prism-mcp-server 7.2.0 → 7.3.3

package/dist/darkfactory/safetyController.js

@@ -0,0 +1,197 @@
+import { VALID_ACTION_TYPES } from './schema.js';
+import { PRISM_DARK_FACTORY_MAX_RUNTIME_MS } from '../config.js';
+import { debugLog } from '../utils/logger.js';
+import path from 'path';
+/**
+ * Controller strictly enforcing safety and invariant checks across Factory Pipelines.
+ *
+ * Responsibilities:
+ *   1. Iteration limit enforcement (prevents runaway LLM loops)
+ *   2. Path scope validation (prevents filesystem escapes)
+ *   3. Heartbeat lapse detection (finds zombie pipelines)
+ *   4. State machine transition validation (prevents illegal status jumps)
+ *   5. System prompt boundary generation (scope injection into LLM calls)
+ *   6. Total wall-clock runtime enforcement
+ */
+export class SafetyController {
+    /**
+     * Defines how long a pipeline can go without a heartbeat before being considered "zombie".
+     * Handled by the Dark Factory Runner watchdog.
+     */
+    static HEARTBEAT_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes
+    /**
+     * Legal state transitions for the pipeline state machine.
+     * Any transition not listed here is rejected by validateTransition().
+     */
+    static LEGAL_TRANSITIONS = {
+        'PENDING': ['RUNNING', 'ABORTED'], // Queued → Runner promotes or user aborts
+        'RUNNING': ['PAUSED', 'ABORTED', 'COMPLETED', 'FAILED'],
+        'PAUSED': ['RUNNING', 'ABORTED'],
+        'ABORTED': [], // Terminal — no exits
+        'COMPLETED': [], // Terminal — no exits
+        'FAILED': ['RUNNING'], // Allow retry from failed state
+    };
+    /**
+     * Legal step transitions for the pipeline execution state machine.
+     * FINALIZE is entered from VERIFY when iteration == maxIterations or success.
+     */
+    static STEP_ORDER = [
+        'INIT', 'PLAN', 'EXECUTE', 'VERIFY', 'FINALIZE'
+    ];
+    /**
+     * Prevents runaway LLM invocation loops by enforcing the max iteration envelope.
+     */
+    static validateIterationLimit(iteration, spec) {
+        return iteration <= spec.maxIterations;
+    }
+    /**
+     * Ensure a target path operates only within the explicitly restricted spec zone.
+     * If workingDirectory is missing, the global app root is assumed.
+     */
+    static isPathWithinScope(targetPath, spec) {
+        if (!spec.workingDirectory)
+            return true;
+        // Resolve symlinks and protect against ../ escapes.
+        const resolvedTarget = path.resolve(targetPath);
+        const resolvedWorkspace = path.resolve(spec.workingDirectory);
+        // Path Traversal Guard: A naive startsWith() check is vulnerable to
+        // prefix collisions — e.g. /app/workspace-hacked passes startsWith('/app/workspace').
+        // We require EITHER exact match OR the target starts with workspace + path separator.
+        if (resolvedTarget !== resolvedWorkspace && !resolvedTarget.startsWith(resolvedWorkspace + path.sep)) {
+            debugLog(`[Safety] Rejecting out-of-scope path resolution: ${targetPath}`);
+            return false;
+        }
+        return true;
+    }
+    /**
+     * Batch-validate an array of ActionPayload objects against the pipeline spec.
+     *
+     * Checks:
+     *   1. Each action has a valid ActionType
+     *   2. Each action's targetPath is non-empty
+     *   3. Each action's targetPath resolves within workingDirectory (via isPathWithinScope)
+     *
+     * Returns the first violation message (string) if any action fails,
+     * or null if all actions are valid and in-scope.
+     *
+     * Used by runner.ts after parsing EXECUTE step output — any non-null return
+     * terminates the pipeline immediately (fail closed).
