nemoris 0.1.0

package/src/daemon/healing-tick.js

@@ -0,0 +1,87 @@
+import { BUILT_IN_RULES, matchRule, isCoolingDown } from "./rules.js";
+
+export class HealingTick {
+  constructor({ repairLog, ruleStaging, executeAction, notify, queueNurseJob }) {
+    this.repairLog = repairLog;
+    this.ruleStaging = ruleStaging;
+    this.executeAction = executeAction;
+    this.notify = notify || (async () => {});
+    this.queueNurseJob = queueNurseJob || (async () => {});
+    this._running = false;
+    this._failureQueue = [];
+  }
+
+  isRunning() {
+    return this._running;
+  }
+
+  _getAllRules() {
+    const staged = this.ruleStaging.getActiveRules();
+    return [...BUILT_IN_RULES, ...staged];
+  }
+
+  async runTick(failures) {
+    if (this._running) return { skipped: true };
+    this._running = true;
+    try {
+      const results = [];
+      for (const failure of failures) {
+        results.push(await this._processFailure(failure));
+      }
+      return { skipped: false, results };
+    } finally {
+      this._running = false;
+    }
+  }
+
+  async handleFailure(failure) {
+    return this.runTick([failure]);
+  }
+
+  async _processFailure({ type, context }) {
+    const allRules = this._getAllRules();
+    const rule = matchRule(type, context, allRules);
+
+    if (!rule) {
+      this.repairLog.write({
+        source: "daemon", type,
+        context: context ? JSON.stringify(context) : null,
+        action: "escalate", result: "escalated",
+        severity: "critical", escalated: 1
+      });
+      await this.queueNurseJob({ type, context });
+      return;
+    }
+
+    if (isCoolingDown(rule, this.repairLog)) return;
+
+    const success = await this.executeAction(rule.action, context);
+
+    this.repairLog.write({
+      source: "daemon", type,
+      context: context ? JSON.stringify(context) : null,
+      action: rule.action,
+      result: success ? "resolved" : "unresolved",
+      severity: rule.severity
+    });
+
+    if (rule.severity === "notable" || rule.severity === "critical") {
+      await this.notify(rule.severity, `[${type}] Action: ${rule.action}, Result: ${success ? "resolved" : "unresolved"}`);
+    }
+  }
+
+  promoteReadyRules() {
+    const pending = this.ruleStaging.getPendingAutoPromote();
+    for (const rule of pending) {
+      this.ruleStaging.promote(rule.id);
+    }
+    return pending.length;
+  }
+
+  runMaintenanceSweep() {
+    const expiredRules = this.ruleStaging.expirePending();
+    const prunedEntries = this.repairLog.pruneResolved(90);
+    const promoted = this.promoteReadyRules();
+    return { expiredRules, prunedEntries, promoted };
+  }
+}

