vektor-slipstream 1.4.4 → 2.0.0

package/cloak-core.js

@@ -1,499 +0,0 @@
-'use strict';
-/**
- * cloak.js — VEKTOR Cloak Module
- * ─────────────────────────────────────────────────────────────────────────────
- * Sovereign identity and stealth browser layer for AI agents.
- *
- * Functions:
- *   cloak_fetch(url)              — AOM stealth fetch, compressed text output
- *   cloak_render(url, selectors)  — headless CSS/DOM sensor (requires Playwright)
- *   cloak_diff(url)               — semantic diff since last fetch
- *   cloak_passport(key, value?)   — AES-256 credential vault read/write
- *   cloak_diff_text(a, b)         — structural diff between two text blobs
- *   tokens_saved(session)         — ROI audit per session
- *
- * Playwright (cloak_fetch, cloak_render) is an optional dependency.
- * Install with: npx playwright install chromium
- * ─────────────────────────────────────────────────────────────────────────────
- */
-
-const fs     = require('fs');
-const path   = require('path');
-const os     = require('os');
-const crypto = require('crypto');
-
-const VAULT_DIR  = path.join(os.homedir(), '.vektor');
-const VAULT_FILE = path.join(VAULT_DIR, 'vault.enc');
-const CACHE_DIR  = path.join(VAULT_DIR, 'cloak-cache');
-
-// ── Injection sanitiser ───────────────────────────────────────────────────────
-
-const INJECTION_PATTERNS = [
-  /ignore previous/gi,
-  /system:/gi,
-  /admin:/gi,
-  /\[INST\]/gi,
-  /\[\[/g,
-  /\s{10,}/g,
-  /eyJ[a-zA-Z0-9_-]{10,}\.[a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+/g,
-];
-
-function _sanitise(text) {
-  let clean = text;
-  for (const p of INJECTION_PATTERNS) clean = clean.replace(p, '[STRIPPED]');
-  return clean;
-}
-
-// ── URL fingerprint ───────────────────────────────────────────────────────────
-
-function _fingerprintUrl(url) {
-  try {
-    const u = new URL(url);
-    ['utm_source','utm_medium','utm_campaign','ref','token','sid','session'].forEach(p => u.searchParams.delete(p));
-    return u.hostname + u.pathname;
-  } catch { return url; }
-}
-
-// ── Vault (AES-256-GCM, machine-bound) ───────────────────────────────────────
-
-function _getMachineKey() {
-  return crypto.createHash('sha256')
-    .update(`${os.hostname()}:${os.platform()}:${os.homedir()}`)
-    .digest();
-}
-
-function _vaultEncrypt(data) {
-  const key = _getMachineKey();
-  const iv  = crypto.randomBytes(16);
-  const c   = crypto.createCipheriv('aes-256-gcm', key, iv);
-  const enc = Buffer.concat([c.update(JSON.stringify(data), 'utf8'), c.final()]);
-  return { iv: iv.toString('hex'), tag: c.getAuthTag().toString('hex'), data: enc.toString('hex') };
-}
-
-function _vaultDecrypt(s) {
-  const key = _getMachineKey();
-  const d   = crypto.createDecipheriv('aes-256-gcm', key, Buffer.from(s.iv, 'hex'));
-  d.setAuthTag(Buffer.from(s.tag, 'hex'));
-  return JSON.parse(Buffer.concat([d.update(Buffer.from(s.data, 'hex')), d.final()]).toString('utf8'));
-}
-
-function _loadVault() {
-  if (!fs.existsSync(VAULT_FILE)) return {};
-  try { return _vaultDecrypt(JSON.parse(fs.readFileSync(VAULT_FILE, 'utf8'))); }
-  catch { return {}; }
-}
-
-function _saveVault(v) {
-  if (!fs.existsSync(VAULT_DIR)) fs.mkdirSync(VAULT_DIR, { recursive: true });
-  fs.writeFileSync(VAULT_FILE, JSON.stringify(_vaultEncrypt(v)), { mode: 0o600 });
-}
-
