@kenkaiiii/ggcoder 4.3.168 → 4.3.169
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/core/agents.d.ts
CHANGED
|
@@ -3,11 +3,15 @@ export interface AgentDefinition {
|
|
|
3
3
|
description: string;
|
|
4
4
|
tools: string[];
|
|
5
5
|
systemPrompt: string;
|
|
6
|
-
source: "global" | "project";
|
|
6
|
+
source: "global" | "project" | "bundled";
|
|
7
7
|
}
|
|
8
8
|
/**
|
|
9
9
|
* Discover agent definitions from global and project-local directories.
|
|
10
10
|
* Agent files are markdown with frontmatter (similar to skills).
|
|
11
|
+
*
|
|
12
|
+
* Order: user agents (project, global) first → bundled defaults last.
|
|
13
|
+
* The subagent lookup uses Array.prototype.find which matches the first hit,
|
|
14
|
+
* so user agents override bundled when names collide.
|
|
11
15
|
*/
|
|
12
16
|
export declare function discoverAgents(options: {
|
|
13
17
|
globalAgentsDir: string;
|
|
@@ -27,4 +31,5 @@ export declare function discoverAgents(options: {
|
|
|
27
31
|
* ```
|
|
28
32
|
*/
|
|
29
33
|
export declare function parseAgentFile(raw: string, source: "global" | "project"): AgentDefinition;
|
|
34
|
+
export declare const BUNDLED_AGENTS: AgentDefinition[];
|
|
30
35
|
//# sourceMappingURL=agents.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"agents.d.ts","sourceRoot":"","sources":["../../src/core/agents.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,QAAQ,GAAG,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"agents.d.ts","sourceRoot":"","sources":["../../src/core/agents.ts"],"names":[],"mappings":"AAGA,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,MAAM,EAAE,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;CAC1C;AAED;;;;;;;GAOG;AACH,wBAAsB,cAAc,CAAC,OAAO,EAAE;IAC5C,eAAe,EAAE,MAAM,CAAC;IACxB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,OAAO,CAAC,eAAe,EAAE,CAAC,CAwB7B;AAgCD;;;;;;;;;;;;GAYG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,GAAG,SAAS,GAAG,eAAe,CA+BzF;AAsFD,eAAO,MAAM,cAAc,EAAE,eAAe,EAiB3C,CAAC"}
|
package/dist/core/agents.js
CHANGED
|
@@ -3,18 +3,30 @@ import path from "node:path";
|
|
|
3
3
|
/**
|
|
4
4
|
* Discover agent definitions from global and project-local directories.
|
|
5
5
|
* Agent files are markdown with frontmatter (similar to skills).
|
|
6
|
+
*
|
|
7
|
+
* Order: user agents (project, global) first → bundled defaults last.
|
|
8
|
+
* The subagent lookup uses Array.prototype.find which matches the first hit,
|
|
9
|
+
* so user agents override bundled when names collide.
|
|
6
10
|
*/
|
|
7
11
|
export async function discoverAgents(options) {
|
|
8
12
|
const agents = [];
|
|
9
|
-
// Global agents: ~/.gg/agents/*.md
|
|
10
|
-
const globalAgents = await loadAgentsFromDir(options.globalAgentsDir, "global");
|
|
11
|
-
agents.push(...globalAgents);
|
|
12
13
|
// Project agents: {cwd}/.gg/agents/*.md
|
|
13
14
|
if (options.projectDir) {
|
|
14
15
|
const projectAgentsDir = path.join(options.projectDir, ".gg", "agents");
|
|
15
16
|
const projectAgents = await loadAgentsFromDir(projectAgentsDir, "project");
|
|
16
17
|
agents.push(...projectAgents);
|
|
17
18
|
}
|
|
19
|
+
// Global agents: ~/.gg/agents/*.md
|
|
20
|
+
const globalAgents = await loadAgentsFromDir(options.globalAgentsDir, "global");
|
|
21
|
+
agents.push(...globalAgents);
|
|
22
|
+
// Bundled defaults — shipped with ggcoder, user-defined agents with the same
|
|
23
|
+
// name take precedence because they come first in the array.
