@vellumai/assistant 0.6.4 → 0.6.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.prettierignore +5 -0
- package/ARCHITECTURE.md +32 -36
- package/Dockerfile +12 -0
- package/README.md +3 -4
- package/bun.lock +8 -3
- package/docs/architecture/integrations.md +1 -20
- package/docs/architecture/security.md +16 -16
- package/docs/error-handling.md +111 -0
- package/docs/skills.md +10 -10
- package/docs/stt-provider-onboarding.md +2 -1
- package/knip.json +9 -2
- package/node_modules/@vellumai/ces-contracts/package.json +2 -1
- package/node_modules/@vellumai/ces-contracts/src/__tests__/trust-rules.test.ts +471 -0
- package/node_modules/@vellumai/ces-contracts/src/trust-rules.ts +398 -4
- package/node_modules/@vellumai/credential-storage/bun.lock +2 -2
- package/node_modules/@vellumai/credential-storage/package.json +2 -2
- package/node_modules/@vellumai/credential-storage/src/oauth-runtime.ts +20 -2
- package/node_modules/@vellumai/egress-proxy/bun.lock +2 -2
- package/node_modules/@vellumai/egress-proxy/package.json +2 -2
- package/openapi.yaml +123 -11
- package/package.json +6 -3
- package/scripts/generate-openapi.ts +50 -11
- package/src/__tests__/agent-loop-callsite-precedence.test.ts +318 -0
- package/src/__tests__/agent-loop-sentry-hygiene.test.ts +137 -0
- package/src/__tests__/agent-loop.test.ts +112 -1
- package/src/__tests__/anthropic-error-formatting.test.ts +98 -0
- package/src/__tests__/anthropic-provider.test.ts +171 -2
- package/src/__tests__/approval-cascade.test.ts +31 -10
- package/src/__tests__/approval-routes-http.test.ts +134 -10
- package/src/__tests__/assistant-attachments.test.ts +44 -0
- package/src/__tests__/assistant-feature-flags-integration.test.ts +29 -0
- package/src/__tests__/browser-fill-credential.test.ts +1 -1
- package/src/__tests__/browser-identifier-parity-guard.test.ts +53 -0
- package/src/__tests__/browser-skill-baseline-tool-payload.test.ts +23 -33
- package/src/__tests__/browser-skill-endstate.test.ts +51 -182
- package/src/__tests__/btw-routes.test.ts +47 -1
- package/src/__tests__/call-controller.test.ts +1 -2
- package/src/__tests__/call-site-routing-provider.test.ts +214 -0
- package/src/__tests__/catalog-cache.test.ts +27 -4
- package/src/__tests__/channel-approval-routes.test.ts +4 -4
- package/src/__tests__/channel-reply-delivery.test.ts +300 -2
- package/src/__tests__/checker.test.ts +428 -501
- package/src/__tests__/cli-command-risk-guard.test.ts +30 -33
- package/src/__tests__/compaction-circuit-breaker.test.ts +336 -0
- package/src/__tests__/compaction.benchmark.test.ts +1 -1
- package/src/__tests__/config-analysis.test.ts +11 -28
- package/src/__tests__/config-loader-backfill.test.ts +174 -0
- package/src/__tests__/config-loader-corrupt.test.ts +183 -0
- package/src/__tests__/config-loader-quarantine-bulletin.test.ts +202 -0
- package/src/__tests__/config-schema-cmd.test.ts +11 -5
- package/src/__tests__/config-schema.test.ts +427 -114
- package/src/__tests__/config-watcher.test.ts +2 -2
- package/src/__tests__/contact-store-user-file.test.ts +72 -73
- package/src/__tests__/contacts-write.test.ts +4 -4
- package/src/__tests__/context-token-estimator.test.ts +191 -1
- package/src/__tests__/context-window-manager.test.ts +530 -2
- package/src/__tests__/conversation-abort-tool-results.test.ts +30 -16
- package/src/__tests__/conversation-agent-loop-overflow.test.ts +61 -17
- package/src/__tests__/conversation-agent-loop.test.ts +412 -82
- package/src/__tests__/conversation-attachments.test.ts +1 -1
- package/src/__tests__/conversation-confirmation-signals.test.ts +30 -9
- package/src/__tests__/conversation-error.test.ts +37 -6
- package/src/__tests__/conversation-history-web-search.test.ts +6 -0
- package/src/__tests__/conversation-init.benchmark.test.ts +36 -0
- package/src/__tests__/conversation-lifecycle.test.ts +336 -0
- package/src/__tests__/conversation-load-history-repair.test.ts +27 -10
- package/src/__tests__/conversation-pre-run-repair.test.ts +30 -16
- package/src/__tests__/conversation-process-callsite.test.ts +306 -0
- package/src/__tests__/conversation-provider-retry-repair.test.ts +30 -16
- package/src/__tests__/conversation-queue.test.ts +41 -26
- package/src/__tests__/conversation-routes-disk-view.test.ts +29 -1
- package/src/__tests__/conversation-routes-slash-commands.test.ts +31 -3
- package/src/__tests__/conversation-runtime-assembly.test.ts +2735 -55
- package/src/__tests__/conversation-runtime-workspace.test.ts +12 -12
- package/src/__tests__/conversation-skill-tools.test.ts +12 -146
- package/src/__tests__/conversation-slash-queue.test.ts +34 -19
- package/src/__tests__/conversation-slash-unknown.test.ts +30 -16
- package/src/__tests__/conversation-speed-override.test.ts +30 -11
- package/src/__tests__/conversation-surfaces-standalone-payloads.test.ts +1035 -0
- package/src/__tests__/conversation-surfaces-standalone.test.ts +630 -0
- package/src/__tests__/conversation-title-service.test.ts +2 -2
- package/src/__tests__/conversation-tool-setup-batch-authorized.test.ts +1 -1
- package/src/__tests__/conversation-unread-route.test.ts +2 -2
- package/src/__tests__/conversation-usage.test.ts +3 -1
- package/src/__tests__/conversation-workspace-cache-state.test.ts +31 -10
- package/src/__tests__/conversation-workspace-injection.test.ts +43 -15
- package/src/__tests__/conversation-workspace-tool-tracking.test.ts +44 -16
- package/src/__tests__/credential-broker-browser-fill.test.ts +110 -0
- package/src/__tests__/credential-security-invariants.test.ts +3 -0
- package/src/__tests__/credential-storage-oauth-compat.test.ts +18 -0
- package/src/__tests__/credential-storage-static-compat.test.ts +28 -0
- package/src/__tests__/credential-vault-unit.test.ts +135 -19
- package/src/__tests__/credentials-cli.test.ts +1 -9
- package/src/__tests__/cross-provider-web-search.test.ts +84 -0
- package/src/__tests__/daemon-server-persist-and-process-callsite.test.ts +92 -0
- package/src/__tests__/delete-propagation.test.ts +437 -0
- package/src/__tests__/dm-backfill.test.ts +417 -0
- package/src/__tests__/dm-persistence.test.ts +227 -0
- package/src/__tests__/edit-propagation.test.ts +280 -0
- package/src/__tests__/ephemeral-permissions.test.ts +93 -3
- package/src/__tests__/estimator-calibration-integration.test.ts +208 -0
- package/src/__tests__/estimator-calibration.test.ts +213 -0
- package/src/__tests__/extension-id-sync-guard.test.ts +26 -7
- package/src/__tests__/file-write-tool.test.ts +151 -1
- package/src/__tests__/filing-service.test.ts +255 -0
- package/src/__tests__/gemini-provider.test.ts +0 -3
- package/src/__tests__/guardian-grant-minting.test.ts +8 -0
- package/src/__tests__/headless-browser-interactions.test.ts +1 -1
- package/src/__tests__/heartbeat-service.test.ts +96 -15
- package/src/__tests__/host-shell-tool.test.ts +124 -18
- package/src/__tests__/http-user-message-parity.test.ts +29 -1
- package/src/__tests__/inbound-slack-persistence.test.ts +340 -0
- package/src/__tests__/intent-routing.test.ts +1 -40
- package/src/__tests__/llm-catalog-parity.test.ts +174 -0
- package/src/__tests__/llm-context-normalization.test.ts +121 -0
- package/src/__tests__/llm-resolver.test.ts +214 -0
- package/src/__tests__/llm-schema.test.ts +223 -0
- package/src/__tests__/managed-proxy-context.test.ts +6 -2
- package/src/__tests__/messaging-skill-split.test.ts +3 -34
- package/src/__tests__/migration-import-from-url.test.ts +684 -0
- package/src/__tests__/model-intents.test.ts +9 -83
- package/src/__tests__/notification-decision-fallback.test.ts +0 -10
- package/src/__tests__/notification-decision-identity.test.ts +0 -9
- package/src/__tests__/notification-decision-recipient-context.test.ts +0 -9
- package/src/__tests__/oauth-store.test.ts +10 -7
- package/src/__tests__/oauth2-gateway-transport.test.ts +8 -3
- package/src/__tests__/oauth2-refresh-retry.test.ts +279 -0
- package/src/__tests__/openai-provider.test.ts +7 -0
- package/src/__tests__/openai-responses-provider.test.ts +396 -0
- package/src/__tests__/openrouter-provider-only.test.ts +135 -0
- package/src/__tests__/outbound-slack-persistence.test.ts +293 -0
- package/src/__tests__/permission-checker-host-gate.test.ts +1 -1
- package/src/__tests__/permission-mode.test.ts +16 -0
- package/src/__tests__/permission-types.test.ts +0 -1
- package/src/__tests__/persona-resolver.test.ts +13 -13
- package/src/__tests__/pkb-autoinject.test.ts +37 -1
- package/src/__tests__/platform-bash-auto-approve.test.ts +1 -1
- package/src/__tests__/pricing.test.ts +50 -3
- package/src/__tests__/profiler-routes.test.ts +1 -1
- package/src/__tests__/provider-commit-message-generator.test.ts +14 -84
- package/src/__tests__/provider-env-vars-scope.test.ts +52 -0
- package/src/__tests__/provider-error-scenarios.test.ts +135 -6
- package/src/__tests__/provider-managed-proxy-integration.test.ts +42 -11
- package/src/__tests__/provider-registry-ollama.test.ts +1 -2
- package/src/__tests__/proxy-approval-callback.test.ts +0 -1
- package/src/__tests__/reaction-persistence.test.ts +560 -0
- package/src/__tests__/relay-server.test.ts +1 -1
- package/src/__tests__/require-fresh-approval.test.ts +1 -1
- package/src/__tests__/retry-openrouter-only-normalization.test.ts +136 -0
- package/src/__tests__/retry-thinking-tool-choice.test.ts +226 -0
- package/src/__tests__/risk-classifier-parity.test.ts +230 -0
- package/src/__tests__/sanitize-config-for-transfer.test.ts +78 -1
- package/src/__tests__/secret-ingress-http.test.ts +28 -0
- package/src/__tests__/secret-prompter-channel-fallback.test.ts +125 -0
- package/src/__tests__/secret-routes-managed-proxy.test.ts +2 -3
- package/src/__tests__/secret-scanner-executor.test.ts +1 -1
- package/src/__tests__/send-endpoint-busy.test.ts +29 -1
- package/src/__tests__/server-history-render.test.ts +31 -0
- package/src/__tests__/shell-parser-property.test.ts +13 -13
- package/src/__tests__/skill-cache-store.test.ts +182 -0
- package/src/__tests__/skills.test.ts +19 -33
- package/src/__tests__/slack-app-setup-skill-regression.test.ts +3 -1
- package/src/__tests__/slack-skill.test.ts +3 -8
- package/src/__tests__/starter-bundle.test.ts +35 -0
- package/src/__tests__/subagent-call-site-routing.test.ts +280 -0
- package/src/__tests__/suggestion-routes.test.ts +160 -3
- package/src/__tests__/system-prompt.test.ts +22 -35
- package/src/__tests__/task-runner.test.ts +3 -1
- package/src/__tests__/tcc-sandbox-deny.test.ts +198 -0
- package/src/__tests__/terminal-tools.test.ts +8 -0
- package/src/__tests__/test-support/browser-skill-harness.ts +2 -52
- package/src/__tests__/thread-backfill.test.ts +941 -0
