@dreb/coding-agent 2.8.0 → 2.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/CHANGELOG.md +2 -0
  2. package/dist/core/agent-session.d.ts.map +1 -1
  3. package/dist/core/agent-session.js +52 -4
  4. package/dist/core/agent-session.js.map +1 -1
  5. package/dist/core/forbidden-commands.d.ts.map +1 -1
  6. package/dist/core/forbidden-commands.js +15 -0
  7. package/dist/core/forbidden-commands.js.map +1 -1
  8. package/dist/core/secret-scrubber.d.ts +11 -0
  9. package/dist/core/secret-scrubber.d.ts.map +1 -0
  10. package/dist/core/secret-scrubber.js +63 -0
  11. package/dist/core/secret-scrubber.js.map +1 -0
  12. package/dist/core/sensitive-paths.d.ts +16 -0
  13. package/dist/core/sensitive-paths.d.ts.map +1 -0
  14. package/dist/core/sensitive-paths.js +102 -0
  15. package/dist/core/sensitive-paths.js.map +1 -0
  16. package/dist/core/settings-manager.d.ts +10 -0
  17. package/dist/core/settings-manager.d.ts.map +1 -1
  18. package/dist/core/settings-manager.js +6 -0
  19. package/dist/core/settings-manager.js.map +1 -1
  20. package/docs/settings.md +30 -0
  21. package/package.json +1 -1
package/CHANGELOG.md CHANGED
@@ -4,6 +4,8 @@
4
4
 
5
5
  ### Added
6
6
 
7
+ - Secret scrubbing and sensitive file access guards — two layers of defense against accidental credential leaks through the tool pipeline. Output scrubbing detects and redacts known secret patterns (AWS, GitHub, OpenAI, Anthropic, Slack, Stripe, PEM/SSH keys, URL credentials) in tool output before it enters the LLM conversation. Sensitive file guard blocks read access to credential files (`~/.ssh/id_*`, `~/.aws/credentials`, `~/.dreb/secrets/`, etc.) via both the `read` tool and bash commands. Both layers configurable via `sensitiveFilePaths` and `secretOutputPatterns` settings. ([#171](https://github.com/aebrer/dreb/issues/171))
8
+
7
9
  - Expanded forbidden-commands guard with destructive operation patterns: `rm -rf /` and variants, `dd` to block devices, `mkfs`, fork bomb `:(){ :|:& };:`, and block device redirects (`> /dev/sda`). Guard now also checks quoted content (catches `echo "rm -rf /" | bash`) and inspects script files before execution (`bash script.sh`). ([#170](https://github.com/aebrer/dreb/issues/170))
8
10
 
9
11
  - Subagent parallel/chain tasks now inherit the top-level `agent` and `model` parameters when not overridden per-item. Precedence: per-task > top-level > default (`"Explore"`). ([#167](https://github.com/aebrer/dreb/issues/167))