npm - @gajae-code/coding-agent - Versions diffs - 0.7.1 → 0.7.3 - Mend

@gajae-code/coding-agent 0.7.1 → 0.7.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (135) hide show

package/CHANGELOG.md +57 -0
package/dist/types/cli/mcp-cli.d.ts +25 -0
package/dist/types/cli/notify-cli.d.ts +2 -0
package/dist/types/cli.d.ts +6 -0
package/dist/types/commands/mcp.d.ts +70 -0
package/dist/types/config/keybindings.d.ts +2 -2
package/dist/types/config/settings-schema.d.ts +39 -2
package/dist/types/deep-interview/plaintext-gate-guard.d.ts +11 -0
package/dist/types/extensibility/shared-events.d.ts +1 -0
package/dist/types/gjc-runtime/ralplan-runtime.d.ts +1 -1
package/dist/types/lsp/types.d.ts +2 -0
package/dist/types/modes/components/custom-editor.d.ts +1 -1
package/dist/types/modes/components/model-selector.d.ts +2 -0
package/dist/types/modes/components/status-line/git-utils.d.ts +6 -0
package/dist/types/modes/theme/defaults/index.d.ts +99 -0
package/dist/types/notifications/attachment-registry.d.ts +17 -0
package/dist/types/notifications/chat-adapters.d.ts +9 -0
package/dist/types/notifications/config.d.ts +9 -1
package/dist/types/notifications/engine.d.ts +59 -0
package/dist/types/notifications/managed-daemon.d.ts +48 -0
package/dist/types/notifications/operator-runtime.d.ts +52 -0
package/dist/types/notifications/telegram-daemon.d.ts +73 -16
package/dist/types/notifications/threaded-inbound.d.ts +19 -0
package/dist/types/notifications/threaded-render.d.ts +6 -1
package/dist/types/notifications/topic-registry.d.ts +2 -0
package/dist/types/session/agent-session.d.ts +2 -0
package/dist/types/tools/composer-bash-policy.d.ts +14 -0
package/dist/types/tools/fetch.d.ts +23 -0
package/dist/types/tools/index.d.ts +1 -0
package/dist/types/tools/telegram-send.d.ts +32 -0
package/dist/types/web/insane/bridge.d.ts +103 -0
package/dist/types/web/insane/url-guard.d.ts +25 -0
package/dist/types/web/scrapers/types.d.ts +5 -0
package/dist/types/web/scrapers/utils.d.ts +7 -1
package/dist/types/web/search/provider.d.ts +18 -1
package/dist/types/web/search/providers/insane.d.ts +53 -0
package/dist/types/web/search/providers/text-citations.d.ts +23 -0
package/dist/types/web/search/types.d.ts +12 -4
package/package.json +10 -8
package/scripts/verify-insane-vendor.ts +132 -0
package/src/cli/args.ts +1 -1
package/src/cli/fast-help.ts +1 -1
package/src/cli/mcp-cli.ts +272 -0
package/src/cli/notify-cli.ts +152 -5
package/src/cli.ts +6 -2
package/src/commands/mcp.ts +117 -0
package/src/commands/team.ts +1 -1
package/src/config/keybindings.ts +2 -2
package/src/config/settings-schema.ts +30 -1
package/src/deep-interview/plaintext-gate-guard.ts +94 -0
package/src/defaults/gjc/skills/deep-interview/SKILL.md +4 -3
package/src/defaults/gjc/skills/ralplan/SKILL.md +11 -4
package/src/defaults/gjc/skills/team/SKILL.md +3 -2
package/src/extensibility/extensions/runner.ts +1 -0
package/src/extensibility/shared-events.ts +1 -0
package/src/gjc-runtime/launch-tmux.ts +17 -3
package/src/gjc-runtime/ledger-event-renderer.ts +1 -0
package/src/gjc-runtime/ralplan-runtime.ts +2 -2
package/src/gjc-runtime/tmux-common.ts +3 -1
package/src/gjc-runtime/ultragoal-guard.ts +25 -8
package/src/gjc-runtime/workflow-manifest.generated.json +29 -0
package/src/gjc-runtime/workflow-manifest.ts +7 -2
package/src/hooks/skill-state.ts +57 -0
package/src/internal-urls/docs-index.generated.ts +14 -11
package/src/lsp/config.ts +16 -3
package/src/lsp/defaults.json +7 -0
package/src/lsp/types.ts +2 -0
package/src/modes/bridge/bridge-mode.ts +11 -0
package/src/modes/components/custom-editor.ts +2 -0
package/src/modes/components/footer.ts +2 -3
package/src/modes/components/model-selector.ts +12 -0
package/src/modes/components/status-line/git-utils.ts +25 -0
package/src/modes/components/status-line.ts +10 -11
package/src/modes/components/welcome.ts +2 -3
package/src/modes/controllers/event-controller.ts +15 -0
package/src/modes/controllers/selector-controller.ts +3 -0
package/src/modes/interactive-mode.ts +48 -3
package/src/modes/shared/agent-wire/scopes.ts +1 -1
package/src/modes/theme/defaults/gruvbox-dark.json +99 -0
package/src/modes/theme/defaults/index.ts +2 -0
package/src/modes/utils/context-usage.ts +2 -2
package/src/notifications/attachment-registry.ts +23 -0
package/src/notifications/chat-adapters.ts +147 -0
package/src/notifications/config.ts +23 -2
