npm - pluribus-context - Versions diffs - 0.3.22 → 0.3.26 - Mend

pluribus-context 0.3.22 → 0.3.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (93) hide show

package/examples/context-input-evidence/convert-claudekit-mcp-manager-log.mjs ADDED Viewed

@@ -0,0 +1,253 @@
+#!/usr/bin/env node
+import { createHash } from 'node:crypto';
+import { readFileSync, writeFileSync } from 'node:fs';
+import { dirname, join, resolve } from 'node:path';
+import { fileURLToPath } from 'node:url';
+const here = dirname(fileURLToPath(import.meta.url));
+const inputPath = process.argv[2] ? resolve(process.argv[2]) : join(here, 'sample-claudekit-mcp-manager-log.jsonl');
+const receiptPath = process.argv[3] ? resolve(process.argv[3]) : join(here, 'claudekit-mcp-manager-receipt.ndjson');
+const tracePath = process.argv[4] ? resolve(process.argv[4]) : join(here, 'claudekit-mcp-manager-otel-trace.json');
+function sha256(value) {
+  return `sha256:${createHash('sha256').update(value ?? '').digest('hex')}`;
+}
+function hashRef(value) {
+  return sha256(value ?? '').slice(0, 19);
+}
+function readJsonl(path) {
+  return readFileSync(path, 'utf8')
+    .trim()
+    .split('\n')
+    .filter(Boolean)
+    .map((line, index) => {
+      try {
+        return JSON.parse(line);
+      } catch (error) {
+        throw new Error(`Invalid JSONL at ${path}:${index + 1}: ${error.message}`);
+      }
+    });
+}
+function unixNano(isoTimestamp) {
+  return `${BigInt(Date.parse(isoTimestamp)) * 1_000_000n}`;
+}
+function otelValue(value) {
+  if (typeof value === 'boolean') return { boolValue: value };
+  if (typeof value === 'number' && Number.isInteger(value)) return { intValue: String(value) };
+  if (typeof value === 'number') return { doubleValue: value };
+  if (value == null) return { stringValue: '' };
+  return { stringValue: String(value) };
+}
+function attributesToOtel(attributes) {
+  return Object.entries(attributes).map(([key, value]) => ({ key, value: otelValue(value) }));
+}
+function tokenBucket(value) {
+  if (value < 1_000) return 'under_1k';
+  if (value < 10_000) return 'under_10k';
+  if (value < 50_000) return 'under_50k';
+  if (value < 100_000) return 'under_100k';
+  return 'over_100k';
+}
+function countBucket(value) {
+  if (value === 0) return 'zero';
+  if (value <= 5) return 'under_5';
+  if (value <= 25) return 'under_25';
+  if (value <= 100) return 'under_100';
+  if (value <= 500) return 'under_500';
+  return 'over_500';
+}
+const records = readJsonl(inputPath);
+const session = records.find((record) => record.type === 'session.start');
+const parentContext = records.find((record) => record.type === 'mcp.manager.parent_context.evaluated');
+const subagentBoot = records.find((record) => record.type === 'mcp.manager.subagent.booted');
+const toolSelected = records.find((record) => record.type === 'mcp.manager.tool_selected');
+const toolInvoked = records.find((record) => record.type === 'mcp.manager.tool_invoked');
+const summaryReturned = records.find((record) => record.type === 'mcp.manager.parent_summary.returned');
+if (!session || !parentContext || !subagentBoot || !toolSelected || !toolInvoked || !summaryReturned) {
+  throw new Error(`Expected session.start and all mcp.manager.* records in ${inputPath}`);
+}
+const traceSeed = `${session.session_id}:${session.conversation_id}:claudekit-mcp-manager`;
+const traceId = sha256(traceSeed).replace('sha256:', '').slice(0, 32);
+const spanId = sha256(`${traceSeed}:span`).replace('sha256:', '').slice(0, 16);
+const events = [
+  {
+    trace_id: traceId,
+    span_id: spanId,
+    name: 'mcp.manager.parent_context.evaluated',
+    time: parentContext.time,
+    attributes: {
+      'session.id': session.session_id,
+      'gen_ai.conversation.id': session.conversation_id,
+      'agent.name': session.agent,
+      'mcp.manager.pattern': parentContext.pattern,
+      'mcp.manager.parent_visible_skill_hash': hashRef(parentContext.parent_visible_skill),
+      'mcp.manager.parent_visible_token_bucket': tokenBucket(parentContext.parent_visible_token_count),
