@genspark/cli 1.0.13 → 1.0.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/design.d.ts +37 -0
- package/dist/commands/design.d.ts.map +1 -0
- package/dist/commands/design.js +990 -0
- package/dist/commands/design.js.map +1 -0
- package/dist/index.js +134 -2
- package/dist/index.js.map +1 -1
- package/docs/skills.md +6 -5
- package/package.json +1 -1
- package/skills/gsk-design/SKILL.md +110 -0
- package/skills/gsk-gmail/SKILL.md +12 -10
- package/skills/gsk-outlook-email/SKILL.md +13 -11
- package/skills/gsk-sharepoint/SKILL.md +12 -7
- package/skills/gsk-sharepoint-upload/SKILL.md +45 -0
- package/skills/gsk-video-generation/SKILL.md +1 -1
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* `gsk design [path]` — local cc-bridge daemon for Genspark Designer V2 / V3.
|
|
3
|
+
*
|
|
4
|
+
* Hosts two HTTP servers on 127.0.0.1, mirroring the protocol Tiffany's
|
|
5
|
+
* private Anthropic CC binary speaks to claude.ai/design. Once the URL is
|
|
6
|
+
* opened in the user's browser, the FE side of cc-bridge (see
|
|
7
|
+
* `frontend-nuxt/utils/cc_bridge.ts`) redeems the nonce, registers the 6
|
|
8
|
+
* cc_* tool handlers in the client-tool dispatcher, and dispatches LLM
|
|
9
|
+
* tool calls over this bridge.
|
|
10
|
+
*
|
|
11
|
+
* Servers:
|
|
12
|
+
* - Exchange: port 47820 (well-known), POST /exchange {nonce} →
|
|
13
|
+
* {port, token, prompt, cwd, ls_tree}. Single-use — second hit on
|
|
14
|
+
* the same nonce returns 410 Gone.
|
|
15
|
+
* - Data: random port, bearer-authenticated routes
|
|
16
|
+
* /ls /read /grep /exec /back_to_cc /context. Auth = Authorization:
|
|
17
|
+
* Bearer + X-Bridge-Token (both headers must match the issued token,
|
|
18
|
+
* to force a fetch/CORS preflight and block <form>/<img> CSRF).
|
|
19
|
+
*
|
|
20
|
+
* Security:
|
|
21
|
+
* - Bind 127.0.0.1 only — never 0.0.0.0.
|
|
22
|
+
* - Origin allowlist enforced via CORS preflight (`https://www.genspark.ai`
|
|
23
|
+
* + `http://localhost:3000-3099` for dev).
|
|
24
|
+
* - Host header strict-check: must be `127.0.0.1:<port>` or
|
|
25
|
+
* `localhost:<port>` — blocks DNS rebinding.
|
|
26
|
+
* - Path inputs are normalized + rejected on `..`, absolute paths,
|
|
27
|
+
* NUL bytes. Symlink escape blocked via realpath check.
|
|
28
|
+
* - cc_exec allowlist defaults to read-only inspection commands;
|
|
29
|
+
* `--allow-build-tools` opens up build CLIs (git/npm/python/etc).
|
|
30
|
+
* Per-arg blocklist refuses `-c`, `--exec`, shell metacharacters
|
|
31
|
+
* and newlines regardless of allowlist.
|
|
32
|
+
* - 30s exec timeout (overridable per call up to 300s), 900 KB
|
|
33
|
+
* stdout/stderr cap, 5 req/sec rate limit on /exec.
|
|
34
|
+
*/
|
|
35
|
+
import { Command } from 'commander';
|
|
36
|
+
export declare function registerDesignCommand(program: Command): void;
|
|
37
|
+
//# sourceMappingURL=design.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"design.d.ts","sourceRoot":"","sources":["../../src/commands/design.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AAujCnC,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAmC5D"}
|