nemoris 0.1.5 → 0.1.6

package/SECURITY.md

@@ -23,7 +23,7 @@ You will receive an acknowledgement within 48 hours. We aim to provide a substan
 
 Nemoris runs locally on your machine. Key security properties:
 
-- **API keys** are stored in `~/.nemoris/.env` with `0600` permissions (owner read/write only)
+- **API keys** are stored in `~/.nemoris-data/.env` with `0600` permissions (owner read/write only)
 - **Keys are never logged** — the runtime redacts secrets from all log output
 - **Exec approval gates** require human confirmation before shell commands execute
 - **SSRF protection** on all URL-intake surfaces

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nemoris",
-  "version": "0.1.5",
+  "version": "0.1.6",
   "type": "module",
   "description": "Personal AI agent runtime — persistent memory, delivery guarantees, task contracts, self-healing. Local-first, no cloud.",
   "license": "MIT",

package/src/auth/auth-profiles.js

@@ -11,16 +11,21 @@ function dedupe(items = []) {
 
 export function resolveInstallDir({ env = process.env, cwd: _cwd = process.cwd() } = {}) {
   if (env.NEMORIS_INSTALL_DIR) {
-    return env.NEMORIS_INSTALL_DIR;
-  }
-  if (_cwd) {
-    const hasPackageJson = fs.existsSync(path.join(_cwd, "package.json"));
-    const hasCliEntry = fs.existsSync(path.join(_cwd, "src", "cli.js"));
-    if (hasPackageJson && hasCliEntry) {
-      return _cwd;
+    const resolved = env.NEMORIS_INSTALL_DIR;
+    if (fs.existsSync(path.join(resolved, "package.json"))) {
+      throw new Error(
+        `NEMORIS_INSTALL_DIR "${resolved}" looks like a source repo.\n` +
+        `Set NEMORIS_INSTALL_DIR to a clean data directory (e.g. ~/.nemoris-data).`
+      );
     }
+    return resolved;
+  }
+  // Dev mode: when CWD is the source repo, use it as install dir
+  if (_cwd && fs.existsSync(path.join(_cwd, "package.json")) &&
+      fs.existsSync(path.join(_cwd, "src", "cli.js"))) {
+    return _cwd;
   }
-  return path.join(os.homedir(), ".nemoris");
+  return path.join(os.homedir(), ".nemoris-data");
 }
 
 export function resolveAuthProfilesPath({ env = process.env, cwd = process.cwd() } = {}) {

package/src/cli-main.js

@@ -53,51 +53,52 @@ import {
 import { resolveAuthProfilesPath, resolveInstallDir } from "./auth/auth-profiles.js";
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
-const projectRoot = path.join(__dirname, "..");
-const stateRoot = path.join(projectRoot, "state", "memory");
-const liveRoot = resolveLiveRoot(projectRoot);
+const projectRoot = path.join(__dirname, ".."); // npm package dir — only for package.json reads
+const installDir = resolveRuntimeInstallDir();   // user data dir — all runtime state lives here
+const stateRoot = path.join(installDir, "state", "memory");
+const liveRoot = resolveLiveRoot(installDir);
 const scheduler = new Scheduler({
-  projectRoot,
+  projectRoot: installDir,
   liveRoot,
-  stateRoot: path.join(projectRoot, "state")
+  stateRoot: path.join(installDir, "state")
 });
 const executor = new Executor({
-  projectRoot,
+  projectRoot: installDir,
   liveRoot,
-  stateRoot: path.join(projectRoot, "state")
+  stateRoot: path.join(installDir, "state")
 });
 const daemon = new SchedulerDaemon({
-  projectRoot,
+  projectRoot: installDir,
   liveRoot,
-  stateRoot: path.join(projectRoot, "state")
+  stateRoot: path.join(installDir, "state")
 });
 const reviewer = new RunReviewer({
-  stateRoot: path.join(projectRoot, "state")
+  stateRoot: path.join(installDir, "state")
 });
 const deliveryManager = new DeliveryManager({
-  projectRoot,
+  projectRoot: installDir,
   liveRoot,
-  stateRoot: path.join(projectRoot, "state")
+  stateRoot: path.join(installDir, "state")
 });
 const evaluator = new Evaluator({
-  projectRoot,
+  projectRoot: installDir,
   liveRoot,
-  stateRoot: path.join(projectRoot, "state")
+  stateRoot: path.join(installDir, "state")
 });
 const improvementHarness = new ImprovementHarness({
-  projectRoot,
-  stateRoot: path.join(projectRoot, "state"),
+  projectRoot: installDir,
+  stateRoot: path.join(installDir, "state"),
   executor,
   evaluator
 });
 const dependencyHealth = new DependencyHealth({
-  projectRoot,
+  projectRoot: installDir,
   liveRoot
 });
 const peerReadinessProbe = new PeerReadinessProbe({ liveRoot });
-const embeddingService = new EmbeddingService({ projectRoot });
+const embeddingService = new EmbeddingService({ projectRoot: installDir });
 const embeddingIndex = new EmbeddingIndex({
-  rootDir: path.join(projectRoot, "state", "memory"),
+  rootDir: path.join(installDir, "state", "memory"),
   embeddingService
 });
 
