@trenchwork/erosolar 1.1.40 → 1.1.41

package/LICENSE

@@ -1,21 +1,21 @@
-MIT License
-
-Copyright (c) 2025 Erosolar AI
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+MIT License
+
+Copyright (c) 2025 Erosolar AI
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,225 +1,236 @@
-# Erosolar Coder
-
-[![npm version](https://img.shields.io/npm/v/@trenchwork/erosolar)](https://www.npmjs.com/package/@trenchwork/erosolar)
-
-> **First public research run — 3 hours of unattended offensive
-> security research, useful enough to submit to Google Bug Hunters.**
->
-> The first prompt I asked
-> [erosolar-coder](https://www.npmjs.com/package/@trenchwork/erosolar)
-> to run autonomously was an automated security-research pass for
-> submission to the [Google Bug Hunters](https://bughunters.google.com/)
-> program. It ran unattended for **3 continuous hours** on a CLI
-> still under initial development and produced useful offensive-
-> security research. For a starting CLI that's an amazing accomplishment.
->
-> The open-source first-prompt result is at
-> [`Aroxora/google-bug-hunters-initial-AI-research-and-offensive-research-results`](https://github.com/Aroxora/google-bug-hunters-initial-AI-research-and-offensive-research-results).
-> All subsequent research is in a separate **private** repository
-> under responsible-AI and cyber-safety guidelines, by my own AI-safety,
-> regulatory, and moral judgement. I'm open-sourcing the first prompt
-> that ran — which showed extreme promise — to share the research
-> result responsibly with others.
-
----
-
-Erosolar Coder is an AI-powered CLI agent that uses DeepSeek-V4-Pro to
-deliver coding assistance at ~30× the cost-efficiency of comparable
-agents. It is a terminal-only coding CLI — a fully Ink-rendered shell
-powered by DeepSeek-V4-Pro on your own API key (bring-your-own-key; no
-login, no account).
-
-The agent runs with the rails turned down for full-machine
-offensive-security research. Its security does **not** rest on hiding the
-source — this repo is inspired by [Project Glasswing](GLASSWING.md), an
-Anthropic initiative: the design
-is open to scrutiny, and what's protected is protected by small, rotatable
-secrets (keys in the OS keychain / secret store), not by obscurity. Under
-U.S. law, offensive-cyber tooling is a *dual-use commercial item* (Commerce
-Control List,
-[ECCN 4D004](https://www.federalregister.gov/documents/2021/10/21/2021-22774/information-security-controls-cybersecurity-items)),
-not a "defense article" on the U.S. Munitions List — so it is not a
-"weapon" in the ITAR sense. EAR controls govern *international export*;
-they do not restrict domestic development or sale to U.S. government
-agencies, and BIS's vulnerability-disclosure carve-out explicitly exempts
-ordinary security-research activity. See
-[`/about`](https://ero.solar/about) for the full disclosure and
-[`GLASSWING.md`](GLASSWING.md) for the security principle.
-
-## Install
-
-```bash
-npm install -g @trenchwork/erosolar
-```
-
-Exposes two CLIs: `deepseek`, `erosolar` (synonyms; pick the one you
-prefer).
-
-```bash
-erosolar                       # interactive shell
-erosolar -q "explain X"        # one-shot prompt
-git diff | erosolar            # pipe mode
-erosolar --key sk-...          # set DeepSeek key
-```
-
-In-shell commands: `/model`, `/secrets`, `/help`, `/clear`. See
-`/help` for the full list.
-
-## How it works (skim)
-
-```
-CLI ──Firebase ID token──▶ AWS API Gateway ─▶ AWS Lambda
- │                                              │
- ▼                                              ▼
-Firebase Hosting + Auth                    DeepSeek / Stripe / GitHub /
-+ Firestore (Spark plan)                   Tavily / Anthropic / Proton SMTP
-```
-
-Four boxes, one trust boundary (the Firebase ID token), and one
-reason this isn't all on Firebase: the original GCP account was
-suspended and the new one is on the Spark plan, which doesn't run
-Cloud Functions. Everything stateful that Spark *does* support
-(Hosting, Auth, Firestore, FCM) stayed there. Everything else moved
-to AWS — Lambda for handlers, Secrets Manager for the 14+ shared
-keys, EventBridge for cron schedules, no extra infrastructure.
