npm - ummaya - Versions diffs - 0.2.3 → 0.2.5 - Mend

ummaya 0.2.3 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (534) hide show

package/README.md +17 -3
package/bin/ummaya +10 -1
package/npm-shrinkwrap.json +253 -2
package/package.json +5 -1
package/prompts/manifest.yaml +2 -2
package/prompts/session_guidance_v1.md +3 -1
package/prompts/system_v1.md +9 -7
package/pyproject.toml +26 -7
package/specs/2803-document-production-hardening/contracts/document-tools.schema.json +1043 -0
package/src/ummaya/_canonical/__init__.py +2 -0
package/src/ummaya/context/builder.py +17 -11
package/src/ummaya/engine/engine.py +30 -113
package/src/ummaya/engine/query.py +20 -0
package/src/ummaya/evidence/__init__.py +44 -0
package/src/ummaya/evidence/__main__.py +7 -0
package/src/ummaya/evidence/dataset_contract.py +193 -0
package/src/ummaya/evidence/document_authoring_cases.py +33 -0
package/src/ummaya/evidence/document_harness.py +313 -0
package/src/ummaya/evidence/document_viewer_ux.py +391 -0
package/src/ummaya/evidence/gates.py +70 -0
package/src/ummaya/evidence/json_types.py +20 -0
package/src/ummaya/evidence/models.py +145 -0
package/src/ummaya/evidence/output_payload.py +89 -0
package/src/ummaya/evidence/payload_documents.py +233 -0
package/src/ummaya/evidence/route_contracts.py +224 -0
package/src/ummaya/evidence/route_helpers.py +150 -0
package/src/ummaya/evidence/runner.py +177 -0
package/src/ummaya/evidence/source_provenance.py +246 -0
package/src/ummaya/evidence/source_provenance_redaction.py +176 -0
package/src/ummaya/evidence/task_registry.py +264 -0
package/src/ummaya/evidence/tool_layer.py +39 -0
package/src/ummaya/evidence/tool_layer_models.py +151 -0
package/src/ummaya/ipc/adapter_manifest_emitter.py +26 -10
package/src/ummaya/ipc/document_intent_normalization.py +185 -0
package/src/ummaya/ipc/frame_schema.py +52 -5
package/src/ummaya/ipc/route_diagnostics.py +73 -0
package/src/ummaya/ipc/stdio.py +2282 -417
package/src/ummaya/llm/client.py +234 -59
package/src/ummaya/llm/config.py +8 -3
package/src/ummaya/llm/reasoning.py +84 -0
package/src/ummaya/primitives/__init__.py +6 -2
package/src/ummaya/primitives/delegation.py +1 -1
package/src/ummaya/primitives/document.py +28 -0
package/src/ummaya/settings.py +0 -3
package/src/ummaya/tools/discovery_bridge.py +34 -2
package/src/ummaya/tools/documents/__init__.py +297 -0
package/src/ummaya/tools/documents/adapter_registry.py +487 -0
package/src/ummaya/tools/documents/archive_container_probe.py +167 -0
package/src/ummaya/tools/documents/artifact_store.py +454 -0
package/src/ummaya/tools/documents/authoring.py +283 -0
package/src/ummaya/tools/documents/baselines.py +114 -0
package/src/ummaya/tools/documents/capability.py +331 -0
package/src/ummaya/tools/documents/contracts.py +112 -0
package/src/ummaya/tools/documents/conversion.py +521 -0
package/src/ummaya/tools/documents/diff.py +275 -0
package/src/ummaya/tools/documents/engines.py +163 -0
package/src/ummaya/tools/documents/evaluation.py +291 -0
package/src/ummaya/tools/documents/explicit_values.py +108 -0
package/src/ummaya/tools/documents/fixtures.py +174 -0
package/src/ummaya/tools/documents/format_completion_audit.py +471 -0
package/src/ummaya/tools/documents/formats/__init__.py +2 -0
package/src/ummaya/tools/documents/formats/archive.py +528 -0
package/src/ummaya/tools/documents/formats/base.py +41 -0
package/src/ummaya/tools/documents/formats/code_file.py +211 -0
package/src/ummaya/tools/documents/formats/data_file.py +272 -0
package/src/ummaya/tools/documents/formats/hwp.py +284 -0
package/src/ummaya/tools/documents/formats/hwpx.py +1837 -0
package/src/ummaya/tools/documents/formats/odf.py +435 -0
package/src/ummaya/tools/documents/formats/ooxml.py +1030 -0
package/src/ummaya/tools/documents/formats/passive.py +766 -0
package/src/ummaya/tools/documents/formats/pdf.py +702 -0
package/src/ummaya/tools/documents/formats/text_web.py +268 -0
package/src/ummaya/tools/documents/hwp_conversion_probe.py +178 -0
package/src/ummaya/tools/documents/hwp_direct_candidate.py +141 -0
package/src/ummaya/tools/documents/inspection.py +289 -0
package/src/ummaya/tools/documents/intake.py +1079 -0
package/src/ummaya/tools/documents/legacy_office_promotion_probe.py +366 -0
package/src/ummaya/tools/documents/models.py +1598 -0
package/src/ummaya/tools/documents/odf_promotion_probe.py +167 -0
package/src/ummaya/tools/documents/orchestrator.py +96 -0
package/src/ummaya/tools/documents/passive_capability_probe.py +251 -0
package/src/ummaya/tools/documents/patch.py +170 -0
package/src/ummaya/tools/documents/pdfa_conformance.py +284 -0
package/src/ummaya/tools/documents/pdfa_promotion_probe.py +198 -0
package/src/ummaya/tools/documents/permissions.py +110 -0
package/src/ummaya/tools/documents/planner.py +616 -0
package/src/ummaya/tools/documents/registry.py +2733 -0
package/src/ummaya/tools/documents/render.py +978 -0
package/src/ummaya/tools/documents/render_comparison.py +113 -0
package/src/ummaya/tools/documents/render_comparison_models.py +74 -0
package/src/ummaya/tools/documents/render_comparison_regions.py +73 -0
package/src/ummaya/tools/documents/render_comparison_style.py +161 -0
package/src/ummaya/tools/documents/reread.py +157 -0
package/src/ummaya/tools/documents/runtime_authoring.py +244 -0
package/src/ummaya/tools/documents/runtime_authoring_bundle.py +76 -0
package/src/ummaya/tools/documents/scorecard.py +184 -0
package/src/ummaya/tools/documents/socratic_planner.py +193 -0
package/src/ummaya/tools/documents/style.py +48 -0
package/src/ummaya/tools/documents/tool_defs.py +523 -0
package/src/ummaya/tools/documents/validate.py +347 -0
package/src/ummaya/tools/executor.py +61 -12
package/src/ummaya/tools/geocoding/kakao_client.py +1 -2
package/src/ummaya/tools/kma/apihub_catalog.py +984 -1
package/src/ummaya/tools/kma/apihub_structured_adapter.py +86 -6
package/src/ummaya/tools/kma/apihub_url_adapter.py +593 -0
package/src/ummaya/tools/kma/apihub_url_catalog.py +296 -0
package/src/ummaya/tools/live_proxy.py +0 -3
package/src/ummaya/tools/location_adapters.py +8 -6
package/src/ummaya/tools/manifest_metadata.py +16 -3
package/src/ummaya/tools/models.py +5 -1
package/src/ummaya/tools/mvp_surface.py +2 -2
package/src/ummaya/tools/nmc/emergency_search.py +8 -6
package/src/ummaya/tools/register_all.py +17 -0
package/src/ummaya/tools/registry.py +10 -1
package/src/ummaya/tools/resolve_location.py +4 -4
package/src/ummaya/tools/routing/__init__.py +59 -0
package/src/ummaya/tools/routing/builder.py +105 -0
package/src/ummaya/tools/routing/cards.py +29 -0
package/src/ummaya/tools/routing/decision_service.py +534 -0
package/src/ummaya/tools/routing/decision_types.py +74 -0
package/src/ummaya/tools/routing/feasibility.py +122 -0
