@dreb/coding-agent 2.7.0 → 2.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/dist/core/agent-session.d.ts.map +1 -1
- package/dist/core/agent-session.js +78 -5
- package/dist/core/agent-session.js.map +1 -1
- package/dist/core/forbidden-commands.d.ts +25 -0
- package/dist/core/forbidden-commands.d.ts.map +1 -1
- package/dist/core/forbidden-commands.js +190 -3
- package/dist/core/forbidden-commands.js.map +1 -1
- package/dist/core/secret-scrubber.d.ts +11 -0
- package/dist/core/secret-scrubber.d.ts.map +1 -0
- package/dist/core/secret-scrubber.js +63 -0
- package/dist/core/secret-scrubber.js.map +1 -0
- package/dist/core/sensitive-paths.d.ts +16 -0
- package/dist/core/sensitive-paths.d.ts.map +1 -0
- package/dist/core/sensitive-paths.js +102 -0
- package/dist/core/sensitive-paths.js.map +1 -0
- package/dist/core/settings-manager.d.ts +10 -0
- package/dist/core/settings-manager.d.ts.map +1 -1
- package/dist/core/settings-manager.js +6 -0
- package/dist/core/settings-manager.js.map +1 -1
- package/docs/settings.md +30 -0
- package/package.json +1 -1
|
@@ -24,8 +24,10 @@ import { DEFAULT_THINKING_LEVEL } from "./defaults.js";
|
|
|
24
24
|
import { exportSessionToHtml } from "./export-html/index.js";
|
|
25
25
|
import { createToolHtmlRenderer } from "./export-html/tool-renderer.js";
|
|
26
26
|
import { ExtensionRunner, wrapRegisteredTools, } from "./extensions/index.js";
|
|
27
|
-
import { isForbiddenCommand } from "./forbidden-commands.js";
|
|
27
|
+
import { checkScriptContent, extractScriptPaths, isForbiddenCommand } from "./forbidden-commands.js";
|
|
28
28
|
import { expandPromptTemplate } from "./prompt-templates.js";
|
|
29
|
+
import { scrubSecrets } from "./secret-scrubber.js";
|
|
30
|
+
import { isSensitivePath } from "./sensitive-paths.js";
|
|
29
31
|
import { CURRENT_SESSION_VERSION, getLatestCompactionEntry } from "./session-manager.js";
|
|
30
32
|
import { createSyntheticSourceInfo } from "./source-info.js";
|
|
31
33
|
import { buildSystemPrompt } from "./system-prompt.js";
|
|
@@ -171,6 +173,45 @@ export class AgentSession {
|
|
|
171
173
|
reason: `Command blocked by forbidden-commands guard: "${pattern}" matched "${command}"`,
|
|
172
174
|
};
|
|
173
175
|
}
|
|
176
|
+
// Check script files referenced by the command (e.g., bash script.sh)
|
|
177
|
+
const scriptPaths = extractScriptPaths(command);
|
|
178
|
+
if (scriptPaths.length > 0) {
|
|
179
|
+
const { readFileSync, existsSync } = await import("node:fs");
|
|
180
|
+
const { resolve } = await import("node:path");
|
|
181
|
+
const cwd = this._cwd;
|
|
182
|
+
for (const scriptPath of scriptPaths) {
|
|
183
|
+
const resolved = resolve(cwd, scriptPath);
|
|
184
|
+
if (existsSync(resolved)) {
|
|
185
|
+
try {
|
|
186
|
+
const content = readFileSync(resolved, "utf-8");
|
|
187
|
+
const match = checkScriptContent(content, customPatterns);
|
|
188
|
+
if (match) {
|
|
189
|
+
return {
|
|
190
|
+
block: true,
|
|
191
|
+
reason: `Command blocked by forbidden-commands guard: script "${scriptPath}" contains forbidden command at line ${match.line}: "${match.text}" (matched pattern "${match.pattern}")`,
|
|
192
|
+
};
|
|
193
|
+
}
|
|
194
|
+
}
|
|
195
|
+
catch {
|
|
196
|
+
// File not readable — skip (could be binary, permission denied, etc.)
