nemoris 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (248) hide show
  1. package/.env.example +49 -49
  2. package/LICENSE +21 -21
  3. package/README.md +209 -209
  4. package/SECURITY.md +59 -119
  5. package/bin/nemoris +46 -46
  6. package/config/agents/agent.toml.example +28 -28
  7. package/config/agents/content.toml +23 -0
  8. package/config/agents/default.toml +22 -22
  9. package/config/agents/heartbeat.toml +35 -0
  10. package/config/agents/iris.toml +23 -0
  11. package/config/agents/lab.toml +23 -0
  12. package/config/agents/main.toml +45 -0
  13. package/config/agents/nemo.toml +21 -0
  14. package/config/agents/ops.toml +38 -0
  15. package/config/agents/orchestrator.toml +18 -18
  16. package/config/agents/revenue.toml +23 -0
  17. package/config/agents/testyboo.toml +19 -0
  18. package/config/delivery.toml +73 -73
  19. package/config/embeddings.toml +5 -5
  20. package/config/identity/content-purpose.md +11 -0
  21. package/config/identity/content-soul.md +45 -0
  22. package/config/identity/default-purpose.md +1 -1
  23. package/config/identity/default-soul.md +3 -3
  24. package/config/identity/heartbeat-purpose.md +9 -0
  25. package/config/identity/heartbeat-soul.md +16 -0
  26. package/config/identity/iris-purpose.md +17 -0
  27. package/config/identity/iris-soul.md +68 -0
  28. package/config/identity/lab-purpose.md +10 -0
  29. package/config/identity/lab-soul.md +38 -0
  30. package/config/identity/main-purpose.md +17 -0
  31. package/config/identity/main-soul.md +66 -0
  32. package/config/identity/main-user.md +22 -0
  33. package/config/identity/ops-purpose.md +9 -0
  34. package/config/identity/ops-soul.md +16 -0
  35. package/config/identity/orchestrator-purpose.md +1 -1
  36. package/config/identity/orchestrator-soul.md +1 -1
  37. package/config/identity/revenue-purpose.md +9 -0
  38. package/config/identity/revenue-soul.md +41 -0
  39. package/config/identity/testyboo-purpose.md +13 -0
  40. package/config/identity/testyboo-soul.md +20 -0
  41. package/config/improvement-targets.toml +15 -15
  42. package/config/jobs/heartbeat-check.toml +30 -30
  43. package/config/jobs/memory-rollup.toml +46 -46
  44. package/config/jobs/workspace-health.toml +63 -63
  45. package/config/mcp.toml +16 -16
  46. package/config/output-contracts.toml +17 -17
  47. package/config/peers.toml +32 -32
  48. package/config/peers.toml.example +32 -32
  49. package/config/policies/memory-default.toml +10 -10
  50. package/config/policies/memory-heartbeat.toml +5 -5
  51. package/config/policies/memory-ops.toml +10 -10
  52. package/config/policies/tools-heartbeat-minimal.toml +8 -8
  53. package/config/policies/tools-interactive-safe.toml +8 -8
  54. package/config/policies/tools-ops-bounded.toml +8 -8
  55. package/config/policies/tools-orchestrator.toml +7 -7
  56. package/config/providers/anthropic.toml +15 -15
  57. package/config/providers/ollama.toml +5 -5
  58. package/config/providers/openai-codex.toml +9 -9
  59. package/config/providers/openrouter.toml +5 -5
  60. package/config/router.toml +22 -22
  61. package/config/runtime.toml +114 -114
  62. package/config/skills/self-improvement.toml +15 -15
  63. package/config/skills/telegram-onboarding-spec.md +240 -240
  64. package/config/skills/workspace-monitor.toml +15 -15
  65. package/config/task-router.toml +42 -42
  66. package/install.sh +50 -50
  67. package/package.json +91 -90
  68. package/src/auth/auth-profiles.js +169 -169
  69. package/src/auth/openai-codex-oauth.js +285 -285
  70. package/src/battle.js +449 -449
  71. package/src/cli/help.js +265 -265
  72. package/src/cli/output-filter.js +49 -49
  73. package/src/cli/runtime-control.js +704 -704
  74. package/src/cli-main.js +2763 -2763
  75. package/src/cli.js +78 -78
  76. package/src/config/loader.js +332 -332
  77. package/src/config/schema-validator.js +214 -214
