@vellumai/assistant 0.6.4 → 0.6.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.prettierignore +5 -0
- package/AGENTS.md +9 -1
- package/ARCHITECTURE.md +43 -49
- package/Dockerfile +17 -3
- package/README.md +3 -4
- package/__tests__/permissions/gateway-threshold-reader.test.ts +283 -0
- package/bun.lock +8 -3
- package/docs/architecture/integrations.md +33 -59
- package/docs/architecture/memory.md +25 -30
- package/docs/architecture/security.md +19 -18
- package/docs/browser-use-architecture-phase2.md +63 -20
- package/docs/error-handling.md +111 -0
- package/docs/plugins.md +761 -0
- package/docs/skills.md +10 -10
- package/docs/stt-provider-onboarding.md +2 -1
- package/examples/plugins/echo/README.md +132 -0
- package/examples/plugins/echo/package.json +17 -0
- package/examples/plugins/echo/register.ts +187 -0
- package/knip.json +9 -2
- package/node_modules/@vellumai/ces-contracts/package.json +2 -1
- package/node_modules/@vellumai/ces-contracts/src/__tests__/trust-rules.test.ts +471 -0
- package/node_modules/@vellumai/ces-contracts/src/trust-rules.ts +398 -4
- package/node_modules/@vellumai/credential-storage/bun.lock +2 -2
- package/node_modules/@vellumai/credential-storage/package.json +2 -2
- package/node_modules/@vellumai/credential-storage/src/oauth-runtime.ts +20 -2
- package/node_modules/@vellumai/egress-proxy/bun.lock +2 -2
- package/node_modules/@vellumai/egress-proxy/package.json +2 -2
- package/node_modules/@vellumai/egress-proxy/src/types.ts +19 -0
- package/openapi.yaml +334 -78
- package/package.json +6 -3
- package/scripts/generate-openapi.ts +50 -11
- package/src/__tests__/agent-loop-callsite-precedence.test.ts +318 -0
- package/src/__tests__/agent-loop-sentry-hygiene.test.ts +137 -0
- package/src/__tests__/agent-loop.test.ts +112 -1
- package/src/__tests__/anthropic-error-formatting.test.ts +98 -0
- package/src/__tests__/anthropic-provider.test.ts +171 -2
- package/src/__tests__/app-compiler.test.ts +57 -0
- package/src/__tests__/approval-cascade.test.ts +36 -10
- package/src/__tests__/approval-routes-http.test.ts +134 -10
- package/src/__tests__/assistant-attachments.test.ts +44 -0
- package/src/__tests__/assistant-feature-flags-integration.test.ts +29 -0
- package/src/__tests__/auto-analysis-end-to-end.test.ts +1 -0
- package/src/__tests__/avatar-generator.test.ts +4 -2
- package/src/__tests__/browser-fill-credential.test.ts +1 -1
- package/src/__tests__/browser-identifier-parity-guard.test.ts +53 -0
- package/src/__tests__/browser-skill-baseline-tool-payload.test.ts +23 -33
- package/src/__tests__/browser-skill-endstate.test.ts +51 -182
- package/src/__tests__/btw-routes.test.ts +47 -1
- package/src/__tests__/bundled-asset.test.ts +6 -6
- package/src/__tests__/call-controller.test.ts +1 -2
- package/src/__tests__/call-site-routing-provider.test.ts +214 -0
- package/src/__tests__/catalog-cache.test.ts +96 -4
- package/src/__tests__/channel-approval-routes.test.ts +4 -4
- package/src/__tests__/channel-reply-delivery.test.ts +300 -2
- package/src/__tests__/checker.test.ts +870 -655
- package/src/__tests__/circuit-breaker-pipeline.test.ts +406 -0
- package/src/__tests__/cli-command-risk-guard.test.ts +30 -33
- package/src/__tests__/compaction-events.test.ts +501 -0
- package/src/__tests__/compaction-pipeline.test.ts +210 -0
- package/src/__tests__/compaction-strip-metadata-clear.test.ts +181 -0
- package/src/__tests__/compaction-timeout-recovery.test.ts +262 -0
- package/src/__tests__/compaction.benchmark.test.ts +1 -1
- package/src/__tests__/config-analysis.test.ts +11 -28
- package/src/__tests__/config-loader-backfill.test.ts +174 -0
- package/src/__tests__/config-loader-corrupt.test.ts +183 -0
- package/src/__tests__/config-loader-quarantine-bulletin.test.ts +202 -0
- package/src/__tests__/config-model-image-provider.test.ts +110 -0
- package/src/__tests__/config-schema-cmd.test.ts +11 -5
- package/src/__tests__/config-schema.test.ts +440 -114
- package/src/__tests__/config-watcher-cleanup-throttle.test.ts +0 -4
- package/src/__tests__/config-watcher.test.ts +2 -2
- package/src/__tests__/contact-store-user-file.test.ts +72 -73
- package/src/__tests__/contacts-tools.test.ts +26 -0
- package/src/__tests__/contacts-write.test.ts +4 -4
- package/src/__tests__/context-overflow-policy.test.ts +7 -7
- package/src/__tests__/context-token-estimator.test.ts +191 -1
- package/src/__tests__/context-window-manager.test.ts +883 -4
- package/src/__tests__/conversation-abort-tool-results.test.ts +32 -15
- package/src/__tests__/conversation-agent-loop-overflow.test.ts +86 -46
- package/src/__tests__/conversation-agent-loop.test.ts +435 -216
- package/src/__tests__/conversation-attachments.test.ts +1 -1
- package/src/__tests__/conversation-confirmation-signals.test.ts +36 -10
- package/src/__tests__/conversation-error.test.ts +37 -6
- package/src/__tests__/conversation-history-web-search.test.ts +7 -0
- package/src/__tests__/conversation-init.benchmark.test.ts +34 -12
- package/src/__tests__/conversation-lifecycle.test.ts +336 -0
- package/src/__tests__/conversation-load-history-repair.test.ts +27 -10
- package/src/__tests__/conversation-pairing.test.ts +174 -10
- package/src/__tests__/conversation-pre-run-repair.test.ts +32 -15
- package/src/__tests__/conversation-process-callsite.test.ts +309 -0
- package/src/__tests__/conversation-provider-retry-repair.test.ts +44 -21
- package/src/__tests__/conversation-queue.test.ts +68 -38
- package/src/__tests__/conversation-routes-disk-view.test.ts +36 -7
- package/src/__tests__/conversation-routes-slash-commands.test.ts +31 -3
- package/src/__tests__/conversation-runtime-assembly.test.ts +2877 -152
- package/src/__tests__/conversation-runtime-workspace.test.ts +35 -50
- package/src/__tests__/conversation-seed-composer.test.ts +2 -2
- package/src/__tests__/conversation-skill-tools.test.ts +12 -146
- package/src/__tests__/conversation-slash-queue.test.ts +39 -19
- package/src/__tests__/conversation-slash-unknown.test.ts +53 -16
- package/src/__tests__/conversation-speed-override.test.ts +36 -12
- package/src/__tests__/conversation-surfaces-standalone-payloads.test.ts +1035 -0
- package/src/__tests__/conversation-surfaces-standalone.test.ts +630 -0
- package/src/__tests__/conversation-title-service.test.ts +118 -2
- package/src/__tests__/conversation-tool-setup-app-refresh.test.ts +41 -2
- package/src/__tests__/conversation-tool-setup-batch-authorized.test.ts +1 -1
- package/src/__tests__/conversation-unread-route.test.ts +2 -2
- package/src/__tests__/conversation-usage.test.ts +4 -2
- package/src/__tests__/conversation-workspace-cache-state.test.ts +33 -9
- package/src/__tests__/conversation-workspace-injection.test.ts +46 -15
- package/src/__tests__/conversation-workspace-tool-tracking.test.ts +46 -15
- package/src/__tests__/credential-broker-browser-fill.test.ts +110 -0
- package/src/__tests__/credential-health-service.test.ts +78 -9
- package/src/__tests__/credential-security-invariants.test.ts +5 -2
- package/src/__tests__/credential-storage-oauth-compat.test.ts +18 -0
- package/src/__tests__/credential-storage-static-compat.test.ts +28 -0
- package/src/__tests__/credential-vault-unit.test.ts +135 -19
- package/src/__tests__/credentials-cli.test.ts +1 -9
- package/src/__tests__/cross-provider-web-search.test.ts +84 -0
- package/src/__tests__/daemon-server-persist-and-process-callsite.test.ts +92 -0
- package/src/__tests__/db-schedule-syntax-migration.test.ts +1 -0
- package/src/__tests__/delete-propagation.test.ts +437 -0
- package/src/__tests__/dm-backfill.test.ts +417 -0
- package/src/__tests__/dm-persistence.test.ts +227 -0
- package/src/__tests__/edit-propagation.test.ts +280 -0
- package/src/__tests__/empty-response-pipeline.test.ts +305 -0
- package/src/__tests__/ephemeral-permissions.test.ts +93 -3
- package/src/__tests__/estimator-calibration-integration.test.ts +208 -0
- package/src/__tests__/estimator-calibration.test.ts +213 -0
- package/src/__tests__/extension-id-sync-guard.test.ts +29 -10
- package/src/__tests__/file-write-tool.test.ts +151 -1
- package/src/__tests__/filing-service.test.ts +255 -0
- package/src/__tests__/first-greeting.test.ts +247 -5
- package/src/__tests__/gemini-provider.test.ts +0 -3
- package/src/__tests__/guardian-grant-minting.test.ts +8 -0
- package/src/__tests__/headless-browser-interactions.test.ts +1 -1
- package/src/__tests__/headless-browser-mode.test.ts +57 -0
- package/src/__tests__/heartbeat-service.test.ts +96 -15
- package/src/__tests__/history-repair-pipeline.test.ts +399 -0
- package/src/__tests__/host-browser-e2e-cloud.test.ts +307 -0
- package/src/__tests__/host-browser-e2e-self-hosted.test.ts +3 -3
- package/src/__tests__/host-proxy-interface.test.ts +36 -2
- package/src/__tests__/host-shell-tool.test.ts +124 -18
- package/src/__tests__/http-user-message-parity.test.ts +29 -1
- package/src/__tests__/image-credentials.test.ts +137 -0
- package/src/__tests__/image-service-dispatcher.test.ts +186 -0
- package/src/__tests__/inbound-slack-persistence.test.ts +340 -0
- package/src/__tests__/injector-chain.test.ts +526 -0
- package/src/__tests__/intent-routing.test.ts +1 -66
- package/src/__tests__/llm-call-pipeline.test.ts +285 -0
- package/src/__tests__/llm-catalog-parity.test.ts +174 -0
- package/src/__tests__/llm-context-normalization.test.ts +121 -0
- package/src/__tests__/llm-resolver.test.ts +214 -0
- package/src/__tests__/llm-schema.test.ts +223 -0
- package/src/__tests__/managed-proxy-context.test.ts +6 -2
- package/src/__tests__/media-generate-image.test.ts +119 -13
- package/src/__tests__/memory-retrieval-pipeline.test.ts +401 -0
- package/src/__tests__/memory-upsert-concurrency.test.ts +1 -0
- package/src/__tests__/messaging-skill-split.test.ts +3 -34
- package/src/__tests__/migration-import-from-url.test.ts +621 -0
- package/src/__tests__/model-intents.test.ts +11 -83
- package/src/__tests__/notification-broadcaster.test.ts +3 -3
- package/src/__tests__/notification-decision-fallback.test.ts +0 -10
- package/src/__tests__/notification-decision-identity.test.ts +0 -9
- package/src/__tests__/notification-decision-recipient-context.test.ts +0 -9
- package/src/__tests__/notification-decision-strategy.test.ts +0 -11
- package/src/__tests__/notification-schedule-notify-dedup.test.ts +108 -0
- package/src/__tests__/oauth-apps-routes.test.ts +1 -1
- package/src/__tests__/oauth-cli.test.ts +14 -12
- package/src/__tests__/oauth-connect-orchestrator.test.ts +4 -13
- package/src/__tests__/oauth-provider-serializer.test.ts +6 -4
- package/src/__tests__/oauth-provider-visibility.test.ts +3 -5
- package/src/__tests__/oauth-providers-routes.test.ts +3 -2
- package/src/__tests__/oauth-store.test.ts +46 -78
- package/src/__tests__/oauth2-gateway-transport.test.ts +8 -3
- package/src/__tests__/oauth2-refresh-retry.test.ts +279 -0
- package/src/__tests__/onboarding-template-contract.test.ts +16 -64
- package/src/__tests__/openai-image-service.test.ts +368 -0
- package/src/__tests__/openai-provider.test.ts +7 -0
- package/src/__tests__/openai-responses-provider.test.ts +396 -0
- package/src/__tests__/openrouter-provider-only.test.ts +135 -0
- package/src/__tests__/outbound-slack-persistence.test.ts +293 -0
- package/src/__tests__/overflow-reduce-pipeline.test.ts +676 -0
- package/src/__tests__/permission-checker-host-gate.test.ts +1 -25
- package/src/__tests__/permission-mode.test.ts +16 -0
- package/src/__tests__/permission-types.test.ts +0 -1
- package/src/__tests__/persist-onboarding-artifacts.test.ts +266 -0
- package/src/__tests__/persistence-pipeline.test.ts +377 -0
- package/src/__tests__/persona-resolver.test.ts +13 -13
- package/src/__tests__/pipeline-runner.test.ts +565 -0
- package/src/__tests__/pkb-autoinject.test.ts +37 -1
- package/src/__tests__/platform-bash-auto-approve.test.ts +1 -1
- package/src/__tests__/platform.test.ts +5 -2
- package/src/__tests__/plugin-bootstrap.test.ts +483 -0
- package/src/__tests__/plugin-registry.test.ts +273 -0
- package/src/__tests__/plugin-route-contribution.test.ts +288 -0
- package/src/__tests__/plugin-skill-contribution.test.ts +367 -0
- package/src/__tests__/plugin-tool-contribution.test.ts +286 -0
- package/src/__tests__/plugin-types.test.ts +320 -0
- package/src/__tests__/pricing.test.ts +93 -14
- package/src/__tests__/profiler-routes.test.ts +1 -1
- package/src/__tests__/provider-commit-message-generator.test.ts +14 -84
- package/src/__tests__/provider-env-vars-scope.test.ts +52 -0
- package/src/__tests__/provider-error-scenarios.test.ts +135 -6
- package/src/__tests__/provider-managed-proxy-integration.test.ts +42 -11
- package/src/__tests__/provider-registry-ollama.test.ts +1 -2
- package/src/__tests__/proxy-approval-callback.test.ts +69 -9
- package/src/__tests__/reaction-persistence.test.ts +561 -0
- package/src/__tests__/regenerate-fire-and-forget-trace.test.ts +1 -0
- package/src/__tests__/registry.test.ts +0 -2
- package/src/__tests__/relay-server.test.ts +1 -1
- package/src/__tests__/require-fresh-approval.test.ts +1 -1
- package/src/__tests__/retry-openrouter-only-normalization.test.ts +136 -0
- package/src/__tests__/retry-thinking-tool-choice.test.ts +226 -0
- package/src/__tests__/risk-classifier-parity.test.ts +230 -0
- package/src/__tests__/sanitize-config-for-transfer.test.ts +78 -1
- package/src/__tests__/schedule-routes.test.ts +131 -1
- package/src/__tests__/scheduler-recurrence.test.ts +14 -70
- package/src/__tests__/scheduler-reuse-conversation.test.ts +10 -50
- package/src/__tests__/secret-detection-handler.test.ts +0 -10
