@pellux/goodvibes-agent 0.1.22 → 0.1.24

package/CHANGELOG.md

@@ -2,6 +2,14 @@
 
 All notable changes to GoodVibes Agent will be recorded here.
 
+## 0.1.24 - 2026-05-31
+
+- 2375df3 Bound web search tool policy
+
+## 0.1.23 - 2026-05-31
+
+- 18d7381 Harden analyze and registry tool policy
+
 ## 0.1.22 - 2026-05-31
 
 - 07e4445 Mark control tool read-only in agent runtime

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@pellux/goodvibes-agent",
-  "version": "0.1.22",
+  "version": "0.1.24",
   "private": false,
   "description": "Near-fork GoodVibes operator assistant with the GoodVibes TUI shell, renderer, input, fullscreen workspace, and daemon-connected Agent product brain.",
   "type": "module",

package/src/tools/agent-analysis-registry-policy.ts

@@ -0,0 +1,127 @@
+import type { Tool } from '@pellux/goodvibes-sdk/platform/types';
+
+type AnalyzeToolArgs = {
+  readonly mode?: unknown;
+  readonly [key: string]: unknown;
+};
+
+type RegistryToolArgs = {
+  readonly mode?: unknown;
+  readonly path?: unknown;
+  readonly [key: string]: unknown;
+};
+
+const READ_ONLY_ANALYZE_TOOL_MODES = [
+  'impact',
+  'dependencies',
+  'dead_code',
+  'security',
+  'coverage',
+  'bundle',
+  'preview',
+  'diff',
+  'surface',
+  'breaking',
+  'permissions',
+  'env_audit',
+  'test_find',
+] as const;
+
+const READ_ONLY_REGISTRY_TOOL_MODES = ['search', 'recommend', 'dependencies', 'preview'] as const;
+
+const READ_ONLY_ANALYZE_TOOL_MODE_SET = new Set<string>(READ_ONLY_ANALYZE_TOOL_MODES);
+const READ_ONLY_REGISTRY_TOOL_MODE_SET = new Set<string>(READ_ONLY_REGISTRY_TOOL_MODES);
+
+const ANALYZE_NETWORK_DENIAL = [
+  'GoodVibes Agent only exposes local, static analyze modes from the main conversation.',
+  'npm registry upgrade checks and hidden secondary LLM diff analysis are disabled here.',
+  'Use explicit Agent CLI/slash commands or GoodVibes TUI delegation for package-upgrade and code-review workflows.',
+].join(' ');
+
+const REGISTRY_CONTENT_DENIAL = [
+  'GoodVibes Agent only exposes registry discovery, recommendation, dependency, and bounded preview from the main conversation.',
+  'Full registry content materialization and arbitrary .goodvibes file reads are disabled here.',
+  'Use explicit Agent CLI/slash commands for intentional local registry changes or deeper inspection.',
+].join(' ');
+
+export const AGENT_READ_ONLY_ANALYZE_TOOL_MODES = READ_ONLY_ANALYZE_TOOL_MODES;
+export const AGENT_READ_ONLY_REGISTRY_TOOL_MODES = READ_ONLY_REGISTRY_TOOL_MODES;
+export const AGENT_ANALYZE_NETWORK_DENIAL_MESSAGE = ANALYZE_NETWORK_DENIAL;
+export const AGENT_REGISTRY_CONTENT_DENIAL_MESSAGE = REGISTRY_CONTENT_DENIAL;
+
+export function wrapAnalyzeToolForAgentPolicy(tool: Tool): void {
+  narrowAnalyzeToolDefinitionForAgentPolicy(tool);
+  const originalExecute = tool.execute.bind(tool);
+  tool.execute = async (args) => {
+    const denial = validateAnalyzeToolInvocationForAgentPolicy(args as AnalyzeToolArgs);
+    if (denial) return { success: false, error: denial };
