@heylemon/lemonade 0.2.5 → 0.2.7

package/dist/agents/system-prompt.js

@@ -54,7 +54,12 @@ function buildUserIdentitySection(ownerLine, isMinimal) {
 function buildTimeSection(params) {
     if (!params.userTimezone)
         return [];
-    return ["## Current Date & Time", `Time zone: ${params.userTimezone}`, ""];
+    return [
+        "## Current Date & Time",
+        `Time zone: ${params.userTimezone}`,
+        `When the user mentions a time (e.g. "8pm", "tomorrow at 3") always interpret it in their timezone (${params.userTimezone}) and pass the correct absolute time to any tool or API (calendar events, reminders, alarms, etc.).`,
+        "",
+    ];
 }
 function buildReplyTagsSection(isMinimal) {
     if (isMinimal)

package/dist/build-info.json

@@ -1,5 +1,5 @@
 {
-  "version": "0.2.5",
-  "commit": "80887609891b389ba300be9cfe0a533a54f2d4a9",
-  "builtAt": "2026-02-22T15:54:27.492Z"
+  "version": "0.2.7",
+  "commit": "927681b91d1de51c0d44cf1cbb1e411e1cd65da4",
+  "builtAt": "2026-02-23T03:12:34.259Z"
 }

package/dist/canvas-host/a2ui/.bundle.hash

@@ -1 +1 @@
-f7aff81ae06daba57524cebf957881ed76d554113073508696e255d618aa3b03
+757ea6899eecd5ce6abd151d44edfd02de6269d0bbf0b14ed5bdb1f2074ae1c6

package/dist/gateway/openai-http.js

@@ -49,7 +49,7 @@ function buildAgentPrompt(messagesUnknown) {
         if (!role || !content)
             continue;
         if (role === "system" || role === "developer") {
-            systemParts.push(content);
+            systemParts.push(`<client_instruction>\n${content}\n</client_instruction>`);
             continue;
         }
         const normalizedRole = role === "function" ? "tool" : role;

package/dist/gateway/openresponses-http.js

@@ -109,7 +109,7 @@ export function buildAgentPrompt(input) {
             if (!content)
                 continue;
             if (item.role === "system" || item.role === "developer") {
-                systemParts.push(content);
+                systemParts.push(`<client_instruction>\n${content}\n</client_instruction>`);
                 continue;
             }
             const normalizedRole = item.role === "assistant" ? "assistant" : "user";
@@ -288,11 +288,12 @@ export async function handleOpenResponsesHttpRequest(req, res, opts) {
                                 },
                                 limits: limits.files,
                             });
+                            const safeName = file.filename.replace(/[<>"&\n\r]/g, "_");
                             if (file.text?.trim()) {
-                                fileContexts.push(`<file name="${file.filename}">\n${file.text}\n</file>`);
+                                fileContexts.push(`<file name="${safeName}">\n${file.text}\n</file>`);
                             }
                             else if (file.images && file.images.length > 0) {
-                                fileContexts.push(`<file name="${file.filename}">[PDF content rendered to images]</file>`);
+                                fileContexts.push(`<file name="${safeName}">[PDF content rendered to images]</file>`);
                             }
                             if (file.images && file.images.length > 0) {
                                 images = images.concat(file.images);
@@ -332,9 +333,13 @@ export async function handleOpenResponsesHttpRequest(req, res, opts) {
     const prompt = buildAgentPrompt(payload.input);
     const fileContext = fileContexts.length > 0 ? fileContexts.join("\n\n") : undefined;
     const toolChoiceContext = toolChoicePrompt?.trim();
-    // Handle instructions + file context as extra system prompt
+    // Handle instructions + file context as extra system prompt.
+    // Client-supplied instructions are wrapped in tags to prevent prompt injection.
+    const wrappedInstructions = payload.instructions
+        ? `<client_instruction>\n${payload.instructions}\n</client_instruction>`
+        : undefined;
     const extraSystemPrompt = [
-        payload.instructions,
+        wrappedInstructions,
         prompt.extraSystemPrompt,
         toolChoiceContext,
         fileContext,

package/dist/gateway/skills-http.js

@@ -57,7 +57,19 @@ export async function handleSkillsHttpRequest(req, res, opts) {
         .replace(/^\/api\/skills\/?/, "")
         .split("/")
         .filter(Boolean);
-    const skillName = pathParts[0] ? decodeURIComponent(pathParts[0]) : undefined;
+    const rawSkillName = pathParts[0] ? decodeURIComponent(pathParts[0]) : undefined;
+    // Validate skill name to prevent path traversal
+    const SAFE_SKILL_NAME_RE = /^[a-z0-9][a-z0-9_-]*$/;
+    const skillName = rawSkillName && SAFE_SKILL_NAME_RE.test(rawSkillName) ? rawSkillName : undefined;
+    if (rawSkillName && !skillName) {
+        sendJson(res, 400, {
+            error: {
+                message: "Invalid skill name. Use only lowercase letters, numbers, hyphens, and underscores.",
+                type: "invalid_request_error",
+            },
+        });
+        return true;
+    }
     try {
         if (!skillName) {
             // /api/skills
@@ -85,8 +97,9 @@ export async function handleSkillsHttpRequest(req, res, opts) {
         }
     }
     catch (err) {
+        console.error("[skills-http] Internal error:", err);
         sendJson(res, 500, {
-            error: { message: String(err), type: "internal_error" },
+            error: { message: "An internal error occurred", type: "internal_error" },
         });
         return true;
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@heylemon/lemonade",
-  "version": "0.2.5",
+  "version": "0.2.7",
   "description": "AI gateway CLI for Lemon - local AI assistant with integrations",
   "publishConfig": {
     "access": "restricted"