nemoris 0.1.0

package/src/providers/openrouter.js

@@ -0,0 +1,136 @@
+import { ProviderAdapter } from "./base.js";
+
+export class OpenRouterAdapter extends ProviderAdapter {
+  static providerId = "openrouter";
+
+  getCapabilities() {
+    return {
+      supportsToolDefinitions: true,
+      supportsToolCalls: true,
+      structuredOutputMode: "response_format",
+      supportsReasoningSchema: false,
+      tokenCountingMode: "model_specific",
+      toolReliabilityTier: "medium",
+      supportsVision: true
+    };
+  }
+
+  buildStructuredOutputFormat(input) {
+    if (!input?.responseSchema?.schema) return null;
+    return {
+      type: "json_schema",
+      json_schema: {
+        name: input.responseSchema.name || "nemoris_response",
+        strict: true,
+        schema: input.responseSchema.schema
+      }
+    };
+  }
+
+  buildInvokePayload(input) {
+    const { model: rawModel, system, messages, maxTokens = 2048, tools, responseSchema } = input;
+    // Strip provider prefix (e.g. "openrouter/anthropic/claude-haiku-4-5" → "anthropic/claude-haiku-4-5")
+    const model = rawModel?.startsWith("openrouter/") ? rawModel.slice("openrouter/".length) : rawModel;
+    const normalizedMessages = [];
+    if (system) {
+      normalizedMessages.push({
+        role: "system",
+        content: system
+      });
+    }
+    normalizedMessages.push(...messages);
+
+    const payload = {
+      model,
+      messages: normalizedMessages,
+      max_tokens: maxTokens
+    };
+    if (tools?.length) payload.tools = tools;
+    const responseFormat = this.buildStructuredOutputFormat({ responseSchema });
+    if (responseFormat) payload.response_format = responseFormat;
+    return payload;
+  }
+
+  async invoke(input) {
+    const token = this.ensureAuthToken();
+    return this.postJson(
+      "chat/completions",
+      this.buildInvokePayload(input),
+      {
+        authorization: `Bearer ${token}`,
+        "http-referer": this.config.appUrl || "https://nemoris-v2.local",
+        "x-title": this.config.appName || "Nemoris V2"
+      },
+      {
+        timeoutMs: input.timeoutMs
+      }
+    );
+  }
+
+  normalizeResponse(raw) {
+    const text = raw?.choices?.[0]?.message?.content
+      ? String(raw.choices[0].message.content)
+      : null;
+    const parsedJson = text ? this.parseStructuredJson(text) : null;
+    if (parsedJson) {
+      return {
+        summary: parsedJson.summary || "Provider returned structured JSON output.",
+        output: parsedJson.output || text,
+        nextActions: Array.isArray(parsedJson.nextActions) ? parsedJson.nextActions : [],
+        reasoning: parsedJson.analysis || null,
+        raw
+      };
+    }
+    if (text) {
+      return {
+        summary: text.slice(0, 200) || "Provider responded.",
+        output: text,
+        nextActions: [],
+        reasoning: null,
+        raw
+      };
+    }
+
+    return super.normalizeResponse(raw);
+  }
+
+  async healthCheck() {
+    const token = this.ensureAuthToken();
+    // Health probes honour the same SSRF policy as normal provider traffic.
+    const response = await this.fetchResponse("models", {
+      method: "GET",
+      headers: {
+        authorization: `Bearer ${token}`
+      }
+    });
+    return {
+      ok: response.ok,
+      status: response.status
+    };
+  }
+
+  async listModels() {
+    const token = this.ensureAuthToken();
+    const response = await this.fetchResponse("models", {
+      method: "GET",
+      headers: {
+        authorization: `Bearer ${token}`
+      }
+    });
+    const text = await response.text();
+    let data = null;
+    if (text) {
+      try {
+        data = JSON.parse(text);
+      } catch {
+        data = null;
+      }
+    }
+    if (!response.ok) {
+      throw new Error(`Provider error ${response.status}: ${typeof data === "string" ? data : JSON.stringify(data)}`);
+    }
+    return Array.isArray(data?.data)
+      ? data.data.map((item) => item?.id).filter(Boolean)
+      : [];
+  }
+}