-// ── Cache helpers ─────────────────────────────────────────────────────────────
-
-function _getCached(fingerprint) {
-  const file = path.join(CACHE_DIR, crypto.createHash('md5').update(fingerprint).digest('hex') + '.json');
-  if (!fs.existsSync(file)) return null;
-  try { return JSON.parse(fs.readFileSync(file, 'utf8')); }
-  catch { return null; }
-}
-
-function _setCached(fingerprint, data) {
-  if (!fs.existsSync(CACHE_DIR)) fs.mkdirSync(CACHE_DIR, { recursive: true });
-  const file = path.join(CACHE_DIR, crypto.createHash('md5').update(fingerprint).digest('hex') + '.json');
-  fs.writeFileSync(file, JSON.stringify({ ...data, fetched_at: Date.now() }));
-}
-
-// ── Playwright loader (optional) ──────────────────────────────────────────────
-
-async function _getChromium() {
-  try {
-    const { chromium } = require('playwright');
-    return chromium;
-  } catch (e) {
-    throw new Error(
-      'Playwright not installed. Run: npx playwright install chromium\n' +
-      'Or install manually: npm install playwright && npx playwright install chromium'
-    );
-  }
-}
-
-// ── cloak_fetch ───────────────────────────────────────────────────────────────
-
-/**
- * Fetch a URL using a headless browser and return clean compressed text.
- * Caches results locally in ~/.vektor/cloak-cache/
- *
- * @param {string} url
- * @param {object} opts
- * @param {boolean} opts.force  — bypass cache
- * @param {number}  opts.limit  — max chars returned (default 8000)
- * @returns {Promise<{text: string, tokensSaved: number, fromCache: boolean}>}
- */
-async function cloak_fetch(url, opts = {}) {
-  const fingerprint = _fingerprintUrl(url);
-  const limit       = opts.limit || 8000;
-
-  // Cache hit (1 hour TTL)
-  if (!opts.force) {
-    const cached = _getCached(fingerprint);
-    if (cached && Date.now() - cached.fetched_at < 3600000) {
-      return { text: cached.text, tokensSaved: cached.tokensSaved, fromCache: true };
-    }
-  }
-
-  const chromium = await _getChromium();
-  let browser;
-
-  try {
-    browser = await chromium.launch({ headless: true });
-    const page = await browser.newPage();
-
-    await page.setExtraHTTPHeaders({
-      'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36',
-    });
-
-    await page.goto(url, { waitUntil: 'domcontentloaded', timeout: 30000 });
-
-    const rawSize = (await page.content()).length;
-    const text = await page.evaluate(() => {
-      document.querySelectorAll('script,style,nav,footer,header,aside').forEach(el => el.remove());
-      return document.body?.innerText || document.body?.textContent || '';
-    });
-
-    await browser.close();
-
-    const clean       = _sanitise(text.replace(/\s+/g, ' ').trim());
-    const tokensSaved = Math.floor((rawSize - clean.length) / 4);
-    const result      = { text: clean.substring(0, limit), tokensSaved, fromCache: false };
-
-    _setCached(fingerprint, { text: clean.substring(0, limit * 2), tokensSaved });
-    return result;
-
-  } catch (err) {
-    if (browser) await browser.close().catch(() => {});
-    throw err;
-  }
-}
-
-// ── cloak_render ──────────────────────────────────────────────────────────────
-
-/**
- * High-fidelity layout sensor. Renders a page in a headless browser and
- * returns computed CSS, post-JS DOM state, font audit, gap analysis, asset errors.
