rlhf-feedback-loop 0.6.8 → 0.6.10

package/scripts/prove-adapters.js

@@ -2,6 +2,7 @@
 const fs = require('fs');
 const path = require('path');
 const os = require('os');
+const { spawn } = require('child_process');
 const { startServer } = require('../src/api/server');
 const { handleRequest } = require('../adapters/mcp/server-stdio');
 const { validateSubagentProfiles, listSubagentProfiles } = require('./subagent-profiles');
@@ -26,6 +27,114 @@ function escapeRegExp(value) {
   return String(value).replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
 }
 
+function parseLeadingJson(text) {
+  const raw = String(text || '');
+  const marker = '\n\n---';
+  const boundary = raw.indexOf(marker);
+  const jsonSegment = boundary === -1 ? raw : raw.slice(0, boundary);
+  return JSON.parse(jsonSegment.trim());
+}
+
+async function proveMcpStdioTransport({
+  root,
+  transport = 'ndjson',
+  timeoutMs = 5000,
+}) {
+  const serverPath = path.join(root, 'adapters', 'mcp', 'server-stdio.js');
+  const child = spawn(process.execPath, [serverPath], {
+    cwd: root,
+    stdio: ['pipe', 'pipe', 'pipe'],
+    env: process.env,
+  });
+
+  let stdoutBuffer = Buffer.alloc(0);
+  let stderrBuffer = '';
+
+  function parseResponse() {
+    const headerEnd = stdoutBuffer.indexOf('\r\n\r\n');
+    if (headerEnd !== -1) {
+      const header = stdoutBuffer.slice(0, headerEnd).toString('utf8');
+      const match = header.match(/Content-Length:\s*(\d+)/i);
+      if (!match) return null;
+      const length = Number(match[1]);
+      const bodyStart = headerEnd + 4;
+      const bodyEnd = bodyStart + length;
+      if (stdoutBuffer.length < bodyEnd) return null;
+      return stdoutBuffer.slice(bodyStart, bodyEnd).toString('utf8');
+    }
+
+    const newlineIndex = stdoutBuffer.indexOf('\n');
+    if (newlineIndex === -1) return null;
+    const line = stdoutBuffer.slice(0, newlineIndex).toString('utf8').trim();
+    if (!line) return null;
+    return line;
+  }
+
+  return new Promise((resolve, reject) => {
+    let settled = false;
+    const done = (err, value) => {
+      if (settled) return;
+      settled = true;
+      try {
+        child.kill('SIGKILL');
+      } catch (_) {
+        // no-op
+      }
+      if (err) reject(err);
+      else resolve(value);
+    };
+
+    const timer = setTimeout(() => {
+      done(new Error(`stdio ${transport} initialize timeout; stderr=${stderrBuffer}`));
+    }, timeoutMs);
+
+    child.on('error', (err) => {
+      clearTimeout(timer);
+      done(err);
+    });
+
+    child.stderr.on('data', (chunk) => {
+      stderrBuffer += String(chunk || '');
+    });
+
+    child.stdout.on('data', (chunk) => {
+      stdoutBuffer = Buffer.concat([stdoutBuffer, Buffer.from(chunk)]);
+      const body = parseResponse();
+      if (!body) return;
+
+      clearTimeout(timer);
+      try {
+        const parsed = JSON.parse(body);
+        done(null, parsed);
+      } catch (err) {
+        done(err);
+      }
+    });
+
+    const initialize = {
+      jsonrpc: '2.0',
+      id: 777,
+      method: 'initialize',
+      params: {
+        protocolVersion: '2025-06-18',
+        capabilities: {},
+        clientInfo: {
+          name: 'prove-adapters',
+          version: '1.0.0',
+        },
+      },
+    };
+
+    if (transport === 'framed') {
+      const body = JSON.stringify(initialize);
+      child.stdin.write(`Content-Length: ${Buffer.byteLength(body, 'utf8')}\r\n\r\n${body}`);
+      return;
+    }
+
+    child.stdin.write(`${JSON.stringify(initialize)}\n`);
+  });
+}
+
 async function runProof(options = {}) {
   const proofDir = options.proofDir || process.env.RLHF_PROOF_DIR || DEFAULT_PROOF_DIR;
   const writeArtifacts = options.writeArtifacts !== false;
@@ -36,6 +145,9 @@ async function runProof(options = {}) {
   }
 
   const tmpFeedbackDir = fs.mkdtempSync(path.join(os.tmpdir(), 'rlhf-proof-'));
+  const previousFeedbackDir = process.env.RLHF_FEEDBACK_DIR;
+  const previousApiKey = process.env.RLHF_API_KEY;
+  const previousMcpProfile = process.env.RLHF_MCP_PROFILE;
   process.env.RLHF_FEEDBACK_DIR = tmpFeedbackDir;
   process.env.RLHF_API_KEY = 'proof-key';
   process.env.RLHF_MCP_PROFILE = 'default';
@@ -188,6 +300,20 @@ async function runProof(options = {}) {
       addResult('mcp.initialize', true, { server: init.serverInfo.name });
     }
 
