npm - @gajae-code/coding-agent - Versions diffs - 0.7.2 → 0.7.4 - Mend

@gajae-code/coding-agent 0.7.2 → 0.7.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (154) hide show

package/CHANGELOG.md +86 -0
package/bin/gjc.js +4 -0
package/dist/types/cli/mcp-cli.d.ts +25 -0
package/dist/types/cli/plugin-cli.d.ts +2 -0
package/dist/types/cli.d.ts +6 -0
package/dist/types/commands/mcp.d.ts +70 -0
package/dist/types/commands/plugin.d.ts +6 -0
package/dist/types/commands/session.d.ts +6 -0
package/dist/types/config/keybindings.d.ts +2 -2
package/dist/types/config/model-profile-activation.d.ts +8 -1
package/dist/types/deep-interview/plaintext-gate-guard.d.ts +11 -0
package/dist/types/extensibility/gjc-plugins/compiler.d.ts +19 -0
package/dist/types/extensibility/gjc-plugins/constrained-hooks.d.ts +29 -0
package/dist/types/extensibility/gjc-plugins/index.d.ts +9 -0
package/dist/types/extensibility/gjc-plugins/injection.d.ts +9 -0
package/dist/types/extensibility/gjc-plugins/installer.d.ts +13 -0
package/dist/types/extensibility/gjc-plugins/mcp-policy.d.ts +26 -0
package/dist/types/extensibility/gjc-plugins/observability.d.ts +27 -0
package/dist/types/extensibility/gjc-plugins/prompt-appendix.d.ts +16 -0
package/dist/types/extensibility/gjc-plugins/registry.d.ts +32 -0
package/dist/types/extensibility/gjc-plugins/runtime-adapters.d.ts +64 -0
package/dist/types/extensibility/gjc-plugins/session-validation.d.ts +42 -0
package/dist/types/extensibility/gjc-plugins/types.d.ts +158 -2
package/dist/types/extensibility/gjc-plugins/validation.d.ts +8 -1
package/dist/types/gjc-runtime/launch-tmux.d.ts +1 -0
package/dist/types/gjc-runtime/psmux-detect.d.ts +78 -0
package/dist/types/gjc-runtime/team-runtime.d.ts +2 -0
package/dist/types/gjc-runtime/tmux-common.d.ts +20 -1
package/dist/types/gjc-runtime/tmux-sessions.d.ts +18 -0
package/dist/types/main.d.ts +2 -0
package/dist/types/modes/components/custom-editor.d.ts +1 -1
package/dist/types/modes/components/model-selector.d.ts +8 -0
package/dist/types/modes/components/status-line/git-utils.d.ts +6 -0
package/dist/types/modes/theme/defaults/index.d.ts +99 -0
package/dist/types/notifications/html-format.d.ts +11 -0
package/dist/types/notifications/index.d.ts +149 -1
package/dist/types/notifications/lifecycle-commands.d.ts +72 -0
package/dist/types/notifications/lifecycle-control-runtime.d.ts +98 -0
package/dist/types/notifications/lifecycle-orchestrator.d.ts +144 -0
package/dist/types/notifications/operator-runtime.d.ts +52 -0
package/dist/types/notifications/rate-limit-pool.d.ts +2 -0
package/dist/types/notifications/recent-activity.d.ts +35 -0
package/dist/types/notifications/telegram-daemon.d.ts +114 -16
package/dist/types/notifications/telegram-reference.d.ts +3 -1
package/dist/types/notifications/topic-registry.d.ts +12 -9
package/dist/types/runtime-mcp/types.d.ts +7 -0
package/dist/types/sdk.d.ts +2 -0
package/dist/types/session/agent-session.d.ts +14 -4
package/dist/types/session/blob-store.d.ts +25 -0
package/dist/types/session/session-manager.d.ts +57 -0
package/dist/types/slash-commands/helpers/fast-status-report.d.ts +6 -0
package/dist/types/system-prompt.d.ts +2 -0
package/dist/types/task/executor.d.ts +9 -1
package/dist/types/tools/composer-bash-policy.d.ts +14 -0
package/dist/types/tools/index.d.ts +3 -1
package/dist/types/utils/changelog.d.ts +1 -0
package/dist/types/web/insane/url-guard.d.ts +6 -3
package/dist/types/web/scrapers/types.d.ts +5 -0
