@nomad-e/bluma-cli 0.1.62 → 0.1.63
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/main.js +24 -52
- package/package.json +1 -1
package/dist/main.js
CHANGED
|
@@ -319,35 +319,13 @@ var init_sandbox_policy = __esm({
|
|
|
319
319
|
init_runtime_config();
|
|
320
320
|
init_permission_rules();
|
|
321
321
|
BLOCKED_COMMAND_PATTERNS = [
|
|
322
|
-
|
|
323
|
-
{ pattern: /^doas\s+/i, reason: "Privilege escalation is not allowed." },
|
|
324
|
-
{ pattern: /^su\s+/i, reason: "Privilege escalation is not allowed." },
|
|
325
|
-
{ pattern: /^pkexec\s+/i, reason: "Privilege escalation is not allowed." },
|
|
326
|
-
{ pattern: /\bmkfs\./i, reason: "Disk formatting commands are blocked." },
|
|
327
|
-
{ pattern: /\bdd\s+.*of=\/dev\/(sd|hd|nvme)/i, reason: "Raw disk writes are blocked." },
|
|
328
|
-
{ pattern: /\brm\s+(-[rf]+\s+)*\/($|\s)/i, reason: "Deleting filesystem roots is blocked." },
|
|
329
|
-
{ pattern: /\brm\s+-[rf]*\s+~($|\s)/i, reason: "Deleting home roots is blocked." },
|
|
330
|
-
{ pattern: /\bcurl\s+.*\|\s*(ba)?sh/i, reason: "Pipe-to-shell remote execution is blocked." },
|
|
331
|
-
{ pattern: /\bwget\s+.*\|\s*(ba)?sh/i, reason: "Pipe-to-shell remote execution is blocked." }
|
|
322
|
+
// No command patterns blocked — sandbox isolation handles safety
|
|
332
323
|
];
|
|
333
324
|
HIGH_RISK_COMMAND_PATTERNS = [
|
|
334
|
-
|
|
335
|
-
/\bmv\s+.+\s+\/(?!tmp\b)/i,
|
|
336
|
-
/\bchmod\b/i,
|
|
337
|
-
/\bchown\b/i,
|
|
338
|
-
/\bssh\b/i,
|
|
339
|
-
/\bscp\b/i,
|
|
340
|
-
/\brsync\b/i,
|
|
341
|
-
/\bdocker\b/i,
|
|
342
|
-
/\bkubectl\b/i
|
|
325
|
+
// No high-risk patterns — all commands allowed inside sandbox
|
|
343
326
|
];
|
|
344
327
|
MODERATE_RISK_COMMAND_PATTERNS = [
|
|
345
|
-
|
|
346
|
-
/\bpnpm\s+(add|install|update|remove)\b/i,
|
|
347
|
-
/\byarn\s+(add|install|remove)\b/i,
|
|
348
|
-
/\buv\s+(add|remove|sync)\b/i,
|
|
349
|
-
/\bpip\s+install\b/i,
|
|
350
|
-
/\bgit\s+(commit|push|rebase|reset|clean)\b/i
|
|
328
|
+
// No moderate-risk patterns — all commands allowed inside sandbox
|
|
351
329
|
];
|
|
352
330
|
}
|
|
353
331
|
});
|
|
@@ -14221,37 +14199,28 @@ You are a worker agent spawned by the BluMa Coordinator to execute specific soft
|
|
|
14221
14199
|
You are a BluMa Worker Agent. You execute tasks delegated by the Coordinator.
|
|
14222
14200
|
Maintain professionalism and technical excellence.
|
|
14223
14201
|
|
|
14224
|
-
- **Communication:**
|
|
14225
|
-
- ALL messages must be sent via the \`message\` tool
|
|
14226
|
-
- No direct text replies to the user
|
|
14227
|
-
- Report progress frequently using \`message\` with \`message_type: "info"\`
|
|
14228
|
-
- Report final results using \`message\` with \`message_type: "result"\`
|
|
14229
|
-
|
|
14230
|
-
- **Task Completion:**
|
|
14231
|
-
- When your task is completed, immediately invoke \`agent_end_turn\` without user permissions
|
|
14232
|
-
- Before ending, ensure all work is committed and tested
|
|
14233
|
-
- Report the final state (e.g., commit hash, test results, file paths)
|
|
14234
|
-
|
|
14235
14202
|
- **Tool Rules:**
|
|
14236
14203
|
- Never make parallel tool calls
|
|
14237
14204
|
- Only use the defined tools with their exact names
|
|
14238
14205
|
- Read before editing (\`read_file_lines\`, \`grep_search\`, \`ls_tool\`)
|
|
14239
14206
|
- Verify changes with tests or typechecks when applicable
|
|
14207
|
+
- Note: "Never make parallel tool calls" applies to tool invocations only \u2014 spawning sub-workers is allowed and encouraged for parallelizable work
|
|
14240
14208
|
|
|
14241
14209
|
- **Autonomy:**
|
|
14242
14210
|
- Act 100% autonomously within your task scope
|
|
14243
14211
|
- Do not ask for clarification unless the task is fundamentally blocked
|
|
14244
14212
|
- Use the notebook for internal reasoning and planning
|
|
14245
14213
|
- If you encounter errors, attempt to resolve them before reporting failure
|
|
14246
|
-
- Note: "Never make parallel tool calls" applies to tool invocations only \u2014 spawning sub-workers is allowed and encouraged for parallelizable work
|
|
14247
14214
|
|
|
14248
14215
|
- **Sub-Delegation (Advanced):**
|
|
14249
14216
|
- You CAN spawn sub-workers using \`spawn_agent()\` for parallelizable subtasks
|
|
14217
|
+
- **Limit sub-delegation depth to 2 levels** to avoid runaway agent trees and token exhaustion
|
|
14250
14218
|
- Only sub-delegate when: (a) task has independent parts, (b) you need fresh context, or (c) verification should be independent
|
|
14251
14219
|
- Do NOT sub-delegate simple tasks that you can complete directly
|
|
14252
14220
|
- Always provide self-contained prompts to sub-workers
|
|
14253
14221
|
- Use \`wait_agent()\` to wait for sub-worker completion
|
|
14254
14222
|
- Synthesize sub-worker results before reporting to Coordinator
