scene-capability-engine 3.6.64 → 3.6.67

package/lib/governance/supreme-principles.js

@@ -0,0 +1,530 @@
+'use strict';
+
+const path = require('path');
+const fs = require('fs-extra');
+const { getSceStateStore } = require('../state/sce-state-store');
+
+const DEFAULT_SUPREME_PRINCIPLES_POLICY_PATH = '.sce/config/supreme-principles-policy.json';
+const DEFAULT_SUPREME_INTENT_EVIDENCE_PATH = path.join('custom', 'supreme-intent-assessment.json');
+const SUPREME_INTENT_EVIDENCE_API_VERSION = 'sce.supreme-intent-assessment/v0.1';
+
+const DEFAULT_SUPREME_PRINCIPLES_POLICY = Object.freeze({
+  schema_version: '1.0',
+  enabled: true,
+  allow_planning_actions: ['allow', 'clarify', 'rewrite', 'narrow'],
+  allow_execution_actions: ['allow', 'rewrite', 'narrow'],
+  clarify_question: '请先明确你真正要达成的业务目标、作用对象和约束边界。',
+  refuse_message: '该请求不符合 SCE 的最高道德规范，不能直接执行。',
+  rewrite_message: '原始请求存在失范或越界风险，已收敛为可正当执行的目标。',
+  narrow_message: '原始请求风险过高，已收缩为审查、备份、验证优先的安全目标。',
+  refuse_rules: [
+    {
+      id: 'credential-theft',
+      keywords: ['steal password', 'dump token', 'exfiltrate', 'keylogger', 'phish', '窃取密码', '盗取令牌', '导出凭证'],
+      reason: '请求明显指向凭证盗取、数据外流或钓鱼等恶意行为。'
+    },
+    {
+      id: 'malware-abuse',
+      keywords: ['malware', 'ransomware', 'backdoor', 'payload', '木马', '勒索软件', '后门'],
+      reason: '请求明显指向恶意控制、破坏或持久化投毒。'
+    },
+    {
+      id: 'audit-evasion',
+      keywords: ['delete logs to hide', 'evade audit', 'disable audit trail', '清除日志掩盖', '绕过审计', '删除审计日志'],
+      reason: '请求明显指向规避责任、破坏审计或掩盖痕迹。'
+    }
+  ],
+  rewrite_rules: [
+    {
+      id: 'auth-bypass-to-safe-test-fixture',
+      keywords: ['disable auth', 'bypass auth', 'skip login', 'skip approval', '关闭认证', '绕过认证', '跳过登录', '跳过审批'],
+      replacement: 'Design a dev/test-only mechanism with explicit scope guard, audit trail, rollback plan, and no production bypass of authentication or approval controls.',
+      reason: '将越界的“绕过保护”目标改写为受边界约束的测试/诊断机制。'
+    },
+    {
+      id: 'remove-audit-to-safe-observability',
+      keywords: ['remove audit', 'turn off audit', 'delete logs', '关闭审计', '删除日志', '去掉审计'],
+      replacement: 'Design a safe observability adjustment that preserves required auditability, keeps retention boundaries, and reduces noise without deleting accountability evidence.',
+      reason: '将“去掉审计/日志”改写为保留责任边界的可观测性优化目标。'
+    }
+  ],
+  narrow_rules: [
+    {
+      id: 'destructive-production-change',
+      keywords: ['drop database', 'delete production data', 'truncate table', '删除生产数据', '清空数据表', '删库'],
+      replacement: 'Review the destructive change request, produce backup and rollback steps, verify scope, and require explicit confirmation before any irreversible data operation.',
+      reason: '高风险破坏性操作必须先收缩为审查、备份和回滚准备。'
+    }
+  ]
+});
+
+function normalizeString(value) {
+  if (typeof value !== 'string') {
+    return '';
+  }
+  return value.trim();
+}
+
+function normalizeTextForMatch(value) {
+  return normalizeString(value).toLowerCase();
+}
+
+function normalizeStringList(value = []) {
+  if (!Array.isArray(value)) {
+    return [];
+  }
+  return value
+    .map((item) => normalizeString(`${item}`))
+    .filter(Boolean);
+}
+
+function normalizeRule(item = {}) {
+  return {
+    id: normalizeString(item.id) || 'rule',
+    keywords: normalizeStringList(item.keywords).map((entry) => entry.toLowerCase()),
+    replacement: normalizeString(item.replacement),
+    reason: normalizeString(item.reason)
+  };
+}
+
+function normalizePolicy(raw = {}) {
+  const input = raw && typeof raw === 'object' ? raw : {};
