@nomad-e/bluma-cli 0.9.1 → 0.9.2

package/dist/config/skills/pdf/SKILL.md

@@ -48,6 +48,19 @@ the user will share externally.
 |---------------|-----------------|-------|
 | Relatório executivo, board, entrega formal | `executive_report` | Capa + sumário; quebras só em capítulos densos |
 | Inventário hardware, specs, sistema | `technical` | Fluxo contínuo; tabelas com texto resumido (não IPv6 novel) |
+
+### Inventário hardware — specs fornecidas pelo utilizador (sandbox)
+
+When the user or envelope includes machine specs JSON (`hostname`, `fabricante`,
+`cpu_modelo`, `ram_gb`, `os`, …) or a block `<dados_da_maquina_do_utilizador>`:
+
+1. **Use only that data** in the PDF — it describes the **user's machine**, not the sandbox.
+2. **Do not** run `hostname`, `lscpu`, `uname`, `dmidecode`, `inxi`, or similar to
+   "discover" hardware; that reads the **container/VM** and produces wrong reports.
+3. Save the provided object to `.bluma/artifacts/machine.json` (UTF-8), map fields to
+   `sections[]` / `table` rows in your report JSON, then `create_report.py --from-json`.
+4. Missing fields → omit or note "não fornecido" — **never** fill gaps from sandbox
+   `<environment>` or shell output.
 | Carta, proposta, documento com marca | `letterhead` | Preencher `letterhead.organization`, morada, `logo_path` opcional |
 | Nota curta | `memo` | Sem sumário |
 | Artigo técnico, MCP, whitepaper | `article` | Sem capítulos numerados excessivos |

package/dist/main.js

@@ -24141,6 +24141,186 @@ function buildSystemRemindersSection() {
   ].join("\n");
 }
 