package/src/ummaya/tools/routing/intent.py +17 -0
package/src/ummaya/tools/routing/intent_extractor.py +207 -0
package/src/ummaya/tools/routing/intent_patterns.py +160 -0
package/src/ummaya/tools/routing/intent_public_data.py +150 -0
package/src/ummaya/tools/routing/intent_types.py +48 -0
package/src/ummaya/tools/routing/lint.py +78 -0
package/src/ummaya/tools/routing/metadata.py +174 -0
package/src/ummaya/tools/routing/projection.py +340 -0
package/src/ummaya/tools/routing/retrieval_policy.py +629 -0
package/src/ummaya/tools/routing/schema.py +81 -0
package/src/ummaya/tools/routing/types.py +96 -0
package/src/ummaya/tools/routing_index.py +2 -2
package/src/ummaya/tools/search.py +40 -106
package/src/ummaya/tools/verified_data_go_kr/_manifest.py +115 -25
package/src/ummaya/tools/verified_data_go_kr/airkorea_air_quality.py +109 -4
package/src/ummaya/tools/verified_data_go_kr/nmc_aed_site.py +108 -2
package/src/ummaya/tools/verified_data_go_kr/pps_bid_public_info.py +174 -9
package/src/ummaya/tools/verified_data_go_kr/tago_bus_arrival.py +66 -3
package/src/ummaya/tools/verified_data_go_kr/tago_bus_location.py +12 -2
package/src/ummaya/tools/verified_data_go_kr/tago_bus_route.py +8 -2
package/src/ummaya/tools/verified_data_go_kr/tago_bus_route_station.py +114 -0
package/src/ummaya/tools/verified_data_go_kr/tago_bus_station.py +14 -3
package/src/ummaya/tools/verify_canonical_map.py +21 -0
package/tests/fixtures/documents/public_forms/baselines.yaml +113 -0
package/tui/package.json +1 -2
package/tui/src/.cc-byte-identical-whitelist.yaml +266 -0
package/tui/src/QueryEngine.ts +12 -4
package/tui/src/bridge/inboundAttachments.ts +3 -3
package/tui/src/cli/handlers/auth.ts +4 -13
package/tui/src/cli/handlers/mcp.tsx +3 -3
package/tui/src/cli/print.ts +69 -18
package/tui/src/cli/update.ts +13 -13
package/tui/src/commands/copy/index.ts +1 -1
package/tui/src/commands/cost/cost.ts +2 -2
package/tui/src/commands/init-verifiers.ts +5 -5
package/tui/src/commands/init.ts +30 -30
package/tui/src/commands/insights.ts +44 -44
package/tui/src/commands/install-github-app/install-github-app.tsx +2 -2
package/tui/src/commands/install-github-app/setupGitHubActions.ts +3 -3
package/tui/src/commands/install-github-app/types.ts +8 -30
package/tui/src/commands/install.tsx +5 -5
package/tui/src/commands/mcp/addCommand.ts +5 -5
package/tui/src/commands/mcp/xaaIdpCommand.ts +2 -2
package/tui/src/commands/plugin/ManageMarketplaces.tsx +2 -2
package/tui/src/commands/plugin/types.ts +6 -28
package/tui/src/commands/plugin/unifiedTypes.ts +4 -26
package/tui/src/commands/reasoning/index.ts +13 -0
package/tui/src/commands/reasoning/reasoning.tsx +177 -0
package/tui/src/commands/rename/generateSessionName.ts +1 -1
package/tui/src/commands/thinkback/thinkback.tsx +3 -3
package/tui/src/commands.ts +2 -0
package/tui/src/components/Feedback.tsx +1 -1
package/tui/src/components/LogoV2/EmergencyTip.tsx +11 -2
package/tui/src/components/LogoV2/WelcomeV2.tsx +1 -3
package/tui/src/components/Messages.tsx +2 -1
package/tui/src/components/ScrollKeybindingHandler.tsx +6 -6
package/tui/src/components/Spinner/types.ts +6 -28
package/tui/src/components/Spinner.tsx +2 -2
package/tui/src/components/agents/generateAgent.ts +1 -1
package/tui/src/components/agents/new-agent-creation/types.ts +4 -26
package/tui/src/components/config/EnvSecretIsolatedEditor.tsx +1 -1
package/tui/src/components/design-system/LoadingState.tsx +2 -2
package/tui/src/components/mcp/types.ts +16 -38
package/tui/src/components/messages/AssistantToolUseMessage.tsx +3 -2
package/tui/src/components/messages/UserCrossSessionMessage.ts +16 -4
package/tui/src/components/messages/UserForkBoilerplateMessage.ts +16 -4
package/tui/src/components/messages/UserGitHubWebhookMessage.ts +16 -4
package/tui/src/components/messages/UserToolResultMessage/utils.tsx +3 -2
package/tui/src/components/permissions/MonitorPermissionRequest/MonitorPermissionRequest.ts +9 -4
package/tui/src/components/permissions/ReviewArtifactPermissionRequest/ReviewArtifactPermissionRequest.ts +9 -4
package/tui/src/components/primitive/DocumentSocraticReviewBlock.tsx +129 -0
package/tui/src/components/primitive/DocumentToolResultCard.tsx +224 -0
package/tui/src/components/primitive/documentSocraticReview.ts +215 -0
package/tui/src/components/primitive/index.tsx +43 -1
package/tui/src/components/primitive/types.ts +137 -0
package/tui/src/components/ui/option.ts +4 -26
package/tui/src/constants/common.ts +0 -2
package/tui/src/constants/prompts.ts +4 -3
package/tui/src/constants/querySource.ts +4 -26
package/tui/src/entrypoints/sdk/controlTypes.ts +26 -48
package/tui/src/entrypoints/sdk/coreTypes.generated.ts +3 -25
package/tui/src/entrypoints/sdk/runtimeTypes.ts +38 -60
package/tui/src/entrypoints/sdk/sdkUtilityTypes.ts +4 -26
package/tui/src/entrypoints/sdk/settingsTypes.generated.ts +3 -25
package/tui/src/entrypoints/sdk/toolTypes.ts +3 -25
package/tui/src/hooks/toolPermission/handlers/interactiveHandler.ts +10 -0
package/tui/src/hooks/useApiKeyVerification.ts +1 -1
package/tui/src/hooks/useVirtualScroll.ts +1 -1
package/tui/src/ink/ink.tsx +33 -14
package/tui/src/ink/reconciler.ts +2 -3
package/tui/src/ink/render-to-screen.ts +30 -10
package/tui/src/ipc/bridge.ts +62 -15
package/tui/src/ipc/bridgeSingleton.ts +5 -1
package/tui/src/ipc/codec.ts +29 -3
package/tui/src/ipc/frames.generated.ts +407 -312
package/tui/src/ipc/llmClient.ts +279 -76
package/tui/src/ipc/llmTypes.ts +16 -1
package/tui/src/ipc/schema/frame.schema.json +1 -3475
package/tui/src/keybindings/defaultBindings.ts +4 -0
package/tui/src/main.tsx +32 -11
package/tui/src/native-ts/file-index/index.ts +33 -3
package/tui/src/observability/surface.ts +2 -2
package/tui/src/probes/toolRegistryProbe.tsx +3 -1
package/tui/src/projectOnboardingState.ts +7 -6
package/tui/src/query/chatMessageTypes.ts +18 -0
package/tui/src/query/chatMessagesBuilder.ts +1 -1
package/tui/src/query/deps.ts +1 -1
package/tui/src/query/messageGuards.ts +106 -0
package/tui/src/query/publicDataTerminalRepair.ts +384 -0
package/tui/src/query/run.ts +1075 -0
package/tui/src/query/supportBoundary.ts +168 -0
package/tui/src/query/toolResultErrors.ts +103 -0
package/tui/src/query/toolRunner.ts +687 -0
package/tui/src/query/unavailableToolRepair.ts +118 -0
package/tui/src/query.ts +9 -1721
package/tui/src/screens/REPL.tsx +42 -31
package/tui/src/services/api/adapterManifest.ts +4 -0
package/tui/src/services/api/backendChat/events.ts +117 -0
package/tui/src/services/api/backendChat/finalMessage.ts +40 -0
package/tui/src/services/api/backendChat/frame.ts +9 -0
package/tui/src/services/api/backendChat/streaming.ts +430 -0
package/tui/src/services/api/backendChat/types.ts +62 -0
package/tui/src/services/api/backendChat.ts +1 -0
