agent-harness 0.28.1 → 0.28.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.release-please-manifest.json +1 -1
- data/CHANGELOG.md +7 -0
- data/lib/agent_harness/providers/kilocode.rb +25 -0
- data/lib/agent_harness/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1e26544498cd552f3992c81ebe33b869b51daf38e199c6f0cdc733437f39f531
|
|
4
|
+
data.tar.gz: 55d5a1527f9ef1c208706dbfccbce73246751a329f87ff64a514e14301d81283
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9fd530fe7ab66107b79b776d170523d9095212b0988f6b2e8e5a160b792927f758b951faf1c4a5ef2fa2035d86d2ab8a1d60185c4f0631bb3c66d0d7740153bd
|
|
7
|
+
data.tar.gz: 8b4f298b243c6185965633e41b0f629648ae308ab8d2acd62f47a73256e1cac22398cc77442b28ca69d8b77afd933415a45e678bf60a1744007d1151db0d3961
|
data/CHANGELOG.md
CHANGED
|
@@ -6,6 +6,13 @@
|
|
|
6
6
|
* **auth:** add provider-owned PKCE code-exchange API for Claude OAuth (`AgentHarness::Authentication.exchange_code`). Takes an authorization code plus PKCE verifier (and `redirect_uri`/`client_id`), posts an `authorization_code` grant to the Claude token endpoint, and persists the resulting access/refresh tokens in the native `claudeAiOauth` shape. Adds `exchange_code_supported?` and a `code_exchange` key to `auth_capabilities` ([#266](https://github.com/viamin/agent-harness/issues/266)).
|
|
7
7
|
|
|
8
8
|
|
|
9
|
+
## [0.28.2](https://github.com/viamin/agent-harness/compare/agent-harness/v0.28.1...agent-harness/v0.28.2) (2026-07-10)
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
### Bug Fixes
|
|
13
|
+
|
|
14
|
+
* Kilocode: default external_directory permission blocks /tmp scratch files, silently killing non-interactive runs ([#283](https://github.com/viamin/agent-harness/issues/283)) ([1ad518f](https://github.com/viamin/agent-harness/commit/1ad518f5c135c5c95d161b9d41a799692f470f76))
|
|
15
|
+
|
|
9
16
|
## [0.28.1](https://github.com/viamin/agent-harness/compare/agent-harness/v0.28.0...agent-harness/v0.28.1) (2026-07-08)
|
|
10
17
|
|
|
11
18
|
|
|
@@ -106,6 +106,21 @@ module AgentHarness
|
|
|
106
106
|
end
|
|
107
107
|
end
|
|
108
108
|
|
|
109
|
+
# Kilo CLI (an opencode fork) ships the same `external_directory`
|
|
110
|
+
# permission category as OpenCode, defaulting to `ask` for anything
|
|
111
|
+
# outside the project dir. In non-interactive execution there is no human
|
|
112
|
+
# to answer the resulting permission prompt, so reads/writes of scratch
|
|
113
|
+
# files under `/tmp/*` via the dedicated read/write/edit tools are
|
|
114
|
+
# auto-rejected — even though bash I/O to the same paths succeeds (shell
|
|
115
|
+
# redirection is not a tool call). The agent then silently loses access to
|
|
116
|
+
# its own scratch output and never completes the task. This default rule
|
|
117
|
+
# broadens the allowlist to all of `/tmp` so the agent can read back files
|
|
118
|
+
# it (or its sub-agents) wrote there.
|
|
119
|
+
DEFAULT_PERMISSION_EXTERNAL_DIRECTORY_PATTERN = "/tmp/**"
|
|
120
|
+
DEFAULT_PERMISSION_RULE = {
|
|
121
|
+
"external_directory" => {DEFAULT_PERMISSION_EXTERNAL_DIRECTORY_PATTERN => "allow"}
|
|
122
|
+
}.freeze
|
|
123
|
+
|
|
109
124
|
def name
|
|
110
125
|
"kilocode"
|
|
111
126
|
end
|
|
@@ -172,6 +187,8 @@ module AgentHarness
|
|
|
172
187
|
|
|
173
188
|
config = {provider: {provider_name => {}}}
|
|
174
189
|
config[:model] = "#{provider_name}/#{model_id}" if model_id
|
|
190
|
+
config[:permission] = deep_dup(options[:permission]) if options[:permission]
|
|
191
|
+
apply_default_external_directory_permission(config)
|
|
175
192
|
|
|
176
193
|
config.to_json
|
|
177
194
|
end
|
|
@@ -332,6 +349,14 @@ module AgentHarness
|
|
|
332
349
|
|
|
333
350
|
private
|
|
334
351
|
|
|
352
|
+
def apply_default_external_directory_permission(payload)
|
|
353
|
+
# Respect any caller-supplied `permission` block verbatim: if a caller
|
|
354
|
+
# takes responsibility for permission config, we do not override it.
|
|
355
|
+
return if payload.key?(:permission) || payload.key?("permission")
|
|
356
|
+
|
|
357
|
+
payload[:permission] = deep_dup(DEFAULT_PERMISSION_RULE)
|
|
358
|
+
end
|
|
359
|
+
|
|
335
360
|
def heartbeat_hook_script(heartbeat_file_path)
|
|
336
361
|
"touch #{Shellwords.escape(heartbeat_file_path)}"
|
|
337
362
|
end
|