@wrongstack/core 0.275.0 → 0.276.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (83) hide show
  1. package/dist/{agent-bridge-D9JkPvJ0.d.ts → agent-bridge-D7A-eu3C.d.ts} +1 -1
  2. package/dist/{agent-subagent-runner-CArSFKFl.d.ts → agent-subagent-runner-CEuw4ATz.d.ts} +16 -10
  3. package/dist/{brain-DCkB5_e7.d.ts → brain-BLOyN5ZP.d.ts} +127 -1
  4. package/dist/{compactor-CzSvxM1g.d.ts → compactor-DcBpaJsI.d.ts} +1 -1
  5. package/dist/{config-BzFRKkg7.d.ts → config-Bf5mj-ad.d.ts} +20 -2
  6. package/dist/{context-BrLe8pJy.d.ts → context-CLnUMW5g.d.ts} +40 -2
  7. package/dist/coordination/index.d.ts +43 -24
  8. package/dist/coordination/index.js +849 -648
  9. package/dist/coordination/index.js.map +1 -1
  10. package/dist/defaults/index.d.ts +28 -28
  11. package/dist/defaults/index.js +1636 -845
  12. package/dist/defaults/index.js.map +1 -1
  13. package/dist/execution/index.d.ts +16 -16
  14. package/dist/execution/index.js +218 -49
  15. package/dist/execution/index.js.map +1 -1
  16. package/dist/execution/prompt-enhancer.d.ts +1 -1
  17. package/dist/extension/index.d.ts +7 -7
  18. package/dist/extension/index.js.map +1 -1
  19. package/dist/{global-mailbox-CXkugtNQ.d.ts → global-mailbox-Iqfkgmwu.d.ts} +3 -3
  20. package/dist/{goal-store-DUwdbdoY.d.ts → goal-store-DGb6b5Ed.d.ts} +1 -1
  21. package/dist/hq/index.d.ts +6 -6
  22. package/dist/hq/index.js +178 -75
  23. package/dist/hq/index.js.map +1 -1
  24. package/dist/{index-CtlizLTK.d.ts → index-Cn0NOshr.d.ts} +10 -5
  25. package/dist/{index-neOCEy6q.d.ts → index-L4RZN9jJ.d.ts} +2 -2
  26. package/dist/index.d.ts +56 -48
  27. package/dist/index.js +2789 -1546
  28. package/dist/index.js.map +1 -1
  29. package/dist/infrastructure/index.d.ts +6 -6
  30. package/dist/infrastructure/index.js +26 -7
  31. package/dist/infrastructure/index.js.map +1 -1
  32. package/dist/kernel/index.d.ts +20 -12
  33. package/dist/kernel/index.js +55 -9
  34. package/dist/kernel/index.js.map +1 -1
  35. package/dist/{mailbox-types-_7gaY0Rl.d.ts → mailbox-types-DTl7bRH3.d.ts} +3 -1
  36. package/dist/{mcp-servers-MLL6bMlv.d.ts → mcp-servers-CuZGf9fI.d.ts} +4 -4
  37. package/dist/models/index.d.ts +5 -5
  38. package/dist/models/index.js +223 -139
  39. package/dist/models/index.js.map +1 -1
  40. package/dist/{models-registry-CrkcxQ-g.d.ts → models-registry-8XOdxWQu.d.ts} +16 -1
  41. package/dist/{multi-agent-coordinator-Dc_HuG9p.d.ts → multi-agent-coordinator-CiRtKVTk.d.ts} +8 -1
  42. package/dist/{null-fleet-bus-BMZwMin7.d.ts → null-fleet-bus-d9G-bVy9.d.ts} +26 -22
  43. package/dist/observability/index.d.ts +2 -2
  44. package/dist/{path-resolver-uVK4BatM.d.ts → path-resolver-BhIb6mtd.d.ts} +8 -3
  45. package/dist/{permission-CJR1qfOi.d.ts → permission-BCbQDR2s.d.ts} +1 -1
  46. package/dist/{permission-policy-DLVKKk4w.d.ts → permission-policy-C0ikndX_.d.ts} +2 -18
  47. package/dist/{pipeline-BYR-Vdau.d.ts → pipeline-Dl6XbfE7.d.ts} +10 -6
  48. package/dist/{provider-model-resolve-iREK_1lG.d.ts → provider-model-resolve-B70epO19.d.ts} +3 -3
  49. package/dist/{provider-runner-i7SQXZuC.d.ts → provider-runner-DZ808MSM.d.ts} +3 -3
  50. package/dist/{retry-policy-BmY5ooh3.d.ts → retry-policy-Dt3_z8Aj.d.ts} +1 -1
  51. package/dist/sdd/index.d.ts +19 -10
  52. package/dist/sdd/index.js +411 -240
  53. package/dist/sdd/index.js.map +1 -1
  54. package/dist/{secret-vault-C9leEMzr.d.ts → secret-vault-BUJ2d1gB.d.ts} +1 -1
  55. package/dist/security/index.d.ts +5 -5
  56. package/dist/security/index.js +30 -6
  57. package/dist/security/index.js.map +1 -1
  58. package/dist/{selector-qjpee9BF.d.ts → selector-BCkWgdwy.d.ts} +1 -1