package/src/providers/registry.js

@@ -0,0 +1,36 @@
+import { AnthropicAdapter } from "./anthropic.js";
+import { OpenAICodexAdapter } from "./openai-codex.js";
+import { OpenRouterAdapter } from "./openrouter.js";
+import { OllamaAdapter } from "./ollama.js";
+
+const DEFAULT_ADAPTERS = new Map([
+  [AnthropicAdapter.providerId, AnthropicAdapter],
+  [OpenAICodexAdapter.providerId, OpenAICodexAdapter],
+  [OpenRouterAdapter.providerId, OpenRouterAdapter],
+  [OllamaAdapter.providerId, OllamaAdapter]
+]);
+
+export class ProviderRegistry {
+  constructor({ adapters = DEFAULT_ADAPTERS, fetchImpl, lookupImpl } = {}) {
+    this.adapters = adapters;
+    this.fetchImpl = fetchImpl;
+    this.lookupImpl = lookupImpl;
+  }
+
+  create(providerConfig) {
+    const Adapter = this.adapters.get(providerConfig.id) || this.adapters.get(providerConfig.adapter);
+    if (!Adapter) {
+      throw new Error(`No adapter registered for provider ${providerConfig.id}`);
+    }
+    return new Adapter(providerConfig, { fetchImpl: this.fetchImpl, lookupImpl: this.lookupImpl });
+  }
+
+  describe(providerConfig) {
+    const adapter = this.create(providerConfig);
+    return {
+      id: providerConfig.id,
+      adapter: providerConfig.adapter || providerConfig.id,
+      capabilities: adapter.getCapabilities()
+    };
+  }
+}

package/src/providers/router.js

@@ -0,0 +1,16 @@
+export class ModelRouter {
+  constructor(lanes = {}) {
+    this.lanes = lanes;
+  }
+
+  resolve(laneName, mode = "primary") {
+    const lane = this.lanes[laneName];
+    if (!lane) {
+      throw new Error(`Unknown lane: ${laneName}`);
+    }
+
+    if (mode === "fallback" && lane.fallback) return lane.fallback;
+    if (mode === "manual_bump" && lane.manualBump) return lane.manualBump;
+    return lane.primary;
+  }
+}

package/src/runtime/bootstrap-cache.js

@@ -0,0 +1,47 @@
+import path from "node:path";
+import { ensureDir, readJson, statPath, writeJson } from "../utils/fs.js";
+
+export class IdentityBootstrapCache {
+  constructor({ rootDir }) {
+    this.rootDir = rootDir;
+  }
+
+  async get(agentId, refs, loader) {
+    const cachePath = path.join(this.rootDir, `${agentId}.json`);
+    const currentSources = await this.buildSourceState(refs);
+    const cached = await readJson(cachePath, null);
+
+    if (cached && JSON.stringify(cached.sources) === JSON.stringify(currentSources)) {
+      return cached.identity;
+    }
+
+    const identity = await loader();
+    await ensureDir(this.rootDir);
+    await writeJson(cachePath, {
+      agentId,
+      cachedAt: new Date().toISOString(),
+      sources: currentSources,
+      identity
+    });
+    return identity;
+  }
+
+  async buildSourceState(refs = {}) {
+    const result = {};
+    for (const [key, filePath] of Object.entries(refs)) {
+      if (!filePath) {
+        result[key] = null;
+        continue;
+      }
+      const stats = await statPath(filePath);
+      result[key] = stats
+        ? {
+            path: filePath,
+            mtimeMs: stats.mtimeMs,
+            size: stats.size
+          }
+        : null;
+    }
+    return result;
+  }
+}

package/src/runtime/capabilities-prompt.js

@@ -0,0 +1,25 @@
+export function buildCapabilitiesPrompt(toolSchemas = []) {
+  const toolNames = toolSchemas.map((tool) => tool.name).filter(Boolean);
+  const availableTools = toolNames.length ? toolNames.join(", ") : "none";
+
+  return [
+    `Your available tools are: ${availableTools}.`,
+    "You do NOT have: sessions_send, cross-agent messaging, email sending, or web posting.",
+    "If asked to do something outside your tool set, say so honestly.",
+    "",
+    "## Live Tools",
+    "- `web_search`: Returns real-time search results from Perplexity. These are CURRENT FACTS, not training data. Treat results as authoritative for current events, prices, and dates. Do not caveat with knowledge cutoff disclaimers.",
+    "- `http_fetch`: Fetches live content from URLs. Real-time, not cached training data.",
+    "- `read_file`, `write_file`, `list_dir`: Operate on the real filesystem right now.",
+    "",
+    "## Memory Rules",
+    "- NEVER confirm a memory write unless the `write_memory` tool was actually called and succeeded.",
+    "- If a user asks about a preference you do not know, say: \"I don't know - tell me and I'll remember it for next time.\"",
+    "- Only recall personal facts you retrieved via `memory_search` or `lcm_recall`. Never invent personal facts about the user.",
+    "",
+    "## User vs Agent Identity",
+    "- YOUR name is the one defined in your soul or identity files. You are the agent, not the operator.",
+    "- The OPERATOR or USER name comes from memory or the user_ref identity file. You are NOT the user.",
+    "- When asked \"what's my name?\", answer with the operator's name from memory or user_ref, not your own.",
+  ].join("\n");
+}