- package/src/__tests__/secret-ingress-http.test.ts +28 -0
- package/src/__tests__/secret-prompter-channel-fallback.test.ts +125 -0
- package/src/__tests__/secret-routes-managed-proxy.test.ts +2 -3
- package/src/__tests__/secret-scanner-executor.test.ts +1 -1
- package/src/__tests__/send-endpoint-busy.test.ts +29 -1
- package/src/__tests__/server-history-render.test.ts +31 -0
- package/src/__tests__/shell-identity.test.ts +0 -134
- package/src/__tests__/shell-parser-property.test.ts +13 -13
- package/src/__tests__/skill-cache-store.test.ts +182 -0
- package/src/__tests__/skills.test.ts +19 -33
- package/src/__tests__/slack-app-setup-skill-regression.test.ts +3 -1
- package/src/__tests__/slack-skill.test.ts +3 -8
- package/src/__tests__/starter-bundle.test.ts +35 -0
- package/src/__tests__/subagent-call-site-routing.test.ts +280 -0
- package/src/__tests__/suggestion-routes.test.ts +259 -3
- package/src/__tests__/system-prompt.test.ts +22 -35
- package/src/__tests__/task-memory-cleanup.test.ts +1 -0
- package/src/__tests__/task-runner.test.ts +3 -1
- package/src/__tests__/task-scheduler.test.ts +3 -15
- package/src/__tests__/tcc-sandbox-deny.test.ts +198 -0
- package/src/__tests__/terminal-tools.test.ts +8 -0
- package/src/__tests__/test-preload.ts +11 -0
- package/src/__tests__/test-support/browser-skill-harness.ts +2 -52
- package/src/__tests__/thread-backfill.test.ts +941 -0
- package/src/__tests__/title-generate-pipeline.test.ts +224 -0
- package/src/__tests__/token-estimate-pipeline.test.ts +431 -0
- package/src/__tests__/tool-error-pipeline.test.ts +244 -0
- package/src/__tests__/tool-execute-pipeline.test.ts +431 -0
- package/src/__tests__/tool-execution-pipeline.benchmark.test.ts +2 -8
- package/src/__tests__/tool-executor-lifecycle-events.test.ts +2 -2
- package/src/__tests__/tool-executor-shell-integration.test.ts +7 -10
- package/src/__tests__/tool-executor.test.ts +201 -94
- package/src/__tests__/tool-result-truncate-pipeline.test.ts +356 -0
- package/src/__tests__/tool-result-truncation.test.ts +0 -110
- package/src/__tests__/trust-store.test.ts +442 -109
- package/src/__tests__/update-bulletin-job.test.ts +389 -0
- package/src/__tests__/usage-cache-backfill-migration.test.ts +3 -1
- package/src/__tests__/user-plugin-loader.test.ts +191 -0
- package/src/__tests__/verification-control-plane-policy.test.ts +1 -22
- package/src/__tests__/voice-session-bridge.test.ts +39 -0
- package/src/__tests__/volume-security-guard.test.ts +3 -2
- package/src/__tests__/web-search-history.test.ts +337 -0
- package/src/__tests__/workspace-migration-039-drop-legacy-llm-keys.test.ts +343 -0
- package/src/__tests__/workspace-migration-043-release-notes-latex-rendering.test.ts +202 -0
- package/src/__tests__/workspace-migration-045-release-notes-meet-avatar.test.ts +210 -0
- package/src/__tests__/workspace-migration-046-seed-conversation-starters-callsite.test.ts +185 -0
- package/src/__tests__/workspace-migration-049-release-notes-default-sonnet.test.ts +100 -0
- package/src/__tests__/workspace-migration-050-seed-main-agent-opus-callsite.test.ts +171 -0
- package/src/__tests__/workspace-migration-051-seed-conversation-summarization-callsite.test.ts +252 -0
- package/src/__tests__/workspace-migration-drop-user-md.test.ts +11 -11
- package/src/__tests__/workspace-migration-remove-hooks.test.ts +99 -0
- package/src/__tests__/workspace-migration-unify-llm-callsite-configs.test.ts +841 -0
- package/src/__tests__/workspace-policy.test.ts +22 -16
- package/src/acp/client-handler.ts +1 -2
- package/src/agent/loop.ts +545 -115
- package/src/approvals/__tests__/guardian-feed-event.test.ts +304 -0
- package/src/approvals/guardian-request-resolvers.ts +80 -0
- package/src/avatar/resvg-lazy.test.ts +136 -0
- package/src/avatar/resvg-lazy.ts +82 -9
- package/src/avatar/traits-png-sync.ts +21 -1
- package/src/backup/__tests__/backup-worker.test.ts +2 -13
- package/src/backup/backup-worker.ts +3 -15
- package/src/browser/__tests__/operations.test.ts +163 -0
- package/src/browser/identifiers.ts +51 -0
- package/src/browser/operations.ts +660 -0
- package/src/browser/types.ts +81 -0
- package/src/bundler/app-compiler.ts +84 -1
- package/src/calls/call-state.ts +2 -2
- package/src/calls/guardian-question-copy.ts +2 -2
- package/src/calls/telephony-stt-routing.ts +1 -1
- package/src/calls/voice-session-bridge.ts +1 -0
- package/src/channels/__tests__/types.test.ts +3 -3
- package/src/channels/types.ts +6 -4
- package/src/cli/AGENTS.md +1 -1
- package/src/cli/__tests__/notifications.test.ts +87 -211
- package/src/cli/commands/__tests__/attachment.test.ts +438 -0
- package/src/cli/commands/__tests__/backup.test.ts +1 -1
- package/src/cli/commands/__tests__/browser.test.ts +554 -0
- package/src/cli/commands/__tests__/cache.test.ts +623 -0
- package/src/cli/commands/__tests__/email-list.test.ts +6 -0
- package/src/cli/commands/__tests__/email-send.test.ts +93 -1
- package/src/cli/commands/__tests__/image-generation.test.ts +886 -0
- package/src/cli/commands/__tests__/inference-send.test.ts +463 -0
- package/src/cli/commands/__tests__/stt-transcribe.test.ts +454 -0
- package/src/cli/commands/__tests__/task.test.ts +913 -0
- package/src/cli/commands/__tests__/tts-synthesize.test.ts +606 -0
- package/src/cli/commands/__tests__/ui-confirm.test.ts +650 -0
- package/src/cli/commands/__tests__/ui.test.ts +1215 -0
- package/src/cli/commands/__tests__/watchers.test.ts +716 -0
- package/src/cli/commands/attachment.ts +182 -0
- package/src/cli/commands/backup.ts +2 -2
- package/src/cli/commands/browser.ts +350 -0
- package/src/cli/commands/cache.ts +341 -0
- package/src/cli/commands/clients.ts +138 -0
- package/src/cli/commands/completions.ts +2 -12
- package/src/cli/commands/config.ts +6 -6
- package/src/cli/commands/conversations-import.ts +347 -0
- package/src/cli/commands/conversations.ts +69 -8
- package/src/cli/commands/email.ts +234 -194
- package/src/cli/commands/image-generation.ts +299 -0
- package/src/cli/commands/inference.ts +200 -0
- package/src/cli/commands/memory.ts +127 -17
- package/src/cli/commands/notifications.ts +68 -103
- package/src/cli/commands/oauth/__tests__/providers-register.test.ts +1 -1
- package/src/cli/commands/oauth/__tests__/providers-update.test.ts +1 -1
- package/src/cli/commands/oauth/connect.ts +2 -2
- package/src/cli/commands/oauth/providers.ts +176 -8
- package/src/cli/commands/oauth/status.ts +46 -36
- package/src/cli/commands/platform/__tests__/callback-routes-list.test.ts +0 -1
- package/src/cli/commands/platform/__tests__/connect.test.ts +0 -1
- package/src/cli/commands/platform/__tests__/disconnect.test.ts +0 -1
- package/src/cli/commands/platform/__tests__/status.test.ts +0 -1
- package/src/cli/commands/skills.ts +3 -4
- package/src/cli/commands/stt.ts +339 -0
- package/src/cli/commands/task.ts +795 -0
- package/src/cli/commands/trust.ts +50 -19
- package/src/cli/commands/tts.ts +273 -0
- package/src/cli/commands/ui.ts +670 -0
- package/src/cli/commands/watchers.ts +509 -0
- package/src/cli/lib/daemon-credential-client.ts +0 -19
- package/src/cli/program.ts +39 -24
- package/src/cli.ts +0 -37
- package/src/config/__tests__/backup-schema.test.ts +7 -2
- package/src/config/bundled-skills/app-builder/SKILL.md +2 -2
- package/src/config/bundled-skills/app-builder/references/WIDGETS.md +10 -10
- package/src/config/bundled-skills/contacts/tools/contact-merge.ts +66 -87
- package/src/config/bundled-skills/contacts/tools/contact-search.ts +28 -51
- package/src/config/bundled-skills/contacts/tools/contact-upsert.ts +22 -40
- package/src/config/bundled-skills/image-studio/SKILL.md +2 -1
- package/src/config/bundled-skills/image-studio/TOOLS.json +2 -1
- package/src/config/bundled-skills/image-studio/tools/media-generate-image.ts +23 -39
- package/src/config/bundled-skills/media-processing/services/reduce.ts +1 -1
- package/src/config/bundled-skills/messaging/SKILL.md +5 -5
- package/src/config/bundled-skills/messaging/TOOLS.json +4 -0
- package/src/config/bundled-skills/messaging/tools/__tests__/messaging-feed-events.test.ts +207 -0
- package/src/config/bundled-skills/messaging/tools/messaging-archive-by-sender.ts +20 -1
- package/src/config/bundled-skills/messaging/tools/messaging-read.ts +15 -1
- package/src/config/bundled-skills/messaging/tools/messaging-search.ts +21 -1
- package/src/config/bundled-skills/messaging/tools/messaging-send.ts +69 -12
- package/src/config/bundled-skills/phone-calls/references/CONFIG.md +9 -8
- package/src/config/bundled-skills/schedule/SKILL.md +8 -3
- package/src/config/bundled-skills/schedule/TOOLS.json +15 -7
- package/src/config/bundled-skills/schedule/references/SCRIPT_MODE_PATTERNS.md +59 -0
- package/src/config/bundled-skills/settings/TOOLS.json +3 -3
- package/src/config/bundled-tool-registry.ts +0 -190
- package/src/config/env.ts +7 -2
- package/src/config/feature-flag-registry.json +42 -10
- package/src/config/llm-resolver.ts +128 -0
- package/src/config/loader.ts +194 -10
- package/src/config/raw-config-utils.ts +30 -2
- package/src/config/sanitize-for-transfer.ts +35 -0
- package/src/config/schema.ts +49 -41
- package/src/config/schemas/analysis.ts +3 -22
- package/src/config/schemas/backup.ts +1 -1
- package/src/config/schemas/calls.ts +0 -4
- package/src/config/schemas/conversations.ts +16 -0
- package/src/config/schemas/filing.ts +2 -7
- package/src/config/schemas/heartbeat.ts +0 -5
- package/src/config/schemas/inference.ts +3 -23
- package/src/config/schemas/llm.ts +317 -0
- package/src/config/schemas/memory-processing.ts +1 -9
- package/src/config/schemas/notifications.ts +4 -11
- package/src/config/schemas/platform.ts +3 -9
- package/src/config/schemas/security.ts +33 -0
- package/src/config/schemas/services.ts +9 -4
- package/src/config/schemas/stt.ts +1 -0
- package/src/config/schemas/tts.ts +64 -0
- package/src/config/schemas/updates.ts +1 -1
- package/src/config/schemas/workspace-git.ts +3 -40
- package/src/config/skill-state.ts +6 -2
- package/src/config/skills.ts +96 -7
- package/src/context/__tests__/compact-prompt.test.ts +63 -0
- package/src/context/__tests__/microcompact.test.ts +805 -0
- package/src/context/estimator-calibration.ts +136 -0
- package/src/context/microcompact.ts +443 -0
- package/src/context/prompts/compact.md +26 -0
- package/src/context/token-estimator.ts +61 -3
- package/src/context/tool-result-truncation.ts +3 -63
- package/src/context/window-manager.ts +417 -39
- package/src/credential-execution/approval-bridge.ts +0 -1
- package/src/credential-execution/executable-discovery.ts +19 -8
- package/src/credential-execution/process-manager.test.ts +109 -0
- package/src/credential-execution/process-manager.ts +65 -2
- package/src/credential-health/credential-health-service.ts +19 -6
- package/src/daemon/__tests__/conversation-feed-event.test.ts +317 -0
- package/src/daemon/__tests__/conversation-lifecycle-auto-analyze.test.ts +4 -12
- package/src/daemon/__tests__/conversation-tool-setup.test.ts +14 -15
- package/src/daemon/approval-generators.ts +29 -4
- package/src/daemon/assistant-attachments.ts +24 -13
- package/src/daemon/classifier.ts +2 -2
- package/src/daemon/config-watcher.ts +0 -3
- package/src/daemon/context-overflow-policy.ts +4 -13
- package/src/daemon/context-overflow-reducer.ts +4 -1
- package/src/daemon/conversation-agent-loop-handlers.ts +162 -34
- package/src/daemon/conversation-agent-loop.ts +1282 -599
- package/src/daemon/conversation-attachments.ts +2 -6
- package/src/daemon/conversation-error.ts +36 -1
- package/src/daemon/conversation-history.ts +10 -19
- package/src/daemon/conversation-lifecycle.ts +59 -17
- package/src/daemon/conversation-messaging.ts +73 -4
- package/src/daemon/conversation-notifiers.ts +2 -110
- package/src/daemon/conversation-process.ts +24 -11
- package/src/daemon/conversation-queue-manager.ts +3 -0
- package/src/daemon/conversation-runtime-assembly.ts +1063 -211
- package/src/daemon/conversation-slash.ts +2 -2
- package/src/daemon/conversation-surfaces.ts +389 -1
- package/src/daemon/conversation-tool-setup.ts +51 -9
- package/src/daemon/conversation-usage.ts +1 -1
- package/src/daemon/conversation.ts +197 -64
- package/src/daemon/external-plugins-bootstrap.ts +478 -0
- package/src/daemon/external-skills-bootstrap.ts +41 -0
- package/src/daemon/first-greeting.ts +191 -14
- package/src/daemon/guardian-action-generators.ts +34 -14
- package/src/daemon/handlers/config-model.test.ts +86 -0
- package/src/daemon/handlers/config-model.ts +65 -12
- package/src/daemon/handlers/conversations.ts +9 -2
- package/src/daemon/handlers/shared.ts +39 -11
- package/src/daemon/handlers/skills.ts +7 -3
- package/src/daemon/handlers/slack-channel-oauth-install.ts +197 -0
- package/src/daemon/lifecycle.ts +109 -82
- package/src/daemon/message-types/computer-use.ts +2 -34
- package/src/daemon/message-types/conversations.ts +63 -0
- package/src/daemon/message-types/messages.ts +21 -1
- package/src/daemon/message-types/trust.ts +0 -2
- package/src/daemon/parse-actual-tokens-from-error.test.ts +57 -1
- package/src/daemon/parse-actual-tokens-from-error.ts +66 -0
- package/src/daemon/pkb-context-tracker.test.ts +169 -0
- package/src/daemon/pkb-context-tracker.ts +125 -0
- package/src/daemon/pkb-reminder-builder.test.ts +70 -0
- package/src/daemon/pkb-reminder-builder.ts +31 -0
- package/src/daemon/providers-setup.ts +6 -0
- package/src/daemon/server.ts +122 -12
- package/src/daemon/shutdown-handlers.ts +2 -12
- package/src/daemon/tool-side-effects.ts +14 -65