  78. package/src/config/toml-lite.js +8 -8
  79. package/src/daemon/action-handlers.js +71 -71
  80. package/src/daemon/healing-tick.js +87 -87
  81. package/src/daemon/health-probes.js +90 -90
  82. package/src/daemon/notifier.js +57 -57
  83. package/src/daemon/nurse.js +218 -218
  84. package/src/daemon/repair-log.js +106 -106
  85. package/src/daemon/rule-staging.js +90 -90
  86. package/src/daemon/rules.js +29 -29
  87. package/src/daemon/telegram-commands.js +54 -54
  88. package/src/daemon/updater.js +85 -85
  89. package/src/jobs/job-runner.js +78 -78
  90. package/src/mcp/consumer.js +129 -129
  91. package/src/memory/active-recall.js +171 -171
  92. package/src/memory/backend-manager.js +97 -97
  93. package/src/memory/backends/file-backend.js +38 -38
  94. package/src/memory/backends/qmd-backend.js +219 -219
  95. package/src/memory/embedding-guards.js +24 -24
  96. package/src/memory/embedding-index.js +118 -118
  97. package/src/memory/embedding-service.js +179 -179
  98. package/src/memory/file-index.js +177 -177
  99. package/src/memory/memory-signature.js +5 -5
  100. package/src/memory/memory-store.js +648 -648
  101. package/src/memory/retrieval-planner.js +66 -66
  102. package/src/memory/scoring.js +145 -145
  103. package/src/memory/simhash.js +78 -78
  104. package/src/memory/sqlite-active-store.js +824 -824
  105. package/src/memory/write-policy.js +36 -36
  106. package/src/onboarding/aliases.js +33 -33
  107. package/src/onboarding/auth/api-key.js +224 -224
  108. package/src/onboarding/auth/ollama-detect.js +42 -42
  109. package/src/onboarding/clack-prompter.js +77 -77
  110. package/src/onboarding/doctor.js +530 -530
  111. package/src/onboarding/lock.js +42 -42
  112. package/src/onboarding/model-catalog.js +344 -344
  113. package/src/onboarding/phases/auth.js +576 -589
  114. package/src/onboarding/phases/build.js +130 -130
  115. package/src/onboarding/phases/choose.js +82 -82
  116. package/src/onboarding/phases/detect.js +98 -98
  117. package/src/onboarding/phases/hatch.js +216 -216
  118. package/src/onboarding/phases/identity.js +79 -79
  119. package/src/onboarding/phases/ollama.js +345 -345
  120. package/src/onboarding/phases/scaffold.js +99 -99
  121. package/src/onboarding/phases/telegram.js +377 -377
  122. package/src/onboarding/phases/validate.js +204 -204
  123. package/src/onboarding/phases/verify.js +206 -206
  124. package/src/onboarding/platform.js +482 -482
  125. package/src/onboarding/status-bar.js +95 -95
  126. package/src/onboarding/templates.js +794 -794
  127. package/src/onboarding/toml-writer.js +38 -38
  128. package/src/onboarding/tui.js +250 -250
  129. package/src/onboarding/uninstall.js +153 -153
  130. package/src/onboarding/wizard.js +516 -499
  131. package/src/providers/anthropic.js +168 -168
  132. package/src/providers/base.js +247 -247
  133. package/src/providers/circuit-breaker.js +136 -136
  134. package/src/providers/ollama.js +163 -163
  135. package/src/providers/openai-codex.js +149 -149
  136. package/src/providers/openrouter.js +136 -136
  137. package/src/providers/registry.js +36 -36
  138. package/src/providers/router.js +16 -16
  139. package/src/runtime/bootstrap-cache.js +47 -47
  140. package/src/runtime/capabilities-prompt.js +25 -25
  141. package/src/runtime/completion-ping.js +99 -99
  142. package/src/runtime/config-validator.js +121 -121
  143. package/src/runtime/context-ledger.js +360 -360
  144. package/src/runtime/cutover-readiness.js +42 -42
  145. package/src/runtime/daemon.js +729 -729
  146. package/src/runtime/delivery-ack.js +195 -195
  147. package/src/runtime/delivery-adapters/local-file.js +41 -41
  148. package/src/runtime/delivery-adapters/openclaw-cli.js +94 -94
  149. package/src/runtime/delivery-adapters/openclaw-peer.js +98 -98
  150. package/src/runtime/delivery-adapters/shadow.js +13 -13
