@burtson-labs/bandit-stealth-cli 1.7.273 → 1.7.275
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +26 -1
- package/dist/cli.js +807 -793
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -51,7 +51,7 @@ That's it. No API keys. No cloud services. The agent reads your code, searches,
|
|
|
51
51
|
## What it does
|
|
52
52
|
|
|
53
53
|
- **Agentic tool use** — reads files, searches code, runs commands, writes changes
|
|
54
|
-
- **
|
|
54
|
+
- **Auditable approval gate** — writes show a colored diff, shell commands show the full command/cwd/risk, and `Allow once` / `Allow session` / `Always for target` scopes are recorded in turn traces
|
|
55
55
|
- **Pre-write validation** — TypeScript, Python, JSON, C# syntax-checked before the agent can write
|
|
56
56
|
- **Post-write validation** — JSON edits are re-parsed after write; failure feeds back to the agent on the next turn so it self-corrects without you flagging it
|
|
57
57
|
- **Skills system** — agent activates specialized skills based on your prompt, and can create its own
|
|
@@ -63,11 +63,14 @@ That's it. No API keys. No cloud services. The agent reads your code, searches,
|
|
|
63
63
|
- **Interactive scaffolders work** — `create-vite`, `create-react-app`, `ng new`, etc. detect a non-TTY stdin and self-abort. Bandit recognizes the pattern and surfaces a clear *"run this with `!`"* recovery hint so the model doesn't loop on a "command appeared to succeed" misread
|
|
64
64
|
- **Live command output** — `npm install`, `pip install`, `watch_command npm run dev` stream their output to your terminal as it arrives, dimmed, while the spinner keeps animating. No more wondering if a 20-second install is hung
|
|
65
65
|
- **Interrupt + queue** — press **Esc** mid-turn to cancel the agent and clear your queue. Type a follow-up + Enter to queue it (`queued: N · sends after this turn` in the status row). The next turn picks it up automatically
|
|
66
|
+
- **Opt-in notifications** — `/notify on` enables desktop notifications for approvals, failures, background-task completion, and long turns; `/notify sound on` adds a terminal bell
|
|
66
67
|
- **`?` shortcuts overlay** — type `?` at an empty prompt for a live cheatsheet that disappears the moment you backspace it
|
|
67
68
|
- **`!`-prefix shell escape** — `!cmd` runs straight in your shell with full TTY access. First-use confirmation gate; per-call yellow box every time after so you can't miss the bypass. Catastrophic patterns (`rm -rf`, `mkfs`, `dd if=`) blocked even here
|
|
68
69
|
- **Plan execution** — structured multi-step plans for complex refactors
|
|
69
70
|
- **Session persistence** — every REPL session saved as JSONL under `~/.bandit/sessions/` for later resume
|
|
71
|
+
- **Turn traces** — every agent turn writes a JSONL trace under `.bandit/turns`; `/trace` turns it into a readable timeline of prompts, permission requests/decisions, tool calls, retries, native-tool fallbacks, errors, and final output
|
|
70
72
|
- **`/insights` HTML report** — local-only activity report: tool stats, top-touched files, languages, longest streak, peak day, error patterns, optional AI summary, mailto share
|
|
73
|
+
- **Model behavior profiles** — `/profile` shows how Bandit treats the active model: native vs text tools, fallback policy, safe context budget, thinking default, parallel-tool limits, and known failure modes
|
|
71
74
|
- **Project memory** — drop a `BANDIT.md` or `CLAUDE.md` at your workspace root and it's auto-loaded into the system prompt
|
|
72
75
|