+      'mcp.manager.hidden_server_count_bucket': countBucket(parentContext.hidden_mcp_server_count),
+      'mcp.manager.hidden_tool_schema_count_bucket': countBucket(parentContext.hidden_mcp_tool_schema_count),
+      'mcp.manager.hidden_full_schema_token_bucket': tokenBucket(parentContext.hidden_full_schema_token_count),
+      'mcp.manager.full_schemas_loaded_in_parent': false,
+      'privacy.raw_parent_prompt_recorded': false,
+      'privacy.raw_hidden_schemas_recorded': false
+    }
+  },
+  {
+    trace_id: traceId,
+    span_id: spanId,
+    name: 'mcp.manager.subagent.booted',
+    time: subagentBoot.time,
+    attributes: {
+      'session.id': session.session_id,
+      'gen_ai.conversation.id': session.conversation_id,
+      'mcp.manager.subagent_id_hash': hashRef(subagentBoot.subagent_id),
+      'mcp.manager.tools_policy': subagentBoot.tools_policy,
+      'mcp.manager.server_count_bucket': countBucket(subagentBoot.server_count),
+      'mcp.manager.tool_schema_count_bucket': countBucket(subagentBoot.tool_schema_count),
+      'mcp.manager.subagent_startup_token_bucket': tokenBucket(subagentBoot.startup_context_token_count),
+      'mcp.manager.context_window_token_bucket': tokenBucket(subagentBoot.context_window_tokens),
+      'privacy.raw_subagent_tool_catalog_recorded': false
+    }
+  },
+  {
+    trace_id: traceId,
+    span_id: spanId,
+    name: 'mcp.manager.tool_selected',
+    time: toolSelected.time,
+    attributes: {
+      'session.id': session.session_id,
+      'gen_ai.conversation.id': session.conversation_id,
+      'mcp.manager.selection_strategy': toolSelected.selection_strategy,
+      'mcp.manager.selected_server_hash': hashRef(toolSelected.selected_server),
+      'mcp.manager.selected_tool_hash': hashRef(toolSelected.selected_tool),
+      'mcp.manager.candidate_tool_count_bucket': countBucket(toolSelected.candidate_tool_count),
+      'mcp.manager.expanded_tool_count': toolSelected.expanded_tool_count,
+      'mcp.manager.suppressed_tool_count_bucket': countBucket(toolSelected.suppressed_tool_count),
+      'mcp.manager.selection_reason_hash': sha256(toolSelected.raw_selection_reason),
+      'privacy.raw_selection_reason_recorded': false
+    }
+  },
+  {
+    trace_id: traceId,
+    span_id: spanId,
+    name: 'mcp.manager.tool_invoked',
+    time: toolInvoked.time,
+    attributes: {
+      'session.id': session.session_id,
+      'gen_ai.conversation.id': session.conversation_id,
+      'mcp.tool.name_hash': hashRef(toolInvoked.tool),
+      'mcp.tool_call.status': toolInvoked.status,
+      'mcp.tool_call.result_count_bucket': countBucket(toolInvoked.result_count),
+      'mcp.tool_call.latency_ms': toolInvoked.latency_ms,
+      'mcp.tool_call.arguments_hash': sha256(toolInvoked.raw_arguments),
+      'mcp.tool_call.result_sample_hash': sha256(toolInvoked.raw_result_sample),
+      'privacy.raw_tool_arguments_recorded': false,
+      'privacy.raw_tool_results_recorded': false
+    }
+  },
+  {
+    trace_id: traceId,
+    span_id: spanId,
+    name: 'mcp.manager.parent_summary.returned',
+    time: summaryReturned.time,
+    attributes: {
+      'session.id': session.session_id,
+      'gen_ai.conversation.id': session.conversation_id,
+      'mcp.manager.summary.status': summaryReturned.status,
+      'mcp.manager.summary_token_bucket': tokenBucket(summaryReturned.summary_token_count),
+      'mcp.manager.parent_context_after_token_bucket': tokenBucket(summaryReturned.parent_context_token_count_after),
+      'mcp.manager.summary_hash': sha256(summaryReturned.raw_summary),
+      'mcp.manager.audit_gap': summaryReturned.audit_gap,
+      'privacy.raw_summary_recorded': false
+    }
+  }
+];
+writeFileSync(receiptPath, `${events.map((event) => JSON.stringify(event)).join('\n')}\n`);
+const trace = {
+  resourceSpans: [
+    {
+      resource: {
+        attributes: attributesToOtel({
+          'service.name': 'pluribus-claudekit-mcp-manager-receipt-demo',
+          'service.version': '0.0.0-fixture',
+          'deployment.environment.name': 'local-fixture'
+        })
+      },
+      scopeSpans: [
+        {
+          scope: {
