nemoris 0.1.0

package/src/runtime/session-compactor.js

@@ -0,0 +1,182 @@
+import { ProviderRegistry } from "../providers/registry.js";
+
+const DEFAULT_MAX_TURNS = 8;
+const DEFAULT_KEEP_RECENT_TURNS = 4;
+const DEFAULT_COMPACTION_MODEL = "ollama/qwen3:8b";
+
+const SUMMARISE_PROMPT =
+  "Summarise the key facts, decisions, and context from this conversation history in 3-5 sentences. " +
+  "Preserve any specific values, filenames, decisions, or action items mentioned.";
+
+const CONDENSE_PROMPT =
+  "Condense these conversation summaries into a single high-level summary. " +
+  "Focus on long-term goals and key outcomes.";
+
+/**
+ * Compact a turns array by summarising old turns into a single context message.
+ *
+ * @param {Array} turns - Array of {role, content, timestamp} objects
+ * @param {object} options
+ * @param {number} [options.maxTurns=8] - Trigger compaction when turns.length >= maxTurns
+ * @param {number} [options.keepRecentTurns=4] - Always keep the last N turns verbatim
+ * @param {string} [options.compactionModel] - Model to use for summarisation
+ * @param {object} [options.registry] - ProviderRegistry instance (for testing)
+ * @param {object} [options.ledger] - ContextLedger instance
+ * @param {string} [options.sessionId] - Session ID
+ * @param {number} [options.condensedFanout=4] - Number of depth-0 summaries before depth-1 condensation
+ * @returns {{ compacted: boolean, turns: Array, summary?: string }}
+ */
+export async function compactSessionContext(turns, options = {}) {
+  const maxTurns = options.maxTurns ?? DEFAULT_MAX_TURNS;
+  const keepRecentTurns = options.keepRecentTurns ?? DEFAULT_KEEP_RECENT_TURNS;
+  const compactionModel = options.compactionModel ?? DEFAULT_COMPACTION_MODEL;
+  const condensedFanout = options.condensedFanout ?? 4;
+  const ledger = options.ledger;
+  const sessionId = options.sessionId;
+
+  if (!Array.isArray(turns) || turns.length < maxTurns) {
+    return { compacted: false, turns };
+  }
+
+  const oldTurns = turns.slice(0, turns.length - keepRecentTurns);
+  const recentTurns = turns.slice(-keepRecentTurns);
+
+  try {
+    const registry = options.registry ?? new ProviderRegistry();
+    const adapter = getAdapter(registry, compactionModel);
+    const modelName = getModelName(compactionModel);
+
+    const historyText = JSON.stringify(oldTurns, null, 2);
+    const payload = {
+      model: modelName,
+      system: SUMMARISE_PROMPT,
+      messages: [{ role: "user", content: historyText }],
+    };
+
+    let summary;
+    try {
+      const raw = await adapter.invoke(payload);
+      const normalized = adapter.normalizeResponse(raw);
+      summary = normalized.output || normalized.summary || "";
+      
+      if (!summary || summary.length > 2000) {
+        throw new Error(summary.length > 2000 ? "Summary too long" : "Empty summary");
+      }
+    } catch (err) {
+      summary = level3Fallback(oldTurns, sessionId);
+    }
+
+    // DAG integration
+    if (ledger && sessionId) {
+      try {
+        ledger.saveContextSummary({
+          session_id: sessionId,
+          depth: 0,
+          source_event_ids: "[]", // We don't have individual event IDs here
+          summary_text: summary,
+          token_count: 0,
+        });
+
+        const depth0s = ledger.getContextSummaries({ session_id: sessionId, depth: 0 });
+        if (depth0s.length >= condensedFanout) {
+          await runDepth1Condensation(ledger, sessionId, depth0s, { adapter, modelName, condensedFanout });
+        }
+      } catch (dagErr) {
+        console.error(JSON.stringify({ service: "session_compactor", event: "dag_error", error: dagErr.message }));
+      }
+    }
+
+    return {
+      compacted: true,
+      turns: [
+        {
+          role: "assistant",
+          content: `[Context summary] ${summary}`,
+          timestamp: new Date().toISOString(),
+          compacted: true,
+        },
+        ...recentTurns,
+      ],
+      summary,
+    };