@@ -465,7 +466,7 @@ async function deliverNotificationFile(mode = "shadow", notificationFilePath = n
   }
   const resolvedPath = path.isAbsolute(notificationFilePath)
     ? notificationFilePath
-    : path.resolve(projectRoot, notificationFilePath);
+    : path.resolve(installDir, notificationFilePath);
   const result = await deliveryManager.deliverPending({
     mode,
     limit: 1,
@@ -506,7 +507,7 @@ async function chooseHandoffPeer(notificationFilePath, peerId, deliveryProfile =
   }
   const resolvedPath = path.isAbsolute(notificationFilePath)
     ? notificationFilePath
-    : path.resolve(projectRoot, notificationFilePath);
+    : path.resolve(installDir, notificationFilePath);
   const result = await deliveryManager.chooseHandoffPeer(resolvedPath, peerId, {
     deliveryProfile
   });
@@ -519,7 +520,7 @@ async function chooseTopHandoffPeer(notificationFilePath, deliveryProfile = null
   }
   const resolvedPath = path.isAbsolute(notificationFilePath)
     ? notificationFilePath
-    : path.resolve(projectRoot, notificationFilePath);
+    : path.resolve(installDir, notificationFilePath);
   const result = await deliveryManager.chooseTopSuggestedPeer(resolvedPath, {
     deliveryProfile
   });
@@ -530,7 +531,7 @@ async function serveTransport(port = "4318") {
   const authToken = process.env.NEMORIS_TRANSPORT_TOKEN || null;
   const runtime = await scheduler.loadRuntime();
   const server = new StandaloneTransportServer({
-    stateRoot: path.join(projectRoot, "state"),
+    stateRoot: path.join(installDir, "state"),
     authToken,
     retention: runtime.runtime?.retention?.transportInbox || {},
     requestTimeoutMs: runtime.runtime?.shutdown?.transportShutdownTimeoutMs || 5000
@@ -1383,7 +1384,7 @@ async function serveDaemon(mode = "dry-run", intervalMs = "30000", installDir =
 
 async function pruneState(scope = "all") {
   const runtime = await scheduler.loadRuntime();
-  const statePath = path.join(projectRoot, "state");
+  const statePath = path.join(installDir, "state");
   const operations = [];
 
   if (scope === "all" || scope === "runs") {
@@ -1428,7 +1429,7 @@ async function pruneState(scope = "all") {
 
 async function reviewInbox(limit = "10") {
   const server = new StandaloneTransportServer({
-    stateRoot: path.join(projectRoot, "state")
+    stateRoot: path.join(installDir, "state")
   });
   const items = await server.listInbox(Number(limit) || 10);
   console.log(JSON.stringify(items, null, 2));
@@ -1606,7 +1607,7 @@ async function reportFallbackReadiness(jobId = "workspace-health") {
 
 async function configValidate() {
   const config = await scheduler.loadRuntime();
-  const schemaResult = validateAllConfigs(config, path.join(projectRoot, "config"));
+  const schemaResult = validateAllConfigs(config, path.join(installDir, "config"));
   console.log(
     JSON.stringify(
       {
@@ -2246,7 +2247,7 @@ async function runtimeStatus(jsonFlag = false) {
 