  59. package/dist/{session-event-bridge-m7y--I-H.d.ts → session-event-bridge-CMvIO59_.d.ts} +1 -1
  60. package/dist/{session-reader-BjLH4V9n.d.ts → session-reader-C8aiChUu.d.ts} +1 -1
  61. package/dist/skills/index.js +1 -0
  62. package/dist/skills/index.js.map +1 -1
  63. package/dist/storage/index.d.ts +68 -30
  64. package/dist/storage/index.js +839 -528
  65. package/dist/storage/index.js.map +1 -1
  66. package/dist/{strategy-compactor-C2bmlWYg.d.ts → strategy-compactor-DI1OHVbB.d.ts} +10 -10
  67. package/dist/{todos-checkpoint-oDS9IBNS.d.ts → todos-checkpoint-Ddd2CGr0.d.ts} +56 -9
  68. package/dist/{tool-executor-D4YdaJ-M.d.ts → tool-executor-Bmd5Ygoo.d.ts} +45 -10
  69. package/dist/tools/index.d.ts +2 -2
  70. package/dist/tools/index.js.map +1 -1
  71. package/dist/types/index.d.ts +20 -20
  72. package/dist/types/index.js +331 -98
  73. package/dist/types/index.js.map +1 -1
  74. package/dist/utils/index.d.ts +16 -3
  75. package/dist/utils/index.js +159 -83
  76. package/dist/utils/index.js.map +1 -1
  77. package/dist/{worktree-manager-A1Efnvs0.d.ts → worktree-manager-DBdl_5rs.d.ts} +4 -1
  78. package/instructions/agents/shadow-agent.md +3 -3
  79. package/instructions/coordination/director-preamble.md +3 -3
  80. package/instructions/modes/research-web.md +4 -4
  81. package/package.json +1 -1
  82. package/skills/research-web/SKILL.md +26 -26
  83. package/skills/research-web/SKILL.save.md +1 -1
@@ -1,4 +1,4 @@
1
- import { S as SecretScrubber } from './permission-CJR1qfOi.js';
1
+ import { S as SecretScrubber } from './permission-BCbQDR2s.js';
2
2
  import { L as Logger } from './logger-B63L5bTg.js';
3
3
  import { R as RotatableSecretVault, S as SecretVault } from './secret-vault-BAKpgFw_.js';
4
4
 
@@ -1,8 +1,8 @@
1
- export { a as DefaultSecretScrubber, D as DefaultSecretVault, S as SecretVaultOptions, d as decryptConfigSecrets, e as encryptConfigSecrets, i as isSecretField, m as migratePlaintextSecrets, r as rewriteConfigEncrypted, b as rotateConfigKeys } from '../secret-vault-C9leEMzr.js';
2
- export { A as AutoApprovePermissionPolicy, D as DefaultPermissionPolicy, P as PermissionPolicyOptions } from '../permission-policy-DLVKKk4w.js';
3
- export { D as DANGEROUS_FOR_SUBAGENTS, T as ToolCapabilities, a as ToolCapability, g as getDangerousCapabilities, h as hasCapability, b as hasDangerousCapabilityForSubagents } from '../index-neOCEy6q.js';
4
- import '../permission-CJR1qfOi.js';
5
- import '../context-BrLe8pJy.js';
1
+ export { a as DefaultSecretScrubber, D as DefaultSecretVault, S as SecretVaultOptions, d as decryptConfigSecrets, e as encryptConfigSecrets, i as isSecretField, m as migratePlaintextSecrets, r as rewriteConfigEncrypted, b as rotateConfigKeys } from '../secret-vault-BUJ2d1gB.js';
2
+ export { A as AutoApprovePermissionPolicy, D as DefaultPermissionPolicy, P as PermissionPolicyOptions } from '../permission-policy-C0ikndX_.js';
3
+ export { D as DANGEROUS_FOR_SUBAGENTS, T as ToolCapabilities, a as ToolCapability, g as getDangerousCapabilities, h as hasCapability, b as hasDangerousCapabilityForSubagents } from '../index-L4RZN9jJ.js';
4
+ import '../permission-BCbQDR2s.js';
5
+ import '../context-CLnUMW5g.js';
6
6
  import '../logger-B63L5bTg.js';
7
7
  import '../secret-vault-BAKpgFw_.js';
8
8
  import '../input-reader-E-ffP2ee.js';
@@ -72,13 +72,27 @@ var PATTERNS = [
72
72
  // Min 12 chars: some OAuth providers issue shorter-lived tokens (< 20
73
73
  // chars). A 12-char base64 string has ~71 bits of entropy — above the
74
74
  // threshold where random strings are unlikely to produce false matches.