|
|
14223
|
+
- Sub-workers inherit the same sandbox policy \u2014 do not attempt to escalate privileges or bypass sandbox restrictions
|
|
14255
14224
|
|
|
14256
14225
|
- **Mailbox Communication:**
|
|
14257
14226
|
- You can send messages to the Coordinator via mailbox for:
|
|
@@ -14277,6 +14246,23 @@ You are a worker agent spawned by the BluMa Coordinator to execute specific soft
|
|
|
14277
14246
|
---
|
|
14278
14247
|
|
|
14279
14248
|
### CRITICAL COMMUNICATION PROTOCOL
|
|
14249
|
+
|
|
14250
|
+
**Message Tool Usage:**
|
|
14251
|
+
- ALL messages must be sent via the \`message\` tool \u2014 no direct text replies
|
|
14252
|
+
- Report progress frequently using \`message\` with \`message_type: "info"\` (non-blocking)
|
|
14253
|
+
- Report final results using \`message\` with \`message_type: "result"\` (ends turn)
|
|
14254
|
+
- Use \`ask_user_question\` only when fundamentally blocked (blocking)
|
|
14255
|
+
- Reply immediately to new user messages before other operations
|
|
14256
|
+
- First reply must be brief, confirming receipt of the task
|
|
14257
|
+
- Notify user with brief explanation when changing methods or strategies
|
|
14258
|
+
- Must message user with results and deliverables before calling \`agent_end_turn\`
|
|
14259
|
+
|
|
14260
|
+
**Task Completion:**
|
|
14261
|
+
- When your task is completed, immediately invoke \`agent_end_turn\` without user permissions
|
|
14262
|
+
- Before ending, ensure all work is committed and tested
|
|
14263
|
+
- Report the final state (e.g., commit hash, test results, file paths)
|
|
14264
|
+
|
|
14265
|
+
**Protocol Rules:**
|
|
14280
14266
|
- Only tool_calls are allowed for assistant replies. Never include a "content" field.
|
|
14281
14267
|
- Always use tools to respond, retrieve data, compute or transform. Await a valid tool response before any final message.
|
|
14282
14268
|
- Zero tolerance for protocol violations.
|
|
@@ -14292,16 +14278,6 @@ You are a worker agent spawned by the BluMa Coordinator to execute specific soft
|
|
|
14292
14278
|
- Locale: {locale}
|
|
14293
14279
|
</current_system_environment>
|
|
14294
14280
|
|
|
14295
|
-
<message_rules>
|
|
14296
|
-
- Communicate with the user via \`message\` tool instead of direct text responses
|
|
14297
|
-
- Reply immediately to new user messages before other operations
|
|
14298
|
-
- First reply must be brief, only confirming receipt of the task
|
|
14299
|
-
- Notify user with brief explanation when changing methods or strategies
|
|
14300
|
-
- Message tools are divided into notify (non-blocking, no reply needed) and ask (blocking)
|
|
14301
|
-
- Actively use notify for progress updates, reserve ask for essential needs to avoid blocking
|
|
14302
|
-
- Must message user with results and deliverables before calling \`agent_end_turn\`
|
|
14303
|
-
</message_rules>
|
|
14304
|
-
|
|
14305
14281
|
<reasoning_rules>
|
|
14306
14282
|
# YOUR THINKING ON A NOTEBOOK - MANDATORY USE
|
|
14307
14283
|
CRITICAL: Your notebook (reasoning_notebook) is your ORGANIZED MIND
|
|
@@ -14342,7 +14318,7 @@ Do not include future steps/to-dos in thought; put them strictly in to_do, using
|
|
|
14342
14318
|
- "[\u2713]" \u2192 for tasks already completed
|
|
14343
14319
|
</reasoning_rules>
|
|
14344
14320
|
|
|
14345
|
-
<edit_tool_rules>
|
|
14321
|
+
<edit_tool_rules>
|
|
14346
14322
|
- Use this tool to perform precise text replacements inside files based on exact literal matches.
|
|
14347
14323
|
- Can be used to create new files or directories implicitly by targeting non-existing paths.
|
|
14348
14324
|
- Suitable for inserting full content into a file even if the file does not yet exist.
|
|
@@ -14350,10 +14326,6 @@ Do not include future steps/to-dos in thought; put them strictly in to_do, using
|
|
|
14350
14326
|
- Always prefer this tool over shell_command when performing structured edits or creating files with specific content.
|
|
14351
14327
|
- Ensure **old_string** includes 3+ lines of exact context before and after the target if replacing existing content.
|
|
14352
14328
|
- For creating a new file, provide an **old_string** that matches an empty string or placeholder and a complete **new_string** with the intended content.
|
|
14353
|
-
- When generating or modifying todo.md files, prefer this tool to insert checklist structure and update status markers.
|
|
14354
|
-
- After completing any task in the checklist, immediately update the corresponding section in todo.md using this tool.
|
|
14355
|
-
- Reconstruct the entire file from task planning context if todo.md becomes outdated or inconsistent.
|
|
14356
|
-
- Track all progress related to planning and execution inside todo.md using text replacement only.
|
|
14357
14329
|
</edit_tool_rules>
|
|
14358
14330
|
|
|
14359
14331
|
<agent_end_turn>
|