+  } catch (err) {
+    console.error(
+      JSON.stringify({ service: "session_compactor", error: err.message })
+    );
+    return { compacted: false, turns };
+  }
+}
+
+function getAdapter(registry, compactionModel) {
+  const [providerPrefix] = compactionModel.split("/");
+  let providerConfig;
+  if (providerPrefix === "ollama") {
+    providerConfig = {
+      id: "ollama",
+      baseUrl: process.env.OLLAMA_BASE_URL || "http://localhost:11434",
+    };
+  } else if (providerPrefix === "openrouter") {
+    providerConfig = {
+      id: "openrouter",
+      adapter: "openrouter",
+      baseUrl: "https://openrouter.ai/api/v1",
+      authRef: "env:OPENROUTER_API_KEY",
+    };
+  } else {
+    providerConfig = {
+      id: providerPrefix,
+      adapter: providerPrefix,
+      baseUrl: process.env.ANTHROPIC_BASE_URL || "https://api.anthropic.com",
+      authRef: "env:ANTHROPIC_API_KEY",
+    };
+  }
+  return registry.create(providerConfig);
+}
+
+function getModelName(compactionModel) {
+  const [, ...rest] = compactionModel.split("/");
+  return rest.join("/") || compactionModel;
+}
+
+function level3Fallback(oldTurns, sessionId) {
+  const raw = JSON.stringify(oldTurns);
+  const truncated = raw.slice(0, 1500);
+  const summary = `${truncated} [compacted — full history in context_events]`;
+  console.warn(`[session-compactor] Level 3 fallback triggered for session ${sessionId || "unknown"}`);
+  return summary;
+}
+
+async function runDepth1Condensation(ledger, sessionId, depth0s, { adapter, modelName }) {
+  const combinedText = depth0s.map(s => s.summary_text).join("\n---\n");
+  
+  let condensed;
+  try {
+    const payload = {
+      model: modelName,
+      system: CONDENSE_PROMPT,
+      messages: [{ role: "user", content: combinedText }],
+    };
+    const raw = await adapter.invoke(payload);
+    const normalized = adapter.normalizeResponse(raw);
+    condensed = normalized.output || normalized.summary || "";
+    
+    if (!condensed || condensed.length > 2000) {
+      throw new Error("Depth-1 summary failed or too long");
+    }
+  } catch (err) {
+    // Depth-1 fallback: concatenate first 500 chars of each depth-0 summary
+    condensed = depth0s.map(s => s.summary_text.slice(0, 500)).join("\n---\n");
+    console.warn(`[session-compactor] Level 3 fallback triggered for depth-1 session ${sessionId}`);
+  }
+
+  ledger.saveContextSummary({
+    session_id: sessionId,
+    depth: 1,
+    source_event_ids: JSON.stringify(depth0s.map(s => s.id)),
+    summary_text: condensed,
+    token_count: 0,
+  });
+
+  // Delete source depth-0 summaries
+  ledger.deleteContextSummaries({ session_id: sessionId, depth: 0 });
+}

package/src/runtime/session-search.js

@@ -0,0 +1,155 @@
+/**
+ * FTS5-powered session search over conversation history.
+ * Searches context_events (messages) and context_summaries (compacted history).
+ */
+
+/**
+ * Normalize a user query into FTS5 MATCH syntax.
+ * "did we discuss auth last week" → "\"did\" OR \"we\" OR \"discuss\" OR \"auth\" OR \"last\" OR \"week\""
+ */
+function normalizeQuery(query) {
+  return String(query || "")
+    .split(/[^a-z0-9]+/i)
+    .map(t => t.trim())
+    .filter(t => t.length > 1)
+    .map(t => `"${t.replace(/"/g, "")}"`)
+    .join(" OR ");
+}
+
+/**
+ * Extract text content from a context_event payload_json.
+ */
+function extractContent(payloadJson) {
+  try {
+    const p = typeof payloadJson === "string" ? JSON.parse(payloadJson) : payloadJson;
+    // message_in/message_out typically have { content: "..." } or { text: "..." } or is a plain string
+    if (typeof p === "string") return p;
+    return p.content || p.text || p.message || p.summary || JSON.stringify(p);
+  } catch {
+    return String(payloadJson || "");
+  }
+}
+
+export class SessionSearch {
+  constructor(contextLedger) {
+    this.ledger = contextLedger;
+    this.db = contextLedger.db;
+  }
+
+  /**
+   * Ensure FTS5 tables exist. Called once after ledger.open().