package/src/daemon/health-probes.js

@@ -0,0 +1,90 @@
+import { inspectOutboundUrl, OUTBOUND_ADDRESS_POLICY } from "../security/ssrf-check.js";
+
+const MEMORY_BLOAT_ROW_THRESHOLD = 10_000;
+const MEMORY_BLOAT_SIZE_THRESHOLD = 500 * 1024 * 1024; // 500MB
+const EMBEDDING_DRIFT_THRESHOLD = 0.10; // 10%
+
+export async function checkProvider(providerId, endpoint, fetchImpl) {
+  try {
+    // Health probes may hit operator-configured provider endpoints, so enforce
+    // the same outbound SSRF policy as live provider traffic.
+    const inspection = await inspectOutboundUrl(endpoint, {
+      addressPolicy: providerId === "ollama" ? OUTBOUND_ADDRESS_POLICY.REQUIRE_LOOPBACK : OUTBOUND_ADDRESS_POLICY.BLOCK_PRIVATE,
+      loopbackOnlyMessage: `Ollama base URL must resolve to loopback only; refusing ${endpoint}.`,
+      privateAddressMessage: `Provider request blocked — target resolves to a private/reserved IP address for ${providerId}.`,
+    });
+    if (!inspection.ok) {
+      return { status: "failure", type: "provider_blocked", provider: providerId, error: inspection.reason };
+    }
+    const res = await fetchImpl(endpoint, { method: "HEAD", signal: AbortSignal.timeout(5000) });
+    if (res.ok) return { status: "ok", provider: providerId };
+    if (res.status >= 500) return { status: "failure", type: "provider_5xx", provider: providerId, code: res.status };
+    if (res.status === 429) return { status: "failure", type: "provider_rate_limit", provider: providerId, code: 429 };
+    if (res.status === 401 || res.status === 403) return { status: "failure", type: "provider_auth", provider: providerId, code: res.status };
+    return { status: "failure", type: "provider_client_error", provider: providerId, code: res.status };
+  } catch (err) {
+    return { status: "failure", type: "provider_timeout", provider: providerId, error: err.message };
+  }
+}
+
+export async function checkMcp(serverId, client) {
+  if (!client || !client.isAlive()) {
+    return { status: "failure", type: "mcp_exit", server: serverId };
+  }
+  try {
+    const pong = await Promise.race([
+      client.ping ? client.ping() : Promise.resolve(true),
+      new Promise((_, reject) => setTimeout(() => reject(new Error("timeout")), 2000))
+    ]);
+    return { status: "ok", server: serverId };
+  } catch {
+    return { status: "failure", type: "mcp_timeout", server: serverId };
+  }
+}
+
+export function checkStaleJobs(stateStore) {
+  try {
+    const running = stateStore.db.prepare(
+      "SELECT job_id FROM interactive_jobs WHERE status = 'running' AND created_at < datetime('now', '-5 minutes')"
+    ).all();
+    if (running.length > 0) {
+      return { status: "failure", type: "stale_job", staleCount: running.length, jobIds: running.map(r => r.job_id) };
+    }
+    return { status: "ok" };
+  } catch {
+    return { status: "ok" };
+  }
+}
+
+export function checkDelivery(lastSendResult) {
+  if (!lastSendResult) return { status: "ok" };
+  if (!lastSendResult.ok) {
+    return {
+      status: "failure",
+      type: "delivery_api_fail",
+      error_code: lastSendResult.error_code,
+      description: lastSendResult.description
+    };
+  }
+  if (!lastSendResult.result?.message_id) {
+    return { status: "failure", type: "delivery_silent_drop" };
+  }
+  return { status: "ok", message_id: lastSendResult.result.message_id };
+}
+
+export function checkMemoryHealth(db, stats) {
+  const { sessionRowCount, dbFileSizeBytes, embeddingIndexCount, embeddingSourceCount } = stats;
+
+  if (sessionRowCount > MEMORY_BLOAT_ROW_THRESHOLD || dbFileSizeBytes > MEMORY_BLOAT_SIZE_THRESHOLD) {
+    return { status: "failure", type: "memory_bloat", sessionRowCount, dbFileSizeBytes };
+  }
+
+  if (embeddingSourceCount > 0) {
+    const drift = Math.abs(embeddingIndexCount - embeddingSourceCount) / embeddingSourceCount;
+    if (drift > EMBEDDING_DRIFT_THRESHOLD) {
+      return { status: "failure", type: "embedding_drift", drift: Math.round(drift * 100), embeddingIndexCount, embeddingSourceCount };
+    }
+  }
+
+  return { status: "ok" };
+}