- package/src/daemon/web-search-history.ts +126 -0
- package/src/events/domain-events.ts +0 -1
- package/src/filing/filing-service.ts +9 -10
- package/src/heartbeat/__tests__/heartbeat-feed-event.test.ts +160 -0
- package/src/heartbeat/heartbeat-service.ts +99 -28
- package/src/home/__tests__/feed-population-integration.test.ts +312 -0
- package/src/home/__tests__/feed-scheduler.test.ts +39 -11
- package/src/home/__tests__/rollup-producer.test.ts +44 -0
- package/src/home/assistant-feed-authoring.ts +4 -0
- package/src/home/emit-feed-event.ts +11 -0
- package/src/home/feed-scheduler.ts +20 -4
- package/src/home/feed-types.ts +97 -4
- package/src/home/relationship-state-writer.ts +2 -2
- package/src/home/rewrite-command-preview.ts +66 -0
- package/src/home/rollup-producer.ts +34 -5
- package/src/home/suggested-prompts.ts +101 -0
- package/src/ipc/__tests__/attachment-ipc.test.ts +213 -0
- package/src/ipc/__tests__/browser-ipc.test.ts +339 -0
- package/src/ipc/__tests__/cache-ipc.test.ts +266 -0
- package/src/ipc/__tests__/socket-path.test.ts +34 -0
- package/src/ipc/__tests__/task-ipc.test.ts +577 -0
- package/src/ipc/__tests__/ui-request-route.test.ts +495 -0
- package/src/ipc/__tests__/watcher-ipc.test.ts +295 -0
- package/src/ipc/cli-client.ts +2 -1
- package/src/ipc/cli-server.ts +26 -8
- package/src/ipc/gateway-client.ts +6 -3
- package/src/ipc/routes/attachment.ts +114 -0
- package/src/ipc/routes/browser-context.ts +63 -0
- package/src/ipc/routes/browser.ts +97 -0
- package/src/ipc/routes/cache.ts +96 -0
- package/src/ipc/routes/get-contact.ts +16 -0
- package/src/ipc/routes/index.ts +31 -1
- package/src/ipc/routes/list-clients.ts +31 -0
- package/src/ipc/routes/merge-contacts.ts +17 -0
- package/src/ipc/routes/notification.ts +133 -0
- package/src/ipc/routes/rename-conversation.ts +59 -0
- package/src/ipc/routes/search-contacts.ts +19 -0
- package/src/ipc/routes/task-queue.ts +226 -0
- package/src/ipc/routes/task.ts +173 -0
- package/src/ipc/routes/ui-request.ts +50 -0
- package/src/ipc/routes/upsert-contact.ts +25 -0
- package/src/ipc/routes/watcher.ts +203 -0
- package/src/ipc/socket-path.ts +76 -0
- package/src/media/app-icon-generator.ts +23 -46
- package/src/media/avatar-router.ts +26 -41
- package/src/media/gemini-image-service.ts +8 -41
- package/src/media/image-credentials.ts +73 -0
- package/src/media/image-service.ts +85 -0
- package/src/media/openai-image-service.ts +131 -0
- package/src/media/types.ts +46 -0
- package/src/memory/__tests__/conversation-analyze-job.test.ts +9 -8
- package/src/memory/__tests__/conversation-group-migration.test.ts +99 -0
- package/src/memory/admin.ts +18 -0
- package/src/memory/conversation-analyze-job.ts +14 -13
- package/src/memory/conversation-attention-store.ts +13 -6
- package/src/memory/conversation-crud.ts +133 -3
- package/src/memory/conversation-group-migration.ts +38 -6
- package/src/memory/conversation-queries.ts +57 -4
- package/src/memory/conversation-title-service.ts +32 -4
- package/src/memory/db-init.ts +10 -0
- package/src/memory/embedding-backend.ts +1 -1
- package/src/memory/embedding-gemini.test.ts +41 -2
- package/src/memory/embedding-gemini.ts +6 -1
- package/src/memory/graph/bootstrap.test.ts +282 -0
- package/src/memory/graph/bootstrap.ts +8 -5
- package/src/memory/graph/compaction.ts +299 -0
- package/src/memory/graph/consolidation.ts +4 -4
- package/src/memory/graph/conversation-graph-memory.ts +89 -29
- package/src/memory/graph/extraction.test.ts +272 -2
- package/src/memory/graph/extraction.ts +183 -53
- package/src/memory/graph/graph-search.test.ts +93 -0
- package/src/memory/graph/graph-search.ts +4 -1
- package/src/memory/graph/inspect.ts +2 -2
- package/src/memory/graph/narrative.ts +2 -2
- package/src/memory/graph/pattern-scan.ts +2 -2
- package/src/memory/graph/retriever.test.ts +459 -0
- package/src/memory/graph/retriever.ts +237 -48
- package/src/memory/graph/store.ts +41 -0
- package/src/memory/graph/tool-handlers.ts +27 -0
- package/src/memory/graph/tools.ts +6 -1
- package/src/memory/indexer.ts +5 -5
- package/src/memory/job-handlers/conversation-starters.ts +23 -20
- package/src/memory/job-handlers/summarization.ts +2 -2
- package/src/memory/job-utils.ts +7 -1
- package/src/memory/jobs/embed-pkb-file.test.ts +168 -0
- package/src/memory/jobs/embed-pkb-file.ts +54 -0
- package/src/memory/jobs-store.ts +44 -3
- package/src/memory/jobs-worker.ts +4 -0
- package/src/memory/migrations/041-approval-prompt-ts-tracker.ts +26 -0
- package/src/memory/migrations/140-backfill-usage-cache-accounting.ts +1 -1
- package/src/memory/migrations/149-oauth-tables.ts +1 -0
- package/src/memory/migrations/220-normalize-user-file-by-principal.ts +2 -2
- package/src/memory/migrations/222-strip-placeholder-sentinels-from-messages.ts +82 -0
- package/src/memory/migrations/223-schedule-script-column.ts +11 -0
- package/src/memory/migrations/224-oauth-providers-managed-service-is-paid.ts +24 -0
- package/src/memory/migrations/225-oauth-providers-available-scopes.ts +13 -0
- package/src/memory/migrations/index.ts +5 -0
- package/src/memory/pkb/pkb-index.test.ts +369 -0
- package/src/memory/pkb/pkb-index.ts +255 -0
- package/src/memory/pkb/pkb-reconcile.test.ts +252 -0
- package/src/memory/pkb/pkb-reconcile.ts +148 -0
- package/src/memory/pkb/pkb-search.test.ts +499 -0
- package/src/memory/pkb/pkb-search.ts +159 -0
- package/src/memory/pkb/types.ts +53 -0
- package/src/memory/qdrant-client.test.ts +60 -0
- package/src/memory/qdrant-client.ts +147 -1
- package/src/memory/schema/infrastructure.ts +1 -0
- package/src/memory/schema/oauth.ts +4 -1
- package/src/memory/slack-thread-store.ts +37 -0
- package/src/messaging/providers/gmail/adapter.ts +6 -16
- package/src/messaging/providers/gmail/client.ts +22 -0
- package/src/messaging/providers/gmail/types.ts +7 -0
- package/src/messaging/providers/slack/adapter.ts +14 -2
- package/src/messaging/providers/slack/backfill.test.ts +257 -0
- package/src/messaging/providers/slack/backfill.ts +101 -0
- package/src/messaging/providers/slack/message-metadata.test.ts +316 -0
- package/src/messaging/providers/slack/message-metadata.ts +123 -0
- package/src/messaging/providers/slack/render-transcript.test.ts +1421 -0
- package/src/messaging/providers/slack/render-transcript.ts +501 -0
- package/src/messaging/style-analyzer.ts +5 -2
- package/src/notifications/README.md +9 -5
- package/src/notifications/conversation-pairing.ts +78 -19
- package/src/notifications/copy-composer.ts +0 -5
- package/src/notifications/decision-engine.ts +3 -9
- package/src/notifications/emit-signal.ts +1 -1
- package/src/notifications/preference-extractor.ts +2 -6
- package/src/notifications/signal.ts +1 -2
- package/src/oauth/AGENTS.md +1 -1
- package/src/oauth/__tests__/identity-verifier.test.ts +2 -1
- package/src/oauth/connect-orchestrator.ts +8 -34
- package/src/oauth/connect-types.ts +6 -10
- package/src/oauth/manual-token-connection.ts +23 -0
- package/src/oauth/oauth-store.ts +31 -14
- package/src/oauth/platform-connection.test.ts +47 -0
- package/src/oauth/platform-connection.ts +15 -5
- package/src/oauth/provider-serializer.ts +6 -1
- package/src/oauth/seed-providers.ts +56 -106
- package/src/outbound-proxy/http-forwarder.ts +9 -0
- package/src/permissions/approval-policy.test.ts +1223 -0
- package/src/permissions/approval-policy.ts +309 -0
- package/src/permissions/arg-parser.test.ts +161 -0
- package/src/permissions/arg-parser.ts +141 -0
- package/src/permissions/bash-risk-classifier.test.ts +1620 -0
- package/src/permissions/bash-risk-classifier.ts +950 -0
- package/src/permissions/checker.ts +348 -711
- package/src/permissions/command-registry.test.ts +774 -0
- package/src/permissions/command-registry.ts +1005 -0
- package/src/permissions/defaults.ts +28 -79
- package/src/permissions/file-risk-classifier.test.ts +535 -0
- package/src/permissions/file-risk-classifier.ts +274 -0
- package/src/permissions/gateway-threshold-reader.ts +196 -0
- package/src/permissions/prompter.ts +4 -0
- package/src/permissions/risk-types.ts +262 -0
- package/src/permissions/schedule-risk-classifier.test.ts +129 -0
- package/src/permissions/schedule-risk-classifier.ts +85 -0
- package/src/permissions/secret-prompter.ts +53 -2
- package/src/permissions/shell-identity.ts +2 -42
- package/src/permissions/skill-risk-classifier.test.ts +311 -0
- package/src/permissions/skill-risk-classifier.ts +214 -0
- package/src/permissions/trust-client.ts +52 -25
- package/src/permissions/trust-store-interface.ts +1 -6
- package/src/permissions/trust-store.ts +161 -62
- package/src/permissions/types.ts +25 -14
- package/src/permissions/web-risk-classifier.test.ts +170 -0
- package/src/permissions/web-risk-classifier.ts +89 -0
- package/src/permissions/workspace-policy.ts +9 -19
- package/src/platform/client.ts +19 -1
- package/src/plugins/defaults/circuit-breaker.ts +146 -0
- package/src/plugins/defaults/compaction.ts +145 -0
- package/src/plugins/defaults/empty-response.ts +126 -0
- package/src/plugins/defaults/history-repair.ts +85 -0
- package/src/plugins/defaults/index.ts +116 -0
- package/src/plugins/defaults/injectors.ts +491 -0
- package/src/plugins/defaults/llm-call.ts +82 -0
- package/src/plugins/defaults/memory-retrieval.ts +226 -0
- package/src/plugins/defaults/overflow-reduce.ts +181 -0
- package/src/plugins/defaults/persistence.ts +129 -0
- package/src/plugins/defaults/title-generate.ts +95 -0
- package/src/plugins/defaults/token-estimate.ts +104 -0
- package/src/plugins/defaults/tool-error.ts +126 -0
- package/src/plugins/defaults/tool-execute.ts +89 -0
- package/src/plugins/defaults/tool-result-truncate.ts +88 -0
- package/src/plugins/pipeline.ts +316 -0
- package/src/plugins/plugin-skill-contributions.ts +292 -0
- package/src/plugins/registry.ts +241 -0
- package/src/plugins/types.ts +1134 -0
- package/src/plugins/user-loader.ts +177 -0
- package/src/prompts/persona-resolver.ts +3 -3
- package/src/prompts/system-prompt.ts +19 -20
- package/src/prompts/templates/BOOTSTRAP.md +27 -77
- package/src/prompts/templates/SOUL.md +2 -2
- package/src/prompts/update-bulletin-job.ts +190 -0
- package/src/providers/__tests__/context-overflow-error.test.ts +328 -0
- package/src/providers/__tests__/provider-env-vars.test.ts +102 -0
- package/src/providers/__tests__/retry-callsite.test.ts +424 -0
- package/src/providers/anthropic/client.ts +183 -14
- package/src/providers/call-site-routing.ts +71 -0
- package/src/providers/gemini/client.ts +65 -2
- package/src/providers/managed-proxy/constants.ts +2 -1
- package/src/providers/model-catalog.ts +524 -33
- package/src/providers/model-intents.ts +4 -4
- package/src/providers/openai/chat-completions-provider.ts +57 -1
- package/src/providers/openai/responses-provider.ts +86 -9
- package/src/providers/openrouter/client.ts +80 -9
- package/src/providers/provider-env-vars.ts +56 -0
- package/src/providers/provider-send-message.ts +22 -5
- package/src/providers/ratelimit.ts +4 -0
- package/src/providers/registry.ts +19 -8
- package/src/providers/retry.ts +174 -39
- package/src/providers/speech-to-text/__tests__/resolve.test.ts +55 -0
- package/src/providers/speech-to-text/deepgram-realtime.test.ts +61 -0
- package/src/providers/speech-to-text/deepgram-realtime.ts +57 -0
- package/src/providers/speech-to-text/google-gemini-live-stream.ts +4 -4
- package/src/providers/speech-to-text/provider-catalog.ts +17 -0
- package/src/providers/speech-to-text/resolve.ts +7 -0
- package/src/providers/speech-to-text/xai-realtime.test.ts +646 -0
- package/src/providers/speech-to-text/xai-realtime.ts +821 -0
- package/src/providers/speech-to-text/xai.test.ts +155 -0
- package/src/providers/speech-to-text/xai.ts +97 -0
- package/src/providers/types.ts +93 -3
- package/src/runtime/AGENTS.md +27 -18
- package/src/runtime/__tests__/agent-wake.test.ts +43 -2
- package/src/runtime/__tests__/browser-extension-pair-routes.test.ts +3 -3
- package/src/runtime/__tests__/client-registry.test.ts +293 -0
- package/src/runtime/__tests__/interactive-ui.test.ts +673 -0
- package/src/runtime/agent-wake.ts +63 -22
- package/src/runtime/auth/route-policy.ts +4 -0
- package/src/runtime/btw-sidechain.ts +13 -3
- package/src/runtime/channel-reply-delivery.ts +106 -2
- package/src/runtime/client-registry.ts +261 -0
- package/src/runtime/decision-token.ts +116 -0
- package/src/runtime/gateway-client.ts +2 -2
- package/src/runtime/http-router.ts +32 -0
- package/src/runtime/http-server.ts +129 -9
- package/src/runtime/http-types.ts +23 -3
- package/src/runtime/interactive-ui.ts +362 -0
- package/src/runtime/invite-instruction-generator.ts +2 -2
- package/src/runtime/migrations/__tests__/gcs-signed-url.test.ts +176 -0
- package/src/runtime/migrations/__tests__/vbundle-metadata-merge-integration.test.ts +390 -0
- package/src/runtime/migrations/__tests__/vbundle-metadata-merge.test.ts +221 -0
- package/src/runtime/migrations/__tests__/vbundle-streaming-importer.test.ts +1540 -0
- package/src/runtime/migrations/__tests__/vbundle-streaming-validator.test.ts +453 -0
- package/src/runtime/migrations/__tests__/vbundle-tar-stream.test.ts +222 -0
- package/src/runtime/migrations/gcs-signed-url.ts +162 -0
- package/src/runtime/migrations/vbundle-builder.ts +1 -22
- package/src/runtime/migrations/vbundle-importer.ts +154 -9
- package/src/runtime/migrations/vbundle-metadata-merge.ts +124 -0
- package/src/runtime/migrations/vbundle-streaming-importer.ts +2522 -0
- package/src/runtime/migrations/vbundle-streaming-validator.ts +244 -0
