@sandagent/runner-cli 0.9.22 → 0.9.24
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bundle.mjs +17 -1
- package/package.json +3 -3
package/dist/bundle.mjs
CHANGED
|
@@ -1603,7 +1603,7 @@ function redactSecrets(text, secrets) {
|
|
|
1603
1603
|
return text;
|
|
1604
1604
|
let result = text;
|
|
1605
1605
|
const escapeRegex = (s) => s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
|
|
1606
|
-
const values = Object.values(secrets).filter((v) => v.length >=
|
|
1606
|
+
const values = Object.values(secrets).filter((v) => v.length >= 8).filter((v) => !/^\//.test(v) && !/^[A-Za-z]:[/\\]/.test(v)).sort((a, b) => b.length - a.length);
|
|
1607
1607
|
for (const v of values) {
|
|
1608
1608
|
const ev = escapeRegex(v);
|
|
1609
1609
|
result = result.replace(new RegExp(`^\\S+=.*${ev}.*$\\n?`, "gm"), "");
|
|
@@ -1618,6 +1618,10 @@ function redactResultContent(result, secrets) {
|
|
|
1618
1618
|
result.content = result.content.map((c) => c.type === "text" && typeof c.text === "string" ? { ...c, text: redactSecrets(c.text, secrets) } : c);
|
|
1619
1619
|
}
|
|
1620
1620
|
}
|
|
1621
|
+
function isEnvDumpCommand(command) {
|
|
1622
|
+
const cmd = command.replace(/\s+/g, " ").trim();
|
|
1623
|
+
return /(?:^|[|;&])\s*(?:env|printenv|export\s+-p|declare\s+-x)\b/.test(cmd);
|
|
1624
|
+
}
|
|
1621
1625
|
function buildEnvInjectedBashTool(cwd, extraEnv) {
|
|
1622
1626
|
const bashAgentTool = createBashTool(cwd, {
|
|
1623
1627
|
spawnHook: (ctx) => ({
|
|
@@ -1632,6 +1636,18 @@ function buildEnvInjectedBashTool(cwd, extraEnv) {
|
|
|
1632
1636
|
// biome-ignore lint/suspicious/noExplicitAny: TypeBox schema from pi internals
|
|
1633
1637
|
parameters: bashAgentTool.parameters,
|
|
1634
1638
|
async execute(toolCallId, params, signal, onUpdate) {
|
|
1639
|
+
const command = params.command ?? "";
|
|
1640
|
+
if (isEnvDumpCommand(command)) {
|
|
1641
|
+
return {
|
|
1642
|
+
content: [
|
|
1643
|
+
{
|
|
1644
|
+
type: "text",
|
|
1645
|
+
text: "Command blocked: printing or redirecting environment variables is not allowed."
|
|
1646
|
+
}
|
|
1647
|
+
],
|
|
1648
|
+
details: void 0
|
|
1649
|
+
};
|
|
1650
|
+
}
|
|
1635
1651
|
const result = await bashAgentTool.execute(toolCallId, params, signal, onUpdate);
|
|
1636
1652
|
redactResultContent(result, extraEnv);
|
|
1637
1653
|
return result;
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sandagent/runner-cli",
|
|
3
|
-
"version": "0.9.
|
|
3
|
+
"version": "0.9.24",
|
|
4
4
|
"description": "SandAgent Runner CLI - Like gemini-cli or claude-code, runs in your local terminal with AI SDK UI streaming",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|
|
@@ -57,8 +57,8 @@
|
|
|
57
57
|
"@sandagent/runner-claude": "0.6.2",
|
|
58
58
|
"@sandagent/runner-codex": "0.6.2",
|
|
59
59
|
"@sandagent/runner-gemini": "0.6.2",
|
|
60
|
-
"@sandagent/runner-
|
|
61
|
-
"@sandagent/runner-
|
|
60
|
+
"@sandagent/runner-opencode": "0.6.2",
|
|
61
|
+
"@sandagent/runner-pi": "0.6.4-beta.0"
|
|
62
62
|
},
|
|
63
63
|
"scripts": {
|
|
64
64
|
"build": "tsc && pnpm bundle",
|