+  return {
+    schema_version: normalizeString(input.schema_version) || DEFAULT_SUPREME_PRINCIPLES_POLICY.schema_version,
+    enabled: input.enabled !== false,
+    allow_planning_actions: (() => {
+      const values = normalizeStringList(input.allow_planning_actions);
+      return values.length > 0 ? values : [...DEFAULT_SUPREME_PRINCIPLES_POLICY.allow_planning_actions];
+    })(),
+    allow_execution_actions: (() => {
+      const values = normalizeStringList(input.allow_execution_actions);
+      return values.length > 0 ? values : [...DEFAULT_SUPREME_PRINCIPLES_POLICY.allow_execution_actions];
+    })(),
+    clarify_question: normalizeString(input.clarify_question) || DEFAULT_SUPREME_PRINCIPLES_POLICY.clarify_question,
+    refuse_message: normalizeString(input.refuse_message) || DEFAULT_SUPREME_PRINCIPLES_POLICY.refuse_message,
+    rewrite_message: normalizeString(input.rewrite_message) || DEFAULT_SUPREME_PRINCIPLES_POLICY.rewrite_message,
+    narrow_message: normalizeString(input.narrow_message) || DEFAULT_SUPREME_PRINCIPLES_POLICY.narrow_message,
+    refuse_rules: (() => {
+      const values = Array.isArray(input.refuse_rules) ? input.refuse_rules.map(normalizeRule).filter((item) => item.keywords.length > 0) : [];
+      return values.length > 0 ? values : DEFAULT_SUPREME_PRINCIPLES_POLICY.refuse_rules.map(normalizeRule);
+    })(),
+    rewrite_rules: (() => {
+      const values = Array.isArray(input.rewrite_rules) ? input.rewrite_rules.map(normalizeRule).filter((item) => item.keywords.length > 0) : [];
+      return values.length > 0 ? values : DEFAULT_SUPREME_PRINCIPLES_POLICY.rewrite_rules.map(normalizeRule);
+    })(),
+    narrow_rules: (() => {
+      const values = Array.isArray(input.narrow_rules) ? input.narrow_rules.map(normalizeRule).filter((item) => item.keywords.length > 0) : [];
+      return values.length > 0 ? values : DEFAULT_SUPREME_PRINCIPLES_POLICY.narrow_rules.map(normalizeRule);
+    })()
+  };
+}
+
+async function loadSupremePrinciplesPolicy(projectPath = process.cwd(), fileSystem = fs) {
+  const policyPath = path.join(projectPath, DEFAULT_SUPREME_PRINCIPLES_POLICY_PATH);
+  let payload = {};
+  let loadedFrom = 'default';
+  if (await fileSystem.pathExists(policyPath)) {
+    try {
+      payload = await fileSystem.readJson(policyPath);
+      loadedFrom = 'file';
+    } catch (_error) {
+      payload = {};
+      loadedFrom = 'default';
+    }
+  }
+  return {
+    policy_path: DEFAULT_SUPREME_PRINCIPLES_POLICY_PATH,
+    policy_loaded_from: loadedFrom,
+    policy: normalizePolicy(payload)
+  };
+}
+
+function findRuleMatches(text, rules = []) {
+  const normalized = normalizeTextForMatch(text);
+  if (!normalized) {
+    return [];
+  }
+  const matches = [];
+  for (const rule of rules) {
+    const matchedKeywords = rule.keywords.filter((keyword) => normalized.includes(keyword));
+    if (matchedKeywords.length === 0) {
+      continue;
+    }
+    matches.push({
+      id: rule.id,
+      matched_keywords: matchedKeywords,
+      replacement: rule.replacement,
+      reason: rule.reason
+    });
+  }
+  return matches;
+}
+
+function buildClarificationQuestions(text = '', policy = DEFAULT_SUPREME_PRINCIPLES_POLICY) {
+  const normalized = normalizeString(text);
+  if (!normalized) {
+    return [
+      policy.clarify_question,
+      '这件事最终希望影响哪个业务对象、模块或数据范围？',
+      '有哪些不能破坏的约束、权限边界或审计要求？'
+    ];
+  }
+  return [
+    '你真正要达成的业务结果是什么？',
+    '这次动作影响哪个对象、模块、页面、接口或数据范围？',
+    '有哪些明确不能被破坏的边界、权限、审计或发布约束？'
+  ];
+}
+