-
-## Layout
-
-```
-src/                       CLI source
-  core/                    Auth, secret store, hooks, HITL, agent loop, adversarial verifier
-  runtime/                 Agent controller, session, tool runtime
-  tools/                   Read / Edit / Write / Bash / Glob / Grep / Web (Helia)
-  capabilities/            Pluggable capability modules
-  ui/                      Ink renderer (theme + ink/*) — terminal UI
-  headless/                Interactive shell + CLI bootstrap
-  contracts/               Shared schemas (agent, tools, profiles)
-agents/                    Agent rulebooks (erosolar-code.rules.json)
-test/                      jest suites (unit, integration, ink, ui-pty e2e)
-GLASSWING.md               Glasswing-inspired security principle (transparency over secrecy)
-CLAUDE.md                  Project conventions for agentic contributors
-```
-
-## Build / test
-
-```bash
-npm install                                    # deps
-npx tsc                                         # build
-npm test                                       # full jest suite
-npx jest --config jest.config.cjs --testPathPatterns "v[0-9]+\\.[0-9]+-hardening"  # hardening only
-```
-
-The hardening suite (`test/v*-hardening.test.ts`) is the canonical proof
-that closed security/correctness issues stay closed. Per the
-Glasswing-inspired "checkable by anyone" pillar, verification runs in two places:
-a local pre-push hook for fast feedback, and a public GitHub Actions
-workflow (`.github/workflows/ci.yml`) on every push and PR.
-
-## Cost
-
-Per-million tokens at list rates (May 2026, short-context tier):
-
-| Tool | Model | Input $/M | Output $/M |
-| --- | --- | --- | --- |
-| **Erosolar Coder** (now) | `deepseek-v4-pro` *75% off through 2026-05-31* | **$0.435** | **$1.74** |
-| **Erosolar Coder** (after 2026-05-31) | `deepseek-v4-pro` list | $1.74 | $3.48 |
-| Claude Code (Sonnet) | `claude-sonnet-4.6` | $3.00 | $15.00 |
-| Claude Code (Opus) | `claude-opus-4.7` | $5.00 | $25.00 |
-| OpenAI Codex CLI | `gpt-5.5` | $5.00 | $30.00 |
-| OpenAI Codex CLI (Pro) | `gpt-5.5-pro` | $30.00 | $180.00 |
-| Cursor agents | `claude-sonnet-4.6` | $3.00 | $15.00 |
-| Gemini CLI | `gemini-3.1-pro` | $2.00 | $12.00 |
-| Grok CLI | `grok-4.3` | $1.25 | $2.50 |
-
-DeepSeek's 75%-off promotional rate applies until **2026-05-31
-15:59 UTC**. After that, the list price ($1.74 / $3.48) takes over
-— still well under every Claude / OpenAI / Cursor option, and
-within Grok's range. Long-context surcharges (prompts > 200k
-tokens): `gpt-5.5` doubles to $10 / $45; `gpt-5.5-pro` doubles to
-$60 / $270; `gemini-3.1-pro` goes to $4 / $18. Cache-write /
-cache-hit reductions on Claude (`$0.50` / MTok cache hit on Opus
-4.7, `$10` / MTok 1h cache write) and on `gpt-5.5` (cached input
-$0.50–$1.00 / MTok depending on context tier) further close the
-gap on those vendors at the cost of operational complexity.
-DeepSeek-V4-Pro has no cache tier — list price is the price.
-
-A representative coding session (~150k input + 30k output, all
-short-context) costs:
-
-| Tool | Cost | vs. Erosolar (now) |
-| --- | --- | --- |
-| **Erosolar Coder** — promo through 2026-05-31 | **~$0.09** | — |
-| **Erosolar Coder** — list (post-2026-05-31) | ~$0.37 | 4.0× |
-| Grok CLI (`grok-4.3`) | ~$0.26 | 2.9× |
-| Gemini CLI (`gemini-3.1-pro`) | ~$0.66 | 7.2× |
-| Claude Code (Sonnet 4.6) | ~$0.90 | 9.8× |
-| Claude Code (Opus 4.7) | ~$1.50 | 16× |
-| OpenAI Codex CLI (`gpt-5.5`) | ~$1.65 | 18× |
-| OpenAI Codex CLI (`gpt-5.5-pro`) | ~$9.90 | 108× |
-
-DeepSeek-V4-Pro performs in the same SWE-bench Verified band as
-Sonnet 4.6 on most coding benchmarks, so the ~10× cost gap (today)
-is real delivered savings, not a quality concession. After the
-promotional period the gap narrows to ~2.4× vs. Sonnet — still a
-material saving, but Grok 4.3 will be the cheapest cell on the
-table at that point and worth a side-by-side eval.
-
-## Authorization scope
-
-Erosolar Coder ships with the rails turned down for security
-research, red-team, and infrastructure automation that mainstream
-agents refuse to help with — destructive shell commands, sudo,
-credential testing, exploit scaffolding. Use it on systems you own
-or are explicitly authorized to test. The CLI logs the authorization
-scope before running offensive tooling — read it.