|
|
24
|
+
const userNames = new Set(agents.map((a) => a.name.toLowerCase()));
|
|
25
|
+
for (const bundled of BUNDLED_AGENTS) {
|
|
26
|
+
if (!userNames.has(bundled.name.toLowerCase())) {
|
|
27
|
+
agents.push(bundled);
|
|
28
|
+
}
|
|
29
|
+
}
|
|
18
30
|
return agents;
|
|
19
31
|
}
|
|
20
32
|
async function loadAgentsFromDir(dir, source) {
|
|
@@ -88,4 +100,101 @@ export function parseAgentFile(raw, source) {
|
|
|
88
100
|
}
|
|
89
101
|
return { name, description, tools, systemPrompt, source };
|
|
90
102
|
}
|
|
103
|
+
// ── Bundled agents ─────────────────────────────────────────
|
|
104
|
+
// Shipped with ggcoder. Used by /bullet-proof and available to any
|
|
105
|
+
// subagent call. User-defined agents with the same name override these.
|
|
106
|
+
const REDTEAM_PROMPT = `You are Redteam, a hostile-mindset security analyst tasked with finding ways an attacker can compromise this codebase.
|
|
107
|
+
|
|
108
|
+
You think like an attacker on a real engagement: you look for bypasses, not pattern violations. You trace data flow from attacker-controlled sources to dangerous sinks. You assume the attacker has SDK-level access, a proxy, the public source, and time.
|
|
109
|
+
|
|
110
|
+
## Core discipline
|
|
111
|
+
|
|
112
|
+
1. **Trace, don't pattern-match.** Every finding must have a concrete Source → Sink path traced through the actual code.
|
|
113
|
+
2. **Attacker-controlled vs server-controlled.** Before flagging, decide whether the input is *actually* reachable by an attacker, or a settings constant / build-time string / hardcoded value. If the latter, drop it.
|
|
114
|
+
3. **Exploit scenarios are mandatory.** Write the attacker's steps: payload, response, what they get. If you cannot write the steps, you cannot flag the finding.
|
|
115
|
+
4. **Confidence ≥0.8 only.** Better to miss theoretical issues than flood the report with noise.
|
|
116
|
+
5. **Framework awareness.** ORM parameterization, auto-escape, memory-safe languages, JSX/template escaping all eliminate entire vuln classes. Don't flag what the framework already handles.
|
|
117
|
+
|
|
118
|
+
## Output for each finding
|
|
119
|
+
|
|
120
|
+
- **Location**: file:line
|
|
121
|
+
- **Category**: <slug> (sql_injection, ssrf, prototype_pollution, supply_chain, ...)
|
|
122
|
+
- **CWE**: CWE-XXX
|
|
123
|
+
- **Confidence**: 0.0–1.0
|
|
124
|
+
- **Source → Sink**: the actual data path
|
|
125
|
+
- **Exploit scenario**: numbered attacker steps
|
|
126
|
+
- **Impact**: what they get, blast radius
|
|
127
|
+
- **Fix**: concrete code-level remediation
|
|
128
|
+
|
|
129
|
+
## Hard exclusions — do NOT report:
|
|
130
|
+
|
|
131
|
+
- DOS / rate-limiting / memory exhaustion without an amplification primitive
|
|
132
|
+
- Theoretical race conditions without a demonstrable window
|
|
133
|
+
- Regex-DOS without attacker-supplied regex
|
|
134
|
+
- Log spoofing / log injection (cosmetic)
|
|
135
|
+
- SSRF where the URL is a settings constant or build-time string
|
|
136
|
+
- Env-var trust (env is server-controlled by definition)
|
|
137
|
+
- Client-side authentication theatre on a server-validated endpoint
|
|
138
|
+
- React/Vue/Angular XSS without unsafe sinks (\`dangerouslySetInnerHTML\`, \`v-html\`, \`bypassSecurityTrust*\` are the only real ones)
|
|
139
|
+
- Shell-script command injection without an untrusted input path
|
|
140
|
+
- Findings in documentation, example code, or test fixtures
|
|
141
|
+
- Insecure-by-design dev tooling that doesn't ship to users
|
|
142
|
+
- "Could be improved" preferences with no exploit path
|
|
143
|
+
|
|
144
|
+
Return findings ranked Critical → High → Medium. If nothing meets the bar, return "No high-confidence findings."`;
|
|
145
|
+
const SKEPTIC_PROMPT = `You are Skeptic, a hostile reviewer whose job is to DISPROVE security findings handed to you. You start from "this is a false positive" and only conclude otherwise if the evidence is overwhelming.