  151. package/src/runtime/delivery-adapters/standalone-http.js +98 -98
  152. package/src/runtime/delivery-adapters/telegram.js +104 -104
  153. package/src/runtime/delivery-adapters/tui.js +128 -128
  154. package/src/runtime/delivery-manager.js +807 -807
  155. package/src/runtime/delivery-store.js +168 -168
  156. package/src/runtime/dependency-health.js +118 -118
  157. package/src/runtime/envelope.js +114 -114
  158. package/src/runtime/evaluation.js +1089 -1089
  159. package/src/runtime/exec-approvals.js +216 -216
  160. package/src/runtime/executor.js +500 -500
  161. package/src/runtime/failure-ping.js +67 -67
  162. package/src/runtime/flows.js +83 -83
  163. package/src/runtime/guards.js +45 -45
  164. package/src/runtime/handoff.js +51 -51
  165. package/src/runtime/identity-cache.js +28 -28
  166. package/src/runtime/improvement-engine.js +109 -109
  167. package/src/runtime/improvement-harness.js +581 -581
  168. package/src/runtime/input-sanitiser.js +72 -72
  169. package/src/runtime/interaction-contract.js +347 -347
  170. package/src/runtime/lane-readiness.js +226 -226
  171. package/src/runtime/migration.js +323 -323
  172. package/src/runtime/model-resolution.js +78 -78
  173. package/src/runtime/network.js +64 -64
  174. package/src/runtime/notification-store.js +97 -97
  175. package/src/runtime/notifier.js +256 -256
  176. package/src/runtime/orchestrator.js +53 -53
  177. package/src/runtime/orphan-reaper.js +41 -41
  178. package/src/runtime/output-contract-schema.js +139 -139
  179. package/src/runtime/output-contract-validator.js +439 -439
  180. package/src/runtime/peer-readiness.js +69 -69
  181. package/src/runtime/peer-registry.js +133 -133
  182. package/src/runtime/pilot-status.js +108 -108
  183. package/src/runtime/prompt-builder.js +261 -261
  184. package/src/runtime/provider-attempt.js +582 -582
  185. package/src/runtime/report-fallback.js +71 -71
  186. package/src/runtime/result-normalizer.js +183 -183
  187. package/src/runtime/retention.js +74 -74
  188. package/src/runtime/review.js +244 -244
  189. package/src/runtime/route-job.js +15 -15
  190. package/src/runtime/run-store.js +38 -38
  191. package/src/runtime/schedule.js +88 -88
  192. package/src/runtime/scheduler-state.js +434 -434
  193. package/src/runtime/scheduler.js +656 -656
  194. package/src/runtime/session-compactor.js +182 -182
  195. package/src/runtime/session-search.js +155 -155
  196. package/src/runtime/slack-inbound.js +249 -249
  197. package/src/runtime/ssrf.js +102 -102
  198. package/src/runtime/status-aggregator.js +330 -330
  199. package/src/runtime/task-contract.js +140 -140
  200. package/src/runtime/task-packet.js +107 -107
  201. package/src/runtime/task-router.js +140 -140
  202. package/src/runtime/telegram-inbound.js +1565 -1565
  203. package/src/runtime/token-counter.js +134 -134
  204. package/src/runtime/token-estimator.js +59 -59
  205. package/src/runtime/tool-loop.js +200 -200
  206. package/src/runtime/transport-server.js +311 -311
  207. package/src/runtime/tui-server.js +411 -411
  208. package/src/runtime/ulid.js +44 -44
  209. package/src/security/ssrf-check.js +197 -197
  210. package/src/setup.js +369 -369
  211. package/src/shadow/bridge.js +303 -303
  212. package/src/skills/loader.js +84 -84
  213. package/src/tools/catalog.json +49 -49
  214. package/src/tools/cli-delegate.js +44 -44
  215. package/src/tools/mcp-client.js +106 -106
  216. package/src/tools/micro/cancel-task.js +6 -6
  217. package/src/tools/micro/complete-task.js +6 -6
  218. package/src/tools/micro/fail-task.js +6 -6
  219. package/src/tools/micro/http-fetch.js +74 -74
  220. package/src/tools/micro/index.js +36 -36
  221. package/src/tools/micro/lcm-recall.js +60 -60
  222. package/src/tools/micro/list-dir.js +17 -17
  223. package/src/tools/micro/list-skills.js +46 -46
  224. package/src/tools/micro/load-skill.js +38 -38