-
-## Surface
-
-- **Terminal CLI** — `npm install -g @trenchwork/erosolar`,
-  then `erosolar`. A fully Ink-rendered coding shell — the one surface.
-
-Bring your own DeepSeek API key — `erosolar --key sk-...`, `/secrets`, or the
-`DEEPSEEK_API_KEY` env var. No login, no account. Web tasks the agent needs
-are handled in-CLI by the `Helia` web tool (search / fetch / extract), not a
-separate browser.
-
-## Contributing
-
-Read `CLAUDE.md` first — it documents the testing discipline and the
-"research before custom code" rules this repo enforces. Every fix
-must ship with a test that fails before and passes after.
-
-Test gate is **local, not CI**. Install the pre-push hook once per
-checkout — it runs `npm test` before every `git push` so a broken
-build never reaches origin:
-
-```bash
-git config core.hooksPath scripts/git-hooks
-```
-
-Bypass in an emergency with `git push --no-verify`. The previous
-`.github/workflows/hardening.yml` workflow was deleted because the
-repo is private + solo and GH Actions runs were burning free-tier
-minutes + sending failure emails to cover what `npm test` already
-covers locally.
-
-## Contact
-
-Bo Shang — building Ero.Solar.
-
-- Email: [bo@ero.solar](mailto:bo@ero.solar)
-- Phone: [+1 508-260-0326](tel:+15082600326)
-- GitHub: [@Aroxora](https://github.com/Aroxora)
-- LinkedIn: [linkedin.com/in/bo-shang-04923b3a6](https://www.linkedin.com/in/bo-shang-04923b3a6/)
-- X: [@erolunar](https://x.com/erolunar)
-- YouTube: [@erosolarai](https://www.youtube.com/@erosolarai)
-
-## License
-
-MIT
-
----
-
-erosolar-coder is an independent project and is not affiliated with or endorsed
-by Anthropic. Project Glasswing is an Anthropic initiative; this repo is only
-inspired by it.
+# Erosolar Coder
+
+[![npm version](https://img.shields.io/npm/v/@trenchwork/erosolar)](https://www.npmjs.com/package/@trenchwork/erosolar)
+
+> **First public research run — 3 hours of unattended offensive
+> security research, useful enough to submit to Google Bug Hunters.**
+>
+> The first prompt I asked
+> [erosolar-coder](https://www.npmjs.com/package/@trenchwork/erosolar)
+> to run autonomously was an automated security-research pass for
+> submission to the [Google Bug Hunters](https://bughunters.google.com/)
+> program. It ran unattended for **3 continuous hours** on a CLI
+> still under initial development and produced useful offensive-
+> security research. For a starting CLI that's an amazing accomplishment.
+>
+> The open-source first-prompt result is at
+> [`Aroxora/google-bug-hunters-initial-AI-research-and-offensive-research-results`](https://github.com/Aroxora/google-bug-hunters-initial-AI-research-and-offensive-research-results).
+> All subsequent research is in a separate **private** repository
+> under responsible-AI and cyber-safety guidelines, by my own AI-safety,
+> regulatory, and moral judgement. I'm open-sourcing the first prompt
+> that ran — which showed extreme promise — to share the research
+> result responsibly with others.
+
+---
+
+Erosolar Coder is an AI-powered CLI agent that uses DeepSeek-V4-Pro to
+deliver coding assistance at ~30× the cost-efficiency of comparable
+agents. It is a terminal-only coding CLI — a fully Ink-rendered shell
+powered by DeepSeek-V4-Pro on your own API key (bring-your-own-key; no
+login, no account).
+
+The agent runs with the rails turned down for full-machine
+offensive-security research. Its security does **not** rest on hiding the
+source — this repo is inspired by [Project Glasswing](GLASSWING.md), an
+Anthropic initiative: the design
+is open to scrutiny, and what's protected is protected by small, rotatable
+secrets (keys in the OS keychain / secret store), not by obscurity. Under
+U.S. law, offensive-cyber tooling is a *dual-use commercial item* (Commerce
+Control List,
+[ECCN 4D004](https://www.federalregister.gov/documents/2021/10/21/2021-22774/information-security-controls-cybersecurity-items)),
+not a "defense article" on the U.S. Munitions List — so it is not a
+"weapon" in the ITAR sense. EAR controls govern *international export*;
+they do not restrict domestic development or sale to U.S. government
+agencies, and BIS's vulnerability-disclosure carve-out explicitly exempts
+ordinary security-research activity. See
+[`/about`](https://ero.solar/about) for the full disclosure and
+[`GLASSWING.md`](GLASSWING.md) for the security principle.
