npm - @iinm/plain-agent - Versions diffs - 1.11.0 → 1.11.2 - Mend

@iinm/plain-agent 1.11.0 → 1.11.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md +13 -11
package/package.json +6 -4
package/src/toolInputValidator.mjs +4 -5

package/README.md CHANGED Viewed

@@ -1,19 +1,21 @@
 # Plain Agent
 [![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/iinm/plain-agent)
+[![npm version](https://img.shields.io/npm/v/@iinm/plain-agent)](https://www.npmjs.com/package/@iinm/plain-agent)
+[![install size](https://packagephobia.com/badge?p=@iinm/plain-agent)](https://packagephobia.com/result?p=@iinm/plain-agent)
+[![Socket Badge](https://badge.socket.dev/npm/package/@iinm/plain-agent/1.11.2)](https://socket.dev/npm/package/@iinm/plain-agent)
 [![CodeQL](https://github.com/iinm/plain-agent/actions/workflows/github-code-scanning/codeql/badge.svg)](https://github.com/iinm/plain-agent/actions/workflows/github-code-scanning/codeql)
-[![Socket Badge](https://badge.socket.dev/npm/package/@iinm/plain-agent/1.11.0)](https://socket.dev/npm/package/@iinm/plain-agent)
 A lightweight terminal-based coding agent focused on safety and low token cost
 ## Table of Contents
 - [Design](#design)
-  - [Multi-provider support](#multi-provider-support)
-  - [Auto-approval](#auto-approval)
+  - [Multi-Provider Support](#multi-provider-support)
+  - [Auto-Approval](#auto-approval)
   - [Path Validation](#path-validation)
   - [Sandbox](#sandbox)
-  - [Memory file](#memory-file)
+  - [Memory File](#memory-file)
   - [Token Efficiency](#token-efficiency)
   - [Claude Code Compatibility](#claude-code-compatibility)
 - [Requirements](#requirements)
@@ -29,7 +31,7 @@ A lightweight terminal-based coding agent focused on safety and low token cost
 ## Design
-### Multi-provider support
+### Multi-Provider Support
 Supports Claude, OpenAI, Gemini, and any OpenAI-compatible provider. Bedrock, Vertex AI, and Azure are also supported for teams working in environments restricted to managed cloud providers.
@@ -84,10 +86,12 @@ Models are identified by `name+variant` (e.g., `claude-sonnet-4-6+thinking-high`
 You can also add entries to `platforms` and `models` to use any OpenAI-compatible endpoint, such as Ollama or Fireworks. See the Quick Start section for examples.
-### Auto-approval
+### Auto-Approval
 Configure what the agent can do automatically using a small DSL with regex matching. Below is an excerpt from the [default config](https://github.com/iinm/plain-agent/blob/main/config/config.predefined.json).
+**Note**: Commands are executed without a shell — shell operators like `&&`, `|`, `;`, and redirects are not interpreted unless the agent explicitly uses `bash -c`. This makes each argument a discrete token that can be validated individually.
 ```js
 {
   "autoApproval": {
@@ -163,8 +167,6 @@ String values in tool inputs are treated as file paths and validated against the
 - Symlinks are resolved to their real path before validation — a symlink inside the working directory that points outside is rejected. Broken and circular symlinks are also rejected.
 - The file must be tracked by Git (not ignored)
-Commands are executed without a shell — shell operators like `&&`, `|`, `;`, and redirects are not interpreted unless the agent explicitly uses `bash -c`. This makes each argument a discrete token that can be validated individually.
 Compound arguments are decomposed before validation — embedded paths are extracted and checked individually:
 | Pattern | Example | Extracted |
@@ -173,11 +175,11 @@ Compound arguments are decomposed before validation — embedded paths are extra
 | `--opt=<val>` | `--prefix=/tmp/foo` | `/tmp/foo` |
 | `-X<val>` | `-I/usr/include` | `/usr/include` |
 | `VAR=<val>` | `OUTPUT=/etc/passwd` | `/etc/passwd` |
-| `proto://…` | `file:///etc/passwd` | `/etc/passwd` |
+| `proto://…` | `file:///etc/passwd` | `/etc/passwd` (only `file:` is treated as a local path; `http(s)://` URLs are always allowed) |
 `--opt=<val>`, `-X<val>`, and `VAR=<val>` are checked recursively, so chained patterns like `-DINSTALL_DIR=/etc` decompose fully (`-D` → `INSTALL_DIR=/etc` → `/etc`).
-**Note**: validation only applies when the agent explicitly passes file paths to tools. It cannot catch file access inside scripts the agent writes — something like `bash -c "rm -rf /"` is beyond its reach. Always use a sandbox when auto-approving script execution.
+**Note**: Validation only applies when the agent explicitly passes file paths to tools. It cannot catch file access inside scripts the agent writes — something like `bash -c "rm -rf /"` is beyond its reach. Always use a sandbox when auto-approving script execution.
 ### Sandbox
@@ -217,7 +219,7 @@ A Docker-based wrapper called `plain-sandbox` is included, but the interface is
 }
 ```
-### Memory file
+### Memory File
 The agent maintains a memory file (`.plain-agent/memory/`) for each session to:

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@iinm/plain-agent",
-  "version": "1.11.0",
+  "version": "1.11.2",
   "description": "A lightweight terminal-based coding agent focused on safety and low token cost",
   "license": "MIT",
   "type": "module",
@@ -32,9 +32,10 @@
     "node": ">=22"
   },
   "scripts": {
-    "check": "npm run lint && tsc && npm run test && npm run test:predefined-approval",
-    "test": "node --test",
-    "coverage": "node --experimental-test-coverage --test-coverage-exclude='src/**/*.test.mjs' --test",
+    "check": "npm run lint && tsc && npm run test && npm run test:e2e && npm run test:predefined-approval",
+    "test": "node --test 'src/**/*.test.mjs'",
+    "test:e2e": "node --test --test-timeout=30000 'e2e/**/*.test.mjs'",
+    "coverage": "c8 --exclude='src/**/*.test.mjs' --exclude='e2e/**' node --test --test-force-exit 'src/**/*.test.mjs' 'e2e/**/*.test.mjs'",
     "test:predefined-approval": "bash -c 'set -e; mkdir -p tmp; cd tmp; env HOME=. ../bin/plain test-approval'",
     "lint": "npx @biomejs/biome check",
     "fix": "npx @biomejs/biome check --fix",
@@ -44,6 +45,7 @@
   "devDependencies": {
     "@biomejs/biome": "^2.4.12",
     "@types/node": "^22.19.17",
+    "c8": "^11.0.0",
     "typescript": "^6.0.2"
   }
 }

package/src/toolInputValidator.mjs CHANGED Viewed

@@ -108,19 +108,18 @@ export function isSafeToolInputItem(
     );
   }
-  // proto://path pattern (e.g., file:///etc/passwd)
-  const protoMatch = arg.match(/^[a-zA-Z][a-zA-Z0-9+.-]*:\/\/(.+)$/);
-  if (protoMatch) {
+  // file:// pattern — references the local filesystem
+  const fileMatch = arg.match(/^file:\/\/(.+)$/i);
+  if (fileMatch) {
     return (
       isSafeToolInputItemRaw(arg, allowedPaths, allowGitUnmanagedFiles) &&
       isSafeToolInputItemRaw(
-        `/${protoMatch[1]}`,
+        `/${fileMatch[1]}`,
         allowedPaths,
         allowGitUnmanagedFiles,
       )
     );
   }
   return isSafeToolInputItemRaw(arg, allowedPaths, allowGitUnmanagedFiles);
 }