+    {
+      const framedResponse = await proveMcpStdioTransport({ root: ROOT, transport: 'framed' });
+      check(framedResponse.id === 777, 'stdio framed initialize returned wrong id');
+      check(Boolean(framedResponse.result && framedResponse.result.serverInfo), 'stdio framed initialize missing serverInfo');
+      addResult('mcp.stdio.framed.initialize', true, { server: framedResponse.result.serverInfo.name });
+    }
+
+    {
+      const ndjsonResponse = await proveMcpStdioTransport({ root: ROOT, transport: 'ndjson' });
+      check(ndjsonResponse.id === 777, 'stdio ndjson initialize returned wrong id');
+      check(Boolean(ndjsonResponse.result && ndjsonResponse.result.serverInfo), 'stdio ndjson initialize missing serverInfo');
+      addResult('mcp.stdio.ndjson.initialize', true, { server: ndjsonResponse.result.serverInfo.name });
+    }
+
     {
       const list = await handleRequest({ jsonrpc: '2.0', id: 2, method: 'tools/list', params: {} });
       check(Array.isArray(list.tools) && list.tools.length > 0, 'mcp tools/list empty');
@@ -245,7 +371,7 @@ async function runProof(options = {}) {
           },
         },
       });
-      const payload = JSON.parse(call.content[0].text);
+      const payload = parseLeadingJson(call.content[0].text);
       check(payload.accepted === false, 'mcp capture_feedback should apply rubric gating');
       addResult('mcp.tools.call.capture_feedback.rubric_gate', true, { accepted: payload.accepted });
     }
@@ -323,10 +449,14 @@ async function runProof(options = {}) {
   } catch (err) {
     addResult('fatal', false, { error: err.message });
   } finally {
-    if (server) await new Promise((resolve) => server.close(resolve));
-    try {
-      fs.rmSync(tmpFeedbackDir, { recursive: true, force: true });
-    } catch (e) {}
+    await new Promise((resolve) => server.close(resolve));
+    fs.rmSync(tmpFeedbackDir, { recursive: true, force: true });
+    if (previousFeedbackDir === undefined) delete process.env.RLHF_FEEDBACK_DIR;
+    else process.env.RLHF_FEEDBACK_DIR = previousFeedbackDir;
+    if (previousApiKey === undefined) delete process.env.RLHF_API_KEY;
+    else process.env.RLHF_API_KEY = previousApiKey;
+    if (previousMcpProfile === undefined) delete process.env.RLHF_MCP_PROFILE;
+    else process.env.RLHF_MCP_PROFILE = previousMcpProfile;
   }
 
   if (writeArtifacts) {

package/scripts/prove-subway-upgrades.js

@@ -22,7 +22,34 @@ const PROOF_DIR = path.join(__dirname, '..', 'proof', 'subway-upgrades');
 const REPORT_JSON = path.join(PROOF_DIR, 'subway-upgrades-report.json');
 const REPORT_MD = path.join(PROOF_DIR, 'subway-upgrades-report.md');
 
-const SUBWAY_ROOT = path.join(__dirname, '..', '..', '..', 'Subway_RN_Demo');
+const REQUIRED_SUBWAY_ARTIFACTS = [
+  ['.claude', 'scripts', 'feedback', 'vector-store.js'],
+  ['.claude', 'scripts', 'feedback', 'dpo-optimizer.js'],
+  ['.claude', 'scripts', 'feedback', 'thompson-sampling.js'],
+  ['.github', 'workflows', 'self-healing-monitor.yml'],
+  ['.github', 'workflows', 'self-healing-auto-fix.yml'],
+];
+
+function hasRequiredSubwayArtifacts(root) {
+  if (!root || !fs.existsSync(root)) return false;
+  return REQUIRED_SUBWAY_ARTIFACTS.every((segments) => fs.existsSync(path.join(root, ...segments)));
+}
+
+function resolveSubwayRoot() {
+  const envRoot = process.env.SUBWAY_ROOT;
+  if (envRoot) return envRoot;
+
+  const candidates = [
+    path.join(__dirname, '..', '..', '..', 'Subway_RN_Demo'),
+    path.join(__dirname, '..', '..', '..', '..', 'Subway_RN_Demo'),
+    path.join(__dirname, '..', '..', 'Subway_RN_Demo'),
+  ];
+  const ready = candidates.find((candidate) => hasRequiredSubwayArtifacts(candidate));
+  if (ready) return ready;
+  return candidates[0];
+}
+
+const SUBWAY_ROOT = resolveSubwayRoot();
 
 function run() {
   const results = { passed: 0, failed: 0, requirements: {} };

package/src/api/server.js

@@ -39,7 +39,7 @@ const {
   verifyWebhookSignature,
   verifyGithubWebhookSignature,
   handleGithubWebhook,
-  loadKeyStore,
+  getFunnelAnalytics,
 } = require('../../scripts/billing');
 
 function getSafeDataDir() {
@@ -150,6 +150,15 @@ function extractBearerToken(req) {
   return auth.startsWith('Bearer ') ? auth.slice(7) : '';
 }
 