 async function mcpList() {
   const { ConfigLoader } = await import("./config/loader.js");
-  const loader = new ConfigLoader({ rootDir: path.join(projectRoot, "config") });
+  const loader = new ConfigLoader({ rootDir: path.join(installDir, "config") });
   const mcp = await loader.loadMcp();
 
   if (!mcp.servers || Object.keys(mcp.servers).length === 0) {
@@ -2283,9 +2284,9 @@ async function listTools() {
   const { ToolRegistry } = await import("./tools/registry.js");
   const { registerMicroToolHandlers } = await import("./tools/micro/index.js");
   const registry = new ToolRegistry();
-  registerMicroToolHandlers(registry, { workspaceRoot: projectRoot });
+  registerMicroToolHandlers(registry, { workspaceRoot: installDir });
   try {
-    const toolsDir = path.join(projectRoot, "config", "tools");
+    const toolsDir = path.join(installDir, "config", "tools");
     await registry.loadTools(toolsDir);
   } catch { /* no tools dir is fine */ }
   console.log("Configured tools:\n");
@@ -2306,7 +2307,7 @@ async function addTool(toolId) {
     process.exitCode = 1;
     return;
   }
-  const toolsDir = path.join(projectRoot, "config", "tools");
+  const toolsDir = path.join(installDir, "config", "tools");
   await mkdirAsync(toolsDir, { recursive: true });
   const lines = [
     `[tool]`,
@@ -2336,7 +2337,7 @@ async function addTool(toolId) {
 async function listSkills() {
   const { SkillsLoader } = await import("./skills/loader.js");
   const loader = new SkillsLoader();
-  const skillsDir = path.join(projectRoot, "config", "skills");
+  const skillsDir = path.join(installDir, "config", "skills");
   await loader.loadSkills(skillsDir);
   const all = loader.listAll();
   if (all.length === 0) {
@@ -2353,8 +2354,8 @@ async function listSkills() {
 async function listImprovements() {
   const { readdir: readdirAsync } = await import("node:fs/promises");
   const { ImprovementEngine } = await import("./runtime/improvement-engine.js");
-  const engine = new ImprovementEngine({ stateRoot: path.join(projectRoot, "state") });
-  const tuningsRoot = path.join(projectRoot, "state", "tunings");
+  const engine = new ImprovementEngine({ stateRoot: path.join(installDir, "state") });
+  const tuningsRoot = path.join(installDir, "state", "tunings");
   try {
     const jobDirs = await readdirAsync(tuningsRoot);
     let found = false;
@@ -2557,7 +2558,7 @@ export async function main(argv = process.argv) {
     const { runMigration } = await import("./runtime/migration.js");
     const dryRun = rest.includes("--dry-run");
     const liveRoot = process.env.NEMORIS_LIVE_ROOT || path.join(process.env.HOME || os.homedir(), ".openclaw");
-    const result = await runMigration({ installDir: projectRoot, liveRoot, dryRun });
+    const result = await runMigration({ installDir, liveRoot, dryRun });
     console.log(JSON.stringify(result, null, 2));
     return 0;
   } else if (command === "review-inbox") {

package/src/onboarding/auth/api-key.js

@@ -20,7 +20,7 @@ function defaultSearchPaths() {
   const installDir = resolveInstallDir();
   return [
     path.join(installDir, ".env"),
-    path.join(os.homedir(), ".nemoris", ".env"),
+    path.join(os.homedir(), ".nemoris-data", ".env"),
     path.join(os.homedir(), ".openclaw", ".env"),
   ];
 }

package/src/tui/socket-client.js

@@ -7,7 +7,7 @@ export function resolveSocketPath({ platform = process.platform, stateDir, homed
   if (platform === "win32") {
     return "\\\\.\\pipe\\nemoris-daemon";
   }
-  const root = stateDir || path.join(homedir(), ".nemoris", "state");
+  const root = stateDir || path.join(homedir(), ".nemoris-data", "state");
   return path.join(root, "daemon.sock");
 }