open-multi-agent-kit 0.78.0 → 0.78.2

package/dist/runtime/headroom-policy.js

@@ -0,0 +1,122 @@
+/**
+ * HeadroomPolicy — proactive context compaction trigger.
+ *
+ * Industrial control-loop policy: given current token usage and model
+ * context window, decide whether to compact BEFORE utilization reaches
+ * a configurable threshold (default 90%).
+ *
+ * Prefers the external `headroom` CLI compressor when available;
+ * falls back to the built-in `optimizeContextBudget` when not.
+ *
+ * Deterministic except for the injectable `runHeadroom` runner.
+ */
+// ─── Defaults ────────────────────────────────────────────────────────────────
+const DEFAULT_THRESHOLD = 0.90;
+const MIN_THRESHOLD = 0.50;
+const MAX_THRESHOLD = 0.99;
+// ─── Threshold resolver ──────────────────────────────────────────────────────
+export function resolveHeadroomThreshold(env = process.env) {
+    const raw = env.OMK_HEADROOM_THRESHOLD;
+    if (raw === undefined || raw === "")
+        return DEFAULT_THRESHOLD;
+    const parsed = Number(raw);
+    if (!Number.isFinite(parsed))
+        return DEFAULT_THRESHOLD;
+    return Math.min(MAX_THRESHOLD, Math.max(MIN_THRESHOLD, parsed));
+}
+// ─── Enabled check ───────────────────────────────────────────────────────────
+export function isHeadroomEnabled(env = process.env) {
+    const raw = env.OMK_HEADROOM;
+    if (raw === undefined || raw === "")
+        return true;
+    const normalized = raw.trim().toLowerCase();
+    if (normalized === "off" || normalized === "0" || normalized === "false")
+        return false;
+    return true;
+}
+// ─── Evaluate ────────────────────────────────────────────────────────────────
+export function evaluateHeadroom(input) {
+    const env = input.env ?? process.env;
+    const enabled = isHeadroomEnabled(env);
+    const threshold = resolveHeadroomThreshold(env);
+    const { usedTokens, contextWindow } = input;
+    if (!enabled) {
+        return {
+            shouldCompact: false,
+            utilization: 0,
+            threshold,
+            usedTokens,
+            contextWindow,
+            reason: "headroom disabled via OMK_HEADROOM",
+        };
+    }
+    if (contextWindow <= 0) {
+        return {
+            shouldCompact: false,
+            utilization: 0,
+            threshold,
+            usedTokens,
+            contextWindow,
+            reason: "context window size unknown (0)",
+        };
+    }
+    const utilization = usedTokens / contextWindow;
+    const shouldCompact = utilization >= threshold;
+    return {
+        shouldCompact,
+        utilization,
+        threshold,
+        usedTokens,
+        contextWindow,
+        reason: shouldCompact
+            ? `utilization ${(utilization * 100).toFixed(1)}% >= threshold ${(threshold * 100).toFixed(1)}%`
+            : `utilization ${(utilization * 100).toFixed(1)}% below threshold ${(threshold * 100).toFixed(1)}%`,
+    };
+}
+// ─── Compaction runner ───────────────────────────────────────────────────────
+const HEADROOM_CLI_TIMEOUT_MS = 15_000;
+async function defaultRunHeadroom(text) {
+    try {
+        const { runShell } = await import("../util/shell.js");
+        const result = await runShell("headroom", ["compact", "--stdin"], {
+            timeout: HEADROOM_CLI_TIMEOUT_MS,
+            input: text,
+        });
+        if (result.failed || result.exitCode !== 0)
+            return null;
+        const output = result.stdout.trim();
+        return output.length > 0 ? output : null;
+    }
+    catch {
+        return null;
+    }
+}
+export async function maybeCompactWithHeadroom(args) {
+    if (!args.decision.shouldCompact) {
+        return { compacted: false, via: "none" };
+    }
+    // Try headroom first
+    if (args.text) {
+        try {
+            const runner = args.runHeadroom ?? defaultRunHeadroom;
+            const result = await runner(args.text);
+            if (result !== null) {
+                return { compacted: true, via: "headroom" };
+            }
+        }
+        catch {
+            // Headroom threw — fall through to fallback
+        }
+    }
+    // Fall back to built-in optimizer
+    if (args.fallback) {
+        try {
+            await args.fallback();
+            return { compacted: true, via: "fallback" };
+        }
+        catch {
+            // Fallback also failed — graceful degradation
+        }
+    }
+    return { compacted: false, via: "none" };
+}

