Skip to content

Releases: davccavalcante/automend

[PUBLISHED ON NPMJS] @takk/automend@1.0.0

Choose a tag to compare

@github-actions github-actions released this 19 Jun 18:35

STATUS: PUBLISHED ON NPMJS. This version was published to the npm registry on 2026-06-19T18:40:55Z with provenance attestation. View on npm: https://www.npmjs.com/package/@takk/automend/v/1.0.0

[1.0.0] - 2026-06-19T17:39:27Z

Initial stable release. AutoMend is the auto-pilot recovery layer for Massive Intelligence (IM) agents and non-human entities (NHEs): self-healing and drift recovery as an embeddable, zero-runtime-dependency library. It scores output confidence, detects ungrounded claims with GSAR-style typed grounding, monitors behavioral drift against a learned baseline, decides a recovery action, and records every step in a tamper-evident audit trail. Determinism is by policy: AutoMend does not call a model, it turns detect, decide, act into a repeatable, auditable loop.

Added

Core facade

  • createAutoMend(options): wires confidence scoring, typed grounding, drift detection, recovery decision, and the audit trail into one guard(input) pass. guard derives issues from confidence, grounding, and drift signals, folds in externally supplied issues, selects the most severe, decides a recovery strategy, and (when executors are given) runs it, recording each step.

Confidence scorer

  • scoreConfidence(signals, thresholds?): aggregates caller-provided signals into a weighted confidence in [0, 1] with a per-signal breakdown and a coarse verdict (high, medium, low). AutoMend does not invent confidence, it combines the signals you measure.

Typed grounding, GSAR-style hallucination detection

  • assessGrounding(claims, options?): implements the scoring core of GSAR (Typed Grounding for Hallucination Detection and Recovery in Multi-Agent LLMs, arXiv:2604.23366). The caller classifies each claim into the four-way typology (grounded, ungrounded, contradicted, complementary) and tags evidence strength; AutoMend computes an asymmetric contradiction-penalized weighted groundedness score and couples it to the three-tier decision (proceed, regenerate, replan).

Built-in heuristic detectors (council revision)

  • @takk/automend/detectors: a model-free starting point so the loop works out of the box. classifyClaims turns raw claim text plus evidence into classified claims by lexical containment (grounded, complementary, ungrounded; never contradicted, which needs semantics). detectLoop flags a recursive or repeating run from step fingerprints. detectCorruption flags empty, control-character-laden, or validator-failing output. loopIssue and corruptionIssue adapt reports into issues. All heuristic and pluggable, swap any for a real model.

Drift monitor

  • createBaseline, observe, observeMany, checkDrift, getMetric: learn a per-metric baseline with Welford's online algorithm and flag observations beyond a z-score threshold, with an explicit insufficient-data state below a minimum sample count.

Recovery orchestrator

  • decideRecovery(issue, policy?, state?): a deterministic, ordered policy (first matching rule wins) maps an issue to a strategy (proceed, retry, rollback, escalate, ask-human). Safe mode keeps high and critical issues from auto-acting, and a retry budget converts an exhausted retry into an escalation.
  • runRecovery(decision, executors, options?): carries out a decision through caller-provided executors, returning executed: false when no executor matches unless requireExecutor is set.

Human escalation

  • buildEscalation(context, options?): builds an immutable, content-addressed escalation record carrying the issue, the decision, a reason, and full context for a human to act on.

Audit trail

  • createAuditLog, sealAuditLog, verifyAuditLog: an append-only record of every detection, decision, outcome, and escalation, sealed with a SHA-256 hash chain via the Web Crypto API. Supports the immutable execution-record requirement that EU AI Act Article 12 asks of high-risk systems. It is an integrity seal, not a digital signature.

Interceptors and MCP bridge

  • guardStep(fn, guard): wraps any agent step so its result or thrown error becomes an issue routed through recovery. createDeterministicClock makes audit timestamps reproducible. toToolErrorIssue maps a thrown value to a tool-error issue.
  • @takk/automend/mcp: a duck-typed interceptMcpClient that turns a failed MCP tool call (a thrown error or an isError result) into a recovery trigger, importing no MCP SDK.

External issue intake (council revision)

  • guard() accepts an issues array, so a loop from detectLoop, an output-corruption flag from detectCorruption, or a tool error from the MCP bridge joins the issues derived from confidence, grounding, and drift before the most severe one is chosen. This covers the full trigger set: hallucination, drift, recursive loop, and output corruption.

Entry points

  • Eleven library entry points: core, ./confidence, ./detectors, ./grounding, ./drift, ./recovery, ./escalation, ./audit, ./interceptors, ./mcp, ./edge. The whole engine is free of any Node built-in (the audit seal uses Web Crypto, not node:crypto), so the edge entry is the full core and runs in Cloudflare Workers, Vercel Edge, Deno, Bun, and the browser. The CLI automend exposes score, assess, inspect, and verify.

Quality

  • 112 tests across 14 suites passing under Vitest 4, green on Node 20, 22, and 24.
  • Coverage: statements 93.7%, lines 93.8%, functions 98.7%, branches 88.0%.
  • TypeScript strict mode at maximum under TypeScript 6, lint and format clean under Biome 2, publint clean, are-the-types-wrong clean across all eleven entry points.
  • Zero runtime dependencies; the core entry point is about 4.2 kB brotli, enforced by size-limit.

Honest scope

  • AutoMend is a deterministic policy and scoring engine, not a model. It does not call an LLM and does not, by itself, decide whether a claim is true. It scores the classifications and signals you supply, and the built-in detectors are heuristics meant as a starting point, not a replacement for a real natural-language inference model.
  • The audit seal is tamper-evident (a SHA-256 hash chain), not a digital signature; pair the root with your own signing or notarization for non-repudiation.
  • "Self-healing" means AutoMend automates the detect, decide, act loop you wire up; the repair actions are your executors, not magic.

Security

  • Published with --provenance (SLSA attestation by GitHub Actions). Verify via npm view @takk/automend --json | jq .dist.attestations.
  • Zero outbound network calls and no telemetry. See SECURITY.md.

Licensing

  • Licensed under the Apache License, Version 2.0. The NOTICE file ships in the tarball alongside LICENSE.

Engines

  • Node >=20.0.0. Tested on Node 20, 22, and 24.