@dreb/coding-agent 2.8.0 → 2.9.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -0
- package/dist/core/agent-session.d.ts.map +1 -1
- package/dist/core/agent-session.js +52 -4
- package/dist/core/agent-session.js.map +1 -1
- package/dist/core/forbidden-commands.d.ts.map +1 -1
- package/dist/core/forbidden-commands.js +15 -0
- package/dist/core/forbidden-commands.js.map +1 -1
- package/dist/core/secret-scrubber.d.ts +11 -0
- package/dist/core/secret-scrubber.d.ts.map +1 -0
- package/dist/core/secret-scrubber.js +63 -0
- package/dist/core/secret-scrubber.js.map +1 -0
- package/dist/core/sensitive-paths.d.ts +16 -0
- package/dist/core/sensitive-paths.d.ts.map +1 -0
- package/dist/core/sensitive-paths.js +102 -0
- package/dist/core/sensitive-paths.js.map +1 -0
- package/dist/core/settings-manager.d.ts +10 -0
- package/dist/core/settings-manager.d.ts.map +1 -1
- package/dist/core/settings-manager.js +6 -0
- package/dist/core/settings-manager.js.map +1 -1
- package/docs/settings.md +30 -0
- package/package.json +1 -1
|
@@ -26,6 +26,8 @@ import { createToolHtmlRenderer } from "./export-html/tool-renderer.js";
|
|
|
26
26
|
import { ExtensionRunner, wrapRegisteredTools, } from "./extensions/index.js";
|
|
27
27
|
import { checkScriptContent, extractScriptPaths, isForbiddenCommand } from "./forbidden-commands.js";
|
|
28
28
|
import { expandPromptTemplate } from "./prompt-templates.js";
|
|
29
|
+
import { scrubSecrets } from "./secret-scrubber.js";
|
|
30
|
+
import { isSensitivePath } from "./sensitive-paths.js";
|
|
29
31
|
import { CURRENT_SESSION_VERSION, getLatestCompactionEntry } from "./session-manager.js";
|
|
30
32
|
import { createSyntheticSourceInfo } from "./source-info.js";
|
|
31
33
|
import { buildSystemPrompt } from "./system-prompt.js";
|
|
@@ -198,6 +200,20 @@ export class AgentSession {
|
|
|
198
200
|
}
|
|
199
201
|
}
|
|
200
202
|
}
|
|
203
|
+
// Check sensitive file paths — blocks read tool access to credential files
|
|
204
|
+
if (toolCall.name === "read") {
|
|
205
|
+
const filePath = args?.path;
|
|
206
|
+
if (typeof filePath === "string") {
|
|
207
|
+
const extraSensitivePaths = this.settingsManager?.getSensitiveFilePaths();
|
|
208
|
+
const sensitiveResult = isSensitivePath(filePath, extraSensitivePaths);
|
|
209
|
+
if (sensitiveResult.blocked) {
|
|
210
|
+
return {
|
|
211
|
+
block: true,
|
|
212
|
+
reason: `File blocked by sensitive-path guard: "${sensitiveResult.pattern}". This file contains credentials that should not be sent to the model.`,
|
|
213
|
+
};
|
|
214
|
+
}
|
|
215
|
+
}
|
|
216
|
+
}
|
|
201
217
|
const runner = this._extensionRunner;
|
|
202
218
|
if (!runner?.hasHandlers("tool_call")) {
|
|
203
219
|
return undefined;
|
|
@@ -219,24 +235,56 @@ export class AgentSession {
|
|
|
219
235
|
}
|
|
220
236
|
});
|
|
221
237
|
this.agent.setAfterToolCall(async ({ toolCall, args, result, isError }) => {
|
|
238
|
+
// Scrub secrets from tool output — runs before extensions, cannot be bypassed
|
|
239
|
+
let scrubbedContent = result.content;
|
|
240
|
+
const extraSecretPatterns = this.settingsManager?.getSecretOutputPatterns();
|
|
241
|
+
const compiledExtras = extraSecretPatterns?.flatMap((p) => {
|
|
242
|
+
if (!p.pattern || typeof p.pattern !== "string" || p.pattern.trim() === "") {
|
|
243
|
+
console.warn(`[secret-scrubber] Skipping empty or invalid pattern in secretOutputPatterns: "${p.name}"`);
|
|
244
|
+
return [];
|
|
245
|
+
}
|
|
246
|
+
try {
|
|
247
|
+
return [{ name: p.name, pattern: new RegExp(p.pattern, "g") }];
|
|
248
|
+
}
|
|
249
|
+
catch (err) {
|
|
250
|
+
console.warn(`[secret-scrubber] Skipping invalid regex in secretOutputPatterns "${p.name}": ${p.pattern} — ${err instanceof Error ? err.message : String(err)}`);
|
|
251
|
+
return [];
|
|
252
|
+
}
|
|
253
|
+
});
|
|
254
|
+
let totalRedactions = 0;
|
|
255
|
+
scrubbedContent = scrubbedContent.map((item) => {
|
|
256
|
+
if (item.type === "text" && item.text) {
|
|
257
|
+
const { scrubbed, redactionCount } = scrubSecrets(item.text, compiledExtras);
|
|
258
|
+
totalRedactions += redactionCount;
|
|
259
|
+
if (redactionCount > 0) {
|
|
260
|
+
return { ...item, text: scrubbed };
|
|
261
|
+
}
|
|
262
|
+
}
|
|
263
|
+
return item;
|
|
264
|
+
});
|
|
265
|
+
// Build override result if secrets were scrubbed
|
|
266
|
+
let scrubOverride;
|
|
267
|
+
if (totalRedactions > 0) {
|
|
268
|
+
scrubOverride = { content: scrubbedContent };
|
|
269
|
+
}
|
|
222
270
|
const runner = this._extensionRunner;
|
|
223
271
|
if (!runner?.hasHandlers("tool_result")) {
|
|
224
|
-
return
|
|
272
|
+
return scrubOverride;
|
|
225
273
|
}
|
|
226
274
|
const hookResult = await runner.emitToolResult({
|
|
227
275
|
type: "tool_result",
|
|
228
276
|
toolName: toolCall.name,
|
|
229
277
|
toolCallId: toolCall.id,
|
|
230
278
|
input: args,
|
|
231
|
-
content:
|
|
279
|
+
content: scrubbedContent,
|
|
232
280
|
details: isError ? undefined : result.details,
|
|
233
281
|
isError,
|
|
234
282
|
});
|
|
235
283
|
if (!hookResult || isError) {
|
|
236
|
-
return
|
|
284
|
+
return scrubOverride;
|
|
237
285
|
}
|
|
238
286
|
return {
|
|
239
|
-
content: hookResult.content,
|
|
287
|
+
content: hookResult.content ?? scrubOverride?.content,
|
|
240
288
|
details: hookResult.details,
|
|
241
289
|
};
|
|
242
290
|
});
|