package/src/daemon/notifier.js

@@ -0,0 +1,57 @@
+const TEMPLATES = {
+  mcp_exit: {
+    resolved: (ctx) => `Your ${capitalize(ctx?.server || "service")} connection dropped. I restarted it, you're good.`,
+    unresolved: (ctx, diag) => `I couldn't fix the ${capitalize(ctx?.server || "service")} connection. ${diag ? `Here's what I found: ${diag}` : ""}`,
+  },
+  mcp_timeout: {
+    resolved: (ctx) => `${capitalize(ctx?.server || "Service")} was unresponsive. Restarted it.`,
+    unresolved: (ctx, diag) => `${capitalize(ctx?.server || "Service")} keeps hanging. ${diag || "Manual check needed."}`,
+  },
+  provider_5xx: {
+    resolved: (ctx) => `${capitalize(ctx?.provider || "Provider")} returned an error (${ctx?.code || "5xx"}). Switched to fallback.`,
+  },
+  update_applied: {
+    resolved: (ctx) => `Updated ${ctx?.update_target || "system"} to ${ctx?.to_version || "latest"}.`,
+  },
+  update_held: {
+    held: (ctx) => `${packageName(ctx?.update_target || "Package")} ${ctx?.to_version || ""} available (${ctx?.semver_class || "update"}). Reply /approve <id> to update.`,
+  },
+  update_rollback: {
+    resolved: (ctx) => `Tried updating ${ctx?.update_target || "system"} to ${ctx?.to_version || ""}. Failed smoke test, rolled back safely.`,
+  },
+};
+
+const KNOWN_NAMES = {
+  github: "GitHub",
+  gitlab: "GitLab",
+  openai: "OpenAI",
+  anthropic: "Anthropic",
+  npm: "npm",
+};
+
+// Strip registry prefix (e.g. "npm:express" → "express") without changing casing
+function packageName(s) {
+  if (!s) return "";
+  return s.replace(/^[a-z]+:/, "");
+}
+
+function capitalize(s) {
+  if (!s) return "";
+  const lower = s.toLowerCase();
+  if (KNOWN_NAMES[lower]) return KNOWN_NAMES[lower];
+  // Strip common prefixes like "npm:" for display
+  const stripped = s.replace(/^[a-z]+:/, "");
+  return stripped.charAt(0).toUpperCase() + stripped.slice(1);
+}
+
+export function composePlainEnglish({ type, action, result, context, diagnosis }) {
+  const ctx = typeof context === "string" ? JSON.parse(context) : (context || {});
+  const template = TEMPLATES[type]?.[result];
+  if (template) return template(ctx, diagnosis);
+
+  // Fallback for unknown types
+  if (result === "resolved") return `Fixed: ${type.replace(/_/g, " ")}. Action: ${action?.replace(/_/g, " ") || "auto"}.`;
+  if (result === "unresolved") return `I couldn't fix: ${type.replace(/_/g, " ")}. ${diagnosis || "Manual check needed."}`;
+  if (result === "held") return `Awaiting approval: ${type.replace(/_/g, " ")}. Reply /approve <id>.`;
+  return `[${type}] ${action} → ${result}`;
+}

