@synergenius/flow-weaver 0.25.2 → 0.26.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/agent/cli-spawn-config.d.ts +40 -0
- package/dist/agent/cli-spawn-config.js +65 -0
- package/dist/agent/index.d.ts +1 -0
- package/dist/agent/index.js +2 -0
- package/dist/cli/flow-weaver.mjs +2 -2
- package/dist/generated-version.d.ts +1 -1
- package/dist/generated-version.js +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Centralized CLI spawn configuration — single source of truth for all
|
|
3
|
+
* Claude CLI invocations in automation contexts.
|
|
4
|
+
*
|
|
5
|
+
* RULE: Every automated CLI spawn MUST use getCliBaseArgs() or getCliSessionConfig().
|
|
6
|
+
* Never construct CLI args manually. This ensures:
|
|
7
|
+
* - --tools "" (disable all built-in tools)
|
|
8
|
+
* - --strict-mcp-config (prevent user MCP server leakage)
|
|
9
|
+
* - --dangerously-skip-permissions (no permission prompts in automation)
|
|
10
|
+
*
|
|
11
|
+
* Interactive user sessions (e.g., fw init) are exempt — they're the user's
|
|
12
|
+
* own Claude session, not automated workers.
|
|
13
|
+
*/
|
|
14
|
+
import type { CliSessionOptions } from './types.js';
|
|
15
|
+
/**
|
|
16
|
+
* Base CLI args for ALL automated Claude CLI invocations (one-shot and session).
|
|
17
|
+
* Enforces tool isolation and MCP lockdown.
|
|
18
|
+
*/
|
|
19
|
+
export declare function getCliBaseArgs(options?: {
|
|
20
|
+
model?: string;
|
|
21
|
+
systemPrompt?: string;
|
|
22
|
+
appendSystemPrompt?: string;
|
|
23
|
+
outputFormat?: 'stream-json' | 'json' | 'text';
|
|
24
|
+
includePartialMessages?: boolean;
|
|
25
|
+
jsonSchema?: string;
|
|
26
|
+
}): string[];
|
|
27
|
+
/**
|
|
28
|
+
* CLI session options for persistent sessions.
|
|
29
|
+
* Merges caller options with mandatory lockdown config.
|
|
30
|
+
*/
|
|
31
|
+
export declare function getCliSessionConfig(options: {
|
|
32
|
+
binPath?: string;
|
|
33
|
+
cwd: string;
|
|
34
|
+
model: string;
|
|
35
|
+
mcpConfigPath?: string;
|
|
36
|
+
disallowedTools?: string[];
|
|
37
|
+
appendSystemPrompt?: string;
|
|
38
|
+
systemPrompt?: string;
|
|
39
|
+
}): CliSessionOptions;
|
|
40
|
+
//# sourceMappingURL=cli-spawn-config.d.ts.map
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Centralized CLI spawn configuration — single source of truth for all
|
|
3
|
+
* Claude CLI invocations in automation contexts.
|
|
4
|
+
*
|
|
5
|
+
* RULE: Every automated CLI spawn MUST use getCliBaseArgs() or getCliSessionConfig().
|
|
6
|
+
* Never construct CLI args manually. This ensures:
|
|
7
|
+
* - --tools "" (disable all built-in tools)
|
|
8
|
+
* - --strict-mcp-config (prevent user MCP server leakage)
|
|
9
|
+
* - --dangerously-skip-permissions (no permission prompts in automation)
|
|
10
|
+
*
|
|
11
|
+
* Interactive user sessions (e.g., fw init) are exempt — they're the user's
|
|
12
|
+
* own Claude session, not automated workers.
|
|
13
|
+
*/
|
|
14
|
+
/**
|
|
15
|
+
* Base CLI args for ALL automated Claude CLI invocations (one-shot and session).
|
|
16
|
+
* Enforces tool isolation and MCP lockdown.
|
|
17
|
+
*/
|
|
18
|
+
export function getCliBaseArgs(options) {
|
|
19
|
+
const args = [
|
|
20
|
+
'-p',
|
|
21
|
+
'--dangerously-skip-permissions',
|
|
22
|
+
// Disable ALL built-in tools — only pack/MCP tools visible to model
|
|
23
|
+
'--tools', '',
|
|
24
|
+
// Prevent user/project MCP servers from leaking into sessions
|
|
25
|
+
'--strict-mcp-config',
|
|
26
|
+
];
|
|
27
|
+
if (options?.outputFormat) {
|
|
28
|
+
args.push('--output-format', options.outputFormat);
|
|
29
|
+
}
|
|
30
|
+
if (options?.includePartialMessages) {
|
|
31
|
+
args.push('--include-partial-messages');
|
|
32
|
+
}
|
|
33
|
+
if (options?.model) {
|
|
34
|
+
args.push('--model', options.model);
|
|
35
|
+
}
|
|
36
|
+
if (options?.systemPrompt) {
|
|
37
|
+
args.push('--system-prompt', options.systemPrompt);
|
|
38
|
+
}
|
|
39
|
+
if (options?.appendSystemPrompt) {
|
|
40
|
+
args.push('--append-system-prompt', options.appendSystemPrompt);
|
|
41
|
+
}
|
|
42
|
+
if (options?.jsonSchema) {
|
|
43
|
+
args.push('--json-schema', options.jsonSchema);
|
|
44
|
+
}
|
|
45
|
+
return args;
|
|
46
|
+
}
|
|
47
|
+
/**
|
|
48
|
+
* CLI session options for persistent sessions.