package/dist/runtime/kimi-api-runtime.js

@@ -4,9 +4,47 @@
  *
  * Calls https://api.moonshot.cn/v1/chat/completions directly.
  */
+import { readFileSync, existsSync } from "node:fs";
+import { resolve } from "node:path";
 import { capsuleToTask } from "./context-broker-converter.js";
 import { buildProviderToolPayload } from "./provider-tool-contracts.js";
 import { repairToolCalls } from "./tool-call-repair.js";
+/**
+ * Detect "Image file: <path>" patterns in the prompt text (inserted by /paste
+ * or Ctrl+V clipboard image) and load the referenced images as base64 data URIs
+ * for multimodal API calls.
+ */
+function extractInlineImageParts(prompt) {
+    const results = [];
+    // Match "Image file: .omk/screenshots/.../screenshot-xxx.png" lines
+    const pattern = /^Image file:\s+(.+\.(?:png|jpg|jpeg|webp|gif))\s*$/gim;
+    let match;
+    while ((match = pattern.exec(prompt)) !== null) {
+        const filePath = match[1].trim();
+        const absPath = resolve(filePath);
+        if (!existsSync(absPath))
+            continue;
+        try {
+            const buf = readFileSync(absPath);
+            if (buf.length === 0 || buf.length > 20 * 1024 * 1024)
+                continue;
+            // Detect mime type from magic bytes
+            let mimeType = "image/png";
+            if (buf[0] === 0xff && buf[1] === 0xd8)
+                mimeType = "image/jpeg";
+            else if (buf[0] === 0x52 && buf[1] === 0x49)
+                mimeType = "image/webp";
+            else if (buf[0] === 0x47 && buf[1] === 0x49)
+                mimeType = "image/gif";
+            const base64 = buf.toString("base64");
+            results.push({ dataUri: `data:${mimeType};base64,${base64}` });
+        }
+        catch {
+            // Skip unreadable files
+        }
+    }
+    return results;
+}
 function mapToolCalls(apiToolCalls, context) {
     const repaired = repairToolCalls({
         declaredCalls: (apiToolCalls ?? []).map((tc) => ({
@@ -155,7 +193,27 @@ export class KimiApiRuntime {
         if (task.context.system) {
             messages.push({ role: "system", content: task.context.system });
         }
-        messages.push({ role: "user", content: task.prompt });
+        // Build multimodal content when attachments are present or when
+        // the prompt contains "Image file: <path>" references (from /paste or
+        // Ctrl+V clipboard image). This makes clipboard-pasted images send as
+        // image_url content parts to OpenAI-compatible multimodal endpoints.
+        const attachments = task.attachments ?? [];
+        const inlineImages = extractInlineImageParts(task.prompt);
+        if (attachments.length > 0 || inlineImages.length > 0) {
+            const parts = [{ type: "text", text: task.prompt }];
+            for (const attachment of attachments) {
+                if (attachment.dataUri) {
+                    parts.push({ type: "image_url", image_url: { url: attachment.dataUri } });
+                }
+            }
+            for (const image of inlineImages) {
+                parts.push({ type: "image_url", image_url: { url: image.dataUri } });
+            }
+            messages.push({ role: "user", content: parts });
+        }
+        else {
+            messages.push({ role: "user", content: task.prompt });
+        }
         const providerTools = task.capabilities.toolCalling
             ? buildProviderToolPayload(task.tools.available)
             : buildProviderToolPayload([]);