package/src/daemon/nurse.js

@@ -0,0 +1,218 @@
+const IDENTITY_FIELDS = new Set(["name", "soul", "purpose", "persona"]);
+const MAX_ATTEMPTS = 3;
+const AUTO_PROMOTE_ACTIONS = new Set(["restart", "retry", "retry_backoff", "resend", "cache_clear", "connection_reset", "compact", "reap", "rebuild_index"]);
+
+export class Nurse {
+  constructor({ repairLog, ruleStaging, runLlm, executeAction, notify, isOllamaAvailable }) {
+    this.repairLog = repairLog;
+    this.ruleStaging = ruleStaging;
+    this.runLlm = runLlm;
+    this.executeAction = executeAction;
+    this.notify = notify || (async () => {});
+    this.isOllamaAvailable = isOllamaAvailable || (async () => true);
+    this._ollamaFirstDownAt = null;
+  }
+
+  validateAction({ action, config_field }) {
+    if (action === "edit_config" && config_field && IDENTITY_FIELDS.has(config_field)) {
+      return { allowed: false, reason: "identity_field_protected" };
+    }
+    return { allowed: true };
+  }
+
+  async diagnoseEscalation(escalationId) {
+    // Check if Ollama is available before attempting diagnosis
+    if (!(await this.isOllamaAvailable())) {
+      // Don't claim — leave unclaimed so it's retried when Ollama is back
+      return;
+    }
+
+    const escalation = this.repairLog.getById(escalationId);
+    if (!escalation) return;
+
+    const recentContext = this.repairLog.getRecent(50);
+    const prompt = this._buildDiagnosticPrompt(escalation, recentContext);
+
+    const childId = this.repairLog.write({
+      source: "nurse", type: escalation.type, action: null,
+      result: "escalated", severity: "critical",
+      diagnosis: "Diagnosing...", parent_id: escalationId, attempts: 0
+    });
+
+    for (let attempt = 1; attempt <= MAX_ATTEMPTS; attempt++) {
+      let diagnosis, proposedAction;
+      try {
+        const raw = await this.runLlm(prompt);
+        const parsed = JSON.parse(raw);
+        diagnosis = parsed.diagnosis || "No diagnosis provided";
+        proposedAction = parsed.action || null;
+      } catch {
+        diagnosis = "LLM response unparseable";
+        proposedAction = null;
+      }
+
+      if (proposedAction) {
+        const validation = this.validateAction({ action: proposedAction, config_field: null });
+        if (!validation.allowed) {
+          this.repairLog.update(childId, {
+            action: proposedAction, result: "unresolved", severity: "critical",
+            diagnosis: `Blocked: ${validation.reason}`, attempts: attempt
+          });
+          await this.notify("critical", `Nurse attempted blocked action: ${proposedAction} (${validation.reason})`);
+          return;
+        }
+      }
+
+      const success = proposedAction ? await this.executeAction(proposedAction, escalation.context) : false;
+      const isLast = attempt === MAX_ATTEMPTS;
+
+      this.repairLog.update(childId, {
+        action: proposedAction,
+        result: success ? "resolved" : (isLast ? "unresolved" : "escalated"),
+        severity: success ? "notable" : "critical",
+        diagnosis,
+        attempts: attempt
+      });
+
+      if (success) {
+        await this.notify("notable", `Resolved: ${escalation.type} — ${diagnosis}`);
+        return;
+      }
+
+      if (isLast) {
+        await this.notify("critical", `Unresolved after ${MAX_ATTEMPTS} attempts: ${escalation.type}\nDiagnosis: ${diagnosis}`);
+        return;
+      }
+    }
+  }
+
+  minePatterns() {
+    const nurseEntries = this.repairLog.getRecent(200).filter(e => e.source === "nurse" && e.parent_id);
+    const groups = new Map();
+
+    for (const entry of nurseEntries) {
+      const key = `${entry.type}:${entry.action}`;
+      if (!groups.has(key)) groups.set(key, []);
+      groups.get(key).push(entry);
+    }
+
+    const proposedIds = [];
+    for (const [key, entries] of groups) {
+      if (entries.length < 3) continue;
+      const [type, action] = key.split(":");
+      if (!action || action === "null") continue;
+
+      if (this.ruleStaging.isDuplicate(type, action)) continue;
+
+      const actionClass = AUTO_PROMOTE_ACTIONS.has(action) ? "auto_promote" : "approval_required";
+      const id = this.ruleStaging.propose({
+        match_type: type, action, severity: "notable",
+        action_class: actionClass, cooldown_minutes: 5,
+        evidence: JSON.stringify(entries.map(e => e.id))