package/dist/types/web/scrapers/utils.d.ts +7 -1
package/package.json +11 -9
package/scripts/g004-tmux-smoke.ts +100 -0
package/scripts/g005-daemon-smoke.ts +181 -0
package/scripts/g011-daemon-path-smoke.ts +153 -0
package/src/cli/mcp-cli.ts +272 -0
package/src/cli/plugin-cli.ts +66 -3
package/src/cli.ts +27 -6
package/src/commands/mcp.ts +117 -0
package/src/commands/plugin.ts +4 -0
package/src/commands/session.ts +18 -0
package/src/config/keybindings.ts +2 -2
package/src/config/model-profile-activation.ts +55 -7
package/src/deep-interview/plaintext-gate-guard.ts +94 -0
package/src/defaults/gjc/extensions/grok-cli-vendor/biome.json +1 -1
package/src/defaults/gjc/skills/deep-interview/SKILL.md +7 -6
package/src/defaults/gjc/skills/team/SKILL.md +5 -3
package/src/defaults/gjc/skills/ultragoal/SKILL.md +41 -13
package/src/export/html/index.ts +2 -2
package/src/extensibility/extensions/runner.ts +1 -0
package/src/extensibility/gjc-plugins/compiler.ts +351 -0
package/src/extensibility/gjc-plugins/constrained-hooks.ts +170 -0
package/src/extensibility/gjc-plugins/index.ts +9 -0
package/src/extensibility/gjc-plugins/injection.ts +109 -0
package/src/extensibility/gjc-plugins/installer.ts +434 -0
package/src/extensibility/gjc-plugins/loader.ts +3 -1
package/src/extensibility/gjc-plugins/mcp-policy.ts +239 -0
package/src/extensibility/gjc-plugins/observability.ts +84 -0
package/src/extensibility/gjc-plugins/paths.ts +1 -1
package/src/extensibility/gjc-plugins/prompt-appendix.ts +109 -0
package/src/extensibility/gjc-plugins/registry.ts +180 -0
package/src/extensibility/gjc-plugins/runtime-adapters.ts +234 -0
package/src/extensibility/gjc-plugins/schema.ts +250 -20
package/src/extensibility/gjc-plugins/session-validation.ts +147 -0
package/src/extensibility/gjc-plugins/types.ts +199 -3
package/src/extensibility/gjc-plugins/validation.ts +80 -0
package/src/extensibility/skills.ts +15 -0
package/src/gjc-runtime/launch-tmux.ts +61 -7
package/src/gjc-runtime/psmux-detect.ts +239 -0
package/src/gjc-runtime/team-runtime.ts +56 -23
package/src/gjc-runtime/tmux-common.ts +30 -3
package/src/gjc-runtime/tmux-sessions.ts +51 -1
package/src/gjc-runtime/ultragoal-guard.ts +25 -8
package/src/gjc-runtime/ultragoal-runtime.ts +75 -15
package/src/hooks/skill-state.ts +57 -0
package/src/internal-urls/docs-index.generated.ts +12 -8
package/src/main.ts +14 -3
package/src/modes/bridge/bridge-mode.ts +11 -0
package/src/modes/components/custom-editor.ts +2 -0
package/src/modes/components/footer.ts +2 -3
package/src/modes/components/hook-editor.ts +1 -1
package/src/modes/components/hook-selector.ts +67 -43
package/src/modes/components/model-selector.ts +56 -11
package/src/modes/components/status-line/git-utils.ts +25 -0
package/src/modes/components/status-line.ts +10 -11
package/src/modes/components/welcome.ts +2 -3
package/src/modes/controllers/extension-ui-controller.ts +0 -27
package/src/modes/controllers/selector-controller.ts +53 -11
package/src/modes/interactive-mode.ts +4 -1
package/src/modes/shared/agent-wire/scopes.ts +1 -1
package/src/modes/theme/defaults/gruvbox-dark.json +99 -0
package/src/modes/theme/defaults/index.ts +2 -0
package/src/modes/utils/hotkeys-markdown.ts +1 -1
package/src/notifications/html-format.ts +38 -0
package/src/notifications/index.ts +242 -12
package/src/notifications/lifecycle-commands.ts +228 -0
package/src/notifications/lifecycle-control-runtime.ts +400 -0
package/src/notifications/lifecycle-orchestrator.ts +358 -0