- package/src/__tests__/tool-execution-pipeline.benchmark.test.ts +2 -2
- package/src/__tests__/tool-executor-lifecycle-events.test.ts +2 -2
- package/src/__tests__/tool-executor.test.ts +60 -94
- package/src/__tests__/trust-store.test.ts +442 -109
- package/src/__tests__/update-bulletin-job.test.ts +389 -0
- package/src/__tests__/usage-cache-backfill-migration.test.ts +3 -1
- package/src/__tests__/verification-control-plane-policy.test.ts +1 -22
- package/src/__tests__/voice-session-bridge.test.ts +39 -0
- package/src/__tests__/volume-security-guard.test.ts +3 -2
- package/src/__tests__/web-search-history.test.ts +337 -0
- package/src/__tests__/workspace-migration-039-drop-legacy-llm-keys.test.ts +343 -0
- package/src/__tests__/workspace-migration-043-release-notes-latex-rendering.test.ts +202 -0
- package/src/__tests__/workspace-migration-045-release-notes-meet-avatar.test.ts +210 -0
- package/src/__tests__/workspace-migration-drop-user-md.test.ts +11 -11
- package/src/__tests__/workspace-migration-unify-llm-callsite-configs.test.ts +841 -0
- package/src/__tests__/workspace-policy.test.ts +1 -13
- package/src/acp/client-handler.ts +1 -2
- package/src/agent/loop.ts +209 -17
- package/src/avatar/resvg-lazy.test.ts +136 -0
- package/src/avatar/resvg-lazy.ts +82 -9
- package/src/avatar/traits-png-sync.ts +21 -1
- package/src/browser/__tests__/operations.test.ts +163 -0
- package/src/browser/identifiers.ts +51 -0
- package/src/browser/operations.ts +660 -0
- package/src/browser/types.ts +81 -0
- package/src/calls/guardian-question-copy.ts +2 -2
- package/src/calls/telephony-stt-routing.ts +1 -1
- package/src/calls/voice-session-bridge.ts +1 -0
- package/src/cli/AGENTS.md +1 -1
- package/src/cli/commands/__tests__/attachment.test.ts +438 -0
- package/src/cli/commands/__tests__/browser.test.ts +554 -0
- package/src/cli/commands/__tests__/cache.test.ts +623 -0
- package/src/cli/commands/__tests__/email-list.test.ts +6 -0
- package/src/cli/commands/__tests__/email-send.test.ts +93 -1
- package/src/cli/commands/__tests__/image-generation.test.ts +666 -0
- package/src/cli/commands/__tests__/inference-send.test.ts +451 -0
- package/src/cli/commands/__tests__/stt-transcribe.test.ts +454 -0
- package/src/cli/commands/__tests__/task.test.ts +913 -0
- package/src/cli/commands/__tests__/tts-synthesize.test.ts +594 -0
- package/src/cli/commands/__tests__/ui-confirm.test.ts +650 -0
- package/src/cli/commands/__tests__/ui.test.ts +1215 -0
- package/src/cli/commands/__tests__/watchers.test.ts +716 -0
- package/src/cli/commands/attachment.ts +182 -0
- package/src/cli/commands/browser.ts +350 -0
- package/src/cli/commands/cache.ts +341 -0
- package/src/cli/commands/completions.ts +0 -3
- package/src/cli/commands/config.ts +6 -6
- package/src/cli/commands/conversations-import.ts +347 -0
- package/src/cli/commands/conversations.ts +14 -1
- package/src/cli/commands/email.ts +234 -194
- package/src/cli/commands/image-generation.ts +300 -0
- package/src/cli/commands/inference.ts +200 -0
- package/src/cli/commands/memory.ts +127 -17
- package/src/cli/commands/platform/__tests__/callback-routes-list.test.ts +0 -1
- package/src/cli/commands/platform/__tests__/connect.test.ts +0 -1
- package/src/cli/commands/platform/__tests__/disconnect.test.ts +0 -1
- package/src/cli/commands/platform/__tests__/status.test.ts +0 -1
- package/src/cli/commands/stt.ts +339 -0
- package/src/cli/commands/task.ts +795 -0
- package/src/cli/commands/trust.ts +50 -19
- package/src/cli/commands/tts.ts +273 -0
- package/src/cli/commands/ui.ts +670 -0
- package/src/cli/commands/watchers.ts +509 -0
- package/src/cli/lib/daemon-credential-client.ts +0 -19
- package/src/cli/program.ts +23 -4
- package/src/cli.ts +0 -37
- package/src/config/bundled-skills/conversations/tools/rename-conversation.ts +23 -1
- package/src/config/bundled-skills/media-processing/services/reduce.ts +1 -1
- package/src/config/bundled-skills/messaging/SKILL.md +2 -2
- package/src/config/bundled-skills/messaging/TOOLS.json +4 -0
- package/src/config/bundled-skills/messaging/tools/messaging-archive-by-sender.ts +8 -1
- package/src/config/bundled-skills/messaging/tools/messaging-read.ts +15 -1
- package/src/config/bundled-skills/messaging/tools/messaging-search.ts +21 -1
- package/src/config/bundled-skills/messaging/tools/messaging-send.ts +11 -12
- package/src/config/bundled-skills/phone-calls/references/CONFIG.md +9 -8
- package/src/config/bundled-skills/settings/TOOLS.json +3 -3
- package/src/config/bundled-tool-registry.ts +0 -175
- package/src/config/env.ts +7 -2
- package/src/config/feature-flag-registry.json +25 -9
- package/src/config/llm-resolver.ts +128 -0
- package/src/config/loader.ts +194 -10
- package/src/config/raw-config-utils.ts +30 -2
- package/src/config/sanitize-for-transfer.ts +35 -0
- package/src/config/schema.ts +30 -41
- package/src/config/schemas/analysis.ts +3 -22
- package/src/config/schemas/calls.ts +0 -4
- package/src/config/schemas/filing.ts +2 -7
- package/src/config/schemas/heartbeat.ts +0 -5
- package/src/config/schemas/inference.ts +3 -23
- package/src/config/schemas/llm.ts +318 -0
- package/src/config/schemas/memory-processing.ts +1 -9
- package/src/config/schemas/notifications.ts +4 -11
- package/src/config/schemas/platform.ts +3 -9
- package/src/config/schemas/security.ts +33 -0
- package/src/config/schemas/services.ts +9 -4
- package/src/config/schemas/stt.ts +1 -0
- package/src/config/schemas/tts.ts +53 -0
- package/src/config/schemas/updates.ts +1 -1
- package/src/config/schemas/workspace-git.ts +3 -40
- package/src/config/skills.ts +2 -2
- package/src/context/__tests__/compact-prompt.test.ts +45 -0
- package/src/context/__tests__/microcompact.test.ts +805 -0
- package/src/context/estimator-calibration.ts +136 -0
- package/src/context/microcompact.ts +443 -0
- package/src/context/prompts/compact.md +12 -0
- package/src/context/token-estimator.ts +61 -3
- package/src/context/window-manager.ts +229 -25
- package/src/credential-execution/approval-bridge.ts +0 -1
- package/src/credential-execution/executable-discovery.ts +19 -8
- package/src/credential-execution/process-manager.test.ts +109 -0
- package/src/credential-execution/process-manager.ts +65 -2
- package/src/daemon/approval-generators.ts +29 -4
- package/src/daemon/assistant-attachments.ts +24 -13
- package/src/daemon/classifier.ts +2 -2
- package/src/daemon/config-watcher.ts +0 -1
- package/src/daemon/context-overflow-reducer.ts +4 -1
- package/src/daemon/conversation-agent-loop-handlers.ts +79 -12
- package/src/daemon/conversation-agent-loop.ts +462 -80
- package/src/daemon/conversation-attachments.ts +2 -6
- package/src/daemon/conversation-error.ts +36 -1
- package/src/daemon/conversation-lifecycle.ts +30 -6
- package/src/daemon/conversation-messaging.ts +73 -4
- package/src/daemon/conversation-process.ts +10 -4
- package/src/daemon/conversation-queue-manager.ts +3 -0
- package/src/daemon/conversation-runtime-assembly.ts +760 -29
- package/src/daemon/conversation-slash.ts +2 -2
- package/src/daemon/conversation-surfaces.ts +389 -1
- package/src/daemon/conversation-tool-setup.ts +10 -5
- package/src/daemon/conversation-usage.ts +1 -1
- package/src/daemon/conversation.ts +118 -30
- package/src/daemon/external-skills-bootstrap.ts +41 -0
- package/src/daemon/guardian-action-generators.ts +34 -14
- package/src/daemon/handlers/config-model.test.ts +86 -0
- package/src/daemon/handlers/config-model.ts +54 -12
- package/src/daemon/handlers/conversations.ts +9 -2
- package/src/daemon/handlers/shared.ts +39 -11
- package/src/daemon/handlers/skills.ts +2 -2
- package/src/daemon/handlers/slack-channel-oauth-install.ts +197 -0
- package/src/daemon/lifecycle.ts +76 -14
- package/src/daemon/message-types/conversations.ts +14 -0
- package/src/daemon/message-types/messages.ts +9 -1
- package/src/daemon/message-types/trust.ts +0 -2
- package/src/daemon/parse-actual-tokens-from-error.test.ts +57 -1
- package/src/daemon/parse-actual-tokens-from-error.ts +66 -0
- package/src/daemon/pkb-context-tracker.test.ts +169 -0
- package/src/daemon/pkb-context-tracker.ts +125 -0
- package/src/daemon/pkb-reminder-builder.test.ts +70 -0
- package/src/daemon/pkb-reminder-builder.ts +31 -0
- package/src/daemon/providers-setup.ts +6 -0
- package/src/daemon/server.ts +117 -9
- package/src/daemon/tool-side-effects.ts +0 -9
- package/src/daemon/watch-handler.ts +4 -4
- package/src/daemon/web-search-history.ts +126 -0
- package/src/events/domain-events.ts +0 -1
- package/src/filing/filing-service.ts +9 -10
- package/src/heartbeat/heartbeat-service.ts +76 -28
- package/src/home/__tests__/feed-scheduler.test.ts +39 -11
- package/src/home/__tests__/rollup-producer.test.ts +44 -0
- package/src/home/assistant-feed-authoring.ts +4 -0
- package/src/home/emit-feed-event.ts +4 -0
- package/src/home/feed-scheduler.ts +20 -4
- package/src/home/feed-types.ts +56 -2
- package/src/home/relationship-state-writer.ts +2 -2
- package/src/home/rollup-producer.ts +34 -5
- package/src/home/suggested-prompts.ts +101 -0
- package/src/ipc/__tests__/attachment-ipc.test.ts +213 -0
- package/src/ipc/__tests__/browser-ipc.test.ts +339 -0
- package/src/ipc/__tests__/cache-ipc.test.ts +266 -0
- package/src/ipc/__tests__/socket-path.test.ts +73 -0
- package/src/ipc/__tests__/task-ipc.test.ts +577 -0
- package/src/ipc/__tests__/ui-request-route.test.ts +495 -0
- package/src/ipc/__tests__/watcher-ipc.test.ts +295 -0
- package/src/ipc/cli-client.ts +2 -1
- package/src/ipc/cli-server.ts +26 -8
- package/src/ipc/gateway-client.ts +4 -4
- package/src/ipc/routes/attachment.ts +114 -0
- package/src/ipc/routes/browser-context.ts +61 -0
- package/src/ipc/routes/browser.ts +96 -0
- package/src/ipc/routes/cache.ts +96 -0
- package/src/ipc/routes/index.ts +17 -1
- package/src/ipc/routes/task-queue.ts +226 -0
- package/src/ipc/routes/task.ts +173 -0
- package/src/ipc/routes/ui-request.ts +50 -0
- package/src/ipc/routes/watcher.ts +203 -0
- package/src/ipc/socket-path.ts +100 -0
- package/src/memory/__tests__/conversation-analyze-job.test.ts +9 -8
- package/src/memory/__tests__/conversation-group-migration.test.ts +99 -0
- package/src/memory/admin.ts +18 -0
- package/src/memory/conversation-analyze-job.ts +14 -13
- package/src/memory/conversation-attention-store.ts +13 -6
- package/src/memory/conversation-crud.ts +103 -3
- package/src/memory/conversation-group-migration.ts +38 -6
- package/src/memory/conversation-title-service.ts +7 -4
- package/src/memory/db-init.ts +2 -0
- package/src/memory/embedding-backend.ts +1 -1
- package/src/memory/graph/compaction.ts +299 -0
- package/src/memory/graph/consolidation.ts +4 -4
