@wrongstack/core 0.109.1 → 0.141.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{agent-bridge-mOxbpFcg.d.ts → agent-bridge-r9y6gdn4.d.ts} +1 -1
- package/dist/{agent-subagent-runner-DukQLUcS.d.ts → agent-subagent-runner-1GeQE_L0.d.ts} +7 -8
- package/dist/{brain-Dfv4Y82E.d.ts → brain-Cp_3GIS2.d.ts} +14 -3
- package/dist/{compactor-DXLxLcmU.d.ts → compactor-BueGt7LG.d.ts} +9 -1
- package/dist/{config-BSU-6vah.d.ts → config-BaVThgnT.d.ts} +104 -3
- package/dist/{context-CNRYfhUv.d.ts → context-C7G_MtLV.d.ts} +38 -1
- package/dist/coordination/index.d.ts +12 -13
- package/dist/coordination/index.js +229 -17
- package/dist/coordination/index.js.map +1 -1
- package/dist/defaults/index.d.ts +26 -27
- package/dist/defaults/index.js +886 -721
- package/dist/defaults/index.js.map +1 -1
- package/dist/execution/index.d.ts +15 -16
- package/dist/execution/index.js +535 -322
- package/dist/execution/index.js.map +1 -1
- package/dist/extension/index.d.ts +6 -7
- package/dist/{goal-preamble-CI8lxeY1.d.ts → goal-preamble-iuIUTQwk.d.ts} +48 -18
- package/dist/{index-BWRN6wOb.d.ts → index-BZdezm3g.d.ts} +9 -10
- package/dist/{index-DIKEcfgC.d.ts → index-CPweVoFM.d.ts} +7 -6
- package/dist/index.d.ts +51 -52
- package/dist/index.js +752 -545
- package/dist/index.js.map +1 -1
- package/dist/infrastructure/index.d.ts +6 -7
- package/dist/infrastructure/index.js +64 -19
- package/dist/infrastructure/index.js.map +1 -1
- package/dist/kernel/index.d.ts +10 -11
- package/dist/kernel/index.js.map +1 -1
- package/dist/llm-selector-CP72f1lC.d.ts +58 -0
- package/dist/{mcp-servers-CXCsANdY.d.ts → mcp-servers-Bl5LTvQg.d.ts} +3 -3
- package/dist/{mode-ARA3HrkY.d.ts → mode-CZlO9iU1.d.ts} +1 -1
- package/dist/models/index.d.ts +157 -53
- package/dist/models/index.js +475 -20
- package/dist/models/index.js.map +1 -1
- package/dist/{models-registry-DU64QxQa.d.ts → models-registry-D90K9UnM.d.ts} +1 -1
- package/dist/{multi-agent-coordinator-51LvnXkD.d.ts → multi-agent-coordinator-QWEzJDlm.d.ts} +1 -1
- package/dist/{null-fleet-bus-D09hMzFQ.d.ts → null-fleet-bus-BUyfqh23.d.ts} +13 -10
- package/dist/observability/index.d.ts +2 -2
- package/dist/{parallel-eternal-engine-B2CbsKpc.d.ts → parallel-eternal-engine-Dj2SYzha.d.ts} +24 -11
- package/dist/{path-resolver-DDJiMAtX.d.ts → path-resolver-DRjQBkoO.d.ts} +3 -3
- package/dist/{permission-BDv7z0mk.d.ts → permission-B7nKnEvQ.d.ts} +1 -1
- package/dist/{permission-policy-dF74EpDp.d.ts → permission-policy-8-6zBmfA.d.ts} +2 -13
- package/dist/{pipeline-BqiA_UMr.d.ts → pipeline-BG7UgbDc.d.ts} +2 -2
- package/dist/{plan-templates-BdDxl9cI.d.ts → plan-templates-CkKNPU3I.d.ts} +6 -6
- package/dist/{provider-runner-BUunikwY.d.ts → provider-runner-BNpuIyOL.d.ts} +3 -3
- package/dist/{retry-policy-BcmuT_V0.d.ts → retry-policy-rutAfVeR.d.ts} +1 -1
- package/dist/sdd/index.d.ts +8 -9
- package/dist/sdd/index.js +208 -1
- package/dist/sdd/index.js.map +1 -1
- package/dist/{secret-vault-DrOhc2i5.d.ts → secret-vault-BTcC_T5v.d.ts} +3 -2
- package/dist/security/index.d.ts +5 -7
- package/dist/security/index.js +4 -35
- package/dist/security/index.js.map +1 -1