package/src/notifications/operator-runtime.ts +171 -0
package/src/notifications/rate-limit-pool.ts +19 -0
package/src/notifications/recent-activity.ts +132 -0
package/src/notifications/telegram-daemon.ts +778 -257
package/src/notifications/telegram-reference.ts +25 -7
package/src/notifications/topic-registry.ts +23 -9
package/src/prompts/agents/executor.md +2 -2
package/src/runtime-mcp/transports/stdio.ts +38 -4
package/src/runtime-mcp/types.ts +7 -0
package/src/sdk.ts +157 -10
package/src/session/agent-session.ts +166 -74
package/src/session/blob-store.ts +196 -8
package/src/session/session-manager.ts +678 -7
package/src/slash-commands/builtin-registry.ts +23 -3
package/src/slash-commands/helpers/fast-status-report.ts +13 -3
package/src/slash-commands/helpers/parse.ts +2 -1
package/src/system-prompt.ts +9 -0
package/src/task/executor.ts +31 -7
package/src/task/index.ts +2 -0
package/src/tools/ask.ts +5 -1
package/src/tools/bash.ts +9 -0
package/src/tools/composer-bash-policy.ts +96 -0
package/src/tools/fetch.ts +18 -2
package/src/tools/index.ts +3 -1
package/src/utils/changelog.ts +8 -0
package/src/web/insane/url-guard.ts +18 -14
package/src/web/scrapers/types.ts +143 -45
package/src/web/scrapers/utils.ts +70 -19

package/src/web/scrapers/types.ts CHANGED Viewed

@@ -6,6 +6,8 @@ import type TurndownService from "turndown";
 import type { AgentStorage } from "../../session/agent-storage";
 import { ToolAbortError } from "../../tools/tool-errors";
+import type { AddressResolver } from "../insane/url-guard";
+import { validatePublicHttpUrl } from "../insane/url-guard";
 export { formatNumber } from "@gajae-code/utils";
@@ -35,6 +37,7 @@ const USER_AGENTS = [
 	"Mozilla/5.0 (compatible; TextBot/1.0)",
 	"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
 ];
+const REDIRECT_STATUSES = new Set([301, 302, 303, 307, 308]);
 function isBotBlocked(status: number, content: string): boolean {
 	if (status === 403 || status === 503) {
@@ -70,6 +73,9 @@ export interface LoadPageOptions {
 	body?: string;
 	maxBytes?: number;
 	signal?: AbortSignal;
+	publicUrlGuard?: boolean;
+	resolver?: AddressResolver;
+	maxRedirects?: number;
 }
 export interface LoadPageResult {
@@ -78,87 +84,179 @@ export interface LoadPageResult {
 	finalUrl: string;
 	ok: boolean;
 	status?: number;
+	error?: string;
+}
+async function guardPublicFetchUrl(
+	rawUrl: string,
+	resolver: AddressResolver | undefined,
+	context: string,
+): Promise<{ ok: true; url: string } | { ok: false; error: string; finalUrl: string }> {
+	const guard = await validatePublicHttpUrl(rawUrl, { resolver });
+	if (guard.ok) return { ok: true, url: guard.url.toString() };
+	return {
+		ok: false,
+		error: `${context}: target URL is not public HTTP(S): ${guard.reason}`,
+		finalUrl: rawUrl,
+	};
+}
+function shouldRewriteRedirectMethod(status: number, method: string): boolean {
+	const normalized = method.toUpperCase();
+	return status === 303 || ((status === 301 || status === 302) && normalized === "POST");
 }
 /**
  * Fetch a page with timeout and size limit
  */
 export async function loadPage(url: string, options: LoadPageOptions = {}): Promise<LoadPageResult> {
-	const { timeout = 20, headers = {}, maxBytes = MAX_BYTES, signal, method = "GET", body } = options;
+	const {
+		timeout = 20,
+		headers = {},
+		maxBytes = MAX_BYTES,
+		signal,
+		method = "GET",
+		body,
+		publicUrlGuard = true,
+		resolver,