- package/src/memory/graph/conversation-graph-memory.ts +89 -29
- package/src/memory/graph/extraction.test.ts +272 -2
- package/src/memory/graph/extraction.ts +173 -51
- package/src/memory/graph/graph-search.test.ts +92 -0
- package/src/memory/graph/graph-search.ts +4 -1
- package/src/memory/graph/narrative.ts +2 -2
- package/src/memory/graph/pattern-scan.ts +2 -2
- package/src/memory/graph/retriever.test.ts +459 -0
- package/src/memory/graph/retriever.ts +230 -48
- package/src/memory/graph/store.ts +41 -0
- package/src/memory/graph/tool-handlers.ts +27 -0
- package/src/memory/graph/tools.ts +6 -1
- package/src/memory/indexer.ts +5 -5
- package/src/memory/job-handlers/conversation-starters.ts +23 -20
- package/src/memory/job-handlers/summarization.ts +2 -2
- package/src/memory/job-utils.ts +7 -1
- package/src/memory/jobs/embed-pkb-file.test.ts +168 -0
- package/src/memory/jobs/embed-pkb-file.ts +54 -0
- package/src/memory/jobs-store.ts +44 -3
- package/src/memory/jobs-worker.ts +4 -0
- package/src/memory/migrations/140-backfill-usage-cache-accounting.ts +1 -1
- package/src/memory/migrations/220-normalize-user-file-by-principal.ts +2 -2
- package/src/memory/migrations/222-strip-placeholder-sentinels-from-messages.ts +82 -0
- package/src/memory/migrations/index.ts +1 -0
- package/src/memory/pkb/pkb-index.test.ts +368 -0
- package/src/memory/pkb/pkb-index.ts +255 -0
- package/src/memory/pkb/pkb-reconcile.test.ts +251 -0
- package/src/memory/pkb/pkb-reconcile.ts +148 -0
- package/src/memory/pkb/pkb-search.test.ts +438 -0
- package/src/memory/pkb/pkb-search.ts +137 -0
- package/src/memory/pkb/types.ts +53 -0
- package/src/memory/qdrant-client.ts +122 -1
- package/src/memory/slack-thread-store.ts +37 -0
- package/src/messaging/providers/gmail/adapter.ts +6 -16
- package/src/messaging/providers/gmail/client.ts +22 -0
- package/src/messaging/providers/gmail/types.ts +7 -0
- package/src/messaging/providers/slack/adapter.ts +14 -2
- package/src/messaging/providers/slack/backfill.test.ts +257 -0
- package/src/messaging/providers/slack/backfill.ts +101 -0
- package/src/messaging/providers/slack/message-metadata.test.ts +316 -0
- package/src/messaging/providers/slack/message-metadata.ts +123 -0
- package/src/messaging/providers/slack/render-transcript.test.ts +1373 -0
- package/src/messaging/providers/slack/render-transcript.ts +443 -0
- package/src/messaging/style-analyzer.ts +5 -2
- package/src/notifications/README.md +9 -5
- package/src/notifications/decision-engine.ts +3 -9
- package/src/notifications/preference-extractor.ts +2 -6
- package/src/oauth/oauth-store.ts +1 -0
- package/src/oauth/platform-connection.test.ts +47 -0
- package/src/oauth/platform-connection.ts +15 -5
- package/src/oauth/seed-providers.ts +4 -2
- package/src/permissions/approval-policy.test.ts +948 -0
- package/src/permissions/approval-policy.ts +257 -0
- package/src/permissions/bash-risk-classifier.test.ts +1208 -0
- package/src/permissions/bash-risk-classifier.ts +707 -0
- package/src/permissions/checker.ts +217 -708
- package/src/permissions/command-registry.test.ts +535 -0
- package/src/permissions/command-registry.ts +825 -0
- package/src/permissions/defaults.ts +26 -78
- package/src/permissions/file-risk-classifier.test.ts +535 -0
- package/src/permissions/file-risk-classifier.ts +274 -0
- package/src/permissions/risk-types.ts +205 -0
- package/src/permissions/secret-prompter.ts +53 -2
- package/src/permissions/skill-risk-classifier.test.ts +311 -0
- package/src/permissions/skill-risk-classifier.ts +214 -0
- package/src/permissions/trust-client.ts +52 -25
- package/src/permissions/trust-store-interface.ts +1 -6
- package/src/permissions/trust-store.ts +161 -62
- package/src/permissions/types.ts +23 -14
- package/src/permissions/web-risk-classifier.test.ts +170 -0
- package/src/permissions/web-risk-classifier.ts +89 -0
- package/src/permissions/workspace-policy.ts +1 -16
- package/src/platform/client.ts +19 -1
- package/src/prompts/persona-resolver.ts +3 -3
- package/src/prompts/system-prompt.ts +19 -20
- package/src/prompts/templates/SOUL.md +2 -2
- package/src/prompts/update-bulletin-job.ts +190 -0
- package/src/providers/__tests__/context-overflow-error.test.ts +328 -0
- package/src/providers/__tests__/provider-env-vars.test.ts +102 -0
- package/src/providers/__tests__/retry-callsite.test.ts +424 -0
- package/src/providers/anthropic/client.ts +183 -14
- package/src/providers/call-site-routing.ts +71 -0
- package/src/providers/gemini/client.ts +65 -2
- package/src/providers/managed-proxy/constants.ts +2 -1
- package/src/providers/model-catalog.ts +501 -33
- package/src/providers/model-intents.ts +4 -4
- package/src/providers/openai/chat-completions-provider.ts +57 -1
- package/src/providers/openai/responses-provider.ts +86 -9
- package/src/providers/openrouter/client.ts +76 -9
- package/src/providers/provider-env-vars.ts +56 -0
- package/src/providers/provider-send-message.ts +22 -5
- package/src/providers/ratelimit.ts +4 -0
- package/src/providers/registry.ts +19 -8
- package/src/providers/retry.ts +174 -39
- package/src/providers/speech-to-text/__tests__/resolve.test.ts +55 -0
- package/src/providers/speech-to-text/google-gemini-live-stream.ts +4 -4
- package/src/providers/speech-to-text/provider-catalog.ts +17 -0
- package/src/providers/speech-to-text/resolve.ts +7 -0
- package/src/providers/speech-to-text/xai-realtime.test.ts +578 -0
- package/src/providers/speech-to-text/xai-realtime.ts +796 -0
- package/src/providers/speech-to-text/xai.test.ts +155 -0
- package/src/providers/speech-to-text/xai.ts +97 -0
- package/src/providers/types.ts +93 -3
- package/src/runtime/AGENTS.md +2 -2
- package/src/runtime/__tests__/agent-wake.test.ts +43 -2
- package/src/runtime/__tests__/interactive-ui.test.ts +673 -0
- package/src/runtime/agent-wake.ts +63 -22
- package/src/runtime/auth/route-policy.ts +4 -0
- package/src/runtime/btw-sidechain.ts +13 -3
- package/src/runtime/channel-reply-delivery.ts +106 -2
- package/src/runtime/decision-token.ts +116 -0
- package/src/runtime/gateway-client.ts +2 -2
- package/src/runtime/http-router.ts +32 -0
- package/src/runtime/http-server.ts +52 -1
- package/src/runtime/http-types.ts +23 -1
- package/src/runtime/interactive-ui.ts +362 -0
- package/src/runtime/invite-instruction-generator.ts +2 -2
- package/src/runtime/migrations/__tests__/gcs-signed-url.test.ts +176 -0
- package/src/runtime/migrations/__tests__/vbundle-metadata-merge-integration.test.ts +390 -0
- package/src/runtime/migrations/__tests__/vbundle-metadata-merge.test.ts +221 -0
- package/src/runtime/migrations/__tests__/vbundle-streaming-importer.test.ts +1540 -0
- package/src/runtime/migrations/__tests__/vbundle-streaming-validator.test.ts +453 -0
- package/src/runtime/migrations/__tests__/vbundle-tar-stream.test.ts +222 -0
- package/src/runtime/migrations/gcs-signed-url.ts +162 -0
- package/src/runtime/migrations/vbundle-importer.ts +154 -9
- package/src/runtime/migrations/vbundle-metadata-merge.ts +124 -0
- package/src/runtime/migrations/vbundle-streaming-importer.ts +2522 -0
- package/src/runtime/migrations/vbundle-streaming-validator.ts +244 -0
- package/src/runtime/migrations/vbundle-tar-stream.ts +217 -0
- package/src/runtime/migrations/vbundle-validator.ts +15 -6
- package/src/runtime/routes/__tests__/home-feed-routes.test.ts +111 -0
- package/src/runtime/routes/__tests__/migration-import-credential-filter.test.ts +114 -75
- package/src/runtime/routes/__tests__/migration-vellum-metadata-reconcile.test.ts +246 -0
- package/src/runtime/routes/approval-prompt-ts-tracker.ts +58 -0
- package/src/runtime/routes/approval-routes.ts +12 -17
- package/src/runtime/routes/approval-strategies/guardian-callback-strategy.ts +9 -0
- package/src/runtime/routes/avatar-routes.ts +20 -4
- package/src/runtime/routes/btw-routes.ts +1 -4
- package/src/runtime/routes/conversation-management-routes.ts +20 -2
- package/src/runtime/routes/conversation-routes.ts +133 -27
- package/src/runtime/routes/debug-routes.ts +1 -1
- package/src/runtime/routes/diagnostics-routes.ts +6 -4
- package/src/runtime/routes/events-routes.ts +16 -0
- package/src/runtime/routes/guardian-approval-interception.ts +33 -3
- package/src/runtime/routes/guardian-approval-prompt.ts +13 -3
- package/src/runtime/routes/home-feed-routes.ts +120 -2
- package/src/runtime/routes/inbound-message-handler.ts +912 -2
- package/src/runtime/routes/inbound-stages/background-dispatch.test.ts +113 -2
- package/src/runtime/routes/inbound-stages/background-dispatch.ts +61 -3
- package/src/runtime/routes/inbound-stages/edit-intercept.ts +129 -6
- package/src/runtime/routes/integrations/slack/channel.ts +25 -3
- package/src/runtime/routes/llm-context-normalization.ts +23 -1
- package/src/runtime/routes/migration-routes.ts +720 -124
- package/src/runtime/routes/settings-routes.ts +4 -2
- package/src/runtime/routes/trust-rules-routes.ts +30 -14
- package/src/runtime/routes/work-items-routes.test.ts +1 -1
- package/src/runtime/routes/work-items-routes.ts +3 -2
- package/src/runtime/services/__tests__/analyze-conversation.test.ts +25 -43
- package/src/runtime/services/analyze-conversation.ts +12 -16
- package/src/runtime/skill-route-registry.ts +28 -6
- package/src/schedule/scheduler.ts +8 -0
- package/src/security/__tests__/provider-key-env-fallback.test.ts +119 -0
- package/src/security/__tests__/untrusted-content.test.ts +109 -0
- package/src/security/oauth2.ts +98 -35
- package/src/security/secure-keys.ts +7 -8
- package/src/security/token-manager.ts +27 -13
- package/src/security/untrusted-content.ts +102 -0
- package/src/skills/catalog-cache.ts +26 -7
- package/src/skills/catalog-install.ts +31 -3
- package/src/skills/skill-cache-store.ts +97 -0
- package/src/stt/__tests__/daemon-batch-transcriber.test.ts +76 -0
- package/src/stt/daemon-batch-transcriber.ts +33 -0
- package/src/stt/stt-stream-session.ts +8 -1
- package/src/stt/types.ts +5 -1
- package/src/subagent/manager.ts +41 -13
- package/src/tasks/ephemeral-permissions.ts +9 -4
- package/src/telemetry/usage-telemetry-reporter.ts +27 -5
- package/src/tools/browser/__tests__/browser-status.test.ts +45 -2
- package/src/tools/browser/browser-execution.ts +65 -38
- package/src/tools/browser/cdp-client/cdp-inspect/discovery.ts +22 -0
- package/src/tools/credentials/tool-policy.ts +39 -5
- package/src/tools/credentials/vault.ts +9 -4
- package/src/tools/executor.ts +4 -0
- package/src/tools/filesystem/write.ts +52 -0
- package/src/tools/host-terminal/host-shell.ts +45 -5
- package/src/tools/memory/register.test.ts +185 -0
- package/src/tools/memory/register.ts +3 -1
- package/src/tools/network/web-fetch.ts +20 -10
