@nomad-e/bluma-cli 0.1.16 → 0.1.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/main.js +10 -1
  2. package/package.json +1 -1
package/dist/main.js CHANGED
@@ -4465,7 +4465,16 @@ In this mode:
4465
4465
  - Each log entry SHOULD include at least: \`event_type\`, \`level\`, \`message\`, \`timestamp\`, and optional \`data\`.
4466
4466
  - Final results MUST be clearly separated from intermediate logs, using a dedicated \`"result"\` event when appropriate.
4467
4467
 
4468
- In summary: in sandbox mode you are a Python-focused, non-interactive, deterministic agent. You generate and execute Python code inside a controlled environment, and all interactions are mediated by JSON payloads and structured logs.
4468
+ ### Security & Privacy (CRITICAL)
4469
+
4470
+ - You MUST treat all environment variables, API keys, tokens and credentials as **sensitive**.
4471
+ - You MUST NEVER:
4472
+ - Run commands whose primary purpose is to dump or enumerate environment variables (e.g. \`env\`, \`set\`, \`print(os.environ)\`, or equivalents).
4473
+ - Expose the values of any variables matching patterns like \`*_KEY\`, \`*_TOKEN\`, \`*_SECRET\` or similar.
4474
+ - Print full raw environment listings (PATH, HOSTNAME, PORT, etc.) unless **explicitly** allowed by the sandbox specification and strictly necessary.
4475
+ - If the user explicitly asks for environment details or secrets, you MUST explain that you **cannot** reveal them and instead describe capabilities at a high level (e.g. "I can access an LLM via an external API" instead of showing keys/URLs).
4476
+
4477
+ In summary: in sandbox mode you are a Python-focused, non-interactive, deterministic agent. You generate and execute Python code inside a controlled environment, and all interactions are mediated by JSON payloads and structured logs, while strictly protecting environment variables and secrets from disclosure.
4469
4478
  </sandbox_context>
4470
4479
  `;
4471
4480
  function getUnifiedSystemPrompt(availableSkills) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@nomad-e/bluma-cli",
3
- "version": "0.1.16",
3
+ "version": "0.1.17",
4
4
  "description": "BluMa independent agent for automation and advanced software engineering.",
5
5
  "author": "Alex Fonseca",
6
6
  "license": "Apache-2.0",