- *
- * @param {string}   url
- * @param {string[]} selectors  — CSS selectors to audit
- * @param {object}   opts
- * @returns {Promise<object>}
- */
-async function cloak_render(url, selectors = [], opts = {}) {
-  const chromium   = await _getChromium();
-  const waitFor    = opts.wait_for || 'networkidle';
-  const mobile     = opts.mobile || false;
-  const failedAssets = [], consoleErrors = [];
-  let browser;
-
-  try {
-    browser = await chromium.launch({ headless: true });
-    const viewport = mobile
-      ? { width: 390, height: 844, isMobile: true, hasTouch: true, deviceScaleFactor: 3 }
-      : { width: 1440, height: 900 };
-
-    const context = await browser.newContext({ viewport });
-    const page    = await context.newPage();
-
-    page.on('requestfailed', req => failedAssets.push({ url: req.url(), reason: req.failure()?.errorText || 'unknown' }));
-    page.on('console', msg => { if (msg.type() === 'error') consoleErrors.push(msg.text()); });
-
-    await page.goto(url, { waitUntil: waitFor, timeout: 30000 });
-    await page.evaluate(() => document.fonts.ready);
-
-    // Audit selectors
-    const layout = {};
-    for (const sel of (selectors.length ? selectors : ['body', 'main', 'header', 'footer'])) {
-      try {
-        const data = await page.evaluate((s) => {
-          const el = document.querySelector(s);
-          if (!el) return null;
-          const style = window.getComputedStyle(el);
-          const rect  = el.getBoundingClientRect();
-          return {
-            display:    style.display,
-            visibility: style.visibility,
-            w: Math.round(rect.width),
-            h: Math.round(rect.height),
-            top: Math.round(rect.top),
-          };
-        }, sel);
-        if (data) layout[sel] = data;
-      } catch (_) {}
-    }
-
-    // Font audit
-    const fonts = await page.evaluate(() =>
-      [...document.fonts].map(f => ({ family: f.family, status: f.status }))
-    );
-
-    // Gap analysis — find elements with suspicious zero height
-    const gapSuspects = await page.evaluate(() => {
-      const suspects = [];
-      document.querySelectorAll('section, div[class*="section"], div[class*="hero"], div[class*="wrap"]').forEach(el => {
-        const rect = el.getBoundingClientRect();
-        if (rect.height === 0 && el.children.length > 0) {
-          suspects.push({ selector: el.className || el.tagName, issue: 'zero height with children' });
-        }
-      });
-      return suspects.slice(0, 10);
-    });
-
-    await browser.close();
-
-    return {
-      status:      'SUCCESS',
-      url,
-      audit: { layout, fonts: fonts.slice(0, 20), gapSuspects, assetErrors: failedAssets.slice(0, 10), consoleErrors: consoleErrors.slice(0, 10) },
-    };
-
-  } catch (err) {
-    if (browser) await browser.close().catch(() => {});
-    throw err;
-  }
-}
-
-// ── cloak_diff ────────────────────────────────────────────────────────────────
-
-/**
- * Return what changed on a URL since last fetch.
- * Requires cloak_fetch to have been called at least twice for the URL.
- *
- * @param {string} url
- * @returns {Promise<{added: string[], removed: string[], unchanged: boolean}>}
- */
-async function cloak_diff(url, opts = {}) {
-  const fingerprint = _fingerprintUrl(url);
-  const cached      = _getCached(fingerprint);
-
-  if (!cached) {
-    // First visit — fetch and cache
-    const result = await cloak_fetch(url, opts);
-    return { unchanged: true, message: 'First visit — no previous state to diff. Run again to detect changes.' };
-  }
-
-  // Fetch fresh
-  const fresh = await cloak_fetch(url, { ...opts, force: true });
-
-  const cachedWords = new Set(cached.text.split(/\s+/).filter(w => w.length > 4));
-  const freshWords  = new Set(fresh.text.split(/\s+/).filter(w => w.length > 4));
-
-  const added   = [...freshWords].filter(w => !cachedWords.has(w));
-  const removed = [...cachedWords].filter(w => !freshWords.has(w));
-
-  if (added.length === 0 && removed.length === 0) {
-    return { unchanged: true, message: 'No semantic changes detected.' };
-  }
-
-  return {
-    unchanged: false,
-    added:   added.slice(0, 50),
-    removed: removed.slice(0, 50),
-    summary: `+${added.length} new terms, -${removed.length} removed terms`,
-  };
-}
-
-// ── cloak_diff_text ───────────────────────────────────────────────────────────
-
-/**
- * Structural diff between two text blobs or JSON objects.