package/src/runtime/completion-ping.js

@@ -0,0 +1,99 @@
+/**
+ * Completion ping delivery — notifies humans and/or agents when
+ * dispatched jobs finish.
+ *
+ * Separate from telegram-inbound.js per design constraint.
+ */
+
+const MAX_OUTPUT_LENGTH = 500;
+
+/**
+ * Format a completion ping message for a finished dispatch job.
+ *
+ * @param {object} job - Row from interactive_jobs
+ * @param {string|null} output - Agent output text (null for failures)
+ * @returns {string}
+ */
+export function formatCompletionPing(job, output) {
+  const icon = job.status === "succeeded" ? "\u2705" : "\u274C";
+  const header = `${icon} ${job.agent_id} \u00B7 job_id: ${job.job_id}`;
+
+  if (job.status !== "succeeded" || !output) {
+    return `${header}\nStatus: ${job.status}`;
+  }
+
+  const text = typeof output === "string" ? output : JSON.stringify(output);
+  const truncated = text.length > MAX_OUTPUT_LENGTH
+    ? text.slice(0, MAX_OUTPUT_LENGTH - 3) + "..."
+    : text;
+  return `${header}\n${truncated}`;
+}
+
+/**
+ * Scan for completed dispatch jobs and deliver completion pings.
+ *
+ * @param {import('./scheduler-state.js').SchedulerStateStore} stateStore
+ * @param {{ operatorChatId: string, botTokenEnv: string }} telegramConfig
+ * @param {{ fetchImpl: Function, botToken: string, logger?: object }} options
+ */
+export async function fireCompletionPings(stateStore, telegramConfig, options = {}) {
+  const { fetchImpl = globalThis.fetch, botToken, logger = console } = options;
+
+  const completed = stateStore.getCompletedDispatchJobs();
+  if (completed.length === 0) return;
+
+  for (const job of completed) {
+    const pingMessage = formatCompletionPing(job, job.status === "succeeded" ? job.input : null);
+    let delivered = true;
+
+    // Human delivery path
+    if (job.completion_target === "human" || job.completion_target === "both") {
+      const chatId = telegramConfig.operatorChatId;
+      if (chatId && botToken) {
+        try {
+          const res = await fetchImpl(`https://api.telegram.org/bot${botToken}/sendMessage`, {
+            method: "POST",
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify({ chat_id: chatId, text: pingMessage }),
+          });
+          const body = await res.json();
+          if (!body.ok) {
+            delivered = false;
+            logger.error(JSON.stringify({ service: "completion_ping", jobId: job.job_id, error: body.description || "sendMessage failed" }));
+          }
+        } catch (error) {
+          delivered = false;
+          logger.error(JSON.stringify({ service: "completion_ping", jobId: job.job_id, error: error.message }));
+        }
+      } else {
+        delivered = false;
+      }
+    }
+
+    // Agent delivery path — enqueue synthetic interactive job for the triggering agent
+    if (job.completion_target === "agent" || job.completion_target === "both") {
+      try {
+        stateStore.enqueueInteractiveJob({
+          jobId: `ping-${job.job_id}-${Date.now()}`,
+          agentId: job.triggered_by,
+          input: pingMessage,
+          source: "completion_ping",
+          chatId: "",
+        });
+      } catch (error) {
+        delivered = false;
+        logger.error(JSON.stringify({ service: "completion_ping", jobId: job.job_id, error: error.message }));
+      }
+    }
+
+    if (delivered) {
+      stateStore.markCompletionPinged(job.job_id);
+    } else {
+      stateStore.incrementCompletionPingAttempts(job.job_id);
+      const updated = stateStore.getInteractiveJob(job.job_id);
+      if (updated.completion_pinged_at === "FAILED") {
+        logger.warn(JSON.stringify({ service: "completion_ping", jobId: job.job_id, event: "gave_up", attempts: updated.completion_ping_attempts }));
+      }
+    }
+  }
+}