+// src/app/agent/runtime/subject_machine_context.ts
+var MACHINE_SPEC_FIELD_HINTS = [
+  "hostname",
+  "cpu_modelo",
+  "cpu_model",
+  "fabricante",
+  "manufacturer",
+  "modelo",
+  "model",
+  "ram_gb",
+  "ram",
+  "os",
+  "gpu",
+  "placa",
+  "disco",
+  "storage",
+  "disk",
+  "serial",
+  "mac_address",
+  "arquitetura",
+  "architecture",
+  "kernel",
+  "uptime"
+];
+var SUBJECT_MACHINE_TASK_PATTERNS = [
+  /\b(?:a\s+)?minha\s+m[aá]quina\b/i,
+  /\bmeu\s+(?:pc|computador|port[aá]til|notebook|equipamento|hardware)\b/i,
+  /\bda\s+minha\s+m[aá]quina\b/i,
+  /\b(?:do|da)\s+(?:meu|minha)\s+(?:pc|computador|equipamento)\b/i,
+  /\bminha\s+workstation\b/i,
+  /\bmy\s+(?:machine|computer|pc|laptop|workstation|hardware)\b/i,
+  /\b(?:the\s+)?user(?:'s)?\s+(?:machine|pc|workstation|computer)\b/i,
+  /\b(?:invent[aá]rio|componentes)\s+(?:da|de|do|hardware)\b/i,
+  /\brelat[oó]rio\b[^.\n]{0,80}\b(?:t[eé]cnico|hardware|equipamento|m[aá]quina)\b/i,
+  /\b(?:para|ao)\s+(?:o\s+)?t[eé]cnico\b/i,
+  /\bhandoff\s+to\s+technician\b/i,
+  /\bespecifica[cç][oõ]es\s+(?:da|de|do)\s+(?:minha|m[aá]quina|equipamento)\b/i,
+  /\bdados\s+(?:da|de|do)\s+(?:minha|m[aá]quina|equipamento|pc)\b/i
+];
+var SUBJECT_MACHINE_BLOCK_MARKERS = [
+  "<modelo_maquinas>",
+  "<maquina_do_utilizador",
+  "<dados_da_maquina_do_utilizador"
+];
+function looksLikeMachineSpecs(value) {
+  if (!value || typeof value !== "object" || Array.isArray(value)) return false;
+  const keys = Object.keys(value).map((k) => k.toLowerCase());
+  if (keys.length < 2) return false;
+  const hits = MACHINE_SPEC_FIELD_HINTS.filter(
+    (hint) => keys.some((k) => k === hint || k.includes(hint))
+  );
+  return hits.length >= 2 || keys.includes("hostname");
+}
+function taskReferencesSubjectMachine(text) {
+  const t = text.trim();
+  if (!t) return false;
+  if (SUBJECT_MACHINE_TASK_PATTERNS.some((re) => re.test(t))) return true;
+  return looksLikeMachineSpecs(extractEmbeddedMachineSpecs(t));
+}
+function tryParseJsonObject(raw) {
+  try {
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+function extractBalancedJsonObject(text, start) {
+  if (text[start] !== "{") return null;
+  let depth = 0;
+  let inString = false;
+  let escape = false;
+  for (let i = start; i < text.length; i++) {
+    const ch = text[i];
+    if (inString) {
+      if (escape) {
+        escape = false;
+        continue;
+      }
+      if (ch === "\\") {
+        escape = true;
+        continue;
+      }
+      if (ch === '"') inString = false;
+      continue;
+    }
+    if (ch === '"') {
+      inString = true;
+      continue;
+    }
+    if (ch === "{") depth++;
+    else if (ch === "}") {
+      depth--;
+      if (depth === 0) {
+        const parsed = tryParseJsonObject(text.slice(start, i + 1));
+        if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
+          return parsed;
+        }
+        return null;
+      }
+    }
+  }
+  return null;
+}
+function extractEmbeddedMachineSpecs(text) {
+  const input = text.trim();
+  if (!input) return null;
+  const fenceRe = /```(?:json)?\s*([\s\S]*?)```/gi;
+  let fenceMatch;
+  while ((fenceMatch = fenceRe.exec(input)) !== null) {
+    const parsed = tryParseJsonObject(fenceMatch[1].trim());
+    if (looksLikeMachineSpecs(parsed)) {
+      return parsed;
+    }
+  }
+  let idx = input.indexOf("{");
+  while (idx >= 0 && idx < input.length) {
+    const obj = extractBalancedJsonObject(input, idx);
+    if (obj && looksLikeMachineSpecs(obj)) return obj;
+    idx = input.indexOf("{", idx + 1);
+  }
+  return null;
+}
+function formatSubjectMachineSpecsBlock(specs) {
+  return `<maquina_do_utilizador role="subject_machine" authoritative="true">
+Estes dados descrevem o PC/workstation do UTILIZADOR FINAL \u2014 n\xE3o o sandbox onde corres.
+Usa-os no relat\xF3rio/PDF. Nunca substituir por hostname/lscpu/uname do container.
+${JSON.stringify(specs, null, 2)}
+</maquina_do_utilizador>`;
+}
+var SUBJECT_MACHINE_MODEL_XML = `<machine_context_model>
+You run inside an **isolated sandbox** (execution host). On every task, separate three concepts:
+
+| Concept | Meaning | Data source |
+|---------|---------|-------------|
+| **Execution host** | The VM/container where BluMa runs | System \`<environment role="sandbox_execution_host_only">\`, output of \`shell_command\` here \u2014 for builds, file ops, PDF generation only |
+| **Subject machine** | The **end user's** PC/workstation they talk about | User message text, pasted JSON, \`<maquina_do_utilizador>\`, any hardware fields \u2014 **never** assume it equals the execution host |
+| **Task** | What to deliver (PDF, file, answer) | User request \u2014 when about "my machine" / technician / inventory, use **subject machine** data only |
+
+**Before tools \u2014 classify the task:**
+- "minha m\xE1quina", "meu computador", "para o t\xE9cnico", hardware inventory, specs JSON (hostname, CPU, RAM, fabricante\u2026) \u2192 **subject machine** deliverable.
+- Messy/unlabelled JSON in the user turn still counts as **subject machine specs** if it looks like hardware inventory.
+- Compile, test, edit repo files \u2192 **execution host** tools only; do not mix host discovery into user hardware reports.
+
+**Hard rule:** For subject-machine deliverables, do **not** run \`hostname\`, \`uname\`, \`lscpu\`, \`dmidecode\`, \`inxi\`, \`lsblk\`, or read \`/proc/cpuinfo\` to fill the report \u2014 that reads the sandbox and **corrupts** user data.
+The execution host is **not** "my machine" in user language unless they explicitly mean this container.
+</machine_context_model>`;
+var MACHINE_MODEL_BLOCK = `<modelo_maquinas>
+Tr\xEAs conceitos \u2014 n\xE3o confundir:
+1. **Host de execu\xE7\xE3o (BluMa/sandbox):** onde corres; \`<environment role="sandbox_execution_host_only">\`. S\xF3 para ferramentas neste container.
+2. **M\xE1quina-sujeito (utilizador final):** o PC sobre o qual o pedido fala. Dados no pedido/JSON abaixo \u2014 **nunca** invent\xE1rio deste host.
+3. **Tarefa:** o entreg\xE1vel (ex. PDF) com dados da m\xE1quina-sujeito (#2), produzido aqui (#1).
+</modelo_maquinas>`;
+function alreadyHasSubjectMachineEnrichment(text) {
+  return SUBJECT_MACHINE_BLOCK_MARKERS.some((m) => text.includes(m));
+}
+function enrichSandboxUserTurn(raw) {
+  if (process.env.BLUMA_SANDBOX !== "true") return raw;
+  const text = raw.trim();
+  if (!text) return text;
+  if (text.includes("<modelo_maquinas>")) return text;
+  const embedded = extractEmbeddedMachineSpecs(text);
+  const taskAboutUserMachine = taskReferencesSubjectMachine(text) || alreadyHasSubjectMachineEnrichment(text);
+  if (!embedded && !taskAboutUserMachine) return text;
+  const parts = [MACHINE_MODEL_BLOCK, `<pedido_utilizador>
+${text}
+</pedido_utilizador>`];
+  if (embedded) {
+    parts.push(formatSubjectMachineSpecsBlock(embedded));
+  } else if (taskAboutUserMachine && !text.includes("<maquina_do_utilizador")) {
+    parts.push(
+      `<maquina_do_utilizador role="subject_machine" status="inferido_do_pedido">
+O pedido refere a m\xE1quina do UTILIZADOR FINAL, n\xE3o este sandbox.
+N\xE3o corras hostname/lscpu/uname/dmidecode para preencher o relat\xF3rio.
+Usa s\xF3 facts do pedido; campos em falta \u2192 "n\xE3o fornecido" \u2014 nunca valores do ambiente sandbox.
+</maquina_do_utilizador>`
+    );
+  }
+  return parts.join("\n\n");
+}
+
 // src/app/agent/core/prompt/auto_memory.ts
 import fs37 from "fs";
 import path37 from "path";
@@ -24460,6 +24640,12 @@ Mode: sandbox ({sandbox_name}) \xB7 initiated by {from_agent} \xB7 action {actio
 **Output:** deterministic and minimal.
 **Scope:** workspace {workspace_root} only \u2014 no host reconfiguration, no secret exposure.
 