- package/src/runtime/migrations/vbundle-tar-stream.ts +217 -0
- package/src/runtime/migrations/vbundle-validator.ts +15 -6
- package/src/runtime/routes/__tests__/home-feed-routes.test.ts +111 -0
- package/src/runtime/routes/__tests__/migration-import-credential-filter.test.ts +114 -75
- package/src/runtime/routes/__tests__/migration-vellum-metadata-reconcile.test.ts +246 -0
- package/src/runtime/routes/approval-prompt-ts-tracker.ts +78 -0
- package/src/runtime/routes/approval-routes.ts +29 -17
- package/src/runtime/routes/approval-strategies/guardian-callback-strategy.ts +9 -0
- package/src/runtime/routes/avatar-routes.ts +20 -4
- package/src/runtime/routes/browser-extension-pair-routes.ts +27 -8
- package/src/runtime/routes/btw-routes.ts +1 -4
- package/src/runtime/routes/conversation-management-routes.ts +20 -2
- package/src/runtime/routes/conversation-routes.ts +351 -138
- package/src/runtime/routes/debug-routes.ts +1 -1
- package/src/runtime/routes/diagnostics-routes.ts +6 -4
- package/src/runtime/routes/events-routes.ts +16 -0
- package/src/runtime/routes/guardian-approval-interception.ts +33 -3
- package/src/runtime/routes/guardian-approval-prompt.ts +13 -3
- package/src/runtime/routes/home-feed-routes.ts +120 -2
- package/src/runtime/routes/inbound-message-handler.ts +987 -2
- package/src/runtime/routes/inbound-stages/background-dispatch.test.ts +113 -2
- package/src/runtime/routes/inbound-stages/background-dispatch.ts +61 -3
- package/src/runtime/routes/inbound-stages/edit-intercept.ts +129 -6
- package/src/runtime/routes/integrations/slack/channel.ts +25 -3
- package/src/runtime/routes/llm-context-normalization.ts +23 -1
- package/src/runtime/routes/memory-item-routes.test.ts +1 -0
- package/src/runtime/routes/migration-routes.ts +720 -127
- package/src/runtime/routes/playground/__tests__/force-compact.test.ts +284 -0
- package/src/runtime/routes/playground/__tests__/guard.test.ts +80 -0
- package/src/runtime/routes/playground/__tests__/inject-failures.test.ts +294 -0
- package/src/runtime/routes/playground/__tests__/reset-circuit.test.ts +271 -0
- package/src/runtime/routes/playground/__tests__/seed-conversation.test.ts +202 -0
- package/src/runtime/routes/playground/__tests__/seeded-conversations.test.ts +309 -0
- package/src/runtime/routes/playground/__tests__/state.test.ts +224 -0
- package/src/runtime/routes/playground/conversation-not-found.ts +29 -0
- package/src/runtime/routes/playground/deps.ts +56 -0
- package/src/runtime/routes/playground/force-compact.ts +73 -0
- package/src/runtime/routes/playground/guard.ts +37 -0
- package/src/runtime/routes/playground/index.ts +28 -0
- package/src/runtime/routes/playground/inject-failures.ts +159 -0
- package/src/runtime/routes/playground/reset-circuit.ts +115 -0
- package/src/runtime/routes/playground/seed-conversation.ts +139 -0
- package/src/runtime/routes/playground/seeded-conversations.ts +78 -0
- package/src/runtime/routes/playground/state.ts +78 -0
- package/src/runtime/routes/schedule-routes.ts +89 -8
- package/src/runtime/routes/settings-routes.ts +4 -2
- package/src/runtime/routes/trust-rules-routes.ts +30 -14
- package/src/runtime/routes/work-items-routes.test.ts +1 -1
- package/src/runtime/routes/work-items-routes.ts +3 -2
- package/src/runtime/services/__tests__/analyze-conversation.test.ts +25 -43
- package/src/runtime/services/analyze-conversation.ts +12 -16
- package/src/runtime/skill-route-registry.ts +97 -15
- package/src/schedule/run-script.ts +68 -0
- package/src/schedule/schedule-store.ts +7 -1
- package/src/schedule/scheduler.ts +56 -8
- package/src/security/__tests__/provider-key-env-fallback.test.ts +119 -0
- package/src/security/__tests__/untrusted-content.test.ts +109 -0
- package/src/security/oauth2.ts +98 -35
- package/src/security/secure-keys.ts +7 -8
- package/src/security/token-manager.ts +27 -13
- package/src/security/untrusted-content.ts +102 -0
- package/src/skills/catalog-cache.ts +35 -9
- package/src/skills/catalog-install.ts +31 -3
- package/src/skills/skill-cache-store.ts +97 -0
- package/src/stt/__tests__/daemon-batch-transcriber.test.ts +76 -0
- package/src/stt/daemon-batch-transcriber.ts +33 -0
- package/src/stt/stt-stream-session.ts +8 -1
- package/src/stt/types.ts +5 -1
- package/src/subagent/manager.ts +41 -13
- package/src/tasks/ephemeral-permissions.ts +9 -4
- package/src/telemetry/usage-telemetry-reporter.ts +27 -5
- package/src/tools/browser/__tests__/browser-status.test.ts +234 -2
- package/src/tools/browser/browser-execution.ts +150 -54
- package/src/tools/browser/cdp-client/__tests__/extension-cdp-client.test.ts +230 -0
- package/src/tools/browser/cdp-client/__tests__/factory.test.ts +146 -3
- package/src/tools/browser/cdp-client/cdp-inspect/discovery.ts +22 -0
- package/src/tools/browser/cdp-client/extension-cdp-client.ts +54 -3
- package/src/tools/browser/cdp-client/factory.ts +15 -4
- package/src/tools/credentials/tool-policy.ts +39 -5
- package/src/tools/credentials/vault.ts +9 -4
- package/src/tools/executor.ts +129 -73
- package/src/tools/filesystem/write.ts +52 -0
- package/src/tools/host-terminal/host-shell.ts +45 -5
- package/src/tools/memory/register.test.ts +185 -0
- package/src/tools/memory/register.ts +3 -1
- package/src/tools/network/script-proxy/session-manager.ts +37 -1
- package/src/tools/network/web-fetch.ts +20 -10
- package/src/tools/network/web-search.ts +19 -4
- package/src/tools/permission-checker.ts +116 -46
- package/src/tools/policy-context.ts +29 -8
- package/src/tools/registry.ts +195 -6
- package/src/tools/schedule/create.ts +23 -8
- package/src/tools/schedule/update.ts +3 -1
- package/src/tools/secret-detection-handler.ts +0 -51
- package/src/tools/side-effects.ts +0 -11
- package/src/tools/skills/execute.ts +2 -2
- package/src/tools/skills/sandbox-runner.ts +5 -2
- package/src/tools/system/avatar-generator.ts +6 -2
- package/src/tools/terminal/backends/native.ts +51 -2
- package/src/tools/terminal/safe-env.ts +3 -2
- package/src/tools/terminal/shell.ts +1 -0
- package/src/tools/tool-manifest.ts +6 -21
- package/src/tools/types.ts +40 -5
- package/src/tools/verification-control-plane-policy.ts +1 -1
- package/src/tts/__tests__/provider-adapters.test.ts +240 -13
- package/src/tts/provider-catalog.ts +18 -0
- package/src/tts/providers/index.ts +2 -0
- package/src/tts/providers/xai-provider.ts +224 -0
- package/src/tts/types.ts +46 -0
- package/src/types/tar-stream.d.ts +66 -0
- package/src/util/json.ts +17 -0
- package/src/util/platform.ts +9 -4
- package/src/util/pricing.ts +41 -8
- package/src/watcher/engine.ts +1 -1
- package/src/watcher/providers/google-calendar.ts +134 -8
- package/src/watcher/providers/outlook-calendar.ts +42 -2
- package/src/workspace/git-service.ts +23 -4
- package/src/workspace/migrations/006-services-config.ts +2 -4
- package/src/workspace/migrations/022-move-hooks-to-workspace.ts +2 -3
- package/src/workspace/migrations/038-unify-llm-callsite-configs.ts +516 -0
- package/src/workspace/migrations/039-drop-legacy-llm-keys.ts +171 -0
- package/src/workspace/migrations/040-seed-latency-callsite-defaults.ts +154 -0
- package/src/workspace/migrations/041-backfill-google-gmail-settings-scope.ts +56 -0
- package/src/workspace/migrations/042-fix-backfill-google-gmail-settings-scope.ts +70 -0
- package/src/workspace/migrations/043-release-notes-latex-rendering.ts +75 -0
- package/src/workspace/migrations/044-bump-stale-provider-stream-timeout.ts +51 -0
- package/src/workspace/migrations/045-release-notes-meet-avatar.ts +130 -0
- package/src/workspace/migrations/046-seed-conversation-starters-callsite.ts +108 -0
- package/src/workspace/migrations/047-remove-watch-callsites.ts +54 -0
- package/src/workspace/migrations/048-remove-workspace-hooks.ts +81 -0
- package/src/workspace/migrations/049-release-notes-default-sonnet.ts +80 -0
- package/src/workspace/migrations/050-seed-main-agent-opus-callsite.ts +86 -0
- package/src/workspace/migrations/051-seed-conversation-summarization-callsite.ts +128 -0
- package/src/workspace/migrations/AGENTS.md +1 -1
- package/src/workspace/migrations/registry.ts +28 -0
- package/src/workspace/provider-commit-message-generator.ts +19 -38
- package/tsconfig.json +1 -1
- package/hook-templates/debug-prompt-logger/hook.json +0 -7
- package/hook-templates/debug-prompt-logger/run.sh +0 -66
- package/src/__tests__/context-overflow-approval.test.ts +0 -156
- package/src/__tests__/gmail-archive-fallback.test.ts +0 -193
- package/src/__tests__/gmail-archive-gate.test.ts +0 -246
- package/src/__tests__/gmail-preferences.test.ts +0 -117
- package/src/__tests__/hooks-blocking.test.ts +0 -178
- package/src/__tests__/hooks-cli.test.ts +0 -182
- package/src/__tests__/hooks-config.test.ts +0 -108
- package/src/__tests__/hooks-discovery.test.ts +0 -211
- package/src/__tests__/hooks-integration.test.ts +0 -196
- package/src/__tests__/hooks-manager.test.ts +0 -226
- package/src/__tests__/hooks-runner.test.ts +0 -175
- package/src/__tests__/hooks-settings.test.ts +0 -160
- package/src/__tests__/hooks-templates.test.ts +0 -169
- package/src/__tests__/hooks-ts-runner.test.ts +0 -170
- package/src/__tests__/hooks-watch.test.ts +0 -112
- package/src/__tests__/notification-schedule-dedup.test.ts +0 -213
- package/src/__tests__/oauth-scope-policy.test.ts +0 -180
- package/src/__tests__/outlook-attachments.test.ts +0 -301
- package/src/__tests__/outlook-automation-tools.test.ts +0 -425
- package/src/__tests__/outlook-categories.test.ts +0 -212
- package/src/__tests__/outlook-compose-tools.test.ts +0 -325
- package/src/__tests__/outlook-declutter-tools.test.ts +0 -585
- package/src/__tests__/outlook-follow-up.test.ts +0 -196
- package/src/__tests__/outlook-trash.test.ts +0 -77
- package/src/__tests__/outlook-unsubscribe.test.ts +0 -279
- package/src/__tests__/send-notification-tool.test.ts +0 -83
- package/src/__tests__/update-bulletin-format.test.ts +0 -181
- package/src/__tests__/update-bulletin-state.test.ts +0 -135
- package/src/__tests__/update-bulletin.test.ts +0 -478
- package/src/__tests__/update-template-contract.test.ts +0 -29
- package/src/cli/commands/doctor.ts +0 -341
- package/src/cli/commands/shotgun.ts +0 -266
- package/src/config/bundled-skills/browser/SKILL.md +0 -88
- package/src/config/bundled-skills/browser/TOOLS.json +0 -516
- package/src/config/bundled-skills/browser/tools/browser-attach.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-click.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-close.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-detach.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-extract.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-fill-credential.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-hover.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-navigate.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-press-key.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-screenshot.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-scroll.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-select-option.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-snapshot.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-status.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-type.ts +0 -12
- package/src/config/bundled-skills/browser/tools/browser-wait-for-download.ts +0 -49
- package/src/config/bundled-skills/browser/tools/browser-wait-for.ts +0 -12
- package/src/config/bundled-skills/chatgpt-import/SKILL.md +0 -27
- package/src/config/bundled-skills/chatgpt-import/TOOLS.json +0 -27
- package/src/config/bundled-skills/chatgpt-import/tools/chatgpt-import.ts +0 -378
- package/src/config/bundled-skills/conversations/SKILL.md +0 -20
- package/src/config/bundled-skills/conversations/TOOLS.json +0 -23
- package/src/config/bundled-skills/conversations/tools/rename-conversation.ts +0 -66
- package/src/config/bundled-skills/gmail/SKILL.md +0 -221
- package/src/config/bundled-skills/gmail/TOOLS.json +0 -588
- package/src/config/bundled-skills/gmail/tools/gmail-archive.ts +0 -256
- package/src/config/bundled-skills/gmail/tools/gmail-attachments.ts +0 -112
- package/src/config/bundled-skills/gmail/tools/gmail-draft.ts +0 -44
- package/src/config/bundled-skills/gmail/tools/gmail-filters.ts +0 -81
- package/src/config/bundled-skills/gmail/tools/gmail-follow-up.ts +0 -108
- package/src/config/bundled-skills/gmail/tools/gmail-forward.ts +0 -146
- package/src/config/bundled-skills/gmail/tools/gmail-label.ts +0 -53
- package/src/config/bundled-skills/gmail/tools/gmail-outreach-scan.ts +0 -347
- package/src/config/bundled-skills/gmail/tools/gmail-preferences-tool.ts +0 -59
- package/src/config/bundled-skills/gmail/tools/gmail-preferences.ts +0 -82
- package/src/config/bundled-skills/gmail/tools/gmail-send-draft.ts +0 -26
- package/src/config/bundled-skills/gmail/tools/gmail-sender-digest.ts +0 -347
- package/src/config/bundled-skills/gmail/tools/gmail-trash.ts +0 -29
- package/src/config/bundled-skills/gmail/tools/gmail-unsubscribe.ts +0 -122
- package/src/config/bundled-skills/gmail/tools/gmail-vacation.ts +0 -67
- package/src/config/bundled-skills/gmail/tools/scan-result-store.ts +0 -100
- package/src/config/bundled-skills/gmail/tools/shared.ts +0 -47
- package/src/config/bundled-skills/google-calendar/SKILL.md +0 -51
- package/src/config/bundled-skills/google-calendar/TOOLS.json +0 -226
- package/src/config/bundled-skills/google-calendar/calendar-client.ts +0 -223
- package/src/config/bundled-skills/google-calendar/tools/calendar-check-availability.ts +0 -27
