npm - @gaberrb/polypus - Versions diffs - 0.4.3 → 0.4.5 - Mend

@gaberrb/polypus 0.4.3 → 0.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -109,6 +109,7 @@ var en = {
   "cli.opt.agent": "which configured agent to use",
   "cli.opt.mode": "plan | review | bypass (overrides config)",
   "cli.opt.maxSteps": "maximum agent steps",
+  "cli.opt.json": "headless mode: emit a single JSON object (steps, tool calls, files changed, usage) instead of the TUI \u2014 use with --mode bypass",
   "cli.arg.swarmTask": "high-level task to split across agents",
   "cli.opt.agents": "comma-separated agent names (default: all configured)",
   "cli.opt.maxSubtasks": "maximum number of parallel subtasks",
@@ -135,6 +136,7 @@ var en = {
   "run.reprompt": "\u21BB no tool call \u2014 reinforcing instructions (attempt {attempt})",
   "run.autocorrect": "\u21BB tool failed \u2014 auto-correcting with extra context",
   "run.cancelled": "\u25A0 cancelled",
+  "run.jsonNeedsTask": "--json requires a task argument (headless mode has no interactive REPL).",
   // repl
   "repl.welcome": "Polypus interactive session.",
   "repl.welcomeHint": " Type /help for commands, /exit to quit.",
@@ -289,7 +291,10 @@ var en = {
   // @-mentions
   "mentions.injectedHeader": "Referenced files (@-mentions)",
   "mentions.dirHeader": "@{path} (directory listing)",
-  "mentions.notFound": "(could not resolve @{path}: not found or outside the allow-list)"
+  "mentions.notFound": "(could not resolve @{path}: not found or outside the allow-list)",
+  // safety policy
+  "policy.blockedCommand": "blocked by safety policy ({reason}) \u2014 refusing in all modes",
+  "policy.secretFound": "write blocked: a possible secret ({kind}) was found on line {line}. Remove it or load it from an environment variable instead of hard-coding it."
 };
 var ptBR = {
   "common.default": "padr\xE3o",
@@ -334,6 +339,7 @@ var ptBR = {
   "cli.opt.agent": "qual agente configurado usar",
   "cli.opt.mode": "plan | review | bypass (sobrescreve a config)",
   "cli.opt.maxSteps": "n\xFAmero m\xE1ximo de passos do agente",
+  "cli.opt.json": "modo headless: emite um \xFAnico objeto JSON (passos, tool calls, arquivos alterados, uso) em vez da TUI \u2014 use com --mode bypass",
   "cli.arg.swarmTask": "tarefa de alto n\xEDvel para dividir entre os agentes",
   "cli.opt.agents": "nomes de agentes separados por v\xEDrgula (padr\xE3o: todos)",
   "cli.opt.maxSubtasks": "n\xFAmero m\xE1ximo de subtarefas paralelas",
@@ -358,6 +364,7 @@ var ptBR = {
   "run.reprompt": "\u21BB nenhuma chamada de tool \u2014 refor\xE7ando instru\xE7\xF5es (tentativa {attempt})",
   "run.autocorrect": "\u21BB tool falhou \u2014 autocorrigindo com contexto extra",
   "run.cancelled": "\u25A0 cancelado",
+  "run.jsonNeedsTask": "--json exige um argumento de tarefa (o modo headless n\xE3o tem REPL interativo).",
   "repl.welcome": "Sess\xE3o interativa do Polypus.",
   "repl.welcomeHint": " Digite /help para comandos, /exit para sair.",
   "repl.modeChanged": "modo \u2192 {mode}",
@@ -486,6 +493,9 @@ var ptBR = {
   "mentions.injectedHeader": "Arquivos referenciados (@-mentions)",
   "mentions.dirHeader": "@{path} (conte\xFAdo do diret\xF3rio)",
   "mentions.notFound": "(n\xE3o foi poss\xEDvel resolver @{path}: n\xE3o encontrado ou fora da allow-list)",
+  // safety policy
+  "policy.blockedCommand": "bloqueado pela pol\xEDtica de seguran\xE7a ({reason}) \u2014 recusado em todos os modos",
+  "policy.secretFound": "escrita bloqueada: poss\xEDvel segredo ({kind}) encontrado na linha {line}. Remova-o ou carregue de uma vari\xE1vel de ambiente em vez de fix\xE1-lo no c\xF3digo.",
   "models.fetching": "Buscando modelos do OpenRouter\u2026",
   "models.fetchError": "N\xE3o foi poss\xEDvel buscar modelos: {msg}",
   "models.none": "Nenhum modelo corresponde aos filtros.",
@@ -1001,6 +1011,53 @@ function isCommandPreApproved(allowedCommands, command) {
   return allowedCommands.some((prefix) => c === prefix || c.startsWith(prefix.trim() + " "));
 }
+// src/core/permissions/policy.ts
+var DANGEROUS_COMMANDS = [
