npm - @triedotdev/mcp - Versions diffs - 1.0.79 → 1.0.80 - Mend

@triedotdev/mcp 1.0.79 → 1.0.80

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (39) hide show

package/README.md CHANGED Viewed

@@ -1,4 +1,4 @@
-# Trie: Trainable AI Agent for Maintaining AI-generated Codebases
+# Trie: Trainable AI Agent for Maintaining AI-Generated Codebases
 **A trainable AI agent that watches all of your codebases, learns from your incidents, and prevents repeat bugs before they ship.**
@@ -6,7 +6,7 @@
 ## What Trie Does
-- **Central skill repository**: One place for all your skills — carry context and rules across Cursor, Claude, VS Code, CLI, and CI/CD
+- **Central skill repository**: One place for all your skills — carry context and rules across Cursor, Claude, VS Code, CLI, and CI/CD. Unlike running skills with Claude Code, Trie will check for anything malicious before you run them.
 - **Sets and tracks goals**: "Reduce login bugs by 50%" then actually measures progress and celebrates wins
 - **Tests your theories**: "Mondays have more bugs" — Trie validates with real data and builds confidence over time
 - **Learns from your incidents**: Train it on your specific patterns, not generic rules that don't fit your prompting
@@ -390,6 +390,8 @@ trie memory purge resolved
 trie memory purge old --days=90
 ```
+**What happens at the 10,000 issue cap:** Trie will deduplicate new repeats, compact older issues into summaries, and if it still exceeds the cap it will prune the oldest/lowest-value issues (it does not “overwrite” in place).
 ## Custom Skills
 ### Adding External Skills
@@ -402,6 +404,29 @@ trie skill install anthropic/typescript-patterns
 trie skill install username/repo-name
 ```
+### Security & Safe Installation
+**Trie automatically scans all skills for security risks before installation.**
+When installing skills:
+- Skills are scanned for malicious patterns
+- Critical risks flagged with strong warnings
+- High risks flagged with warnings
+- **Shell commands Trie runs are logged** to `.trie/audit/` (e.g. skill install `git clone`, PR review `git/gh`, skill gating `which/where`, file picker helpers)
+```bash
+# View audit logs
+trie audit logs
+# View security info for installed skill
+trie skills info skill-name
+```
+**Best Practices:**
+- Only install from trusted sources (verified organizations)
+- Review security warnings and all .md carefully before using
+- Check audit logs periodically: `trie audit stats` (and investigate anything unexpected with `trie audit skill <name>`)
 ### Creating Your Own Skills
 ```bash
 # Create from documentation

package/dist/{chunk-UPKBO5EM.js → chunk-432E2RYB.js} RENAMED Viewed

@@ -6,7 +6,7 @@ import {
 import {
   SlackIntegration,
   getGuardian
-} from "./chunk-RRDDAD5N.js";
+} from "./chunk-45NUFTNV.js";
 import {
   Executor,
   Triager,
@@ -16,10 +16,10 @@ import {
   getSkillsByCategory,
   isGitRepo,
   isTrieInitialized
-} from "./chunk-LNLLZQWH.js";
+} from "./chunk-KCAWTZ7P.js";
 import {
   getGuardianState
-} from "./chunk-35FAFFHE.js";
+} from "./chunk-75J4HQTD.js";
 import {
   createSkillFromFile,
   getSkillRegistry,
@@ -28,11 +28,12 @@ import {
   listInstalledSkills,
   loadContextState,
   removeGlobalSkill,
+  runShellCommand,
   updateContextAfterScan
-} from "./chunk-3RKY55HZ.js";
+} from "./chunk-LKXDJESG.js";
 import {
   findCrossProjectPatterns
-} from "./chunk-P6VLSYXN.js";
+} from "./chunk-EWIEXQES.js";
 import {
   Trie
 } from "./chunk-6NLHFIYA.js";
@@ -47,7 +48,7 @@ import {
   getMemoryStats,
   getRecentIssues,
   searchIssues
-} from "./chunk-6QKDEGWR.js";
+} from "./chunk-WGECLUDQ.js";
 import {
   getWorkingDirectory
 } from "./chunk-CM7EHNQK.js";
@@ -305,10 +306,7 @@ import { join, basename } from "path";
 import pc from "picocolors";
 // src/utils/file-picker.ts
-import { exec } from "child_process";
-import { promisify } from "util";
 import { platform } from "os";
-var execAsync = promisify(exec);
 async function openFilePicker(options = {}) {
   const os = platform();
   try {
@@ -357,10 +355,11 @@ async function openMacOSFilePicker(options) {
     return POSIX path of selectedFile
   `.trim();
   try {
-    const { stdout, stderr } = await execAsync(`osascript -e '${script.replace(/'/g, `'"'"'`)}'`, {
-      timeout: 12e4
-      // 2 minute timeout for user to select
-    });
+    const { stdout, stderr } = await runShellCommand(
+      `osascript -e '${script.replace(/'/g, `'"'"'`)}'`,
+      { actor: "internal:file-picker", triggeredBy: "manual", targetPath: getWorkingDirectory(void 0, true) },
+      { timeoutMs: 12e4, captureOutput: false }
+    );
     if (stderr && stderr.includes("User canceled")) {
       return { success: false, cancelled: true };
     }
@@ -391,7 +390,11 @@ async function openLinuxFilePicker(options) {
   ];
   for (const cmd of commands) {
     try {
-      const { stdout } = await execAsync(cmd, { timeout: 12e4 });
+      const { stdout } = await runShellCommand(
+        cmd,
+        { actor: "internal:file-picker", triggeredBy: "manual", targetPath: getWorkingDirectory(void 0, true) },
+        { timeoutMs: 12e4, captureOutput: false }
+      );
       const path = stdout.trim();
       if (path) {
         return { success: true, path };
@@ -423,9 +426,11 @@ async function openWindowsFilePicker(options) {
     }
   `.trim().replace(/\n/g, "; ");
   try {
-    const { stdout } = await execAsync(`powershell -Command "${script}"`, {
-      timeout: 12e4
-    });
+    const { stdout } = await runShellCommand(
+      `powershell -Command "${script}"`,
+      { actor: "internal:file-picker", triggeredBy: "manual", targetPath: getWorkingDirectory(void 0, true) },
+      { timeoutMs: 12e4, captureOutput: false }
+    );
     const path = stdout.trim();
     if (path) {
       return { success: true, path };
@@ -442,7 +447,11 @@ async function isFilePickerAvailable() {
       return true;
     case "linux":
       try {
-        await execAsync("which zenity || which kdialog || which yad");
+        await runShellCommand(
+          "which zenity || which kdialog || which yad",
+          { actor: "internal:file-picker", triggeredBy: "manual", targetPath: getWorkingDirectory(void 0, true) },
+          { captureOutput: false }
+        );
         return true;
       } catch {
         return false;
@@ -3382,7 +3391,7 @@ var InteractiveDashboard = class {
    */
   async measureSemanticGoalBaseline(description, workDir) {
     try {
-      const { searchIssues: searchIssues2 } = await import("./issue-store-MULGOF6B.js");
+      const { searchIssues: searchIssues2 } = await import("./issue-store-RKJVOKSJ.js");
       const issues = await searchIssues2("", {
         workDir,
         limit: 1e3,
@@ -10405,4 +10414,4 @@ export {
   InteractiveDashboard,
   TrieScanTool
 };
-//# sourceMappingURL=chunk-UPKBO5EM.js.map
+//# sourceMappingURL=chunk-432E2RYB.js.map