package/tui/src/services/api/client.ts +98 -14
package/tui/src/services/api/errorUtils.ts +5 -5
package/tui/src/services/api/errors.ts +1 -1
package/tui/src/services/api/logging.ts +1 -1
package/tui/src/services/api/ummaya/evidence.ts +194 -0
package/tui/src/services/api/ummaya/messages.ts +255 -0
package/tui/src/services/api/ummaya/nonStreaming.ts +66 -0
package/tui/src/services/api/ummaya/provider.ts +200 -0
package/tui/src/services/api/ummaya/reasoning.ts +24 -0
package/tui/src/services/api/ummaya/request.ts +200 -0
package/tui/src/services/api/ummaya/selectionContext.ts +240 -0
package/tui/src/services/api/ummaya/streaming.ts +365 -0
package/tui/src/services/api/ummaya/streamingPayload.ts +129 -0
package/tui/src/services/api/ummaya/streamingReader.ts +40 -0
package/tui/src/services/api/ummaya/toolSelection.ts +217 -0
package/tui/src/services/api/ummaya/types.ts +110 -0
package/tui/src/services/api/ummaya/usage.ts +30 -0
package/tui/src/services/api/ummaya.ts +26 -364
package/tui/src/services/api/withRetry.ts +1 -1
package/tui/src/services/awaySummary.ts +2 -2
package/tui/src/services/claudeAiLimits.ts +1 -1
package/tui/src/services/compact/autoCompact.ts +1 -1
package/tui/src/services/compact/compact.ts +1 -1
package/tui/src/services/lsp/types.ts +8 -30
package/tui/src/services/tips/types.ts +6 -28
package/tui/src/services/tokenEstimation.ts +1 -1
package/tui/src/services/toolRegistry/bootGuard.ts +5 -5
package/tui/src/services/toolUseSummary/toolUseSummaryGenerator.ts +1 -1
package/tui/src/services/tools/toolExecution.ts +94 -1
package/tui/src/skills/bundled/stuck.ts +12 -12
package/tui/src/state/AppStateStore.ts +7 -0
package/tui/src/store/pendingPermissionSlot.ts +1 -1
package/tui/src/store/session-store.ts +10 -36
package/tui/src/stubs/any-stub.ts +15 -10
package/tui/src/stubs/color-diff-napi.ts +37 -23
package/tui/src/stubs/globals.d.ts +3 -3
package/tui/src/stubs/macro-preload.ts +23 -12
package/tui/src/tools/AdapterTool/AdapterTool.ts +1239 -163
package/tui/src/tools/AdapterTool/routeDiagnostics.ts +75 -0
package/tui/src/tools/AgentTool/AgentTool.tsx +84 -1371
package/tui/src/tools/AgentTool/agentToolHandoff.ts +114 -0
package/tui/src/tools/AgentTool/agentToolPartialResult.ts +16 -0
package/tui/src/tools/AgentTool/agentToolProgress.ts +32 -0
package/tui/src/tools/AgentTool/agentToolResolver.ts +161 -0
package/tui/src/tools/AgentTool/agentToolResult.ts +163 -0
package/tui/src/tools/AgentTool/agentToolUtils.ts +14 -686
package/tui/src/tools/AgentTool/asyncAgentLifecycle.ts +208 -0
package/tui/src/tools/AgentTool/asyncLifecycle.ts +153 -0
package/tui/src/tools/AgentTool/backgroundedCompletion.ts +126 -0
package/tui/src/tools/AgentTool/backgroundedLifecycle.ts +174 -0
package/tui/src/tools/AgentTool/foregroundBackground.ts +83 -0
package/tui/src/tools/AgentTool/foregroundDrain.tsx +133 -0
package/tui/src/tools/AgentTool/foregroundFinalize.ts +98 -0
package/tui/src/tools/AgentTool/foregroundLifecycle.tsx +237 -0
package/tui/src/tools/AgentTool/foregroundProgress.tsx +169 -0
package/tui/src/tools/AgentTool/foregroundTask.ts +89 -0
package/tui/src/tools/AgentTool/forkSubagent.ts +1 -12
package/tui/src/tools/AgentTool/forkSubagentGate.ts +34 -0
package/tui/src/tools/AgentTool/launchRouting.ts +203 -0
package/tui/src/tools/AgentTool/lifecycle.ts +244 -0
package/tui/src/tools/AgentTool/mcpRouting.ts +73 -0
package/tui/src/tools/AgentTool/orchestrationSupport.ts +70 -0
package/tui/src/tools/AgentTool/permissions.ts +39 -0
package/tui/src/tools/AgentTool/promptSetup.ts +181 -0
package/tui/src/tools/AgentTool/remoteRouting.ts +62 -0
package/tui/src/tools/AgentTool/resultMapping.ts +116 -0
package/tui/src/tools/AgentTool/resumeAgent.ts +39 -107
package/tui/src/tools/AgentTool/resumeAgentHelpers.ts +140 -0
package/tui/src/tools/AgentTool/runAgent.ts +1 -1
package/tui/src/tools/AgentTool/runtimeConfig.ts +57 -0
package/tui/src/tools/AgentTool/schemas.ts +196 -0
package/tui/src/tools/AgentTool/sourceVerificationPropagation.ts +263 -0
package/tui/src/tools/AgentTool/worktreeLifecycle.ts +105 -0
package/tui/src/tools/AskUserQuestionTool/AskUserQuestionTool.tsx +174 -202
package/tui/src/tools/BashTool/BashTool.tsx +71 -1072
package/tui/src/tools/BashTool/bashCommandHelpers.ts +12 -12
package/tui/src/tools/BashTool/bashPermissions/astPreflight.ts +173 -0
package/tui/src/tools/BashTool/bashPermissions/classifierChecks.ts +199 -0
package/tui/src/tools/BashTool/bashPermissions/compoundGuards.ts +53 -0
package/tui/src/tools/BashTool/bashPermissions/constants.ts +99 -0
package/tui/src/tools/BashTool/bashPermissions/index.ts +38 -0
package/tui/src/tools/BashTool/bashPermissions/legacyMisparsing.ts +62 -0
package/tui/src/tools/BashTool/bashPermissions/main.ts +135 -0
package/tui/src/tools/BashTool/bashPermissions/normalizedCommands.ts +33 -0
package/tui/src/tools/BashTool/bashPermissions/operatorFlow.ts +98 -0
package/tui/src/tools/BashTool/bashPermissions/permissionChecks.ts +200 -0
package/tui/src/tools/BashTool/bashPermissions/prefixSuggestions.ts +88 -0
package/tui/src/tools/BashTool/bashPermissions/promptClassifierRules.ts +125 -0
package/tui/src/tools/BashTool/bashPermissions/ruleDelegates.ts +19 -0
package/tui/src/tools/BashTool/bashPermissions/ruleMatching.ts +145 -0
package/tui/src/tools/BashTool/bashPermissions/sandboxAutoAllow.ts +75 -0
package/tui/src/tools/BashTool/bashPermissions/subcommandFlow.ts +205 -0
package/tui/src/tools/BashTool/bashPermissions/subcommandGuards.ts +73 -0
package/tui/src/tools/BashTool/bashPermissions/subcommandResultHelpers.ts +116 -0
package/tui/src/tools/BashTool/bashPermissions/types.ts +26 -0
package/tui/src/tools/BashTool/bashPermissions/wrapperStripping.ts +139 -0
package/tui/src/tools/BashTool/bashPermissions.ts +26 -2621
package/tui/src/tools/BashTool/call.ts +202 -0
package/tui/src/tools/BashTool/callLoader.ts +35 -0
package/tui/src/tools/BashTool/commandClassification.ts +151 -0
package/tui/src/tools/BashTool/commandClassificationLoader.ts +40 -0
package/tui/src/tools/BashTool/cwdReset.ts +33 -0
package/tui/src/tools/BashTool/lineTruncation.ts +11 -0
package/tui/src/tools/BashTool/modeValidation.ts +13 -1
package/tui/src/tools/BashTool/outputPersistence.ts +42 -0
package/tui/src/tools/BashTool/permissionClassification.ts +66 -0
package/tui/src/tools/BashTool/permissionLoader.ts +44 -0
package/tui/src/tools/BashTool/resultLoader.ts +29 -0
package/tui/src/tools/BashTool/resultMapping.ts +83 -0
package/tui/src/tools/BashTool/sandboxPolicy.ts +79 -0
package/tui/src/tools/BashTool/schemas.ts +65 -0
package/tui/src/tools/BashTool/sedEditExecution.ts +59 -0
package/tui/src/tools/BashTool/shellExecution.tsx +245 -0
package/tui/src/tools/BashTool/shellOutputUtils.ts +85 -0