+    return originalExecute(args);
+  };
+}
+
+export function wrapRegistryToolForAgentPolicy(tool: Tool): void {
+  narrowRegistryToolDefinitionForAgentPolicy(tool);
+  const originalExecute = tool.execute.bind(tool);
+  tool.execute = async (args) => {
+    const denial = validateRegistryToolInvocationForAgentPolicy(args as RegistryToolArgs);
+    if (denial) return { success: false, error: denial };
+    return originalExecute(args);
+  };
+}
+
+export function validateAnalyzeToolInvocationForAgentPolicy(args: AnalyzeToolArgs): string | null {
+  if (typeof args.mode === 'string' && !READ_ONLY_ANALYZE_TOOL_MODE_SET.has(args.mode)) return ANALYZE_NETWORK_DENIAL;
+  return null;
+}
+
+export function validateRegistryToolInvocationForAgentPolicy(args: RegistryToolArgs): string | null {
+  if (typeof args.mode === 'string' && !READ_ONLY_REGISTRY_TOOL_MODE_SET.has(args.mode)) return REGISTRY_CONTENT_DENIAL;
+  if (args.mode === 'preview' && typeof args.path === 'string' && !isAllowedAgentRegistryPreviewPath(args.path)) {
+    return REGISTRY_CONTENT_DENIAL;
+  }
+  return null;
+}
+
+function narrowAnalyzeToolDefinitionForAgentPolicy(tool: Tool): void {
+  tool.definition.description = [
+    'Run local, static project analysis for GoodVibes Agent.',
+    'npm registry upgrade checks and hidden secondary LLM diff analysis are disabled in the main conversation.',
+    'Delegate package-upgrade and review workflows to GoodVibes TUI when they become build/fix/review work.',
+  ].join(' ');
+  tool.definition.sideEffects = ['read_fs'];
+
+  const properties = tool.definition.parameters.properties;
+  if (!isRecord(properties)) return;
+  const modeProperty = properties.mode;
+  if (isRecord(modeProperty)) {
+    modeProperty.enum = [...READ_ONLY_ANALYZE_TOOL_MODES];
+    modeProperty.description = 'Local static analysis mode allowed by GoodVibes Agent main-conversation policy.';
+  }
+
+  delete properties.packages;
+}
+
+function narrowRegistryToolDefinitionForAgentPolicy(tool: Tool): void {
+  tool.definition.description = [
+    'Discover and preview GoodVibes Agent skills, agents, and tools.',
+    'Full content materialization and arbitrary .goodvibes file reads are disabled in the main conversation.',
+  ].join(' ');
+  tool.definition.sideEffects = ['read_fs'];
+
+  const properties = tool.definition.parameters.properties;
+  if (!isRecord(properties)) return;
+  const modeProperty = properties.mode;
+  if (isRecord(modeProperty)) {
+    modeProperty.enum = [...READ_ONLY_REGISTRY_TOOL_MODES];
+    modeProperty.description = 'Bounded registry discovery modes allowed by GoodVibes Agent main-conversation policy.';
+  }
+}
+
+function isAllowedAgentRegistryPreviewPath(path: string): boolean {
+  const normalized = path.replace(/\\/g, '/');
+  return /(?:^|\/)\.goodvibes\/(?:skills|agents)\/.+(?:\.md|\/(?:SKILL|AGENT)\.md)$/i.test(normalized);
+}
+
+function isRecord(value: unknown): value is Record<string, unknown> {
+  return typeof value === 'object' && value !== null && !Array.isArray(value);
+}