- **File + image mentions** — `@path` auto-inlines files; images are either sent multimodally or OCR'd locally (Apple Vision / tesseract)
|
|
73
76
|
- **Clipboard paste** — `Ctrl+V` in the REPL pastes an image straight from your clipboard
|
|
@@ -90,6 +93,8 @@ Type `?` on an empty prompt for the at-a-glance overlay; `/help` for the full li
|
|
|
90
93
|
| `/model [name]` | Switch model mid-session |
|
|
91
94
|
| `/ollama [url]` | Show or set the Ollama endpoint — `/ollama default` resets to `http://localhost:11434` |
|
|
92
95
|
| `/think on`, `/think off`, `/think auto` | Override per-model thinking-mode default |
|
|
96
|
+
| `/profile [model]` | Show the active model behavior profile (tool protocol, fallback, context budget, known failure modes) |
|
|
97
|
+
| `/notify status` | Configure desktop/bell notifications for approvals, failures, background tasks, and long turns |
|
|
93
98
|
| `/theme [name]` | Pick a color palette (`/theme` lists; saved to global config) |
|
|
94
99
|
| `/skills` | List loaded skills |
|
|
95
100
|
| `/session list`, `/session resume <id>`, `/session new` | Manage sessions |
|
|
@@ -98,6 +103,7 @@ Type `?` on an empty prompt for the at-a-glance overlay; `/help` for the full li
|
|
|
98
103
|
| `/clear` | Reset conversation (keeps session id) |
|
|
99
104
|
| `/compact` | Trim old tool results to fit the context window |
|
|
100
105
|
| `/rewind [id]` | Restore a file from a per-edit checkpoint |
|
|
106
|
+
| `/trace`, `/trace list`, `/trace <id>` | Inspect turn traces from `.bandit/turns` |
|
|
101
107
|
| `/tasks` | List background subagent tasks (`/tasks <id>` drill-down, `/tasks cancel <id>`) |
|
|
102
108
|
| `/plan <goal>` | Heuristic plan first, y/N to execute |
|
|
103
109
|
| `/init` | Scaffold `BANDIT.md` from a repo scan |
|
|
@@ -199,6 +205,25 @@ If you want to test models outside the recommended list, expect the reasoning-on
|
|
|
199
205
|
- **Native tool calling** — Qwen 3.6, Qwen 2.5 Coder, Llama 3.1+, Devstral, DeepSeek-Coder-V2+. Tool schemas go in Ollama's `tools:` field. Saves ~1500–3000 tokens per turn.
|
|
200
206
|
- **Text-parsing fallback** — Gemma 3/4 and anything else. XML-style tool block lives in the system prompt with the full mitigation stack armed.
|
|
201
207
|
|
|
208
|
+
**Behavior profiles** sit beside capability detection. Capabilities answer "can this model do native tools or vision?" Behavior profiles answer "what should the harness do with it?" For example, Qwen 3.6 starts on native tools and degrades to text tools on retryable native-parser failures; Gemma-family models use compact text-tool prompting and earlier compaction; unknown models default to serialized text tools. Inspect the active profile with `/profile`.
|
|
209
|
+
|
|
210
|
+
Workspace overrides load from `.bandit/model-profiles.json`:
|
|
211
|
+
|
|
212
|
+
```jsonc
|
|
213
|
+
{
|
|
214
|
+
"version": 1,
|
|
215
|
+
"profiles": {
|
|
216
|
+
"my-qwen": {
|
|
217
|
+
"match": ["my-qwen:14b"],
|
|
218
|
+
"protocol": { "preferred": "text-tools", "fallback": null, "envelope": "xml-json" },
|
|
219
|
+
"context": { "safeInputTokens": 12000, "outputBudgetTokens": 2048, "compaction": "early" },
|
|
220
|
+
"prompting": { "template": "qwen-agent", "examples": "strict", "thinking": "off" },
|
|
221
|
+
"reliability": { "maxParallelTools": 1, "knownFailureModes": ["custom parser drift"] }
|
|
222
|
+
}
|
|
223
|
+
}
|
|
224
|
+
}
|
|
225
|
+
```
|
|
226
|
+
|
|
202
227
|
Any Ollama model works — capabilities auto-detect via `/api/show`.
|
|
203
228
|
|
|
204
229
|
---
|