+function evaluateSupremeIntent(input = {}, policy = DEFAULT_SUPREME_PRINCIPLES_POLICY) {
+  const originalText = normalizeString(input.text || input.goal || input.prompt);
+  const normalized = normalizeTextForMatch(originalText);
+  const clarifyQuestions = buildClarificationQuestions(originalText, policy);
+  const worldView = {
+    principle: '无善无恶心之始',
+    assessment: originalText
+      ? '已识别到可分析的目标文本，但仍需基于事实和边界理解其真实意图。'
+      : '目标文本为空，尚未形成可判断的真实意图。'
+  };
+
+  if (!policy.enabled) {
+    return {
+      policy_enabled: false,
+      action: 'allow',
+      planning_allowed: true,
+      execution_allowed: true,
+      original_text: originalText,
+      effective_text: originalText,
+      message: 'Supreme principles policy is disabled.',
+      worldview: worldView,
+      lifeview: { principle: '有善有恶意之动', assessment: '策略关闭，未执行意图善恶辨析。' },
+      values: { principle: '知善知恶是良知', assessment: '策略关闭，未执行价值判断。' },
+      methodology: { principle: '为善去恶是格物', assessment: '策略关闭，未执行目标收敛或拒绝。' },
+      matched_rules: {
+        refuse: [],
+        rewrite: [],
+        narrow: []
+      },
+      clarification_questions: clarifyQuestions
+    };
+  }
+
+  const refuseMatches = findRuleMatches(normalized, policy.refuse_rules);
+  if (refuseMatches.length > 0) {
+    return {
+      policy_enabled: true,
+      action: 'refuse',
+      planning_allowed: false,
+      execution_allowed: false,
+      original_text: originalText,
+      effective_text: null,
+      message: policy.refuse_message,
+      worldview: worldView,
+      lifeview: {
+        principle: '有善有恶意之动',
+        assessment: '该意图已经明确指向伤害、规避责任或越界获利。'
+      },
+      values: {
+        principle: '知善知恶是良知',
+        assessment: refuseMatches.map((item) => item.reason).filter(Boolean).join('；') || '该请求不符合正当目标。'
+      },
+      methodology: {
+        principle: '为善去恶是格物',
+        assessment: '直接拒绝执行，不调用小九条推进。'
+      },
+      matched_rules: {
+        refuse: refuseMatches,
+        rewrite: [],
+        narrow: []
+      },
+      clarification_questions: clarifyQuestions
+    };
+  }
+
+  const rewriteMatches = findRuleMatches(normalized, policy.rewrite_rules);
+  if (rewriteMatches.length > 0) {
+    const replacement = rewriteMatches[0].replacement || originalText;
+    return {
+      policy_enabled: true,
+      action: 'rewrite',
+      planning_allowed: true,
+      execution_allowed: true,
+      original_text: originalText,
+      effective_text: replacement,
+      message: policy.rewrite_message,
+      worldview: worldView,
+      lifeview: {
+        principle: '有善有恶意之动',
+        assessment: '原始意图存在越界倾向，但可改写为守边界、可审计的正当目标。'
+      },
+      values: {
+        principle: '知善知恶是良知',
+        assessment: rewriteMatches.map((item) => item.reason).filter(Boolean).join('；') || '已将偏斜目标改写为正当目标。'
+      },
+      methodology: {
+        principle: '为善去恶是格物',
+        assessment: '先改写目标，再允许进入小九条执行。'
+      },
+      matched_rules: {
+        refuse: [],
+        rewrite: rewriteMatches,
+        narrow: []
+      },
+      clarification_questions: clarifyQuestions
+    };
+  }
+
+  const narrowMatches = findRuleMatches(normalized, policy.narrow_rules);
+  if (narrowMatches.length > 0) {
+    const replacement = narrowMatches[0].replacement || originalText;
+    return {
+      policy_enabled: true,
+      action: 'narrow',
+      planning_allowed: true,
+      execution_allowed: true,
+      original_text: originalText,
+      effective_text: replacement,
+      message: policy.narrow_message,
+      worldview: worldView,
+      lifeview: {
+        principle: '有善有恶意之动',
