@rallycry/conveyor-agent 7.3.2 → 7.3.3

package/dist/{chunk-WDGSLU5S.js → chunk-COJPX2QI.js}

@@ -411,6 +411,9 @@ ${q.question}${q.options.length ? "\n" + q.options.map((o) => `- ${o.label}: ${o
   triggerIdentification() {
     return this.call("triggerIdentification", { sessionId: this.config.sessionId });
   }
+  getCumulativeSpending() {
+    return this.call("getCumulativeSpending", { sessionId: this.config.sessionId });
+  }
   async refreshAuthToken() {
     const codespaceName = process.env.CODESPACE_NAME || process.env.CLAUDESPACE_NAME;
     const apiUrl = this.config.apiUrl;
@@ -4811,7 +4814,31 @@ function collectMissingProps(taskProps) {
 
 // src/execution/tool-access.ts
 var PM_PLAN_FILE_TOOLS = /* @__PURE__ */ new Set(["Write", "Edit", "MultiEdit"]);
-var DESTRUCTIVE_CMD_PATTERN = /git\s+push\s+--force(?!\s*-with-lease)|git\s+reset\s+--hard|rm\s+-rf\s+\//;
+var DESTRUCTIVE_PATTERNS = [
+  {
+    name: "git push --force (without --force-with-lease)",
+    re: /git\s+push\s+(?:-f\b|--force(?!-with-lease))/
+  },
+  { name: "git push --delete", re: /git\s+push\s+(?:-d\b|--delete\b)/ },
+  { name: "git reset --hard", re: /git\s+reset\s+--hard\b/ },
+  {
+    name: "rm -rf /",
+    re: /rm\s+(?:-[a-zA-Z]*r[a-zA-Z]*f|-[a-zA-Z]*f[a-zA-Z]*r|--recursive\s+--force)\s+\/(?!\S)/
+  },
+  { name: "sudo rm", re: /\bsudo\s+rm\b/ },
+  { name: "chmod world-writable", re: /\bchmod\s+(?:-R\s+)?[0-7]*7{2,3}\b/ },
+  { name: "dd to device", re: /\bdd\s+.*\bof=\/dev\// },
+  { name: "redirect to block device", re: />\s*\/dev\/(?:sd[a-z]|nvme\d|xvd[a-z])/ },
+  { name: "mkfs filesystem creation", re: /\bmkfs(?:\.|\s)/ },
+  { name: "shutdown/poweroff/halt/reboot", re: /\b(?:shutdown|poweroff|halt|reboot)\b/ },
+  { name: "fork bomb", re: /:\(\)\s*\{\s*:\|\s*:&\s*\}\s*;\s*:/ }
+];
+function matchesDestructive(cmd) {
+  for (const { name, re } of DESTRUCTIVE_PATTERNS) {
+    if (re.test(cmd)) return name;
+  }
+  return null;
+}
 function isPlanFile(input) {
   const filePath = String(input.file_path ?? input.path ?? "");
   return filePath.includes(".claude/plans/");
@@ -4831,10 +4858,11 @@ function handleDiscoveryToolAccess(toolName, input) {
 function handleBuildingToolAccess(toolName, input) {
   if (toolName === "Bash") {
     const cmd = String(input.command ?? "");
-    if (DESTRUCTIVE_CMD_PATTERN.test(cmd)) {
+    const matched = matchesDestructive(cmd);
+    if (matched) {
       return {
         behavior: "deny",
-        message: "Destructive operation blocked. Use safer alternatives."