|
|
146
|
+
|
|
147
|
+
## Your mission
|
|
148
|
+
|
|
149
|
+
Given a security finding, attempt to break it. Try every angle:
|
|
150
|
+
|
|
151
|
+
1. **Reachability**: Is the claimed source actually attacker-controlled, or a settings constant, build-time value, or env var (server-controlled by definition)?
|
|
152
|
+
2. **Control flow**: Even if the source is real, does control flow actually reach the sink? Is there a guard, validator, or sanitizer in between that the original hunter missed?
|
|
153
|
+
3. **Framework handling**: Would the framework (ORM, template engine, auto-escape, memory-safe language) eliminate this entire vuln class?
|
|
154
|
+
4. **Exploit feasibility**: Can you actually write the payload? What would the response look like? If you can't construct the attack, the finding stands on theory.
|
|
155
|
+
5. **Severity inflation**: Is the impact overstated? "RCE" claims often turn out to be "writes to a sandboxed file path."
|
|
156
|
+
|
|
157
|
+
Read the code yourself. Do not trust the hunter's claim — verify each step.
|
|
158
|
+
|
|
159
|
+
## Verdict format
|
|
160
|
+
|
|
161
|
+
For each finding, return:
|
|
162
|
+
- **Verdict**: CONFIRMED / DROP / DOWNGRADE
|
|
163
|
+
- **Reason**: 1-3 sentence explanation
|
|
164
|
+
- **If CONFIRMED**: re-state the exploit scenario in your own words to prove you verified it end-to-end
|
|
165
|
+
- **If DROP**: cite which exclusion rule applies, or which step in the chain fails
|
|
166
|
+
- **If DOWNGRADE**: new severity + reason
|
|
167
|
+
|
|
168
|
+
## Hard exclusions — automatic DROP regardless of source:
|
|
169
|
+
|
|
170
|
+
- DOS / rate-limiting / memory exhaustion without an amplification primitive
|
|
171
|
+
- Theoretical race conditions without a demonstrable window
|
|
172
|
+
- Regex-DOS without attacker-supplied regex
|
|
173
|
+
- Log spoofing / log injection (cosmetic only)
|
|
174
|
+
- SSRF where the URL is a settings constant or build-time string
|
|
175
|
+
- Env-var trust ("attacker controls \\$HOME" — env is server-controlled)
|
|
176
|
+
- Client-side authn checks on endpoints that re-validate server-side
|
|
177
|
+
- React/Vue/Angular XSS unless \`dangerouslySetInnerHTML\` / \`v-html\` / \`bypassSecurityTrust*\` is the sink
|
|
178
|
+
- Shell-script command injection without an untrusted input path
|
|
179
|
+
- Findings in documentation, example code, or test fixtures
|
|
180
|
+
- Insecure-by-design dev tooling that doesn't ship to users
|
|
181
|
+
- "Could be improved" preferences with no exploit path
|
|
182
|
+
|
|
183
|
+
Be hostile. The cost of a false positive is the user's trust in the entire report.`;
|
|
184
|
+
export const BUNDLED_AGENTS = [
|
|
185
|
+
{
|
|
186
|
+
name: "redteam",
|
|
187
|
+
description: "Adversarial security analyst — finds exploitable vulnerabilities with concrete exploit scenarios",
|
|
188
|
+
tools: ["read", "grep", "find", "ls", "bash", "web_fetch", "web_search"],
|
|
189
|
+
systemPrompt: REDTEAM_PROMPT,
|
|
190
|
+
source: "bundled",
|
|
191
|
+
},
|
|
192
|
+
{
|
|
193
|
+
name: "skeptic",
|
|
194
|
+