- * No browser required — pure local comparison.
- *
- * @param {string|object} a  — previous state
- * @param {string|object} b  — current state
- * @returns {{added: string[], removed: string[], changed: string[]}}
- */
-function cloak_diff_text(a, b) {
-  const strA = typeof a === 'object' ? JSON.stringify(a, null, 2) : String(a);
-  const strB = typeof b === 'object' ? JSON.stringify(b, null, 2) : String(b);
-
-  const linesA = new Set(strA.split('\n').map(l => l.trim()).filter(Boolean));
-  const linesB = new Set(strB.split('\n').map(l => l.trim()).filter(Boolean));
-
-  const added   = [...linesB].filter(l => !linesA.has(l));
-  const removed = [...linesA].filter(l => !linesB.has(l));
-
-  return {
-    added,
-    removed,
-    unchanged: added.length === 0 && removed.length === 0,
-    summary: `+${added.length} lines added, -${removed.length} lines removed`,
-  };
-}
-
-// ── cloak_passport ────────────────────────────────────────────────────────────
-
-/**
- * Read and write to the encrypted ~/.vektor/vault.enc credential store.
- * AES-256-GCM encrypted. Decryption key is machine-bound (hostname + platform + homedir).
- * A compromised vault file is unreadable on any other machine.
- *
- * @param {string} key    — credential name (e.g. 'GITHUB_TOKEN', 'OPENAI_KEY')
- * @param {string} value  — if provided, write this value. If omitted, read.
- * @returns {string|null} — value if reading, 'stored' if writing
- */
-function cloak_passport(key, value) {
-  if (!key) throw new Error('cloak_passport: key is required');
-
-  const vault = _loadVault();
-
-  if (value !== undefined) {
-    vault[key] = value;
-    _saveVault(vault);
-    return 'stored';
-  }
-
-  return vault[key] || null;
-}
-
-// ── tokens_saved ──────────────────────────────────────────────────────────────
-
-/**
- * Log and calculate token efficiency for a session.
- * Compares tokens consumed vs what would have been used without VEKTOR memory compression.
- *
- * @param {object} session
- * @param {number} session.raw_tokens      — tokens without VEKTOR (estimated)
- * @param {number} session.actual_tokens   — tokens actually used
- * @param {string} session.agent_id        — agent identifier
- * @param {string} session.provider        — LLM provider (openai, gemini, etc.)
- * @param {number} session.cost_per_1m     — cost per 1M input tokens in USD
- * @returns {{saved: number, reduction_pct: number, cost_saved_usd: number, roi_multiple: number}}
- */
-function tokens_saved(session = {}) {
-  const raw    = session.raw_tokens    || 0;
-  const actual = session.actual_tokens || 0;
-  const cpm    = session.cost_per_1m   || 2.50; // default GPT-4o rate
-
-  if (raw === 0) return { saved: 0, reduction_pct: 0, cost_saved_usd: 0, roi_multiple: 0 };
-
-  const saved         = raw - actual;
-  const reduction_pct = Math.round((saved / raw) * 100);
-  const cost_saved    = (saved / 1_000_000) * cpm;
-  const monthly_cost  = (actual / 1_000_000) * cpm;
-  const roi_multiple  = monthly_cost > 0 ? Math.round((cost_saved / monthly_cost) * 10) / 10 : 0;
-
-  // Log to vault for audit trail
-  try {
-    const vault    = _loadVault();
-    const log      = vault['_token_audit'] || [];
-    log.push({
-      timestamp:    new Date().toISOString(),
-      agent_id:     session.agent_id || 'unknown',
-      provider:     session.provider || 'unknown',
-      raw_tokens:   raw,
-      actual_tokens: actual,
-      saved,
-      reduction_pct,
-      cost_saved_usd: cost_saved,
-    });
-    vault['_token_audit'] = log.slice(-100); // keep last 100 sessions