- package/dist/{selector-C7wcdqMA.d.ts → selector-4vDFZKt3.d.ts} +1 -1
- package/dist/{session-event-bridge-BpJ5trO9.d.ts → session-event-bridge-DWlvglC2.d.ts} +2 -2
- package/dist/{session-reader-DDz1Ek4V.d.ts → session-reader-BAtCxdaw.d.ts} +1 -1
- package/dist/storage/index.d.ts +14 -15
- package/dist/storage/index.js +140 -134
- package/dist/storage/index.js.map +1 -1
- package/dist/types/index.d.ts +19 -20
- package/dist/types/index.js +186 -102
- package/dist/types/index.js.map +1 -1
- package/dist/utils/index.d.ts +38 -15
- package/dist/utils/index.js +62 -33
- package/dist/utils/index.js.map +1 -1
- package/dist/{wstack-paths-_lqjzErq.d.ts → wstack-paths-DD50Omgn.d.ts} +3 -0
- package/package.json +2 -2
- package/dist/models-registry-B6_KfS65.d.ts +0 -95
package/dist/{parallel-eternal-engine-B2CbsKpc.d.ts → parallel-eternal-engine-Dj2SYzha.d.ts}
RENAMED
|
@@ -1,12 +1,12 @@
|
|
|
1
|
-
import { e as ProviderError, C as Context, T as Tool, m as ToolUseBlock, n as ToolResultBlock } from './context-
|
|
2
|
-
import { R as RetryPolicy, E as ErrorHandler, a as RecoveryDecision } from './retry-policy-
|
|
3
|
-
import { C as Compactor, a as CompactReport } from './compactor-
|
|
4
|
-
import { M as ModelsRegistry } from './
|
|
5
|
-
import { T as ToolExecutorOptions, a as ToolExecutorStrategy, b as ToolBatchResult } from './index-
|
|
6
|
-
import { g as Agent, h as AgentFactory } from './agent-subagent-runner-
|
|
7
|
-
import { b as BrainArbiter } from './brain-
|
|
1
|
+
import { e as ProviderError, C as Context, T as Tool, m as ToolUseBlock, n as ToolResultBlock } from './context-C7G_MtLV.js';
|
|
2
|
+
import { R as RetryPolicy, E as ErrorHandler, a as RecoveryDecision } from './retry-policy-rutAfVeR.js';
|
|
3
|
+
import { C as Compactor, a as CompactReport } from './compactor-BueGt7LG.js';
|
|
4
|
+
import { M as ModelsRegistry } from './config-BaVThgnT.js';
|
|
5
|
+
import { T as ToolExecutorOptions, a as ToolExecutorStrategy, b as ToolBatchResult } from './index-CPweVoFM.js';
|
|
6
|
+
import { g as Agent, h as AgentFactory } from './agent-subagent-runner-1GeQE_L0.js';
|
|
7
|
+
import { b as BrainArbiter } from './brain-Cp_3GIS2.js';
|
|
8
8
|
import { J as JournalEntry } from './goal-store-CV9Yz2X_.js';
|
|
9
|
-
import { D as DispatchClassifier, a as DefaultMultiAgentCoordinator } from './multi-agent-coordinator-
|
|
9
|
+
import { D as DispatchClassifier, a as DefaultMultiAgentCoordinator } from './multi-agent-coordinator-QWEzJDlm.js';
|
|
10
10
|
|
|
11
11
|
declare class DefaultRetryPolicy implements RetryPolicy {
|
|
12
12
|
shouldRetry(err: Error | ProviderError, attempt: number): boolean;
|
|
@@ -48,13 +48,17 @@ declare class DefaultErrorHandler implements ErrorHandler {
|
|
|
48
48
|
interface CompactorOptions {
|
|
49
49
|
preserveK?: number | undefined;
|
|
50
50
|
eliseThreshold?: number | undefined;
|
|
51
|
+
/**
|
|
52
|
+
* @deprecated Ignored. Token estimation is centralized in
|
|
53
|
+
* `compaction-core`/`token-estimate` so all compactors and the context-pressure
|
|
54
|
+
* monitor agree on one number. Kept only for backward-compatible call sites.