description: "Hostile false-positive hunter — disproves security findings and applies exclusion rules ruthlessly",
|
|
195
|
+
tools: ["read", "grep", "find", "ls", "bash", "web_fetch", "web_search"],
|
|
196
|
+
systemPrompt: SKEPTIC_PROMPT,
|
|
197
|
+
source: "bundled",
|
|
198
|
+
},
|
|
199
|
+
];
|
|
91
200
|
//# sourceMappingURL=agents.js.map
|
package/dist/core/agents.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"agents.js","sourceRoot":"","sources":["../../src/core/agents.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAU7B
|
|
1
|
+
{"version":3,"file":"agents.js","sourceRoot":"","sources":["../../src/core/agents.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAU7B;;;;;;;GAOG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,OAGpC;IACC,MAAM,MAAM,GAAsB,EAAE,CAAC;IAErC,wCAAwC;IACxC,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;QACvB,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;QACxE,MAAM,aAAa,GAAG,MAAM,iBAAiB,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;QAC3E,MAAM,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,CAAC;IAChC,CAAC;IAED,mCAAmC;IACnC,MAAM,YAAY,GAAG,MAAM,iBAAiB,CAAC,OAAO,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;IAChF,MAAM,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;IAE7B,6EAA6E;IAC7E,6DAA6D;IAC7D,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;IACnE,KAAK,MAAM,OAAO,IAAI,cAAc,EAAE,CAAC;QACrC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YAC/C,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,iBAAiB,CAC9B,GAAW,EACX,MAA4B;IAE5B,MAAM,MAAM,GAAsB,EAAE,CAAC;IACrC,IAAI,KAAe,CAAC;IACpB,IAAI,CAAC;QACH,KAAK,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAChC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;YAAE,SAAS;QACpC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACrD,MAAM,KAAK,GAAG,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC9C,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;gBAChB,KAAK,CAAC,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;YAC1C,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,cAAc,CAAC,GAAW,EAAE,MAA4B;IACtE,IAAI,IAAI,GAAG,EAAE,CAAC;IACd,IAAI,WAAW,GAAG,EAAE,CAAC;IACrB,IAAI,KAAK,GAAa,EAAE,CAAC;IACzB,IAAI,YAAY,GAAG,GAAG,CAAC;IAEvB,IAAI,GAAG,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;QACvC,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,CAAC;YACpB,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,IAAI,EAAE,CAAC;YAClD,YAAY,GAAG,GAAG,CAAC,KAAK,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAE9C,KAAK,MAAM,IAAI,IAAI,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3C,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACrC,IAAI,UAAU,KAAK,CAAC,CAAC;oBAAE,SAAS;gBAChC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;gBAC3D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBAEhD,IAAI,GAAG,KAAK,MAAM;oBAAE,IAAI,GAAG,KAAK,CAAC;qBAC5B,IAAI,GAAG,KAAK,aAAa;oBAAE,WAAW,GAAG,KAAK,CAAC;qBAC/C,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;oBACzB,KAAK,GAAG,KAAK;yBACV,KAAK,CAAC,GAAG,CAAC;yBACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;yBACpB,MAAM,CAAC,OAAO,CAAC,CAAC;gBACrB,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC;AAC5D,CAAC;AAED,8DAA8D;AAC9D,mEAAmE;AACnE,wEAAwE;AAExE,MAAM,cAAc,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iHAsC0F,CAAC;AAElH,MAAM,cAAc,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mFAsC4D,CAAC;AAEpF,MAAM,CAAC,MAAM,cAAc,GAAsB;IAC/C;QACE,IAAI,EAAE,SAAS;QACf,WAAW,EACT,kGAAkG;QACpG,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,CAAC;QACxE,YAAY,EAAE,cAAc;QAC5B,MAAM,EAAE,SAAS;KAClB;IACD;QACE,IAAI,EAAE,SAAS;QACf,WAAW,EACT,oGAAoG;QACtG,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,YAAY,CAAC;QACxE,YAAY,EAAE,cAAc;QAC5B,MAAM,EAAE,SAAS;KAClB;CACF,CAAC"}
|
|
@@ -161,7 +161,7 @@ Default catalog — pick what applies, drop what doesn't, add stack-specific hun
|
|
|
161
161
|
|
|
162
162
|
## Phase 3: Parallel hunters
|
|
163
163
|
|
|
164
|
-
Spawn one subagent per active hunter **in a single response** (call the subagent tool N times
|
|
164
|
+
Spawn one subagent per active hunter **in a single response** (call the subagent tool N times **with \`agent: "redteam"\`**, where N is whatever Phase 2 picked — do not pad to a fixed number, do not drop hunters Phase 2 selected). The \`redteam\` agent has the adversarial-mindset persona and exclusion list baked in, so your task description only needs the attack-class scope. Each hunter receives:
|
|
165
165
|
- The full recon output (Sources, Sinks, Assets, Adversary)
|
|
166
166
|
- Its specific attack-class scope
|
|
167
167
|
- The 2026 threat reference at the bottom of this prompt
|
|
@@ -175,7 +175,7 @@ Each hunter must:
|
|
|
175
175
|
|
|
176
176
|
## Phase 4: False-positive filter
|
|
177
177
|
|
|
178
|
-
After hunters complete, spawn one verification subagent per surviving finding **in parallel
|
|
178
|
+
After hunters complete, spawn one verification subagent per surviving finding **in parallel with \`agent: "skeptic"\`** (call the subagent tool once per finding in a single response). The \`skeptic\` agent starts from "this is a false positive" and tries to disprove the finding — only confirmed findings survive. Pass each verifier the full hunter finding (location, source/sink, exploit scenario, claimed confidence). Drop anything the skeptic returns as DROP; lower severity for DOWNGRADE.
|
|
179
179
|
|
|
180
180
|
**Hard exclusions — do NOT report these, even if real:**
|
|
181
181
|
- DOS / rate-limiting / memory exhaustion without a clear amplification primitive
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@kenkaiiii/ggcoder",
|
|
3
|
-
"version": "4.3.
|
|
3
|
+
"version": "4.3.169",
|
|
4
4
|
"type": "module",
|
|
5
5
|
"description": "CLI coding agent with OAuth authentication for Anthropic and OpenAI",
|
|
6
6
|
"license": "MIT",
|
|
@@ -78,10 +78,10 @@
|
|
|
78
78
|
"string-width": "^8.2.0",
|
|
79
79
|
"wrap-ansi": "^10.0.0",
|
|
80
80
|
"zod": "^4.4.3",
|
|
81
|
-
"@kenkaiiii/gg-agent": "4.3.168",
|
|
82
|
-
"@kenkaiiii/gg-ai": "4.3.168",
|
|
83
81
|
"@kenkaiiii/gg-pixel": "4.3.95",
|
|
84
|
-
"@kenkaiiii/
|
|
82
|
+
"@kenkaiiii/gg-agent": "4.3.169",
|
|
83
|
+
"@kenkaiiii/ggcoder-eyes": "0.1.2",
|
|
84
|
+
"@kenkaiiii/gg-ai": "4.3.169"
|
|
85
85
|
},
|
|
86
86
|
"optionalDependencies": {
|
|
87
87
|
"@huggingface/transformers": "^3.6.0",
|