+        message: `Destructive operation blocked (${matched}). Use safer alternatives.`
       };
     }
   }
@@ -5017,6 +5045,65 @@ function buildCanUseTool(host) {
   };
 }
 
+// src/execution/redactor.ts
+var REDACTED = "<redacted>";
+var BEARER_RE = /\b(Bearer\s+)[A-Za-z0-9_\-.]{20,}/g;
+var VENDOR_KEY_RE = /\b(?:sk-[a-zA-Z0-9_-]{20,}|ghp_[A-Za-z0-9]{36}|github_pat_[A-Za-z0-9_]{22,}|xoxb-[A-Za-z0-9-]+|xai-[A-Za-z0-9-]{20,})\b/g;
+var AWS_ACCESS_KEY_RE = /\bAKIA[0-9A-Z]{16}\b/g;
+var JWT_RE = /\beyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\b/g;
+var ENV_SECRET_RE = /^(\s*(?:export\s+)?([A-Z][A-Z0-9_]*(?:TOKEN|SECRET|KEY|PASSWORD|PASS|CREDENTIAL|CREDENTIALS)[A-Z0-9_]*)\s*=\s*)['"]?([^\s'"]+)['"]?/gm;
+var COOKIE_HEADER_RE = /(Cookie:\s*)[^\r\n]+/gi;
+var BASIC_AUTH_URL_RE = /(https?:\/\/)([^:@\s/]+):([^@\s]+)@/g;
+var AWS_SECRET_LINE_RE = /^.*(?:secret|aws_secret).*$/gim;
+var AWS_SECRET_VALUE_RE = /\b([A-Za-z0-9/+=]{40})\b/g;
+var SYSTEM_REMINDER_RE = /<system-reminder>[\s\S]*?<\/system-reminder>/gi;
+function redact(input) {
+  if (!input) return { output: input, redacted: 0 };
+  let count = 0;
+  let output = input;
+  output = output.replace(SYSTEM_REMINDER_RE, () => {
+    count++;
+    return "<!-- stripped injection -->";
+  });
+  output = output.replace(BEARER_RE, (_match, prefix) => {
+    count++;
+    return `${prefix}${REDACTED}`;
+  });
+  output = output.replace(VENDOR_KEY_RE, () => {
+    count++;
+    return REDACTED;
+  });
+  output = output.replace(AWS_ACCESS_KEY_RE, () => {
+    count++;
+    return REDACTED;
+  });
+  output = output.replace(JWT_RE, () => {
+    count++;
+    return REDACTED;
+  });
+  output = output.replace(
+    AWS_SECRET_LINE_RE,
+    (line) => line.replace(AWS_SECRET_VALUE_RE, (match) => {
+      if (/^[a-f0-9]+$/i.test(match)) return match;
+      count++;
+      return REDACTED;
+    })
+  );
+  output = output.replace(ENV_SECRET_RE, (_match, prefix, _key, _value) => {
+    count++;
+    return `${prefix}${REDACTED}`;
+  });
+  output = output.replace(COOKIE_HEADER_RE, (_match, prefix) => {
+    count++;
+    return `${prefix}${REDACTED}`;
+  });
+  output = output.replace(BASIC_AUTH_URL_RE, (_match, scheme, user) => {
+    count++;
+    return `${scheme}${user}:${REDACTED}@`;
+  });
+  return { output, redacted: count };
+}
+
 // src/execution/query-executor.ts
 var logger2 = createServiceLogger("QueryExecutor");
 var IMAGE_ERROR_PATTERN2 = /Could not process image/i;
@@ -5029,12 +5116,15 @@ function buildHooks(host) {
           async (input) => {
             if (host.isStopped()) return await Promise.resolve({ continue: false });
             if (input.hook_event_name === "PostToolUse") {
-              const output = typeof input.tool_response === "string" ? input.tool_response.slice(0, 500) : JSON.stringify(input.tool_response).slice(0, 500);
+              const raw = typeof input.tool_response === "string" ? input.tool_response : JSON.stringify(input.tool_response);
+              const { output: redacted, redacted: redactedCount } = redact(raw);
+              const output = redacted.slice(0, 500);
               host.connection.sendEvent({
                 type: "tool_result",
                 tool: input.tool_name,
                 output,
-                isError: false
+                isError: false,
+                ...redactedCount > 0 ? { redactedCount } : {}
               });
               host.pendingToolOutputs.push({ tool: input.tool_name, output });
               if (input.tool_name === "mcp__conveyor__create_pull_request") {
@@ -5401,6 +5491,22 @@ async function runWithRetry(initialQuery, context, host, options) {
 var CostTracker = class {
   cumulativeCostUsd = 0;
   modelUsage = /* @__PURE__ */ new Map();
+  seeded = false;
+  /**
+   * Rehydrate cumulative spend from the server so `maxBudgetUsd` enforcement
+   * accounts for costs incurred by prior agent runs on the same task. Must be
+   * called before any `addQueryCost` / `addModelUsage` — re-seeding after
+   * costs have accumulated would clobber in-process totals.