+  { re: /--no-preserve-root/i, reason: "rm --no-preserve-root" },
+  { re: /:\(\)\s*\{\s*:\s*\|\s*:\s*&\s*\}\s*;\s*:/, reason: "fork bomb" },
+  { re: /\bmkfs(\.\w+)?\b/i, reason: "filesystem format (mkfs)" },
+  { re: /\bdd\b[^\n]*\bof=\/dev\/(sd|nvme|hd|disk)/i, reason: "dd writing to a raw disk device" },
+  { re: />\s*\/dev\/(sd|nvme|hd|disk)/i, reason: "redirect to a raw disk device" },
+  { re: /\bchmod\s+(-[a-z]*\s+)*-?R?\s*777\s+\//i, reason: "chmod 777 on /" },
+  { re: /\b(curl|wget)\b[^\n|]*\|\s*(sudo\s+)?(sh|bash|zsh)\b/i, reason: "piping a downloaded script straight into a shell" }
+];
+function isDangerousRm(command) {
+  if (!/\brm\b/i.test(command)) return false;
+  const recursive = /(?:^|\s)-[a-z]*r[a-z]*f/i.test(command) || /(?:^|\s)-[a-z]*f[a-z]*r/i.test(command) || /(?:^|\s)-[a-z]*r\b/i.test(command) && /(?:^|\s)-[a-z]*f\b/i.test(command);
+  if (!recursive) return false;
+  return /(?:\s|^)(?:\/\*|\/|~|\$HOME|\*)(?:\s|$)/.test(command);
+}
+function screenCommand(command) {
+  if (isDangerousRm(command)) {
+    return { blocked: true, reason: "recursive force-delete of / ~ or *" };
+  }
+  for (const { re, reason } of DANGEROUS_COMMANDS) {
+    if (re.test(command)) return { blocked: true, reason };
+  }
+  return { blocked: false };
+}
+var SECRET_PATTERNS = [
+  { re: /-----BEGIN (?:RSA |EC |DSA |OPENSSH |PGP )?PRIVATE KEY-----/, kind: "private key block" },
+  { re: /\bAKIA[0-9A-Z]{16}\b/, kind: "AWS access key id" },
+  { re: /\bgh[pousr]_[A-Za-z0-9]{36,}\b/, kind: "GitHub token" },
+  { re: /\bxox[baprs]-[A-Za-z0-9-]{10,}\b/, kind: "Slack token" },
+  { re: /\bsk-[A-Za-z0-9]{32,}\b/, kind: "OpenAI-style secret key" },
+  { re: /\bAIza[0-9A-Za-z_-]{35}\b/, kind: "Google API key" }
+];
+function scanSecrets(text2) {
+  const findings = [];
+  const lines = text2.split("\n");
+  for (let i = 0; i < lines.length; i++) {
+    for (const { re, kind } of SECRET_PATTERNS) {
+      if (re.test(lines[i])) {
+        findings.push({ line: i + 1, kind });
+        break;
+      }
+    }
+  }
+  return findings;
+}
 // src/core/permissions/modes.ts
 var PermissionEngine = class {
   constructor(opts) {
@@ -1015,9 +1072,17 @@ var PermissionEngine = class {
     const d = checkPath(this.opts.policy, target);
     return d.allowed ? { allowed: true } : { allowed: false, reason: d.reason };
   }
-  async authorizeWrite(target, preview) {
+  async authorizeWrite(target, preview, content) {
     const d = checkPath(this.opts.policy, target);
     if (!d.allowed) return { allowed: false, reason: d.reason };
+    const findings = scanSecrets(content ?? preview ?? "");
+    if (findings.length > 0) {
+      const first = findings[0];
+      return {
+        allowed: false,
+        reason: t("policy.secretFound", { kind: first.kind, line: first.line })
+      };
+    }
     if (this.opts.mode === "plan") {
       return { allowed: false, reason: "plan mode: file modifications are disabled" };
     }
@@ -1026,6 +1091,10 @@ var PermissionEngine = class {
     return ok ? { allowed: true } : { allowed: false, reason: "rejected by user" };
   }
   async authorizeCommand(command) {
+    const screen = screenCommand(command);
+    if (screen.blocked) {
+      return { allowed: false, reason: t("policy.blockedCommand", { reason: screen.reason ?? "" }) };
+    }
     if (this.opts.mode === "plan") {
       return { allowed: false, reason: "plan mode: running commands is disabled" };
     }
@@ -1313,7 +1382,8 @@ var editFileTool = {
     const decision = await ctx.permissions.authorizeWrite(
       args.data.path,
       `- ${firstLine(args.data.search)}
-+ ${firstLine(args.data.replace)}`
++ ${firstLine(args.data.replace)}`,
+      args.data.replace
     );
     if (!decision.allowed) return { ok: false, output: `Edit denied: ${decision.reason}` };
     try {
@@ -1595,7 +1665,7 @@ var writeFileTool = {
       };
     }
     const preview = previewContent(args.data.content);
-    const decision = await ctx.permissions.authorizeWrite(args.data.path, preview);
+    const decision = await ctx.permissions.authorizeWrite(args.data.path, preview, args.data.content);
