastSendResult.result.message_id };
-}
-
-export function checkMemoryHealth(db, stats) {
-  const { sessionRowCount, dbFileSizeBytes, embeddingIndexCount, embeddingSourceCount } = stats;
-
-  if (sessionRowCount > MEMORY_BLOAT_ROW_THRESHOLD || dbFileSizeBytes > MEMORY_BLOAT_SIZE_THRESHOLD) {
-    return { status: "failure", type: "memory_bloat", sessionRowCount, dbFileSizeBytes };
-  }
-
-  if (embeddingSourceCount > 0) {
-    const drift = Math.abs(embeddingIndexCount - embeddingSourceCount) / embeddingSourceCount;
-    if (drift > EMBEDDING_DRIFT_THRESHOLD) {
-      return { status: "failure", type: "embedding_drift", drift: Math.round(drift * 100), embeddingIndexCount, embeddingSourceCount };
-    }
-  }
-
-  return { status: "ok" };
-}
+import { inspectOutboundUrl, OUTBOUND_ADDRESS_POLICY } from "../security/ssrf-check.js";
+
+const MEMORY_BLOAT_ROW_THRESHOLD = 10_000;
+const MEMORY_BLOAT_SIZE_THRESHOLD = 500 * 1024 * 1024; // 500MB
+const EMBEDDING_DRIFT_THRESHOLD = 0.10; // 10%
+
+export async function checkProvider(providerId, endpoint, fetchImpl) {
+  try {
+    // Health probes may hit operator-configured provider endpoints, so enforce
+    // the same outbound SSRF policy as live provider traffic.
+    const inspection = await inspectOutboundUrl(endpoint, {
+      addressPolicy: providerId === "ollama" ? OUTBOUND_ADDRESS_POLICY.REQUIRE_LOOPBACK : OUTBOUND_ADDRESS_POLICY.BLOCK_PRIVATE,
+      loopbackOnlyMessage: `Ollama base URL must resolve to loopback only; refusing ${endpoint}.`,
+      privateAddressMessage: `Provider request blocked — target resolves to a private/reserved IP address for ${providerId}.`,
+    });
+    if (!inspection.ok) {
+      return { status: "failure", type: "provider_blocked", provider: providerId, error: inspection.reason };
+    }
+    const res = await fetchImpl(endpoint, { method: "HEAD", signal: AbortSignal.timeout(5000) });
+    if (res.ok) return { status: "ok", provider: providerId };
+    if (res.status >= 500) return { status: "failure", type: "provider_5xx", provider: providerId, code: res.status };
+    if (res.status === 429) return { status: "failure", type: "provider_rate_limit", provider: providerId, code: 429 };
+    if (res.status === 401 || res.status === 403) return { status: "failure", type: "provider_auth", provider: providerId, code: res.status };
+    return { status: "failure", type: "provider_client_error", provider: providerId, code: res.status };
+  } catch (err) {
+    return { status: "failure", type: "provider_timeout", provider: providerId, error: err.message };
+  }
+}
+
+export async function checkMcp(serverId, client) {
+  if (!client || !client.isAlive()) {
+    return { status: "failure", type: "mcp_exit", server: serverId };
+  }
+  try {
+    const pong = await Promise.race([
+      client.ping ? client.ping() : Promise.resolve(true),
+      new Promise((_, reject) => setTimeout(() => reject(new Error("timeout")), 2000))
+    ]);
+    return { status: "ok", server: serverId };
+  } catch {
+    return { status: "failure", type: "mcp_timeout", server: serverId };
+  }
+}
+
+export function checkStaleJobs(stateStore) {
+  try {
+    const running = stateStore.db.prepare(
+      "SELECT job_id FROM interactive_jobs WHERE status = 'running' AND created_at < datetime('now', '-5 minutes')"
