STATUS: PUBLISHED ON NPMJS. This version was published to the npm registry on 2026-06-19T18:40:55Z with provenance attestation. View on npm: https://www.npmjs.com/package/@takk/automend/v/1.0.0
[1.0.0] - 2026-06-19T17:39:27Z
Initial stable release. AutoMend is the auto-pilot recovery layer for Massive Intelligence (IM) agents and non-human entities (NHEs): self-healing and drift recovery as an embeddable, zero-runtime-dependency library. It scores output confidence, detects ungrounded claims with GSAR-style typed grounding, monitors behavioral drift against a learned baseline, decides a recovery action, and records every step in a tamper-evident audit trail. Determinism is by policy: AutoMend does not call a model, it turns detect, decide, act into a repeatable, auditable loop.
Added
Core facade
createAutoMend(options): wires confidence scoring, typed grounding, drift detection, recovery decision, and the audit trail into oneguard(input)pass.guardderives issues from confidence, grounding, and drift signals, folds in externally supplied issues, selects the most severe, decides a recovery strategy, and (when executors are given) runs it, recording each step.
Confidence scorer
scoreConfidence(signals, thresholds?): aggregates caller-provided signals into a weighted confidence in [0, 1] with a per-signal breakdown and a coarse verdict (high, medium, low). AutoMend does not invent confidence, it combines the signals you measure.
Typed grounding, GSAR-style hallucination detection
assessGrounding(claims, options?): implements the scoring core of GSAR (Typed Grounding for Hallucination Detection and Recovery in Multi-Agent LLMs, arXiv:2604.23366). The caller classifies each claim into the four-way typology (grounded, ungrounded, contradicted, complementary) and tags evidence strength; AutoMend computes an asymmetric contradiction-penalized weighted groundedness score and couples it to the three-tier decision (proceed, regenerate, replan).
Built-in heuristic detectors (council revision)
@takk/automend/detectors: a model-free starting point so the loop works out of the box.classifyClaimsturns raw claim text plus evidence into classified claims by lexical containment (grounded, complementary, ungrounded; never contradicted, which needs semantics).detectLoopflags a recursive or repeating run from step fingerprints.detectCorruptionflags empty, control-character-laden, or validator-failing output.loopIssueandcorruptionIssueadapt reports into issues. All heuristic and pluggable, swap any for a real model.
Drift monitor
createBaseline,observe,observeMany,checkDrift,getMetric: learn a per-metric baseline with Welford's online algorithm and flag observations beyond a z-score threshold, with an explicit insufficient-data state below a minimum sample count.
Recovery orchestrator
decideRecovery(issue, policy?, state?): a deterministic, ordered policy (first matching rule wins) maps an issue to a strategy (proceed, retry, rollback, escalate, ask-human). Safe mode keeps high and critical issues from auto-acting, and a retry budget converts an exhausted retry into an escalation.runRecovery(decision, executors, options?): carries out a decision through caller-provided executors, returningexecuted: falsewhen no executor matches unlessrequireExecutoris set.
Human escalation
buildEscalation(context, options?): builds an immutable, content-addressed escalation record carrying the issue, the decision, a reason, and full context for a human to act on.
Audit trail
createAuditLog,sealAuditLog,verifyAuditLog: an append-only record of every detection, decision, outcome, and escalation, sealed with a SHA-256 hash chain via the Web Crypto API. Supports the immutable execution-record requirement that EU AI Act Article 12 asks of high-risk systems. It is an integrity seal, not a digital signature.
Interceptors and MCP bridge
guardStep(fn, guard): wraps any agent step so its result or thrown error becomes an issue routed through recovery.createDeterministicClockmakes audit timestamps reproducible.toToolErrorIssuemaps a thrown value to a tool-error issue.@takk/automend/mcp: a duck-typedinterceptMcpClientthat turns a failed MCP tool call (a thrown error or anisErrorresult) into a recovery trigger, importing no MCP SDK.
External issue intake (council revision)
guard()accepts anissuesarray, so a loop fromdetectLoop, an output-corruption flag fromdetectCorruption, or a tool error from the MCP bridge joins the issues derived from confidence, grounding, and drift before the most severe one is chosen. This covers the full trigger set: hallucination, drift, recursive loop, and output corruption.
Entry points
- Eleven library entry points: core,
./confidence,./detectors,./grounding,./drift,./recovery,./escalation,./audit,./interceptors,./mcp,./edge. The whole engine is free of any Node built-in (the audit seal uses Web Crypto, notnode:crypto), so the edge entry is the full core and runs in Cloudflare Workers, Vercel Edge, Deno, Bun, and the browser. The CLIautomendexposesscore,assess,inspect, andverify.
Quality
- 112 tests across 14 suites passing under Vitest 4, green on Node 20, 22, and 24.
- Coverage: statements 93.7%, lines 93.8%, functions 98.7%, branches 88.0%.
- TypeScript strict mode at maximum under TypeScript 6, lint and format clean under Biome 2,
publintclean,are-the-types-wrongclean across all eleven entry points. - Zero runtime dependencies; the core entry point is about 4.2 kB brotli, enforced by
size-limit.
Honest scope
- AutoMend is a deterministic policy and scoring engine, not a model. It does not call an LLM and does not, by itself, decide whether a claim is true. It scores the classifications and signals you supply, and the built-in detectors are heuristics meant as a starting point, not a replacement for a real natural-language inference model.
- The audit seal is tamper-evident (a SHA-256 hash chain), not a digital signature; pair the root with your own signing or notarization for non-repudiation.
- "Self-healing" means AutoMend automates the detect, decide, act loop you wire up; the repair actions are your executors, not magic.
Security
- Published with
--provenance(SLSA attestation by GitHub Actions). Verify vianpm view @takk/automend --json | jq .dist.attestations. - Zero outbound network calls and no telemetry. See SECURITY.md.
Licensing
- Licensed under the Apache License, Version 2.0. The
NOTICEfile ships in the tarball alongsideLICENSE.
Engines
- Node
>=20.0.0. Tested on Node 20, 22, and 24.