- package/src/tools/network/web-search.ts +19 -4
- package/src/tools/permission-checker.ts +36 -15
- package/src/tools/policy-context.ts +25 -8
- package/src/tools/registry.ts +55 -3
- package/src/tools/side-effects.ts +0 -11
- package/src/tools/skills/execute.ts +2 -2
- package/src/tools/skills/sandbox-runner.ts +5 -2
- package/src/tools/terminal/backends/native.ts +51 -2
- package/src/tools/terminal/safe-env.ts +3 -2
- package/src/tools/terminal/shell.ts +1 -0
- package/src/tools/tool-manifest.ts +6 -21
- package/src/tools/types.ts +12 -3
- package/src/tools/verification-control-plane-policy.ts +1 -1
- package/src/tts/__tests__/provider-adapters.test.ts +240 -13
- package/src/tts/provider-catalog.ts +18 -0
- package/src/tts/providers/index.ts +2 -0
- package/src/tts/providers/xai-provider.ts +224 -0
- package/src/tts/types.ts +46 -0
- package/src/types/tar-stream.d.ts +66 -0
- package/src/util/json.ts +17 -0
- package/src/util/platform.ts +2 -2
- package/src/util/pricing.ts +15 -5
- package/src/watcher/engine.ts +1 -1
- package/src/watcher/providers/google-calendar.ts +134 -8
- package/src/watcher/providers/outlook-calendar.ts +42 -2
- package/src/workspace/git-service.ts +23 -4
- package/src/workspace/migrations/038-unify-llm-callsite-configs.ts +516 -0
- package/src/workspace/migrations/039-drop-legacy-llm-keys.ts +171 -0
- package/src/workspace/migrations/040-seed-latency-callsite-defaults.ts +154 -0
- package/src/workspace/migrations/041-backfill-google-gmail-settings-scope.ts +57 -0
- package/src/workspace/migrations/042-fix-backfill-google-gmail-settings-scope.ts +70 -0
- package/src/workspace/migrations/043-release-notes-latex-rendering.ts +75 -0
- package/src/workspace/migrations/044-bump-stale-provider-stream-timeout.ts +51 -0
- package/src/workspace/migrations/045-release-notes-meet-avatar.ts +130 -0
- package/src/workspace/migrations/AGENTS.md +1 -1
- package/src/workspace/migrations/registry.ts +16 -0
- package/src/workspace/provider-commit-message-generator.ts +19 -38
- package/src/__tests__/gmail-archive-fallback.test.ts +0 -193
- package/src/__tests__/gmail-archive-gate.test.ts +0 -246
- package/src/__tests__/gmail-preferences.test.ts +0 -117
- package/src/__tests__/outlook-attachments.test.ts +0 -301
- package/src/__tests__/outlook-automation-tools.test.ts +0 -425
- package/src/__tests__/outlook-categories.test.ts +0 -212
- package/src/__tests__/outlook-compose-tools.test.ts +0 -325
- package/src/__tests__/outlook-declutter-tools.test.ts +0 -585
- package/src/__tests__/outlook-follow-up.test.ts +0 -196
- package/src/__tests__/outlook-trash.test.ts +0 -77
- package/src/__tests__/outlook-unsubscribe.test.ts +0 -279
- package/src/__tests__/update-bulletin-format.test.ts +0 -181
- package/src/__tests__/update-bulletin-state.test.ts +0 -135
- package/src/__tests__/update-bulletin.test.ts +0 -478
- package/src/__tests__/update-template-contract.test.ts +0 -29
- package/src/cli/commands/doctor.ts +0 -341
- package/src/config/bundled-skills/browser/SKILL.md +0 -88
- package/src/config/bundled-skills/browser/TOOLS.json +0 -516
- package/src/config/bundled-skills/browser/tools/browser-attach.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-click.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-close.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-detach.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-extract.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-fill-credential.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-hover.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-navigate.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-press-key.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-screenshot.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-scroll.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-select-option.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-snapshot.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-status.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-type.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-wait-for-download.ts +0 -49
- package/src/config/bundled-skills/browser/tools/browser-wait-for.ts +0 -12
- package/src/config/bundled-skills/chatgpt-import/SKILL.md +0 -27
- package/src/config/bundled-skills/chatgpt-import/TOOLS.json +0 -27
- package/src/config/bundled-skills/chatgpt-import/tools/chatgpt-import.ts +0 -378
- package/src/config/bundled-skills/gmail/SKILL.md +0 -221
- package/src/config/bundled-skills/gmail/TOOLS.json +0 -588
- package/src/config/bundled-skills/gmail/tools/gmail-archive.ts +0 -256
- package/src/config/bundled-skills/gmail/tools/gmail-attachments.ts +0 -112
- package/src/config/bundled-skills/gmail/tools/gmail-draft.ts +0 -44
- package/src/config/bundled-skills/gmail/tools/gmail-filters.ts +0 -81
- package/src/config/bundled-skills/gmail/tools/gmail-follow-up.ts +0 -108
- package/src/config/bundled-skills/gmail/tools/gmail-forward.ts +0 -146
- package/src/config/bundled-skills/gmail/tools/gmail-label.ts +0 -53
- package/src/config/bundled-skills/gmail/tools/gmail-outreach-scan.ts +0 -347
- package/src/config/bundled-skills/gmail/tools/gmail-preferences-tool.ts +0 -59
- package/src/config/bundled-skills/gmail/tools/gmail-preferences.ts +0 -82
- package/src/config/bundled-skills/gmail/tools/gmail-send-draft.ts +0 -26
- package/src/config/bundled-skills/gmail/tools/gmail-sender-digest.ts +0 -347
- package/src/config/bundled-skills/gmail/tools/gmail-trash.ts +0 -29
- package/src/config/bundled-skills/gmail/tools/gmail-unsubscribe.ts +0 -122
- package/src/config/bundled-skills/gmail/tools/gmail-vacation.ts +0 -67
- package/src/config/bundled-skills/gmail/tools/scan-result-store.ts +0 -100
- package/src/config/bundled-skills/gmail/tools/shared.ts +0 -47
- package/src/config/bundled-skills/google-calendar/SKILL.md +0 -51
- package/src/config/bundled-skills/google-calendar/TOOLS.json +0 -226
- package/src/config/bundled-skills/google-calendar/calendar-client.ts +0 -223
- package/src/config/bundled-skills/google-calendar/tools/calendar-check-availability.ts +0 -27
- package/src/config/bundled-skills/google-calendar/tools/calendar-create-event.ts +0 -48
- package/src/config/bundled-skills/google-calendar/tools/calendar-get-event.ts +0 -19
- package/src/config/bundled-skills/google-calendar/tools/calendar-list-events.ts +0 -36
- package/src/config/bundled-skills/google-calendar/tools/calendar-rsvp.ts +0 -58
- package/src/config/bundled-skills/google-calendar/tools/shared.ts +0 -17
- package/src/config/bundled-skills/google-calendar/types.ts +0 -97
- package/src/config/bundled-skills/outlook/SKILL.md +0 -196
- package/src/config/bundled-skills/outlook/TOOLS.json +0 -530
- package/src/config/bundled-skills/outlook/tools/outlook-attachments.ts +0 -85
- package/src/config/bundled-skills/outlook/tools/outlook-categories.ts +0 -77
- package/src/config/bundled-skills/outlook/tools/outlook-draft.ts +0 -84
- package/src/config/bundled-skills/outlook/tools/outlook-follow-up.ts +0 -94
- package/src/config/bundled-skills/outlook/tools/outlook-forward.ts +0 -49
- package/src/config/bundled-skills/outlook/tools/outlook-outreach-scan.ts +0 -237
- package/src/config/bundled-skills/outlook/tools/outlook-rules.ts +0 -161
- package/src/config/bundled-skills/outlook/tools/outlook-send-draft.ts +0 -32
- package/src/config/bundled-skills/outlook/tools/outlook-sender-digest.ts +0 -272
- package/src/config/bundled-skills/outlook/tools/outlook-trash.ts +0 -29
- package/src/config/bundled-skills/outlook/tools/outlook-unsubscribe.ts +0 -129
- package/src/config/bundled-skills/outlook/tools/outlook-vacation.ts +0 -87
- package/src/config/bundled-skills/outlook/tools/shared.ts +0 -20
- package/src/config/bundled-skills/outlook-calendar/SKILL.md +0 -51
- package/src/config/bundled-skills/outlook-calendar/TOOLS.json +0 -221
- package/src/config/bundled-skills/outlook-calendar/calendar-client.ts +0 -252
- package/src/config/bundled-skills/outlook-calendar/tools/outlook-calendar-check-availability.ts +0 -53
- package/src/config/bundled-skills/outlook-calendar/tools/outlook-calendar-create-event.ts +0 -74
- package/src/config/bundled-skills/outlook-calendar/tools/outlook-calendar-get-event.ts +0 -18
- package/src/config/bundled-skills/outlook-calendar/tools/outlook-calendar-list-events.ts +0 -46
- package/src/config/bundled-skills/outlook-calendar/tools/outlook-calendar-rsvp.ts +0 -36
- package/src/config/bundled-skills/outlook-calendar/tools/shared.ts +0 -17
- package/src/config/bundled-skills/outlook-calendar/types.ts +0 -120
- package/src/config/bundled-skills/slack/SKILL.md +0 -108
- package/src/config/bundled-skills/tasks/SKILL.md +0 -37
- package/src/config/bundled-skills/tasks/TOOLS.json +0 -353
- package/src/config/bundled-skills/tasks/icon.svg +0 -34
- package/src/config/bundled-skills/tasks/tools/task-delete.ts +0 -12
- package/src/config/bundled-skills/tasks/tools/task-list-add.ts +0 -12
- package/src/config/bundled-skills/tasks/tools/task-list-remove.ts +0 -12
- package/src/config/bundled-skills/tasks/tools/task-list-show.ts +0 -12
- package/src/config/bundled-skills/tasks/tools/task-list-update.ts +0 -12
- package/src/config/bundled-skills/tasks/tools/task-list.ts +0 -12
- package/src/config/bundled-skills/tasks/tools/task-queue-run.ts +0 -12
- package/src/config/bundled-skills/tasks/tools/task-run.ts +0 -12
- package/src/config/bundled-skills/tasks/tools/task-save.ts +0 -12
- package/src/config/bundled-skills/watcher/SKILL.md +0 -31
- package/src/config/bundled-skills/watcher/TOOLS.json +0 -167
- package/src/config/bundled-skills/watcher/tools/watcher-create.ts +0 -12
- package/src/config/bundled-skills/watcher/tools/watcher-delete.ts +0 -12
- package/src/config/bundled-skills/watcher/tools/watcher-digest.ts +0 -12
- package/src/config/bundled-skills/watcher/tools/watcher-list.ts +0 -12
- package/src/config/bundled-skills/watcher/tools/watcher-update.ts +0 -12
- package/src/prompts/templates/UPDATES.md +0 -50
- package/src/prompts/update-bulletin-format.ts +0 -85
- package/src/prompts/update-bulletin-state.ts +0 -58
- package/src/prompts/update-bulletin-template-path.ts +0 -13
- package/src/prompts/update-bulletin.ts +0 -139
- package/src/shared/provider-env-vars.ts +0 -19
- package/src/tools/watcher/create.ts +0 -86
- package/src/tools/watcher/delete.ts +0 -36
- package/src/tools/watcher/digest.ts +0 -54
- package/src/tools/watcher/list.ts +0 -83
- package/src/tools/watcher/update.ts +0 -71
|
@@ -0,0 +1,825 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Default command registry for the bash risk classifier.