package/dist/runtime/ouroboros-policy.d.ts

@@ -0,0 +1,57 @@
+/**
+ * Ouroboros routing policy for OMK.
+ *
+ * Resolves whether to prefer the embedded Ouroboros spec-first flow
+ * for goal/spec/orchestration intents.  Detection is non-fatal and
+ * never triggers network access or implicit installs.
+ */
+export type OuroborosMode = "always" | "auto" | "off";
+/**
+ * Read the OMK_OUROBOROS env var and normalise it into a mode.
+ *
+ * - unset / anything other than the known tokens  → "always" (default)
+ * - "auto"                                        → "auto"
+ * - "off" / "0" / "false" (case-insensitive)      → "off"
+ */
+export declare function resolveOuroborosMode(env?: NodeJS.ProcessEnv): OuroborosMode;
+export interface OuroborosAvailability {
+    available: boolean;
+    via: "mcp" | "binary" | "none";
+    detail: string;
+}
+interface DetectOpts {
+    env?: NodeJS.ProcessEnv;
+    mcpConfigPath?: string;
+    which?: (cmd: string) => Promise<string | null>;
+}
+/**
+ * Check whether Ouroboros is reachable without network or installs.
+ *
+ * Strategy (non-fatal):
+ *   1. Look for an `ouroboros` key in ~/.omk/agent/mcp.json  (global)
+ *      and/or .omk/mcp.json  (project-scoped).
+ *   2. Optionally check for an `ouroboros` binary via an injectable which().
+ *
+ * Any I/O error silently yields `{ available: false, via: "none" }`.
+ */
+export declare function detectOuroborosAvailable(opts?: DetectOpts): Promise<OuroborosAvailability>;
+export interface OuroborosDecision {
+    use: boolean;
+    mode: OuroborosMode;
+    availability: OuroborosAvailability;
+    reason: string;
+}
+interface DecisionInput {
+    intent: string;
+    env?: NodeJS.ProcessEnv;
+    detect?: () => Promise<OuroborosAvailability>;
+}
+/**
+ * Decide whether the current run should route through Ouroboros.
+ *
+ * - use=true only when mode≠off AND available AND intent matches.
+ * - When mode=always but unavailable → use=false with fallback reason.
+ * - Never throws.
+ */
+export declare function resolveOuroborosDecision(input: DecisionInput): Promise<OuroborosDecision>;
+export {};