     if (!decision.allowed) return { ok: false, output: `Write denied: ${decision.reason}` };
     try {
       const abs = resolve6(ctx.workspace, args.data.path);
@@ -2032,6 +2102,60 @@ ${blocks.join("\n\n")}`;
   return { task: augmented, injected };
 }
+// src/cli/commands/json-output.ts
+var OUTPUT_PREVIEW = 500;
+function createJsonCollector() {
+  const log = [];
+  const filesChanged = /* @__PURE__ */ new Set();
+  const events = {
+    onStep(step) {
+      log.push({ type: "step", step });
+    },
+    onAssistantText(text2) {
+      if (text2.trim()) log.push({ type: "assistant", text: text2 });
+    },
+    onToolCall(call) {
+      log.push({ type: "tool_call", name: call.name, arguments: call.arguments });
+    },
+    onToolResult(call, result) {
+      log.push({
+        type: "tool_result",
+        name: call.name,
+        ok: result.ok,
+        output: result.output.slice(0, OUTPUT_PREVIEW)
+      });
+      if (result.ok && (call.name === "write_file" || call.name === "edit_file")) {
+        const path = call.arguments.path;
+        if (typeof path === "string") filesChanged.add(path);
+      }
+    },
+    onCorrection(call) {
+      log.push({ type: "correction", name: call.name });
+    },
+    onReprompt(attempt) {
+      log.push({ type: "reprompt", attempt });
+    },
+    onUsage() {
+    }
+  };
+  return {
+    events,
+    build(result) {
+      return {
+        result: {
+          reason: result.reason,
+          finished: result.finished,
+          steps: result.steps,
+          summary: result.summary,
+          filesChanged: [...filesChanged],
+          usage: result.usage
+        },
+        events: log
+      };
+    }
+  };
+}
 // src/ui/repl.ts
 import pc6 from "picocolors";
@@ -3285,20 +3409,23 @@ async function run(task, opts) {
     const resolved2 = createProvider(active);
     await executeTask(taskText, resolved2, workspace, session);
   };
+  if (opts.json && !task) throw new Error(t("run.jsonNeedsTask"));
   if (task) {
     const resolved2 = createProvider(agentConfig);
-    console.log(
-      pc8.dim(
-        t("run.status", {
-          name: resolved2.config.name,
-          provider: resolved2.config.provider,
-          model: resolved2.config.model,
-          toolMode: resolved2.toolMode,
-          mode: session.mode
-        })
-      )
-    );
-    await executeTask(task, resolved2, workspace, session);
+    if (!opts.json) {
+      console.log(
+        pc8.dim(
+          t("run.status", {
+            name: resolved2.config.name,
+            provider: resolved2.config.provider,
+            model: resolved2.config.model,
+            toolMode: resolved2.toolMode,
+            mode: session.mode
+          })
+        )
+      );
+    }
+    await executeTask(task, resolved2, workspace, session, opts.json ?? false);
     return;
   }
   const resolved = createProvider(agentConfig);
@@ -3321,7 +3448,7 @@ async function run(task, opts) {
   };
   await startRepl(ctx);
 }
-async function executeTask(task, resolved, workspace, session) {
+async function executeTask(task, resolved, workspace, session, json = false) {
   const mention = await resolveMentions(task, {
     workspace,
     allow: session.allow,
@@ -3329,16 +3456,18 @@ async function executeTask(task, resolved, workspace, session) {
   });
   if (mention.injected.length > 0) {
     task = mention.task;
-    console.log(pc8.dim(`\u21B3 @ ${mention.injected.join(", ")}`));
+    if (!json) console.log(pc8.dim(`\u21B3 @ ${mention.injected.join(", ")}`));
   }
   const spinner3 = new Spinner();
   const controller = new AbortController();
   const cancel2 = listenForCancel(controller);
+  const collector = json ? createJsonCollector() : void 0;
   const permissions = new PermissionEngine({
     mode: session.mode,
     policy: { workspace, allow: session.allow, deny: session.deny },
     allowedCommands: session.allowedCommands,
-    confirm: async (req) => {
+    // Headless runs have no TTY for confirmations — use --mode bypass instead.