- package/src/config/bundled-skills/google-calendar/tools/calendar-create-event.ts +0 -48
- package/src/config/bundled-skills/google-calendar/tools/calendar-get-event.ts +0 -19
- package/src/config/bundled-skills/google-calendar/tools/calendar-list-events.ts +0 -36
- package/src/config/bundled-skills/google-calendar/tools/calendar-rsvp.ts +0 -58
- package/src/config/bundled-skills/google-calendar/tools/shared.ts +0 -17
- package/src/config/bundled-skills/google-calendar/types.ts +0 -97
- package/src/config/bundled-skills/heartbeat/SKILL.md +0 -43
- package/src/config/bundled-skills/notifications/SKILL.md +0 -40
- package/src/config/bundled-skills/notifications/TOOLS.json +0 -80
- package/src/config/bundled-skills/notifications/tools/send-notification.ts +0 -152
- package/src/config/bundled-skills/notifications/tools/shared.ts +0 -13
- package/src/config/bundled-skills/outlook/SKILL.md +0 -196
- package/src/config/bundled-skills/outlook/TOOLS.json +0 -530
- package/src/config/bundled-skills/outlook/tools/outlook-attachments.ts +0 -85
- package/src/config/bundled-skills/outlook/tools/outlook-categories.ts +0 -77
- package/src/config/bundled-skills/outlook/tools/outlook-draft.ts +0 -84
- package/src/config/bundled-skills/outlook/tools/outlook-follow-up.ts +0 -94
- package/src/config/bundled-skills/outlook/tools/outlook-forward.ts +0 -49
- package/src/config/bundled-skills/outlook/tools/outlook-outreach-scan.ts +0 -237
- package/src/config/bundled-skills/outlook/tools/outlook-rules.ts +0 -161
- package/src/config/bundled-skills/outlook/tools/outlook-send-draft.ts +0 -32
- package/src/config/bundled-skills/outlook/tools/outlook-sender-digest.ts +0 -272
- package/src/config/bundled-skills/outlook/tools/outlook-trash.ts +0 -29
- package/src/config/bundled-skills/outlook/tools/outlook-unsubscribe.ts +0 -129
- package/src/config/bundled-skills/outlook/tools/outlook-vacation.ts +0 -87
- package/src/config/bundled-skills/outlook/tools/shared.ts +0 -20
- package/src/config/bundled-skills/outlook-calendar/SKILL.md +0 -51
- package/src/config/bundled-skills/outlook-calendar/TOOLS.json +0 -221
- package/src/config/bundled-skills/outlook-calendar/calendar-client.ts +0 -252
- package/src/config/bundled-skills/outlook-calendar/tools/outlook-calendar-check-availability.ts +0 -53
- package/src/config/bundled-skills/outlook-calendar/tools/outlook-calendar-create-event.ts +0 -74
- package/src/config/bundled-skills/outlook-calendar/tools/outlook-calendar-get-event.ts +0 -18
- package/src/config/bundled-skills/outlook-calendar/tools/outlook-calendar-list-events.ts +0 -46
- package/src/config/bundled-skills/outlook-calendar/tools/outlook-calendar-rsvp.ts +0 -36
- package/src/config/bundled-skills/outlook-calendar/tools/shared.ts +0 -17
- package/src/config/bundled-skills/outlook-calendar/types.ts +0 -120
- package/src/config/bundled-skills/screen-watch/SKILL.md +0 -27
- package/src/config/bundled-skills/screen-watch/TOOLS.json +0 -35
- package/src/config/bundled-skills/screen-watch/tools/start-screen-watch.ts +0 -12
- package/src/config/bundled-skills/skills-catalog/SKILL.md +0 -84
- package/src/config/bundled-skills/slack/SKILL.md +0 -108
- package/src/config/bundled-skills/tasks/SKILL.md +0 -37
- package/src/config/bundled-skills/tasks/TOOLS.json +0 -353
- package/src/config/bundled-skills/tasks/icon.svg +0 -34
- package/src/config/bundled-skills/tasks/tools/task-delete.ts +0 -12
- package/src/config/bundled-skills/tasks/tools/task-list-add.ts +0 -12
- package/src/config/bundled-skills/tasks/tools/task-list-remove.ts +0 -12
- package/src/config/bundled-skills/tasks/tools/task-list-show.ts +0 -12
- package/src/config/bundled-skills/tasks/tools/task-list-update.ts +0 -12
- package/src/config/bundled-skills/tasks/tools/task-list.ts +0 -12
- package/src/config/bundled-skills/tasks/tools/task-queue-run.ts +0 -12
- package/src/config/bundled-skills/tasks/tools/task-run.ts +0 -12
- package/src/config/bundled-skills/tasks/tools/task-save.ts +0 -12
- package/src/config/bundled-skills/watcher/SKILL.md +0 -31
- package/src/config/bundled-skills/watcher/TOOLS.json +0 -167
- package/src/config/bundled-skills/watcher/tools/watcher-create.ts +0 -12
- package/src/config/bundled-skills/watcher/tools/watcher-delete.ts +0 -12
- package/src/config/bundled-skills/watcher/tools/watcher-digest.ts +0 -12
- package/src/config/bundled-skills/watcher/tools/watcher-list.ts +0 -12
- package/src/config/bundled-skills/watcher/tools/watcher-update.ts +0 -12
- package/src/daemon/context-overflow-approval.ts +0 -52
- package/src/daemon/watch-handler.ts +0 -399
- package/src/hooks/cli.ts +0 -253
- package/src/hooks/config.ts +0 -100
- package/src/hooks/discovery.ts +0 -135
- package/src/hooks/manager.ts +0 -179
- package/src/hooks/runner.ts +0 -117
- package/src/hooks/templates.ts +0 -77
- package/src/hooks/types.ts +0 -75
- package/src/oauth/scope-policy.ts +0 -89
- package/src/prompts/templates/UPDATES.md +0 -50
- package/src/prompts/update-bulletin-format.ts +0 -85
- package/src/prompts/update-bulletin-state.ts +0 -58
- package/src/prompts/update-bulletin-template-path.ts +0 -13
- package/src/prompts/update-bulletin.ts +0 -139
- package/src/runtime/gateway-internal-client.ts +0 -94
- package/src/runtime/routes/watch-routes.ts +0 -156
- package/src/shared/provider-env-vars.ts +0 -19
- package/src/signals/shotgun.ts +0 -203
- package/src/tools/watch/screen-watch.ts +0 -144
- package/src/tools/watch/watch-state.ts +0 -142
- package/src/tools/watcher/create.ts +0 -86
- package/src/tools/watcher/delete.ts +0 -36
- package/src/tools/watcher/digest.ts +0 -54
- package/src/tools/watcher/list.ts +0 -83
- package/src/tools/watcher/update.ts +0 -71
|
@@ -0,0 +1,1005 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Default command registry for the bash risk classifier.
|
|
3
|
+
*
|
|
4
|
+
* A data-driven registry of ~100 commands with base risk levels, subcommand
|
|
5
|
+
* overrides, and arg-level rules. This is the "smart defaults" layer — users
|
|
6
|
+
* can override any entry via their personal rule store.
|
|
7
|
+
*
|
|
8
|
+
* Every program in checker.ts's LOW_RISK_PROGRAMS, HIGH_RISK_PROGRAMS,
|
|
9
|
+
* WRAPPER_PROGRAMS, and LOW_RISK_GIT_SUBCOMMANDS has a corresponding entry.
|
|
10
|
+
* Divergences from the existing checker classification are documented inline.
|
|
11
|
+
*
|
|
12
|
+
* @see /docs/bash-risk-classifier-design.md Section 6.2
|
|
13
|
+
*/
|
|
14
|
+
|
|
15
|
+
import type { CommandRiskSpec } from "./risk-types.js";
|
|
16
|
+
|
|
17
|
+
// ── Shared regex pattern constants ────────────────────────────────────────────
|
|
18
|
+
// These are used across multiple command entries. Stored as strings (not native
|
|
19
|
+
// RegExp) so they round-trip cleanly through JSON serialization.
|
|
20
|
+
|
|
21
|
+
/** Matches paths containing sensitive directories (.ssh, .gnupg, .aws, .config, .env). */
|
|
22
|
+
const SENSITIVE_PATHS = String.raw`(?:^|/)(?:\.ssh|\.gnupg|\.aws|\.config|\.env)\b`;
|
|
23
|
+
|
|
24
|
+
/** Matches system paths (/usr, /bin, /sbin, /lib, /boot, /dev, /proc, /sys). */
|
|
25
|
+
const SYSTEM_PATHS = String.raw`^/(?:usr|bin|sbin|lib|boot|dev|proc|sys)\b`;
|
|
26
|
+
|
|
27
|
+
/** Matches temp/relative paths (/tmp, /var/tmp, ./, ../). */
|
|
28
|
+
const TMP_PATHS = String.raw`^(?:/tmp|/var/tmp|\./|\.\.\/)`;
|
|
29
|
+
|
|
30
|
+
// ── Default command registry ──────────────────────────────────────────────────
|
|
31
|
+
|
|
32
|
+
export const DEFAULT_COMMAND_REGISTRY = {
|
|
33
|
+
// ── Read-only filesystem commands ──────────────────────────────────────────
|
|
34
|
+
ls: { baseRisk: "low", sandboxAutoApprove: true, argSchema: {} },
|
|
35
|
+
cat: {
|
|
36
|
+
baseRisk: "low",
|
|
37
|
+
sandboxAutoApprove: true,
|
|
38
|
+
argSchema: {},
|
|
39
|
+
argRules: [
|
|
40
|
+
{
|
|
41
|
+
id: "cat:sensitive",
|
|
42
|
+
valuePattern: SENSITIVE_PATHS,
|
|
43
|
+
risk: "high",
|
|
44
|
+
reason: "Reads sensitive file",
|
|
45
|
+
},
|
|
46
|
+
],
|
|
47
|
+
},
|
|
48
|
+
head: { baseRisk: "low", sandboxAutoApprove: true, argSchema: {} },
|
|
49
|
+
tail: { baseRisk: "low", sandboxAutoApprove: true, argSchema: {} },
|
|
50
|
+
less: { baseRisk: "low", sandboxAutoApprove: true, argSchema: {} },
|
|
51
|
+
more: { baseRisk: "low", sandboxAutoApprove: true, argSchema: {} },
|
|
52
|
+
wc: { baseRisk: "low", sandboxAutoApprove: true, argSchema: {} },
|
|
53
|
+
file: { baseRisk: "low", sandboxAutoApprove: true, argSchema: {} },
|
|
54
|
+
stat: { baseRisk: "low", sandboxAutoApprove: true, argSchema: {} },
|
|
55
|
+
du: { baseRisk: "low", sandboxAutoApprove: true, argSchema: {} },
|
|
56
|
+
df: { baseRisk: "low", sandboxAutoApprove: true, argSchema: {} },
|
|
57
|
+
diff: { baseRisk: "low", sandboxAutoApprove: true, argSchema: {} },
|
|
58
|
+
tree: { baseRisk: "low", sandboxAutoApprove: true, argSchema: {} },
|
|
59
|
+
pwd: {
|
|
60
|
+
baseRisk: "low",
|
|
61
|
+
sandboxAutoApprove: true,
|
|
62
|
+
argSchema: { positionals: "none" },
|
|
63
|
+
},
|
|
64
|
+
realpath: { baseRisk: "low", sandboxAutoApprove: true, argSchema: {} },
|
|
65
|
+
basename: { baseRisk: "low", sandboxAutoApprove: true, argSchema: {} },
|
|
66
|
+
dirname: { baseRisk: "low", sandboxAutoApprove: true, argSchema: {} },
|
|
67
|
+
readlink: { baseRisk: "low", sandboxAutoApprove: true, argSchema: {} },
|
|
68
|
+
|
|
69
|
+
// ── Search / filter / text processing ──────────────────────────────────────
|
|
70
|
+
grep: {
|
|
71
|
+
baseRisk: "low",
|
|
72
|
+
sandboxAutoApprove: true,
|
|
73
|
+
argSchema: {
|
|
74
|
+
positionals: [{ role: "pattern" }, { role: "path", rest: true }],
|
|
75
|
+
},
|
|
76
|
+
},
|
|
77
|
+
rg: {
|
|
78
|
+
baseRisk: "low",
|
|
79
|
+
sandboxAutoApprove: true,
|
|
80
|
+
argSchema: {
|
|
81
|
+
positionals: [{ role: "pattern" }, { role: "path", rest: true }],
|
|
82
|
+
},
|
|
83
|
+
},
|
|
84
|
+
ag: {
|
|
85
|
+
baseRisk: "low",
|
|
86
|
+
sandboxAutoApprove: true,
|
|
87
|
+
argSchema: {
|
|
88
|
+
positionals: [{ role: "pattern" }, { role: "path", rest: true }],
|
|
89
|
+
},
|
|
90
|
+
},
|
|
91
|
+
ack: {
|
|
92
|
+
baseRisk: "low",
|
|
93
|
+
sandboxAutoApprove: true,
|
|
94
|
+
argSchema: {
|
|
95
|
+
positionals: [{ role: "pattern" }, { role: "path", rest: true }],
|
|
96
|
+
},
|
|
97
|
+
},
|
|
98
|
+
sort: {
|
|
99
|
+
baseRisk: "low",
|
|
100
|
+
sandboxAutoApprove: true,
|
|
101
|
+
argSchema: {
|
|
102
|
+
valueFlags: ["-o", "--output"],
|
|
103
|
+
pathFlags: { "-o": true, "--output": true },
|
|
104
|
+
},
|
|
105
|
+
},
|
|
106
|
+
uniq: { baseRisk: "low", sandboxAutoApprove: true, argSchema: {} },
|
|
107
|
+
cut: { baseRisk: "low", sandboxAutoApprove: true, argSchema: {} },
|
|
108
|
+
tr: {
|
|
109
|
+
baseRisk: "low",
|
|
110
|
+
sandboxAutoApprove: true,
|
|
111
|
+
argSchema: { positionals: "none" },
|
|
112
|
+
},
|
|
113
|
+
sed: {
|
|
114
|
+
baseRisk: "medium",
|
|
115
|
+
reason: "Can write files or execute commands via sed scripts",
|
|
116
|
+
sandboxAutoApprove: true,
|
|
117
|
+
argSchema: {
|
|
118
|
+
positionals: [{ role: "script" }, { role: "path", rest: true }],
|
|
119
|
+
},
|
|
120
|
+
argRules: [
|
|
121
|
+
{
|
|
122
|
+
id: "sed:inplace",
|
|
123
|
+
flags: ["-i", "--in-place"],
|
|
124
|
+
risk: "medium",
|
|
125
|
+
reason: "Edits files in place",
|
|
126
|
+
},
|
|
127
|
+
],
|
|
128
|
+
},
|
|
129
|
+
awk: {
|
|
130
|
+
baseRisk: "medium",
|
|
131
|
+
argSchema: {
|
|
132
|
+
positionals: [{ role: "script" }, { role: "path", rest: true }],
|
|
133
|
+
},
|
|
134
|
+
complexSyntax: true,
|
|
135
|
+
reason: "Can execute shell commands via system()",
|
|
136
|
+
},
|
|
137
|
+
|
|
138
|
+
// ── System information (read-only) ─────────────────────────────────────────
|
|
139
|
+
echo: {
|
|
140
|
+
baseRisk: "low",
|
|
141
|
+
sandboxAutoApprove: true,
|
|
142
|
+
argSchema: { positionals: "none" },
|
|
143
|
+
},
|
|
144
|
+
printf: {
|
|
145
|
+
baseRisk: "low",
|
|
146
|
+
sandboxAutoApprove: true,
|
|
147
|
+
argSchema: { positionals: "none" },
|
|
148
|
+
},
|
|
149
|
+
whoami: { baseRisk: "low" },
|
|
150
|
+
uname: { baseRisk: "low" },
|
|
151
|
+
uptime: { baseRisk: "low" },
|
|
152
|
+
hostname: { baseRisk: "low" },
|
|
153
|
+
date: { baseRisk: "low" },
|
|
154
|
+
cal: { baseRisk: "low" },
|
|
155
|
+
id: { baseRisk: "low" },
|
|
156
|
+
ps: { baseRisk: "low" },
|
|
157
|
+
free: { baseRisk: "low" },
|
|
158
|
+
which: { baseRisk: "low" },
|
|
159
|
+
where: { baseRisk: "low" },
|
|
160
|
+
whereis: { baseRisk: "low" },
|
|
161
|
+
type: { baseRisk: "low" },
|
|
162
|
+
printenv: { baseRisk: "low" },
|
|
163
|
+
man: { baseRisk: "low" },
|
|
164
|
+
help: { baseRisk: "low" },
|
|
165
|
+
info: { baseRisk: "low" },
|
|
166
|
+
|
|
167
|
+
// ── Checksum / hex tools ───────────────────────────────────────────────────
|
|
168
|
+
sha256sum: { baseRisk: "low" },
|
|
169
|
+
md5sum: { baseRisk: "low" },
|
|
170
|
+
xxd: { baseRisk: "low" },
|
|
171
|
+
hexdump: { baseRisk: "low" },
|
|
172
|
+
|
|
173
|
+
// ── Data processing ────────────────────────────────────────────────────────
|
|
174
|
+
jq: { baseRisk: "low", sandboxAutoApprove: true, argSchema: {} },
|
|
175
|
+
yq: { baseRisk: "low", sandboxAutoApprove: true, argSchema: {} },
|
|
176
|
+
|
|
177
|
+
// ── Find ───────────────────────────────────────────────────────────────────
|
|
178
|
+
// DIVERGENCE: checker.ts lists `find` as LOW_RISK unconditionally. Our
|
|
179
|
+
// registry adds arg rules for -exec/-execdir/-delete which escalate to high.
