npm - @pellux/goodvibes-agent - Versions diffs - 0.1.18 → 0.1.20 - Mend

@pellux/goodvibes-agent 0.1.18 → 0.1.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/CHANGELOG.md +8 -0
package/package.json +1 -1
package/src/tools/wrfc-agent-guard.ts +94 -0
package/src/version.ts +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,14 @@
 All notable changes to GoodVibes Agent will be recorded here.
+## 0.1.20 - 2026-05-31
+- c0eca13 Block settings mutation tool in agent runtime
+## 0.1.19 - 2026-05-31
+- a4255d5 Restrict durable workflow tool mutations in agent runtime
 ## 0.1.18 - 2026-05-31
 - 1fd7729 Restrict state tool mutations in agent runtime

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@pellux/goodvibes-agent",
-  "version": "0.1.18",
+  "version": "0.1.20",
   "private": false,
   "description": "Near-fork GoodVibes operator assistant with the GoodVibes TUI shell, renderer, input, fullscreen workspace, and daemon-connected Agent product brain.",
   "type": "module",

package/src/tools/wrfc-agent-guard.ts CHANGED Viewed

@@ -85,6 +85,11 @@ const READ_ONLY_STATE_MEMORY_ACTIONS = ['list', 'get'] as const;
 const READ_ONLY_STATE_HOOK_ACTIONS = ['list'] as const;
 const READ_ONLY_STATE_MODE_ACTIONS = ['get', 'list'] as const;
 const READ_ONLY_STATE_ANALYTICS_ACTIONS = ['summary', 'query', 'dashboard'] as const;
+const READ_ONLY_TASK_TOOL_MODES = ['list', 'show', 'handoffs'] as const;
+const READ_ONLY_TEAM_TOOL_MODES = ['list', 'show'] as const;
+const READ_ONLY_WORKLIST_TOOL_MODES = ['list', 'show'] as const;
+const READ_ONLY_PACKET_TOOL_MODES = ['list', 'show'] as const;
+const READ_ONLY_QUERY_TOOL_MODES = ['list', 'show'] as const;
 const READ_ONLY_REMOTE_TOOL_MODE_SET = new Set<string>(READ_ONLY_REMOTE_TOOL_MODES);
 const READ_ONLY_CHANNEL_TOOL_MODE_SET = new Set<string>(READ_ONLY_CHANNEL_TOOL_MODES);
 const READ_ONLY_MCP_TOOL_MODE_SET = new Set<string>(READ_ONLY_MCP_TOOL_MODES);
@@ -94,6 +99,11 @@ const READ_ONLY_STATE_MEMORY_ACTION_SET = new Set<string>(READ_ONLY_STATE_MEMORY
 const READ_ONLY_STATE_HOOK_ACTION_SET = new Set<string>(READ_ONLY_STATE_HOOK_ACTIONS);
 const READ_ONLY_STATE_MODE_ACTION_SET = new Set<string>(READ_ONLY_STATE_MODE_ACTIONS);
 const READ_ONLY_STATE_ANALYTICS_ACTION_SET = new Set<string>(READ_ONLY_STATE_ANALYTICS_ACTIONS);
+const READ_ONLY_TASK_TOOL_MODE_SET = new Set<string>(READ_ONLY_TASK_TOOL_MODES);
+const READ_ONLY_TEAM_TOOL_MODE_SET = new Set<string>(READ_ONLY_TEAM_TOOL_MODES);
+const READ_ONLY_WORKLIST_TOOL_MODE_SET = new Set<string>(READ_ONLY_WORKLIST_TOOL_MODES);
+const READ_ONLY_PACKET_TOOL_MODE_SET = new Set<string>(READ_ONLY_PACKET_TOOL_MODES);
+const READ_ONLY_QUERY_TOOL_MODE_SET = new Set<string>(READ_ONLY_QUERY_TOOL_MODES);
 const LOCAL_AGENT_DENIAL = [
   'GoodVibes Agent does not spawn local Engineer/Reviewer/Tester/Verifier roots or run local WRFC chains.',
@@ -143,6 +153,18 @@ const STATE_MUTATION_DENIAL = [
   'Use Agent-owned memory, skills, personas, routines, and explicit CLI/slash commands for intentional local state changes.',
 ].join(' ');
+const SETTINGS_MUTATION_DENIAL = [
+  'GoodVibes Agent does not mutate configuration through model tools in the main conversation.',
+  'Use explicit Agent CLI/slash settings commands for intentional config changes.',
+  'Secrets, tokens, passwords, daemon lifecycle settings, and service exposure settings require explicit user action outside the model tool surface.',
+].join(' ');
+const DURABLE_WORKFLOW_MUTATION_DENIAL = [
+  'GoodVibes Agent only inspects copied durable workflow tools from the main conversation.',
+  'Task, team, worklist, packet, and query creation or lifecycle mutation is disabled here.',
+  'Use explicit Agent CLI/slash commands or GoodVibes TUI delegation for intentional workflow changes.',
+].join(' ');