+   */
+  seed(totalCostUsd, modelUsage) {
+    if (this.seeded) return;
+    if (this.cumulativeCostUsd > 0 || this.modelUsage.size > 0) return;
+    this.cumulativeCostUsd = totalCostUsd;
+    for (const entry of modelUsage) {
+      this.modelUsage.set(entry.model, { ...entry });
+    }
+    this.seeded = true;
+  }
   /** Add cost from a completed query and return the running total */
   addQueryCost(queryCostUsd) {
     this.cumulativeCostUsd += queryCostUsd;
@@ -5591,6 +5697,10 @@ var QueryBridge = class {
   resume() {
     this._stopped = false;
   }
+  /** Rehydrate CostTracker from server-side cumulative spend on agent boot. */
+  seedCostTracker(totalCostUsd, modelUsage) {
+    this.costTracker.seed(totalCostUsd, modelUsage);
+  }
   /**
    * Execute a Claude SDK query.
    * Without followUpContent: runs initial mode execution (build/plan).
@@ -5856,6 +5966,7 @@ var SessionRunner = class _SessionRunner {
       });
     }
     this.queryBridge = this.createQueryBridge();
+    await this.seedCostTrackerFromServer();
     this.logInitialization();
     const staleMessageCount = this.pendingMessages.length;
     const didExecuteInitialQuery = await this.executeInitialMode();
@@ -6217,6 +6328,36 @@ var SessionRunner = class _SessionRunner {
       }
     });
   }
+  /**
+   * Rehydrate CostTracker from server. Caps at 3s so a slow API call never
+   * blocks agent startup — on timeout/error we fall through with a $0 tracker
+   * (the existing behavior before this rehydration path was added).
+   */
+  async seedCostTrackerFromServer() {
+    if (!this.queryBridge) return;
+    const TIMEOUT_MS = 3e3;
+    try {
+      const timeout = new Promise((resolve2) => {
+        setTimeout(() => resolve2(null), TIMEOUT_MS);
+      });
+      const fetched = await Promise.race([this.connection.getCumulativeSpending(), timeout]);
+      if (fetched) {
+        this.queryBridge.seedCostTracker(fetched.totalCostUsd, fetched.modelUsage);
+        process.stderr.write(
+          `[conveyor-agent] CostTracker seeded: $${fetched.totalCostUsd.toFixed(4)} across ${fetched.modelUsage.length} model(s)
+`
+        );
+      } else {
+        process.stderr.write(
+          "[conveyor-agent] CostTracker seed timed out after 3s \u2014 starting at $0\n"
+        );
+      }
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      process.stderr.write(`[conveyor-agent] CostTracker seed failed: ${msg} \u2014 starting at $0
+`);
+    }
+  }
   /** Proactively refresh the GitHub token before the 1-hour expiry. */
   async refreshGithubToken() {
     try {
@@ -7825,4 +7966,4 @@ export {
   loadForwardPorts,
   loadConveyorConfig
 };
-//# sourceMappingURL=chunk-WDGSLU5S.js.map
+//# sourceMappingURL=chunk-COJPX2QI.js.map