|
|
55
|
+
*/
|
|
51
56
|
estimator?: (((text: string) => number)) | undefined;
|
|
52
57
|
}
|
|
53
58
|
|
|
54
59
|
declare class HybridCompactor implements Compactor {
|
|
55
60
|
private readonly preserveK;
|
|
56
61
|
private readonly eliseThreshold;
|
|
57
|
-
private readonly estimator;
|
|
58
62
|
constructor(opts?: CompactorOptions);
|
|
59
63
|
compact(ctx: Context, opts?: {
|
|
60
64
|
aggressive?: boolean | undefined;
|
|
@@ -64,9 +68,18 @@ declare class HybridCompactor implements Compactor {
|
|
|
64
68
|
* This is the accurate figure for context-window pressure monitoring.
|
|
65
69
|
*/
|
|
66
70
|
private estimateFullRequest;
|
|
67
|
-
|
|
71
|
+
/**
|
|
72
|
+
* Lossless rule-based collapse of ancient turns into a single digest message.
|
|
73
|
+
*
|
|
74
|
+
* Preserves ALL textual content of the collapsed range — user instructions,
|
|
75
|
+
* assistant decisions/conclusions, and any prior digests (chained forward so
|
|
76
|
+
* the digest stays lossless across repeated compactions). Only `tool_use` /
|
|
77
|
+
* `tool_result` protocol blocks are dropped and replaced with a count marker;
|
|
78
|
+
* their full payload already lives in the session log. No sub-LLM call.
|
|
79
|
+
*
|
|
80
|
+
* Returns the token savings and the digest text (for audit logging).
|
|
81
|
+
*/
|
|
68
82
|
private collapseAncientTurns;
|
|
69
|
-
private estimateMessages;
|
|
70
83
|
}
|
|
71
84
|
|
|
72
85
|
declare class ToolExecutor {
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { E as EventBus } from './brain-
|
|
2
|
-
import { M as ModelsRegistry, b as ResolvedModel } from './
|
|
3
|
-
import { c as TokenCounter, U as Usage, d as CacheStats } from './context-
|
|
1
|
+
import { E as EventBus } from './brain-Cp_3GIS2.js';
|
|
2
|
+
import { M as ModelsRegistry, b as ResolvedModel } from './config-BaVThgnT.js';
|
|
3
|
+
import { c as TokenCounter, U as Usage, d as CacheStats } from './context-C7G_MtLV.js';
|
|
4
4
|
import { P as PathResolver } from './path-resolver-CPRj4bFY.js';
|
|
5
5
|
|
|
6
6
|
/**
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { T as Tool, C as Context } from './context-
|
|
1
|
+
import { T as Tool, C as Context } from './context-C7G_MtLV.js';
|
|
2
2
|
import { I as InputReader } from './input-reader-E-ffP2ee.js';
|
|
3
|
-
import { P as PermissionPolicy, a as PermissionDecision } from './permission-
|
|
3
|
+
import { P as PermissionPolicy, a as PermissionDecision } from './permission-B7nKnEvQ.js';
|
|
4
4
|
|
|
5
5
|
interface PermissionPolicyOptions {
|
|
6
6
|
trustFile: string;
|
|
@@ -122,17 +122,6 @@ declare class DefaultPermissionPolicy implements PermissionPolicy {
|
|
|
122
122
|
* declared capabilities.
|
|
123
123
|
*/
|
|
124
124
|
declare class AutoApprovePermissionPolicy implements PermissionPolicy {
|
|
125
|
-
/**
|
|
126
|
-
* Legacy name-based denylist.
