@miller-tech/uap 1.20.20 → 1.20.22
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -3044,6 +3044,21 @@ _SYSTEM_PROMPT_LEAK_MARKERS = (
|
|
|
3044
3044
|
"valid tool call with strict json",
|
|
3045
3045
|
"return exactly one valid tool call",
|
|
3046
3046
|
"invalid tool call format",
|
|
3047
|
+
# Option 1: Spec mode system-reminder phrases
|
|
3048
|
+
"spec mode is active",
|
|
3049
|
+
"spec mode active",
|
|
3050
|
+
"executed askuser tool to gather requirements",
|
|
3051
|
+
"gather requirements and clarify decisions",
|
|
3052
|
+
"before finalizing your spec",
|
|
3053
|
+
"you must not make any edits",
|
|
3054
|
+
# Option 2: Broader Claude Code system-reminder phrases
|
|
3055
|
+
"the user indicated that they do not want you to execute",
|
|
3056
|
+
"run any non-readonly tools",
|
|
3057
|
+
"making communications or interacting with external services",
|
|
3058
|
+
"this is encouraged in spec mode",
|
|
3059
|
+
"user has executed askuser tool",
|
|
3060
|
+
"<system-reminder>",
|
|
3061
|
+
"</system-reminder>",
|
|
3047
3062
|
)
|
|
3048
3063
|
|
|
3049
3064
|
|
|
@@ -3988,3 +3988,59 @@ class TestRetryGarbledImprovements(unittest.TestCase):
|
|
|
3988
3988
|
# Clean pattern
|
|
3989
3989
|
clean = '{"pattern": "hello", "path": "/src"}'
|
|
3990
3990
|
self.assertFalse(proxy._is_garbled_tool_arguments(clean))
|
|
3991
|
+
|
|
3992
|
+
|
|
3993
|
+
class TestSpecModeLeakMarkers(unittest.TestCase):
|
|
3994
|
+
"""Tests for spec mode and system-reminder leak detection markers."""
|
|
3995
|
+
|
|
3996
|
+
def test_spec_mode_active_detected(self):
|
|
3997
|
+
"""Spec mode system prompt text is detected as a leak."""
|
|
3998
|
+
value = {"patterns": ["**Spec mode is active. The user indicated that they do not want you to execute"]}
|
|
3999
|
+
self.assertTrue(proxy._contains_system_prompt_leak(value))
|
|
4000
|
+
|
|
4001
|
+
def test_system_reminder_tags_detected(self):
|
|
4002
|
+
"""Raw <system-reminder> tags in args are detected as a leak."""
|
|
4003
|
+
value = {"content": "<system-reminder>\nSpec mode active\n</system-reminder>"}
|
|
4004
|
+
self.assertTrue(proxy._contains_system_prompt_leak(value))
|
|
4005
|
+
|
|
4006
|
+
def test_gather_requirements_detected(self):
|
|
4007
|
+
"""'gather requirements and clarify decisions' phrase is detected."""
|
|
4008
|
+
value = {"text": "executed AskUser tool to gather requirements and clarify decisions before finalizing your spec"}
|
|
4009
|
+
self.assertTrue(proxy._contains_system_prompt_leak(value))
|
|
4010
|
+
|
|
4011
|
+
def test_clean_args_not_flagged(self):
|
|
4012
|
+
"""Normal tool arguments are not flagged as leaks."""
|
|
4013
|
+
value = {"pattern": "*.ts", "path": "/home/user/project/src"}
|
|
4014
|
+
self.assertFalse(proxy._contains_system_prompt_leak(value))
|
|
4015
|
+
|
|
4016
|
+
def test_repair_truncates_string_arg_at_spec_mode_leak(self):
|
|
4017
|
+
"""_repair_system_prompt_leak truncates string args at spec mode leak point."""
|
|
4018
|
+
openai_resp = {
|
|
4019
|
+
"choices": [{
|
|
4020
|
+
"index": 0,
|
|
4021
|
+
"message": {
|
|
4022
|
+
"role": "assistant",
|
|
4023
|
+
"tool_calls": [{
|
|
4024
|
+
"id": "call_test",
|
|
4025
|
+
"type": "function",
|
|
4026
|
+
"function": {
|
|
4027
|
+
"name": "Grep",
|
|
4028
|
+
"arguments": '{"pattern":"TODO Spec mode is active. The user indicated"}'
|
|
4029
|
+
}
|
|
4030
|
+
}]
|
|
4031
|
+
},
|
|
4032
|
+
"finish_reason": "tool_calls",
|
|
4033
|
+
}],
|
|
4034
|
+
}
|
|
4035
|
+
repaired, count = proxy._repair_system_prompt_leak(openai_resp)
|
|
4036
|
+
self.assertGreater(count, 0)
|
|
4037
|
+
args_str = repaired["choices"][0]["message"]["tool_calls"][0]["function"]["arguments"]
|
|
4038
|
+
self.assertNotIn("spec mode is active", args_str.lower())
|
|
4039
|
+
# The valid prefix should be preserved
|
|
4040
|
+
parsed = json.loads(args_str)
|
|
4041
|
+
self.assertTrue(parsed["pattern"].startswith("TODO"))
|
|
4042
|
+
|
|
4043
|
+
def test_detection_works_on_list_values(self):
|
|
4044
|
+
"""_contains_system_prompt_leak detects leaks inside list values."""
|
|
4045
|
+
value = {"patterns": ["**Spec mode is active. The user indicated"]}
|
|
4046
|
+
self.assertTrue(proxy._contains_system_prompt_leak(value))
|