@bookedsolid/reagent 0.12.1 → 0.12.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/cli/commands/init/policy.d.ts.map +1 -1
  2. package/dist/cli/commands/init/policy.js +3 -1
  3. package/dist/cli/commands/init/policy.js.map +1 -1
  4. package/hooks/blocked-paths-enforcer.sh +17 -9
  5. package/package.json +1 -1
package/dist/cli/commands/init/policy.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../../../src/cli/commands/init/policy.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE/D,wBAAgB,aAAa,CAC3B,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,aAAa,EACtB,MAAM,EAAE,OAAO,GACd,aAAa,EAAE,CAgFjB"}
1
+ {"version":3,"file":"policy.d.ts","sourceRoot":"","sources":["../../../../src/cli/commands/init/policy.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAE/D,wBAAgB,aAAa,CAC3B,SAAS,EAAE,MAAM,EACjB,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,aAAa,EACtB,MAAM,EAAE,OAAO,GACd,aAAa,EAAE,CAkFjB"}
package/dist/cli/commands/init/policy.js CHANGED
@@ -16,7 +16,9 @@ export function installPolicy(targetDir, profileName, profile, dryRun) {
16
16
  const coverageEnabled = profile.coverage?.enabled === true;
17
17
  const coverageThreshold = profile.coverage?.threshold ?? 80;
18
18
  const blockedPaths = profile.blockedPaths ?? [
19
- '.reagent/',
19
+ '.reagent/policy.yaml',
20
+ '.reagent/HALT',
21
+ '.reagent/review-cache.json',
20
22
  '.github/workflows/',
21
23
  '.env',
22
24
  '.env.*',
package/dist/cli/commands/init/policy.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../../src/cli/commands/init/policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAG/C,MAAM,UAAU,aAAa,CAC3B,SAAiB,EACjB,WAAmB,EACnB,OAAsB,EACtB,MAAe;IAEf,MAAM,WAAW,GAAG,aAAa,EAAE,CAAC;IACpC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IACpD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IAExD,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,gBAAgB,GAAG,OAAO,CAAC,kBAAkB,KAAK,IAAI,CAAC;QAC7D,MAAM,cAAc,GAAG,OAAO,CAAC,QAAQ,EAAE,cAAc,IAAI,UAAU,CAAC;QACtE,MAAM,eAAe,GAAG,OAAO,CAAC,QAAQ,EAAE,OAAO,KAAK,IAAI,CAAC;QAC3D,MAAM,iBAAiB,GAAG,OAAO,CAAC,QAAQ,EAAE,SAAS,IAAI,EAAE,CAAC;QAC5D,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI;YAC3C,WAAW;YACX,oBAAoB;YACpB,MAAM;YACN,QAAQ;SACT,CAAC;QACF,MAAM,gBAAgB,GAAG,YAAY,CAAC,MAAM;YAC1C,CAAC,CAAC,IAAI,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;YACjE,CAAC,CAAC,KAAK,CAAC;QACV,MAAM,OAAO,GAAG,+DAA+D,WAAW;;;;;YAKlF,WAAW;yBACE,WAAW;iBACnB,GAAG;;;;;;;;;;;;;;;;;;wBAkBI,gBAAgB;;;gBAGxB,gBAAgB;;;;;;;;;;;;aAYnB,eAAe;eACb,iBAAiB;;;;;;;;sBAQV,cAAc;CACnC,CAAC;QACE,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;AACjE,CAAC"}
1
+ {"version":3,"file":"policy.js","sourceRoot":"","sources":["../../../../src/cli/commands/init/policy.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAG/C,MAAM,UAAU,aAAa,CAC3B,SAAiB,EACjB,WAAmB,EACnB,OAAsB,EACtB,MAAe;IAEf,MAAM,WAAW,GAAG,aAAa,EAAE,CAAC;IACpC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;IACpD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IAExD,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC9B,OAAO,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;IAC/D,CAAC;IAED,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,EAAE,CAAC,SAAS,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9C,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QACrC,MAAM,gBAAgB,GAAG,OAAO,CAAC,kBAAkB,KAAK,IAAI,CAAC;QAC7D,MAAM,cAAc,GAAG,OAAO,CAAC,QAAQ,EAAE,cAAc,IAAI,UAAU,CAAC;QACtE,MAAM,eAAe,GAAG,OAAO,CAAC,QAAQ,EAAE,OAAO,KAAK,IAAI,CAAC;QAC3D,MAAM,iBAAiB,GAAG,OAAO,CAAC,QAAQ,EAAE,SAAS,IAAI,EAAE,CAAC;QAC5D,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI;YAC3C,sBAAsB;YACtB,eAAe;YACf,4BAA4B;YAC5B,oBAAoB;YACpB,MAAM;YACN,QAAQ;SACT,CAAC;QACF,MAAM,gBAAgB,GAAG,YAAY,CAAC,MAAM;YAC1C,CAAC,CAAC,IAAI,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC;YACjE,CAAC,CAAC,KAAK,CAAC;QACV,MAAM,OAAO,GAAG,+DAA+D,WAAW;;;;;YAKlF,WAAW;yBACE,WAAW;iBACnB,GAAG;;;;;;;;;;;;;;;;;;wBAkBI,gBAAgB;;;gBAGxB,gBAAgB;;;;;;;;;;;;aAYnB,eAAe;eACb,iBAAiB;;;;;;;;sBAQV,cAAc;CACnC,CAAC;QACE,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAChD,CAAC;IAED,OAAO,CAAC,EAAE,IAAI,EAAE,sBAAsB,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;AACjE,CAAC"}
package/hooks/blocked-paths-enforcer.sh CHANGED
@@ -90,28 +90,36 @@ if [[ ${#BLOCKED_PATHS[@]} -eq 0 ]]; then
90
90
  exit 0
91
91
  fi
92
92
 