75
- regex: /(?:^|[^A-Za-z0-9_.~+/-])Bearer\s+[A-Za-z0-9._~+/-]{12,512}=*(?:$|[^A-Za-z0-9_.~+/-])/g
75
+ // The trailing boundary is a NON-consuming lookahead: two adjacent bearer
76
+ // tokens sharing a single delimiter (`Bearer a… Bearer b…`) must both be
77
+ // redacted. A consuming trailing delimiter would eat the separator the
78
+ // next match needs for its leading anchor, leaking the second token.
79
+ regex: /(?:^|[^A-Za-z0-9_.~+/-])Bearer\s+[A-Za-z0-9._~+/-]{12,512}=*(?=$|[^A-Za-z0-9_.~+/-])/g
76
80
  },
77
81
  {
78
82
  type: "high_entropy_env",
79
83
  // Anchored with alternation instead of lookbehind to avoid backtracking.
80
84
  // Value bounded at 512 chars.
81
- regex: /(?:^|\s)([A-Z_]{4,}(?:KEY|TOKEN|SECRET|PASSWORD|PWD))\s*[:=]\s*['"]?([A-Za-z0-9_/+=-]{20,512})['"]?(?:\s|$)/g
85
+ // The trailing boundary is a NON-consuming lookahead so two secrets
86
+ // separated by a single delimiter (one space OR one newline, e.g.
87
+ // `printenv` / `.env` dumps: `API_KEY=… \n SESSION_TOKEN=…`) are BOTH
88
+ // redacted. A consuming trailing `\s` would swallow the separator the
89
+ // next match needs for its leading anchor, so every other secret would
90
+ // leak in plaintext.
91
+ // The leading delimiter is CAPTURED (group 1) and re-emitted by the
92
+ // replacement so the separator between adjacent secrets is preserved
93
+ // rather than collapsed. Capture groups are therefore: 1=leading
94
+ // delimiter, 2=key name, 3=value.
95
+ regex: /(^|\s)([A-Z_]{4,}(?:KEY|TOKEN|SECRET|PASSWORD|PWD))\s*[:=]\s*['"]?([A-Za-z0-9_/+=-]{20,512})['"]?(?=\s|$)/g
82
96
  }
83
97
  ];
84
98
  var SIMPLE_PATTERNS = PATTERNS.filter((p) => p.type !== "high_entropy_env");
@@ -86,6 +100,7 @@ var COMBINED_REGEX = new RegExp(SIMPLE_PATTERNS.map((p) => `(${p.regex.source})`
86
100
  var HIGH_ENTROPY_REGEX = PATTERNS.find((p) => p.type === "high_entropy_env").regex;
87
101
  var COMBINED_REPLACEMENTS = SIMPLE_PATTERNS.map((p) => `[REDACTED:${p.type}]`);
88
102
  var SCRUB_CHUNK_BYTES = 64 * 1024;
103
+ var SCRUB_OVERLAP_BYTES = 1024;
89
104
  function hasCredentialAnchors(text) {
90
105
  return text.includes("-----BEGIN") || // Private keys (most unique → cheap reject)
91
106
  text.includes("sk-") || // Anthropic + OpenAI keys
@@ -120,8 +135,16 @@ var DefaultSecretScrubber = class {
120
135
  while (i < text.length) {
121
136
  let end = Math.min(i + SCRUB_CHUNK_BYTES, text.length);
122
137
  if (end < text.length) {
123
- const nl = text.lastIndexOf("\n", end);
124
- if (nl > i + SCRUB_CHUNK_BYTES / 2) end = nl + 1;
138
+ const limit = Math.min(end + SCRUB_OVERLAP_BYTES, text.length);
139
+ let safe = -1;
140
+ for (let j = end; j < limit; j++) {
141
+ const ch = text.charCodeAt(j);
142
+ if (ch === 32 || ch === 9 || ch === 10 || ch === 13) {
143
+ safe = j;
144
+ break;
145
+ }
146
+ }
147
+ end = safe === -1 ? end : safe + 1;
125
148
  }
126
149
  out.push(this.scrubOne(text.slice(i, end)));
127
150
  i = end;
@@ -139,8 +162,8 @@ var DefaultSecretScrubber = class {
139
162
  return replacement !== void 0 ? replacement : match;
140
163
  }
141
164
  );
142
- out = out.replace(HIGH_ENTROPY_REGEX, (_match, group1, _group2) => {
143
- return `${group1}=[REDACTED:high_entropy_env]`;
165
+ out = out.replace(HIGH_ENTROPY_REGEX, (_match, lead, key, _value) => {
166
+ return `${lead}${key}=[REDACTED:high_entropy_env]`;
144
167
  });
145
168
  return out;
146
169
  }
@@ -496,6 +519,7 @@ var ERROR_CODES = {
496
519
  SDD_NOT_READY: "SDD_NOT_READY",
497
520
  // General
498
521
  VALIDATION_ERROR: "VALIDATION_ERROR",
522
+ PARSE_FAILED: "PARSE_FAILED",
499
523
  UNKNOWN: "UNKNOWN"
500
524
  };
501
525
  var WrongStackError = class extends Error {