|
|
3
|
+
*
|
|
4
|
+
* A data-driven registry of ~100 commands with base risk levels, subcommand
|
|
5
|
+
* overrides, and arg-level rules. This is the "smart defaults" layer — users
|
|
6
|
+
* can override any entry via their personal rule store.
|
|
7
|
+
*
|
|
8
|
+
* Every program in checker.ts's LOW_RISK_PROGRAMS, HIGH_RISK_PROGRAMS,
|
|
9
|
+
* WRAPPER_PROGRAMS, and LOW_RISK_GIT_SUBCOMMANDS has a corresponding entry.
|
|
10
|
+
* Divergences from the existing checker classification are documented inline.
|
|
11
|
+
*
|
|
12
|
+
* @see /docs/bash-risk-classifier-design.md Section 6.2
|
|
13
|
+
*/
|
|
14
|
+
|
|
15
|
+
import type { CommandRiskSpec } from "./risk-types.js";
|
|
16
|
+
|
|
17
|
+
// ── Shared regex pattern constants ────────────────────────────────────────────
|
|
18
|
+
// These are used across multiple command entries. Stored as strings (not native
|
|
19
|
+
// RegExp) so they round-trip cleanly through JSON serialization.
|
|
20
|
+
|
|
21
|
+
/** Matches paths containing sensitive directories (.ssh, .gnupg, .aws, .config, .env). */
|
|
22
|
+
const SENSITIVE_PATHS = String.raw`(?:^|/)(?:\.ssh|\.gnupg|\.aws|\.config|\.env)\b`;
|
|
23
|
+
|
|
24
|
+
/** Matches system paths (/usr, /bin, /sbin, /lib, /boot, /dev, /proc, /sys). */
|
|
25
|
+
const SYSTEM_PATHS = String.raw`^/(?:usr|bin|sbin|lib|boot|dev|proc|sys)\b`;
|
|
26
|
+
|
|
27
|
+
/** Matches temp/relative paths (/tmp, /var/tmp, ./, ../). */
|
|
28
|
+
const TMP_PATHS = String.raw`^(?:/tmp|/var/tmp|\./|\.\.\/)`;
|
|
29
|
+
|
|
30
|
+
// ── Default command registry ──────────────────────────────────────────────────
|
|
31
|
+
|
|
32
|
+
export const DEFAULT_COMMAND_REGISTRY = {
|
|
33
|
+
// ── Read-only filesystem commands ──────────────────────────────────────────
|
|
34
|
+
ls: { baseRisk: "low" },
|
|
35
|
+
cat: {
|
|
36
|
+
baseRisk: "low",
|
|
37
|
+
argRules: [
|
|
38
|
+
{
|
|
39
|
+
id: "cat:sensitive",
|
|
40
|
+
valuePattern: SENSITIVE_PATHS,
|
|
41
|
+
risk: "high",
|
|
42
|
+
reason: "Reads sensitive file",
|
|
43
|
+
},
|
|
44
|
+
],
|
|
45
|
+
},
|
|
46
|
+
head: { baseRisk: "low" },
|
|
47
|
+
tail: { baseRisk: "low" },
|
|
48
|
+
less: { baseRisk: "low" },
|
|
49
|
+
more: { baseRisk: "low" },
|
|
50
|
+
wc: { baseRisk: "low" },
|
|
51
|
+
file: { baseRisk: "low" },
|
|
52
|
+
stat: { baseRisk: "low" },
|
|
53
|
+
du: { baseRisk: "low" },
|
|
54
|
+
df: { baseRisk: "low" },
|
|
55
|
+
diff: { baseRisk: "low" },
|
|
56
|
+
tree: { baseRisk: "low" },
|
|
57
|
+
pwd: { baseRisk: "low" },
|
|
58
|
+
realpath: { baseRisk: "low" },
|
|
59
|
+
basename: { baseRisk: "low" },
|
|
60
|
+
dirname: { baseRisk: "low" },
|
|
61
|
+
|
|
62
|
+
// ── Search / filter / text processing ──────────────────────────────────────
|
|
63
|
+
grep: { baseRisk: "low" },
|
|
64
|
+
rg: { baseRisk: "low" },
|
|
65
|
+
ag: { baseRisk: "low" },
|
|
66
|
+
ack: { baseRisk: "low" },
|
|
67
|
+
sort: { baseRisk: "low" },
|
|
68
|
+
uniq: { baseRisk: "low" },
|
|
69
|
+
cut: { baseRisk: "low" },
|
|
70
|
+
tr: { baseRisk: "low" },
|
|
71
|
+
sed: {
|
|
72
|
+
baseRisk: "low",
|
|
73
|
+
argRules: [
|
|
74
|
+
{
|
|
75
|
+
id: "sed:inplace",
|
|
76
|
+
flags: ["-i", "--in-place"],
|
|
77
|
+
risk: "medium",
|
|
78
|
+
reason: "Edits files in place",
|
|
79
|
+
},
|
|
80
|
+
],
|
|
81
|
+
},
|
|
82
|
+
awk: {
|
|
83
|
+
baseRisk: "medium",
|
|
84
|
+
complexSyntax: true,
|
|
85
|
+
reason: "Can execute shell commands via system()",
|
|
86
|
+
},
|
|
87
|
+
|
|
88
|
+
// ── System information (read-only) ─────────────────────────────────────────
|
|
89
|
+
echo: { baseRisk: "low" },
|
|
90
|
+
printf: { baseRisk: "low" },
|
|
91
|
+
whoami: { baseRisk: "low" },
|
|
92
|
+
uname: { baseRisk: "low" },
|
|
93
|
+
uptime: { baseRisk: "low" },
|
|
94
|
+
hostname: { baseRisk: "low" },
|
|
95
|
+
date: { baseRisk: "low" },
|
|
96
|
+
cal: { baseRisk: "low" },
|
|
97
|
+
id: { baseRisk: "low" },
|
|
98
|
+
ps: { baseRisk: "low" },
|
|
99
|
+
free: { baseRisk: "low" },
|
|
100
|
+
which: { baseRisk: "low" },
|
|
101
|
+
where: { baseRisk: "low" },
|
|
102
|
+
whereis: { baseRisk: "low" },
|
|
103
|
+
type: { baseRisk: "low" },
|
|
104
|
+
printenv: { baseRisk: "low" },
|
|
105
|
+
man: { baseRisk: "low" },
|
|
106
|
+
help: { baseRisk: "low" },
|
|
107
|
+
info: { baseRisk: "low" },
|
|
108
|
+
|
|
109
|
+
// ── Checksum / hex tools ───────────────────────────────────────────────────
|
|
110
|
+
sha256sum: { baseRisk: "low" },
|
|
111
|
+
md5sum: { baseRisk: "low" },
|
|
112
|
+
xxd: { baseRisk: "low" },
|
|
113
|
+
hexdump: { baseRisk: "low" },
|
|
114
|
+
|
|
115
|
+
// ── Data processing ────────────────────────────────────────────────────────
|
|
116
|
+
jq: { baseRisk: "low" },
|
|
117
|
+
yq: { baseRisk: "low" },
|
|
118
|
+
|
|
119
|
+
// ── Find ───────────────────────────────────────────────────────────────────
|
|
120
|
+
// DIVERGENCE: checker.ts lists `find` as LOW_RISK unconditionally. Our
|
|
121
|
+
// registry adds arg rules for -exec/-execdir/-delete which escalate to high.
|
|
122
|
+
find: {
|
|
123
|
+
baseRisk: "low",
|
|
124
|
+
complexSyntax: true,
|
|
125
|
+
argRules: [
|
|
126
|
+
{
|
|
127
|
+
id: "find:exec",
|
|
128
|
+
flags: ["-exec", "-execdir"],
|
|
129
|
+
risk: "high",
|
|
130
|
+
reason: "Executes arbitrary commands on matched files",
|
|
131
|
+
},
|
|
132
|
+
{
|
|
133
|
+
id: "find:delete",
|
|
134
|
+
flags: ["-delete"],
|
|
135
|
+
risk: "high",
|
|
136
|
+
reason: "Deletes matched files",
|
|
137
|
+
},
|
|
138
|
+
],
|
|
139
|
+
},
|
|
140
|
+
fd: { baseRisk: "low" },
|
|
141
|
+
|
|
142
|
+
// ── Write commands ─────────────────────────────────────────────────────────
|
|
143
|
+
cp: {
|
|
144
|
+
baseRisk: "medium",
|
|
145
|
+
argRules: [
|
|
146
|
+
{
|
|
147
|
+
id: "cp:system",
|
|
148
|
+
valuePattern: SYSTEM_PATHS,
|
|
149
|
+
risk: "high",
|
|
150
|
+
reason: "Copies to system path",
|
|
151
|
+
},
|
|
152
|
+
],
|
|
153
|
+
},
|
|
154
|
+
mv: {
|
|
155
|
+
baseRisk: "medium",
|
|
156
|
+
argRules: [
|
|
157
|
+
{
|
|
158
|
+
id: "mv:system",
|
|
159
|
+
valuePattern: SYSTEM_PATHS,
|
|
160
|
+
risk: "high",
|
|
161
|
+
reason: "Moves to system path",
|
|
162
|
+
},
|
|
163
|
+
],
|
|
164
|
+
},
|
|
165
|
+
mkdir: { baseRisk: "medium" },
|
|
166
|
+
touch: { baseRisk: "medium" },
|
|
167
|
+
// DIVERGENCE: checker.ts lists `tee` as LOW_RISK. Our registry classifies
|
|
168
|
+
// it as medium because it writes to files.
