@lousy-agents/agent-shell 5.8.5 → 5.8.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -3
- package/dist/index.js +32 -20
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -170,7 +170,7 @@ Patterns support `*` wildcards for prefix, suffix, and infix matching (e.g., `np
|
|
|
170
170
|
|
|
171
171
|
### Copilot Hook Configuration
|
|
172
172
|
|
|
173
|
-
Add the following to `.github/
|
|
173
|
+
Add the following to `.github/hooks/agent-shell/hooks.json` to use policy-check as a pre-tool-use hook:
|
|
174
174
|
|
|
175
175
|
```json
|
|
176
176
|
{
|
|
@@ -228,7 +228,7 @@ agent-shell policy --init
|
|
|
228
228
|
| File | Description |
|
|
229
229
|
| ------ | ------------- |
|
|
230
230
|
| `.github/hooks/agent-shell/policy.json` | Allow/deny policy derived from discovered commands |
|
|
231
|
-
| `.github/
|
|
231
|
+
| `.github/hooks/agent-shell/hooks.json` | Copilot `preToolUse` hook entry wiring `agent-shell policy-check` |
|
|
232
232
|
|
|
233
233
|
If either file already exists, the command skips writing it and notifies you. Both files are safe to commit for team-wide enforcement.
|
|
234
234
|
|
|
@@ -307,7 +307,7 @@ Once authenticated, `policy --init` will automatically detect the SDK and run AI
|
|
|
307
307
|
Scanning project...
|
|
308
308
|
Discovered: 8 npm script(s), 12 workflow command(s), 3 mise task(s), 1 language(s)
|
|
309
309
|
Created .github/hooks/agent-shell/policy.json
|
|
310
|
-
Created .github/
|
|
310
|
+
Created .github/hooks/agent-shell/hooks.json
|
|
311
311
|
|
|
312
312
|
--- Proposed Policy ---
|
|
313
313
|
{
|
package/dist/index.js
CHANGED
|
@@ -567,6 +567,13 @@ function isWithinProjectRoot(resolvedPath, projectRoot) {
|
|
|
567
567
|
// Outside the root if: empty, exact "..", starts with "../" (or "..\"), or is absolute (different drive on Windows)
|
|
568
568
|
return rel !== "" && rel !== ".." && !rel.startsWith(`..${external_node_path_namespaceObject.sep}`) && !(0,external_node_path_namespaceObject.isAbsolute)(rel);
|
|
569
569
|
}
|
|
570
|
+
function isPathNotFoundError(err) {
|
|
571
|
+
if (typeof err === "object" && err !== null && "code" in err) {
|
|
572
|
+
const { code } = err;
|
|
573
|
+
return code === "ENOENT" || code === "ENOTDIR";
|
|
574
|
+
}
|
|
575
|
+
return false;
|
|
576
|
+
}
|
|
570
577
|
|
|
571
578
|
;// CONCATENATED MODULE: ../../node_modules/zod/v4/core/core.js
|
|
572
579
|
/** A special constant with type `never` */
|
|
@@ -14408,8 +14415,27 @@ async function resolveReadEventsDir(env, deps) {
|
|
|
14408
14415
|
const defaultDir = (0,external_node_path_namespaceObject.join)(projectRoot, ".agent-shell", "events");
|
|
14409
14416
|
const logDir = env.AGENTSHELL_LOG_DIR;
|
|
14410
14417
|
if (logDir !== undefined && logDir !== "") {
|
|
14411
|
-
const
|
|
14412
|
-
|
|
14418
|
+
const projectRootReal = await deps.realpath(projectRoot);
|
|
14419
|
+
const candidate = (0,external_node_path_namespaceObject.resolve)(projectRoot, logDir);
|
|
14420
|
+
if (!isWithinProjectRoot(candidate, projectRoot) && !isWithinProjectRoot(candidate, projectRootReal)) {
|
|
14421
|
+
return {
|
|
14422
|
+
dir: "",
|
|
14423
|
+
error: "AGENTSHELL_LOG_DIR resolves outside project root"
|
|
14424
|
+
};
|
|
14425
|
+
}
|
|
14426
|
+
let resolved;
|
|
14427
|
+
try {
|
|
14428
|
+
resolved = await deps.realpath(candidate);
|
|
14429
|
+
} catch (err) {
|
|
14430
|
+
if (isPathNotFoundError(err)) {
|
|
14431
|
+
return {
|
|
14432
|
+
dir: "",
|
|
14433
|
+
error: "AGENTSHELL_LOG_DIR does not exist or is not a directory"
|
|
14434
|
+
};
|
|
14435
|
+
}
|
|
14436
|
+
throw err;
|
|
14437
|
+
}
|
|
14438
|
+
if (!isWithinProjectRoot(resolved, projectRootReal)) {
|
|
14413
14439
|
return {
|
|
14414
14440
|
dir: "",
|
|
14415