+     */
+    static validateActionsInScope(actions, spec) {
+        if (!Array.isArray(actions) || actions.length === 0) {
+            return 'Actions array is empty or not an array';
+        }
+        for (let i = 0; i < actions.length; i++) {
+            const action = actions[i];
+            // Validate action type is in the restricted set
+            if (!action.type || !VALID_ACTION_TYPES.includes(action.type)) {
+                return `Action[${i}]: invalid type "${action.type}" (allowed: ${VALID_ACTION_TYPES.join(', ')})`;
+            }
+            // Validate targetPath is non-empty
+            if (!action.targetPath || typeof action.targetPath !== 'string' || action.targetPath.trim() === '') {
+                return `Action[${i}]: targetPath is empty or missing`;
+            }
+            // Resolve targetPath relative to workingDirectory for scope check
+            const resolvedTarget = spec.workingDirectory
+                ? path.resolve(spec.workingDirectory, action.targetPath)
+                : path.resolve(action.targetPath);
+            if (!SafetyController.isPathWithinScope(resolvedTarget, spec)) {
+                return `Action[${i}]: path "${action.targetPath}" resolves outside permitted scope`;
+            }
+        }
+        return null; // All actions valid and in-scope
+    }
+    /**
+     * Determine whether a pipeline has timed out based on its recorded heartbeat.
+     */
+    static isHeartbeatLapsed(state, timeoutOverrideMs) {
+        if (!state.last_heartbeat) {
+            // Pipeline never heartbeat. Use started_at as fallback
+            const diff = Date.now() - new Date(state.started_at).getTime();
+            return diff > (timeoutOverrideMs || SafetyController.HEARTBEAT_TIMEOUT_MS);
+        }
+        const diff = Date.now() - new Date(state.last_heartbeat).getTime();
+        return diff > (timeoutOverrideMs || SafetyController.HEARTBEAT_TIMEOUT_MS);
+    }
+    /**
+     * Validate that a status transition is legal under the state machine.
+     * Prevents impossible jumps (e.g., COMPLETED → RUNNING) that would
+     * corrupt pipeline audit trails.
+     */
+    static validateTransition(from, to) {
+        const legal = SafetyController.LEGAL_TRANSITIONS[from];
+        if (!legal)
+            return false;
+        return legal.includes(to);
+    }
+    /**
+     * Return the list of legal target statuses for a given source status.
+     * Used to build descriptive error messages in storage backends.
+     */
+    static getLegalTransitions(from) {
+        return SafetyController.LEGAL_TRANSITIONS[from] ?? [];
+    }
+    /**
+     * Check whether the pipeline has exceeded its total wall-clock runtime.
+     * Uses the configurable PRISM_DARK_FACTORY_MAX_RUNTIME_MS (default: 15 min).
+     */
+    static isRuntimeExceeded(state) {
+        const elapsed = Date.now() - new Date(state.started_at).getTime();
+        return elapsed > PRISM_DARK_FACTORY_MAX_RUNTIME_MS;
+    }
+    /**
+     * Generate a scoped system prompt that enforces operational boundaries
+     * for all LLM calls within the pipeline. This is the "boundary injection"
+     * that prevents the model from operating outside its mandate.
+     *
+     * Used by clawInvocation.ts instead of inline prompt construction.
+     */
+    static generateBoundaryPrompt(spec, state) {
+        const lines = [
+            `You are Prism Dark Factory, operating in the background as an autonomous code agent.`,
+            `You are strictly limited to code actions within the defined scope.`,
+            ``,
+            `── Operational Boundaries ──`,
+            `Pipeline ID: ${state.id}`,
+            `Project: ${state.project}`,
+            `Current Step: ${state.current_step}`,
+            `Iteration: ${state.iteration} / ${spec.maxIterations}`,
+            `Restricted Workspace: ${spec.workingDirectory || '(unrestricted)'}`,
+        ];
+        if (spec.contextFiles && spec.contextFiles.length > 0) {
+            lines.push(`Context Files: ${spec.contextFiles.join(', ')}`);
+        }
+        lines.push(``, `── Objective ──`, spec.objective, ``, `── Safety Rules ──`, `1. Do NOT modify files outside the Restricted Workspace.`, `2. Do NOT make network requests unless the objective explicitly requires it.`, `3. Do NOT execute destructive operations (rm -rf, DROP TABLE, etc.).`, `4. Respond ONLY with actions relevant to the current step.`, `5. If you cannot complete the step, explain why and stop.`);
+        return lines.join('\n');
+    }
+    /**
+     * Determine the next step in the pipeline execution sequence.