+		maxRedirects = 10,
+	} = options;
+	let initialUrl = url;
+	if (publicUrlGuard) {
+		const guarded = await guardPublicFetchUrl(url, resolver, "Blocked URL fetch");
+		if (!guarded.ok) {
+			return {
+				content: "",
+				contentType: "",
+				finalUrl: guarded.finalUrl,
+				ok: false,
+				error: guarded.error,
+			};
+		}
+		initialUrl = guarded.url;
+	}
-	for (let attempt = 0; attempt < USER_AGENTS.length; attempt++) {
+	attempts: for (let attempt = 0; attempt < USER_AGENTS.length; attempt++) {
 		if (signal?.aborted) {
 			throw new ToolAbortError();
 		}
 		const userAgent = USER_AGENTS[attempt];
 		const requestSignal = ptree.combineSignals(signal, timeout * 1000);
+		let currentUrl = initialUrl;
+		let currentMethod = method;
+		let currentBody = body;
 		try {
-			const requestInit: RequestInit = {
-				signal: requestSignal,
-				method,
-				headers: {
-					"User-Agent": userAgent,
-					Accept: "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
-					"Accept-Language": "en-US,en;q=0.5",
-					"Accept-Encoding": "identity", // Cloudflare Markdown-for-Agents returns corrupted bytes when compression is negotiated
-					...headers,
-				},
-				redirect: "follow",
-			};
+			for (let redirectCount = 0; redirectCount <= maxRedirects; redirectCount++) {
+				const requestInit: RequestInit = {
+					signal: requestSignal,
+					method: currentMethod,
+					headers: {
+						"User-Agent": userAgent,
+						Accept: "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
+						"Accept-Language": "en-US,en;q=0.5",
+						"Accept-Encoding": "identity", // Cloudflare Markdown-for-Agents returns corrupted bytes when compression is negotiated
+						...headers,
+					},
+					redirect: "manual",
+				};
+				if (currentBody !== undefined) {
+					requestInit.body = currentBody;
+				}
-			if (body !== undefined) {
-				requestInit.body = body;
-			}
+				const response = await fetch(currentUrl, requestInit);
+				if (REDIRECT_STATUSES.has(response.status)) {
+					const location = response.headers.get("location");
+					if (!location) {
+						return {
+							content: "",
+							contentType: "",
+							finalUrl: currentUrl,
+							ok: false,
+							status: response.status,
+							error: "Redirect response missing Location header",
+						};
+					}
+					const redirectUrl = new URL(location, currentUrl).toString();
+					if (publicUrlGuard) {
+						const guarded = await guardPublicFetchUrl(redirectUrl, resolver, "Blocked URL redirect");
+						if (!guarded.ok) {
+							return {
+								content: "",
+								contentType: "",
+								finalUrl: guarded.finalUrl,
+								ok: false,
+								status: response.status,
+								error: guarded.error,
+							};
+						}
+						currentUrl = guarded.url;
+					} else {
+						currentUrl = redirectUrl;
+					}
+					if (shouldRewriteRedirectMethod(response.status, currentMethod)) {
+						currentMethod = "GET";
+						currentBody = undefined;
+					}
+					continue;
+				}
-			const response = await fetch(url, requestInit);
+				const contentType = response.headers.get("content-type")?.split(";")[0]?.trim().toLowerCase() ?? "";
+				const finalUrl = response.url || currentUrl;
-			const contentType = response.headers.get("content-type")?.split(";")[0]?.trim().toLowerCase() ?? "";
-			const finalUrl = response.url;
+				const reader = response.body?.getReader();
+				if (!reader) {
+					return { content: "", contentType, finalUrl, ok: false, status: response.status };
