@defai.digital/automatosx 5.1.2 → 5.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/CHANGELOG.md +185 -0
  2. package/README.md +8 -7
  3. package/dist/index.js +640 -796
  4. package/dist/index.js.map +1 -1
  5. package/dist/version.json +2 -2
  6. package/examples/abilities/our-architecture-decisions.md +3 -3
  7. package/examples/abilities/our-code-review-checklist.md +4 -4
  8. package/examples/abilities/our-project-structure.md +17 -9
  9. package/package.json +1 -1
  10. package/version.json +2 -2
package/dist/version.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
- "version": "5.1.2",
3
- "releaseDate": "2025-10-11",
2
+ "version": "5.2.0",
3
+ "releaseDate": "2025-10-12",
4
4
  "codename": "Code Quality Improvements",
5
5
  "phase": "Phase 2.1 Complete"
6
6
  }
package/examples/abilities/our-architecture-decisions.md CHANGED
@@ -59,18 +59,18 @@
59
59
 
60
60
  ## ADR-004: Three-Layer Security Model
61
61
 
62
- **Decision:** Implement path validation, workspace isolation, and input sanitization
62
+ **Decision:** Implement path validation, workspace access control, and input sanitization
63
63
 
64
64
  **Layers:**
65
65
 
66
66
  1. **Path Resolution:** All file access through PathResolver
67
- 2. **Workspace Isolation:** Agent-specific workspaces with restricted permissions (700)
67
+ 2. **Workspace Access Control:** Shared workspaces with path validation (v5.2+)
68
68
  3. **Input Validation:** Sanitize all user inputs
69
69
 
70
70
  **Impact:**
71
71
 
72
72
  - ✅ Prevents path traversal attacks
73
- - ✅ Agent isolation
73
+ - ✅ Controlled workspace access with validation
74
74
  - ✅ No privilege escalation
75
75
  - ⚠️ Slightly more complex file operations
76
76
 
package/examples/abilities/our-code-review-checklist.md CHANGED
@@ -21,9 +21,9 @@
21
21
 
22
22
  ### Security
23
23
 
24
- - [ ] **Path validation** - All file access through PathResolver
24
+ - [ ] **Path validation** - All file access through PathResolver or WorkspaceManager
25
25
  - [ ] **Input sanitization** - User inputs sanitized before use
26
- - [ ] **Workspace isolation** - Writes only to agent workspace
26
+ - [ ] **Workspace boundaries** - Writes only to automatosx/PRD or automatosx/tmp (v5.2+)
27
27
  - [ ] **File size limits** - Check file sizes to prevent DoS
28
28
  - [ ] **No hardcoded secrets** - Use environment variables
29
29
 
@@ -145,5 +145,5 @@ logger.info('Profile loaded', {
145
145
 
146
146
  ---
147
147
 
148
- **Last Updated:** 2025-10-10
149
- **For:** AutomatosX v5.0+
148
+ **Last Updated:** 2025-10-11
149
+ **For:** AutomatosX v5.2+
package/examples/abilities/our-project-structure.md CHANGED
@@ -36,7 +36,11 @@ automatosx/
36
36
  │ ├── abilities/ # User's custom abilities
37
37
  │ ├── memory/ # SQLite database (memory.db)
38
38
  │ ├── sessions/ # Session persistence
39
- │ └── workspaces/ # Agent workspaces (isolated)
39
+ │ └── logs/ # Application logs
40
+
41
+ ├── automatosx/ # Workspace directory (v5.2+)
42
+ │ ├── PRD/ # Planning documents (permanent)
43
+ │ └── tmp/ # Temporary files (auto-cleanup)
40
44
 
41
45
  └── tmp/ # Temporary files (gitignored)
42
46
  ```
@@ -135,12 +139,14 @@ import type { Provider } from '../types/provider.js';
135
139
 
136
140
  **Bundle target:** ESM, Node 20+, <250KB target
137
141
 
138
- ## Workspace Structure
142
+ ## Workspace Structure (v5.2.0)
143
+
144
+ **Shared workspaces:**
139
145
 
140
- **Agent workspaces:** `.automatosx/workspaces/{agent-name}/`
146
+ - `automatosx/PRD/` - Planning documents, feature designs, proposals (permanent)
147
+ - `automatosx/tmp/` - Test scripts, analysis tools, temporary reports (auto-cleanup)
141
148
 
142
- - Isolated workspace for file operations
143
- - Permissions: 700 (owner only on Unix)
149
+ **All agents** have equal read/write access to both directories.
144
150
 
145
151
  **Memory storage:** `.automatosx/memory/memory.db`
146
152
 
@@ -161,15 +167,17 @@ import type { Provider } from '../types/provider.js';
161
167
 
162
168
  **Allowed writes:**
163
169
 
164
- - `.automatosx/workspaces/{agent-name}/**/*` only
170
+ - `automatosx/PRD/**/*` - Planning documents
171
+ - `automatosx/tmp/**/*` - Temporary files
165
172
 
166
173
  **Forbidden:**
167
174
 
175
+ - Empty paths or current directory (`''`, `'.'`)
168
176
  - Path traversal (`../../../etc/passwd`)
169
177
  - Symbolic links outside project
170
- - Writing outside workspace
178
+ - Absolute paths
171
179
 
172
180
  ---
173
181
 
174
- **Last Updated:** 2025-10-10
175
- **For:** AutomatosX v5.0+
182
+ **Last Updated:** 2025-10-11
183
+ **For:** AutomatosX v5.2+
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@defai.digital/automatosx",
3
- "version": "5.1.2",
3
+ "version": "5.2.0",
4
4
  "description": "AI Agent Orchestration Platform",
5
5
  "type": "module",
6
6
  "bin": {
package/version.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
- "version": "5.1.2",
3
- "releaseDate": "2025-10-11",
2
+ "version": "5.2.0",
3
+ "releaseDate": "2025-10-12",
4
4
  "codename": "Code Quality Improvements",
5
5
  "phase": "Phase 2.1 Complete"
6
6
  }