|
|
180
|
+
find: {
|
|
181
|
+
baseRisk: "low",
|
|
182
|
+
argSchema: {
|
|
183
|
+
valueFlags: [
|
|
184
|
+
"-name",
|
|
185
|
+
"-iname",
|
|
186
|
+
"-path",
|
|
187
|
+
"-ipath",
|
|
188
|
+
"-regex",
|
|
189
|
+
"-iregex",
|
|
190
|
+
"-maxdepth",
|
|
191
|
+
"-mindepth",
|
|
192
|
+
"-newer",
|
|
193
|
+
"-user",
|
|
194
|
+
"-group",
|
|
195
|
+
"-printf",
|
|
196
|
+
"-fprintf",
|
|
197
|
+
],
|
|
198
|
+
},
|
|
199
|
+
complexSyntax: true,
|
|
200
|
+
argRules: [
|
|
201
|
+
{
|
|
202
|
+
id: "find:exec",
|
|
203
|
+
flags: ["-exec", "-execdir"],
|
|
204
|
+
risk: "high",
|
|
205
|
+
reason: "Executes arbitrary commands on matched files",
|
|
206
|
+
},
|
|
207
|
+
{
|
|
208
|
+
id: "find:delete",
|
|
209
|
+
flags: ["-delete"],
|
|
210
|
+
risk: "high",
|
|
211
|
+
reason: "Deletes matched files",
|
|
212
|
+
},
|
|
213
|
+
],
|
|
214
|
+
},
|
|
215
|
+
fd: { baseRisk: "low", sandboxAutoApprove: true, argSchema: {} },
|
|
216
|
+
|
|
217
|
+
// ── Write commands ─────────────────────────────────────────────────────────
|
|
218
|
+
cp: {
|
|
219
|
+
baseRisk: "medium",
|
|
220
|
+
sandboxAutoApprove: true,
|
|
221
|
+
argSchema: {
|
|
222
|
+
valueFlags: ["-t", "--target-directory"],
|
|
223
|
+
pathFlags: { "-t": true, "--target-directory": true },
|
|
224
|
+
},
|
|
225
|
+
argRules: [
|
|
226
|
+
{
|
|
227
|
+
id: "cp:system",
|
|
228
|
+
valuePattern: SYSTEM_PATHS,
|
|
229
|
+
risk: "high",
|
|
230
|
+
reason: "Copies to system path",
|
|
231
|
+
},
|
|
232
|
+
],
|
|
233
|
+
},
|
|
234
|
+
mv: {
|
|
235
|
+
baseRisk: "medium",
|
|
236
|
+
sandboxAutoApprove: true,
|
|
237
|
+
argSchema: {},
|
|
238
|
+
argRules: [
|
|
239
|
+
{
|
|
240
|
+
id: "mv:system",
|
|
241
|
+
valuePattern: SYSTEM_PATHS,
|
|
242
|
+
risk: "high",
|
|
243
|
+
reason: "Moves to system path",
|
|
244
|
+
},
|
|
245
|
+
],
|
|
246
|
+
},
|
|
247
|
+
mkdir: { baseRisk: "medium", sandboxAutoApprove: true, argSchema: {} },
|
|
248
|
+
touch: { baseRisk: "medium", sandboxAutoApprove: true, argSchema: {} },
|
|
249
|
+
ln: {
|
|
250
|
+
baseRisk: "medium",
|
|
251
|
+
sandboxAutoApprove: true,
|
|
252
|
+
argSchema: {
|
|
253
|
+
valueFlags: ["-t", "--target-directory"],
|
|
254
|
+
pathFlags: { "-t": true, "--target-directory": true },
|
|
255
|
+
},
|
|
256
|
+
},
|
|
257
|
+
// DIVERGENCE: checker.ts lists `tee` as LOW_RISK. Our registry classifies
|
|
258
|
+
// it as medium because it writes to files.
|
|
259
|
+
tee: { baseRisk: "medium", sandboxAutoApprove: true, argSchema: {} },
|
|
260
|
+
|
|
261
|
+
// ── Delete commands ────────────────────────────────────────────────────────
|
|
262
|
+
rm: {
|
|
263
|
+
baseRisk: "high",
|
|
264
|
+
sandboxAutoApprove: true,
|
|
265
|
+
argSchema: {},
|
|
266
|
+
argRules: [
|
|
267
|
+
{
|
|
268
|
+
id: "rm:recursive-force",
|
|
269
|
+
flags: ["-rf", "-fr", "-Rf", "-fR"],
|
|
270
|
+
risk: "high",
|
|
271
|
+
reason: "Recursive force delete",
|
|
272
|
+
},
|
|
273
|
+
{
|
|
274
|
+
id: "rm:recursive",
|
|
275
|
+
flags: ["-r", "-R", "--recursive"],
|
|
276
|
+
risk: "high",
|
|
277
|
+
reason: "Recursive delete",
|
|
278
|
+
},
|
|
279
|
+
{
|
|
280
|
+
id: "rm:tmp",
|
|
281
|
+
valuePattern: TMP_PATHS,
|
|
282
|
+
risk: "medium",
|
|
283
|
+
reason: "Removes temp files",
|
|
284
|
+
},
|
|
285
|
+
{
|
|
286
|
+
id: "rm:system",
|
|
287
|
+
valuePattern: SYSTEM_PATHS,
|
|
288
|
+
risk: "high",
|
|
289
|
+
reason: "Removes system files",
|
|
290
|
+
},
|
|
291
|
+
{
|
|
292
|
+
id: "rm:sensitive",
|
|
293
|
+
valuePattern: SENSITIVE_PATHS,
|
|
294
|
+
risk: "high",
|
|
295
|
+
reason: "Removes sensitive files",
|
|
296
|
+
},
|
|
297
|
+
],
|
|
298
|
+
},
|
|
299
|
+
rmdir: { baseRisk: "high", sandboxAutoApprove: true, argSchema: {} },
|
|
300
|
+
|
|
301
|
+
// ── Network commands ───────────────────────────────────────────────────────
|
|
302
|
+
curl: {
|
|
303
|
+
baseRisk: "medium",
|
|
304
|
+
argSchema: {
|
|
305
|
+
valueFlags: [
|
|
306
|
+
"-d",
|
|
307
|
+
"--data",
|
|
308
|
+
"--data-binary",
|
|
309
|
+
"--data-raw",
|
|
310
|
+
"--data-urlencode",
|
|
311
|
+
"-T",
|
|
312
|
+
"--upload-file",
|
|
313
|
+
"-o",
|
|
314
|
+
"--output",
|
|
315
|
+
"-H",
|
|
316
|
+
"--header",
|
|
317
|
+
"-X",
|
|
318
|
+
"--request",
|
|
319
|
+
"-u",
|
|
320
|
+
"--user",
|
|
321
|
+
"-A",
|
|
322
|
+
"--user-agent",
|
|
323
|
+
"-e",
|
|
324
|
+
"--referer",
|
|
325
|
+
"-b",
|
|
326
|
+
"--cookie",
|
|
327
|
+
"-c",
|
|
328
|
+
"--cookie-jar",
|
|
329
|
+
"--connect-timeout",
|
|
330
|
+
"-m",
|
|
331
|
+
"--max-time",
|
|
332
|
+
"--retry",
|
|
333
|
+
"-w",
|
|
334
|
+
"--write-out",
|
|
335
|
+
],
|
|
336
|
+
positionals: "none", // positionals are URLs, not paths
|
|
337
|
+
},
|
|
338
|
+
argRules: [
|
|
339
|
+
{
|
|
340
|
+
id: "curl:upload-data",
|
|
341
|
+
flags: ["-d", "--data", "--data-binary", "--data-raw"],
|
|
342
|
+
valuePattern: String.raw`^@`,
|
|
343
|
+
risk: "high",
|
|
344
|
+
reason: "Uploads file contents",
|
|
345
|
+
},
|
|
346
|
+
{
|
|
347
|
+
id: "curl:upload-file",
|
|
348
|
+
flags: ["-T", "--upload-file"],
|
|
349
|
+
risk: "high",
|
|
350
|
+
reason: "Uploads file",
|
|
351
|
+
},
|
|
352
|
+
{
|
|
353
|
+
id: "curl:output-sensitive",
|
|
354
|
+
flags: ["-o", "--output"],
|
|
355
|
+
valuePattern: SENSITIVE_PATHS,
|
|
356
|
+
risk: "high",
|
|
357
|
+
reason: "Writes to sensitive path",
|
|
358
|
+
},
|
|
359
|
+
{
|
|
360
|
+
id: "curl:localhost",
|
|
361
|
+
valuePattern: String.raw`^https?://(localhost|127\.0\.0\.1|\[::1\])`,
|
|
362
|
+
risk: "low",
|
|
363
|
+
reason: "Local request",
|
|
364
|
+
},
|
|
365
|
+
],
|
|
366
|
+
},
|
|
367
|
+
wget: { baseRisk: "medium" },
|
|
368
|
+
// DIVERGENCE: checker.ts lists `http` (httpie) as LOW_RISK. Our registry
|
|
369
|
+
// classifies it as medium because it can make network requests with side effects.
|
|
370
|
+
http: { baseRisk: "medium" },
|
|
371
|
+
ping: { baseRisk: "low" },
|
|
372
|
+
dig: { baseRisk: "low" },
|
|
373
|
+
nslookup: { baseRisk: "low" },
|
|
374
|
+
ssh: { baseRisk: "high", reason: "Opens remote shell" },
|
|
375
|
+
scp: { baseRisk: "high", reason: "Remote file transfer" },
|
|
376
|
+
rsync: { baseRisk: "high", reason: "Remote file sync" },
|
|
377
|
+
|
|
378
|
+
// ── Git ────────────────────────────────────────────────────────────────────
|
|
379
|
+
// Every subcommand in checker.ts's LOW_RISK_GIT_SUBCOMMANDS must appear here.
|
|
380
|
+
// Divergences are noted inline.
|
|
381
|
+
git: {
|
|
382
|
+
baseRisk: "medium",
|
|
383
|
+
argSchema: {
|
|
384
|
+
valueFlags: [
|
|
385
|
+
"-C",
|
|
386
|
+
"-c",
|
|
387
|
+
"--git-dir",
|
|
388
|
+
"--work-tree",
|
|
389
|
+
"--namespace",
|
|
390
|
+
"--super-prefix",
|
|
391
|
+
"--config-env",
|
|
392
|
+
],
|
|
393
|
+
},
|
|
394
|
+
subcommands: {
|
|
395
|
+
// LOW_RISK_GIT_SUBCOMMANDS from checker.ts:
|
|
396
|
+
status: { baseRisk: "low" },
|
|
397
|
+
log: { baseRisk: "low" },
|
|
398
|
+
diff: { baseRisk: "low" },
|
|
399
|
+
show: { baseRisk: "low" },
|
|
400
|
+
branch: { baseRisk: "low" },
|
|
401
|
+
tag: {
|
|
402
|
+
baseRisk: "low",
|
|
403
|
+
argRules: [
|
|
404
|
+
{
|
|
405
|
+
id: "git-tag:delete",
|
|
406
|
+
flags: ["-d", "--delete"],
|
|
407
|
+
risk: "high",
|
|
408
|
+
reason: "Deletes git tag",
|
|
409
|
+
},
|
|
410
|
+
],
|
|
411
|
+
},
|
|
412
|
+
remote: { baseRisk: "low" },
|
|
413
|
+
// DIVERGENCE: checker.ts lists `stash` as LOW_RISK. Our registry classifies
|
|
414
|
+
// the base stash command as medium (it modifies working tree), with read-only
|
|
415
|
+
// subcommands (list, show) as low and destructive ones (drop) as high.