|
|
127
|
-
* @deprecated Prefer declaring `capabilities` on the Tool and using capability-based checks.
|
|
128
|
-
*/
|
|
129
|
-
private static readonly LEGACY_NAME_DENY;
|
|
130
|
-
/**
|
|
131
|
-
* Tools from MCP servers (`mcp__<server>__<tool>`) are external code of
|
|
132
|
-
* unknown capability — they may wrap a shell or filesystem. They are
|
|
133
|
-
* fail-closed here: not auto-approved for subagents by default, so the
|
|
134
|
-
* leader must allow them explicitly per-spawn.
|
|
135
|
-
*/
|
|
136
125
|
private static isMcpTool;
|
|
137
126
|
evaluate(tool: Tool): Promise<PermissionDecision>;
|
|
138
127
|
trust(): Promise<void>;
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { T as Tool, l as TextBlock, g as ContentBlock } from './context-
|
|
2
|
-
import { H as HookEvent,
|
|
1
|
+
import { T as Tool, l as TextBlock, g as ContentBlock } from './context-C7G_MtLV.js';
|
|
2
|
+
import { H as HookEvent, e as HookMatcher, I as InProcessHook, S as ShellHook, f as HookEntry } from './config-BaVThgnT.js';
|
|
3
3
|
|
|
4
4
|
/** Model capabilities relevant to prompt composition. */
|
|
5
5
|
interface ModelCapabilities {
|
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
import { E as EventBus, M as MemoryScope, k as MemoryEntry, l as MemoryStore, m as MemoryRelevanceContext, S as ScoredEntry } from './brain-
|
|
2
|
-
import { S as SecretScrubber } from './permission-
|
|
3
|
-
import { i as SessionStore, h as SessionMetadata, a as SessionWriter, p as ResumedSession, q as SessionData, r as SessionSummary, g as ContentBlock, S as SessionEvent, s as TodoItem, t as ConversationState } from './context-
|
|
4
|
-
import { A as AttachmentStore, a as AddAttachmentInput, b as AttachmentRef, c as Attachment } from './session-reader-
|
|
5
|
-
import { W as WstackPaths } from './wstack-paths-
|
|
6
|
-
import {
|
|
1
|
+
import { E as EventBus, M as MemoryScope, k as MemoryEntry, l as MemoryStore, m as MemoryRelevanceContext, S as ScoredEntry } from './brain-Cp_3GIS2.js';
|
|
2
|
+
import { S as SecretScrubber } from './permission-B7nKnEvQ.js';
|
|
3
|
+
import { i as SessionStore, h as SessionMetadata, a as SessionWriter, p as ResumedSession, q as SessionData, r as SessionSummary, g as ContentBlock, S as SessionEvent, s as TodoItem, t as ConversationState } from './context-C7G_MtLV.js';
|
|
4
|
+
import { A as AttachmentStore, a as AddAttachmentInput, b as AttachmentRef, c as Attachment } from './session-reader-BAtCxdaw.js';
|
|
5
|
+
import { W as WstackPaths } from './wstack-paths-DD50Omgn.js';
|
|
6
|
+
import { i as ConfigStore, h as Config, j as ConfigLoader, k as SyncConfig } from './config-BaVThgnT.js';
|
|
7
7
|
import { S as SecretVault } from './secret-vault-DoISxaKO.js';
|
|
8
8
|
|
|
9
9
|
interface SessionStoreOptions {
|
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
import { E as EventBus } from './brain-
|
|
1
|
+
import { E as EventBus } from './brain-Cp_3GIS2.js';
|
|
2
2
|
import { L as Logger } from './logger-B63L5bTg.js';
|
|
3
3
|
import { T as Tracer } from './observability-D-HZN_mF.js';
|
|
4
|
-
import { P as Provider, R as Request, C as Context, b as Response } from './context-
|
|
5
|
-
import { R as RetryPolicy } from './retry-policy-
|
|
4
|
+
import { P as Provider, R as Request, C as Context, b as Response } from './context-C7G_MtLV.js';
|
|
5
|
+
import { R as RetryPolicy } from './retry-policy-rutAfVeR.js';
|
|
6
6
|
|
|
7
7
|
/**
|
|
8
8
|
* Options passed to a ProviderRunner when calling the provider.