+            name: 'pluribus.context_input_evidence.claudekit_mcp_manager_demo',
+            version: '0.0.0-fixture'
+          },
+          spans: [
+            {
+              traceId,
+              spanId,
+              parentSpanId: '',
+              name: 'agent.session.mcp.manager.subagent_boundary',
+              kind: 1,
+              startTimeUnixNano: unixNano(parentContext.time),
+              endTimeUnixNano: unixNano(summaryReturned.time),
+              attributes: attributesToOtel({
+                'session.id': session.session_id,
+                'gen_ai.conversation.id': session.conversation_id,
+                'agent.name': session.agent,
+                'workspace.name': session.workspace,
+                'gen_ai.request.model': session.model,
+                'mcp.manager.pattern': parentContext.pattern,
+                'mcp.manager.receipt.scope': 'parent_vs_manager_subagent_context_budget'
+              }),
+              events: events.map((event) => ({
+                name: event.name,
+                timeUnixNano: unixNano(event.time),
+                attributes: attributesToOtel(event.attributes)
+              }))
+            }
+          ]
+        }
+      ]
+    }
+  ]
+};
+writeFileSync(tracePath, `${JSON.stringify(trace, null, 2)}\n`);
+const forbiddenRawStrings = [
+  'Acme-Co',
+  'sk_live_parent_fixture',
+  'sk_live_manager_fixture',
+  'finance@acme.example',
+  'private-enterprise-mcp',
+  'support.ticket.search',
+  'TICKET-private-002',
+  'Stripe prod incident',
+  'billing account 4242'
+];
+const publicOutputs = `${readFileSync(receiptPath, 'utf8')}\n${readFileSync(tracePath, 'utf8')}`;
+const leaked = forbiddenRawStrings.filter((value) => publicOutputs.includes(value));
+if (leaked.length > 0) {
+  throw new Error(`Receipt/trace leaked raw fixture strings: ${leaked.join(', ')}`);
+}
+console.log(JSON.stringify({
+  input: inputPath,
+  receipt: receiptPath,
+  trace: tracePath,
+  events: events.length,
+  selectedToolExpandedCount: toolSelected.expanded_tool_count,
+  suppressedToolCount: toolSelected.suppressed_tool_count,
+  parentFullSchemasLoaded: false,
+  forbiddenRawStringsChecked: forbiddenRawStrings.length
+}, null, 2));

package/examples/context-input-evidence/convert-cli-progressive-disclosure-log.mjs ADDED Viewed

@@ -0,0 +1,251 @@
+#!/usr/bin/env node
+import { createHash } from 'node:crypto';
+import { readFileSync, writeFileSync } from 'node:fs';
+import { dirname, join, resolve } from 'node:path';
+import { fileURLToPath } from 'node:url';
+const here = dirname(fileURLToPath(import.meta.url));
+const inputPath = process.argv[2] ? resolve(process.argv[2]) : join(here, 'sample-cli-progressive-disclosure-log.jsonl');
+const receiptPath = process.argv[3] ? resolve(process.argv[3]) : join(here, 'cli-progressive-disclosure-receipt.ndjson');
+const tracePath = process.argv[4] ? resolve(process.argv[4]) : join(here, 'cli-progressive-disclosure-otel-trace.json');
+function sha256(value) {
+  return `sha256:${createHash('sha256').update(value ?? '').digest('hex')}`;
+}
+function hashRef(value) {
+  return sha256(value ?? '').slice(0, 19);
+}
+function readJsonl(path) {
+  return readFileSync(path, 'utf8')
+    .trim()
+    .split('\n')
+    .filter(Boolean)
+    .map((line, index) => {
+      try {
+        return JSON.parse(line);
+      } catch (error) {
+        throw new Error(`Invalid JSONL at ${path}:${index + 1}: ${error.message}`);
+      }
+    });
+}
+function unixNano(isoTimestamp) {
+  return `${BigInt(Date.parse(isoTimestamp)) * 1_000_000n}`;
+}
+function otelValue(value) {
+  if (typeof value === 'boolean') return { boolValue: value };
+  if (typeof value === 'number' && Number.isInteger(value)) return { intValue: String(value) };
+  if (typeof value === 'number') return { doubleValue: value };
+  if (value == null) return { stringValue: '' };
+  return { stringValue: String(value) };
+}
+function attributesToOtel(attributes) {
+  return Object.entries(attributes).map(([key, value]) => ({ key, value: otelValue(value) }));
+}
+function tokenBucket(value) {