package/tui/src/tools/BashTool/shellPermissionGauntlet.ts +97 -0
package/tui/src/tools/BashTool/uiLoader.ts +37 -0
package/tui/src/tools/BriefTool/upload.ts +1 -1
package/tui/src/tools/CalculatorTool/parser.ts +2 -2
package/tui/src/tools/DocumentPrimitive/DocumentPrimitive.ts +262 -0
package/tui/src/tools/DocumentPrimitive/dispatchNormalization.ts +270 -0
package/tui/src/tools/DocumentPrimitive/documentDestinationPath.ts +18 -0
package/tui/src/tools/DocumentPrimitive/documentMutationGuard.ts +22 -0
package/tui/src/tools/DocumentPrimitive/documentPatchNormalization.ts +248 -0
package/tui/src/tools/DocumentPrimitive/documentSourceVerification.ts +245 -0
package/tui/src/tools/DocumentPrimitive/documentSourceVerificationFields.ts +103 -0
package/tui/src/tools/DocumentPrimitive/modelVisibleOutput.ts +40 -0
package/tui/src/tools/DocumentPrimitive/prompt.ts +35 -0
package/tui/src/tools/FileEditTool/FileEditTool.ts +9 -507
package/tui/src/tools/FileEditTool/call.ts +228 -0
package/tui/src/tools/FileEditTool/validateInput.ts +196 -0
package/tui/src/tools/FileReadTool/imageProcessor.ts +13 -0
package/tui/src/tools/FileWriteTool/FileWriteTool.ts +7 -300
package/tui/src/tools/FileWriteTool/call.ts +223 -0
package/tui/src/tools/FileWriteTool/validateInput.ts +80 -0
package/tui/src/tools/ListMcpResourcesTool/ListMcpResourcesTool.ts +19 -3
package/tui/src/tools/LookupPrimitive/LookupPrimitive.ts +48 -29
package/tui/src/tools/LookupPrimitive/prompt.ts +6 -7
package/tui/src/tools/MCPTool/trustPolicy.ts +118 -0
package/tui/src/tools/McpAuthTool/McpAuthTool.ts +21 -3
package/tui/src/tools/NotebookEditTool/NotebookEditTool.ts +7 -326
package/tui/src/tools/NotebookEditTool/call.ts +254 -0
package/tui/src/tools/NotebookEditTool/notebookModel.ts +51 -0
package/tui/src/tools/NotebookEditTool/validateInput.ts +142 -0
package/tui/src/tools/PowerShellTool/PowerShellTool.tsx +46 -937
package/tui/src/tools/PowerShellTool/acceptEditsCommandValidation.ts +162 -0
package/tui/src/tools/PowerShellTool/call.ts +179 -0
package/tui/src/tools/PowerShellTool/callLoader.ts +37 -0
package/tui/src/tools/PowerShellTool/commandClassification.ts +86 -0
package/tui/src/tools/PowerShellTool/modeValidation.ts +25 -332
package/tui/src/tools/PowerShellTool/outputPersistence.ts +42 -0
package/tui/src/tools/PowerShellTool/permissionClassification.ts +28 -0
package/tui/src/tools/PowerShellTool/resultLoader.ts +31 -0
package/tui/src/tools/PowerShellTool/resultMapping.ts +75 -0
package/tui/src/tools/PowerShellTool/schemas.ts +40 -0
package/tui/src/tools/PowerShellTool/shellExecution.tsx +258 -0
package/tui/src/tools/PowerShellTool/symlinkModeValidation.ts +44 -0
package/tui/src/tools/PowerShellTool/uiLoader.ts +37 -0
package/tui/src/tools/PowerShellTool/validation.ts +39 -0
package/tui/src/tools/ReadMcpResourceTool/ReadMcpResourceTool.ts +19 -3
package/tui/src/tools/ResolveLocationPrimitive/ResolveLocationPrimitive.ts +30 -19
package/tui/src/tools/ResolveLocationPrimitive/prompt.ts +2 -6
package/tui/src/tools/SkillTool/SkillTool.ts +2 -2
package/tui/src/tools/SubmitPrimitive/SubmitPrimitive.ts +51 -18
package/tui/src/tools/TaskCreateTool/TaskCreateTool.ts +16 -2
package/tui/src/tools/TaskGetTool/TaskGetTool.ts +23 -3
package/tui/src/tools/TaskListTool/TaskListTool.ts +22 -4
package/tui/src/tools/TaskOutputTool/TaskOutputTool.tsx +46 -547
package/tui/src/tools/TaskOutputTool/lookup.ts +216 -0
package/tui/src/tools/TaskOutputTool/render.tsx +257 -0
package/tui/src/tools/TaskOutputTool/schemas.ts +55 -0
package/tui/src/tools/TaskOutputTool/serialization.ts +36 -0
package/tui/src/tools/TaskStopTool/TaskStopTool.ts +10 -0
package/tui/src/tools/TaskUpdateTool/TaskUpdateTool.ts +14 -364
package/tui/src/tools/TaskUpdateTool/completion.ts +62 -0
package/tui/src/tools/TaskUpdateTool/schemas.ts +62 -0
package/tui/src/tools/TaskUpdateTool/serialization.ts +46 -0
package/tui/src/tools/TaskUpdateTool/statusUpdate.ts +247 -0
package/tui/src/tools/TodoWriteTool/TodoWriteTool.ts +21 -2
package/tui/src/tools/ToolSearchTool/ToolSearchTool.ts +21 -302
package/tui/src/tools/ToolSearchTool/ccSupportTools.ts +223 -0
package/tui/src/tools/ToolSearchTool/descriptionCache.ts +50 -0
package/tui/src/tools/ToolSearchTool/keywordSearch.ts +216 -0
package/tui/src/tools/ToolSearchTool/prompt.ts +10 -4
package/tui/src/tools/ToolSearchTool/resultMapping.ts +30 -0
package/tui/src/tools/ToolSearchTool/schemas.ts +30 -0
package/tui/src/tools/ToolSearchTool/searchPool.ts +47 -0
package/tui/src/tools/ToolSearchTool/supportIntentHints.ts +140 -0
package/tui/src/tools/TranslateTool/TranslateTool.ts +1 -1
package/tui/src/tools/VerifyPrimitive/VerifyPrimitive.ts +27 -10
package/tui/src/tools/WebFetchTool/WebFetchTool.ts +43 -138
package/tui/src/tools/WebFetchTool/call.ts +227 -0
package/tui/src/tools/WebFetchTool/resolvedAddressSafety.ts +78 -0
package/tui/src/tools/WebFetchTool/sourceVerification.ts +204 -0
package/tui/src/tools/WebFetchTool/types.ts +23 -0
package/tui/src/tools/WebFetchTool/urlSafety.ts +181 -0
package/tui/src/tools/WebFetchTool/utils.ts +1 -1
package/tui/src/tools/WebSearchTool/UI.tsx +0 -1
package/tui/src/tools/WebSearchTool/WebSearchTool.ts +9 -313
package/tui/src/tools/WebSearchTool/call.ts +33 -0
package/tui/src/tools/WebSearchTool/responseMapping.ts +190 -0
package/tui/src/tools/WebSearchTool/resultBlock.ts +47 -0
package/tui/src/tools/WebSearchTool/schemas.ts +47 -0
package/tui/src/tools/WebSearchTool/toolSchema.ts +12 -0
package/tui/src/tools/WorkspaceToolAdapter/WorkspaceToolAdapter.ts +79 -0
package/tui/src/tools/WorkspaceToolAdapter/allowedRootPolicy.ts +85 -0
package/tui/src/tools/WorkspaceToolAdapter/documentFormatGuards.ts +73 -0
package/tui/src/tools/WorkspaceToolAdapter/inputNormalization.ts +105 -0
package/tui/src/tools/WorkspaceToolAdapter/mcpExposurePolicy.ts +64 -0
package/tui/src/tools/WorkspaceToolAdapter/toolDefFactory.ts +215 -0
package/tui/src/tools/WorkspaceToolAdapter/toolNames.ts +6 -0
package/tui/src/tools/WorkspaceToolAdapter/workspacePolicy.ts +15 -0
package/tui/src/tools/_shared/citizenUserText.ts +49 -0
package/tui/src/tools/_shared/dispatchPrimitive.ts +6 -6
package/tui/src/tools/_shared/documentChangeToPatch.ts +125 -0
package/tui/src/tools/_shared/documentDispatchArguments.ts +87 -0
package/tui/src/tools/_shared/documentPrimitiveTimeout.ts +13 -0
package/tui/src/tools/_shared/documentToolResultRender.ts +98 -0
package/tui/src/tools/_shared/locationInputRepair.ts +112 -0
package/tui/src/tools/_shared/pendingCallRegistry.ts +1 -6
package/tui/src/tools/_shared/rootPrimitiveInput.ts +68 -0
package/tui/src/tools/_shared/toolChoiceRepair/documentCompletionPatterns.ts +58 -0
package/tui/src/tools/_shared/toolChoiceRepair/documentCompletionPrompt.ts +271 -0