+      });
+      proposedIds.push(id);
+    }
+
+    return proposedIds;
+  }
+
+  _getEscalatedTypes() {
+    const escalated = this.repairLog.getRecent(200).filter(e => e.escalated === 1);
+    return [...new Set(escalated.map(e => e.type))];
+  }
+
+  composeDailyDigest() {
+    const since = new Date(Date.now() - 24 * 60 * 60 * 1000).toISOString();
+    const stats = this.repairLog.getDigestSince(since);
+    const heldEntries = this.repairLog.getHeldUpdates();
+    const held = heldEntries.length;
+
+    const counts = {};
+    for (const { severity, count } of stats) counts[severity] = count;
+
+    // Subtract held entries from their severity bucket to avoid double-counting
+    for (const e of heldEntries) {
+      if (e.ts > since && counts[e.severity]) counts[e.severity]--;
+    }
+
+    const notables = counts.notable || 0;
+    const criticals = counts.critical || 0;
+    const silents = counts.silent || 0;
+
+    // Digest fires only when notables > 0 OR criticals > 0 OR held > 0
+    if (notables === 0 && criticals === 0 && held === 0) return null;
+
+    const lines = ["Daily health digest:"];
+    if (silents > 0) lines.push(`  ${silents} routine heal(s) (silent)`);
+    if (notables > 0) lines.push(`  ${notables} notable event(s)`);
+    if (criticals > 0) lines.push(`  ${criticals} critical issue(s)`);
+    if (held > 0) lines.push(`  ${held} held update(s) awaiting /approve`);
+    return lines.join("\n");
+  }
+
+  async checkOllamaDowntime() {
+    const available = await this.isOllamaAvailable();
+    if (available) {
+      this._ollamaFirstDownAt = null;
+      return;
+    }
+    if (!this._ollamaFirstDownAt) {
+      this._ollamaFirstDownAt = new Date();
+      return;
+    }
+    const downMs = Date.now() - this._ollamaFirstDownAt.getTime();
+    if (downMs > 24 * 60 * 60 * 1000) {
+      await this.notify("critical", "I can't reason about failures right now — Ollama is offline.");
+      this._ollamaFirstDownAt = new Date(); // Reset to avoid spamming every tick
+    }
+  }
+
+  async processHeldUpdateExpiry() {
+    const held = this.repairLog.getHeldUpdates();
+    const now = Date.now();
+    for (const entry of held) {
+      const age = now - new Date(entry.ts).getTime();
+      const daysOld = age / (24 * 60 * 60 * 1000);
+      const ctx = entry.context ? JSON.parse(entry.context) : {};
+      // Remind once between day 25 and 30 (check repair_log for existing reminder)
+      const reminderKey = `reminder:${entry.id}`;
+      const alreadyReminded = this.repairLog.getRecentByType(reminderKey, 30).length > 0;
+      if (daysOld >= 25 && daysOld < 30 && !alreadyReminded) {
+        this.repairLog.write({ source: "nurse", type: reminderKey, action: "remind", result: "resolved", severity: "silent" });
+        await this.notify("notable", `Reminder: ${ctx.update_target || "update"} ${ctx.to_version || ""} is still held. Reply /approve ${entry.id} or it expires in ${Math.ceil(30 - daysOld)} days.`);
+      }
+      // Archive at 30 days — write a child row marking it expired
+      if (daysOld >= 30) {
+        this.repairLog.write({
+          source: "nurse", type: entry.type, action: "expire",
+          result: "resolved", severity: "silent",
+          diagnosis: "Held update expired after 30 days",
+          parent_id: entry.id
+        });
+      }
+    }
+  }
+
+  _buildDiagnosticPrompt(escalation, context) {
+    // Enforce 50-entry window
+    const windowedContext = context.slice(0, 50);
+    // Build compact summary (one line per entry)
+    const lines = windowedContext.map(e =>
+      `[${e.ts.slice(0, 16)}] ${e.source}/${e.type} → ${e.action || "?"} → ${e.result}`
+    );
+    // Truncate if total prompt would exceed ~4000 tokens (~16000 chars)
+    let contextBlock = lines.join("\n");
+    if (contextBlock.length > 8000) {
+      contextBlock = lines.slice(0, 25).join("\n") + "\n... (truncated, 25 more entries)";
+    }
+
+    return `You are a system diagnostician for Nemoris. An unknown failure occurred.
+
+Failure: type=${escalation.type}, context=${escalation.context || "none"}
+
+Recent repair history (last ${windowedContext.length} entries):
+${contextBlock}
+
+Respond with JSON only: {"diagnosis": "root cause", "action": "one of: restart, retry, compact, rebuild_index, edit_config, swap_lane"}`;
+  }
+}