|
|
197
|
+
}
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
}
|
|
201
|
+
}
|
|
202
|
+
}
|
|
203
|
+
// Check sensitive file paths — blocks read tool access to credential files
|
|
204
|
+
if (toolCall.name === "read") {
|
|
205
|
+
const filePath = args?.path;
|
|
206
|
+
if (typeof filePath === "string") {
|
|
207
|
+
const extraSensitivePaths = this.settingsManager?.getSensitiveFilePaths();
|
|
208
|
+
const sensitiveResult = isSensitivePath(filePath, extraSensitivePaths);
|
|
209
|
+
if (sensitiveResult.blocked) {
|
|
210
|
+
return {
|
|
211
|
+
block: true,
|
|
212
|
+
reason: `File blocked by sensitive-path guard: "${sensitiveResult.pattern}". This file contains credentials that should not be sent to the model.`,
|
|
213
|
+
};
|
|
214
|
+
}
|
|
174
215
|
}
|
|
175
216
|
}
|
|
176
217
|
const runner = this._extensionRunner;
|
|
@@ -194,24 +235,56 @@ export class AgentSession {
|
|
|
194
235
|
}
|
|
195
236
|
});
|
|
196
237
|
this.agent.setAfterToolCall(async ({ toolCall, args, result, isError }) => {
|
|
238
|
+
// Scrub secrets from tool output — runs before extensions, cannot be bypassed
|
|
239
|
+
let scrubbedContent = result.content;
|
|
240
|
+
const extraSecretPatterns = this.settingsManager?.getSecretOutputPatterns();
|
|
241
|
+
const compiledExtras = extraSecretPatterns?.flatMap((p) => {
|
|
242
|
+
if (!p.pattern || typeof p.pattern !== "string" || p.pattern.trim() === "") {
|
|
243
|
+
console.warn(`[secret-scrubber] Skipping empty or invalid pattern in secretOutputPatterns: "${p.name}"`);
|
|
244
|
+
return [];
|
|
245
|
+
}
|
|
246
|
+
try {
|
|
247
|
+
return [{ name: p.name, pattern: new RegExp(p.pattern, "g") }];
|
|
248
|
+
}
|
|
249
|
+
catch (err) {
|
|
250
|
+
console.warn(`[secret-scrubber] Skipping invalid regex in secretOutputPatterns "${p.name}": ${p.pattern} — ${err instanceof Error ? err.message : String(err)}`);
|
|
251
|
+
return [];
|
|
252
|
+
}
|
|
253
|
+
});
|
|
254
|
+
let totalRedactions = 0;
|
|
255
|
+
scrubbedContent = scrubbedContent.map((item) => {
|
|
256
|
+
if (item.type === "text" && item.text) {
|
|
257
|
+
const { scrubbed, redactionCount } = scrubSecrets(item.text, compiledExtras);
|
|
258
|
+
totalRedactions += redactionCount;
|
|
259
|
+
if (redactionCount > 0) {
|
|
260
|
+
return { ...item, text: scrubbed };
|
|
261
|
+
}
|
|
262
|
+
}
|
|
263
|
+
return item;
|
|
264
|
+
});
|
|
265
|
+
// Build override result if secrets were scrubbed
|
|
266
|
+
let scrubOverride;
|
|
267
|
+
if (totalRedactions > 0) {
|
|
268
|
+
scrubOverride = { content: scrubbedContent };
|
|
269
|
+
}
|
|
197
270
|
const runner = this._extensionRunner;
|
|
198
271
|
if (!runner?.hasHandlers("tool_result")) {
|
|
199
|
-
return
|
|
272
|
+
return scrubOverride;
|
|
200
273
|
}
|
|
201
274
|
const hookResult = await runner.emitToolResult({
|
|
202
275
|
type: "tool_result",
|
|
203
276
|
toolName: toolCall.name,
|
|
204
277
|
toolCallId: toolCall.id,
|
|
205
278
|
input: args,
|
|
206
|
-
content:
|
|
279
|
+
content: scrubbedContent,
|
|
207
280
|
details: isError ? undefined : result.details,
|
|
208
281
|
isError,
|
|
209
282
|
});
|
|
210
283
|
if (!hookResult || isError) {
|
|
211
|
-
return
|
|
284
|
+
return scrubOverride;
|
|
212
285
|
}
|
|
213
286
|
return {
|
|
214
|
-
content: hookResult.content,
|
|
287
|
+
content: hookResult.content ?? scrubOverride?.content,
|
|
215
288
|
details: hookResult.details,
|
|
216
289
|
};
|
|
217
290
|
});
|