npm - @botbotgo/agent-harness - Versions diffs - 0.0.34 → 0.0.36 - Mend

@botbotgo/agent-harness 0.0.34 → 0.0.36

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/contracts/types.d.ts +1 -0
package/dist/package-version.d.ts +1 -1
package/dist/package-version.js +1 -1
package/dist/runtime/agent-runtime-adapter.js +1 -1
package/dist/runtime/tool-hitl.d.ts +2 -1
package/dist/runtime/tool-hitl.js +55 -2
package/dist/workspace/agent-binding-compiler.js +1 -0
package/package.json +1 -1

package/dist/contracts/types.d.ts CHANGED Viewed

@@ -174,6 +174,7 @@ export type CompiledAgentBinding = {
     deepAgentParams?: DeepAgentParams;
     harnessRuntime: {
         runRoot: string;
+        workspaceRoot?: string;
         hostFacing: boolean;
         checkpointer?: Record<string, unknown>;
         store?: Record<string, unknown>;

package/dist/package-version.d.ts CHANGED Viewed

	@@ -1 +1 @@
1	- export declare const AGENT_HARNESS_VERSION = "0.0.33";
1	+ export declare const AGENT_HARNESS_VERSION = "0.0.35";

package/dist/package-version.js CHANGED Viewed

	@@ -1 +1 @@
1	- export const AGENT_HARNESS_VERSION = "0.0.33";
1	+ export const AGENT_HARNESS_VERSION = "0.0.35";

package/dist/runtime/agent-runtime-adapter.js CHANGED Viewed

@@ -367,7 +367,7 @@ export class AgentRuntimeAdapter {
             if (!compiledTool) {
                 return resolvedTool;
             }
-            const wrappedTool = wrapToolForExecution(resolvedTool, compiledTool);
+            const wrappedTool = wrapToolForExecution(resolvedTool, compiledTool, binding);
             const modelFacingName = toolNameMapping.originalToModelFacing.get(compiledTool.name) ?? compiledTool.name;
             const structuredTool = asStructuredExecutableTool(wrappedTool, modelFacingName, compiledTool.description);
             if (structuredTool !== wrappedTool) {

package/dist/runtime/tool-hitl.d.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import type { CompiledTool } from "../contracts/types.js";
+import type { CompiledAgentBinding } from "../contracts/types.js";
 type InterruptFn = <I = unknown, R = unknown>(value: I) => R;
 export declare function wrapToolForHumanInTheLoop<T>(resolvedTool: T, compiledTool: CompiledTool, interruptFn?: InterruptFn): T;
-export declare function wrapToolForExecution<T>(resolvedTool: T, compiledTool: CompiledTool, interruptFn?: InterruptFn): T;
+export declare function wrapToolForExecution<T>(resolvedTool: T, compiledTool: CompiledTool, binding?: CompiledAgentBinding, interruptFn?: InterruptFn): T;
 export {};

package/dist/runtime/tool-hitl.js CHANGED Viewed

@@ -1,5 +1,8 @@
 import { interrupt } from "@langchain/langgraph";
+import path from "node:path";
 const DEDUPED_REMOTE_TOOL_NAMES = new Set(["builtin.fetch_url", "builtin.web_search"]);
+const PATH_LIKE_INPUT_KEYS = new Set(["path", "root", "dir", "directory", "cwd"]);
+const ROOT_SCOPING_INPUT_KEYS = new Set(["root", "dir", "directory", "cwd"]);
 function toInputPreview(input) {
     if (typeof input === "object" && input && !Array.isArray(input)) {
         return input;
@@ -103,6 +106,56 @@ function wrapToolWithDedupe(resolvedTool, compiledTool) {
         },
     });
 }
-export function wrapToolForExecution(resolvedTool, compiledTool, interruptFn = interrupt) {
-    return wrapToolWithDedupe(wrapToolForHumanInTheLoop(resolvedTool, compiledTool, interruptFn), compiledTool);
+function shouldConstrainWorkspacePaths(compiledTool) {
+    const normalized = `${compiledTool.name} ${compiledTool.description}`.toLowerCase();
+    if (/(web[_ .-]?search|fetch[_ .-]?url|https?:\/\/|\burl\b)/.test(normalized)) {
+        return false;
+    }
+    return /(workspace|repo|repository|sandbox|filesystem|file|directory|folder|path|memory|source[- ]control|code search|context search|rag|index|grep|glob|read|write|edit)/.test(normalized);
+}
+function guardWorkspaceBoundToolInput(input, compiledTool, binding) {
+    const workspaceRoot = binding?.harnessRuntime.workspaceRoot;
+    if (!workspaceRoot || typeof input !== "object" || !input || Array.isArray(input) || !shouldConstrainWorkspacePaths(compiledTool)) {
+        return input;
+    }
+    const record = { ...input };
+    for (const [key, value] of Object.entries(record)) {
+        if (!PATH_LIKE_INPUT_KEYS.has(key) || typeof value !== "string") {
+            continue;
+        }
+        const candidate = value.trim();
+        if (!candidate || /^[a-z]+:\/\//i.test(candidate)) {
+            continue;
+        }
+        const absolute = path.resolve(workspaceRoot, candidate);
+        const relative = path.relative(workspaceRoot, absolute);
+        if (relative.startsWith("..") || path.isAbsolute(relative)) {
+            if (ROOT_SCOPING_INPUT_KEYS.has(key)) {
+                record[key] = workspaceRoot;
+                continue;
+            }
+            throw new Error(`Tool ${compiledTool.name} input ${key} resolves outside the workspace root`);
+        }
+    }
+    return record;
+}
+export function wrapToolForExecution(resolvedTool, compiledTool, binding, interruptFn = interrupt) {
+    const guardedTool = typeof resolvedTool === "object" && resolvedTool !== null
+        ? new Proxy(resolvedTool, {
+            get(obj, prop, receiver) {
+                const value = Reflect.get(obj, prop, receiver);
+                if (prop === "invoke" && typeof value === "function") {
+                    return (input, config) => obj.invoke(guardWorkspaceBoundToolInput(input, compiledTool, binding), config);
+                }
+                if (prop === "call" && typeof value === "function") {
+                    return (input, config) => obj.call(guardWorkspaceBoundToolInput(input, compiledTool, binding), config);
+                }
+                if (prop === "func" && typeof value === "function") {
+                    return (input, config) => obj.func(guardWorkspaceBoundToolInput(input, compiledTool, binding), config);
+                }
+                return value;
+            },
+        })
+        : resolvedTool;
+    return wrapToolWithDedupe(wrapToolForHumanInTheLoop(guardedTool, compiledTool, interruptFn), compiledTool);
 }

package/dist/workspace/agent-binding-compiler.js CHANGED Viewed

@@ -154,6 +154,7 @@ export function compileBinding(workspaceRoot, agent, agents, referencedSubagentI
         agent,
         harnessRuntime: {
             runRoot,
+            workspaceRoot,
             hostFacing: !internalSubagent,
             ...(checkpointer ? { checkpointer: checkpointer.config } : {}),
             ...(store ? { store: store.config } : {}),

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@botbotgo/agent-harness",
-  "version": "0.0.34",
+  "version": "0.0.36",
   "description": "Agent Harness framework package",
   "type": "module",
   "packageManager": "npm@10.9.2",