package/src/daemon/repair-log.js

@@ -0,0 +1,106 @@
+export class RepairLog {
+  constructor(db) {
+    this.db = db;
+  }
+
+  ensureSchema() {
+    this.db.exec(`
+      CREATE TABLE IF NOT EXISTS repair_log (
+        id            INTEGER PRIMARY KEY AUTOINCREMENT,
+        ts            TEXT    NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ','now')),
+        source        TEXT    NOT NULL,
+        type          TEXT    NOT NULL,
+        context       TEXT,
+        action        TEXT,
+        result        TEXT    NOT NULL,
+        severity      TEXT    NOT NULL,
+        diagnosis     TEXT,
+        config_before TEXT,
+        config_after  TEXT,
+        escalated     INTEGER NOT NULL DEFAULT 0,
+        attempts      INTEGER NOT NULL DEFAULT 1,
+        parent_id     INTEGER REFERENCES repair_log(id)
+      );
+      CREATE INDEX IF NOT EXISTS idx_repair_log_type ON repair_log(type);
+      CREATE INDEX IF NOT EXISTS idx_repair_log_ts ON repair_log(ts);
+      CREATE INDEX IF NOT EXISTS idx_repair_log_result_ts ON repair_log(result, ts);
+      CREATE INDEX IF NOT EXISTS idx_repair_log_escalated ON repair_log(escalated) WHERE escalated = 1;
+      CREATE INDEX IF NOT EXISTS idx_repair_log_parent ON repair_log(parent_id) WHERE parent_id IS NOT NULL;
+    `);
+  }
+
+  write({ source, type, context, action, result, severity, diagnosis, config_before, config_after, escalated, attempts, parent_id }) {
+    const stmt = this.db.prepare(`
+      INSERT INTO repair_log (source, type, context, action, result, severity, diagnosis, config_before, config_after, escalated, attempts, parent_id)
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+    `);
+    const info = stmt.run(
+      source, type, context ?? null, action ?? null, result, severity,
+      diagnosis ?? null, config_before ?? null, config_after ?? null,
+      escalated ?? 0, attempts ?? 1, parent_id ?? null
+    );
+    return Number(info.lastInsertRowid);
+  }
+
+  getById(id) {
+    return this.db.prepare("SELECT * FROM repair_log WHERE id = ?").get(id);
+  }
+
+  update(id, { action, result, severity, diagnosis, attempts, config_before, config_after }) {
+    const sets = [];
+    const params = [];
+    if (action !== undefined) { sets.push("action = ?"); params.push(action); }
+    if (result !== undefined) { sets.push("result = ?"); params.push(result); }
+    if (severity !== undefined) { sets.push("severity = ?"); params.push(severity); }
+    if (diagnosis !== undefined) { sets.push("diagnosis = ?"); params.push(diagnosis); }
+    if (attempts !== undefined) { sets.push("attempts = ?"); params.push(attempts); }
+    if (config_before !== undefined) { sets.push("config_before = ?"); params.push(config_before); }
+    if (config_after !== undefined) { sets.push("config_after = ?"); params.push(config_after); }
+    if (sets.length === 0) return;
+    params.push(id);
+    this.db.prepare(`UPDATE repair_log SET ${sets.join(", ")} WHERE id = ?`).run(...params);
+  }
+
+  getUnclaimedEscalations() {
+    return this.db.prepare(`
+      SELECT rl.* FROM repair_log rl
+      WHERE rl.escalated = 1
+        AND NOT EXISTS (SELECT 1 FROM repair_log child WHERE child.parent_id = rl.id)
+      ORDER BY rl.ts ASC
+    `).all();
+  }
+
+  getLastFiring(type, action) {
+    return this.db.prepare(
+      "SELECT * FROM repair_log WHERE type = ? AND action = ? ORDER BY ts DESC LIMIT 1"
+    ).get(type, action);
+  }
+
+  getRecentByType(type, days = 30) {
+    return this.db.prepare(
+      "SELECT * FROM repair_log WHERE type = ? AND ts > datetime('now', ? || ' days') ORDER BY ts DESC"
+    ).all(type, `-${days}`);
+  }
+
+  getRecent(limit = 50) {
+    return this.db.prepare("SELECT * FROM repair_log ORDER BY ts DESC LIMIT ?").all(limit);
+  }
+
+  getHeldUpdates() {
+    return this.db.prepare("SELECT * FROM repair_log WHERE result = 'held' ORDER BY ts DESC").all();
+  }
+
+  getDigestSince(sinceIso) {
+    return this.db.prepare(`
+      SELECT severity, COUNT(*) as count FROM repair_log
+      WHERE ts > ? GROUP BY severity
+    `).all(sinceIso);
+  }
+
+  pruneResolved(retentionDays = 90) {
+    const result = this.db.prepare(
+      "DELETE FROM repair_log WHERE result = 'resolved' AND ts < datetime('now', ? || ' days')"
+    ).run(`-${retentionDays}`);
+    return result.changes;
+  }
+}