+        assessment: '原始意图风险过高，必须先压缩为审查、验证、备份和回滚优先的动作。'
+      },
+      values: {
+        principle: '知善知恶是良知',
+        assessment: narrowMatches.map((item) => item.reason).filter(Boolean).join('；') || '已将高风险动作收缩为安全目标。'
+      },
+      methodology: {
+        principle: '为善去恶是格物',
+        assessment: '先收缩目标，再允许进入小九条执行。'
+      },
+      matched_rules: {
+        refuse: [],
+        rewrite: [],
+        narrow: narrowMatches
+      },
+      clarification_questions: clarifyQuestions
+    };
+  }
+
+  if (!originalText || originalText.length < 8) {
+    return {
+      policy_enabled: true,
+      action: 'clarify',
+      planning_allowed: true,
+      execution_allowed: false,
+      original_text: originalText,
+      effective_text: originalText,
+      message: policy.clarify_question,
+      worldview: worldView,
+      lifeview: {
+        principle: '有善有恶意之动',
+        assessment: '当前只看到模糊意图，尚不足以判定其导向。'
+      },
+      values: {
+        principle: '知善知恶是良知',
+        assessment: '在善恶未明、边界未清前，不应直接进入执行。'
+      },
+      methodology: {
+        principle: '为善去恶是格物',
+        assessment: '先澄清目标、对象和约束，再决定是否调用小九条。'
+      },
+      matched_rules: {
+        refuse: [],
+        rewrite: [],
+        narrow: []
+      },
+      clarification_questions: clarifyQuestions
+    };
+  }
+
+  return {
+    policy_enabled: true,
+    action: 'allow',
+    planning_allowed: true,
+    execution_allowed: true,
+    original_text: originalText,
+    effective_text: originalText,
+    message: '该目标当前可按小九条推进。',
+    worldview: worldView,
+    lifeview: {
+      principle: '有善有恶意之动',
+      assessment: '当前意图未发现明显伤害、逃责或失范导向。'
+    },
+    values: {
+      principle: '知善知恶是良知',
+      assessment: '当前目标可被视为正当的交付、诊断、治理或改进事项。'
+    },
+    methodology: {
+      principle: '为善去恶是格物',
+      assessment: '允许进入小九条执行。'
+    },
+    matched_rules: {
+      refuse: [],
+      rewrite: [],
+      narrow: []
+    },
+    clarification_questions: clarifyQuestions
+  };
+}
+
+async function assessSupremeIntent(input = {}, dependencies = {}) {
+  const projectPath = dependencies.projectPath || process.cwd();
+  const fileSystem = dependencies.fileSystem || fs;
+  const loaded = dependencies.policy && typeof dependencies.policy === 'object'
+    ? { policy_path: '(inline)', policy_loaded_from: 'inline', policy: normalizePolicy(dependencies.policy) }
+    : await loadSupremePrinciplesPolicy(projectPath, fileSystem);
+  const assessment = evaluateSupremeIntent(input, loaded.policy);
+  return {
+    ...assessment,
+    policy_path: loaded.policy_path,
+    policy_loaded_from: loaded.policy_loaded_from,
+    source_kind: normalizeString(input.source_kind || input.sourceKind) || 'unknown',
+    scene_id: normalizeString(input.scene_id || input.sceneId) || null,
+    spec_id: normalizeString(input.spec_id || input.specId) || null
+  };
+}
+
+function buildSupremeRefusalError(assessment = {}) {
+  const values = assessment && assessment.values ? normalizeString(assessment.values.assessment) : '';
+  const methodology = assessment && assessment.methodology ? normalizeString(assessment.methodology.assessment) : '';
+  const details = [normalizeString(assessment.message), values, methodology].filter(Boolean).join(' ');
+  return new Error(details || 'request blocked by supreme principles');
+}
+
+function buildNativeGovernedReply(assessment = {}) {
+  const action = normalizeString(assessment.action);
+  if (action === 'refuse') {
+    return {
+      text: [
+        normalizeString(assessment.message) || '该请求不符合 SCE 的最高道德规范。',