+  if (value < 100) return 'under_100';
+  if (value < 1_000) return 'under_1k';
+  if (value < 10_000) return 'under_10k';
+  if (value < 50_000) return 'under_50k';
+  return 'over_50k';
+}
+function byteBucket(value) {
+  if (value === 0) return 'zero';
+  if (value < 1_000) return 'under_1kb';
+  if (value < 10_000) return 'under_10kb';
+  if (value < 100_000) return 'under_100kb';
+  return 'over_100kb';
+}
+function countBucket(value) {
+  if (value === 0) return 'zero';
+  if (value <= 5) return 'under_5';
+  if (value <= 25) return 'under_25';
+  return 'over_25';
+}
+const records = readJsonl(inputPath);
+const session = records.find((record) => record.type === 'session.start');
+const prompt = records.find((record) => record.type === 'cli.agent_prompt.loaded');
+const help = records.find((record) => record.type === 'cli.command_help.loaded');
+const command = records.find((record) => record.type === 'cli.command.executed');
+const completed = records.find((record) => record.type === 'cli.session.completed');
+if (!session || !prompt || !help || !command || !completed) {
+  throw new Error(`Expected session.start, cli.agent_prompt.loaded, cli.command_help.loaded, cli.command.executed, and cli.session.completed records in ${inputPath}`);
+}
+const traceSeed = `${session.session_id}:${session.conversation_id}:cli-progressive-disclosure`;
+const traceId = sha256(traceSeed).replace('sha256:', '').slice(0, 32);
+const spanId = sha256(`${traceSeed}:span`).replace('sha256:', '').slice(0, 16);
+const events = [
+  {
+    trace_id: traceId,
+    span_id: spanId,
+    name: 'cli.agent_prompt.loaded',
+    time: prompt.time,
+    attributes: {
+      'session.id': session.session_id,
+      'gen_ai.conversation.id': session.conversation_id,
+      'agent.name': session.agent,
+      'cli.name': prompt.cli_name,
+      'cli.prompt.command_hash': hashRef(prompt.prompt_command),
+      'cli.prompt.hash': sha256(prompt.raw_prompt),
+      'cli.prompt.token_count_bucket': tokenBucket(prompt.prompt_token_count),
+      'cli.full_openapi.token_count_bucket': tokenBucket(prompt.full_openapi_token_count),
+      'cli.full_mcp_schema.token_count_bucket': tokenBucket(prompt.full_mcp_schema_token_count),
+      'cli.startup.strategy': prompt.startup_strategy,
+      'cli.install.target': prompt.install_target,
+      'privacy.raw_agent_prompt_recorded': false,
+      'privacy.raw_openapi_recorded': false,
+      'privacy.raw_mcp_schemas_recorded': false
+    }
+  },
+  {
+    trace_id: traceId,
+    span_id: spanId,
+    name: 'cli.command_help.loaded',
+    time: help.time,
+    attributes: {
+      'session.id': session.session_id,
+      'gen_ai.conversation.id': session.conversation_id,
+      'cli.name': help.cli_name,
+      'cli.command.hash': hashRef(help.command),
+      'cli.help.command_hash': hashRef(help.help_command),
+      'cli.help.hash': sha256(help.raw_help),
+      'cli.help.token_count_bucket': tokenBucket(help.help_token_count),
+      'cli.help.load_reason_hash': hashRef(help.selection_reason),
+      'cli.unselected_commands.hash': sha256(help.unselected_commands.join('\n')),
+      'cli.unselected_help.loaded_count': help.unselected_help_loaded,
+      'privacy.raw_help_recorded': false,
+      'privacy.raw_unselected_commands_recorded': false
+    }
+  },
+  {
+    trace_id: traceId,
+    span_id: spanId,
+    name: 'cli.command.executed',
+    time: command.time,
+    attributes: {
+      'session.id': session.session_id,
+      'gen_ai.conversation.id': session.conversation_id,
+      'cli.name': command.cli_name,
+      'cli.command.hash': hashRef(command.command),
+      'cli.command.status': command.status,
+      'cli.command.arguments_hash': sha256(command.raw_arguments),
+      'cli.command.result_sample_hash': sha256(command.raw_result_sample),
+      'cli.command.result_count_bucket': countBucket(command.result_count),
+      'cli.command.latency_ms': command.latency_ms,
+      'cli.command.stdout_size_bucket': byteBucket(command.stdout_bytes),
+      'cli.command.stderr_size_bucket': byteBucket(command.stderr_bytes),
