@dreb/coding-agent 2.8.0 → 2.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (26) hide show
  1. package/CHANGELOG.md +2 -0
  2. package/README.md +1 -0
  3. package/dist/core/agent-session.d.ts.map +1 -1
  4. package/dist/core/agent-session.js +52 -4
  5. package/dist/core/agent-session.js.map +1 -1
  6. package/dist/core/forbidden-commands.d.ts.map +1 -1
  7. package/dist/core/forbidden-commands.js +15 -0
  8. package/dist/core/forbidden-commands.js.map +1 -1
  9. package/dist/core/model-resolver.d.ts.map +1 -1
  10. package/dist/core/model-resolver.js +1 -0
  11. package/dist/core/model-resolver.js.map +1 -1
  12. package/dist/core/secret-scrubber.d.ts +11 -0
  13. package/dist/core/secret-scrubber.d.ts.map +1 -0
  14. package/dist/core/secret-scrubber.js +63 -0
  15. package/dist/core/secret-scrubber.js.map +1 -0
  16. package/dist/core/sensitive-paths.d.ts +16 -0
  17. package/dist/core/sensitive-paths.d.ts.map +1 -0
  18. package/dist/core/sensitive-paths.js +102 -0
  19. package/dist/core/sensitive-paths.js.map +1 -0
  20. package/dist/core/settings-manager.d.ts +10 -0
  21. package/dist/core/settings-manager.d.ts.map +1 -1
  22. package/dist/core/settings-manager.js +6 -0
  23. package/dist/core/settings-manager.js.map +1 -1
  24. package/docs/providers.md +1 -0
  25. package/docs/settings.md +30 -0
  26. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -4,6 +4,8 @@
4
4
 
5
5
  ### Added
6
6
 
7
+ - Secret scrubbing and sensitive file access guards — two layers of defense against accidental credential leaks through the tool pipeline. Output scrubbing detects and redacts known secret patterns (AWS, GitHub, OpenAI, Anthropic, Slack, Stripe, PEM/SSH keys, URL credentials) in tool output before it enters the LLM conversation. Sensitive file guard blocks read access to credential files (`~/.ssh/id_*`, `~/.aws/credentials`, `~/.dreb/secrets/`, etc.) via both the `read` tool and bash commands. Both layers configurable via `sensitiveFilePaths` and `secretOutputPatterns` settings. ([#171](https://github.com/aebrer/dreb/issues/171))
8
+
7
9
  - Expanded forbidden-commands guard with destructive operation patterns: `rm -rf /` and variants, `dd` to block devices, `mkfs`, fork bomb `:(){ :|:& };:`, and block device redirects (`> /dev/sda`). Guard now also checks quoted content (catches `echo "rm -rf /" | bash`) and inspects script files before execution (`bash script.sh`). ([#170](https://github.com/aebrer/dreb/issues/170))
8
10
 
9
11
  - Subagent parallel/chain tasks now inherit the top-level `agent` and `model` parameters when not overridden per-item. Precedence: per-task > top-level > default (`"Explore"`). ([#167](https://github.com/aebrer/dreb/issues/167))
package/README.md CHANGED
@@ -91,6 +91,7 @@ For each built-in provider, dreb maintains a list of tool-capable models, update
91
91
  - GitHub Copilot
92
92
  - Google Gemini CLI
93
93
  - Google Antigravity
94
+ - Kimi For Coding
94
95
 
95
96
  **API keys:**
96
97
  - Anthropic