+
+## Install
+
+```bash
+npm install -g @trenchwork/erosolar
+```
+
+Exposes three synonyms on PATH: `erosolar`, `erosolar-coder`,
+`deepseek`. Pick whichever you prefer.
+
+The bin is **interactive-only**. Running it launches the Ink-rendered
+shell — there are no argv flags, no print/headless mode, no initial
+prompt argument. Anything after the command name is ignored.
+
+```bash
+erosolar           # launch the Ink shell
+```
+
+Set your DeepSeek key once, then run `erosolar`:
+
+- In-shell: `/key sk-...` (or `/secrets` for a menu)
+- Or via env: `export DEEPSEEK_API_KEY=sk-...`
+
+In-shell commands: `/model`, `/key`, `/secrets`, `/auto`,
+`/adversarial`, `/ultracode`, `/stats`, `/debug`, `/keys`, `/clear`,
+`/exit`. Run `/help` in the shell for the full list.
+
+A non-TTY invocation (`erosolar < /dev/null`, `git diff | erosolar`,
+CI without a PTY) fails fast with a clear message — there is no
+scriptable path on purpose. If you want one, file an issue.
+
+## How it works (skim)
+
+```
+CLI ──Firebase ID token──▶ AWS API Gateway ─▶ AWS Lambda
+ │                                              │
+ ▼                                              ▼
+Firebase Hosting + Auth                    DeepSeek / Stripe / GitHub /
++ Firestore (Spark plan)                   Tavily / Anthropic / Proton SMTP
+```
+
+Four boxes, one trust boundary (the Firebase ID token), and one
+reason this isn't all on Firebase: the original GCP account was
+suspended and the new one is on the Spark plan, which doesn't run
+Cloud Functions. Everything stateful that Spark *does* support
+(Hosting, Auth, Firestore, FCM) stayed there. Everything else moved
+to AWS — Lambda for handlers, Secrets Manager for the 14+ shared
+keys, EventBridge for cron schedules, no extra infrastructure.
+
+## Layout
+
+```
+src/                       CLI source
+  core/                    Auth, secret store, hooks, HITL, agent loop, adversarial verifier
+  runtime/                 Agent controller, session, tool runtime
+  tools/                   Read / Edit / Write / Bash / Glob / Grep / Web (Helia)
+  capabilities/            Pluggable capability modules
+  ui/                      Ink renderer (theme + ink/*) — terminal UI
+  headless/                Interactive shell + CLI bootstrap
+  contracts/               Shared schemas (agent, tools, profiles)
+agents/                    Agent rulebooks (erosolar-code.rules.json)
+test/                      jest suites (unit, integration, ink, ui-pty e2e)
+GLASSWING.md               Glasswing-inspired security principle (transparency over secrecy)
+CLAUDE.md                  Project conventions for agentic contributors
+```
+
+## Build / test
+
+```bash
+npm install                                    # deps
+npx tsc                                         # build
+npm test                                       # full jest suite
+npx jest --config jest.config.cjs --testPathPatterns "v[0-9]+\\.[0-9]+-hardening"  # hardening only
+```
+
+The hardening suite (`test/v*-hardening.test.ts`) is the canonical proof
+that closed security/correctness issues stay closed. Per the
+Glasswing-inspired "checkable by anyone" pillar, verification runs in two places:
+a local pre-push hook for fast feedback, and a public GitHub Actions
+workflow (`.github/workflows/ci.yml`) on every push and PR.
+
+## Cost
+
+Per-million tokens at list rates (May 2026, short-context tier):
+
+| Tool | Model | Input $/M | Output $/M |
+| --- | --- | --- | --- |
+| **Erosolar Coder** (now) | `deepseek-v4-pro` *75% off through 2026-05-31* | **$0.435** | **$1.74** |
+| **Erosolar Coder** (after 2026-05-31) | `deepseek-v4-pro` list | $1.74 | $3.48 |
+| Claude Code (Sonnet) | `claude-sonnet-4.6` | $3.00 | $15.00 |
+| Claude Code (Opus) | `claude-opus-4.7` | $5.00 | $25.00 |
+| OpenAI Codex CLI | `gpt-5.5` | $5.00 | $30.00 |
+| OpenAI Codex CLI (Pro) | `gpt-5.5-pro` | $30.00 | $180.00 |
+| Cursor agents | `claude-sonnet-4.6` | $3.00 | $15.00 |
+| Gemini CLI | `gemini-3.1-pro` | $2.00 | $12.00 |
+| Grok CLI | `grok-4.3` | $1.25 | $2.50 |
+
+DeepSeek's 75%-off promotional rate applies until **2026-05-31
+15:59 UTC**. After that, the list price ($1.74 / $3.48) takes over
+— still well under every Claude / OpenAI / Cursor option, and
+within Grok's range. Long-context surcharges (prompts > 200k
+tokens): `gpt-5.5` doubles to $10 / $45; `gpt-5.5-pro` doubles to
+$60 / $270; `gemini-3.1-pro` goes to $4 / $18. Cache-write /
+cache-hit reductions on Claude (`$0.50` / MTok cache hit on Opus
+4.7, `$10` / MTok 1h cache write) and on `gpt-5.5` (cached input
+$0.50–$1.00 / MTok depending on context tier) further close the
+gap on those vendors at the cost of operational complexity.