93
- # ── 6. Normalize and match ────────────────────────────────────────────────────
93
+ # ── 6. Agent-writable allowlist ───────────────────────────────────────────────
94
+ # These paths under .reagent/ must always be writable by agents regardless of
95
+ # what blocked_paths says. Blocking the whole .reagent/ directory in policy
96
+ # is a common default, but tasks.jsonl is the PM data store — agents must
97
+ # write there. Settings-protection.sh guards the sensitive files explicitly.
98
+ AGENT_WRITABLE=(
99
+ '.reagent/tasks.jsonl'
100
+ '.reagent/audit/'
101
+ )
94
102
 
95
- # Convert to relative path from project root
96
103
  normalize_path() {
97
104
  local p="$1"
98
105
  local root="$REAGENT_ROOT"
99
-
100
- # Strip project root prefix if present
101
106
  if [[ "$p" == "$root"/* ]]; then
102
107
  p="${p#$root/}"
103
108
  fi
104
-
105
- # URL decode common sequences
106
109
  p=$(printf '%s' "$p" | sed 's/%2[Ff]/\//g; s/%2[Ee]/./g; s/%20/ /g')
107
-
108
- # Remove ./ prefix
109
110
  p="${p#./}"
110
-
111
111
  printf '%s' "$p"
112
112
  }
113
113
 
114
114
  NORMALIZED=$(normalize_path "$FILE_PATH")
115
+
116
+ for writable in "${AGENT_WRITABLE[@]}"; do
117
+ if [[ "$NORMALIZED" == "$writable" ]] || [[ "$NORMALIZED" == "$writable"* && "$writable" == */ ]]; then
118
+ exit 0
119
+ fi
120
+ done
121
+
122
+ # ── 7. Match against blocked_paths ───────────────────────────────────────────
115
123
  LOWER_NORM=$(printf '%s' "$NORMALIZED" | tr '[:upper:]' '[:lower:]')
116
124
 
117
125
  for blocked in "${BLOCKED_PATHS[@]}"; do
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@bookedsolid/reagent",
3
- "version": "0.12.1",
3
+ "version": "0.12.2",
4
4
  "description": "Zero-trust MCP gateway — policy enforcement, secret redaction, and audit logging for AI-assisted projects",
5
5
  "license": "MIT",
6
6
  "author": "Booked Solid Technology <oss@bookedsolid.tech> (https://bookedsolid.tech)",