@iinm/plain-agent 1.11.1 → 1.11.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +2 -2
  2. package/package.json +1 -1
  3. package/src/toolInputValidator.mjs +4 -5
package/README.md CHANGED
@@ -3,7 +3,7 @@
3
3
  [![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/iinm/plain-agent)
4
4
  [![npm version](https://img.shields.io/npm/v/@iinm/plain-agent)](https://www.npmjs.com/package/@iinm/plain-agent)
5
5
  [![install size](https://packagephobia.com/badge?p=@iinm/plain-agent)](https://packagephobia.com/result?p=@iinm/plain-agent)
6
- [![Socket Badge](https://badge.socket.dev/npm/package/@iinm/plain-agent/1.11.1)](https://socket.dev/npm/package/@iinm/plain-agent)
6
+ [![Socket Badge](https://badge.socket.dev/npm/package/@iinm/plain-agent/1.11.2)](https://socket.dev/npm/package/@iinm/plain-agent)
7
7
  [![CodeQL](https://github.com/iinm/plain-agent/actions/workflows/github-code-scanning/codeql/badge.svg)](https://github.com/iinm/plain-agent/actions/workflows/github-code-scanning/codeql)
8
8
 
9
9
  A lightweight terminal-based coding agent focused on safety and low token cost
@@ -175,7 +175,7 @@ Compound arguments are decomposed before validation — embedded paths are extra
175
175
  | `--opt=<val>` | `--prefix=/tmp/foo` | `/tmp/foo` |
176
176
  | `-X<val>` | `-I/usr/include` | `/usr/include` |
177
177
  | `VAR=<val>` | `OUTPUT=/etc/passwd` | `/etc/passwd` |
178
- | `proto://…` | `file:///etc/passwd` | `/etc/passwd` |
178
+ | `proto://…` | `file:///etc/passwd` | `/etc/passwd` (only `file:` is treated as a local path; `http(s)://` URLs are always allowed) |
179
179
 
180
180
  `--opt=<val>`, `-X<val>`, and `VAR=<val>` are checked recursively, so chained patterns like `-DINSTALL_DIR=/etc` decompose fully (`-D` → `INSTALL_DIR=/etc` → `/etc`).
181
181
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@iinm/plain-agent",
3
- "version": "1.11.1",
3
+ "version": "1.11.2",
4
4
  "description": "A lightweight terminal-based coding agent focused on safety and low token cost",
5
5
  "license": "MIT",
6
6
  "type": "module",
package/src/toolInputValidator.mjs CHANGED
@@ -108,19 +108,18 @@ export function isSafeToolInputItem(
108
108
  );
109
109
  }
110
110
 
111
- // proto://path pattern (e.g., file:///etc/passwd)
112
- const protoMatch = arg.match(/^[a-zA-Z][a-zA-Z0-9+.-]*:\/\/(.+)$/);
113
- if (protoMatch) {
111
+ // file:// pattern references the local filesystem
112
+ const fileMatch = arg.match(/^file:\/\/(.+)$/i);
113
+ if (fileMatch) {
114
114
  return (
115
115
  isSafeToolInputItemRaw(arg, allowedPaths, allowGitUnmanagedFiles) &&
116
116
  isSafeToolInputItemRaw(
117
- `/${protoMatch[1]}`,
117
+ `/${fileMatch[1]}`,
118
118
  allowedPaths,
119
119
  allowGitUnmanagedFiles,
120
120
  )
121
121
  );
122
122
  }
123
-
124
123
  return isSafeToolInputItemRaw(arg, allowedPaths, allowGitUnmanagedFiles);
125
124
  }
126
125