+    confirm: json ? async () => false : async (req) => {
       spinner3.stop();
       cancel2.pause();
       const ok = await confirmAction(req);
@@ -3346,7 +3475,7 @@ async function executeTask(task, resolved, workspace, session) {
       return ok;
     }
   });
-  spinner3.start(t("ui.thinking"));
+  if (!json) spinner3.start(t("ui.thinking"));
   let result;
   try {
     result = await runAgent({
@@ -3358,13 +3487,17 @@ async function executeTask(task, resolved, workspace, session) {
       history: session.history,
       maxSteps: session.maxSteps,
       signal: controller.signal,
-      events: renderEvents(spinner3)
+      events: collector ? collector.events : renderEvents(spinner3)
     });
   } finally {
     spinner3.stop();
     cancel2.dispose();
   }
   session.history = result.messages;
+  if (collector) {
+    process.stdout.write(JSON.stringify(collector.build(result)) + "\n");
+    return;
+  }
   if (result.reason === "finished") {
     console.log(pc8.green("\n" + t("run.done", { steps: result.steps })) + (result.summary ? ` ${result.summary}` : ""));
   } else if (result.reason === "cancelled") {
@@ -4115,7 +4248,7 @@ function buildProgram() {
   program.command("add-agent").argument("<name>", t("cli.arg.addAgentName")).requiredOption("--provider <provider>", t("cli.opt.provider")).requiredOption("--model <model>", t("cli.opt.model")).option("--api-key <key>", t("cli.opt.apiKey")).option("--base-url <url>", t("cli.opt.baseUrl")).option("--tool-mode <mode>", t("cli.opt.toolMode"), "auto").option("--set-default", t("cli.opt.setDefault")).description(t("cli.cmd.addAgent")).action((name, opts) => addAgent(name, opts));
   program.command("remove-agent").argument("<name>", t("cli.arg.removeAgentName")).description(t("cli.cmd.removeAgent")).action((name) => removeAgent(name));
   program.command("list-agents").alias("agents").description(t("cli.cmd.listAgents")).action(() => listAgents());
-  program.command("run").argument("[task]", t("cli.arg.runTask")).option("--agent <name>", t("cli.opt.agent")).option("--mode <mode>", t("cli.opt.mode")).option("--max-steps <n>", t("cli.opt.maxSteps")).description(t("cli.cmd.run")).action((task, opts) => run(task, opts));
+  program.command("run").argument("[task]", t("cli.arg.runTask")).option("--agent <name>", t("cli.opt.agent")).option("--mode <mode>", t("cli.opt.mode")).option("--max-steps <n>", t("cli.opt.maxSteps")).option("--json", t("cli.opt.json")).description(t("cli.cmd.run")).action((task, opts) => run(task, opts));
   program.command("swarm").argument("<task>", t("cli.arg.swarmTask")).option("--agents <names>", t("cli.opt.agents")).option("--max-subtasks <n>", t("cli.opt.maxSubtasks")).description(t("cli.cmd.swarm")).action((task, opts) => swarm(task, opts));
   program.command("models").option("--search <text>", t("cli.opt.search")).option("--tools", t("cli.opt.toolsOnly")).option("--free", t("cli.opt.free")).option("--max-price <usd>", t("cli.opt.maxPrice")).option("--sort <order>", t("cli.opt.sort")).option("--limit <n>", t("cli.opt.limit")).description(t("cli.cmd.models")).action((opts) => models(opts));
   program.command("prd").argument("<issue>", t("cli.arg.prdIssue")).option("--out <file>", t("cli.opt.out")).option("--model <model>", t("cli.opt.model")).option("--input <file>", t("cli.opt.input")).description(t("cli.cmd.prd")).action((issue, opts) => prd(issue, opts));