+   */
+  ensureSchema() {
+    this.db.exec(`
+      CREATE VIRTUAL TABLE IF NOT EXISTS context_events_fts USING fts5(
+        event_id UNINDEXED, session_id UNINDEXED, kind UNINDEXED, ts UNINDEXED, content
+      );
+    `);
+    this.db.exec(`
+      CREATE VIRTUAL TABLE IF NOT EXISTS context_summaries_fts USING fts5(
+        summary_id UNINDEXED, session_id UNINDEXED, summary_text
+      );
+    `);
+  }
+
+  /**
+   * Index a single context event into FTS5. Call this after appendEvent().
+   */
+  indexEvent(event) {
+    // Only index message events — tool_call/tool_result/state_patch are noisy
+    if (event.kind !== "message_in" && event.kind !== "message_out") return;
+    const content = extractContent(event.payload_json);
+    if (!content || content.length < 5) return;
+    this.db.prepare(
+      "INSERT INTO context_events_fts (event_id, session_id, kind, ts, content) VALUES (?, ?, ?, ?, ?)"
+    ).run(event.id, event.session_id, event.kind, String(event.ts), content);
+  }
+
+  /**
+   * Index a single context summary into FTS5. Call after creating a summary.
+   */
+  indexSummary(summary) {
+    this.db.prepare(
+      "INSERT INTO context_summaries_fts (summary_id, session_id, summary_text) VALUES (?, ?, ?)"
+    ).run(String(summary.id), summary.session_id, summary.summary_text);
+  }
+
+  /**
+   * Rebuild the FTS index from scratch (for existing data).
+   */
+  rebuildIndex() {
+    // Clear existing
+    this.db.exec("DELETE FROM context_events_fts");
+    this.db.exec("DELETE FROM context_summaries_fts");
+
+    // Re-index all message events
+    const events = this.db.prepare(
+      "SELECT id, session_id, kind, ts, payload_json FROM context_events WHERE kind IN ('message_in', 'message_out')"
+    ).all();
+    const insertEvent = this.db.prepare(
+      "INSERT INTO context_events_fts (event_id, session_id, kind, ts, content) VALUES (?, ?, ?, ?, ?)"
+    );
+    for (const e of events) {
+      const content = extractContent(e.payload_json);
+      if (content && content.length >= 5) {
+        insertEvent.run(e.id, e.session_id, e.kind, String(e.ts), content);
+      }
+    }
+
+    // Re-index all summaries
+    const summaries = this.db.prepare(
+      "SELECT id, session_id, summary_text FROM context_summaries"
+    ).all();
+    const insertSummary = this.db.prepare(
+      "INSERT INTO context_summaries_fts (summary_id, session_id, summary_text) VALUES (?, ?, ?)"
+    );
+    for (const s of summaries) {
+      insertSummary.run(String(s.id), s.session_id, s.summary_text);
+    }
+  }
+
+  /**
+   * Search across events and summaries. Returns ranked results.
+   * @param {string} query User's search query
+   * @param {{ sessionId?: string, limit?: number }} opts
+   * @returns {{ events: Array, summaries: Array }}
+   */
+  search(query, { sessionId, limit = 10 } = {}) {
+    const match = normalizeQuery(query);
+    if (!match) return { events: [], summaries: [] };
+
+    const sessionFilter = sessionId ? "AND session_id = ?" : "";
+    const params = sessionId ? [match, sessionId, limit] : [match, limit];
+
+    let events = [];
+    try {
+      events = this.db.prepare(`
+        SELECT event_id, session_id, kind, ts, snippet(context_events_fts, 4, '»', '«', '...', 32) as snippet,
+               rank
+        FROM context_events_fts
+        WHERE context_events_fts MATCH ?
+        ${sessionFilter}
+        ORDER BY rank
+        LIMIT ?
+      `).all(...params);
+    } catch { /* FTS5 match can throw on malformed queries */ }
+
+    let summaries = [];
+    try {
+      summaries = this.db.prepare(`
+        SELECT summary_id, session_id, snippet(context_summaries_fts, 2, '»', '«', '...', 32) as snippet,
+               rank
+        FROM context_summaries_fts
+        WHERE context_summaries_fts MATCH ?