|
|
416
|
+
stash: {
|
|
417
|
+
baseRisk: "medium",
|
|
418
|
+
subcommands: {
|
|
419
|
+
list: { baseRisk: "low" },
|
|
420
|
+
show: { baseRisk: "low" },
|
|
421
|
+
drop: {
|
|
422
|
+
baseRisk: "high",
|
|
423
|
+
reason: "Permanently drops stashed changes",
|
|
424
|
+
},
|
|
425
|
+
},
|
|
426
|
+
},
|
|
427
|
+
blame: { baseRisk: "low" },
|
|
428
|
+
shortlog: { baseRisk: "low" },
|
|
429
|
+
describe: { baseRisk: "low" },
|
|
430
|
+
"rev-parse": { baseRisk: "low" },
|
|
431
|
+
"ls-files": { baseRisk: "low" },
|
|
432
|
+
"ls-tree": { baseRisk: "low" },
|
|
433
|
+
"cat-file": { baseRisk: "low" },
|
|
434
|
+
reflog: { baseRisk: "low" },
|
|
435
|
+
// Write operations:
|
|
436
|
+
add: { baseRisk: "medium" },
|
|
437
|
+
commit: { baseRisk: "medium" },
|
|
438
|
+
checkout: { baseRisk: "medium" },
|
|
439
|
+
switch: { baseRisk: "medium" },
|
|
440
|
+
merge: { baseRisk: "medium" },
|
|
441
|
+
rebase: {
|
|
442
|
+
baseRisk: "medium",
|
|
443
|
+
argRules: [
|
|
444
|
+
{
|
|
445
|
+
id: "git-rebase:interactive",
|
|
446
|
+
flags: ["-i", "--interactive"],
|
|
447
|
+
risk: "high",
|
|
448
|
+
reason: "Interactive rebase rewrites history",
|
|
449
|
+
},
|
|
450
|
+
],
|
|
451
|
+
},
|
|
452
|
+
push: {
|
|
453
|
+
baseRisk: "medium",
|
|
454
|
+
argRules: [
|
|
455
|
+
{
|
|
456
|
+
id: "git-push:force",
|
|
457
|
+
flags: ["--force", "-f", "--force-with-lease"],
|
|
458
|
+
risk: "high",
|
|
459
|
+
reason: "Force push rewrites remote history",
|
|
460
|
+
},
|
|
461
|
+
],
|
|
462
|
+
},
|
|
463
|
+
pull: { baseRisk: "medium" },
|
|
464
|
+
fetch: { baseRisk: "low" },
|
|
465
|
+
reset: {
|
|
466
|
+
baseRisk: "medium",
|
|
467
|
+
argRules: [
|
|
468
|
+
{
|
|
469
|
+
id: "git-reset:hard",
|
|
470
|
+
flags: ["--hard"],
|
|
471
|
+
risk: "high",
|
|
472
|
+
reason: "Discards uncommitted changes",
|
|
473
|
+
},
|
|
474
|
+
],
|
|
475
|
+
},
|
|
476
|
+
clean: { baseRisk: "high", reason: "Removes untracked files" },
|
|
477
|
+
bisect: { baseRisk: "low" },
|
|
478
|
+
worktree: { baseRisk: "medium" },
|
|
479
|
+
},
|
|
480
|
+
},
|
|
481
|
+
|
|
482
|
+
// ── Package managers ───────────────────────────────────────────────────────
|
|
483
|
+
// DIVERGENCE: checker.ts lists `npm`, `npx`, `yarn`, `pnpm`, `bun`, `pip`,
|
|
484
|
+
// `pip3` as LOW_RISK. Our registry classifies them as medium (base) because
|
|
485
|
+
// they download and execute code, with subcommand-level overrides.
|
|
486
|
+
npm: {
|
|
487
|
+
baseRisk: "medium",
|
|
488
|
+
argSchema: {
|
|
489
|
+
valueFlags: ["--prefix", "--userconfig", "--globalconfig", "--cache"],
|
|
490
|
+
},
|
|
491
|
+
subcommands: {
|
|
492
|
+
ls: { baseRisk: "low" },
|
|
493
|
+
list: { baseRisk: "low" },
|
|
494
|
+
outdated: { baseRisk: "low" },
|
|
495
|
+
view: { baseRisk: "low" },
|
|
496
|
+
info: { baseRisk: "low" },
|
|
497
|
+
install: {
|
|
498
|
+
baseRisk: "medium",
|
|
499
|
+
reason: "Runs lifecycle scripts, downloads code",
|
|
500
|
+
},
|
|
501
|
+
ci: {
|
|
502
|
+
baseRisk: "medium",
|
|
503
|
+
reason: "Clean install, runs lifecycle scripts",
|
|
504
|
+
},
|
|
505
|
+
test: { baseRisk: "high", reason: "Executes arbitrary package scripts" },
|
|
506
|
+
run: { baseRisk: "high", reason: "Executes arbitrary package scripts" },
|
|
507
|
+
publish: { baseRisk: "high", reason: "Publishes package to registry" },
|
|
508
|
+
},
|
|
509
|
+
},
|
|
510
|
+
// DIVERGENCE: checker.ts lists `npx` as LOW_RISK. Our registry classifies it
|
|
511
|
+
// as high because it downloads and executes arbitrary packages.
|
|
512
|
+
npx: {
|
|
513
|
+
baseRisk: "high",
|
|
514
|
+
reason: "Downloads and executes arbitrary packages",
|
|
515
|
+
},
|
|
516
|
+
yarn: {
|
|
517
|
+
baseRisk: "medium",
|
|
518
|
+
subcommands: {
|
|
519
|
+
list: { baseRisk: "low" },
|
|
520
|
+
info: { baseRisk: "low" },
|
|
521
|
+
why: { baseRisk: "low" },
|
|
522
|
+
install: { baseRisk: "medium" },
|
|
523
|
+
add: { baseRisk: "medium" },
|
|
524
|
+
test: { baseRisk: "high", reason: "Executes arbitrary package scripts" },
|
|
525
|
+
run: { baseRisk: "high", reason: "Executes arbitrary package scripts" },
|
|
526
|
+
},
|
|
527
|
+
},
|
|
528
|
+
pnpm: {
|
|
529
|
+
baseRisk: "medium",
|
|
530
|
+
subcommands: {
|
|
531
|
+
list: { baseRisk: "low" },
|
|
532
|
+
install: { baseRisk: "medium" },
|
|
533
|
+
add: { baseRisk: "medium" },
|
|
534
|
+
test: { baseRisk: "high", reason: "Executes arbitrary package scripts" },
|
|
535
|
+
run: { baseRisk: "high", reason: "Executes arbitrary package scripts" },
|
|
536
|
+
},
|
|
537
|
+
},
|
|
538
|
+
// DIVERGENCE: checker.ts lists `bun` as LOW_RISK. Our registry classifies it
|
|
539
|
+
// as medium (base) with subcommand overrides because it can execute code.
|
|
540
|
+
bun: {
|
|
541
|
+
baseRisk: "medium",
|
|
542
|
+
subcommands: {
|
|
543
|
+
install: { baseRisk: "medium" },
|
|
544
|
+
add: { baseRisk: "medium" },
|
|
545
|
+
test: { baseRisk: "high", reason: "Executes arbitrary test code" },
|
|
546
|
+
run: { baseRisk: "high", reason: "Executes arbitrary scripts" },
|
|
547
|
+
},
|
|
548
|
+
},
|
|
549
|
+
pip: {
|
|
550
|
+
baseRisk: "medium",
|
|
551
|
+
subcommands: {
|
|
552
|
+
list: { baseRisk: "low" },
|
|
553
|
+
show: { baseRisk: "low" },
|
|
554
|
+
install: { baseRisk: "medium" },
|
|
555
|
+
},
|
|
556
|
+
},
|
|
557
|
+
pip3: {
|
|
558
|
+
baseRisk: "medium",
|
|
559
|
+
subcommands: {
|
|
560
|
+
list: { baseRisk: "low" },
|
|
561
|
+
show: { baseRisk: "low" },
|
|
562
|
+
install: { baseRisk: "medium" },
|
|
563
|
+
},
|
|
564
|
+
},
|
|
565
|
+
brew: {
|
|
566
|
+
baseRisk: "medium",
|
|
567
|
+
subcommands: {
|
|
568
|
+
list: { baseRisk: "low" },
|
|
569
|
+
info: { baseRisk: "low" },
|
|
570
|
+
search: { baseRisk: "low" },
|
|
571
|
+
install: { baseRisk: "medium" },
|
|
572
|
+
uninstall: { baseRisk: "high" },
|
|
573
|
+
},
|
|
574
|
+
},
|
|
575
|
+
cargo: {
|
|
576
|
+
baseRisk: "medium",
|
|
577
|
+
subcommands: {
|
|
578
|
+
build: { baseRisk: "medium" },
|
|
579
|
+
test: { baseRisk: "high", reason: "Executes arbitrary test code" },
|
|
580
|
+
run: { baseRisk: "high", reason: "Compiles and executes code" },
|
|
581
|
+
},
|
|
582
|
+
},
|
|
583
|
+
|
|
584
|
+
// ── Build tools (inherently opaque) ────────────────────────────────────────
|
|
585
|
+
make: { baseRisk: "high", reason: "Executes arbitrary Makefile targets" },
|
|
586
|
+
|
|
587
|
+
// ── Language runtimes ──────────────────────────────────────────────────────
|
|
588
|
+
// DIVERGENCE: checker.ts lists `node` as LOW_RISK. Our registry classifies it
|
|
589
|
+
// as high because it executes arbitrary JavaScript.
|
|
590
|
+
node: {
|
|
591
|
+
baseRisk: "high",
|
|
592
|
+
reason: "Executes arbitrary JavaScript",
|
|
593
|
+
argRules: [
|
|
594
|
+
{
|
|
595
|
+
id: "node:version",
|
|
596
|
+
flags: ["--version", "-v"],
|
|
597
|
+
risk: "low",
|
|
598
|
+
reason: "Prints version",
|
|
599
|
+
},
|
|
600
|
+
{
|
|
601
|
+
id: "node:eval",
|
|
602
|
+
flags: ["-e", "--eval"],
|
|
603
|
+
risk: "high",
|
|
604
|
+
reason: "Evaluates inline JavaScript",
|
|
605
|
+
},
|
|
606
|
+
],
|
|
607
|
+
},
|
|
608
|
+
// DIVERGENCE: checker.ts lists `deno` as LOW_RISK. Our registry classifies it
|
|
609
|
+
// as high because it executes arbitrary code.
|
|
610
|
+
deno: { baseRisk: "high", reason: "Executes arbitrary code" },
|
|
611
|
+
// DIVERGENCE: checker.ts lists `python` and `python3` as LOW_RISK. Our registry
|
|
612
|
+
// classifies them as high because they execute arbitrary Python code.
|
|
613
|
+
python: {
|
|
614
|
+
baseRisk: "high",
|
|
615
|
+
reason: "Executes arbitrary Python code",
|
|
616
|
+
argRules: [
|
|
617
|
+
{
|
|
618
|
+
id: "python:version",
|
|
619
|
+
flags: ["--version", "-V"],
|
|
620
|
+
risk: "low",
|
|
621
|
+
reason: "Prints version",
|
|
622
|
+
},
|
|
623
|
+
],
|
|
624
|
+
},
|
|
625
|
+
python3: {
|
|
626
|
+
baseRisk: "high",
|
|
627
|
+
reason: "Executes arbitrary Python code",
|
|
628
|
+
argRules: [
|
|
629
|
+
{
|
|
630
|
+
id: "python3:version",
|
|
631
|
+
flags: ["--version", "-V"],
|
|
632
|
+
risk: "low",
|
|
633
|
+
reason: "Prints version",
|
|
634
|
+
},
|
|
635
|
+
],
|
|
636
|
+
},
|
|
637
|
+
ruby: { baseRisk: "high", reason: "Executes arbitrary Ruby code" },
|
|
638
|
+
go: {
|
|
639
|
+
// baseRisk is low (unlike npm's medium) because bare `go` prints help.
|
|
640
|
+
// Dangerous subcommands (run, test, generate, get) are handled individually.
|
|
641
|
+
baseRisk: "low",
|
|
642
|
+
subcommands: {
|
|
643
|
+
mod: { baseRisk: "low" },
|
|
644
|
+
vet: { baseRisk: "low" },
|
|
645
|
+
version: { baseRisk: "low" },
|
|
646
|
+
build: { baseRisk: "medium" },
|
|
647
|
+
test: { baseRisk: "high", reason: "Executes arbitrary test code" },
|
|
648
|
+
run: { baseRisk: "high", reason: "Compiles and executes Go code" },
|
|
649
|
+
get: {
|
|
650
|
+
baseRisk: "medium",
|
|
651
|
+
reason:
|
|
652
|
+
"Downloads and installs packages; may execute arbitrary code via tool directives",
|
|
653
|
+
},
|
|
654
|
+
generate: {
|
|
655
|
+
baseRisk: "high",
|
|
656
|
+
reason: "Runs arbitrary commands via //go:generate directives",
|
|
657
|
+
},
|
|
658
|
+
},
|
|
659
|
+
},
|
|
660
|
+
|
|
661
|
+
// ── Docker ─────────────────────────────────────────────────────────────────
|
|
662
|
+
docker: {
|
|
663
|
+
baseRisk: "medium",
|
|
664
|
+
argSchema: {
|
|
665
|
+
valueFlags: ["--host", "-H", "--config", "--context", "--log-level"],
|
|
666
|
+
},
|
|
667
|
+
subcommands: {
|
|
668
|
+
ps: { baseRisk: "low" },
|
|
669
|
+
images: { baseRisk: "low" },
|
|
670
|
+
inspect: { baseRisk: "low" },
|
|
671
|
+
logs: { baseRisk: "low" },
|
|
672
|
+
info: { baseRisk: "low" },
|
|
673
|
+
version: { baseRisk: "low" },
|
|
674
|
+
build: { baseRisk: "medium" },
|
|
675
|
+
pull: { baseRisk: "medium" },
|
|
676
|
+
push: { baseRisk: "high", reason: "Pushes image to registry" },
|
|
677
|
+
run: {
|
|
678
|
+
baseRisk: "high",
|
|
679
|
+
argSchema: {
|
|
680
|
+
valueFlags: [
|
|
681
|
+
"-v",
|
|
682
|
+
"--volume",
|
|
683
|
+
"-p",
|
|
684
|
+
"--publish",
|
|
685
|
+
"-e",
|
|
686
|
+
"--env",
|
|
687
|
+
"--name",
|
|
688
|
+
"--network",
|
|
689
|
+
"-w",
|
|
690
|
+
"--workdir",
|
|
691
|
+
"--entrypoint",
|
|
692
|
+
"--mount",
|
|
693
|
+
"--cpus",
|
|
694
|
+
"--memory",
|
|
695
|
+
"--user",
|
|
696
|
+
"--platform",
|
|
697
|
+
],
|
|
698
|
+
},
|
|
699
|
+
reason: "Runs arbitrary container",
|
|
700
|
+
argRules: [
|
|
701
|
+
{
|
|
702
|
+
id: "docker-run:privileged",
|
|
703
|
+
flags: ["--privileged"],
|
|
704
|
+
risk: "high",
|
|
705
|
+
reason: "Privileged container with full host access",
|
|
706
|
+
},
|
|
707
|
+
{
|
|
708
|
+
id: "docker-run:volume-root",
|
|
709
|
+
flags: ["-v", "--volume"],
|
|
710
|
+
valuePattern: String.raw`^/:`,
|
|
711
|
+
risk: "high",
|
|
712
|
+
reason: "Mounts host root filesystem",
|
|
713
|
+
},
|
|
714
|
+
],
|
|
715
|
+
},
|
|
716
|
+
exec: {
|
|
717
|
+
baseRisk: "high",
|
|
718
|
+
reason: "Executes command in running container",
|
|
719
|
+
},
|
|
720
|
+
rm: { baseRisk: "high" },
|
|
721
|
+
rmi: { baseRisk: "high" },
|
|
722
|
+
stop: { baseRisk: "medium" },
|
|
723
|
+
start: { baseRisk: "medium" },
|
|
724
|
+
},
|
|
725
|
+
},
|
|
726
|
+
|
|
727
|
+
// ── Privilege / system ─────────────────────────────────────────────────────
|
|
728
|
+
sudo: {
|
|
729
|
+
baseRisk: "high",
|
|
730
|
+
isWrapper: true,
|
|
731
|
+
reason: "Elevates to superuser privileges",
|
|
732
|
+
},
|
|
733
|
+
su: { baseRisk: "high", reason: "Switches user identity" },
|
|
734
|
+
doas: {
|
|
735
|
+
baseRisk: "high",
|
|
736
|
+
isWrapper: true,
|
|
737
|
+
reason: "Elevates privileges (OpenBSD sudo alternative)",
|
|
738
|
+
},
|
|
739
|
+
chmod: {
|
|
740
|
+
baseRisk: "high",
|
|
741
|
+
sandboxAutoApprove: true,
|
|
742
|
+
argSchema: {},
|
|
743
|
+
reason: "Changes file permissions",
|
|
744
|
+
},
|
|
745
|
+
chown: {
|
|
746
|
+
baseRisk: "high",
|
|
747
|
+
sandboxAutoApprove: true,
|
|
748
|
+
argSchema: {},
|
|
749
|
+
reason: "Changes file ownership",
|
|
750
|
+
},
|
|
751
|
+
chgrp: {
|
|
752
|
+
baseRisk: "high",
|
|
753
|
+
sandboxAutoApprove: true,
|
|
754
|
+
argSchema: {},
|
|
755
|
+
reason: "Changes file group",
|
|
756
|
+
},
|
|
757
|
+
mount: { baseRisk: "high", reason: "Mounts filesystem" },
|
|
758
|
+
umount: { baseRisk: "high", reason: "Unmounts filesystem" },
|
|
759
|
+
systemctl: { baseRisk: "high", reason: "Controls system services" },
|
|
760
|
+
service: { baseRisk: "high", reason: "Controls system services" },
|
|
761
|
+
launchctl: { baseRisk: "high", reason: "Controls macOS services" },
|
|
762
|
+
|
|
763
|
+
// ── User management ────────────────────────────────────────────────────────
|
|
764
|
+
useradd: { baseRisk: "high", reason: "Creates system user" },
|
|
765
|
+
userdel: { baseRisk: "high", reason: "Deletes system user" },
|
|
766
|
+
usermod: { baseRisk: "high", reason: "Modifies system user" },
|
|
767
|
+
groupadd: { baseRisk: "high", reason: "Creates system group" },
|
|
768
|
+
groupdel: { baseRisk: "high", reason: "Deletes system group" },
|
|
769
|
+
|
|
770
|
+
// ── Firewall ───────────────────────────────────────────────────────────────
|
|
771
|
+
iptables: { baseRisk: "high", reason: "Modifies firewall rules" },
|
|
772
|
+
ufw: { baseRisk: "high", reason: "Modifies firewall rules" },
|
|
773
|
+
"firewall-cmd": { baseRisk: "high", reason: "Modifies firewall rules" },
|
|
774
|
+
|
|
775
|
+
// ── System lifecycle ───────────────────────────────────────────────────────
|
|
776
|
+
reboot: { baseRisk: "high", reason: "Reboots the system" },
|
|
777
|
+
shutdown: { baseRisk: "high", reason: "Shuts down the system" },
|
|
778
|
+
halt: { baseRisk: "high", reason: "Halts the system" },
|
|
779
|
+
poweroff: { baseRisk: "high", reason: "Powers off the system" },
|
|
780
|
+
|
|
781
|
+
// ── Process management ─────────────────────────────────────────────────────
|
|
782
|
+
kill: { baseRisk: "high", reason: "Sends signal to process" },
|
|
783
|
+
killall: { baseRisk: "high", reason: "Kills processes by name" },
|
|
784
|
+
pkill: { baseRisk: "high", reason: "Kills processes by pattern" },
|
|
785
|
+
|
|
786
|
+
// ── Catastrophic ───────────────────────────────────────────────────────────
|
|
787
|
+
mkfs: { baseRisk: "high", reason: "Formats filesystem — destroys all data" },
|
|
788
|
+
dd: {
|
|
789
|
+
baseRisk: "high",
|
|
790
|
+
reason: "Low-level block device copy — can destroy disks",
|
|
791
|
+
},
|
|
792
|
+
fdisk: { baseRisk: "high", reason: "Modifies disk partitions" },
|
|
793
|
+
parted: { baseRisk: "high", reason: "Modifies disk partitions" },
|
|
794
|
+
|
|
795
|
+
// ── Wrapper commands ───────────────────────────────────────────────────────
|
|
796
|
+
// These unwrap to find and classify the inner command. The classifier takes
|
|
797
|
+
// max(wrapper.baseRisk, inner.risk).