|
|
169
|
+
tee: { baseRisk: "medium" },
|
|
170
|
+
|
|
171
|
+
// ── Delete commands ────────────────────────────────────────────────────────
|
|
172
|
+
rm: {
|
|
173
|
+
baseRisk: "high",
|
|
174
|
+
argRules: [
|
|
175
|
+
{
|
|
176
|
+
id: "rm:recursive-force",
|
|
177
|
+
flags: ["-rf", "-fr", "-Rf", "-fR"],
|
|
178
|
+
risk: "high",
|
|
179
|
+
reason: "Recursive force delete",
|
|
180
|
+
},
|
|
181
|
+
{
|
|
182
|
+
id: "rm:recursive",
|
|
183
|
+
flags: ["-r", "-R", "--recursive"],
|
|
184
|
+
risk: "high",
|
|
185
|
+
reason: "Recursive delete",
|
|
186
|
+
},
|
|
187
|
+
{
|
|
188
|
+
id: "rm:tmp",
|
|
189
|
+
valuePattern: TMP_PATHS,
|
|
190
|
+
risk: "medium",
|
|
191
|
+
reason: "Removes temp files",
|
|
192
|
+
},
|
|
193
|
+
{
|
|
194
|
+
id: "rm:system",
|
|
195
|
+
valuePattern: SYSTEM_PATHS,
|
|
196
|
+
risk: "high",
|
|
197
|
+
reason: "Removes system files",
|
|
198
|
+
},
|
|
199
|
+
{
|
|
200
|
+
id: "rm:sensitive",
|
|
201
|
+
valuePattern: SENSITIVE_PATHS,
|
|
202
|
+
risk: "high",
|
|
203
|
+
reason: "Removes sensitive files",
|
|
204
|
+
},
|
|
205
|
+
],
|
|
206
|
+
},
|
|
207
|
+
rmdir: { baseRisk: "high" },
|
|
208
|
+
|
|
209
|
+
// ── Network commands ───────────────────────────────────────────────────────
|
|
210
|
+
curl: {
|
|
211
|
+
baseRisk: "medium",
|
|
212
|
+
argRules: [
|
|
213
|
+
{
|
|
214
|
+
id: "curl:upload-data",
|
|
215
|
+
flags: ["-d", "--data", "--data-binary", "--data-raw"],
|
|
216
|
+
valuePattern: String.raw`^@`,
|
|
217
|
+
risk: "high",
|
|
218
|
+
reason: "Uploads file contents",
|
|
219
|
+
},
|
|
220
|
+
{
|
|
221
|
+
id: "curl:upload-file",
|
|
222
|
+
flags: ["-T", "--upload-file"],
|
|
223
|
+
risk: "high",
|
|
224
|
+
reason: "Uploads file",
|
|
225
|
+
},
|
|
226
|
+
{
|
|
227
|
+
id: "curl:output-sensitive",
|
|
228
|
+
flags: ["-o", "--output"],
|
|
229
|
+
valuePattern: SENSITIVE_PATHS,
|
|
230
|
+
risk: "high",
|
|
231
|
+
reason: "Writes to sensitive path",
|
|
232
|
+
},
|
|
233
|
+
{
|
|
234
|
+
id: "curl:localhost",
|
|
235
|
+
valuePattern: String.raw`^https?://(localhost|127\.0\.0\.1|\[::1\])`,
|
|
236
|
+
risk: "low",
|
|
237
|
+
reason: "Local request",
|
|
238
|
+
},
|
|
239
|
+
],
|
|
240
|
+
},
|
|
241
|
+
wget: { baseRisk: "medium" },
|
|
242
|
+
// DIVERGENCE: checker.ts lists `http` (httpie) as LOW_RISK. Our registry
|
|
243
|
+
// classifies it as medium because it can make network requests with side effects.
|
|
244
|
+
http: { baseRisk: "medium" },
|
|
245
|
+
ping: { baseRisk: "low" },
|
|
246
|
+
dig: { baseRisk: "low" },
|
|
247
|
+
nslookup: { baseRisk: "low" },
|
|
248
|
+
ssh: { baseRisk: "high", reason: "Opens remote shell" },
|
|
249
|
+
scp: { baseRisk: "high", reason: "Remote file transfer" },
|
|
250
|
+
rsync: { baseRisk: "high", reason: "Remote file sync" },
|
|
251
|
+
|
|
252
|
+
// ── Git ────────────────────────────────────────────────────────────────────
|
|
253
|
+
// Every subcommand in checker.ts's LOW_RISK_GIT_SUBCOMMANDS must appear here.
|
|
254
|
+
// Divergences are noted inline.
|
|
255
|
+
git: {
|
|
256
|
+
baseRisk: "medium",
|
|
257
|
+
globalValueFlags: [
|
|
258
|
+
"-C",
|
|
259
|
+
"-c",
|
|
260
|
+
"--git-dir",
|
|
261
|
+
"--work-tree",
|
|
262
|
+
"--namespace",
|
|
263
|
+
"--super-prefix",
|
|
264
|
+
"--config-env",
|
|
265
|
+
],
|
|
266
|
+
subcommands: {
|
|
267
|
+
// LOW_RISK_GIT_SUBCOMMANDS from checker.ts:
|
|
268
|
+
status: { baseRisk: "low" },
|
|
269
|
+
log: { baseRisk: "low" },
|
|
270
|
+
diff: { baseRisk: "low" },
|
|
271
|
+
show: { baseRisk: "low" },
|
|
272
|
+
branch: { baseRisk: "low" },
|
|
273
|
+
tag: {
|
|
274
|
+
baseRisk: "low",
|
|
275
|
+
argRules: [
|
|
276
|
+
{
|
|
277
|
+
id: "git-tag:delete",
|
|
278
|
+
flags: ["-d", "--delete"],
|
|
279
|
+
risk: "high",
|
|
280
|
+
reason: "Deletes git tag",
|
|
281
|
+
},
|
|
282
|
+
],
|
|
283
|
+
},
|
|
284
|
+
remote: { baseRisk: "low" },
|
|
285
|
+
// DIVERGENCE: checker.ts lists `stash` as LOW_RISK. Our registry classifies
|
|
286
|
+
// the base stash command as medium (it modifies working tree), with read-only
|
|
287
|
+
// subcommands (list, show) as low and destructive ones (drop) as high.
|
|
288
|
+
stash: {
|
|
289
|
+
baseRisk: "medium",
|
|
290
|
+
subcommands: {
|
|
291
|
+
list: { baseRisk: "low" },
|
|
292
|
+
show: { baseRisk: "low" },
|
|
293
|
+
drop: {
|
|
294
|
+
baseRisk: "high",
|
|
295
|
+
reason: "Permanently drops stashed changes",
|
|
296
|
+
},
|
|
297
|
+
},
|
|
298
|
+
},
|
|
299
|
+
blame: { baseRisk: "low" },
|
|
300
|
+
shortlog: { baseRisk: "low" },
|
|
301
|
+
describe: { baseRisk: "low" },
|
|
302
|
+
"rev-parse": { baseRisk: "low" },
|
|
303
|
+
"ls-files": { baseRisk: "low" },
|
|
304
|
+
"ls-tree": { baseRisk: "low" },
|
|
305
|
+
"cat-file": { baseRisk: "low" },
|
|
306
|
+
reflog: { baseRisk: "low" },
|
|
307
|
+
// Write operations:
|
|
308
|
+
add: { baseRisk: "medium" },
|
|
309
|
+
commit: { baseRisk: "medium" },
|
|
310
|
+
checkout: { baseRisk: "medium" },
|
|
311
|
+
switch: { baseRisk: "medium" },
|
|
312
|
+
merge: { baseRisk: "medium" },
|
|
313
|
+
rebase: {
|
|
314
|
+
baseRisk: "medium",
|
|
315
|
+
argRules: [
|
|
316
|
+
{
|
|
317
|
+
id: "git-rebase:interactive",
|
|
318
|
+
flags: ["-i", "--interactive"],
|
|
319
|
+
risk: "high",
|
|
320
|
+
reason: "Interactive rebase rewrites history",
|
|
321
|
+
},
|
|
322
|
+
],
|
|
323
|
+
},
|
|
324
|
+
push: {
|
|
325
|
+
baseRisk: "medium",
|
|
326
|
+
argRules: [
|
|
327
|
+
{
|
|
328
|
+
id: "git-push:force",
|
|
329
|
+
flags: ["--force", "-f", "--force-with-lease"],
|
|
330
|
+
risk: "high",
|
|
331
|
+
reason: "Force push rewrites remote history",
|
|
332
|
+
},
|
|
333
|
+
],
|
|
334
|
+
},
|
|
335
|
+
pull: { baseRisk: "medium" },
|
|
336
|
+
fetch: { baseRisk: "low" },
|
|
337
|
+
reset: {
|
|
338
|
+
baseRisk: "medium",
|
|
339
|
+
argRules: [
|
|
340
|
+
{
|
|
341
|
+
id: "git-reset:hard",
|
|
342
|
+
flags: ["--hard"],
|
|
343
|
+
risk: "high",
|
|
344
|
+
reason: "Discards uncommitted changes",
|
|
345
|
+
},
|
|
346
|
+
],
|
|
347
|
+
},
|
|
348
|
+
clean: { baseRisk: "high", reason: "Removes untracked files" },
|
|
349
|
+
bisect: { baseRisk: "low" },
|
|
350
|
+
worktree: { baseRisk: "medium" },
|
|
351
|
+
},
|
|
352
|
+
},
|
|
353
|
+
|
|
354
|
+
// ── Package managers ───────────────────────────────────────────────────────
|
|
355
|
+
// DIVERGENCE: checker.ts lists `npm`, `npx`, `yarn`, `pnpm`, `bun`, `pip`,
|
|
356
|
+
// `pip3` as LOW_RISK. Our registry classifies them as medium (base) because
|
|
357
|
+
// they download and execute code, with subcommand-level overrides.
|
|
358
|
+
npm: {
|
|
359
|
+
baseRisk: "medium",
|
|
360
|
+
globalValueFlags: ["--prefix", "--userconfig", "--globalconfig", "--cache"],
|
|
361
|
+
subcommands: {
|
|
362
|
+
ls: { baseRisk: "low" },
|
|
363
|
+
list: { baseRisk: "low" },
|
|
364
|
+
outdated: { baseRisk: "low" },
|
|
365
|
+
view: { baseRisk: "low" },
|
|
366
|
+
info: { baseRisk: "low" },
|
|
367
|
+
install: {
|
|
368
|
+
baseRisk: "medium",
|
|
369
|
+
reason: "Runs lifecycle scripts, downloads code",
|
|
370
|
+
},
|
|
371
|
+
ci: {
|
|
372
|
+
baseRisk: "medium",
|
|
373
|
+
reason: "Clean install, runs lifecycle scripts",
|
|
374
|
+
},
|
|
375
|
+
test: { baseRisk: "high", reason: "Executes arbitrary package scripts" },
|
|
376
|
+
run: { baseRisk: "high", reason: "Executes arbitrary package scripts" },
|
|
377
|
+
publish: { baseRisk: "high", reason: "Publishes package to registry" },
|
|
378
|
+
},
|
|
379
|
+
},
|
|
380
|
+
// DIVERGENCE: checker.ts lists `npx` as LOW_RISK. Our registry classifies it
|
|
381
|
+
// as high because it downloads and executes arbitrary packages.
|
|
382
|
+
npx: {
|
|
383
|
+
baseRisk: "high",
|
|
384
|
+
reason: "Downloads and executes arbitrary packages",
|
|
385
|
+
},
|
|
386
|
+
yarn: {
|
|
387
|
+
baseRisk: "medium",
|
|
388
|
+
subcommands: {
|
|
389
|
+
list: { baseRisk: "low" },
|
|
390
|
+
info: { baseRisk: "low" },
|
|
391
|
+
why: { baseRisk: "low" },
|
|
392
|
+
install: { baseRisk: "medium" },
|
|
393
|
+
add: { baseRisk: "medium" },
|
|
394
|
+
test: { baseRisk: "high", reason: "Executes arbitrary package scripts" },
|
|
395
|
+
run: { baseRisk: "high", reason: "Executes arbitrary package scripts" },
|
|
396
|
+
},
|
|
397
|
+
},
|
|
398
|
+
pnpm: {
|
|
399
|
+
baseRisk: "medium",
|
|
400
|
+
subcommands: {
|
|
401
|
+
list: { baseRisk: "low" },
|
|
402
|
+
install: { baseRisk: "medium" },
|
|
403
|
+
add: { baseRisk: "medium" },
|
|
404
|
+
test: { baseRisk: "high", reason: "Executes arbitrary package scripts" },
|
|
405
|
+
run: { baseRisk: "high", reason: "Executes arbitrary package scripts" },
|
|
406
|
+
},
|
|
407
|
+
},
|
|
408
|
+
// DIVERGENCE: checker.ts lists `bun` as LOW_RISK. Our registry classifies it
|
|
409
|
+
// as medium (base) with subcommand overrides because it can execute code.