+    ).all();
+    if (running.length > 0) {
+      return { status: "failure", type: "stale_job", staleCount: running.length, jobIds: running.map(r => r.job_id) };
+    }
+    return { status: "ok" };
+  } catch {
+    return { status: "ok" };
+  }
+}
+
+export function checkDelivery(lastSendResult) {
+  if (!lastSendResult) return { status: "ok" };
+  if (!lastSendResult.ok) {
+    return {
+      status: "failure",
+      type: "delivery_api_fail",
+      error_code: lastSendResult.error_code,
+      description: lastSendResult.description
+    };
+  }
+  if (!lastSendResult.result?.message_id) {
+    return { status: "failure", type: "delivery_silent_drop" };
+  }
+  return { status: "ok", message_id: lastSendResult.result.message_id };
+}
+
+export function checkMemoryHealth(db, stats) {
+  const { sessionRowCount, dbFileSizeBytes, embeddingIndexCount, embeddingSourceCount } = stats;
+
+  if (sessionRowCount > MEMORY_BLOAT_ROW_THRESHOLD || dbFileSizeBytes > MEMORY_BLOAT_SIZE_THRESHOLD) {
+    return { status: "failure", type: "memory_bloat", sessionRowCount, dbFileSizeBytes };
+  }
+
+  if (embeddingSourceCount > 0) {
+    const drift = Math.abs(embeddingIndexCount - embeddingSourceCount) / embeddingSourceCount;
+    if (drift > EMBEDDING_DRIFT_THRESHOLD) {
+      return { status: "failure", type: "embedding_drift", drift: Math.round(drift * 100), embeddingIndexCount, embeddingSourceCount };
+    }
+  }
+
+  return { status: "ok" };
+}

package/src/daemon/notifier.js

@@ -1,57 +1,57 @@
-const TEMPLATES = {
-  mcp_exit: {
-    resolved: (ctx) => `Your ${capitalize(ctx?.server || "service")} connection dropped. I restarted it, you're good.`,
-    unresolved: (ctx, diag) => `I couldn't fix the ${capitalize(ctx?.server || "service")} connection. ${diag ? `Here's what I found: ${diag}` : ""}`,
-  },
-  mcp_timeout: {
-    resolved: (ctx) => `${capitalize(ctx?.server || "Service")} was unresponsive. Restarted it.`,
-    unresolved: (ctx, diag) => `${capitalize(ctx?.server || "Service")} keeps hanging. ${diag || "Manual check needed."}`,
-  },
-  provider_5xx: {
-    resolved: (ctx) => `${capitalize(ctx?.provider || "Provider")} returned an error (${ctx?.code || "5xx"}). Switched to fallback.`,
-  },
-  update_applied: {
-    resolved: (ctx) => `Updated ${ctx?.update_target || "system"} to ${ctx?.to_version || "latest"}.`,
-  },
-  update_held: {
-    held: (ctx) => `${packageName(ctx?.update_target || "Package")} ${ctx?.to_version || ""} available (${ctx?.semver_class || "update"}). Reply /approve <id> to update.`,
-  },
-  update_rollback: {
-    resolved: (ctx) => `Tried updating ${ctx?.update_target || "system"} to ${ctx?.to_version || ""}. Failed smoke test, rolled back safely.`,
-  },
-};
-
-const KNOWN_NAMES = {
-  github: "GitHub",
-  gitlab: "GitLab",
-  openai: "OpenAI",
-  anthropic: "Anthropic",
-  npm: "npm",
-};
-
-// Strip registry prefix (e.g. "npm:express" → "express") without changing casing
-function packageName(s) {
-  if (!s) return "";
-  return s.replace(/^[a-z]+:/, "");
-}
-
-function capitalize(s) {
-  if (!s) return "";
-  const lower = s.toLowerCase();
-  if (KNOWN_NAMES[lower]) return KNOWN_NAMES[lower];
-  // Strip common prefixes like "npm:" for display
-  const stripped = s.replace(/^[a-z]+:/, "");