package/src/tools/agent-web-search-policy.ts

@@ -0,0 +1,112 @@
+import type { Tool } from '@pellux/goodvibes-sdk/platform/types';
+
+type WebSearchToolArgs = {
+  readonly maxResults?: unknown;
+  readonly verbosity?: unknown;
+  readonly safeSearch?: unknown;
+  readonly includeEvidence?: unknown;
+  readonly evidenceTopN?: unknown;
+  readonly evidenceExtract?: unknown;
+  readonly [key: string]: unknown;
+};
+
+const READ_ONLY_WEB_SEARCH_VERBOSITIES = ['urls_only', 'titles', 'snippets', 'evidence'] as const;
+const READ_ONLY_WEB_SEARCH_EVIDENCE_EXTRACTS = [
+  'text',
+  'markdown',
+  'readable',
+  'code_blocks',
+  'links',
+  'metadata',
+  'tables',
+] as const;
+
+const READ_ONLY_WEB_SEARCH_VERBOSITY_SET = new Set<string>(READ_ONLY_WEB_SEARCH_VERBOSITIES);
+const READ_ONLY_WEB_SEARCH_EVIDENCE_EXTRACT_SET = new Set<string>(READ_ONLY_WEB_SEARCH_EVIDENCE_EXTRACTS);
+
+const MAX_WEB_SEARCH_RESULTS = 10;
+const MAX_WEB_SEARCH_EVIDENCE_TOP_N = 3;
+
+const WEB_SEARCH_POLICY_DENIAL = [
+  'GoodVibes Agent only exposes bounded, read-only web research from the main conversation.',
+  'Full-page/raw/summary evidence extraction, safe-search off, and high-fanout searches are disabled here.',
+  'Use explicit Agent CLI/slash commands or an approval-backed workflow for broader external research.',
+].join(' ');
+
+export const AGENT_READ_ONLY_WEB_SEARCH_VERBOSITIES = READ_ONLY_WEB_SEARCH_VERBOSITIES;
+export const AGENT_READ_ONLY_WEB_SEARCH_EVIDENCE_EXTRACTS = READ_ONLY_WEB_SEARCH_EVIDENCE_EXTRACTS;
+export const AGENT_MAX_WEB_SEARCH_RESULTS = MAX_WEB_SEARCH_RESULTS;
+export const AGENT_MAX_WEB_SEARCH_EVIDENCE_TOP_N = MAX_WEB_SEARCH_EVIDENCE_TOP_N;
+export const AGENT_WEB_SEARCH_POLICY_DENIAL_MESSAGE = WEB_SEARCH_POLICY_DENIAL;
+
+export function wrapWebSearchToolForAgentPolicy(tool: Tool): void {
+  narrowWebSearchToolDefinitionForAgentPolicy(tool);
+  const originalExecute = tool.execute.bind(tool);
+  tool.execute = async (args) => {
+    const denial = validateWebSearchToolInvocationForAgentPolicy(args as WebSearchToolArgs);
+    if (denial) return { success: false, error: denial };
+    return originalExecute(normalizeWebSearchToolInvocationForAgentPolicy(args as WebSearchToolArgs) as Parameters<Tool['execute']>[0]);
+  };
+}
+
+export function validateWebSearchToolInvocationForAgentPolicy(args: WebSearchToolArgs): string | null {
+  if (typeof args.maxResults === 'number' && args.maxResults > MAX_WEB_SEARCH_RESULTS) return WEB_SEARCH_POLICY_DENIAL;
+  if (typeof args.evidenceTopN === 'number' && args.evidenceTopN > MAX_WEB_SEARCH_EVIDENCE_TOP_N) return WEB_SEARCH_POLICY_DENIAL;
+  if (args.safeSearch === 'off') return WEB_SEARCH_POLICY_DENIAL;
+  if (typeof args.verbosity === 'string' && !READ_ONLY_WEB_SEARCH_VERBOSITY_SET.has(args.verbosity)) {
+    return WEB_SEARCH_POLICY_DENIAL;
+  }
+  if (
+    typeof args.evidenceExtract === 'string'
+    && !READ_ONLY_WEB_SEARCH_EVIDENCE_EXTRACT_SET.has(args.evidenceExtract)
+  ) {
+    return WEB_SEARCH_POLICY_DENIAL;
+  }
+  return null;
+}
+
+export function normalizeWebSearchToolInvocationForAgentPolicy(args: WebSearchToolArgs): WebSearchToolArgs {
+  return {
+    ...args,
+    safeSearch: typeof args.safeSearch === 'string' ? args.safeSearch : 'moderate',
+  };
+}
+
+function narrowWebSearchToolDefinitionForAgentPolicy(tool: Tool): void {
+  tool.definition.description = [
+    'Run bounded, read-only web research for GoodVibes Agent.',
+    'Full-page/raw/summary extraction, safe-search off, and high-fanout searches are disabled in the main conversation.',
+  ].join(' ');
+  tool.definition.sideEffects = ['network'];
+
+  const properties = tool.definition.parameters.properties;
+  if (!isRecord(properties)) return;
+
+  const verbosity = properties.verbosity;
+  if (isRecord(verbosity)) {
+    verbosity.enum = [...READ_ONLY_WEB_SEARCH_VERBOSITIES];
+    verbosity.description = 'Bounded result verbosity allowed by GoodVibes Agent main-conversation policy.';
+  }
+
+  const evidenceExtract = properties.evidenceExtract;
+  if (isRecord(evidenceExtract)) {
+    evidenceExtract.enum = [...READ_ONLY_WEB_SEARCH_EVIDENCE_EXTRACTS];
+    evidenceExtract.description = 'Bounded evidence extraction modes allowed by GoodVibes Agent main-conversation policy.';
+  }
+
+  const maxResults = properties.maxResults;
+  if (isRecord(maxResults)) {
+    maxResults.maximum = MAX_WEB_SEARCH_RESULTS;
+    maxResults.description = 'Maximum ranked results returned by GoodVibes Agent main-conversation web research.';
+  }
+
+  const evidenceTopN = properties.evidenceTopN;
+  if (isRecord(evidenceTopN)) {
+    evidenceTopN.maximum = MAX_WEB_SEARCH_EVIDENCE_TOP_N;
+    evidenceTopN.description = 'Maximum top results fetched for evidence by GoodVibes Agent main-conversation web research.';
+  }
+}
+
+function isRecord(value: unknown): value is Record<string, unknown> {
+  return typeof value === 'object' && value !== null && !Array.isArray(value);
+}