|
|
49
|
+
* Merges caller options with mandatory lockdown config.
|
|
50
|
+
*/
|
|
51
|
+
export function getCliSessionConfig(options) {
|
|
52
|
+
return {
|
|
53
|
+
binPath: options.binPath ?? 'claude',
|
|
54
|
+
cwd: options.cwd,
|
|
55
|
+
model: options.model,
|
|
56
|
+
mcpConfigPath: options.mcpConfigPath,
|
|
57
|
+
disallowedTools: options.disallowedTools,
|
|
58
|
+
// Mandatory lockdown — cannot be overridden by callers
|
|
59
|
+
tools: '',
|
|
60
|
+
strictMcpConfig: true,
|
|
61
|
+
appendSystemPrompt: options.appendSystemPrompt,
|
|
62
|
+
systemPrompt: options.systemPrompt,
|
|
63
|
+
};
|
|
64
|
+
}
|
|
65
|
+
//# sourceMappingURL=cli-spawn-config.js.map
|
package/dist/agent/index.d.ts
CHANGED
|
@@ -16,6 +16,7 @@ export { PlatformProvider, createPlatformProvider } from './providers/platform.j
|
|
|
16
16
|
export type { PlatformProviderOptions } from './providers/platform.js';
|
|
17
17
|
export { createMcpBridge } from './mcp-bridge.js';
|
|
18
18
|
export { CliSession, getOrCreateCliSession, killCliSession, killAllCliSessions, } from './cli-session.js';
|
|
19
|
+
export { getCliBaseArgs, getCliSessionConfig } from './cli-spawn-config.js';
|
|
19
20
|
export { buildSafeEnv, buildSafeSpawnOpts, MINIMAL_PATH, ENV_ALLOWLIST } from './env-allowlist.js';
|
|
20
21
|
export { StreamJsonParser } from './streaming.js';
|
|
21
22
|
export { DeviceConnection } from './device-connection.js';
|
package/dist/agent/index.js
CHANGED
|
@@ -17,6 +17,8 @@ export { PlatformProvider, createPlatformProvider } from './providers/platform.j
|
|
|
17
17
|
export { createMcpBridge } from './mcp-bridge.js';
|
|
18
18
|
// CLI session (warm persistent sessions)
|
|
19
19
|
export { CliSession, getOrCreateCliSession, killCliSession, killAllCliSessions, } from './cli-session.js';
|
|
20
|
+
// CLI spawn configuration (centralized lockdown for automated sessions)
|
|
21
|
+
export { getCliBaseArgs, getCliSessionConfig } from './cli-spawn-config.js';
|
|
20
22
|
// Env utilities
|
|
21
23
|
export { buildSafeEnv, buildSafeSpawnOpts, MINIMAL_PATH, ENV_ALLOWLIST } from './env-allowlist.js';
|
|
22
24
|
// Stream parser (for custom providers)
|
package/dist/cli/flow-weaver.mjs
CHANGED
|
@@ -9886,7 +9886,7 @@ var VERSION;
|
|
|
9886
9886
|
var init_generated_version = __esm({
|
|
9887
9887
|
"src/generated-version.ts"() {
|
|
9888
9888
|
"use strict";
|
|
9889
|
-
VERSION = "0.
|
|
9889
|
+
VERSION = "0.26.0";
|
|
9890
9890
|
}
|
|
9891
9891
|
});
|
|
9892
9892
|
|
|
@@ -95973,7 +95973,7 @@ function parseIntStrict(value) {
|
|
|
95973
95973
|
// src/cli/index.ts
|
|
95974
95974
|
init_logger();
|
|
95975
95975
|
init_error_utils();
|
|
95976
|
-
var version2 = true ? "0.
|
|
95976
|
+
var version2 = true ? "0.26.0" : "0.0.0-dev";
|
|
95977
95977
|
var program2 = new Command();
|
|
95978
95978
|
program2.name("fw").description("Flow Weaver Annotations - Compile and validate workflow files").option("-v, --version", "Output the current version").option("--no-color", "Disable colors").option("--color", "Force colors").on("option:version", () => {
|
|
95979
95979
|
logger.banner(version2);
|
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export declare const VERSION = "0.
|
|
1
|
+
export declare const VERSION = "0.26.0";
|
|
2
2
|
//# sourceMappingURL=generated-version.d.ts.map
|
package/package.json
CHANGED