+        ${sessionFilter}
+        ORDER BY rank
+        LIMIT ?
+      `).all(...params);
+    } catch { /* FTS5 match can throw on malformed queries */ }
+
+    return { events, summaries };
+  }
+}
+
+// Export extractContent and normalizeQuery for testing
+export { extractContent, normalizeQuery };

package/src/runtime/slack-inbound.js

@@ -0,0 +1,249 @@
+import crypto from "node:crypto";
+
+/**
+ * Slack Inbound Handler — validates signatures, deduplicates, and enqueues
+ * incoming Slack events and slash commands as interactive jobs.
+ */
+
+const MAX_TURNS = 10;
+
+export class SlackInboundHandler {
+  constructor({ stateStore, slackConfig, availablePeers = [], agentHealthCheck = null, logger = console }) {
+    this.store = stateStore;
+    this.config = slackConfig;
+    this.availablePeers = availablePeers;
+    this.agentHealthCheck = agentHealthCheck;
+    this.logger = logger;
+
+    this.botToken = this.config.botToken;
+    this.signingSecret = this.config.signingSecret;
+
+    // Rate limiter: Map<userId, { count, windowStart }>
+    this._rateLimitMax = Number(process.env.NEMORIS_RATE_LIMIT_MAX ?? 10);
+    this._rateLimitWindowMs = Number(process.env.NEMORIS_RATE_LIMIT_WINDOW_MS ?? 60_000);
+    this._rateBuckets = new Map();
+  }
+
+  _checkRateLimit(userId) {
+    const now = Date.now();
+    const bucket = this._rateBuckets.get(userId);
+    if (!bucket || now - bucket.windowStart >= this._rateLimitWindowMs) {
+      this._rateBuckets.set(userId, { count: 1, windowStart: now });
+      return true;
+    }
+    if (bucket.count >= this._rateLimitMax) {
+      return false;
+    }
+    bucket.count += 1;
+    return true;
+  }
+
+  /**
+   * Verify Slack request signature using HMAC-SHA256.
+   * Signature base string: v0:<timestamp>:<body>
+   */
+  verifySignature(headers, rawBody) {
+    const timestamp = headers["x-slack-request-timestamp"];
+    const signature = headers["x-slack-signature"];
+
+    if (!timestamp || !signature || !this.signingSecret) {
+      return false;
+    }
+
+    // Protect against replay attacks (5 minute window)
+    const now = Math.floor(Date.now() / 1000);
+    if (Math.abs(now - Number(timestamp)) > 300) {
+      return false;
+    }
+
+    const baseString = `v0:${timestamp}:${rawBody}`;
+    const hmac = crypto.createHmac("sha256", this.signingSecret);
+    const mySignature = "v0=" + hmac.update(baseString).digest("hex");
+
+    try {
+      return crypto.timingSafeEqual(Buffer.from(mySignature), Buffer.from(signature));
+    } catch {
+      return false;
+    }
+  }
+
+  /**
+   * Process inbound Slack event payload.
+   */
+  handleEvent(payload) {
+    if (payload.type === "url_verification") {
+      return { action: "challenge", challenge: payload.challenge };
+    }
+
+    const event = payload.event;
+    if (!event) {
+      return { action: "ignored", reason: "no_event" };
+    }
+
+    // Ignore bot messages
+    if (event.bot_id || event.subtype === "bot_message") {
+      return { action: "ignored", reason: "bot_message" };
+    }
+
+    if (!event.text || !event.channel || !event.user) {
+      return { action: "ignored", reason: "incomplete_event" };
+    }
+
+    const { channel, user, text, ts, team } = event;
+    const teamId = team || event.team_id;
+    const sessionKey = `slack:${teamId}:${channel}`;
+    const jobId = `slack-${channel}-${ts}`;
+
+    // Deduplicate by ts
+    if (this.store.interactiveJobExists(jobId)) {
+      return { action: "deduplicated", jobId };
+    }
+
+    // Look up or create session
+    let session = this.store.getChatSession(sessionKey);
+
+    // Auto-bind (Slack doesn't have a simple operatorChatId check in instructions, 
+    // but mirroring Telegram pattern for consistency)
+    if (!session) {
+      // For Slack MVP, we might want to auto-bind if enabled or authorized.