|
package/dist/sdd/index.d.ts
CHANGED
|
@@ -1,16 +1,15 @@
|
|
|
1
1
|
import { h as Specification, S as SpecAnalysis, g as SpecValidationResult, e as SpecStatus, f as SpecTemplate, b as SpecRequirement } from '../spec-TBi3Jr6T.js';
|
|
2
2
|
import { d as TaskGraph, e as TaskNode, i as TaskFilter, j as TaskSort, c as TaskProgress, T as TaskType, a as TaskPriority } from '../task-graph-u1q9Jkyk.js';
|
|
3
|
-
import { E as EventBus } from '../brain-
|
|
4
|
-
import { D as DoneCondition, g as Agent, h as AgentFactory, f as TaskResult } from '../agent-subagent-runner-
|
|
5
|
-
import '../context-
|
|
6
|
-
import '../index-
|
|
3
|
+
import { E as EventBus } from '../brain-Cp_3GIS2.js';
|
|
4
|
+
import { D as DoneCondition, g as Agent, h as AgentFactory, f as TaskResult } from '../agent-subagent-runner-1GeQE_L0.js';
|
|
5
|
+
import '../context-C7G_MtLV.js';
|
|
6
|
+
import '../index-CPweVoFM.js';
|
|
7
7
|
import '../logger-B63L5bTg.js';
|
|
8
|
-
import '../pipeline-
|
|
9
|
-
import '../config-
|
|
10
|
-
import '../models-registry-B6_KfS65.js';
|
|
8
|
+
import '../pipeline-BG7UgbDc.js';
|
|
9
|
+
import '../config-BaVThgnT.js';
|
|
11
10
|
import '../observability-D-HZN_mF.js';
|
|
12
|
-
import '../permission-
|
|
13
|
-
import '../retry-policy-
|
|
11
|
+
import '../permission-B7nKnEvQ.js';
|
|
12
|
+
import '../retry-policy-rutAfVeR.js';
|
|
14
13
|
|
|
15
14
|
declare class SpecParser {
|
|
16
15
|
parse(content: string): Specification;
|
package/dist/sdd/index.js
CHANGED
|
@@ -2209,6 +2209,13 @@ function computeParallelGroups(graph, blockedByMap) {
|
|
|
2209
2209
|
return groups;
|
|
2210
2210
|
}
|
|
2211
2211
|
|
|
2212
|
+
// src/utils/assert-never.ts
|
|
2213
|
+
function assertNever(x, message) {
|
|
2214
|
+
throw new Error(
|
|
2215
|
+
`Unhandled case: ${JSON.stringify(x)}`
|
|
2216
|
+
);
|
|
2217
|
+
}
|
|
2218
|
+
|
|
2212
2219
|
// src/sdd/spec-versioning.ts
|
|
2213
2220
|
var SpecVersioning = class {
|
|
2214
2221
|
versions = /* @__PURE__ */ new Map();
|
|
@@ -2359,6 +2366,8 @@ var SpecVersioning = class {
|
|
|
2359
2366
|
switch (type) {
|
|
2360
2367
|
case "functional":
|
|
2361
2368
|
return "feature";
|
|
2369
|
+
case "non-functional":
|
|
2370
|
+
return "feature";
|
|
2362
2371
|
case "security":
|
|
2363
2372
|
return "feature";
|
|
2364
2373
|
case "performance":
|
|
@@ -2366,7 +2375,7 @@ var SpecVersioning = class {
|
|
|
2366
2375
|
case "ux":
|
|
2367
2376
|
return "feature";
|
|
2368
2377
|
default:
|
|
2369
|
-
return
|
|
2378
|
+
return assertNever(type);
|
|
2370
2379
|
}
|
|
2371
2380
|
}
|
|
2372
2381
|
};
|
|
@@ -3721,6 +3730,53 @@ Working rules:
|
|
|
3721
3730
|
"flaws"
|
|
3722
3731
|
]
|
|
3723
3732
|
}
|
|
3733
|
+
},
|
|
3734
|
+
{
|
|
3735
|
+
config: {
|
|
3736
|
+
id: "refactor-planner",
|
|
3737
|
+
name: "Refactor Planner",
|
|
3738
|
+
role: "refactor-planner",
|
|
3739
|
+
tools: [...PLAN_TOOLS, "diff"],
|
|
3740
|
+
prompt: `You are the Refactor Planner agent. Your job is to analyze code
|
|
3741
|
+
structure and produce a concrete, phased refactoring plan with risk
|
|
3742
|
+
assessment, dependency ordering, and rollback strategy.