-    _saveVault(vault);
-  } catch (_) {}
-
-  return {
-    saved,
-    reduction_pct,
-    cost_saved_usd: Math.round(cost_saved * 10000) / 10000,
-    roi_multiple,
-    summary: `${reduction_pct}% token reduction · $${cost_saved.toFixed(4)} saved · ${roi_multiple}x ROI`,
-  };
-}
-
-// ── MCP tool definitions (for use in MCP servers) ────────────────────────────
-
-const CLOAK_MCP_TOOLS = [
-  {
-    name: 'cloak_fetch',
-    description: 'Fetch a URL using a stealth headless browser. Returns clean compressed text. Caches locally — run again to get diff.',
-    input_schema: {
-      type: 'object',
-      properties: {
-        url:   { type: 'string',  description: 'URL to fetch' },
-        force: { type: 'boolean', description: 'Bypass cache (default false)' },
-        limit: { type: 'integer', description: 'Max chars returned (default 8000)' },
-      },
-      required: ['url'],
-    },
-  },
-  {
-    name: 'cloak_render',
-    description: 'High-fidelity layout sensor. Headless browser renders page, executes JS, resolves CSS. Returns computed styles, font audit, gap analysis, asset errors.',
-    input_schema: {
-      type: 'object',
-      properties: {
-        url:       { type: 'string', description: 'URL to render' },
-        selectors: { type: 'array',  items: { type: 'string' }, description: 'CSS selectors to audit' },
-        mobile:    { type: 'boolean', description: 'Render in mobile viewport (default false)' },
-      },
-      required: ['url'],
-    },
-  },
-  {
-    name: 'cloak_diff',
-    description: 'Return what semantically changed on a URL since last fetch.',
-    input_schema: {
-      type: 'object',
-      properties: {
-        url: { type: 'string', description: 'URL to check for changes' },
-      },
-      required: ['url'],
-    },
-  },
-  {
-    name: 'cloak_diff_text',
-    description: 'Structural diff between two text blobs or JSON objects. No browser needed.',
-    input_schema: {
-      type: 'object',
-      properties: {
-        a: { type: 'string', description: 'Previous state (text or JSON string)' },
-        b: { type: 'string', description: 'Current state (text or JSON string)' },
-      },
-      required: ['a', 'b'],
-    },
-  },
-  {
-    name: 'cloak_passport',
-    description: 'Read or write to the AES-256 encrypted credential vault (~/.vektor/vault.enc). Machine-bound — unreadable on other machines.',
-    input_schema: {
-      type: 'object',
-      properties: {
-        key:   { type: 'string', description: 'Credential name (e.g. GITHUB_TOKEN)' },
-        value: { type: 'string', description: 'Value to store. Omit to read.' },
-      },
-      required: ['key'],
-    },
-  },
-  {
-    name: 'tokens_saved',
-    description: 'Calculate token efficiency and ROI for a session. Logs to audit trail.',
-    input_schema: {
-      type: 'object',
-      properties: {
-        raw_tokens:    { type: 'integer', description: 'Estimated tokens without VEKTOR' },
-        actual_tokens: { type: 'integer', description: 'Actual tokens used with VEKTOR' },
-        agent_id:      { type: 'string',  description: 'Agent identifier' },
-        provider:      { type: 'string',  description: 'LLM provider (openai, gemini, etc.)' },
-        cost_per_1m:   { type: 'number',  description: 'Cost per 1M input tokens in USD (default 2.50)' },
-      },
-      required: ['raw_tokens', 'actual_tokens'],
-    },
-  },
-];
-
-module.exports = {
-  cloak_fetch,
-  cloak_render,
-  cloak_diff,
-  cloak_diff_text,
-  cloak_passport,
-  tokens_saved,
-  CLOAK_MCP_TOOLS,
-};