+				}
-			const reader = response.body?.getReader();
-			if (!reader) {
-				return { content: "", contentType, finalUrl, ok: false, status: response.status };
-			}
+				const chunks: Uint8Array[] = [];
+				let totalSize = 0;
-			const chunks: Uint8Array[] = [];
-			let totalSize = 0;
+				while (true) {
+					const { done, value } = await reader.read();
+					if (done) break;
-			while (true) {
-				const { done, value } = await reader.read();
-				if (done) break;
+					chunks.push(value);
+					totalSize += value.length;
-				chunks.push(value);
-				totalSize += value.length;
+					if (totalSize > maxBytes) {
+						reader.cancel();
+						break;
+					}
+				}
-				if (totalSize > maxBytes) {
-					reader.cancel();
-					break;
+				const content = Buffer.concat(chunks).toString("utf-8");
+				if (isBotBlocked(response.status, content) && attempt < USER_AGENTS.length - 1) {
+					continue attempts;
 				}
-			}
-			const content = Buffer.concat(chunks).toString("utf-8");
-			if (isBotBlocked(response.status, content) && attempt < USER_AGENTS.length - 1) {
-				continue;
-			}
+				if (!response.ok) {
+					return { content, contentType, finalUrl, ok: false, status: response.status };
+				}
-			if (!response.ok) {
-				return { content, contentType, finalUrl, ok: false, status: response.status };
+				return { content, contentType, finalUrl, ok: true, status: response.status };
 			}
-			return { content, contentType, finalUrl, ok: true, status: response.status };
+			return {
+				content: "",
+				contentType: "",
+				finalUrl: currentUrl,
+				ok: false,
+				error: `Too many redirects (${maxRedirects})`,
+			};
 		} catch {
 			if (signal?.aborted) {
 				throw new ToolAbortError();
 			}
 			if (attempt === USER_AGENTS.length - 1) {
-				return { content: "", contentType: "", finalUrl: url, ok: false };
+				return { content: "", contentType: "", finalUrl: currentUrl, ok: false };
 			}
 		}
 	}
-	return { content: "", contentType: "", finalUrl: url, ok: false };
+	return { content: "", contentType: "", finalUrl: initialUrl, ok: false };
 }
 /** Module-level Turndown instance — built lazily on first use. */

package/src/web/scrapers/utils.ts CHANGED Viewed

@@ -4,6 +4,8 @@ export { isRecord };
 import { ToolAbortError } from "../../tools/tool-errors";
 import { convertBufferWithMarkit } from "../../utils/markit";
+import type { AddressResolver } from "../insane/url-guard";
+import { validatePublicHttpUrl } from "../insane/url-guard";
 import { MAX_BYTES } from "./types";
 export function asRecord(value: unknown): Record<string, unknown> | null {
@@ -28,6 +30,14 @@ export interface BinaryFetchSuccess {
 export type BinaryFetchResult = BinaryFetchSuccess | { ok: false; error?: string };
+export interface FetchBinaryOptions {
+	publicUrlGuard?: boolean;
+	resolver?: AddressResolver;
+	maxRedirects?: number;
+}
+const REDIRECT_STATUSES = new Set([301, 302, 303, 307, 308]);
 async function readResponseWithLimit(response: Response, maxBytes: number, signal?: AbortSignal): Promise<Uint8Array> {
 	const reader = response.body?.getReader();
 	if (!reader) return new Uint8Array(0);
@@ -60,34 +70,75 @@ async function readResponseWithLimit(response: Response, maxBytes: number, signa
 	return new Uint8Array(Buffer.concat(chunks, totalBytes));
 }
+async function guardPublicBinaryUrl(
+	rawUrl: string,
+	resolver: AddressResolver | undefined,
+	context: string,
