@pellux/goodvibes-agent 0.1.15 → 0.1.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/package.json +1 -1
- package/src/tools/wrfc-agent-guard.ts +20 -0
- package/src/version.ts +1 -1
package/CHANGELOG.md
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@pellux/goodvibes-agent",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.16",
|
|
4
4
|
"private": false,
|
|
5
5
|
"description": "Near-fork GoodVibes operator assistant with the GoodVibes TUI shell, renderer, input, fullscreen workspace, and daemon-connected Agent product brain.",
|
|
6
6
|
"type": "module",
|
|
@@ -50,8 +50,10 @@ const BLOCKED_MAIN_CONVERSATION_TOOL_NAME_SET = new Set<string>(BLOCKED_MAIN_CON
|
|
|
50
50
|
|
|
51
51
|
const READ_ONLY_REMOTE_TOOL_MODES = ['pools', 'contracts', 'artifacts', 'review'] as const;
|
|
52
52
|
const READ_ONLY_CHANNEL_TOOL_MODES = ['accounts', 'directory', 'resolve_target', 'capabilities', 'tools', 'agent_tools', 'actions'] as const;
|
|
53
|
+
const READ_ONLY_MCP_TOOL_MODES = ['servers', 'tools', 'schema', 'resources', 'security', 'auth'] as const;
|
|
53
54
|
const READ_ONLY_REMOTE_TOOL_MODE_SET = new Set<string>(READ_ONLY_REMOTE_TOOL_MODES);
|
|
54
55
|
const READ_ONLY_CHANNEL_TOOL_MODE_SET = new Set<string>(READ_ONLY_CHANNEL_TOOL_MODES);
|
|
56
|
+
const READ_ONLY_MCP_TOOL_MODE_SET = new Set<string>(READ_ONLY_MCP_TOOL_MODES);
|
|
55
57
|
|
|
56
58
|
const LOCAL_AGENT_DENIAL = [
|
|
57
59
|
'GoodVibes Agent does not spawn local Engineer/Reviewer/Tester/Verifier roots or run local WRFC chains.',
|
|
@@ -83,6 +85,12 @@ const CHANNEL_ACTION_DENIAL = [
|
|
|
83
85
|
'External channel side effects require an explicit Agent approval flow before they can run.',
|
|
84
86
|
].join(' ');
|
|
85
87
|
|
|
88
|
+
const MCP_SECURITY_MUTATION_DENIAL = [
|
|
89
|
+
'GoodVibes Agent only inspects MCP servers, tools, schemas, resources, security, and auth state from the main conversation.',
|
|
90
|
+
'MCP quarantine approval, trust changes, and role changes are disabled here.',
|
|
91
|
+
'MCP security mutations require an explicit Agent approval flow before they can run.',
|
|
92
|
+
].join(' ');
|
|
93
|
+
|
|
86
94
|
export function installAgentToolPolicyGuard(registry: ToolRegistry, options: AgentToolPolicyGuardOptions = {}): void {
|
|
87
95
|
const agentTool = registry.list().find((tool) => tool.definition.name === 'agent');
|
|
88
96
|
if (!agentTool) throw new Error('Agent tool policy guard could not find the agent tool.');
|
|
@@ -102,6 +110,16 @@ export function installAgentToolPolicyGuard(registry: ToolRegistry, options: Age
|
|
|
102
110
|
});
|
|
103
111
|
} else if (tool.definition.name === 'channel') {
|
|
104
112
|
wrapChannelToolForAgentPolicy(tool);
|
|
113
|
+
} else if (tool.definition.name === 'mcp') {
|
|
114
|
+
wrapModeRestrictedToolForAgentPolicy(tool, {
|
|
115
|
+
allowedModes: READ_ONLY_MCP_TOOL_MODES,
|
|
116
|
+
modeSet: READ_ONLY_MCP_TOOL_MODE_SET,
|
|
117
|
+
description: [
|
|
118
|
+
'Read-only MCP inspection for GoodVibes Agent.',
|
|
119
|
+
'Quarantine approval, trust mutation, and role mutation are disabled in the main conversation.',
|
|
120
|
+
].join(' '),
|
|
121
|
+
denial: MCP_SECURITY_MUTATION_DENIAL,
|
|
122
|
+
});
|
|
105
123
|
} else if (BLOCKED_MAIN_CONVERSATION_TOOL_NAME_SET.has(tool.definition.name)) {
|
|
106
124
|
wrapBlockedMainConversationToolForAgentPolicy(tool);
|
|
107
125
|
}
|
|
@@ -221,8 +239,10 @@ export const AGENT_MAIN_CONVERSATION_TOOL_DENIAL_MESSAGE = LOCAL_CODING_TOOL_DEN
|
|
|
221
239
|
export const AGENT_EXEC_BACKGROUND_DENIAL_MESSAGE = BACKGROUND_EXEC_DENIAL;
|
|
222
240
|
export const AGENT_READ_ONLY_REMOTE_TOOL_MODES = READ_ONLY_REMOTE_TOOL_MODES;
|
|
223
241
|
export const AGENT_READ_ONLY_CHANNEL_TOOL_MODES = READ_ONLY_CHANNEL_TOOL_MODES;
|
|
242
|
+
export const AGENT_READ_ONLY_MCP_TOOL_MODES = READ_ONLY_MCP_TOOL_MODES;
|
|
224
243
|
export const AGENT_REMOTE_MUTATION_DENIAL_MESSAGE = REMOTE_MUTATION_DENIAL;
|
|
225
244
|
export const AGENT_CHANNEL_ACTION_DENIAL_MESSAGE = CHANNEL_ACTION_DENIAL;
|
|
245
|
+
export const AGENT_MCP_SECURITY_MUTATION_DENIAL_MESSAGE = MCP_SECURITY_MUTATION_DENIAL;
|
|
226
246
|
|
|
227
247
|
function isRecord(value: unknown): value is Record<string, unknown> {
|
|
228
248
|
return typeof value === 'object' && value !== null && !Array.isArray(value);
|
package/src/version.ts
CHANGED
|
@@ -6,7 +6,7 @@ import { join } from 'node:path';
|
|
|
6
6
|
// The prebuild script updates the fallback value before compilation.
|
|
7
7
|
// Uses import.meta.dir (Bun) to locate package.json relative to this file,
|
|
8
8
|
// which is correct regardless of the process working directory.
|
|
9
|
-
let _version = '0.1.
|
|
9
|
+
let _version = '0.1.16';
|
|
10
10
|
let _sdkVersion = '0.33.35';
|
|
11
11
|
try {
|
|
12
12
|
const pkg = JSON.parse(readFileSync(join(import.meta.dir, '..', 'package.json'), 'utf-8')) as {
|