+      // Instructions say "mirroring Telegram pattern exactly".
+      // Telegram has _isAuthorized(chatId). 
+      // Slack config doesn't have authorized ids in instructions, 
+      // but let's assume we allow if authorized or it's the operator.
+      if (this._isAuthorized(user)) {
+        this.store.bindChatSession({
+          chatId: sessionKey,
+          agentId: this.config.defaultAgent || "nemo",
+          boundBy: "default",
+        });
+        session = this.store.getChatSession(sessionKey);
+      }
+    }
+
+    if (!session) {
+      this.logger.warn(`[slack-inbound] Unauthorized user: ${user} in channel: ${channel}`);
+      return { action: "rejected", reason: "unauthorized" };
+    }
+
+    const agentId = session.agent_id;
+
+    // Check agent availability
+    if (this.agentHealthCheck) {
+      const health = this.agentHealthCheck(agentId);
+      if (!health.available) {
+        return {
+          action: "agent_unavailable",
+          agentId,
+          reason: health.reason,
+          reply: `Agent ${agentId} is no longer available.`,
+        };
+      }
+    }
+
+    // Rate limit check
+    if (!this._checkRateLimit(user)) {
+      this.logger.warn(`[slack-inbound] Rate limit exceeded for user: ${user}`);
+      return {
+        action: "rate_limited",
+        userId: user,
+        reply: "Slow down — max 10 messages per minute.",
+      };
+    }
+
+    // Enqueue job
+    this.store.enqueueInteractiveJob({
+      jobId, 
+      agentId, 
+      input: text, 
+      source: "slack", 
+      chatId: sessionKey,
+    });
+
+    return { action: "enqueued", jobId, agentId, chatId: sessionKey };
+  }
+
+  /**
+   * Process slash commands.
+   */
+  handleSlashCommand(payload) {
+    const { command, text, channel_id, user_id, team_id } = payload;
+    const sessionKey = `slack:${team_id}:${channel_id}`;
+    
+    // Commands require an existing session
+    const session = this.store.getChatSession(sessionKey);
+    if (!session) {
+      return "Unauthorized. Start a conversation first.";
+    }
+
+    const cmd = command.toLowerCase();
+    const parts = text ? text.trim().split(/\s+/) : [];
+
+    switch (cmd) {
+      case "/status": {
+        return `Agent: ${session.agent_id}\nBound by: ${session.bound_by}\nSlack inbound: ACTIVE`;
+      }
+      case "/agents": {
+        const list = this.availablePeers.length > 0 ? this.availablePeers.join(", ") : "No agents configured";
+        return `Available agents: ${list}`;
+      }
+      case "/who": {
+        return `Current agent: ${session.agent_id}`;
+      }
+      case "/switch": {
+        const targetAgent = parts[0];
+        if (!targetAgent) return "Usage: /switch <agent-name>";
+        if (!this.availablePeers.includes(targetAgent)) {
+          return `Unknown agent "${targetAgent}". Use /agents to see available agents.`;
+        }
+        this.store.bindChatSession({ chatId: sessionKey, agentId: targetAgent, boundBy: "user" });
+        return `Switched to ${targetAgent}.`;
+      }
+      case "/help": {
+        return [
+          "/status — Show agent and session status",
+          "/agents — List available agents",
+          "/who — Show current agent",
+          "/switch <agent> — Switch active agent",
+          "/help — Show this message",
+        ].join("\n");
+      }
+      default:
+        return `Unknown command: ${command}`;
+    }
+  }
+
+  /**
+   * POST to Slack chat.postMessage API.
+   */
+  async postMessage(channel, text) {
+    if (!this.botToken) {
+      this.logger.error("[slack-inbound] Missing botToken for postMessage");
+      return { ok: false, error: "missing_token" };
+    }
+
+    try {
+      const res = await fetch("https://slack.com/api/chat.postMessage", {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          "Authorization": `Bearer ${this.botToken}`,
+        },
+        body: JSON.stringify({ channel, text }),
+      });
+      const body = await res.json();
+      if (!body.ok) {
+        this.logger.error(`[slack-inbound] chat.postMessage failed: ${body.error}`);
+      }
+      return body;
+    } catch (error) {
+      this.logger.error(`[slack-inbound] postMessage error: ${error.message}`);
+      return { ok: false, error: error.message };
+    }
+  }
+
+  _isAuthorized(_user) {
+    // Instructions don't specify authorization rules for Slack beyond "mirroring Telegram".