  225. package/src/tools/micro/memory-search.js +45 -45
  226. package/src/tools/micro/read-file.js +11 -11
  227. package/src/tools/micro/session-search.js +54 -54
  228. package/src/tools/micro/shell-exec.js +43 -43
  229. package/src/tools/micro/trigger-job.js +79 -79
  230. package/src/tools/micro/web-search.js +58 -58
  231. package/src/tools/micro/workspace-paths.js +39 -39
  232. package/src/tools/micro/write-file.js +14 -14
  233. package/src/tools/micro/write-memory.js +41 -41
  234. package/src/tools/registry.js +348 -348
  235. package/src/tools/tool-result-contract.js +36 -36
  236. package/src/tui/chat.js +835 -835
  237. package/src/tui/renderer.js +175 -175
  238. package/src/tui/socket-client.js +217 -217
  239. package/src/utils/canonical-json.js +29 -29
  240. package/src/utils/compaction.js +30 -30
  241. package/src/utils/env-loader.js +5 -5
  242. package/src/utils/errors.js +80 -80
  243. package/src/utils/fs.js +101 -101
  244. package/src/utils/ids.js +5 -5
  245. package/src/utils/model-context-limits.js +30 -30
  246. package/src/utils/token-budget.js +74 -74
  247. package/src/utils/usage-cost.js +25 -25
  248. package/src/utils/usage-metrics.js +14 -14
package/src/runtime/input-sanitiser.js CHANGED
@@ -1,72 +1,72 @@
1
- import { formatRuntimeError, RuntimeError } from "../utils/errors.js";
2
-
3
- const INJECTION_PATTERNS = [
4
- { id: "ignore_previous", regex: /ignore\s+(all\s+)?previous\s+instructions/i, label: "ignore previous instructions" },
5
- { id: "you_are_now", regex: /you\s+are\s+now\b/i, label: "identity override (you are now)" },
6
- { id: "system_prompt", regex: /system\s+prompt\s*:/i, label: "system prompt injection" },
7
- { id: "important_start", regex: /^(?:\s*)IMPORTANT\s*:/m, label: "IMPORTANT: at start of output" },
8
- { id: "critical_start", regex: /^(?:\s*)CRITICAL\s*:/m, label: "CRITICAL: at start of output" },
9
- { id: "fake_system_tag", regex: /<\/?system(?:\s[^>]*)?>/, label: "XML <system> boundary tag" },
10
- { id: "fake_assistant_tag", regex: /<\/?assistant(?:\s[^>]*)?>/, label: "XML <assistant> boundary tag" },
11
- { id: "fake_user_tag", regex: /<\/?user(?:\s[^>]*)?>/, label: "XML <user> boundary tag" },
12
- { id: "fake_tool_boundary", regex: /\[TOOL_OUTPUT:(START|END)\]/i, label: "spoofed TOOL_OUTPUT boundary marker" },
13
- { id: "disregard", regex: /disregard\s+(all\s+)?(prior|previous|above)\s+(instructions|context)/i, label: "disregard prior instructions" },
14
- { id: "new_instructions", regex: /new\s+instructions?\s*:/i, label: "new instructions injection" }
15
- ];
16
-
17
- /**
18
- * Wraps an external tool output with clear boundary markers so the LLM
19
- * can distinguish trusted system content from untrusted external data.
20
- */
21
- export function tagUntrustedInput(toolOutput, toolName) {
22
- const text = String(toolOutput ?? "");
23
- const name = String(toolName ?? "unknown");
24
- return `[TOOL_OUTPUT:START tool=${name} trust=external]\n${text}\n[TOOL_OUTPUT:END]`;
25
- }
26
-
27
- /**
28
- * Scans text for common prompt-injection patterns.
29
- * Returns { flagged, patterns, sanitised }.
30
- * The sanitised string is always the original text (we never mutate),
31
- * but the flag + pattern list lets callers decide what to do.
32
- */
33
- export function detectInjectionPatterns(text) {
34
- const input = String(text ?? "");
35
- const matched = [];
36
-
37
- for (const pattern of INJECTION_PATTERNS) {
38
- if (pattern.regex.test(input)) {
39
- matched.push(pattern.label);
40
- }
41
- }
42
-
43
- return {
44
- flagged: matched.length > 0,
45
- patterns: matched,
46
- sanitised: input
47
- };
48
- }
49
-
50
- /**
51
- * Combined entry-point used by the executor: tag + scan in one call.
52
- * Logs a warning to console.warn when injection patterns are detected
53
- * but never blocks execution to avoid false-positive breakage.