-  return stripped.charAt(0).toUpperCase() + stripped.slice(1);
-}
-
-export function composePlainEnglish({ type, action, result, context, diagnosis }) {
-  const ctx = typeof context === "string" ? JSON.parse(context) : (context || {});
-  const template = TEMPLATES[type]?.[result];
-  if (template) return template(ctx, diagnosis);
-
-  // Fallback for unknown types
-  if (result === "resolved") return `Fixed: ${type.replace(/_/g, " ")}. Action: ${action?.replace(/_/g, " ") || "auto"}.`;
-  if (result === "unresolved") return `I couldn't fix: ${type.replace(/_/g, " ")}. ${diagnosis || "Manual check needed."}`;
-  if (result === "held") return `Awaiting approval: ${type.replace(/_/g, " ")}. Reply /approve <id>.`;
-  return `[${type}] ${action} → ${result}`;
-}
+const TEMPLATES = {
+  mcp_exit: {
+    resolved: (ctx) => `Your ${capitalize(ctx?.server || "service")} connection dropped. I restarted it, you're good.`,
+    unresolved: (ctx, diag) => `I couldn't fix the ${capitalize(ctx?.server || "service")} connection. ${diag ? `Here's what I found: ${diag}` : ""}`,
+  },
+  mcp_timeout: {
+    resolved: (ctx) => `${capitalize(ctx?.server || "Service")} was unresponsive. Restarted it.`,
+    unresolved: (ctx, diag) => `${capitalize(ctx?.server || "Service")} keeps hanging. ${diag || "Manual check needed."}`,
+  },
+  provider_5xx: {
+    resolved: (ctx) => `${capitalize(ctx?.provider || "Provider")} returned an error (${ctx?.code || "5xx"}). Switched to fallback.`,
+  },
+  update_applied: {
+    resolved: (ctx) => `Updated ${ctx?.update_target || "system"} to ${ctx?.to_version || "latest"}.`,
+  },
+  update_held: {
+    held: (ctx) => `${packageName(ctx?.update_target || "Package")} ${ctx?.to_version || ""} available (${ctx?.semver_class || "update"}). Reply /approve <id> to update.`,
+  },
+  update_rollback: {
+    resolved: (ctx) => `Tried updating ${ctx?.update_target || "system"} to ${ctx?.to_version || ""}. Failed smoke test, rolled back safely.`,
+  },
+};
+
+const KNOWN_NAMES = {
+  github: "GitHub",
+  gitlab: "GitLab",
+  openai: "OpenAI",
+  anthropic: "Anthropic",
+  npm: "npm",
+};
+
+// Strip registry prefix (e.g. "npm:express" → "express") without changing casing
+function packageName(s) {
+  if (!s) return "";
+  return s.replace(/^[a-z]+:/, "");
+}
+
+function capitalize(s) {
+  if (!s) return "";
+  const lower = s.toLowerCase();
+  if (KNOWN_NAMES[lower]) return KNOWN_NAMES[lower];
+  // Strip common prefixes like "npm:" for display
+  const stripped = s.replace(/^[a-z]+:/, "");
+  return stripped.charAt(0).toUpperCase() + stripped.slice(1);
+}
+
+export function composePlainEnglish({ type, action, result, context, diagnosis }) {
+  const ctx = typeof context === "string" ? JSON.parse(context) : (context || {});
+  const template = TEMPLATES[type]?.[result];
+  if (template) return template(ctx, diagnosis);
+
+  // Fallback for unknown types
+  if (result === "resolved") return `Fixed: ${type.replace(/_/g, " ")}. Action: ${action?.replace(/_/g, " ") || "auto"}.`;
+  if (result === "unresolved") return `I couldn't fix: ${type.replace(/_/g, " ")}. ${diagnosis || "Manual check needed."}`;
+  if (result === "held") return `Awaiting approval: ${type.replace(/_/g, " ")}. Reply /approve <id>.`;
+  return `[${type}] ${action} → ${result}`;
+}