package/src/notifications/engine.ts +100 -0
package/src/notifications/index.ts +180 -38
package/src/notifications/managed-daemon.ts +163 -0
package/src/notifications/operator-runtime.ts +171 -0
package/src/notifications/telegram-daemon.ts +553 -236
package/src/notifications/threaded-inbound.ts +60 -4
package/src/notifications/threaded-render.ts +20 -2
package/src/notifications/topic-registry.ts +5 -0
package/src/session/agent-session.ts +82 -51
package/src/slash-commands/helpers/parse.ts +2 -1
package/src/tools/bash.ts +9 -0
package/src/tools/composer-bash-policy.ts +96 -0
package/src/tools/fetch.ts +94 -1
package/src/tools/index.ts +3 -0
package/src/tools/telegram-send.ts +137 -0
package/src/web/insane/bridge.ts +350 -0
package/src/web/insane/url-guard.ts +159 -0
package/src/web/scrapers/types.ts +143 -45
package/src/web/scrapers/utils.ts +70 -19
package/src/web/search/provider.ts +77 -18
package/src/web/search/providers/anthropic.ts +70 -3
package/src/web/search/providers/codex.ts +1 -119
package/src/web/search/providers/gemini.ts +99 -0
package/src/web/search/providers/insane.ts +551 -0
package/src/web/search/providers/openai-compatible.ts +66 -32
package/src/web/search/providers/text-citations.ts +111 -0
package/src/web/search/types.ts +13 -2
package/vendor/insane-search/LICENSE +21 -0
package/vendor/insane-search/MANIFEST.json +24 -0
package/vendor/insane-search/engine/__init__.py +23 -0
package/vendor/insane-search/engine/__main__.py +128 -0
package/vendor/insane-search/engine/bias_check.py +183 -0
package/vendor/insane-search/engine/executor.py +254 -0
package/vendor/insane-search/engine/fetch_chain.py +725 -0
package/vendor/insane-search/engine/learning.py +175 -0
package/vendor/insane-search/engine/phase0.py +214 -0
package/vendor/insane-search/engine/safety.py +91 -0
package/vendor/insane-search/engine/templates/package.json +11 -0
package/vendor/insane-search/engine/templates/playwright_mobile_chrome.js +188 -0
package/vendor/insane-search/engine/templates/playwright_real_chrome.js +243 -0
package/vendor/insane-search/engine/tests/test_hardening.py +57 -0
package/vendor/insane-search/engine/tests/test_smoke.py +152 -0
package/vendor/insane-search/engine/tests/test_u1.py +200 -0
package/vendor/insane-search/engine/tests/test_u4.py +131 -0
package/vendor/insane-search/engine/tests/test_u5.py +163 -0
package/vendor/insane-search/engine/tests/test_u7.py +124 -0
package/vendor/insane-search/engine/transport.py +211 -0
package/vendor/insane-search/engine/url_transforms.py +98 -0
package/vendor/insane-search/engine/validators.py +331 -0
package/vendor/insane-search/engine/waf_detector.py +214 -0
package/vendor/insane-search/engine/waf_profiles.yaml +162 -0

package/vendor/insane-search/engine/waf_profiles.yaml ADDED Viewed

@@ -0,0 +1,162 @@
+# WAF Product Profiles — never site-specific.
+#
+# NO-SITE-NAME RULE:
+#   * Key names are WAF products (akamai_bot_manager), not sites.
+#   * Detectors use product artifacts (cookies / headers / vendor strings).
+#   * Field values (markers, cookie names) must appear in any site running
+#     that WAF, not just one. If a value only fits one site, it belongs
+#     to runtime hints / observations, not this file.
+#
+# Profiles are *recommendations*, not deterministic recipes. The planner
+# treats them as priors; attempts always evaluate real responses.
+#
+# Timestamp each profile entry. If stale (> 6 months), cross-validate.
+_meta:
+  schema_version: 1
+  last_reviewed: "2026-04-21"
+akamai_bot_manager:
+  detectors:
+    cookie: ["_abck", "bm_sz", "ak_bmsc", "bm_sv", "bm_so"]
+    header: ["X-Akamai-*"]
+    server_contains: ["AkamaiGHost"]
+    body: ["sec-if-cpt-container", "Powered and protected by Akamai"]
+  confidence_rules:
+    # Multi-signal gating — single marker insufficient.
+    strong: 2     # any 2 signals from above → confidence 0.9
+    weak: 1       # 1 signal → confidence 0.6
+  capabilities_needed:
+    - needs_real_tls_stack   # Playwright Chromium (BoringSSL) is detected
+    - needs_js_exec          # 2.6KB challenge requires JS sensor
+  tls_impersonate_candidates:
+    # Every impersonate target curl_cffi supports that historically yielded
+    # at least a challenge page (i.e. IP still alive) rather than an outright
+    # TLS reject. Grouped by family; planner tries top groups first.