+        normalizeString(assessment.values && assessment.values.assessment),
+        '请改为正当、守边界、可审计的目标后再继续。'
+      ].filter(Boolean).join('\n')
+    };
+  }
+  if (action === 'clarify') {
+    return {
+      text: [
+        normalizeString(assessment.message),
+        ...(Array.isArray(assessment.clarification_questions) ? assessment.clarification_questions.slice(0, 3) : [])
+      ].filter(Boolean).join('\n')
+    };
+  }
+  if (action === 'rewrite' || action === 'narrow') {
+    return {
+      text: [
+        normalizeString(assessment.message),
+        `已收敛目标：${normalizeString(assessment.effective_text)}`,
+        normalizeString(assessment.methodology && assessment.methodology.assessment)
+      ].filter(Boolean).join('\n')
+    };
+  }
+  return null;
+}
+
+async function writeSupremeIntentEvidence(projectPath = process.cwd(), specId, payload = {}, dependencies = {}) {
+  const normalizedSpecId = normalizeString(specId);
+  if (!normalizedSpecId) {
+    return null;
+  }
+  const fileSystem = dependencies.fileSystem || fs;
+  const specRoot = path.join(projectPath, '.sce', 'specs', normalizedSpecId);
+  if (!await fileSystem.pathExists(specRoot)) {
+    return null;
+  }
+  const targetPath = path.join(projectPath, '.sce', 'specs', normalizedSpecId, DEFAULT_SUPREME_INTENT_EVIDENCE_PATH);
+  const existing = await (async () => {
+    if (!await fileSystem.pathExists(targetPath)) {
+      return null;
+    }
+    try {
+      return await fileSystem.readJson(targetPath);
+    } catch (_error) {
+      return null;
+    }
+  })();
+
+  const entry = {
+    assessed_at: new Date().toISOString(),
+    action: normalizeString(payload.action),
+    planning_allowed: payload.planning_allowed === true,
+    execution_allowed: payload.execution_allowed === true,
+    source_kind: normalizeString(payload.source_kind),
+    original_text: normalizeString(payload.original_text),
+    effective_text: normalizeString(payload.effective_text),
+    message: normalizeString(payload.message),
+    worldview: payload.worldview || null,
+    lifeview: payload.lifeview || null,
+    values: payload.values || null,
+    methodology: payload.methodology || null,
+    matched_rules: payload.matched_rules || {},
+    policy_path: normalizeString(payload.policy_path) || DEFAULT_SUPREME_PRINCIPLES_POLICY_PATH,
+    policy_loaded_from: normalizeString(payload.policy_loaded_from) || 'default'
+  };
+
+  const history = Array.isArray(existing && existing.history) ? existing.history.slice(0, 19) : [];
+  const next = {
+    api_version: SUPREME_INTENT_EVIDENCE_API_VERSION,
+    spec_id: normalizedSpecId,
+    updated_at: entry.assessed_at,
+    latest: entry,
+    history: [entry, ...history]
+  };
+
+  await fileSystem.ensureDir(path.dirname(targetPath));
+  await fileSystem.writeJson(targetPath, next, { spaces: 2 });
+  return {
+    relative_path: path.relative(projectPath, targetPath).replace(/\\/g, '/'),
+    entry
+  };
+}
+
+async function recordSupremeIntentAssessment(record = {}, dependencies = {}) {
+  const projectPath = dependencies.projectPath || process.cwd();
+  const store = dependencies.stateStore || getSceStateStore(projectPath, {
+    fileSystem: dependencies.fileSystem,
+    env: dependencies.env,
+    sqliteModule: dependencies.sqliteModule,
+    noCache: dependencies.noCache === true
+  });
+
+  return store.appendSupremeIntentAssessment({
+    project_id: record.project_id || record.projectId || null,
+    channel_id: record.channel_id || record.channelId || null,
+    session_id: record.session_id || record.sessionId || null,