+/**
+ * Admin-only guard for static RLHF_API_KEY.
+ * Billing keys are intentionally excluded from admin actions.
+ */
+function isStaticAdminAuthorized(req, expected) {
+  if (!expected) return true;
+  return extractBearerToken(req) === expected;
+}
+
 function extractTags(input) {
   if (Array.isArray(input)) return input;
   if (typeof input === 'string') {
@@ -230,6 +239,16 @@ function createApiServer() {
       return;
     }
 
+    if (req.method === 'GET' && pathname === '/healthz') {
+      const { FEEDBACK_LOG_PATH, MEMORY_LOG_PATH } = getFeedbackPaths();
+      sendJson(res, 200, {
+        status: 'ok',
+        feedbackLogPath: FEEDBACK_LOG_PATH,
+        memoryLogPath: MEMORY_LOG_PATH,
+      });
+      return;
+    }
+
     // Stripe webhook is unauthenticated — uses HMAC signature verification instead
     if (req.method === 'POST' && pathname === '/v1/billing/webhook') {
       try {
@@ -302,6 +321,28 @@ function createApiServer() {
       return;
     }
 
+    // Public checkout session creation for top-of-funnel acquisition.
+    if (req.method === 'POST' && pathname === '/v1/billing/checkout') {
+      try {
+        const body = await parseJsonBody(req);
+        const result = await createCheckoutSession({
+          successUrl: body.successUrl,
+          cancelUrl: body.cancelUrl,
+          customerEmail: body.customerEmail,
+          installId: body.installId,
+          metadata: body.metadata,
+        });
+        sendJson(res, 200, result);
+      } catch (err) {
+        if (err.statusCode) {
+          sendJson(res, err.statusCode, { error: err.message });
+        } else {
+          sendJson(res, 500, { error: err.message || 'Internal Server Error' });
+        }
+      }
+      return;
+    }
+
     if (!isAuthorized(req, expectedApiKey)) {
       sendJson(res, 401, { error: 'Unauthorized' });
       return;
@@ -314,16 +355,6 @@ function createApiServer() {
     }
 
     try {
-      if (req.method === 'GET' && pathname === '/healthz') {
-        const { FEEDBACK_LOG_PATH, MEMORY_LOG_PATH } = getFeedbackPaths();
-        sendJson(res, 200, {
-          status: 'ok',
-          feedbackLogPath: FEEDBACK_LOG_PATH,
-          memoryLogPath: MEMORY_LOG_PATH,
-        });
-        return;
-      }
-
       if (req.method === 'GET' && pathname === '/v1/feedback/stats') {
         sendJson(res, 200, analyzeFeedback());
         return;
@@ -487,18 +518,6 @@ function createApiServer() {
       // Billing routes
       // ----------------------------------------------------------------
 
-      // POST /v1/billing/checkout — create Stripe Checkout session
-      if (req.method === 'POST' && pathname === '/v1/billing/checkout') {
-        const body = await parseJsonBody(req);
-        const result = await createCheckoutSession({
-          successUrl: body.successUrl,
-          cancelUrl: body.cancelUrl,
-          customerEmail: body.customerEmail,
-        });
-        sendJson(res, 200, result);
-        return;
-      }
-
       // GET /v1/billing/usage — usage for the authenticated key
       if (req.method === 'GET' && pathname === '/v1/billing/usage') {
         const token = extractBearerToken(req);
@@ -517,15 +536,30 @@ function createApiServer() {
 
       // POST /v1/billing/provision — manually provision key (admin)
       if (req.method === 'POST' && pathname === '/v1/billing/provision') {
+        if (!isStaticAdminAuthorized(req, expectedApiKey)) {
+          sendJson(res, 403, { error: 'Forbidden: admin key required' });
+          return;
+        }
+
         const body = await parseJsonBody(req);
         if (!body.customerId) {
           throw createHttpError(400, 'customerId is required');
         }
-        const result = provisionApiKey(body.customerId);
+        const result = provisionApiKey(body.customerId, {
+          installId: body.installId,
+          source: 'admin_provision',
+        });
         sendJson(res, 200, result);
         return;
       }
 
+      // GET /v1/analytics/funnel — aggregate acquisition/activation/paid funnel metrics
+      if (req.method === 'GET' && pathname === '/v1/analytics/funnel') {
+        const summary = getFunnelAnalytics();
+        sendJson(res, 200, summary);
+        return;
+      }
+
       sendJson(res, 404, { error: 'Not Found' });
     } catch (err) {
       if (err.statusCode) {