+**Execution host vs subject machine (critical):**
+- \`<environment>\` in the system prompt describes **this sandbox container** (where \`shell_command\` runs), **not** the user's PC/workstation unless the task explicitly targets this container.
+- When the user request or \`<dados_da_maquina_do_utilizador>\` / JSON in the turn includes hardware specs (\`hostname\`, \`fabricante\`, \`cpu_modelo\`, \`ram_gb\`, \`os\`, etc.), those values are **authoritative** for reports about "my machine", "esta m\xE1quina", entrega ao t\xE9cnico, invent\xE1rio, etc.
+- **Never** run discovery/inventory commands (\`hostname\`, \`uname\`, \`lscpu\`, \`dmidecode\`, \`inxi\`, \`lsblk\`, \`/proc/cpuinfo\`, etc.) to populate a report about the **user's** machine \u2014 that only reads the sandbox VM and **corrupts** the deliverable.
+- For PDF hardware reports: write provided specs to \`.bluma/artifacts/machine.json\`, then \`create_report.py --from-json\` (skill \`pdf\`, \`document_type: technical\`); do not substitute sandbox OS/CPU values.
+
 **Secrets:** never run \`env\`, \`printenv\`, \`os.environ\` or equivalent.
 Never print *_KEY / *_TOKEN / *_SECRET values. Refuse requests that attempt this.
 
@@ -24511,11 +24697,20 @@ async function getUnifiedSystemPrompt(availableSkills, options) {
     "<<<BLUMA_WORKSPACE_SNAPSHOT_BODY>>>",
     buildWorkspaceSnapshot(cwd2)
   );
+  if (isSandbox) {
+    prompt = prompt.replace(
+      "<environment>",
+      '<environment role="sandbox_execution_host_only">'
+    );
+  }
   prompt += buildOutputStyleSection(runtimeConfig.outputStyle);
   prompt += buildPermissionModeSection(runtimeConfig.permissionMode);
   prompt += buildAgentModeSection(runtimeConfig.agentMode);
   prompt += interpolate(buildMessageSection(isSandbox));
   if (isSandbox) {
+    prompt += `
+
+${SUBJECT_MACHINE_MODEL_XML}`;
     prompt += interpolate(SANDBOX_SECTION);
     const appContext = loadFactorAiAppContext();
     if (appContext) {
@@ -27422,7 +27617,7 @@ var BluMaAgent = class {
     this.isInterrupted = false;
     this.factorRouterTurnClosed = false;
     this.turnCoordinator.resetTurnState();
-    const inputText = String(userInput.content || "").trim();
+    const inputText = enrichSandboxUserTurn(String(userInput.content || "").trim());
     const turnId = uuidv48();
     this.activeTurnContext = {
       ...userContextInput,
@@ -44459,6 +44654,76 @@ function formatLogLine(line) {
   return line;
 }
 