package/dist/runtime/ouroboros-policy.js

@@ -0,0 +1,134 @@
+/**
+ * Ouroboros routing policy for OMK.
+ *
+ * Resolves whether to prefer the embedded Ouroboros spec-first flow
+ * for goal/spec/orchestration intents.  Detection is non-fatal and
+ * never triggers network access or implicit installs.
+ */
+import { readFile } from "node:fs/promises";
+import { join } from "node:path";
+import { homedir } from "node:os";
+/**
+ * Read the OMK_OUROBOROS env var and normalise it into a mode.
+ *
+ * - unset / anything other than the known tokens  → "always" (default)
+ * - "auto"                                        → "auto"
+ * - "off" / "0" / "false" (case-insensitive)      → "off"
+ */
+export function resolveOuroborosMode(env = process.env) {
+    const raw = (env.OMK_OUROBOROS ?? "").trim().toLowerCase();
+    if (raw === "off" || raw === "0" || raw === "false")
+        return "off";
+    if (raw === "auto")
+        return "auto";
+    return "always";
+}
+/**
+ * Check whether Ouroboros is reachable without network or installs.
+ *
+ * Strategy (non-fatal):
+ *   1. Look for an `ouroboros` key in ~/.omk/agent/mcp.json  (global)
+ *      and/or .omk/mcp.json  (project-scoped).
+ *   2. Optionally check for an `ouroboros` binary via an injectable which().
+ *
+ * Any I/O error silently yields `{ available: false, via: "none" }`.
+ */
+export async function detectOuroborosAvailable(opts) {
+    // --- binary check (fast, optional) ---
+    if (opts?.which) {
+        try {
+            const bin = await opts.which("ouroboros");
+            if (bin) {
+                return { available: true, via: "binary", detail: `found binary: ${bin}` };
+            }
+        }
+        catch {
+            // swallow
+        }
+    }
+    // --- MCP config check (non-fatal) ---
+    const home = homedir();
+    const candidates = [
+        opts?.mcpConfigPath ?? join(home, ".omk", "agent", "mcp.json"),
+        join(process.cwd(), ".omk", "mcp.json"),
+    ];
+    for (const configPath of candidates) {
+        try {
+            const raw = await readFile(configPath, "utf-8");
+            const parsed = JSON.parse(raw);
+            if (isRecord(parsed) && isRecord(parsed.mcpServers)) {
+                if ("ouroboros" in parsed.mcpServers) {
+                    return {
+                        available: true,
+                        via: "mcp",
+                        detail: `ouroboros server found in ${configPath}`,
+                    };
+                }
+            }
+        }
+        catch {
+            // file missing or malformed → continue
+        }
+    }
+    return { available: false, via: "none", detail: "ouroboros not detected" };
+}
+/**
+ * Intent tokens (lowercased) that qualify for Ouroboros routing.
+ */
+const OUROBOROS_INTENT_KEYWORDS = [
+    "goal",
+    "plan",
+    "spec",
+    "seed",
+    "interview",
+    "orchestrate",
+    "feature",
+    "build",
+    "implement",
+    // Korean equivalents
+    "계획",
+    "스펙",
+    "구현",
+    "기획",
+];
+/**
+ * Decide whether the current run should route through Ouroboros.
+ *
+ * - use=true only when mode≠off AND available AND intent matches.
+ * - When mode=always but unavailable → use=false with fallback reason.
+ * - Never throws.
+ */
+export async function resolveOuroborosDecision(input) {
+    const mode = resolveOuroborosMode(input.env);
+    const detect = input.detect ?? (() => detectOuroborosAvailable({ env: input.env }));
+    let availability;
+    try {
+        availability = await detect();
+    }
+    catch {
+        availability = { available: false, via: "none", detail: "detection threw" };
+    }
+    if (mode === "off") {
+        return { use: false, mode, availability, reason: "ouroboros-mode-off" };
+    }
+    if (!availability.available) {
+        return {
+            use: false,
+            mode,
+            availability,
+            reason: "ouroboros-unavailable-fallback-native",
+        };
+    }
+    if (!isGoalLikeIntent(input.intent)) {
+        return { use: false, mode, availability, reason: "intent-not-goal-like" };
+    }
+    return { use: true, mode, availability, reason: "ouroboros-routing-active" };
+}
+// ── Helpers ─────────────────────────────────────────────────────────
+function isGoalLikeIntent(intent) {
+    const lowered = intent.toLocaleLowerCase();
+    return OUROBOROS_INTENT_KEYWORDS.some((kw) => lowered.includes(kw));
+}
+function isRecord(v) {
+    return typeof v === "object" && v !== null && !Array.isArray(v);
+}