package/tui/src/tools/_shared/toolChoiceRepair/documentRepair.ts +452 -0
package/tui/src/tools/_shared/toolChoiceRepair/messageAccess.ts +80 -0
package/tui/src/tools/_shared/toolChoiceRepair/publicDataRepair.ts +92 -0
package/tui/src/tools/_shared/toolChoiceRepair/supportRepair.ts +135 -0
package/tui/src/tools/_shared/toolChoiceRepair.ts +61 -0
package/tui/src/tools/shared/mockDisclaimer.ts +1 -1
package/tui/src/tools.ts +39 -190
package/tui/src/types/fileSuggestion.ts +4 -26
package/tui/src/types/generated/events_mono/claude_code/v1/claude_code_internal_event.ts +186 -148
package/tui/src/types/generated/events_mono/common/v1/auth.ts +25 -11
package/tui/src/types/generated/events_mono/growthbook/v1/growthbook_experiment_event.ts +47 -30
package/tui/src/types/generated/google/protobuf/timestamp.ts +21 -7
package/tui/src/types/message.ts +80 -102
package/tui/src/types/messageQueueTypes.ts +6 -28
package/tui/src/types/notebook.ts +16 -38
package/tui/src/types/statusLine.ts +4 -26
package/tui/src/types/tools.ts +24 -46
package/tui/src/types/utils.ts +6 -28
package/tui/src/upstreamproxy/relay.ts +7 -3
package/tui/src/upstreamproxy/upstreamproxy.ts +1 -1
package/tui/src/utils/assistantMessageFactories.ts +9 -3
package/tui/src/utils/attachments.ts +1 -1
package/tui/src/utils/auth.ts +129 -139
package/tui/src/utils/bash/ast.ts +23 -23
package/tui/src/utils/bash/bashParser.ts +5 -5
package/tui/src/utils/billing.ts +1 -1
package/tui/src/utils/collapseReadSearch.ts +3 -3
package/tui/src/utils/cronTasks.ts +1 -1
package/tui/src/utils/execFileNoThrow.ts +1 -1
package/tui/src/utils/filePersistence/types.ts +16 -38
package/tui/src/utils/forkedAgent.ts +1 -1
package/tui/src/utils/gracefulShutdown.ts +4 -4
package/tui/src/utils/heapDumpService.ts +12 -8
package/tui/src/utils/hooks/apiQueryHookHelper.ts +1 -1
package/tui/src/utils/hooks/execPromptHook.ts +1 -1
package/tui/src/utils/hooks/skillImprovement.ts +1 -1
package/tui/src/utils/kExaoneReasoning.ts +138 -0
package/tui/src/utils/mcp/dateTimeParser.ts +1 -1
package/tui/src/utils/messages.ts +19 -0
package/tui/src/utils/migrateSessions.ts +3 -3
package/tui/src/utils/model/model.ts +6 -6
package/tui/src/utils/multiToolLayout.ts +13 -0
package/tui/src/utils/permissions/yoloClassifier.ts +1 -1
package/tui/src/utils/plugins/headlessPluginInstall.ts +1 -1
package/tui/src/utils/plugins/mcpPluginIntegration.ts +1 -1
package/tui/src/utils/plugins/mcpbHandler.ts +1 -1
package/tui/src/utils/plugins/pluginLoader.ts +8 -8
package/tui/src/utils/processUserInput/processSlashCommand.tsx +2 -2
package/tui/src/utils/processUserInput/processUserInput.ts +26 -0
package/tui/src/utils/protectedNamespace.ts +5 -3
package/tui/src/utils/rawJsonToolCall.ts +242 -0
package/tui/src/utils/ripgrep.ts +16 -7
package/tui/src/utils/sessionTitle.ts +1 -1
package/tui/src/utils/settings/applySettingsChange.ts +4 -0
package/tui/src/utils/settings/permissionValidation.ts +14 -2
package/tui/src/utils/settings/types.ts +9 -3
package/tui/src/utils/shell/prefix.ts +1 -1
package/tui/src/utils/sideQuery.ts +1 -1
package/tui/src/utils/stats.ts +1 -1
package/tui/src/utils/systemThemeWatcher.ts +13 -3
package/tui/src/utils/teleport.tsx +1 -1
package/uv.lock +394 -22
package/assets/copilot-gate-logo.svg +0 -58
package/assets/govon-logo.svg +0 -40
package/src/ummaya/eval/__init__.py +0 -5
package/src/ummaya/eval/retrieval.py +0 -713
package/tui/src/services/api/claude.ts +0 -3510
package/tui/src/utils/messageStream.ts +0 -186

package/src/ummaya/evidence/source_provenance.py ADDED Viewed

@@ -0,0 +1,246 @@
+# SPDX-License-Identifier: Apache-2.0
+from __future__ import annotations
+from datetime import datetime
+from typing import Literal, Self
+from pydantic import BaseModel, ConfigDict, Field, field_validator, model_validator
+from pydantic_core import PydanticCustomError
+from ummaya.evidence.source_provenance_redaction import (
+    PromptInjectionState,
+    RedactionCategory,
+    detect_prompt_injection,
+    ordered_redaction_categories,
+    redact_source_text,
+    redact_source_url,
+    redaction_categories_for_text,
+)
+from ummaya.tools.routing.schema import sha256, unique
+SourceKind = Literal["web", "mcp", "agent", "file"]
+SourceUseState = Literal["used", "blocked"]
+SourceTrust = Literal["trusted", "untrusted"]
+SynthesisState = Literal[
+    "eligible_for_synthesis",
+    "blocked_pending_user_approval",
+    "blocked_untrusted",
+    "blocked_missing_source",
+]
+DocumentAuthoringState = Literal[
+    "approved_for_document",
+    "blocked_pending_user_approval",
+    "blocked_untrusted",
+    "blocked_missing_source",
+]
+class SourceRedactionMetadata(BaseModel):
+    model_config = ConfigDict(frozen=True, extra="forbid")
+    redacted: bool
+    categories: tuple[RedactionCategory, ...] = Field(default_factory=tuple)
+    raw_private_document_stored: Literal[False] = False
+    secret_values_stored: Literal[False] = False
+    pii_values_stored: Literal[False] = False
+    @model_validator(mode="after")
+    def _categories_match_redacted_flag(self) -> Self:
+        if self.redacted and not self.categories:
+            raise PydanticCustomError(
+                "source_provenance_missing_redaction_categories",
+                "redacted provenance requires redaction categories",
+            )
+        if not self.redacted and self.categories:
+            raise PydanticCustomError(
+                "source_provenance_unexpected_redaction_categories",
+                "unredacted provenance cannot carry redaction categories",
+            )
+        return self
+class SourceProvenanceRecord(BaseModel):
+    model_config = ConfigDict(frozen=True, extra="forbid")
+    source_kind: SourceKind
+    source_url: str | None
+    local_evidence_handle: str | None
+    title: str | None
+    description: str | None
+    tool_id: str = Field(min_length=1)
+    observed_at: datetime
+    state: SourceUseState
+    citation_id: str = Field(min_length=1)
+    provenance_id: str = Field(min_length=1)
+    trust: SourceTrust
+    prompt_injection: PromptInjectionState = "not_detected"
+    redaction: SourceRedactionMetadata
+    @field_validator(
+        "source_url",
+        "local_evidence_handle",
+        "title",
+        "description",
+        "tool_id",
+        "citation_id",
+        "provenance_id",
+    )
+    @classmethod
+    def _reject_unredacted_sensitive_value(cls, value: str | None) -> str | None:
+        if value is not None and redaction_categories_for_text(value):
+            raise PydanticCustomError(
+                "source_provenance_unredacted_sensitive_value",
+                "source provenance contains unredacted sensitive value",
+            )
+        return value
+    @model_validator(mode="after")