|
|
798
|
+
env: { baseRisk: "low", isWrapper: true },
|
|
799
|
+
nice: { baseRisk: "low", isWrapper: true },
|
|
800
|
+
nohup: { baseRisk: "low", isWrapper: true },
|
|
801
|
+
timeout: {
|
|
802
|
+
baseRisk: "low",
|
|
803
|
+
isWrapper: true,
|
|
804
|
+
nonExecFlags: ["--help", "--version"],
|
|
805
|
+
},
|
|
806
|
+
time: { baseRisk: "low", isWrapper: true },
|
|
807
|
+
command: {
|
|
808
|
+
baseRisk: "low",
|
|
809
|
+
isWrapper: true,
|
|
810
|
+
nonExecFlags: ["-v", "-V"],
|
|
811
|
+
argRules: [
|
|
812
|
+
{
|
|
813
|
+
id: "command:lookup",
|
|
814
|
+
flags: ["-v", "-V"],
|
|
815
|
+
risk: "low",
|
|
816
|
+
reason: "Command lookup",
|
|
817
|
+
},
|
|
818
|
+
],
|
|
819
|
+
},
|
|
820
|
+
exec: {
|
|
821
|
+
baseRisk: "high",
|
|
822
|
+
isWrapper: true,
|
|
823
|
+
reason: "Replaces current shell process",
|
|
824
|
+
},
|
|
825
|
+
strace: {
|
|
826
|
+
baseRisk: "medium",
|
|
827
|
+
isWrapper: true,
|
|
828
|
+
reason: "Traces system calls",
|
|
829
|
+
},
|
|
830
|
+
ltrace: {
|
|
831
|
+
baseRisk: "medium",
|
|
832
|
+
isWrapper: true,
|
|
833
|
+
reason: "Traces library calls",
|
|
834
|
+
},
|
|
835
|
+
ionice: { baseRisk: "low", isWrapper: true },
|
|
836
|
+
taskset: { baseRisk: "low", isWrapper: true },
|
|
837
|
+
|
|
838
|
+
// ── Shell interpreters ──────────────────────────────────────────────────────
|
|
839
|
+
// These execute arbitrary code via -c, script files, or stdin.
|
|
840
|
+
bash: {
|
|
841
|
+
baseRisk: "high",
|
|
842
|
+
reason: "Executes arbitrary shell commands",
|
|
843
|
+
complexSyntax: true,
|
|
844
|
+
},
|
|
845
|
+
sh: {
|
|
846
|
+
baseRisk: "high",
|
|
847
|
+
reason: "Executes arbitrary shell commands",
|
|
848
|
+
complexSyntax: true,
|
|
849
|
+
},
|
|
850
|
+
zsh: {
|
|
851
|
+
baseRisk: "high",
|
|
852
|
+
reason: "Executes arbitrary shell commands",
|
|
853
|
+
complexSyntax: true,
|
|
854
|
+
},
|
|
855
|
+
dash: {
|
|
856
|
+
baseRisk: "high",
|
|
857
|
+
reason: "Executes arbitrary shell commands",
|
|
858
|
+
complexSyntax: true,
|
|
859
|
+
},
|
|
860
|
+
fish: {
|
|
861
|
+
baseRisk: "high",
|
|
862
|
+
reason: "Executes arbitrary shell commands",
|
|
863
|
+
complexSyntax: true,
|
|
864
|
+
},
|
|
865
|
+
|
|
866
|
+
// ── Package managers (additional) ──────────────────────────────────────────
|
|
867
|
+
"apt-get": { baseRisk: "high", reason: "Installs/removes system packages" },
|
|
868
|
+
apt: { baseRisk: "high", reason: "Installs/removes system packages" },
|
|
869
|
+
dnf: { baseRisk: "high", reason: "Installs/removes system packages" },
|
|
870
|
+
yum: { baseRisk: "high", reason: "Installs/removes system packages" },
|
|
871
|
+
pacman: { baseRisk: "high", reason: "Installs/removes system packages" },
|
|
872
|
+
apk: { baseRisk: "high", reason: "Installs/removes system packages" },
|
|
873
|
+
|
|
874
|
+
// ── Shell builtins ─────────────────────────────────────────────────────────
|
|
875
|
+
cd: { baseRisk: "low" },
|
|
876
|
+
pushd: { baseRisk: "low" },
|
|
877
|
+
popd: { baseRisk: "low" },
|
|
878
|
+
export: { baseRisk: "low" },
|
|
879
|
+
unset: { baseRisk: "low" },
|
|
880
|
+
alias: { baseRisk: "low" },
|
|
881
|
+
history: { baseRisk: "low" },
|
|
882
|
+
// DIVERGENCE: checker.ts lists `set` as LOW_RISK. Our registry classifies it
|
|
883
|
+
// as medium because it can modify shell options and behavior.
|
|
884
|
+
set: { baseRisk: "medium", reason: "Modifies shell options" },
|
|
885
|
+
source: { baseRisk: "high", reason: "Executes arbitrary shell script" },
|
|
886
|
+
eval: { baseRisk: "high", reason: "Evaluates arbitrary shell code" },
|
|
887
|
+
|
|
888
|
+
// ── Misc tools ─────────────────────────────────────────────────────────────
|
|
889
|
+
// DIVERGENCE: checker.ts lists `xargs` as LOW_RISK. Our registry classifies
|
|
890
|
+
// it as medium because it executes commands with piped arguments.
|
|
891
|
+
xargs: {
|
|
892
|
+
baseRisk: "medium",
|
|
893
|
+
complexSyntax: true,
|
|
894
|
+
reason: "Executes command with piped arguments",
|
|
895
|
+
},
|
|
896
|
+
tar: {
|
|
897
|
+
baseRisk: "medium",
|
|
898
|
+
sandboxAutoApprove: true,
|
|
899
|
+
argSchema: {
|
|
900
|
+
valueFlags: ["-C", "--directory", "-f", "--file"],
|
|
901
|
+
pathFlags: {
|
|
902
|
+
"-C": true,
|
|
903
|
+
"--directory": true,
|
|
904
|
+
"-f": true,
|
|
905
|
+
"--file": true,
|
|
906
|
+
},
|
|
907
|
+
},
|
|
908
|
+
complexSyntax: true,
|
|
909
|
+
},
|
|
910
|
+
zip: { baseRisk: "medium", sandboxAutoApprove: true, argSchema: {} },
|
|
911
|
+
unzip: { baseRisk: "medium", sandboxAutoApprove: true, argSchema: {} },
|
|
912
|
+
gzip: { baseRisk: "medium", sandboxAutoApprove: true, argSchema: {} },
|
|
913
|
+
gunzip: { baseRisk: "medium", sandboxAutoApprove: true, argSchema: {} },
|
|
914
|
+
|
|
915
|
+
// ── Version control tools ──────────────────────────────────────────────────
|
|
916
|
+
gh: {
|
|
917
|
+
baseRisk: "low",
|
|
918
|
+
argSchema: { valueFlags: ["--repo", "-R"] },
|
|
919
|
+
subcommands: {
|
|
920
|
+
pr: {
|
|
921
|
+
baseRisk: "low",
|
|
922
|
+
subcommands: {
|
|
923
|
+
view: { baseRisk: "low" },
|
|
924
|
+
list: { baseRisk: "low" },
|
|
925
|
+
create: { baseRisk: "medium" },
|
|
926
|
+
merge: { baseRisk: "high", reason: "Merges pull request" },
|
|
927
|
+
},
|
|
928
|
+
},
|
|
929
|
+
issue: {
|
|
930
|
+
baseRisk: "low",
|
|
931
|
+
subcommands: {
|
|
932
|
+
view: { baseRisk: "low" },
|
|
933
|
+
list: { baseRisk: "low" },
|
|
934
|
+
create: { baseRisk: "medium" },
|
|
935
|
+
},
|
|
936
|
+
},
|
|
937
|
+
repo: {
|
|
938
|
+
baseRisk: "low",
|
|
939
|
+
subcommands: {
|
|
940
|
+
view: { baseRisk: "low" },
|
|
941
|
+
clone: { baseRisk: "low" },
|
|
942
|
+
create: { baseRisk: "high" },
|
|
943
|
+
delete: { baseRisk: "high" },
|
|
944
|
+
},
|
|
945
|
+
},
|
|
946
|
+
api: { baseRisk: "medium", reason: "Makes arbitrary GitHub API calls" },
|
|
947
|
+
},
|
|
948
|
+
},
|
|
949
|
+
|
|
950
|
+
// ── Vellum assistant CLI ───────────────────────────────────────────────────
|
|
951
|
+
// Classification matches classifyAssistantSubcommand() from checker.ts exactly.
|
|
952
|
+
assistant: {
|
|
953
|
+
baseRisk: "low",
|
|
954
|
+
subcommands: {
|
|
955
|
+
platform: { baseRisk: "low" },
|
|
956
|
+
backup: { baseRisk: "low" },
|
|
957
|
+
help: { baseRisk: "low" },
|
|
958
|
+
oauth: {
|
|
959
|
+
baseRisk: "low",
|
|
960
|
+
subcommands: {
|
|
961
|
+
token: { baseRisk: "high", reason: "Exposes OAuth token" },
|
|
962
|
+
mode: {
|
|
963
|
+
baseRisk: "low",
|
|
964
|
+
argRules: [
|
|
965
|
+
{
|
|
966
|
+
id: "assistant-oauth-mode:set",
|
|
967
|
+
flags: ["--set"],
|
|
968
|
+
risk: "high",
|
|
969
|
+
reason: "Changes OAuth mode",
|
|
970
|
+
},
|
|
971
|
+
],
|
|
972
|
+
},
|
|
973
|
+
request: { baseRisk: "medium", reason: "Makes OAuth request" },
|
|
974
|
+
connect: { baseRisk: "medium", reason: "Connects OAuth integration" },
|
|
975
|
+
disconnect: {
|
|
976
|
+
baseRisk: "medium",
|
|
977
|
+
reason: "Disconnects OAuth integration",
|
|
978
|
+
},
|
|
979
|
+
},
|
|
980
|
+
},
|
|
981
|
+
credentials: {
|
|
982
|
+
baseRisk: "low",
|
|
983
|
+
subcommands: {
|
|
984
|
+
reveal: { baseRisk: "high", reason: "Reveals credential value" },
|
|
985
|
+
set: { baseRisk: "high", reason: "Sets credential value" },
|
|
986
|
+
delete: { baseRisk: "high", reason: "Deletes credential" },
|
|
987
|
+
},
|
|
988
|
+
},
|
|
989
|
+
keys: {
|
|
990
|
+
baseRisk: "low",
|
|
991
|
+
subcommands: {
|
|
992
|
+
set: { baseRisk: "high", reason: "Sets key value" },
|
|
993
|
+
delete: { baseRisk: "high", reason: "Deletes key" },
|
|
994
|
+
},
|
|
995
|
+
},
|
|
996
|
+
trust: {
|
|
997
|
+
baseRisk: "low",
|
|
998
|
+
subcommands: {
|
|
999
|
+
remove: { baseRisk: "high", reason: "Removes trust rule" },
|
|
1000
|
+
clear: { baseRisk: "high", reason: "Clears all trust rules" },
|
|
1001
|
+
},
|
|
1002
|
+
},
|
|
1003
|
+
},
|
|
1004
|
+
},
|
|
1005
|
+
} satisfies Record<string, CommandRiskSpec>;
|