|
|
410
|
+
bun: {
|
|
411
|
+
baseRisk: "medium",
|
|
412
|
+
subcommands: {
|
|
413
|
+
install: { baseRisk: "medium" },
|
|
414
|
+
add: { baseRisk: "medium" },
|
|
415
|
+
test: { baseRisk: "high", reason: "Executes arbitrary test code" },
|
|
416
|
+
run: { baseRisk: "high", reason: "Executes arbitrary scripts" },
|
|
417
|
+
},
|
|
418
|
+
},
|
|
419
|
+
pip: {
|
|
420
|
+
baseRisk: "medium",
|
|
421
|
+
subcommands: {
|
|
422
|
+
list: { baseRisk: "low" },
|
|
423
|
+
show: { baseRisk: "low" },
|
|
424
|
+
install: { baseRisk: "medium" },
|
|
425
|
+
},
|
|
426
|
+
},
|
|
427
|
+
pip3: {
|
|
428
|
+
baseRisk: "medium",
|
|
429
|
+
subcommands: {
|
|
430
|
+
list: { baseRisk: "low" },
|
|
431
|
+
show: { baseRisk: "low" },
|
|
432
|
+
install: { baseRisk: "medium" },
|
|
433
|
+
},
|
|
434
|
+
},
|
|
435
|
+
brew: {
|
|
436
|
+
baseRisk: "medium",
|
|
437
|
+
subcommands: {
|
|
438
|
+
list: { baseRisk: "low" },
|
|
439
|
+
info: { baseRisk: "low" },
|
|
440
|
+
search: { baseRisk: "low" },
|
|
441
|
+
install: { baseRisk: "medium" },
|
|
442
|
+
uninstall: { baseRisk: "high" },
|
|
443
|
+
},
|
|
444
|
+
},
|
|
445
|
+
cargo: {
|
|
446
|
+
baseRisk: "medium",
|
|
447
|
+
subcommands: {
|
|
448
|
+
build: { baseRisk: "medium" },
|
|
449
|
+
test: { baseRisk: "high", reason: "Executes arbitrary test code" },
|
|
450
|
+
run: { baseRisk: "high", reason: "Compiles and executes code" },
|
|
451
|
+
},
|
|
452
|
+
},
|
|
453
|
+
|
|
454
|
+
// ── Build tools (inherently opaque) ────────────────────────────────────────
|
|
455
|
+
make: { baseRisk: "high", reason: "Executes arbitrary Makefile targets" },
|
|
456
|
+
|
|
457
|
+
// ── Language runtimes ──────────────────────────────────────────────────────
|
|
458
|
+
// DIVERGENCE: checker.ts lists `node` as LOW_RISK. Our registry classifies it
|
|
459
|
+
// as high because it executes arbitrary JavaScript.
|
|
460
|
+
node: {
|
|
461
|
+
baseRisk: "high",
|
|
462
|
+
reason: "Executes arbitrary JavaScript",
|
|
463
|
+
argRules: [
|
|
464
|
+
{
|
|
465
|
+
id: "node:version",
|
|
466
|
+
flags: ["--version", "-v"],
|
|
467
|
+
risk: "low",
|
|
468
|
+
reason: "Prints version",
|
|
469
|
+
},
|
|
470
|
+
{
|
|
471
|
+
id: "node:eval",
|
|
472
|
+
flags: ["-e", "--eval"],
|
|
473
|
+
risk: "high",
|
|
474
|
+
reason: "Evaluates inline JavaScript",
|
|
475
|
+
},
|
|
476
|
+
],
|
|
477
|
+
},
|
|
478
|
+
// DIVERGENCE: checker.ts lists `deno` as LOW_RISK. Our registry classifies it
|
|
479
|
+
// as high because it executes arbitrary code.
|
|
480
|
+
deno: { baseRisk: "high", reason: "Executes arbitrary code" },
|
|
481
|
+
// DIVERGENCE: checker.ts lists `python` and `python3` as LOW_RISK. Our registry
|
|
482
|
+
// classifies them as high because they execute arbitrary Python code.
|
|
483
|
+
python: {
|
|
484
|
+
baseRisk: "high",
|
|
485
|
+
reason: "Executes arbitrary Python code",
|
|
486
|
+
argRules: [
|
|
487
|
+
{
|
|
488
|
+
id: "python:version",
|
|
489
|
+
flags: ["--version", "-V"],
|
|
490
|
+
risk: "low",
|
|
491
|
+
reason: "Prints version",
|
|
492
|
+
},
|
|
493
|
+
],
|
|
494
|
+
},
|
|
495
|
+
python3: {
|
|
496
|
+
baseRisk: "high",
|
|
497
|
+
reason: "Executes arbitrary Python code",
|
|
498
|
+
argRules: [
|
|
499
|
+
{
|
|
500
|
+
id: "python3:version",
|
|
501
|
+
flags: ["--version", "-V"],
|
|
502
|
+
risk: "low",
|
|
503
|
+
reason: "Prints version",
|
|
504
|
+
},
|
|
505
|
+
],
|
|
506
|
+
},
|
|
507
|
+
ruby: { baseRisk: "high", reason: "Executes arbitrary Ruby code" },
|
|
508
|
+
go: {
|
|
509
|
+
// baseRisk is low (unlike npm's medium) because bare `go` prints help.
|
|
510
|
+
// Dangerous subcommands (run, test, generate, get) are handled individually.
|
|
511
|
+
baseRisk: "low",
|
|
512
|
+
subcommands: {
|
|
513
|
+
mod: { baseRisk: "low" },
|
|
514
|
+
vet: { baseRisk: "low" },
|
|
515
|
+
version: { baseRisk: "low" },
|
|
516
|
+
build: { baseRisk: "medium" },
|
|
517
|
+
test: { baseRisk: "high", reason: "Executes arbitrary test code" },
|
|
518
|
+
run: { baseRisk: "high", reason: "Compiles and executes Go code" },
|
|
519
|
+
get: {
|
|
520
|
+
baseRisk: "medium",
|
|
521
|
+
reason:
|
|
522
|
+
"Downloads and installs packages; may execute arbitrary code via tool directives",
|
|
523
|
+
},
|
|
524
|
+
generate: {
|
|
525
|
+
baseRisk: "high",
|
|
526
|
+
reason: "Runs arbitrary commands via //go:generate directives",
|
|
527
|
+
},
|
|
528
|
+
},
|
|
529
|
+
},
|
|
530
|
+
|
|
531
|
+
// ── Docker ─────────────────────────────────────────────────────────────────
|
|
532
|
+
docker: {
|
|
533
|
+
baseRisk: "medium",
|
|
534
|
+
globalValueFlags: ["--host", "-H", "--config", "--context", "--log-level"],
|
|
535
|
+
subcommands: {
|
|
536
|
+
ps: { baseRisk: "low" },
|
|
537
|
+
images: { baseRisk: "low" },
|
|
538
|
+
inspect: { baseRisk: "low" },
|
|
539
|
+
logs: { baseRisk: "low" },
|
|
540
|
+
info: { baseRisk: "low" },
|
|
541
|
+
version: { baseRisk: "low" },
|
|
542
|
+
build: { baseRisk: "medium" },
|
|
543
|
+
pull: { baseRisk: "medium" },
|
|
544
|
+
push: { baseRisk: "high", reason: "Pushes image to registry" },
|
|
545
|
+
run: {
|
|
546
|
+
baseRisk: "high",
|
|
547
|
+
reason: "Runs arbitrary container",
|
|
548
|
+
argRules: [
|
|
549
|
+
{
|
|
550
|
+
id: "docker-run:privileged",
|
|
551
|
+
flags: ["--privileged"],
|
|
552
|
+
risk: "high",
|
|
553
|
+
reason: "Privileged container with full host access",
|
|
554
|
+
},
|
|
555
|
+
{
|
|
556
|
+
id: "docker-run:volume-root",
|
|
557
|
+
flags: ["-v", "--volume"],
|
|
558
|
+
valuePattern: String.raw`^/:`,
|
|
559
|
+
risk: "high",
|
|
560
|
+
reason: "Mounts host root filesystem",
|
|
561
|
+
},
|
|
562
|
+
],
|
|
563
|
+
},
|
|
564
|
+
exec: {
|
|
565
|
+
baseRisk: "high",
|
|
566
|
+
reason: "Executes command in running container",
|
|
567
|
+
},
|
|
568
|
+
rm: { baseRisk: "high" },
|
|
569
|
+
rmi: { baseRisk: "high" },
|
|
570
|
+
stop: { baseRisk: "medium" },
|
|
571
|
+
start: { baseRisk: "medium" },
|
|
572
|
+
},
|
|
573
|
+
},
|
|
574
|
+
|
|
575
|
+
// ── Privilege / system ─────────────────────────────────────────────────────
|
|
576
|
+
sudo: {
|
|
577
|
+
baseRisk: "high",
|
|
578
|
+
isWrapper: true,
|
|
579
|
+
reason: "Elevates to superuser privileges",
|
|
580
|
+
},
|
|
581
|
+
su: { baseRisk: "high", reason: "Switches user identity" },
|
|
582
|
+
doas: {
|
|
583
|
+
baseRisk: "high",
|
|
584
|
+
isWrapper: true,
|
|
585
|
+
reason: "Elevates privileges (OpenBSD sudo alternative)",
|
|
586
|
+
},
|
|
587
|
+
chmod: { baseRisk: "high", reason: "Changes file permissions" },
|
|
588
|
+
chown: { baseRisk: "high", reason: "Changes file ownership" },
|
|
589
|
+
chgrp: { baseRisk: "high", reason: "Changes file group" },
|
|
590
|
+
mount: { baseRisk: "high", reason: "Mounts filesystem" },
|
|
591
|
+
umount: { baseRisk: "high", reason: "Unmounts filesystem" },
|
|
592
|
+
systemctl: { baseRisk: "high", reason: "Controls system services" },
|
|
593
|
+
service: { baseRisk: "high", reason: "Controls system services" },
|
|
594
|
+
launchctl: { baseRisk: "high", reason: "Controls macOS services" },
|
|
595
|
+
|
|
596
|
+
// ── User management ────────────────────────────────────────────────────────
|
|
597
|
+
useradd: { baseRisk: "high", reason: "Creates system user" },
|
|
598
|
+
userdel: { baseRisk: "high", reason: "Deletes system user" },
|
|
599
|
+
usermod: { baseRisk: "high", reason: "Modifies system user" },
|
|
600
|
+
groupadd: { baseRisk: "high", reason: "Creates system group" },
|
|
601
|
+
groupdel: { baseRisk: "high", reason: "Deletes system group" },
|
|
602
|
+
|
|
603
|
+
// ── Firewall ───────────────────────────────────────────────────────────────
|
|
604
|
+
iptables: { baseRisk: "high", reason: "Modifies firewall rules" },
|
|
605
|
+
ufw: { baseRisk: "high", reason: "Modifies firewall rules" },
|
|
606
|
+
"firewall-cmd": { baseRisk: "high", reason: "Modifies firewall rules" },
|
|
607
|
+
|
|
608
|
+
// ── System lifecycle ───────────────────────────────────────────────────────
|
|
609
|
+
reboot: { baseRisk: "high", reason: "Reboots the system" },
|
|
610
|
+
shutdown: { baseRisk: "high", reason: "Shuts down the system" },
|
|
611
|
+
halt: { baseRisk: "high", reason: "Halts the system" },
|
|
612
|
+
poweroff: { baseRisk: "high", reason: "Powers off the system" },
|
|
613
|
+
|
|
614
|
+
// ── Process management ─────────────────────────────────────────────────────
|
|
615
|
+
kill: { baseRisk: "high", reason: "Sends signal to process" },
|
|
616
|
+
killall: { baseRisk: "high", reason: "Kills processes by name" },
|
|
617
|
+
pkill: { baseRisk: "high", reason: "Kills processes by pattern" },
|
|
618
|
+
|
|
619
|
+
// ── Catastrophic ───────────────────────────────────────────────────────────
|
|
620
|
+
mkfs: { baseRisk: "high", reason: "Formats filesystem — destroys all data" },
|
|
621
|
+
dd: {
|
|
622
|
+
baseRisk: "high",
|
|
623
|
+
reason: "Low-level block device copy — can destroy disks",
|
|
624
|
+
},
|
|
625
|
+
fdisk: { baseRisk: "high", reason: "Modifies disk partitions" },
|
|
626
|
+
parted: { baseRisk: "high", reason: "Modifies disk partitions" },
|
|
627
|
+
|
|
628
|
+
// ── Wrapper commands ───────────────────────────────────────────────────────
|
|
629
|
+
// These unwrap to find and classify the inner command. The classifier takes
|
|
630
|
+
// max(wrapper.baseRisk, inner.risk).