+): Promise<{ ok: true; url: string } | { ok: false; error: string }> {
+	const guard = await validatePublicHttpUrl(rawUrl, { resolver });
+	if (guard.ok) return { ok: true, url: guard.url.toString() };
+	return { ok: false, error: `${context}: target URL is not public HTTP(S): ${guard.reason}` };
+}
 /**
  * Fetch binary content from a URL
  */
-export async function fetchBinary(url: string, timeout: number = 20, signal?: AbortSignal): Promise<BinaryFetchResult> {
+export async function fetchBinary(
+	url: string,
+	timeout: number = 20,
+	signal?: AbortSignal,
+	options: FetchBinaryOptions = {},
+): Promise<BinaryFetchResult> {
 	const requestSignal = ptree.combineSignals(signal, timeout * 1000);
+	const { publicUrlGuard = true, resolver, maxRedirects = 10 } = options;
 	try {
-		const response = await fetch(url, {
-			signal: requestSignal,
-			headers: {
-				"User-Agent": "Mozilla/5.0 (compatible; TextBot/1.0)",
-			},
-			redirect: "follow",
-		});
-		if (!response.ok) {
-			return { ok: false, error: `HTTP ${response.status}` };
+		let currentUrl = url;
+		if (publicUrlGuard) {
+			const guarded = await guardPublicBinaryUrl(url, resolver, "Blocked binary fetch");
+			if (!guarded.ok) return { ok: false, error: guarded.error };
+			currentUrl = guarded.url;
 		}
-		const contentDisposition = response.headers.get("content-disposition") || undefined;
-		const contentLength = response.headers.get("content-length");
-		if (contentLength) {
-			const size = Number.parseInt(contentLength, 10);
-			if (Number.isFinite(size) && size > MAX_BYTES) {
-				return { ok: false, error: `content-length ${size} exceeds ${MAX_BYTES}` };
+		for (let redirectCount = 0; redirectCount <= maxRedirects; redirectCount++) {
+			const response = await fetch(currentUrl, {
+				signal: requestSignal,
+				headers: {
+					"User-Agent": "Mozilla/5.0 (compatible; TextBot/1.0)",
+				},
+				redirect: "manual",
+			});
+			if (REDIRECT_STATUSES.has(response.status)) {
+				const location = response.headers.get("location");
+				if (!location) return { ok: false, error: "Redirect response missing Location header" };
+				const redirectUrl = new URL(location, currentUrl).toString();
+				if (publicUrlGuard) {
+					const guarded = await guardPublicBinaryUrl(redirectUrl, resolver, "Blocked binary redirect");
+					if (!guarded.ok) return { ok: false, error: guarded.error };
+					currentUrl = guarded.url;
+				} else {
+					currentUrl = redirectUrl;
+				}
+				continue;
+			}
+			if (!response.ok) {
+				return { ok: false, error: `HTTP ${response.status}` };
 			}
+			const contentDisposition = response.headers.get("content-disposition") || undefined;
+			const contentLength = response.headers.get("content-length");
+			if (contentLength) {
+				const size = Number.parseInt(contentLength, 10);
+				if (Number.isFinite(size) && size > MAX_BYTES) {
+					return { ok: false, error: `content-length ${size} exceeds ${MAX_BYTES}` };
+				}
+			}
+			const buffer = await readResponseWithLimit(response, MAX_BYTES, requestSignal);
+			return { ok: true, buffer, contentDisposition };
 		}
-		const buffer = await readResponseWithLimit(response, MAX_BYTES, requestSignal);
-		return { ok: true, buffer, contentDisposition };
+		return { ok: false, error: `Too many redirects (${maxRedirects})` };
 	} catch (err) {
 		if (signal?.aborted) throw new ToolAbortError();
 		if (requestSignal?.aborted) return { ok: false, error: "aborted" };