+    scene_id: record.scene_id || record.sceneId || null,
+    spec_id: record.spec_id || record.specId || null,
+    job_id: record.job_id || record.jobId || null,
+    source_kind: record.source_kind || record.sourceKind,
+    action: record.action,
+    planning_allowed: record.planning_allowed,
+    execution_allowed: record.execution_allowed,
+    policy_path: record.policy_path,
+    policy_loaded_from: record.policy_loaded_from,
+    original_text: record.original_text,
+    effective_text: record.effective_text,
+    message: record.message,
+    evidence_path: record.evidence_path || record.evidencePath || null,
+    worldview: record.worldview,
+    lifeview: record.lifeview,
+    values: record.values,
+    methodology: record.methodology,
+    matched_rules: record.matched_rules,
+    clarification_questions: record.clarification_questions,
+    metadata: record.metadata
+  });
+}
+
+module.exports = {
+  DEFAULT_SUPREME_PRINCIPLES_POLICY_PATH,
+  DEFAULT_SUPREME_INTENT_EVIDENCE_PATH,
+  DEFAULT_SUPREME_PRINCIPLES_POLICY,
+  loadSupremePrinciplesPolicy,
+  evaluateSupremeIntent,
+  assessSupremeIntent,
+  buildSupremeRefusalError,
+  buildNativeGovernedReply,
+  writeSupremeIntentEvidence,
+  recordSupremeIntentAssessment
+};

package/lib/problem/problem-evaluator.js

@@ -833,7 +833,11 @@ function evaluateProblemContext(context = {}, policy = DEFAULT_PROBLEM_EVAL_POLI
 
   const recommendations = [];
   if (strategy.strategy === 'debug-first') {
+    recommendations.push('Record or update an errorbook staging incident before the next patch attempt.');
     recommendations.push('Capture debug trace/log evidence before the next patch attempt.');
+    recommendations.push(
+      'Use bisection-style debug logs to halve the failing scope by module, call path, data slice, or change set on each iteration.'
+    );
   }
   if (strategy.strategy === 'evidence-first' || evidence.score < 45) {
     recommendations.push('Refresh domain artifacts and verify ontology coverage before execution.');

package/lib/project/candidate-inspection-service.js

@@ -5,6 +5,9 @@ const {
   buildLocalProjectId,
   buildWorkspaceProjectId
 } = require('./portfolio-projection-service');
+const {
+  isEphemeralProjectRoot
+} = require('./visibility-policy');
 
 const PROJECT_CANDIDATE_REASON_CODES = {
   ROOT_ACCESSIBLE: 'project.root.accessible',
@@ -14,7 +17,8 @@ const PROJECT_CANDIDATE_REASON_CODES = {
   SCE_PRESENT: 'project.sce.present',
   ROOT_NOT_INITIALIZED: 'project.root.not_initialized',
   INVALID_PROJECT_METADATA: 'project.metadata.invalid',
-  UNREGISTERED_PROJECT: 'project.sce.unregistered'
+  UNREGISTERED_PROJECT: 'project.sce.unregistered',
+  EPHEMERAL_ROOT: 'project.root.ephemeral'
 };
 
 function normalizeString(value) {
@@ -152,6 +156,25 @@ async function inspectProjectCandidate(options = {}, dependencies = {}) {
     };
   }
 
+  if (isEphemeralProjectRoot({
+    projectRoot: rootDir,
+    projectName
+  })) {
+    return {
+      inspectedAt,
+      rootDir,
+      kind: 'invalid',
+      projectName,
+      readiness: 'blocked',
+      availability: 'accessible',
+      localCandidate: false,
+      reasonCodes: [
+        PROJECT_CANDIDATE_REASON_CODES.ROOT_ACCESSIBLE,
+        PROJECT_CANDIDATE_REASON_CODES.EPHEMERAL_ROOT
+      ]
+    };
+  }
+
   const workspace = await resolveExactWorkspaceByRoot(absoluteRoot, stateManager);
   const sceInspection = await inspectSceMetadata(absoluteRoot, fileSystem);
   const metadataBlocked = sceInspection.scePresent && !sceInspection.metadataValid;