package/dist/runtime/proof-bundle-trust.d.ts

@@ -0,0 +1,74 @@
+/**
+ * Proof Bundle Trust Score — Phase 2 of OMK Weakness Remediation.
+ *
+ * Evaluates a curated proof bundle across 8 dimensions and produces
+ * a trust score T_b, a permission level, and a pass/fail verdict
+ * against τ_proof.
+ */
+import type { ClaimPermissionLevel, EvidenceVerdict } from "./contracts/evidence.js";
+/** The 8 scored dimensions of a proof bundle. */
+export interface ProofBundleScores {
+    /** Schema conformance of evidence items [0, 1]. */
+    readonly schema: number;
+    /** Hash integrity / tamper evidence [0, 1]. */
+    readonly hashes: number;
+    /** Command trace coverage and correctness [0, 1]. */
+    readonly commands: number;
+    /** Stdout / stderr capture completeness [0, 1]. */
+    readonly stdout: number;
+    /** Decision record quality and count [0, 1]. */
+    readonly decisions: number;
+    /** Evidence item confidence and verdict strength [0, 1]. */
+    readonly evidence: number;
+    /** Acknowledged limitations documented [0, 1]. */
+    readonly limitations: number;
+    /** Replay reproducibility score [0, 1]. */
+    readonly replay: number;
+}
+/** Result of evaluating a proof bundle. */
+export interface TrustScoreResult {
+    /** Computed trust score T_b ∈ [0, 1]. */
+    readonly score: number;
+    /** Permission level derived from score thresholds. */
+    readonly permissionLevel: ClaimPermissionLevel;
+    /** Whether score meets τ_proof. */
+    readonly passed: boolean;
+    /** Individual dimension contributions. */
+    readonly breakdown: ProofBundleScores;
+}
+/** Engine that evaluates proof bundle trust. */
+export interface ProofBundleTrustEngine {
+    /**
+     * Evaluate a proof bundle from its 8 dimension scores.
+     *
+     * Formula:
+     *   T_b = 0.15·schema + 0.15·hashes + 0.15·commands + 0.10·stdout
+     *       + 0.15·decisions + 0.15·evidence + 0.05·limitations + 0.10·replay
+     */
+    evaluate(scores: ProofBundleScores): TrustScoreResult;
+    /** Derive dimension scores from a raw evidence verdict and coverage. */
+    deriveScores(verdict: EvidenceVerdict, coveragePercent: number, options?: DeriveScoresOptions): ProofBundleScores;
+}
+/** Options for automatic score derivation. */
+export interface DeriveScoresOptions {
+    /** Override schema conformance (default inferred from verdict). */
+    readonly schema?: number;
+    /** Override hash integrity (default 1.0). */
+    readonly hashes?: number;
+    /** Override command trace score (default inferred from coverage). */
+    readonly commands?: number;
+    /** Override stdout completeness (default inferred from coverage). */
+    readonly stdout?: number;
+    /** Override decision record score (default inferred from verdict). */
+    readonly decisions?: number;
+    /** Override evidence strength (default inferred from verdict). */
+    readonly evidence?: number;
+    /** Override limitations documentation (default 0.5). */
+    readonly limitations?: number;
+    /** Override replay score (default inferred from verdict). */
+    readonly replay?: number;
+}
+/**
+ * Create a ProofBundleTrustEngine with default weights and thresholds.
+ */
+export declare function createProofBundleTrustEngine(): ProofBundleTrustEngine;