+DeepSeek-V4-Pro has no cache tier — list price is the price.
+
+A representative coding session (~150k input + 30k output, all
+short-context) costs:
+
+| Tool | Cost | vs. Erosolar (now) |
+| --- | --- | --- |
+| **Erosolar Coder** — promo through 2026-05-31 | **~$0.09** | — |
+| **Erosolar Coder** — list (post-2026-05-31) | ~$0.37 | 4.0× |
+| Grok CLI (`grok-4.3`) | ~$0.26 | 2.9× |
+| Gemini CLI (`gemini-3.1-pro`) | ~$0.66 | 7.2× |
+| Claude Code (Sonnet 4.6) | ~$0.90 | 9.8× |
+| Claude Code (Opus 4.7) | ~$1.50 | 16× |
+| OpenAI Codex CLI (`gpt-5.5`) | ~$1.65 | 18× |
+| OpenAI Codex CLI (`gpt-5.5-pro`) | ~$9.90 | 108× |
+
+DeepSeek-V4-Pro performs in the same SWE-bench Verified band as
+Sonnet 4.6 on most coding benchmarks, so the ~10× cost gap (today)
+is real delivered savings, not a quality concession. After the
+promotional period the gap narrows to ~2.4× vs. Sonnet — still a
+material saving, but Grok 4.3 will be the cheapest cell on the
+table at that point and worth a side-by-side eval.
+
+## Authorization scope
+
+Erosolar Coder ships with the rails turned down for security
+research, red-team, and infrastructure automation that mainstream
+agents refuse to help with — destructive shell commands, sudo,
+credential testing, exploit scaffolding. Use it on systems you own
+or are explicitly authorized to test. The CLI logs the authorization
+scope before running offensive tooling — read it.
+
+## Surface
+
+- **Terminal CLI** — `npm install -g @trenchwork/erosolar`,
+  then `erosolar`. A fully Ink-rendered coding shell — the one surface.
+
+Bring your own DeepSeek API key — set it in-shell via `/key sk-...` or
+`/secrets`, or out-of-band via the `DEEPSEEK_API_KEY` env var. No login,
+no account. Web tasks the agent needs are handled in-CLI by the `Helia`
+web tool (search / fetch / extract), not a separate browser.
+
+## Contributing
+
+Read `CLAUDE.md` first — it documents the testing discipline and the
+"research before custom code" rules this repo enforces. Every fix
+must ship with a test that fails before and passes after.
+
+Test gate is **local, not CI**. Install the pre-push hook once per
+checkout — it runs `npm test` before every `git push` so a broken
+build never reaches origin:
+
+```bash
+git config core.hooksPath scripts/git-hooks
+```
+
+Bypass in an emergency with `git push --no-verify`. The previous
+`.github/workflows/hardening.yml` workflow was deleted because the
+repo is private + solo and GH Actions runs were burning free-tier
+minutes + sending failure emails to cover what `npm test` already
+covers locally.
+
+## Contact
+
+Bo Shang — building Ero.Solar.
+
+- Email: [bo@ero.solar](mailto:bo@ero.solar)
+- Phone: [+1 508-260-0326](tel:+15082600326)
+- GitHub: [@Aroxora](https://github.com/Aroxora)
+- LinkedIn: [linkedin.com/in/bo-shang-04923b3a6](https://www.linkedin.com/in/bo-shang-04923b3a6/)
+- X: [@erolunar](https://x.com/erolunar)
+- YouTube: [@erosolarai](https://www.youtube.com/@erosolarai)
+
+## License
+
+MIT
+
+---
+
+erosolar-coder is an independent project and is not affiliated with or endorsed
+by Anthropic. Project Glasswing is an Anthropic initiative; this repo is only
+inspired by it.