+      'privacy.raw_arguments_recorded': false,
+      'privacy.raw_results_recorded': false
+    }
+  },
+  {
+    trace_id: traceId,
+    span_id: spanId,
+    name: 'cli.session.completed',
+    time: completed.time,
+    attributes: {
+      'session.id': session.session_id,
+      'gen_ai.conversation.id': session.conversation_id,
+      'cli.session.status': completed.status,
+      'cli.commands.executed': completed.commands_executed,
+      'cli.command_help.loaded_count': completed.loaded_command_help_count,
+      'cli.full_openapi.loaded': completed.loaded_full_openapi,
+      'cli.full_mcp_schemas.loaded': completed.loaded_mcp_schemas,
+      'cli.progressive_disclosure.audit_gap': completed.audit_gap
+    }
+  }
+];
+writeFileSync(receiptPath, `${events.map((event) => JSON.stringify(event)).join('\n')}\n`);
+const trace = {
+  resourceSpans: [
+    {
+      resource: {
+        attributes: attributesToOtel({
+          'service.name': 'pluribus-cli-progressive-disclosure-receipt-demo',
+          'service.version': '0.0.0-fixture',
+          'deployment.environment.name': 'local-fixture'
+        })
+      },
+      scopeSpans: [
+        {
+          scope: {
+            name: 'pluribus.context_input_evidence.cli_progressive_disclosure_demo',
+            version: '0.0.0-fixture'
+          },
+          spans: [
+            {
+              traceId,
+              spanId,
+              parentSpanId: '',
+              name: 'agent.session.cli.progressive_disclosure',
+              kind: 1,
+              startTimeUnixNano: unixNano(prompt.time),
+              endTimeUnixNano: unixNano(completed.time),
+              attributes: attributesToOtel({
+                'session.id': session.session_id,
+                'gen_ai.conversation.id': session.conversation_id,
+                'agent.name': session.agent,
+                'workspace.name': session.workspace,
+                'gen_ai.request.model': session.model,
+                'cli.name': prompt.cli_name,
+                'cli.disclosure.strategy': 'agent_prompt_then_command_help'
+              }),
+              events: events.map((event) => ({
+                name: event.name,
+                timeUnixNano: unixNano(event.time),
+                attributes: attributesToOtel(event.attributes)
+              }))
+            }
+          ]
+        }
+      ]
+    }
+  ]
+};
+writeFileSync(tracePath, `${JSON.stringify(trace, null, 2)}\n`);
+const forbiddenRawStrings = [
+  'Acme-Co',
+  'private payroll sync payloads',
+  'private-checkout-api',
+  'sk_live_private_fixture',
+  'cus_private_001',
+  'finance@acme.example',
+  'Stripe prod incident',
+  'conn_acme_private'
+];
+const exportedText = `${events.map((event) => JSON.stringify(event)).join('\n')}\n${JSON.stringify(trace)}`;
+const rawTextCopiedToReceipt = forbiddenRawStrings.some((value) => exportedText.includes(value));
+const summary = {
+  schema: 'pluribus.cliProgressiveDisclosureReceipt.demo.v0',
+  eventCount: events.length,
+  startupPromptTokenBucket: events[0].attributes['cli.prompt.token_count_bucket'],
+  fullOpenApiTokenBucket: events[0].attributes['cli.full_openapi.token_count_bucket'],
+  fullMcpSchemaTokenBucket: events[0].attributes['cli.full_mcp_schema.token_count_bucket'],
+  loadedCommandHelpCount: completed.loaded_command_help_count,
+  loadedFullOpenApi: completed.loaded_full_openapi,
+  loadedFullMcpSchemas: completed.loaded_mcp_schemas,
+  includesArgumentsHash: Boolean(events[2].attributes['cli.command.arguments_hash']),
+  includesResultSampleHash: Boolean(events[2].attributes['cli.command.result_sample_hash']),
+  rawTextCopiedToReceipt,
+  receiptPath: 'examples/context-input-evidence/cli-progressive-disclosure-receipt.ndjson',
+  tracePath: 'examples/context-input-evidence/cli-progressive-disclosure-otel-trace.json',
+  lesson: 'CLI progressive disclosure still needs receipts: prove a tiny agent prompt loaded, exactly one command help expanded, one command ran, and private arguments/results stayed out of the trace.'
+};
+console.log(JSON.stringify(summary, null, 2));