54
- */
55
- export function processToolOutput(toolOutput, toolName) {
56
- const detection = detectInjectionPatterns(toolOutput);
57
-
58
- if (detection.flagged) {
59
- const err = new RuntimeError(
60
- `Potential prompt injection detected in output from tool "${toolName}"`,
61
- { category: "security", context: { toolName, patterns: detection.patterns.join("; ") }, recoverable: true }
62
- );
63
- console.warn(formatRuntimeError(err));
64
- }
65
-
66
- const tagged = tagUntrustedInput(detection.sanitised, toolName);
67
-
68
- return {
69
- tagged,
70
- detection
71
- };
72
- }
1
+ import { formatRuntimeError, RuntimeError } from "../utils/errors.js";
2
+
3
+ const INJECTION_PATTERNS = [
4
+ { id: "ignore_previous", regex: /ignore\s+(all\s+)?previous\s+instructions/i, label: "ignore previous instructions" },
5
+ { id: "you_are_now", regex: /you\s+are\s+now\b/i, label: "identity override (you are now)" },
6
+ { id: "system_prompt", regex: /system\s+prompt\s*:/i, label: "system prompt injection" },
7
+ { id: "important_start", regex: /^(?:\s*)IMPORTANT\s*:/m, label: "IMPORTANT: at start of output" },
8
+ { id: "critical_start", regex: /^(?:\s*)CRITICAL\s*:/m, label: "CRITICAL: at start of output" },
9
+ { id: "fake_system_tag", regex: /<\/?system(?:\s[^>]*)?>/, label: "XML <system> boundary tag" },
10
+ { id: "fake_assistant_tag", regex: /<\/?assistant(?:\s[^>]*)?>/, label: "XML <assistant> boundary tag" },
11
+ { id: "fake_user_tag", regex: /<\/?user(?:\s[^>]*)?>/, label: "XML <user> boundary tag" },
12
+ { id: "fake_tool_boundary", regex: /\[TOOL_OUTPUT:(START|END)\]/i, label: "spoofed TOOL_OUTPUT boundary marker" },
13
+ { id: "disregard", regex: /disregard\s+(all\s+)?(prior|previous|above)\s+(instructions|context)/i, label: "disregard prior instructions" },
14
+ { id: "new_instructions", regex: /new\s+instructions?\s*:/i, label: "new instructions injection" }
15
+ ];
16
+
17
+ /**
18
+ * Wraps an external tool output with clear boundary markers so the LLM
19
+ * can distinguish trusted system content from untrusted external data.
20
+ */
21
+ export function tagUntrustedInput(toolOutput, toolName) {
22
+ const text = String(toolOutput ?? "");
23
+ const name = String(toolName ?? "unknown");
24
+ return `[TOOL_OUTPUT:START tool=${name} trust=external]\n${text}\n[TOOL_OUTPUT:END]`;
25
+ }
26
+
27
+ /**
28
+ * Scans text for common prompt-injection patterns.
29
+ * Returns { flagged, patterns, sanitised }.
30
+ * The sanitised string is always the original text (we never mutate),
31
+ * but the flag + pattern list lets callers decide what to do.
32
+ */
33
+ export function detectInjectionPatterns(text) {
34
+ const input = String(text ?? "");
35
+ const matched = [];
36
+
37
+ for (const pattern of INJECTION_PATTERNS) {
38
+ if (pattern.regex.test(input)) {
39
+ matched.push(pattern.label);
40
+ }
41
+ }
42
+
43
+ return {
44
+ flagged: matched.length > 0,
45
+ patterns: matched,
46
+ sanitised: input
47
+ };
48
+ }
49
+
50
+ /**
51
+ * Combined entry-point used by the executor: tag + scan in one call.
52
+ * Logs a warning to console.warn when injection patterns are detected
53
+ * but never blocks execution to avoid false-positive breakage.
54
+ */
55
+ export function processToolOutput(toolOutput, toolName) {
56
+ const detection = detectInjectionPatterns(toolOutput);
57
+
58
+ if (detection.flagged) {
59
+ const err = new RuntimeError(
60
+ `Potential prompt injection detected in output from tool "${toolName}"`,
61
+ { category: "security", context: { toolName, patterns: detection.patterns.join("; ") }, recoverable: true }
62
+ );
63
+ console.warn(formatRuntimeError(err));
64
+ }
65
+
66
+ const tagged = tagUntrustedInput(detection.sanitised, toolName);
67
+
68
+ return {
69
+ tagged,
70
+ detection
71
+ };
72
+ }