+    def _requires_source_handle_and_label(self) -> Self:
+        if self.source_url is None and self.local_evidence_handle is None:
+            raise PydanticCustomError(
+                "source_provenance_missing_source",
+                "source provenance requires source_url or local_evidence_handle",
+            )
+        if self.title is None and self.description is None:
+            raise PydanticCustomError(
+                "source_provenance_missing_label",
+                "source provenance requires title or description when available",
+            )
+        return self
+class SourceProvenanceDecision(BaseModel):
+    model_config = ConfigDict(frozen=True, extra="forbid")
+    decision_id: str = Field(min_length=1)
+    provenance_ids: tuple[str, ...] = Field(min_length=1)
+    synthesis_state: SynthesisState
+    document_authoring_state: DocumentAuthoringState
+    requires_user_approval: bool
+    approved_by_user: bool
+    rationale: str = Field(min_length=1)
+    @model_validator(mode="after")
+    def _document_approval_requires_user_approval(self) -> Self:
+        if self.document_authoring_state == "approved_for_document" and (
+            self.requires_user_approval or not self.approved_by_user
+        ):
+            raise PydanticCustomError(
+                "source_provenance_document_approval_missing_user_approval",
+                "approved document authoring requires completed user approval",
+            )
+        return self
+class SourceProvenanceLedger(BaseModel):
+    model_config = ConfigDict(frozen=True, extra="forbid")
+    schema_version: Literal["source_provenance_ledger.v1"] = "source_provenance_ledger.v1"
+    ledger_id: str = Field(min_length=1)
+    records: tuple[SourceProvenanceRecord, ...] = Field(min_length=1)
+    decisions: tuple[SourceProvenanceDecision, ...] = Field(default_factory=tuple)
+    @model_validator(mode="after")
+    def _decisions_reference_known_provenance_ids(self) -> Self:
+        known_ids = {record.provenance_id for record in self.records}
+        if len(known_ids) != len(self.records):
+            raise PydanticCustomError(
+                "source_provenance_duplicate_ids",
+                "source provenance ledger contains duplicate provenance ids",
+            )
+        unknown_ids = tuple(
+            unique(
+                provenance_id
+                for decision in self.decisions
+                for provenance_id in decision.provenance_ids
+                if provenance_id not in known_ids
+            )
+        )
+        if unknown_ids:
+            raise PydanticCustomError(
+                "source_provenance_unknown_ids",
+                "unknown provenance ids: " + ", ".join(unknown_ids),
+            )
+        return self
+def build_source_provenance_record(
+    *,
+    source_kind: SourceKind,
+    tool_id: str,
+    source_url: str | None,
+    local_evidence_handle: str | None,
+    title: str | None,
+    description: str | None,
+    observed_at: datetime,
+    state: SourceUseState,
+    trust: SourceTrust,
+    citation_id: str,
+) -> SourceProvenanceRecord:
+    redacted_url, url_categories = redact_source_url(source_url)
+    redacted_handle, handle_categories = redact_source_text(local_evidence_handle)
+    redacted_title, title_categories = redact_source_text(title)
+    redacted_description, description_categories = redact_source_text(description)
+    categories = ordered_redaction_categories(
+        (
+            *url_categories,
+            *handle_categories,
+            *title_categories,
+            *description_categories,
+        )
+    )
+    prompt_injection_text_parts = (
+        title or "",
+        description or "",
+        source_url or "",
+        local_evidence_handle or "",
+    )
+    return SourceProvenanceRecord(
+        source_kind=source_kind,
+        source_url=redacted_url,
+        local_evidence_handle=redacted_handle,
+        title=redacted_title,
+        description=redacted_description,
+        tool_id=tool_id,
+        observed_at=observed_at,
+        state=state,
+        citation_id=citation_id,
+        provenance_id=stable_source_provenance_id(
+            source_kind=source_kind,
+            tool_id=tool_id,
+            source_url=redacted_url,
+            local_evidence_handle=redacted_handle,
+            citation_id=citation_id,
+        ),
+        trust=trust,
+        prompt_injection=detect_prompt_injection(
+            "\n".join(part for part in prompt_injection_text_parts if part)
+        ),
+        redaction=SourceRedactionMetadata(
+            redacted=bool(categories),
+            categories=categories,
+            raw_private_document_stored=False,
+            secret_values_stored=False,
+            pii_values_stored=False,
+        ),
+    )
+def stable_source_provenance_id(
+    *,
+    source_kind: SourceKind,
+    tool_id: str,
+    source_url: str | None,
+    local_evidence_handle: str | None,
+    citation_id: str,
+) -> str:
+    digest = sha256(
+        {
+            "citation_id": citation_id,
+            "local_evidence_handle": local_evidence_handle,
+            "source_kind": source_kind,
+            "source_url": source_url,
+            "tool_id": tool_id,
+        }
+    )
+    return f"prov-{digest[:24]}"

package/src/ummaya/evidence/source_provenance_redaction.py ADDED Viewed

@@ -0,0 +1,176 @@
+# SPDX-License-Identifier: Apache-2.0
+from __future__ import annotations
+import re
+from collections.abc import Iterable
+from typing import Literal
+from urllib.parse import parse_qsl, urlencode, urlsplit, urlunsplit
+RedactionCategory = Literal[
+    "auth_header",
+    "cookie",
+    "service_key",
+    "token",
+    "pii",
+    "private_document",
+]
+PromptInjectionState = Literal["detected", "not_detected"]
+_AUTH_HEADER_PATTERN = re.compile(r"\bAuthorization\s*:\s*[^\n\r;]+", re.IGNORECASE)
+_AUTH_ASSIGNMENT_PATTERN = re.compile(
+    r"\bauthorization\s*=\s*[^\s&;\n\r]+",
+    re.IGNORECASE,
+)
+_COOKIE_PATTERN = re.compile(r"\bCookie\s*:\s*[^;\n\r]+;?\s*", re.IGNORECASE)
+_COOKIE_ASSIGNMENT_PATTERN = re.compile(
+    r"\bcookie\s*=\s*[^\s&;\n\r]+",
+    re.IGNORECASE,
+)
+_SERVICE_KEY_PATTERN = re.compile(
+    r"\b(?:serviceKey|authKey)\s*=\s*[^\s&]+",
+    re.IGNORECASE,
+)
+_TOKEN_PATTERN = re.compile(
+    r"\b(?:UMMAYA_[A-Z0-9_]*TOKEN|"
+    r"[A-Z0-9_]*(?:API|AUTH|ACCESS|REFRESH|SESSION)[_-]?KEY|"
+    r"(?:session|access|refresh|id)[_-]?token)\s*=\s*[^\s&]+|"
+    r"\bBearer\s+[A-Za-z0-9._~+/=-]+",
+    re.IGNORECASE,
+)
+_GENERIC_TOKEN_ASSIGNMENT_PATTERN = re.compile(
+    r"\b(?:token|secret|api[_-]?key|access[_-]?token|session[_-]?token|"
+    r"refresh[_-]?token|id[_-]?token|client[_-]?secret)\s*=\s*[^\s&;\n\r]+",