package/src/runtime/config-validator.js

@@ -0,0 +1,121 @@
+import { statPath } from "../utils/fs.js";
+
+const SECRET_KEY_PATTERN = /(api[-_]?key|token|secret|password)$/i;
+
+function resolveNamedProfile(profiles, profileName) {
+  if (!profileName) return null;
+  return profiles[profileName] || profiles[String(profileName).replace(/_([a-z])/g, (_, letter) => letter.toUpperCase())] || null;
+}
+
+function pushError(errors, code, details) {
+  errors.push({ code, details });
+}
+
+function stringifyValidationErrors(errors) {
+  return errors.map((item) => `${item.code}: ${item.details}`).join("\n");
+}
+
+function validateSecretShape(errors, scopeLabel, object) {
+  if (!object || typeof object !== "object") return;
+  for (const [key, value] of Object.entries(object)) {
+    if (!SECRET_KEY_PATTERN.test(key)) continue;
+    if (typeof value !== "string" || !value) continue;
+    if (key === "authRef" && value.startsWith("env:")) continue;
+    pushError(errors, "unsafe_secret_reference", `${scopeLabel}.${key} must use env-backed auth, not inline secret material`);
+  }
+}
+
+async function validatePathRef(errors, label, filePath) {
+  if (!filePath) return;
+  const stats = await statPath(filePath);
+  if (!stats?.isFile()) {
+    pushError(errors, "missing_file_ref", `${label} -> ${filePath}`);
+  }
+}
+
+export async function validateRuntimeConfig(config) {
+  const errors = [];
+
+  if (!config.providers || Object.keys(config.providers).length === 0) {
+    pushError(errors, "providers_missing", "No providers are configured.");
+  }
+
+  for (const [providerId, provider] of Object.entries(config.providers || {})) {
+    if (!provider.baseUrl) pushError(errors, "provider_base_url_missing", providerId);
+    if (
+      provider.authRef &&
+      !String(provider.authRef).startsWith("env:") &&
+      !String(provider.authRef).startsWith("profile:")
+    ) {
+      pushError(errors, "provider_auth_ref_invalid", `${providerId}.authRef must start with env: or profile:`);
+    }
+    validateSecretShape(errors, `providers.${providerId}`, provider);
+  }
+
+  for (const [laneId, lane] of Object.entries(config.router || {})) {
+    if (!lane.primary) pushError(errors, "lane_primary_missing", laneId);
+  }
+
+  const deliveryProfiles = config.delivery?.profiles || {};
+  const defaultProfiles = [
+    config.delivery?.defaultInteractiveProfile,
+    config.delivery?.defaultInteractiveProfileStandalone,
+    config.delivery?.defaultPeerProfile,
+    config.delivery?.defaultPeerProfileStandalone,
+    config.delivery?.defaultSchedulerProfile
+  ].filter(Boolean);
+  for (const profileName of defaultProfiles) {
+    if (!resolveNamedProfile(deliveryProfiles, profileName)) {
+      pushError(errors, "delivery_profile_missing", `default profile ${profileName}`);
+    }
+  }
+
+  for (const [agentId, agent] of Object.entries(config.agents || {})) {
+    await validatePathRef(errors, `agents.${agentId}.soulRef`, agent.soulRef);
+    await validatePathRef(errors, `agents.${agentId}.purposeRef`, agent.purposeRef);
+    const deliveryProfile = agent.delivery?.profile;
+    if (deliveryProfile && !resolveNamedProfile(deliveryProfiles, deliveryProfile)) {
+      pushError(errors, "delivery_profile_missing", `agents.${agentId}.delivery.profile -> ${deliveryProfile}`);
+    }
+  }
+
+  for (const [jobId, job] of Object.entries(config.jobs || {})) {
+    if (!config.agents?.[job.agentId]) {
+      pushError(errors, "job_agent_missing", `${jobId}.agentId -> ${job.agentId}`);
+    }
+    if (!config.router?.[job.modelLane]) {
+      pushError(errors, "job_lane_missing", `${jobId}.modelLane -> ${job.modelLane}`);
+    }
+    const fallbackLane = job.reportFallback?.lane;
+    if (fallbackLane && !config.router?.[fallbackLane]) {
+      pushError(errors, "job_fallback_lane_missing", `${jobId}.reportFallback.lane -> ${fallbackLane}`);
+    }
+  }
+
+  for (const [peerId, peer] of Object.entries(config.peers?.peers || {})) {
+    if (peer.deliveryProfile && !resolveNamedProfile(deliveryProfiles, peer.deliveryProfile)) {
+      pushError(errors, "peer_delivery_profile_missing", `${peerId}.deliveryProfile -> ${peer.deliveryProfile}`);
+    }
+    if (!Array.isArray(peer.sessionKeys) || peer.sessionKeys.length === 0) {
+      pushError(errors, "peer_session_keys_missing", peerId);
+    }
+  }
+
+  // Split into hard errors (broken config) and soft warnings (expected in fresh/no-provider installs)
+  const softCodes = new Set(["providers_missing", "job_lane_missing", "job_agent_missing"]);
+  const hardErrors = errors.filter((e) => !softCodes.has(e.code));
+  const warnings = errors.filter((e) => softCodes.has(e.code));
+
+  if (hardErrors.length) {
+    const error = new Error(`Runtime config validation failed:\n${stringifyValidationErrors(hardErrors)}`);
+    error.validationErrors = errors; // include all for doctor/diagnostics
+    error.errors = hardErrors;
+    throw error;
+  }
+
+  return {
+    ok: warnings.length === 0,
+    warnings,
+    checkedAt: new Date().toISOString()
+  };
+}