|
|
3743
|
+
|
|
3744
|
+
Scope:
|
|
3745
|
+
- Map module-level dependencies (import graph)
|
|
3746
|
+
- Identify coupling hotspots (high fan-in/out modules)
|
|
3747
|
+
- Assess refactoring risk by complexity and test coverage
|
|
3748
|
+
- Generate phased plans with checkpoint milestones
|
|
3749
|
+
- Produce diff-friendly task lists (one task = one concern)
|
|
3750
|
+
|
|
3751
|
+
Input format you accept:
|
|
3752
|
+
{ "task": "plan | assess | roadmap", "target": "src/core", "constraint": "no-breaking-changes | minimal-downtime | full-rewrite", "focus": "architecture | performance | maintainability" }
|
|
3753
|
+
|
|
3754
|
+
Output: Markdown refactor plan with phases (Low Risk / Medium Risk / High Risk),
|
|
3755
|
+
dependency graph, rollback strategy, and exit criteria.
|
|
3756
|
+
|
|
3757
|
+
Working rules:
|
|
3758
|
+
- Always include rollback strategy \u2014 every refactor can fail
|
|
3759
|
+
- Merge tasks that take <1h into a single phase
|
|
3760
|
+
- Respect team constraints (reviewer availability, parallelization)
|
|
3761
|
+
- Never plan without analyzing the actual code first`
|
|
3762
|
+
},
|
|
3763
|
+
budget: HEAVY_BUDGET,
|
|
3764
|
+
capability: {
|
|
3765
|
+
phase: "planning",
|
|
3766
|
+
summary: "Refactoring planner: analyzes code structure, maps dependencies, produces risk-scored phased plans with rollback strategy.",
|
|
3767
|
+
keywords: [
|
|
3768
|
+
"refactor",
|
|
3769
|
+
"refactoring",
|
|
3770
|
+
"restructure",
|
|
3771
|
+
"debt",
|
|
3772
|
+
"technical debt",
|
|
3773
|
+
"clean up",
|
|
3774
|
+
"modularize",
|
|
3775
|
+
"decouple",
|
|
3776
|
+
"dependency graph",
|
|
3777
|
+
"code structure"
|
|
3778
|
+
]
|
|
3779
|
+
}
|
|
3724
3780
|
}
|
|
3725
3781
|
];
|
|
3726
3782
|
|
|
@@ -4260,6 +4316,157 @@ Working rules:
|
|
|
4260
4316
|
"robustness"
|
|
4261
4317
|
]
|
|
4262
4318
|
}
|
|
4319
|
+
},
|
|
4320
|
+
{
|
|
4321
|
+
config: {
|
|
4322
|
+
id: "security-scanner",
|
|
4323
|
+
name: "Security Scanner",
|
|
4324
|
+
role: "security-scanner",
|
|
4325
|
+
tools: [...TOOLS.inspect],
|
|
4326
|
+
prompt: `You are the Security Scanner agent. Your job is to scan code,
|
|
4327
|
+
configs, and dependencies for security issues from hardcoded secrets to
|
|
4328
|
+
supply chain risks.