+    // For MVP, we'll allow all if not explicitly restricted.
+    return true; 
+  }
+}

package/src/runtime/ssrf.js

@@ -0,0 +1,102 @@
+import { annotateError } from "./network.js";
+import {
+  inspectOutboundUrl as inspectSharedOutboundUrl,
+} from "../security/ssrf-check.js";
+export { isBlockedIpAddress } from "../security/ssrf-check.js";
+
+const REDIRECT_STATUSES = new Set([301, 302, 303, 307, 308]);
+
+export async function inspectOutboundUrl(rawUrl, {
+  allowedProtocols = ["http:", "https:"],
+  invalidUrlMessage = "Invalid URL.",
+  invalidProtocolMessage = "Only http:// and https:// URLs are allowed.",
+  privateAddressMessage = "Target resolves to a private/reserved IP address.",
+  loopbackOnlyMessage = "Target must resolve to a loopback address.",
+  addressPolicy,
+  allowLoopbackAddresses = false,
+  lookupImpl,
+} = {}) {
+  return inspectSharedOutboundUrl(rawUrl, {
+    lookupImpl,
+    allowedProtocols,
+    invalidUrlMessage,
+    invalidProtocolMessage,
+    privateAddressMessage,
+    loopbackOnlyMessage,
+    addressPolicy,
+    allowLoopbackAddresses,
+  });
+}
+
+export async function assertSafeOutboundUrl(rawUrl, options = {}) {
+  const result = await inspectOutboundUrl(rawUrl, options);
+  if (!result.ok) {
+    throw annotateError(new Error(result.reason), { surface: options.surface || "runtime" });
+  }
+  return result.parsedUrl;
+}
+
+function normalizeRedirectOptions(options = {}) {
+  return {
+    ...options,
+    redirect: "manual",
+  };
+}
+
+function rewriteRedirectOptions(options, status) {
+  const nextOptions = { ...options };
+  const method = String(nextOptions.method || "GET").toUpperCase();
+  if (status === 303 || ((status === 301 || status === 302) && method === "POST")) {
+    nextOptions.method = "GET";
+    delete nextOptions.body;
+  }
+  return nextOptions;
+}
+
+export async function fetchWithOutboundPolicy(rawUrl, options = {}, {
+  fetchImpl = globalThis.fetch,
+  maxRedirects = 5,
+  surface = "runtime",
+  invalidUrlMessage,
+  invalidProtocolMessage,
+  privateAddressMessage,
+  loopbackOnlyMessage,
+  addressPolicy,
+  allowLoopbackAddresses = false,
+  lookupImpl,
+} = {}) {
+  let currentUrl = rawUrl;
+  let currentOptions = normalizeRedirectOptions(options);
+
+  for (let redirectCount = 0; redirectCount <= maxRedirects; redirectCount++) {
+    const parsedUrl = await assertSafeOutboundUrl(currentUrl, {
+      lookupImpl,
+      surface,
+      invalidUrlMessage,
+      invalidProtocolMessage,
+      privateAddressMessage,
+      loopbackOnlyMessage,
+      addressPolicy,
+      allowLoopbackAddresses,
+    });
+
+    const response = await fetchImpl(parsedUrl.toString(), currentOptions);
+    if (!REDIRECT_STATUSES.has(response.status)) {
+      return response;
+    }
+
+    const location = response.headers?.get?.("location");
+    if (!location) {
+      return response;
+    }
+
+    if (redirectCount >= maxRedirects) {
+      throw annotateError(new Error(`Too many redirects for ${parsedUrl.toString()}`), { surface });
+    }
+
+    currentUrl = new URL(location, parsedUrl).toString();
+    currentOptions = normalizeRedirectOptions(rewriteRedirectOptions(currentOptions, response.status));
+  }
+
+  throw annotateError(new Error("Too many redirects."), { surface });
+}