@brickhouse-tech/sync-agents 1.1.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +17 -0
- package/package.json +6 -6
package/README.md
CHANGED
|
@@ -113,6 +113,9 @@ AGENTS.md is also symlinked to CLAUDE.md so that Claude reads the index natively
|
|
|
113
113
|
| `source list [--json]` | Show each entry's local state: `ok` / `outdated` / `modified` / `missing` |
|
|
114
114
|
| `source bundle` | Rebuild `sources.yaml` from installed artifacts' origin metadata |
|
|
115
115
|
| `source detach <name>` | Un-manage an artifact: flip its origin to manual and drop the manifest entry |
|
|
116
|
+
| `quarantine` | List remotely-fetched artifacts awaiting review, with their scan findings |
|
|
117
|
+
| `approve <name>\|--all [--force]` | Promote a quarantined artifact into `.agents/` (`--force` accepts critical findings, recorded in the lock) |
|
|
118
|
+
| `reject <name>\|--all` | Delete a quarantined artifact without installing it |
|
|
116
119
|
| `git-hook` | Install a pre-commit git hook for auto-sync (`hook` remains as a deprecated alias) |
|
|
117
120
|
| `inherit <label> <path>` | Add an inheritance link to AGENTS.md |
|
|
118
121
|
| `inherit --list` | List current inheritance links |
|
|
@@ -143,6 +146,7 @@ AGENTS.md is also symlinked to CLAUDE.md so that Claude reads the index natively
|
|
|
143
146
|
| `--no-clobber` | (fix only) Skip items that already exist in `.agents/` instead of merging |
|
|
144
147
|
| `--fix` | (lint only) Amend fixable frontmatter findings in place |
|
|
145
148
|
| `--no-fix` | (index only) Skip the skill frontmatter backfill |
|
|
149
|
+
| `--trust` | (pull/update only) Bypass the quarantine gate; the scan still runs and prints findings |
|
|
146
150
|
|
|
147
151
|
## Configuration
|
|
148
152
|
|
|
@@ -223,6 +227,19 @@ sync-agents update # bump tag-tracked entries when upstream moves
|
|
|
223
227
|
sync-agents pull --offline # cache-only, for CI or airplanes
|
|
224
228
|
```
|
|
225
229
|
|
|
230
|
+
## Quarantine (remote content review)
|
|
231
|
+
|
|
232
|
+
Remote installs are treated like a hostile supply chain. By default, everything `pull`/`update` fetches lands in `.agents/.quarantine/` — invisible to `sync` and the index — after a static scan for network-then-execute patterns (`curl | bash`), credential access combined with network calls, obfuscation (long base64, zero-width Unicode), and prompt-injection phrasing aimed at your agent.
|
|
233
|
+
|
|
234
|
+
```bash
|
|
235
|
+
sync-agents pull # → 1 quarantined (run `sync-agents quarantine`)
|
|
236
|
+
sync-agents quarantine # review findings per artifact
|
|
237
|
+
sync-agents approve code-review # promote into .agents/ (blocked on CRITICAL unless --force)
|
|
238
|
+
sync-agents reject sketchy-rule # delete without installing
|
|
239
|
+
```
|
|
240
|
+
|
|
241
|
+
Critical findings block `approve`; overriding with `--force` is recorded in `sources.lock` as `approved_with_findings` so the decision is auditable. `--trust` on `pull`/`update` skips the gate for one invocation (findings still print), and `quarantine = off` in `.agents/config` disables it for teams that review via pinned SHAs in PRs instead.
|
|
242
|
+
|
|
226
243
|
## ADRs (Architecture Decision Records)
|
|
227
244
|
|
|
228
245
|
ADRs live in `.agents/adrs/` with **status encoded by subdirectory**: `proposed/`, `accepted/`, `denied/`. `add adr <name>` scaffolds into `proposed/`; `sync-agents adr accept|deny|propose <name>` moves a record between statuses (nested grouping subdirs are preserved) and regenerates the index.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@brickhouse-tech/sync-agents",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.2.0",
|
|
4
4
|
"description": "Simple scripts to DRY up common agent interactions across multiple LLM providers.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"agents",
|
|
@@ -26,11 +26,11 @@
|
|
|
26
26
|
"bin/sync-agents.js"
|
|
27
27
|
],
|
|
28
28
|
"optionalDependencies": {
|
|
29
|
-
"@brickhouse-tech/sync-agents-darwin-arm64": "1.
|
|
30
|
-
"@brickhouse-tech/sync-agents-darwin-x64": "1.
|
|
31
|
-
"@brickhouse-tech/sync-agents-linux-arm64": "1.
|
|
32
|
-
"@brickhouse-tech/sync-agents-linux-x64": "1.
|
|
33
|
-
"@brickhouse-tech/sync-agents-win32-x64": "1.
|
|
29
|
+
"@brickhouse-tech/sync-agents-darwin-arm64": "1.2.0",
|
|
30
|
+
"@brickhouse-tech/sync-agents-darwin-x64": "1.2.0",
|
|
31
|
+
"@brickhouse-tech/sync-agents-linux-arm64": "1.2.0",
|
|
32
|
+
"@brickhouse-tech/sync-agents-linux-x64": "1.2.0",
|
|
33
|
+
"@brickhouse-tech/sync-agents-win32-x64": "1.2.0"
|
|
34
34
|
},
|
|
35
35
|
"overrides": {
|
|
36
36
|
"file-type": ">=22",
|