@dreamlogic-ai/cli 2.0.1 → 2.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/setup-mcp.js +6 -4
- package/dist/lib/agents.js +5 -0
- package/dist/lib/config.js +4 -1
- package/dist/types.d.ts +1 -1
- package/dist/types.js +1 -1
- package/package.json +1 -1
|
@@ -40,7 +40,8 @@ function getAgents(server, key) {
|
|
|
40
40
|
generate: () => ({
|
|
41
41
|
mcpServers: {
|
|
42
42
|
"dreamlogic-skills": {
|
|
43
|
-
url: `${server}/sse
|
|
43
|
+
url: `${server}/sse`,
|
|
44
|
+
headers: { "Authorization": `Bearer ${key}` },
|
|
44
45
|
},
|
|
45
46
|
},
|
|
46
47
|
}),
|
|
@@ -87,7 +88,7 @@ function getAgents(server, key) {
|
|
|
87
88
|
},
|
|
88
89
|
generate: () => ({
|
|
89
90
|
// R1-02: Store args as array, not interpolated string
|
|
90
|
-
args: ["mcp", "add", "dreamlogic-skills", "--url", `${server}/sse
|
|
91
|
+
args: ["mcp", "add", "dreamlogic-skills", "--url", `${server}/sse`, "--header", `Authorization: Bearer ${key}`],
|
|
91
92
|
}),
|
|
92
93
|
apply: (config) => {
|
|
93
94
|
// R1-02: execFileSync with arg array — no shell injection possible
|
|
@@ -101,7 +102,8 @@ function getAgents(server, key) {
|
|
|
101
102
|
generate: () => ({
|
|
102
103
|
mcpServers: {
|
|
103
104
|
"dreamlogic-skills": {
|
|
104
|
-
url: `${server}/sse
|
|
105
|
+
url: `${server}/sse`,
|
|
106
|
+
headers: { "Authorization": `Bearer ${key}` },
|
|
105
107
|
},
|
|
106
108
|
},
|
|
107
109
|
}),
|
|
@@ -170,7 +172,7 @@ export async function setupMcpCommand(opts) {
|
|
|
170
172
|
const config = agent.generate(server, apiKey);
|
|
171
173
|
// D-11: Show what will be written (R1-01: mask key in display)
|
|
172
174
|
if (agent.name === "Claude CLI") {
|
|
173
|
-
const maskedCmd = `claude mcp add dreamlogic-skills --url "${server}/sse
|
|
175
|
+
const maskedCmd = `claude mcp add dreamlogic-skills --url "${server}/sse" --header "Authorization: Bearer ${maskKey(apiKey)}"`;
|
|
174
176
|
ui.line(` Command: ${chalk.cyan(maskedCmd)}`);
|
|
175
177
|
}
|
|
176
178
|
else {
|
package/dist/lib/agents.js
CHANGED
|
@@ -77,6 +77,11 @@ export function getAllAgents() {
|
|
|
77
77
|
*/
|
|
78
78
|
export function registerSkillWithAgents(skillId, skillPath, agents) {
|
|
79
79
|
const results = [];
|
|
80
|
+
// R3-08: Validate skill ID to prevent path traversal via symlink target
|
|
81
|
+
const SAFE_SKILL_ID = /^[a-zA-Z0-9][a-zA-Z0-9._-]{0,127}$/;
|
|
82
|
+
if (!SAFE_SKILL_ID.test(skillId)) {
|
|
83
|
+
return [{ agent: "all", path: "", status: "error", error: "Invalid skill ID" }];
|
|
84
|
+
}
|
|
80
85
|
const resolvedSkillPath = resolve(skillPath);
|
|
81
86
|
// Deduplicate by resolved dir (universal agents share .agents/skills)
|
|
82
87
|
const seenDirs = new Set();
|
package/dist/lib/config.js
CHANGED
|
@@ -6,7 +6,7 @@ import { existsSync, mkdirSync, readFileSync, writeFileSync, chmodSync, statSync
|
|
|
6
6
|
import { join } from "path";
|
|
7
7
|
import { homedir } from "os";
|
|
8
8
|
import { CONFIG_DIR_NAME, DEFAULT_SERVER, DEFAULT_INSTALL_DIR_NAME, } from "../types.js";
|
|
9
|
-
/** CFG-01 FIX:
|
|
9
|
+
/** CFG-01 FIX: Recursively strip prototype pollution keys from parsed JSON */
|
|
10
10
|
function sanitize(obj) {
|
|
11
11
|
if (typeof obj !== "object" || obj === null)
|
|
12
12
|
return obj;
|
|
@@ -15,6 +15,9 @@ function sanitize(obj) {
|
|
|
15
15
|
if (BANNED.has(key)) {
|
|
16
16
|
delete obj[key];
|
|
17
17
|
}
|
|
18
|
+
else {
|
|
19
|
+
obj[key] = sanitize(obj[key]);
|
|
20
|
+
}
|
|
18
21
|
}
|
|
19
22
|
return obj;
|
|
20
23
|
}
|
package/dist/types.d.ts
CHANGED
|
@@ -33,6 +33,6 @@ export interface InstalledRegistry {
|
|
|
33
33
|
export declare const DEFAULT_SERVER = "https://skill.dreamlogic-claw.com";
|
|
34
34
|
export declare const DEFAULT_INSTALL_DIR_NAME = "dreamlogic-skills";
|
|
35
35
|
export declare const CONFIG_DIR_NAME = ".dreamlogic";
|
|
36
|
-
export declare const CLI_VERSION = "2.0.
|
|
36
|
+
export declare const CLI_VERSION = "2.0.2";
|
|
37
37
|
export declare const CLI_NAME = "Dreamlogic CLI";
|
|
38
38
|
export declare const CLI_AUTHOR = "Dreamlogic-ai by MAJORNINE";
|
package/dist/types.js
CHANGED
|
@@ -2,6 +2,6 @@
|
|
|
2
2
|
export const DEFAULT_SERVER = "https://skill.dreamlogic-claw.com";
|
|
3
3
|
export const DEFAULT_INSTALL_DIR_NAME = "dreamlogic-skills";
|
|
4
4
|
export const CONFIG_DIR_NAME = ".dreamlogic";
|
|
5
|
-
export const CLI_VERSION = "2.0.
|
|
5
|
+
export const CLI_VERSION = "2.0.2";
|
|
6
6
|
export const CLI_NAME = "Dreamlogic CLI";
|
|
7
7
|
export const CLI_AUTHOR = "Dreamlogic-ai by MAJORNINE";
|