@ouro.bot/cli 0.1.0-alpha.84 → 0.1.0-alpha.85
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/changelog.json +7 -0
- package/dist/heart/safe-workspace.js +9 -1
- package/dist/repertoire/tools.js +12 -1
- package/package.json +1 -1
package/changelog.json
CHANGED
|
@@ -1,6 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"_note": "This changelog is maintained as part of the PR/version-bump workflow. Agent-curated, not auto-generated. Agents read this file directly via read_file to understand what changed between versions.",
|
|
3
3
|
"versions": [
|
|
4
|
+
{
|
|
5
|
+
"version": "0.1.0-alpha.85",
|
|
6
|
+
"changes": [
|
|
7
|
+
"Relative repo paths now route through the chosen safe workspace too, so read/edit/write file tools actually operate in the dedicated clone or worktree instead of silently hitting the wrong checkout.",
|
|
8
|
+
"File-edit guardrails now normalize paths the same way file reads do, which means a `read_file` followed by `edit_file` on the same relative path no longer self-blocks during safe-workspace routing."
|
|
9
|
+
]
|
|
10
|
+
},
|
|
4
11
|
{
|
|
5
12
|
"version": "0.1.0-alpha.84",
|
|
6
13
|
"changes": [
|
|
@@ -222,8 +222,16 @@ function ensureSafeRepoWorkspace(options = {}) {
|
|
|
222
222
|
return selection;
|
|
223
223
|
}
|
|
224
224
|
function resolveSafeRepoPath(options) {
|
|
225
|
-
const
|
|
225
|
+
const rawRequestedPath = options.requestedPath;
|
|
226
226
|
const repoRoot = path.resolve(options.repoRoot ?? (0, identity_1.getRepoRoot)());
|
|
227
|
+
if (!path.isAbsolute(rawRequestedPath) && !rawRequestedPath.startsWith("~")) {
|
|
228
|
+
const selection = activeSelection ?? ensureSafeRepoWorkspace(options);
|
|
229
|
+
return {
|
|
230
|
+
selection,
|
|
231
|
+
resolvedPath: path.resolve(selection.workspaceRoot, rawRequestedPath),
|
|
232
|
+
};
|
|
233
|
+
}
|
|
234
|
+
const requestedPath = path.resolve(rawRequestedPath);
|
|
227
235
|
if (activeSelection && requestedPath.startsWith(activeSelection.workspaceRoot + path.sep)) {
|
|
228
236
|
return { selection: activeSelection, resolvedPath: requestedPath };
|
|
229
237
|
}
|
package/dist/repertoire/tools.js
CHANGED
|
@@ -13,6 +13,7 @@ const tools_github_1 = require("./tools-github");
|
|
|
13
13
|
const runtime_1 = require("../nerves/runtime");
|
|
14
14
|
const guardrails_1 = require("./guardrails");
|
|
15
15
|
const identity_1 = require("../heart/identity");
|
|
16
|
+
const safe_workspace_1 = require("../heart/safe-workspace");
|
|
16
17
|
function safeGetAgentRoot() {
|
|
17
18
|
try {
|
|
18
19
|
return (0, identity_1.getAgentRoot)();
|
|
@@ -99,6 +100,15 @@ function isConfirmationRequired(toolName) {
|
|
|
99
100
|
const def = allDefinitions.find((d) => d.tool.function.name === toolName);
|
|
100
101
|
return def?.confirmationRequired === true;
|
|
101
102
|
}
|
|
103
|
+
function normalizeGuardArgs(name, args) {
|
|
104
|
+
if ((name === "read_file" || name === "write_file" || name === "edit_file") && args.path) {
|
|
105
|
+
return {
|
|
106
|
+
...args,
|
|
107
|
+
path: (0, safe_workspace_1.resolveSafeRepoPath)({ requestedPath: args.path }).resolvedPath,
|
|
108
|
+
};
|
|
109
|
+
}
|
|
110
|
+
return args;
|
|
111
|
+
}
|
|
102
112
|
async function execTool(name, args, ctx) {
|
|
103
113
|
(0, runtime_1.emitNervesEvent)({
|
|
104
114
|
event: "tool.start",
|
|
@@ -124,7 +134,8 @@ async function execTool(name, args, ctx) {
|
|
|
124
134
|
trustLevel: ctx?.context?.friend?.trustLevel,
|
|
125
135
|
agentRoot: safeGetAgentRoot(),
|
|
126
136
|
};
|
|
127
|
-
const
|
|
137
|
+
const guardArgs = normalizeGuardArgs(name, args);
|
|
138
|
+
const guardResult = (0, guardrails_1.guardInvocation)(name, guardArgs, guardContext);
|
|
128
139
|
if (!guardResult.allowed) {
|
|
129
140
|
(0, runtime_1.emitNervesEvent)({
|
|
130
141
|
level: "warn",
|