+     * Returns null if the pipeline should terminate (FINALIZE reached or iteration exceeded).
+     */
+    static getNextStep(currentStep, iteration, spec, verifyPassed) {
+        switch (currentStep) {
+            case 'INIT':
+                return { step: 'PLAN', iteration };
+            case 'PLAN':
+                return { step: 'EXECUTE', iteration };
+            case 'EXECUTE':
+                return { step: 'VERIFY', iteration };
+            case 'VERIFY':
+                if (verifyPassed) {
+                    return { step: 'FINALIZE', iteration };
+                }
+                // Verification failed — loop back to PLAN with incremented iteration
+                const nextIteration = iteration + 1;
+                if (!SafetyController.validateIterationLimit(nextIteration, spec)) {
+                    // Exceeded max iterations — force finalize with failure
+                    return null;
+                }
+                return { step: 'PLAN', iteration: nextIteration };
+            case 'FINALIZE':
+                return null; // Terminal step
+            default:
+                debugLog(`[Safety] Unknown step "${currentStep}" — forcing termination`);
+                return null;
+        }
+    }
+}

package/dist/darkfactory/schema.js

@@ -0,0 +1,4 @@
+/** All valid action type strings for runtime validation */
+export const VALID_ACTION_TYPES = [
+    'READ_FILE', 'WRITE_FILE', 'PATCH_FILE', 'RUN_TEST'
+];

package/dist/dashboard/server.js

@@ -782,6 +782,109 @@ return false;}
                     return res.end(JSON.stringify({ error: err.message || "Failed to search memory" }));
                 }
             }
+            // ─── API: Dark Factory Pipelines (v7.3) ───────────────────
+            // GET /api/pipelines — List pipelines (optional ?status=RUNNING&project=myproj)
+            if (url.pathname === "/api/pipelines" && req.method === "GET") {
+                try {
+                    const s = await getStorageSafe();
+                    if (!s) {
+                        res.writeHead(503, { "Content-Type": "application/json" });
+                        return res.end(JSON.stringify({ error: "Storage initializing..." }));
+                    }
+                    // Validate status filter against canonical set
+                    var rawStatus = url.searchParams.get("status") || undefined;
+                    var VALID_STATUSES = ['PENDING', 'RUNNING', 'PAUSED', 'ABORTED', 'COMPLETED', 'FAILED'];
+                    if (rawStatus && VALID_STATUSES.indexOf(rawStatus) === -1) {
+                        res.writeHead(400, { "Content-Type": "application/json" });
+                        return res.end(JSON.stringify({ error: 'Invalid status filter: "' + rawStatus + '". Valid: ' + VALID_STATUSES.join(', ') }));
+                    }
+                    var statusFilter = rawStatus;
+                    const projectFilter = url.searchParams.get("project") || undefined;
+                    const pipelines = await s.listPipelines(projectFilter, statusFilter, PRISM_USER_ID);
+                    // Parse spec JSON for frontend consumption
+                    const enriched = pipelines.map((p) => {
+                        let parsedSpec = null;
+                        try {
+                            parsedSpec = JSON.parse(p.spec);
+                        }
+                        catch { /* corrupt spec */ }
+                        return { ...p, parsedSpec };
+                    });
+                    res.writeHead(200, { "Content-Type": "application/json" });
+                    return res.end(JSON.stringify({ pipelines: enriched }));
+                }
+                catch (err) {
+                    console.error("[Dashboard] Pipeline list error:", err);
+                    res.writeHead(500, { "Content-Type": "application/json" });
+                    return res.end(JSON.stringify({ error: "Failed to list pipelines" }));
+                }
+            }
+            // GET /api/pipelines/:id — Single pipeline detail