+    # Refresh quarterly — vendor WAFs shift which TLS fingerprints they trust.
+    - [safari, safari15_3, safari15_5, safari17_0, safari260]
+    - [safari_ios, safari17_2_ios, safari260_ios]
+    - [chrome99, chrome100, chrome101, chrome104, chrome110, chrome116, chrome119, chrome124, chrome131, chrome133a, chrome136, chrome145, chrome146]
+    - [chrome_android, chrome131_android]
+    - [edge99, edge101]
+  tls_impersonate_avoid:
+    # Empirically observed to 403 immediately (TLS fingerprint blacklisted).
+    # DO NOT hard-block — planner deprioritizes only. Refresh quarterly.
+    - safari18_0
+    - chrome107
+    - chrome120
+    - chrome123
+    - chrome145     # curl_cffi 0.11+ needed — mark avoid for older installs
+    - chrome146
+    - firefox
+    - firefox133
+    - firefox135
+  referer_strategies:
+    - self_root    # scheme://host/
+  url_transform_order:
+    - original
+    - mobile_subdomain   # www.* → m.* — strong observational win in SSR sites
+  fallback_when_challenge:
+    - curl_grid_exhaust   # try more impersonate × referer × url combos
+    - playwright_real_chrome
+  notes: |
+    DO NOT encode site-specific selectors or byte-size fingerprints here.
+    Those belong to caller's success_selectors param or observations log.
+cloudflare_turnstile:
+  detectors:
+    cookie: ["cf_clearance", "__cf_bm", "__cfduid"]
+    header: ["cf-ray", "cf-cache-status"]
+    server_contains: ["cloudflare"]
+    body: ["Just a moment...", "Checking your browser", "cf-chl-bypass", "Attention Required! | Cloudflare"]
+  capabilities_needed:
+    - needs_js_exec        # MCP Playwright Chromium OK — no real-TLS required
+  tls_impersonate_candidates:
+    - [chrome, chrome_android]
+  referer_strategies:
+    - google_search
+    - self_root
+  fallback_when_challenge:
+    - playwright_mcp       # MCP sufficient; Chromium TLS passes CF baseline
+    - playwright_real_chrome
+f5_big_ip:
+  detectors:
+    cookie: ["BigIPServer", "TS01*", "F5_*"]
+    body: ["The requested URL was rejected", "support ID is:"]
+  capabilities_needed:
+    - needs_real_tls_stack
+  tls_impersonate_candidates:
+    - [safari, chrome]
+  referer_strategies:
+    - self_root
+aws_waf:
+  detectors:
+    cookie: ["aws-waf-token"]
+    header: ["x-amzn-requestid", "x-amzn-errortype", "x-amzn-waf-*"]
+  capabilities_needed:
+    - needs_real_tls_stack
+  tls_impersonate_candidates:
+    - [chrome]
+  referer_strategies:
+    - self_root
+datadome_probable:
+  detectors:
+    cookie: ["datadome"]
+    body: ["DataDome"]
+  capabilities_needed:
+    - needs_real_tls_stack
+    - needs_js_exec
+  tls_impersonate_candidates:
+    - [safari, chrome]
+  fallback_when_challenge:
+    - playwright_real_chrome
+  notes: |
+    "_probable" suffix reminds us this is a growing attack surface — mark
+    as tentative until cross-site evidence accumulates in observations/.
+perimeterx_human:
+  detectors:
+    cookie: ["_px3", "_pxhd", "_px2", "pxcts"]
+    body: ["px-captcha", "Press & Hold to confirm you are a human"]
+  capabilities_needed:
+    - needs_real_tls_stack
+    - needs_js_exec
+  tls_impersonate_candidates:
+    - [safari, chrome]
+  fallback_when_challenge:
+    - playwright_real_chrome
+  notes: |
+    PerimeterX (now HUMAN Bot Defender). Distinct cookie family from
+    DataDome. Keep profiles separate so planner does not pick wrong
+    fallback strategy.
+# ---------------------------------------------------------------------------
+# Safety net: always-valid fallback profile.
+# ---------------------------------------------------------------------------
+unknown_challenge:
+  detectors: {}   # never matches actively — used only when no other profile fires
+  confidence_rules:
+    strong: 0
+    weak: 0
+  capabilities_needed:
+    - needs_js_exec     # conservative default
+  tls_impersonate_candidates:
+    - [safari, chrome, firefox]
+    - [safari_ios, chrome_android]
+  referer_strategies:
+    - self_root
+    - google_search
+    - none
+  url_transform_order:
+    - original
+    - mobile_subdomain
+  fallback_when_challenge:
+    - playwright_mcp
+    - playwright_real_chrome
+  notes: |
+    When detector returns low-confidence results we land here. Broad,
+    conservative grid. Evidence from these runs should feed observations/
+    for eventual profile promotion.