14441
|
error: "AGENTSHELL_LOG_DIR resolves outside project root"
|
|
@@ -14874,13 +14900,6 @@ function evaluatePolicy(policy, command) {
|
|
|
14874
14900
|
return `\\x${ch.charCodeAt(0).toString(16).padStart(2, "0")}`;
|
|
14875
14901
|
});
|
|
14876
14902
|
}
|
|
14877
|
-
function isPolicyFileNotFound(error) {
|
|
14878
|
-
if (typeof error === "object" && error !== null && "code" in error) {
|
|
14879
|
-
const { code } = error;
|
|
14880
|
-
return code === "ENOENT" || code === "ENOTDIR";
|
|
14881
|
-
}
|
|
14882
|
-
return false;
|
|
14883
|
-
}
|
|
14884
14903
|
function resolvePolicyPath(env, repoRoot) {
|
|
14885
14904
|
const override = env.AGENTSHELL_POLICY_PATH;
|
|
14886
14905
|
if (override !== undefined && override !== "") {
|
|
@@ -14910,7 +14929,7 @@ async function loadPolicy(env, deps) {
|
|
|
14910
14929
|
try {
|
|
14911
14930
|
resolvedPath = await deps.realpath(candidatePath);
|
|
14912
14931
|
} catch (error) {
|
|
14913
|
-
if (
|
|
14932
|
+
if (isPathNotFoundError(error)) {
|
|
14914
14933
|
if (isOverride) {
|
|
14915
14934
|
throw new Error(`Policy override path does not exist: ${sanitizePath(candidatePath)}`);
|
|
14916
14935
|
}
|
|
@@ -14925,7 +14944,7 @@ async function loadPolicy(env, deps) {
|
|
|
14925
14944
|
try {
|
|
14926
14945
|
content = await deps.readFile(resolvedPath, "utf-8");
|
|
14927
14946
|
} catch (error) {
|
|
14928
|
-
if (
|
|
14947
|
+
if (isPathNotFoundError(error)) {
|
|
14929
14948
|
if (isOverride) {
|
|
14930
14949
|
throw new Error(`Policy override path does not exist: ${sanitizePath(resolvedPath)}`);
|
|
14931
14950
|
}
|
|
@@ -15091,13 +15110,6 @@ function captureTags(env) {
|
|
|
15091
15110
|
|
|
15092
15111
|
const SESSION_ID_PATTERN = /^[a-zA-Z0-9_-]+$/;
|
|
15093
15112
|
const DEFAULT_EVENTS_SUBDIR = ".agent-shell/events";
|
|
15094
|
-
function isPathNotFoundError(err) {
|
|
15095
|
-
if (typeof err === "object" && err !== null && "code" in err) {
|
|
15096
|
-
const code = err.code;
|
|
15097
|
-
return code === "ENOENT" || code === "ENOTDIR";
|
|
15098
|
-
}
|
|
15099
|
-
return false;
|
|
15100
|
-
}
|
|
15101
15113
|
async function realpathExistingAncestor(targetPath, deps) {
|
|
15102
15114
|
let current = targetPath;
|
|
15103
15115
|
while(true){
|
|
@@ -16141,7 +16153,7 @@ const DEFAULT_DENY_RULES = [
|
|
|
16141
16153
|
"sudo *"
|
|
16142
16154
|
];
|
|
16143
16155
|
const POLICY_SUBPATH = ".github/hooks/agent-shell/policy.json";
|
|
16144
|
-
const HOOKS_SUBPATH = ".github/
|
|
16156
|
+
const HOOKS_SUBPATH = ".github/hooks/agent-shell/hooks.json";
|
|
16145
16157
|
/**
|
|
16146
16158
|
* Extracts the script or task name from a command string, skipping any
|
|
16147
16159
|
* flags (tokens starting with `-`) that appear between the prefix and
|
|
@@ -16318,7 +16330,7 @@ const HOOKS_SUBPATH = ".github/copilot/hooks.json";
|
|
|
16318
16330
|
const policyContent = `${JSON.stringify(policy, null, 2)}\n`;
|
|
16319
16331
|
const hooksContent = `${JSON.stringify(hooksConfig, null, 2)}\n`;
|
|
16320
16332
|
await writeFileIfNotExists(policyPath, (0,external_node_path_namespaceObject.join)(repoRoot, ".github", "hooks", "agent-shell"), policyContent, POLICY_SUBPATH, deps.writeStdout);
|
|
16321
|
-
await writeFileIfNotExists(hooksPath, (0,external_node_path_namespaceObject.join)(repoRoot, ".github", "
|
|
16333
|
+
await writeFileIfNotExists(hooksPath, (0,external_node_path_namespaceObject.join)(repoRoot, ".github", "hooks", "agent-shell"), hooksContent, HOOKS_SUBPATH, deps.writeStdout);
|
|
16322
16334
|
deps.writeStdout("\n--- Proposed Policy ---\n");
|
|
16323
16335
|
deps.writeStdout(`${sanitizeOutput(JSON.stringify(policy, null, 2))}\n`);
|
|
16324
16336
|
deps.writeStdout("\n--- Hook Configuration ---\n");
|