+            if (url.pathname.startsWith("/api/pipelines/") && !url.pathname.includes("/abort") && req.method === "GET") {
+                try {
+                    const pipelineId = url.pathname.replace("/api/pipelines/", "");
+                    if (!pipelineId) {
+                        res.writeHead(400, { "Content-Type": "application/json" });
+                        return res.end(JSON.stringify({ error: "Missing pipeline ID" }));
+                    }
+                    const s = await getStorageSafe();
+                    if (!s) {
+                        res.writeHead(503, { "Content-Type": "application/json" });
+                        return res.end(JSON.stringify({ error: "Storage initializing..." }));
+                    }
+                    const pipeline = await s.getPipeline(pipelineId, PRISM_USER_ID);
+                    if (!pipeline) {
+                        res.writeHead(404, { "Content-Type": "application/json" });
+                        return res.end(JSON.stringify({ error: "Pipeline not found" }));
+                    }
+                    let parsedSpec = null;
+                    try {
+                        parsedSpec = JSON.parse(pipeline.spec);
+                    }
+                    catch { /* corrupt spec */ }
+                    res.writeHead(200, { "Content-Type": "application/json" });
+                    return res.end(JSON.stringify({ ...pipeline, parsedSpec }));
+                }
+                catch (err) {
+                    console.error("[Dashboard] Pipeline detail error:", err);
+                    res.writeHead(500, { "Content-Type": "application/json" });
+                    return res.end(JSON.stringify({ error: "Failed to get pipeline" }));
+                }
+            }
+            // POST /api/pipelines/:id/abort — Dashboard kill switch
+            if (url.pathname.match(/^\/api\/pipelines\/[^/]+\/abort$/) && req.method === "POST") {
+                try {
+                    const pipelineId = url.pathname.replace("/api/pipelines/", "").replace("/abort", "");
+                    const s = await getStorageSafe();
+                    if (!s) {
+                        res.writeHead(503, { "Content-Type": "application/json" });
+                        return res.end(JSON.stringify({ error: "Storage initializing..." }));
+                    }
+                    const pipeline = await s.getPipeline(pipelineId, PRISM_USER_ID);
+                    if (!pipeline) {
+                        res.writeHead(404, { "Content-Type": "application/json" });
+                        return res.end(JSON.stringify({ error: "Pipeline not found" }));
+                    }
+                    // Already terminated?
+                    if (["COMPLETED", "FAILED", "ABORTED"].includes(pipeline.status)) {
+                        res.writeHead(200, { "Content-Type": "application/json" });
+                        return res.end(JSON.stringify({ ok: true, status: pipeline.status, message: `Pipeline already in terminal state: ${pipeline.status}` }));
+                    }
+                    await s.savePipeline({
+                        ...pipeline,
+                        status: "ABORTED",
+                        error: "Manually aborted via dashboard kill switch.",
+                    });
+                    console.error(`[Dashboard] Pipeline ${pipelineId} aborted via dashboard.`);
+                    res.writeHead(200, { "Content-Type": "application/json" });
+                    return res.end(JSON.stringify({ ok: true, status: "ABORTED", message: "Pipeline aborted. Runner will stop on next tick." }));
+                }
+                catch (err) {
+                    console.error("[Dashboard] Pipeline abort error:", err);
+                    res.writeHead(500, { "Content-Type": "application/json" });
+                    return res.end(JSON.stringify({ error: "Failed to abort pipeline" }));
+                }
+            }
             if (url.pathname === "/manifest.json" && req.method === "GET") {
                 const manifest = {
                     name: "Prism Mind Palace",