package/src/tools/wrfc-agent-guard.ts

@@ -1,5 +1,10 @@
 import type { Tool } from '@pellux/goodvibes-sdk/platform/types';
 import type { ToolRegistry } from '@pellux/goodvibes-sdk/platform/tools';
+import {
+  wrapAnalyzeToolForAgentPolicy,
+  wrapRegistryToolForAgentPolicy,
+} from './agent-analysis-registry-policy.ts';
+import { wrapWebSearchToolForAgentPolicy } from './agent-web-search-policy.ts';
 
 type AgentToolArgs = {
   readonly mode?: unknown;
@@ -222,6 +227,12 @@ export function installAgentToolPolicyGuard(registry: ToolRegistry, options: Age
       wrapBlockedSettingsToolForAgentPolicy(tool);
     } else if (tool.definition.name === 'inspect') {
       wrapInspectToolForAgentPolicy(tool);
+    } else if (tool.definition.name === 'analyze') {
+      wrapAnalyzeToolForAgentPolicy(tool);
+    } else if (tool.definition.name === 'registry') {
+      wrapRegistryToolForAgentPolicy(tool);
+    } else if (tool.definition.name === 'web_search') {
+      wrapWebSearchToolForAgentPolicy(tool);
     } else if (tool.definition.name === 'control') {
       wrapModeRestrictedToolForAgentPolicy(tool, {
         allowedModes: READ_ONLY_CONTROL_TOOL_MODES,
@@ -534,6 +545,28 @@ export const AGENT_INSPECT_WRITE_DENIAL_MESSAGE = INSPECT_WRITE_DENIAL;
 export const AGENT_DURABLE_WORKFLOW_MUTATION_DENIAL_MESSAGE = DURABLE_WORKFLOW_MUTATION_DENIAL;
 export const AGENT_CONTROL_MUTATION_DENIAL_MESSAGE = CONTROL_MUTATION_DENIAL;
 
+export {
+  AGENT_ANALYZE_NETWORK_DENIAL_MESSAGE,
+  AGENT_READ_ONLY_ANALYZE_TOOL_MODES,
+  AGENT_READ_ONLY_REGISTRY_TOOL_MODES,
+  AGENT_REGISTRY_CONTENT_DENIAL_MESSAGE,
+  validateAnalyzeToolInvocationForAgentPolicy,
+  validateRegistryToolInvocationForAgentPolicy,
+  wrapAnalyzeToolForAgentPolicy,
+  wrapRegistryToolForAgentPolicy,
+} from './agent-analysis-registry-policy.ts';
+
+export {
+  AGENT_MAX_WEB_SEARCH_EVIDENCE_TOP_N,
+  AGENT_MAX_WEB_SEARCH_RESULTS,
+  AGENT_READ_ONLY_WEB_SEARCH_EVIDENCE_EXTRACTS,
+  AGENT_READ_ONLY_WEB_SEARCH_VERBOSITIES,
+  AGENT_WEB_SEARCH_POLICY_DENIAL_MESSAGE,
+  normalizeWebSearchToolInvocationForAgentPolicy,
+  validateWebSearchToolInvocationForAgentPolicy,
+  wrapWebSearchToolForAgentPolicy,
+} from './agent-web-search-policy.ts';
+
 function isRecord(value: unknown): value is Record<string, unknown> {
   return typeof value === 'object' && value !== null && !Array.isArray(value);
 }

package/src/version.ts

@@ -6,7 +6,7 @@ import { join } from 'node:path';
 // The prebuild script updates the fallback value before compilation.
 // Uses import.meta.dir (Bun) to locate package.json relative to this file,
 // which is correct regardless of the process working directory.
-let _version = '0.1.22';
+let _version = '0.1.24';
 let _sdkVersion = '0.33.35';
 try {
   const pkg = JSON.parse(readFileSync(join(import.meta.dir, '..', 'package.json'), 'utf-8')) as {