|
|
4329
|
+
|
|
4330
|
+
Scope:
|
|
4331
|
+
- Detect hardcoded secrets: API keys, tokens, passwords, private keys
|
|
4332
|
+
- Find injection vectors: eval, innerHTML, SQL concat, shell injection
|
|
4333
|
+
- Identify insecure patterns: weak crypto, hardcoded IVs, disabled TLS
|
|
4334
|
+
- Scan dependencies for known CVEs (via npm/pnpm audit)
|
|
4335
|
+
- Flag supply chain risks: postinstall hooks, unverified scripts
|
|
4336
|
+
|
|
4337
|
+
Input format you accept:
|
|
4338
|
+
{ "task": "scan | audit | secrets | dependencies", "paths": ["src", "config"], "depth": "quick | normal | deep" }
|
|
4339
|
+
|
|
4340
|
+
Output: Markdown security report with severity-ranked findings, injection
|
|
4341
|
+
vectors, dependency issues, and a remediation checklist.
|
|
4342
|
+
|
|
4343
|
+
Working rules:
|
|
4344
|
+
- Never scan node_modules \u2014 use npm audit instead
|
|
4345
|
+
- Always provide remediation steps, not just findings
|
|
4346
|
+
- Verify regex-based secrets before flagging (false positive risk)
|
|
4347
|
+
- When in doubt, flag as medium rather than ignoring potential issues`
|
|
4348
|
+
},
|
|
4349
|
+
budget: HEAVY_BUDGET,
|
|
4350
|
+
capability: {
|
|
4351
|
+
phase: "verify",
|
|
4352
|
+
summary: "Security scanner: detects hardcoded secrets, injection vectors, insecure patterns, and supply-chain risks with remediation.",
|
|
4353
|
+
keywords: [
|
|
4354
|
+
"security",
|
|
4355
|
+
"scan",
|
|
4356
|
+
"vulnerability",
|
|
4357
|
+
"secret",
|
|
4358
|
+
"api key",
|
|
4359
|
+
"hardcoded",
|
|
4360
|
+
"injection",
|
|
4361
|
+
"cve",
|
|
4362
|
+
"audit dependencies",
|
|
4363
|
+
"supply chain",
|
|
4364
|
+
"xss",
|
|
4365
|
+
"sqli",
|
|
4366
|
+
"shell injection",
|
|
4367
|
+
"sensitive data",
|
|
4368
|
+
"credential"
|
|
4369
|
+
]
|
|
4370
|
+
}
|
|
4371
|
+
},
|
|
4372
|
+
{
|
|
4373
|
+
config: {
|
|
4374
|
+
id: "bug-hunter",
|
|
4375
|
+
name: "Bug Hunter",
|
|
4376
|
+
role: "bug-hunter",
|
|
4377
|
+
tools: [...TOOLS.inspect],
|
|
4378
|
+
prompt: `You are the Bug Hunter agent. Your job is to systematically scan
|
|
4379
|
+
source code for bugs, anti-patterns, and code smells using pattern matching
|
|
4380
|
+
and heuristics. Output a prioritized hit list with file:line references.
|
|
4381
|
+
|
|
4382
|
+
Scope:
|
|
4383
|
+
- Detect common bug patterns (uncaught errors, resource leaks, race conditions)
|
|
4384
|
+
- Identify anti-patterns (callback hell, God objects, circular deps)
|
|
4385
|
+
- Find TypeScript-specific issues (unsafe any, missing null checks, branded types)
|
|
4386
|
+
- Flag security-sensitive constructs (eval, innerHTML, hardcoded secrets)
|
|
4387
|
+
- Rank findings: critical > high > medium > low
|
|
4388
|
+
|
|
4389
|
+
Input format you accept:
|
|
4390
|
+
{ "task": "scan | hunt | check", "paths": ["src/**/*.ts"], "focus": "bugs | patterns | security | all", "severityThreshold": "medium" }
|
|
4391
|
+
|
|
4392
|
+
Output: Markdown bug hunt report with critically/high/medium/low sections.