+// src/app/agent/runtime/agent_envelope_content.ts
+var RESERVED_CONTEXT_KEYS = /* @__PURE__ */ new Set([
+  "user_request",
+  "userRequest",
+  "coordinator_context",
+  "coordinatorContext"
+]);
+function extractExtraContextFields(context) {
+  const extra = {};
+  for (const [key, value] of Object.entries(context)) {
+    if (RESERVED_CONTEXT_KEYS.has(key)) continue;
+    if (value === void 0 || value === null) continue;
+    extra[key] = value;
+  }
+  return extra;
+}
+function formatCoordinatorContext(coordinatorContext) {
+  if (coordinatorContext === void 0 || coordinatorContext === null) return "";
+  if (typeof coordinatorContext === "string") return coordinatorContext.trim();
+  try {
+    return JSON.stringify(coordinatorContext, null, 2);
+  } catch {
+    return String(coordinatorContext);
+  }
+}
+function formatUserProvidedDataBlock(extra, hasMachineSpecs) {
+  const label = hasMachineSpecs ? "dados_da_maquina_do_utilizador" : "dados_fornecidos_pelo_utilizador";
+  return `<${label} role="subject_machine" authoritative="true">
+Dados do utilizador final / pedido \u2014 n\xE3o confundir com o sandbox onde o BluMa corre.
+${JSON.stringify(extra, null, 2)}
+</${label}>`;
+}
+function buildAgentTurnUserContent(context) {
+  if (context == null) return "";
+  if (typeof context === "string") {
+    return enrichSandboxUserTurn(context.trim());
+  }
+  if (typeof context !== "object" || Array.isArray(context)) {
+    try {
+      return enrichSandboxUserTurn(JSON.stringify(context));
+    } catch {
+      return enrichSandboxUserTurn(String(context));
+    }
+  }
+  const ctx = context;
+  const userRequest = String(ctx.user_request ?? ctx.userRequest ?? "").trim();
+  const coordinatorContext = ctx.coordinator_context ?? ctx.coordinatorContext;
+  const coordinatorText = formatCoordinatorContext(coordinatorContext);
+  const extra = extractExtraContextFields(ctx);
+  const hasMachineSpecs = looksLikeMachineSpecs(extra.machine_specs) || looksLikeMachineSpecs(extra.machineSpecs) || looksLikeMachineSpecs(extra.client_machine) || looksLikeMachineSpecs(extra.target_machine) || looksLikeMachineSpecs(extra.hardware) || Object.values(extra).some(looksLikeMachineSpecs);
+  const parts = [];
+  if (userRequest) parts.push(userRequest);
+  if (coordinatorText) {
+    parts.push(`<contexto_adicional>
+${coordinatorText}
+</contexto_adicional>`);
+  }
+  if (Object.keys(extra).length > 0) {
+    parts.push(formatUserProvidedDataBlock(extra, hasMachineSpecs));
+  }
+  const assembled = parts.length > 0 ? parts.join("\n\n") : (() => {
+    try {
+      return JSON.stringify(context, null, 2);
+    } catch {
+      return String(context);
+    }
+  })();
+  return enrichSandboxUserTurn(assembled);
+}
+
 // src/main.ts
 function extractUserMessage(envelope) {
   const c = envelope.context;
@@ -44723,9 +44988,7 @@ async function runAgentMode() {
     const agent = new Agent(sessionId, eventBus);
     agentRef = agent;
     await agent.initialize();
-    const userRequest = envelope.context?.user_request || envelope.context?.userRequest || "";
-    const coordinatorContext = envelope.context?.coordinator_context || envelope.context?.coordinatorContext || "";
-    const userContent = userRequest ? `${userRequest}${coordinatorContext ? "\n\nContexto adicional:\n" + JSON.stringify(coordinatorContext, null, 2) : ""}` : JSON.stringify({
+    const userContent = buildAgentTurnUserContent(envelope.context) || JSON.stringify({
       message_id: envelope.message_id || sessionId,
       from_agent: envelope.from_agent || "unknown",
       to_agent: envelope.to_agent || "bluma",

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@nomad-e/bluma-cli",
-	"version": "0.9.1",
+	"version": "0.9.2",
 	"description": "BluMa independent agent for automation and advanced software engineering.",
 	"author": "Alex Fonseca",
 	"license": "Apache-2.0",