|
|
631
|
+
env: { baseRisk: "low", isWrapper: true },
|
|
632
|
+
nice: { baseRisk: "low", isWrapper: true },
|
|
633
|
+
nohup: { baseRisk: "low", isWrapper: true },
|
|
634
|
+
timeout: {
|
|
635
|
+
baseRisk: "low",
|
|
636
|
+
isWrapper: true,
|
|
637
|
+
nonExecFlags: ["--help", "--version"],
|
|
638
|
+
},
|
|
639
|
+
time: { baseRisk: "low", isWrapper: true },
|
|
640
|
+
command: {
|
|
641
|
+
baseRisk: "low",
|
|
642
|
+
isWrapper: true,
|
|
643
|
+
nonExecFlags: ["-v", "-V"],
|
|
644
|
+
argRules: [
|
|
645
|
+
{
|
|
646
|
+
id: "command:lookup",
|
|
647
|
+
flags: ["-v", "-V"],
|
|
648
|
+
risk: "low",
|
|
649
|
+
reason: "Command lookup",
|
|
650
|
+
},
|
|
651
|
+
],
|
|
652
|
+
},
|
|
653
|
+
exec: {
|
|
654
|
+
baseRisk: "high",
|
|
655
|
+
isWrapper: true,
|
|
656
|
+
reason: "Replaces current shell process",
|
|
657
|
+
},
|
|
658
|
+
strace: {
|
|
659
|
+
baseRisk: "medium",
|
|
660
|
+
isWrapper: true,
|
|
661
|
+
reason: "Traces system calls",
|
|
662
|
+
},
|
|
663
|
+
ltrace: {
|
|
664
|
+
baseRisk: "medium",
|
|
665
|
+
isWrapper: true,
|
|
666
|
+
reason: "Traces library calls",
|
|
667
|
+
},
|
|
668
|
+
ionice: { baseRisk: "low", isWrapper: true },
|
|
669
|
+
taskset: { baseRisk: "low", isWrapper: true },
|
|
670
|
+
|
|
671
|
+
// ── Shell interpreters ──────────────────────────────────────────────────────
|
|
672
|
+
// These execute arbitrary code via -c, script files, or stdin.
|
|
673
|
+
bash: {
|
|
674
|
+
baseRisk: "high",
|
|
675
|
+
reason: "Executes arbitrary shell commands",
|
|
676
|
+
complexSyntax: true,
|
|
677
|
+
},
|
|
678
|
+
sh: {
|
|
679
|
+
baseRisk: "high",
|
|
680
|
+
reason: "Executes arbitrary shell commands",
|
|
681
|
+
complexSyntax: true,
|
|
682
|
+
},
|
|
683
|
+
zsh: {
|
|
684
|
+
baseRisk: "high",
|
|
685
|
+
reason: "Executes arbitrary shell commands",
|
|
686
|
+
complexSyntax: true,
|
|
687
|
+
},
|
|
688
|
+
dash: {
|
|
689
|
+
baseRisk: "high",
|
|
690
|
+
reason: "Executes arbitrary shell commands",
|
|
691
|
+
complexSyntax: true,
|
|
692
|
+
},
|
|
693
|
+
fish: {
|
|
694
|
+
baseRisk: "high",
|
|
695
|
+
reason: "Executes arbitrary shell commands",
|
|
696
|
+
complexSyntax: true,
|
|
697
|
+
},
|
|
698
|
+
|
|
699
|
+
// ── Package managers (additional) ──────────────────────────────────────────
|
|
700
|
+
"apt-get": { baseRisk: "high", reason: "Installs/removes system packages" },
|
|
701
|
+
apt: { baseRisk: "high", reason: "Installs/removes system packages" },
|
|
702
|
+
dnf: { baseRisk: "high", reason: "Installs/removes system packages" },
|
|
703
|
+
yum: { baseRisk: "high", reason: "Installs/removes system packages" },
|
|
704
|
+
pacman: { baseRisk: "high", reason: "Installs/removes system packages" },
|
|
705
|
+
apk: { baseRisk: "high", reason: "Installs/removes system packages" },
|
|
706
|
+
|
|
707
|
+
// ── Shell builtins ─────────────────────────────────────────────────────────
|
|
708
|
+
cd: { baseRisk: "low" },
|
|
709
|
+
pushd: { baseRisk: "low" },
|
|
710
|
+
popd: { baseRisk: "low" },
|
|
711
|
+
export: { baseRisk: "low" },
|
|
712
|
+
unset: { baseRisk: "low" },
|
|
713
|
+
alias: { baseRisk: "low" },
|
|
714
|
+
history: { baseRisk: "low" },
|
|
715
|
+
// DIVERGENCE: checker.ts lists `set` as LOW_RISK. Our registry classifies it
|
|
716
|
+
// as medium because it can modify shell options and behavior.
|
|
717
|
+
set: { baseRisk: "medium", reason: "Modifies shell options" },
|
|
718
|
+
source: { baseRisk: "high", reason: "Executes arbitrary shell script" },
|
|
719
|
+
eval: { baseRisk: "high", reason: "Evaluates arbitrary shell code" },
|
|
720
|
+
|
|
721
|
+
// ── Misc tools ─────────────────────────────────────────────────────────────
|
|
722
|
+
// DIVERGENCE: checker.ts lists `xargs` as LOW_RISK. Our registry classifies
|
|
723
|
+
// it as medium because it executes commands with piped arguments.
|
|
724
|
+
xargs: {
|
|
725
|
+
baseRisk: "medium",
|
|
726
|
+
complexSyntax: true,
|
|
727
|
+
reason: "Executes command with piped arguments",
|
|
728
|
+
},
|
|
729
|
+
tar: { baseRisk: "medium", complexSyntax: true },
|
|
730
|
+
zip: { baseRisk: "medium" },
|
|
731
|
+
unzip: { baseRisk: "medium" },
|
|
732
|
+
gzip: { baseRisk: "medium" },
|
|
733
|
+
gunzip: { baseRisk: "medium" },
|
|
734
|
+
|
|
735
|
+
// ── Version control tools ──────────────────────────────────────────────────
|
|
736
|
+
gh: {
|
|
737
|
+
baseRisk: "low",
|
|
738
|
+
globalValueFlags: ["--repo", "-R"],
|
|
739
|
+
subcommands: {
|
|
740
|
+
pr: {
|
|
741
|
+
baseRisk: "low",
|
|
742
|
+
subcommands: {
|
|
743
|
+
view: { baseRisk: "low" },
|
|
744
|
+
list: { baseRisk: "low" },
|
|
745
|
+
create: { baseRisk: "medium" },
|
|
746
|
+
merge: { baseRisk: "high", reason: "Merges pull request" },
|
|
747
|
+
},
|
|
748
|
+
},
|
|
749
|
+
issue: {
|
|
750
|
+
baseRisk: "low",
|
|
751
|
+
subcommands: {
|
|
752
|
+
view: { baseRisk: "low" },
|
|
753
|
+
list: { baseRisk: "low" },
|
|
754
|
+
create: { baseRisk: "medium" },
|
|
755
|
+
},
|
|
756
|
+
},
|
|
757
|
+
repo: {
|
|
758
|
+
baseRisk: "low",
|
|
759
|
+
subcommands: {
|
|
760
|
+
view: { baseRisk: "low" },
|
|
761
|
+
clone: { baseRisk: "low" },
|
|
762
|
+
create: { baseRisk: "high" },
|
|
763
|
+
delete: { baseRisk: "high" },
|
|
764
|
+
},
|
|
765
|
+
},
|
|
766
|
+
api: { baseRisk: "medium", reason: "Makes arbitrary GitHub API calls" },
|
|
767
|
+
},
|
|
768
|
+
},
|
|
769
|
+
|
|
770
|
+
// ── Vellum assistant CLI ───────────────────────────────────────────────────
|
|
771
|
+
// Classification matches classifyAssistantSubcommand() from checker.ts exactly.
|
|
772
|
+
assistant: {
|
|
773
|
+
baseRisk: "low",
|
|
774
|
+
subcommands: {
|
|
775
|
+
platform: { baseRisk: "low" },
|
|
776
|
+
backup: { baseRisk: "low" },
|
|
777
|
+
help: { baseRisk: "low" },
|
|
778
|
+
oauth: {
|
|
779
|
+
baseRisk: "low",
|
|
780
|
+
subcommands: {
|
|
781
|
+
token: { baseRisk: "high", reason: "Exposes OAuth token" },
|
|
782
|
+
mode: {
|
|
783
|
+
baseRisk: "low",
|
|
784
|
+
argRules: [
|
|
785
|
+
{
|
|
786
|
+
id: "assistant-oauth-mode:set",
|
|
787
|
+
flags: ["--set"],
|
|
788
|
+
risk: "high",
|
|
789
|
+
reason: "Changes OAuth mode",
|
|
790
|
+
},
|
|
791
|
+
],
|
|
792
|
+
},
|
|
793
|
+
request: { baseRisk: "medium", reason: "Makes OAuth request" },
|
|
794
|
+
connect: { baseRisk: "medium", reason: "Connects OAuth integration" },
|
|
795
|
+
disconnect: {
|
|
796
|
+
baseRisk: "medium",
|
|
797
|
+
reason: "Disconnects OAuth integration",
|
|
798
|
+
},
|
|
799
|
+
},
|
|
800
|
+
},
|
|
801
|
+
credentials: {
|
|
802
|
+
baseRisk: "low",
|
|
803
|
+
subcommands: {
|
|
804
|
+
reveal: { baseRisk: "high", reason: "Reveals credential value" },
|
|
805
|
+
set: { baseRisk: "high", reason: "Sets credential value" },
|
|
806
|
+
delete: { baseRisk: "high", reason: "Deletes credential" },
|
|
807
|
+
},
|
|
808
|
+
},
|
|
809
|
+
keys: {
|
|
810
|
+
baseRisk: "low",
|
|
811
|
+
subcommands: {
|
|
812
|
+
set: { baseRisk: "high", reason: "Sets key value" },
|
|
813
|
+
delete: { baseRisk: "high", reason: "Deletes key" },
|
|
814
|
+
},
|
|
815
|
+
},
|
|
816
|
+
trust: {
|
|
817
|
+
baseRisk: "low",
|
|
818
|
+
subcommands: {
|
|
819
|
+
remove: { baseRisk: "high", reason: "Removes trust rule" },
|
|
820
|
+
clear: { baseRisk: "high", reason: "Clears all trust rules" },
|
|
821
|
+
},
|
|
822
|
+
},
|
|
823
|
+
},
|
|
824
|
+
},
|
|
825
|
+
} satisfies Record<string, CommandRiskSpec>;
|