|
|
4393
|
+
Each entry: **[TYPE]** \`file:line\` \u2014 description + suggested fix
|
|
4394
|
+
|
|
4395
|
+
Working rules:
|
|
4396
|
+
- Never scan node_modules \u2014 it's noise
|
|
4397
|
+
- Always include file:line for every finding
|
|
4398
|
+
- If >30% of findings are false positives, note the confidence level
|
|
4399
|
+
- Ask director for clarification if paths are ambiguous`
|
|
4400
|
+
},
|
|
4401
|
+
budget: HEAVY_BUDGET,
|
|
4402
|
+
capability: {
|
|
4403
|
+
phase: "verify",
|
|
4404
|
+
summary: "Bug hunter: scans source code for bugs, anti-patterns, and code smells, producing a file:line-ranked hit list with fixes.",
|
|
4405
|
+
keywords: [
|
|
4406
|
+
"bug",
|
|
4407
|
+
"hunt",
|
|
4408
|
+
"scan",
|
|
4409
|
+
"code smell",
|
|
4410
|
+
"anti-pattern",
|
|
4411
|
+
"race condition",
|
|
4412
|
+
"memory leak",
|
|
4413
|
+
"null deref",
|
|
4414
|
+
"type safety",
|
|
4415
|
+
"unhandled error",
|
|
4416
|
+
"find bugs",
|
|
4417
|
+
"audit code",
|
|
4418
|
+
"code quality"
|
|
4419
|
+
]
|
|
4420
|
+
}
|
|
4421
|
+
},
|
|
4422
|
+
{
|
|
4423
|
+
config: {
|
|
4424
|
+
id: "audit-log",
|
|
4425
|
+
name: "Audit Log",
|
|
4426
|
+
role: "audit-log",
|
|
4427
|
+
tools: [...TOOLS.inspect],
|
|
4428
|
+
prompt: `You are the Audit Log agent. Your job is to analyze structured JSONL
|
|
4429
|
+
session logs and produce actionable markdown reports.
|
|
4430
|
+
|
|
4431
|
+
Scope:
|
|
4432
|
+
- Parse session logs (iteration counts, tool calls, errors, usage)
|
|
4433
|
+
- Detect repeated failure patterns across multiple runs
|
|
4434
|
+
- Identify tool usage anomalies (over-use, failures, unexpected chains)
|
|
4435
|
+
- Track token consumption trends
|
|
4436
|
+
- Generate structured audit reports with severity ratings
|
|
4437
|
+
|
|
4438
|
+
Input format you accept:
|
|
4439
|
+
{ "task": "analyze | report | trends", "sessionPath": "<path>", "focus": "errors | tools | usage | all" }
|
|
4440
|
+
|
|
4441
|
+
Output: Markdown audit report with Summary, Top Errors, Tool Usage table,
|
|
4442
|
+
Anomalies, and Cost Trend sections.
|
|
4443
|
+
|
|
4444
|
+
Working rules:
|
|
4445
|
+
- Never fabricate numbers \u2014 read the actual logs first
|
|
4446
|
+
- Always include file:line references for errors
|
|
4447
|
+
- If sessionPath is missing, ask the director to provide it
|
|
4448
|
+
- Report confidence level: high (>90% accuracy), medium, low`
|
|
4449
|
+
},
|
|
4450
|
+
budget: MEDIUM_BUDGET,
|
|
4451
|
+
capability: {
|
|
4452
|
+
phase: "verify",
|
|
4453
|
+
summary: "Audit log analyzer: parses session JSONL, detects failure patterns, tool anomalies, and cost trends with structured reports.",
|
|
4454
|
+
keywords: [
|
|
4455
|
+
"audit",
|
|
4456
|
+
"log",
|
|
4457
|
+
"logs",
|
|
4458
|
+
"session",
|
|
4459
|
+
"trace",
|
|
4460
|
+
"analyze logs",
|
|
4461
|
+
"error patterns",
|
|
4462
|
+
"cost analysis",
|
|
4463
|
+
"tool usage",
|
|
4464
|
+
"token usage",
|
|
4465
|
+
"post-mortem",
|
|
4466
|
+
"trend",
|
|
4467
|
+
"anomaly"
|
|
4468
|
+
]
|
|
4469
|
+
}
|
|
4263
4470
|
}
|
|
4264
4471
|
];
|
|
4265
4472
|
|