 export function installAgentToolPolicyGuard(registry: ToolRegistry, options: AgentToolPolicyGuardOptions = {}): void {
   const agentTool = registry.list().find((tool) => tool.definition.name === 'agent');
   if (!agentTool) throw new Error('Agent tool policy guard could not find the agent tool.');
@@ -176,6 +198,48 @@ export function installAgentToolPolicyGuard(registry: ToolRegistry, options: Age
       wrapFetchToolForAgentPolicy(tool);
     } else if (tool.definition.name === 'state') {
       wrapStateToolForAgentPolicy(tool);
+    } else if (tool.definition.name === 'goodvibes_settings') {
+      wrapBlockedSettingsToolForAgentPolicy(tool);
+    } else if (tool.definition.name === 'task') {
+      wrapModeRestrictedToolForAgentPolicy(tool, {
+        allowedModes: READ_ONLY_TASK_TOOL_MODES,
+        modeSet: READ_ONLY_TASK_TOOL_MODE_SET,
+        description: 'Read-only task/workflow inspection for GoodVibes Agent. Task creation, status changes, dependencies, cancellation, and handoff mutation are disabled in the main conversation.',
+        denial: DURABLE_WORKFLOW_MUTATION_DENIAL,
+        removedProperties: ['title', 'label', 'status', 'dependsOnSessionId', 'dependsOnTaskId', 'reason', 'toSessionId'],
+      });
+    } else if (tool.definition.name === 'team') {
+      wrapModeRestrictedToolForAgentPolicy(tool, {
+        allowedModes: READ_ONLY_TEAM_TOOL_MODES,
+        modeSet: READ_ONLY_TEAM_TOOL_MODE_SET,
+        description: 'Read-only team inspection for GoodVibes Agent. Team creation, membership changes, lane changes, and deletion are disabled in the main conversation.',
+        denial: DURABLE_WORKFLOW_MUTATION_DENIAL,
+        removedProperties: ['name', 'summary', 'memberId', 'role', 'lanes'],
+      });
+    } else if (tool.definition.name === 'worklist') {
+      wrapModeRestrictedToolForAgentPolicy(tool, {
+        allowedModes: READ_ONLY_WORKLIST_TOOL_MODES,
+        modeSet: READ_ONLY_WORKLIST_TOOL_MODE_SET,
+        description: 'Read-only worklist inspection for GoodVibes Agent. Worklist creation and item lifecycle changes are disabled in the main conversation.',
+        denial: DURABLE_WORKFLOW_MUTATION_DENIAL,
+        removedProperties: ['title', 'itemId', 'text', 'owner', 'priority'],
+      });
+    } else if (tool.definition.name === 'packet') {
+      wrapModeRestrictedToolForAgentPolicy(tool, {
+        allowedModes: READ_ONLY_PACKET_TOOL_MODES,
+        modeSet: READ_ONLY_PACKET_TOOL_MODE_SET,
+        description: 'Read-only operator packet inspection for GoodVibes Agent. Packet creation, revision, and publishing are disabled in the main conversation.',
+        denial: DURABLE_WORKFLOW_MUTATION_DENIAL,
+        removedProperties: ['title', 'summary', 'goals', 'constraints', 'risks', 'audience'],
+      });
+    } else if (tool.definition.name === 'query') {
+      wrapModeRestrictedToolForAgentPolicy(tool, {
+        allowedModes: READ_ONLY_QUERY_TOOL_MODES,
+        modeSet: READ_ONLY_QUERY_TOOL_MODE_SET,
+        description: 'Read-only operator query inspection for GoodVibes Agent. Asking, answering, and closing copied workflow queries are disabled in the main conversation.',
+        denial: DURABLE_WORKFLOW_MUTATION_DENIAL,
+        removedProperties: ['prompt', 'askedBy', 'target', 'answer', 'resolution'],
+      });
     } else if (BLOCKED_MAIN_CONVERSATION_TOOL_NAME_SET.has(tool.definition.name)) {
       wrapBlockedMainConversationToolForAgentPolicy(tool);
     }
@@ -241,6 +305,21 @@ export function wrapStateToolForAgentPolicy(tool: Tool): void {
   };
 }
+export function wrapBlockedSettingsToolForAgentPolicy(tool: Tool): void {
+  tool.definition.description = [
+    'Blocked in GoodVibes Agent main conversation: configuration mutation.',