package/src/daemon/rule-staging.js

@@ -0,0 +1,90 @@
+export class RuleStaging {
+  constructor(db) {
+    this.db = db;
+  }
+
+  ensureSchema() {
+    this.db.exec(`
+      CREATE TABLE IF NOT EXISTS rule_staging (
+        id             INTEGER PRIMARY KEY AUTOINCREMENT,
+        ts             TEXT    NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ','now')),
+        proposed_by    TEXT    NOT NULL DEFAULT 'pattern_miner',
+        match_type     TEXT    NOT NULL,
+        match_context  TEXT,
+        action         TEXT    NOT NULL,
+        severity       TEXT    NOT NULL,
+        action_class   TEXT    NOT NULL,
+        cooldown_minutes INTEGER NOT NULL DEFAULT 5,
+        priority       INTEGER NOT NULL DEFAULT 10,
+        evidence       TEXT,
+        status         TEXT    NOT NULL DEFAULT 'pending',
+        promoted_at    TEXT,
+        expires_at     TEXT
+      );
+    `);
+  }
+
+  propose({ match_type, match_context, action, severity, action_class, cooldown_minutes, evidence }) {
+    const stmt = this.db.prepare(`
+      INSERT INTO rule_staging (match_type, match_context, action, severity, action_class, cooldown_minutes, evidence, expires_at)
+      VALUES (?, ?, ?, ?, ?, ?, ?, datetime('now', '+30 days'))
+    `);
+    const info = stmt.run(match_type, match_context ?? null, action, severity, action_class, cooldown_minutes ?? 5, evidence ?? null);
+    return Number(info.lastInsertRowid);
+  }
+
+  getById(id) {
+    return this.db.prepare("SELECT * FROM rule_staging WHERE id = ?").get(id);
+  }
+
+  promote(id) {
+    this.db.prepare(
+      "UPDATE rule_staging SET status = 'promoted', promoted_at = strftime('%Y-%m-%dT%H:%M:%fZ','now') WHERE id = ? AND status = 'pending'"
+    ).run(id);
+  }
+
+  approve(id) {
+    const row = this.getById(id);
+    if (!row || row.status === "expired" || row.status === "rejected") return false;
+    this.db.prepare(
+      "UPDATE rule_staging SET status = 'approved', priority = 20, promoted_at = strftime('%Y-%m-%dT%H:%M:%fZ','now') WHERE id = ?"
+    ).run(id);
+    return true;
+  }
+
+  reject(id) {
+    this.db.prepare("UPDATE rule_staging SET status = 'rejected' WHERE id = ?").run(id);
+  }
+
+  getActiveRules() {
+    return this.db.prepare(
+      "SELECT * FROM rule_staging WHERE status IN ('promoted', 'approved') ORDER BY priority DESC, id DESC"
+    ).all();
+  }
+
+  getPendingAutoPromote() {
+    return this.db.prepare(
+      "SELECT * FROM rule_staging WHERE status = 'pending' AND action_class = 'auto_promote'"
+    ).all();
+  }
+
+  getPendingApprovals() {
+    return this.db.prepare(
+      "SELECT * FROM rule_staging WHERE status = 'pending' AND action_class = 'approval_required'"
+    ).all();
+  }
+
+  expirePending() {
+    const result = this.db.prepare(
+      "UPDATE rule_staging SET status = 'expired' WHERE status = 'pending' AND expires_at < datetime('now')"
+    ).run();
+    return result.changes;
+  }
+
+  isDuplicate(match_type, action) {
+    const row = this.db.prepare(
+      "SELECT 1 FROM rule_staging WHERE match_type = ? AND action = ? LIMIT 1"
+    ).get(match_type, action);
+    return !!row;
+  }
+}

package/src/daemon/rules.js

@@ -0,0 +1,29 @@
+export const BUILT_IN_RULES = [
+  { match_type: "provider_5xx",        action: "circuit_break",    severity: "silent",   cooldown_minutes: 5,  priority: 0 },
+  { match_type: "provider_timeout",    action: "retry_then_break", severity: "silent",   cooldown_minutes: 5,  priority: 0 },
+  { match_type: "mcp_exit",            action: "restart",          severity: "notable",  cooldown_minutes: 2,  priority: 0 },
+  { match_type: "mcp_timeout",         action: "kill_restart",     severity: "notable",  cooldown_minutes: 2,  priority: 0 },
+  { match_type: "memory_bloat",        action: "compact",          severity: "silent",   cooldown_minutes: 60, priority: 0 },
+  { match_type: "embedding_drift",     action: "rebuild_index",    severity: "silent",   cooldown_minutes: 60, priority: 0 },
+  { match_type: "stale_job",           action: "reap",             severity: "silent",   cooldown_minutes: 5,  priority: 0 },
+  { match_type: "delivery_api_fail",   action: "retry_backoff",    severity: "notable",  cooldown_minutes: 1,  priority: 0 },
+  { match_type: "delivery_silent_drop", action: "resend",          severity: "notable",  cooldown_minutes: 1,  priority: 0 },
+];
+
+export function matchRule(failureType, context, rules) {
+  const matches = rules.filter(r => r.match_type === failureType);
+  if (matches.length === 0) return null;
+  matches.sort((a, b) => {
+    if (b.priority !== a.priority) return b.priority - a.priority;
+    return 0;
+  });
+  return matches[0];
+}
+
+export function isCoolingDown(rule, repairLog) {
+  const last = repairLog.getLastFiring(rule.match_type, rule.action);
+  if (!last) return false;
+  const lastTs = new Date(last.ts).getTime();
+  const cooldownMs = (rule.cooldown_minutes ?? 5) * 60 * 1000;
+  return Date.now() - lastTs < cooldownMs;
+}