package/dist/runtime/proof-bundle-trust.js

@@ -0,0 +1,100 @@
+/**
+ * Proof Bundle Trust Score — Phase 2 of OMK Weakness Remediation.
+ *
+ * Evaluates a curated proof bundle across 8 dimensions and produces
+ * a trust score T_b, a permission level, and a pass/fail verdict
+ * against τ_proof.
+ */
+import { TAU_PROOF } from "./contracts/weakness-remediation.js";
+// ── Constants ───────────────────────────────────────────────────
+const WEIGHT_SCHEMA = 0.15;
+const WEIGHT_HASHES = 0.15;
+const WEIGHT_COMMANDS = 0.15;
+const WEIGHT_STDOUT = 0.10;
+const WEIGHT_DECISIONS = 0.15;
+const WEIGHT_EVIDENCE = 0.15;
+const WEIGHT_LIMITATIONS = 0.05;
+const WEIGHT_REPLAY = 0.10;
+const STRONG_PUBLIC_THRESHOLD = 0.90;
+const QUALIFIED_PUBLIC_THRESHOLD = 0.75;
+const INTERNAL_CLAIM_THRESHOLD = 0.60;
+// ── Helpers ─────────────────────────────────────────────────────
+function clamp01(n) {
+    return Math.max(0, Math.min(1, n));
+}
+function permissionLevelFromScore(score) {
+    if (score >= STRONG_PUBLIC_THRESHOLD) {
+        return "strong-public-claim";
+    }
+    if (score >= QUALIFIED_PUBLIC_THRESHOLD) {
+        return "qualified-public-claim";
+    }
+    if (score >= INTERNAL_CLAIM_THRESHOLD) {
+        return "internal-claim-only";
+    }
+    return "no-claim";
+}
+function verdictToBaseScore(verdict) {
+    switch (verdict) {
+        case "pass":
+            return 1.0;
+        case "partial":
+            return 0.65;
+        case "pending":
+            return 0.35;
+        case "fail":
+            return 0.0;
+        default:
+            return 0.0;
+    }
+}
+// ── Engine Factory ──────────────────────────────────────────────
+/**
+ * Create a ProofBundleTrustEngine with default weights and thresholds.
+ */
+export function createProofBundleTrustEngine() {
+    return {
+        evaluate(scores) {
+            const clamped = {
+                schema: clamp01(scores.schema),
+                hashes: clamp01(scores.hashes),
+                commands: clamp01(scores.commands),
+                stdout: clamp01(scores.stdout),
+                decisions: clamp01(scores.decisions),
+                evidence: clamp01(scores.evidence),
+                limitations: clamp01(scores.limitations),
+                replay: clamp01(scores.replay),
+            };
+            const score = WEIGHT_SCHEMA * clamped.schema +
+                WEIGHT_HASHES * clamped.hashes +
+                WEIGHT_COMMANDS * clamped.commands +
+                WEIGHT_STDOUT * clamped.stdout +
+                WEIGHT_DECISIONS * clamped.decisions +
+                WEIGHT_EVIDENCE * clamped.evidence +
+                WEIGHT_LIMITATIONS * clamped.limitations +
+                WEIGHT_REPLAY * clamped.replay;
+            const finalScore = clamp01(score);
+            const permissionLevel = permissionLevelFromScore(finalScore);
+            return Object.freeze({
+                score: finalScore,
+                permissionLevel,
+                passed: finalScore >= TAU_PROOF,
+                breakdown: clamped,
+            });
+        },
+        deriveScores(verdict, coveragePercent, options = {}) {
+            const base = verdictToBaseScore(verdict);
+            const cov = clamp01(coveragePercent / 100);
+            return Object.freeze({
+                schema: clamp01(options.schema ?? base),
+                hashes: clamp01(options.hashes ?? 1.0),
+                commands: clamp01(options.commands ?? cov),
+                stdout: clamp01(options.stdout ?? cov),
+                decisions: clamp01(options.decisions ?? base),
+                evidence: clamp01(options.evidence ?? base),
+                limitations: clamp01(options.limitations ?? 0.5),
+                replay: clamp01(options.replay ?? base),
+            });
+        },
+    };
+}

package/dist/runtime/provider-maturity-gate.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Provider Maturity Gate — Phase 3 of OMK Weakness Remediation.
+ *
+ * Evaluates a provider/runtime across 8 adapter test dimensions and
+ * produces a maturity score M_p, an authority class, and a pass/fail
+ * verdict.
+ */
+import type { AdapterTestKind, AdapterTestResult, ProviderAuthorityClass } from "./contracts/evidence.js";
+/** Maturity evaluation result for a single provider. */
+export interface MaturityResult {
+    /** Computed maturity score M_p ∈ [0, 1]. */
+    readonly score: number;
+    /** Authority class derived from score and sub-score constraints. */
+    readonly authorityClass: ProviderAuthorityClass;
+    /** Whether the provider meets minimum viability. */
+    readonly passed: boolean;
+    /** Sub-scores keyed by adapter test kind. */
+    readonly subScores: Readonly<Record<AdapterTestKind, number>>;
+}
+/** Engine that evaluates provider maturity. */
+export interface ProviderMaturityGate {
+    /**
+     * Evaluate provider maturity from adapter test results.
+     *
+     * Formula:
+     *   M_p = 0.10·s_auth + 0.10·s_read + 0.15·s_write + 0.10·s_shell
+     *       + 0.15·s_mcp + 0.15·s_merge + 0.15·s_evidence + 0.10·s_fallback
+     */
+    evaluate(results: readonly AdapterTestResult[]): MaturityResult;
+    /** Look up a single sub-score by test kind (defaults to 0). */
+    getSubScore(results: readonly AdapterTestResult[], kind: AdapterTestKind): number;
+}
+/**
+ * Create a ProviderMaturityGate with default weights and thresholds.
+ */
+export interface ProviderMaturityTable {
+    lookup(providerId: string): MaturityResult | undefined;
+    register(providerId: string, result: MaturityResult): void;
+}
+export declare function createProviderMaturityTable(): ProviderMaturityTable;
+export declare function createProviderMaturityGate(): ProviderMaturityGate;