+    re.IGNORECASE,
+)
+_EMAIL_PATTERN = re.compile(r"\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b", re.IGNORECASE)
+_KOREAN_RRN_PATTERN = re.compile(r"\b\d{6}-[1-4]\d{6}\b")
+_PHONE_PATTERN = re.compile(r"\b01[016789]-?\d{3,4}-?\d{4}\b")
+_PRIVATE_DOCUMENT_PATTERN = re.compile(
+    r"-----BEGIN [A-Z ]*PRIVATE KEY-----|raw private document|private document bytes",
+    re.IGNORECASE,
+)
+_PROMPT_INJECTION_PATTERNS: tuple[re.Pattern[str], ...] = (
+    re.compile(r"ignore\s+(?:all\s+)?previous\s+instructions", re.IGNORECASE),
+    re.compile(r"change\s+(?:the\s+)?permission\s+policy", re.IGNORECASE),
+    re.compile(r"bypass\s+(?:permissions?|approval|policy)", re.IGNORECASE),
+    re.compile(r"treat\s+this\s+as\s+(?:a\s+)?system\s+instruction", re.IGNORECASE),
+)
+_SECRET_QUERY_KEYS = frozenset(
+    {
+        "access_token",
+        "api_key",
+        "apikey",
+        "auth",
+        "authkey",
+        "authorization",
+        "cookie",
+        "id_token",
+        "key",
+        "refresh_token",
+        "servicekey",
+        "session",
+        "session_token",
+        "token",
+    }
+)
+def redact_source_url(value: str | None) -> tuple[str | None, tuple[RedactionCategory, ...]]:
+    if value is None:
+        return None, ()
+    categories: list[RedactionCategory] = []
+    try:
+        parsed = urlsplit(value)
+    except ValueError:
+        return redact_source_text(value)
+    query_items: list[tuple[str, str]] = []
+    for key, item_value in parse_qsl(parsed.query, keep_blank_values=True):
+        lowered_key = key.lower()
+        if lowered_key in _SECRET_QUERY_KEYS:
+            categories.append(
+                "service_key" if lowered_key in {"authkey", "servicekey"} else "token"
+            )
+            continue
+        redacted_value, item_categories = redact_source_text(item_value)
+        categories.extend(item_categories)
+        query_items.append((key, redacted_value or ""))
+    rebuilt = urlunsplit(
+        (
+            parsed.scheme,
+            parsed.netloc,
+            parsed.path,
+            urlencode(query_items),
+            parsed.fragment,
+        )
+    )
+    redacted_text, text_categories = redact_source_text(rebuilt)
+    categories.extend(text_categories)
+    return redacted_text, ordered_redaction_categories(categories)
+def redact_source_text(value: str | None) -> tuple[str | None, tuple[RedactionCategory, ...]]:
+    if value is None:
+        return None, ()
+    categories = list(redaction_categories_for_text(value))
+    redacted = _AUTH_HEADER_PATTERN.sub("[REDACTED_AUTH_HEADER]", value)
+    redacted = _AUTH_ASSIGNMENT_PATTERN.sub("[REDACTED_AUTH_HEADER]", redacted)
+    redacted = _COOKIE_PATTERN.sub("[REDACTED_COOKIE] ", redacted)
+    redacted = _COOKIE_ASSIGNMENT_PATTERN.sub("[REDACTED_COOKIE]", redacted)
+    redacted = _SERVICE_KEY_PATTERN.sub("[REDACTED_SERVICE_KEY]", redacted)
+    redacted = _TOKEN_PATTERN.sub("[REDACTED_TOKEN]", redacted)
+    redacted = _GENERIC_TOKEN_ASSIGNMENT_PATTERN.sub("[REDACTED_TOKEN]", redacted)
+    redacted = _EMAIL_PATTERN.sub("[REDACTED_PII]", redacted)
+    redacted = _KOREAN_RRN_PATTERN.sub("[REDACTED_PII]", redacted)
+    redacted = _PHONE_PATTERN.sub("[REDACTED_PII]", redacted)
+    redacted = _PRIVATE_DOCUMENT_PATTERN.sub("[REDACTED_PRIVATE_DOCUMENT]", redacted)
+    return re.sub(r"[ \t]{2,}", " ", redacted).strip(), ordered_redaction_categories(categories)
+def detect_prompt_injection(value: str) -> PromptInjectionState:
+    return (
+        "detected"
+        if any(pattern.search(value) for pattern in _PROMPT_INJECTION_PATTERNS)
+        else "not_detected"
+    )
+def redaction_categories_for_text(value: str) -> tuple[RedactionCategory, ...]:
+    categories: list[RedactionCategory] = []
+    if _AUTH_HEADER_PATTERN.search(value):
+        categories.append("auth_header")
+    if _AUTH_ASSIGNMENT_PATTERN.search(value):
+        categories.append("auth_header")
+    if _COOKIE_PATTERN.search(value):
+        categories.append("cookie")
+    if _COOKIE_ASSIGNMENT_PATTERN.search(value):
+        categories.append("cookie")
+    if _SERVICE_KEY_PATTERN.search(value):
+        categories.append("service_key")
+    if _TOKEN_PATTERN.search(value):
+        categories.append("token")
+    if _GENERIC_TOKEN_ASSIGNMENT_PATTERN.search(value):
+        categories.append("token")
+    if (
+        _EMAIL_PATTERN.search(value)
+        or _KOREAN_RRN_PATTERN.search(value)
+        or _PHONE_PATTERN.search(value)
+    ):
+        categories.append("pii")
+    if _PRIVATE_DOCUMENT_PATTERN.search(value):
+        categories.append("private_document")
+    return ordered_redaction_categories(categories)
+def ordered_redaction_categories(
+    categories: Iterable[RedactionCategory],
+) -> tuple[RedactionCategory, ...]:
+    order: tuple[RedactionCategory, ...] = (
+        "auth_header",
+        "cookie",
+        "service_key",
+        "token",
+        "pii",
+        "private_document",
+    )
+    present = set(categories)
+    return tuple(category for category in order if category in present)

package/src/ummaya/evidence/task_registry.py ADDED Viewed

@@ -0,0 +1,264 @@
+# SPDX-License-Identifier: Apache-2.0
+"""Harbor-style task registry for Evidence Fabric v2.
+The registry mirrors Harbor's task boundary: a task has an instruction,
+metadata/configuration, and a verifier script. UMMAYA keeps execution local and
+deterministic; this module only resolves and validates task definitions.
+"""
+from __future__ import annotations
+import tomllib
+from collections.abc import Mapping, Sequence
+from pathlib import Path
+from typing import Literal, cast
+import yaml
+from pydantic import BaseModel, ConfigDict, Field, ValidationError
+_REPO_ROOT = Path(__file__).resolve().parents[3]
+_BANNED_MODEL_VISIBLE_KEYS = frozenset(
+    {
+        "adapter_id",
+        "tool_id",
+        "expected_tool_id",
+        "fixture_refs",
+        "fixture_ref",
+        "current_adapter_id",
+    }
+)
+class TaskRegistryError(ValueError):
+    """Raised when an Evidence Fabric task registry is invalid."""
+class EvidenceTask(BaseModel):
+    """One resolved Harbor-style evidence task."""
+    model_config = ConfigDict(frozen=True, extra="forbid")
+    task_id: str
+    task_dir: Path
+    instruction_path: Path
+    verifier_path: Path
+    description: str
+    dataset_id: str
+    keywords: tuple[str, ...] = Field(default_factory=tuple)
+    environment_os: Literal["linux", "windows"] = "linux"
+    allow_internet: bool = False
+    verifier_timeout_sec: float = 120.0
+class EvidenceDatasetRef(BaseModel):
+    """A dataset reference resolved from the local task registry."""