+    'Use explicit Agent CLI/slash settings commands for intentional config changes.',
+    'Daemon lifecycle and service exposure remain externally managed by GoodVibes TUI/daemon.',
+  ].join(' ');
+  tool.definition.sideEffects = [];
+  tool.definition.parameters = {
+    type: 'object',
+    properties: {},
+    additionalProperties: false,
+  };
+  tool.execute = async () => ({ success: false, error: SETTINGS_MUTATION_DENIAL });
+}
 export function validateExecToolInvocationForAgentPolicy(args: ExecToolArgs): string | null {
   if (args.parallel === true) return BACKGROUND_EXEC_DENIAL;
   if (Array.isArray(args.file_ops) && args.file_ops.length > 0) return BACKGROUND_EXEC_DENIAL;
@@ -330,10 +409,12 @@ type ModeRestrictedToolPolicy = {
   readonly modeSet: ReadonlySet<string>;
   readonly description: string;
   readonly denial: string;
+  readonly removedProperties?: readonly string[];
 };
 export function wrapModeRestrictedToolForAgentPolicy(tool: Tool, policy: ModeRestrictedToolPolicy): void {
   narrowModeToolDefinitionForAgentPolicy(tool, policy.allowedModes, policy.description);
+  if (policy.removedProperties) removeToolDefinitionProperties(tool, policy.removedProperties);
   const originalExecute = tool.execute.bind(tool);
   tool.execute = async (args) => {
     const denial = validateModeRestrictedToolInvocationForAgentPolicy(args as ModeToolArgs, policy.modeSet, policy.denial);
@@ -384,11 +465,18 @@ export const AGENT_READ_ONLY_STATE_MEMORY_ACTIONS = READ_ONLY_STATE_MEMORY_ACTIO
 export const AGENT_READ_ONLY_STATE_HOOK_ACTIONS = READ_ONLY_STATE_HOOK_ACTIONS;
 export const AGENT_READ_ONLY_STATE_MODE_ACTIONS = READ_ONLY_STATE_MODE_ACTIONS;
 export const AGENT_READ_ONLY_STATE_ANALYTICS_ACTIONS = READ_ONLY_STATE_ANALYTICS_ACTIONS;
+export const AGENT_READ_ONLY_TASK_TOOL_MODES = READ_ONLY_TASK_TOOL_MODES;
+export const AGENT_READ_ONLY_TEAM_TOOL_MODES = READ_ONLY_TEAM_TOOL_MODES;
+export const AGENT_READ_ONLY_WORKLIST_TOOL_MODES = READ_ONLY_WORKLIST_TOOL_MODES;
+export const AGENT_READ_ONLY_PACKET_TOOL_MODES = READ_ONLY_PACKET_TOOL_MODES;
+export const AGENT_READ_ONLY_QUERY_TOOL_MODES = READ_ONLY_QUERY_TOOL_MODES;
 export const AGENT_REMOTE_MUTATION_DENIAL_MESSAGE = REMOTE_MUTATION_DENIAL;
 export const AGENT_CHANNEL_ACTION_DENIAL_MESSAGE = CHANNEL_ACTION_DENIAL;
 export const AGENT_MCP_SECURITY_MUTATION_DENIAL_MESSAGE = MCP_SECURITY_MUTATION_DENIAL;
 export const AGENT_FETCH_NETWORK_MUTATION_DENIAL_MESSAGE = FETCH_NETWORK_MUTATION_DENIAL;
 export const AGENT_STATE_MUTATION_DENIAL_MESSAGE = STATE_MUTATION_DENIAL;
+export const AGENT_SETTINGS_MUTATION_DENIAL_MESSAGE = SETTINGS_MUTATION_DENIAL;
+export const AGENT_DURABLE_WORKFLOW_MUTATION_DENIAL_MESSAGE = DURABLE_WORKFLOW_MUTATION_DENIAL;
 function isRecord(value: unknown): value is Record<string, unknown> {
   return typeof value === 'object' && value !== null && !Array.isArray(value);
@@ -542,6 +630,12 @@ function narrowModeToolDefinitionForAgentPolicy(tool: Tool, allowedModes: readon
   }
 }
+function removeToolDefinitionProperties(tool: Tool, keys: readonly string[]): void {
+  const properties = tool.definition.parameters.properties;
+  if (!isRecord(properties)) return;
+  for (const key of keys) delete properties[key];
+}
 function narrowStringEnumProperty(
   properties: Record<string, unknown>,
   key: string,

package/src/version.ts CHANGED Viewed

@@ -6,7 +6,7 @@ import { join } from 'node:path';
 // The prebuild script updates the fallback value before compilation.
 // Uses import.meta.dir (Bun) to locate package.json relative to this file,
 // which is correct regardless of the process working directory.
-let _version = '0.1.18';
+let _version = '0.1.20';
 let _sdkVersion = '0.33.35';
 try {
   const pkg = JSON.parse(readFileSync(join(import.meta.dir, '..', 'package.json'), 'utf-8')) as {