+    model_config = ConfigDict(frozen=True, extra="forbid")
+    ref: str
+    dataset_id: str
+    scenario_path: Path
+    tasks: tuple[EvidenceTask, ...]
+class EvidenceTaskRegistry(BaseModel):
+    """Resolved Evidence Fabric task registry."""
+    model_config = ConfigDict(frozen=True, extra="forbid")
+    version: int
+    registry_id: str
+    datasets: tuple[EvidenceDatasetRef, ...]
+    def resolve_dataset(self, ref: str) -> EvidenceDatasetRef:
+        """Return the dataset entry matching a Harbor-style dataset ref."""
+        for dataset in self.datasets:
+            if dataset.ref == ref:
+                return dataset
+        raise TaskRegistryError(f"dataset ref not found in task registry: {ref}")
+def _load_yaml_mapping(path: Path) -> Mapping[str, object]:
+    if not path.exists():
+        raise TaskRegistryError(f"task registry not found: {path}")
+    loaded = yaml.safe_load(path.read_text(encoding="utf-8"))
+    if not isinstance(loaded, Mapping):
+        raise TaskRegistryError(f"task registry must be a mapping: {path}")
+    return cast(Mapping[str, object], loaded)
+def _find_banned_keys(value: object, path: str = "$") -> tuple[str, ...]:
+    if isinstance(value, Mapping):
+        hits: list[str] = []
+        for key, nested in value.items():
+            key_text = str(key)
+            nested_path = f"{path}.{key_text}"
+            if key_text in _BANNED_MODEL_VISIBLE_KEYS:
+                hits.append(nested_path)
+            hits.extend(_find_banned_keys(nested, nested_path))
+        return tuple(hits)
+    if isinstance(value, Sequence) and not isinstance(value, str | bytes | bytearray):
+        hits = []
+        for index, nested in enumerate(value):
+            hits.extend(_find_banned_keys(nested, f"{path}[{index}]"))
+        return tuple(hits)
+    return ()
+def _read_path(path: Path) -> Path:
+    return path if path.is_absolute() else _REPO_ROOT / path
+def _require_existing_files(paths: tuple[Path, ...]) -> None:
+    for required in paths:
+        if not _read_path(required).exists():
+            raise TaskRegistryError(f"task file missing: {required}")
+def _require_mapping(value: object, label: str) -> Mapping[str, object]:
+    if not isinstance(value, Mapping):
+        raise TaskRegistryError(f"{label} must be a mapping")
+    return cast(Mapping[str, object], value)
+def _require_non_empty_str(value: object, label: str) -> str:
+    if not isinstance(value, str) or not value:
+        raise TaskRegistryError(f"{label} must be a non-empty string")
+    return value
+def _require_sequence(value: object, label: str) -> Sequence[object]:
+    if not isinstance(value, Sequence) or isinstance(value, str | bytes | bytearray):
+        raise TaskRegistryError(f"{label} must be a list")
+    return cast(Sequence[object], value)
+def _optional_float(value: object, label: str, default: float) -> float:
+    if value is None:
+        return default
+    if isinstance(value, bool) or not isinstance(value, str | int | float):
+        raise TaskRegistryError(f"{label} must be a number")
+    return float(value)
+def _load_task_toml(task_toml: Path) -> Mapping[str, object]:
+    raw = tomllib.loads(_read_path(task_toml).read_text(encoding="utf-8"))
+    banned = _find_banned_keys(raw)
+    if banned:
+        raise TaskRegistryError(
+            "model-visible task registry contains banned implementation keys: " + ", ".join(banned)
+        )
+    return cast(Mapping[str, object], raw)
+def _build_task(
+    *,
+    task_dir: Path,
+    instruction_path: Path,
+    verifier_path: Path,
+    raw: Mapping[str, object],
+) -> EvidenceTask:
+    task_section = _require_mapping(raw.get("task"), "task.toml [task]")
+    metadata_section = _require_mapping(raw.get("metadata", {}), "task.toml [metadata]")
+    environment_section = _require_mapping(raw.get("environment", {}), "task.toml [environment]")
+    verifier_section = _require_mapping(raw.get("verifier", {}), "task.toml [verifier]")
+    keywords = _require_sequence(task_section.get("keywords", ()), "task.toml [task].keywords")
+    try:
+        return EvidenceTask(
+            task_id=_require_non_empty_str(task_section.get("name"), "task.toml [task].name"),
+            task_dir=task_dir,
+            instruction_path=instruction_path,
+            verifier_path=verifier_path,
+            description=_require_non_empty_str(
+                task_section.get("description"),
+                "task.toml [task].description",
+            ),
+            dataset_id=_require_non_empty_str(
+                metadata_section.get("dataset_id"),
+                "task.toml [metadata].dataset_id",
+            ),
+            keywords=tuple(str(keyword) for keyword in keywords),
+            environment_os=cast(
+                Literal["linux", "windows"],
+                environment_section.get("os", "linux"),
+            ),
+            allow_internet=bool(environment_section.get("allow_internet", False)),
+            verifier_timeout_sec=_optional_float(
+                verifier_section.get("timeout_sec"),
+                "task.toml [verifier].timeout_sec",
+                120.0,
+            ),
+        )
+    except ValidationError as exc:
+        raise TaskRegistryError(str(exc)) from exc
+def _load_task(task_dir: Path) -> EvidenceTask:
+    task_toml = task_dir / "task.toml"
+    instruction_path = task_dir / "instruction.md"
+    verifier_path = task_dir / "tests" / "test.sh"
+    _require_existing_files((task_toml, instruction_path, verifier_path))
+    return _build_task(
+        task_dir=task_dir,
+        instruction_path=instruction_path,
+        verifier_path=verifier_path,
+        raw=_load_task_toml(task_toml),
+    )
+def _load_dataset_ref(index: int, dataset_raw: object) -> EvidenceDatasetRef:
+    dataset_map = _require_mapping(dataset_raw, f"datasets[{index}]")
+    ref = _require_non_empty_str(dataset_map.get("ref"), f"datasets[{index}].ref")
+    dataset_id = _require_non_empty_str(
+        dataset_map.get("dataset_id"),
+        f"datasets[{index}].dataset_id",
+    )
+    scenario_path = _require_non_empty_str(
+        dataset_map.get("scenario_path"),
+        f"datasets[{index}].scenario_path",
+    )
+    task_paths = _require_sequence(dataset_map.get("task_paths"), f"datasets[{index}].task_paths")
+    tasks = tuple(_load_task(Path(str(task_path))) for task_path in task_paths)
+    mismatched = tuple(task.task_id for task in tasks if task.dataset_id != dataset_id)
+    if mismatched:
+        raise TaskRegistryError(
+            f"dataset {ref} has tasks with mismatched dataset_id: {', '.join(mismatched)}"
+        )
+    return EvidenceDatasetRef(
+        ref=ref,
+        dataset_id=dataset_id,
+        scenario_path=Path(scenario_path),
+        tasks=tasks,
+    )
+def load_task_registry(path: Path) -> EvidenceTaskRegistry:
+    """Load and validate a Harbor-style Evidence Fabric task registry."""
+    raw = _load_yaml_mapping(path)
+    banned = _find_banned_keys(raw)
+    if banned:
+        raise TaskRegistryError(
+            "model-visible task registry contains banned implementation keys: " + ", ".join(banned)
+        )
+    version = raw.get("version")
+    if not isinstance(version, int):
+        raise TaskRegistryError("task registry version must be an integer")
+    registry_id = _require_non_empty_str(raw.get("registry_id"), "task registry_id")
+    datasets = _require_sequence(raw.get("datasets"), "task registry datasets")
+    resolved_datasets = tuple(
+        _load_dataset_ref(index, dataset_raw) for index, dataset_raw in enumerate(datasets)
+    )
+    try:
+        return EvidenceTaskRegistry(
+            version=version,
+            registry_id=registry_id,
+            datasets=resolved_datasets,
+        )
+    except ValidationError as exc:
+        raise TaskRegistryError(str(exc)) from exc