@wrongstack/core 0.275.0 → 0.276.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{agent-bridge-D9JkPvJ0.d.ts → agent-bridge-D7A-eu3C.d.ts} +1 -1
- package/dist/{agent-subagent-runner-CArSFKFl.d.ts → agent-subagent-runner-CEuw4ATz.d.ts} +16 -10
- package/dist/{brain-DCkB5_e7.d.ts → brain-BLOyN5ZP.d.ts} +127 -1
- package/dist/{compactor-CzSvxM1g.d.ts → compactor-DcBpaJsI.d.ts} +1 -1
- package/dist/{config-BzFRKkg7.d.ts → config-Bf5mj-ad.d.ts} +20 -2
- package/dist/{context-BrLe8pJy.d.ts → context-CLnUMW5g.d.ts} +40 -2
- package/dist/coordination/index.d.ts +43 -24
- package/dist/coordination/index.js +849 -648
- package/dist/coordination/index.js.map +1 -1
- package/dist/defaults/index.d.ts +28 -28
- package/dist/defaults/index.js +1636 -845
- package/dist/defaults/index.js.map +1 -1
- package/dist/execution/index.d.ts +16 -16
- package/dist/execution/index.js +218 -49
- package/dist/execution/index.js.map +1 -1
- package/dist/execution/prompt-enhancer.d.ts +1 -1
- package/dist/extension/index.d.ts +7 -7
- package/dist/extension/index.js.map +1 -1
- package/dist/{global-mailbox-CXkugtNQ.d.ts → global-mailbox-Iqfkgmwu.d.ts} +3 -3
- package/dist/{goal-store-DUwdbdoY.d.ts → goal-store-DGb6b5Ed.d.ts} +1 -1
- package/dist/hq/index.d.ts +6 -6
- package/dist/hq/index.js +178 -75
- package/dist/hq/index.js.map +1 -1
- package/dist/{index-CtlizLTK.d.ts → index-Cn0NOshr.d.ts} +10 -5
- package/dist/{index-neOCEy6q.d.ts → index-L4RZN9jJ.d.ts} +2 -2
- package/dist/index.d.ts +56 -48
- package/dist/index.js +2789 -1546
- package/dist/index.js.map +1 -1
- package/dist/infrastructure/index.d.ts +6 -6
- package/dist/infrastructure/index.js +26 -7
- package/dist/infrastructure/index.js.map +1 -1
- package/dist/kernel/index.d.ts +20 -12
- package/dist/kernel/index.js +55 -9
- package/dist/kernel/index.js.map +1 -1
- package/dist/{mailbox-types-_7gaY0Rl.d.ts → mailbox-types-DTl7bRH3.d.ts} +3 -1
- package/dist/{mcp-servers-MLL6bMlv.d.ts → mcp-servers-CuZGf9fI.d.ts} +4 -4
- package/dist/models/index.d.ts +5 -5
- package/dist/models/index.js +223 -139
- package/dist/models/index.js.map +1 -1
- package/dist/{models-registry-CrkcxQ-g.d.ts → models-registry-8XOdxWQu.d.ts} +16 -1
- package/dist/{multi-agent-coordinator-Dc_HuG9p.d.ts → multi-agent-coordinator-CiRtKVTk.d.ts} +8 -1
- package/dist/{null-fleet-bus-BMZwMin7.d.ts → null-fleet-bus-d9G-bVy9.d.ts} +26 -22
- package/dist/observability/index.d.ts +2 -2
- package/dist/{path-resolver-uVK4BatM.d.ts → path-resolver-BhIb6mtd.d.ts} +8 -3
- package/dist/{permission-CJR1qfOi.d.ts → permission-BCbQDR2s.d.ts} +1 -1
- package/dist/{permission-policy-DLVKKk4w.d.ts → permission-policy-C0ikndX_.d.ts} +2 -18
- package/dist/{pipeline-BYR-Vdau.d.ts → pipeline-Dl6XbfE7.d.ts} +10 -6
- package/dist/{provider-model-resolve-iREK_1lG.d.ts → provider-model-resolve-B70epO19.d.ts} +3 -3
- package/dist/{provider-runner-i7SQXZuC.d.ts → provider-runner-DZ808MSM.d.ts} +3 -3
- package/dist/{retry-policy-BmY5ooh3.d.ts → retry-policy-Dt3_z8Aj.d.ts} +1 -1
- package/dist/sdd/index.d.ts +19 -10
- package/dist/sdd/index.js +411 -240
- package/dist/sdd/index.js.map +1 -1
- package/dist/{secret-vault-C9leEMzr.d.ts → secret-vault-BUJ2d1gB.d.ts} +1 -1
- package/dist/security/index.d.ts +5 -5
- package/dist/security/index.js +30 -6
- package/dist/security/index.js.map +1 -1
- package/dist/{selector-qjpee9BF.d.ts → selector-BCkWgdwy.d.ts} +1 -1
- package/dist/{session-event-bridge-m7y--I-H.d.ts → session-event-bridge-CMvIO59_.d.ts} +1 -1
- package/dist/{session-reader-BjLH4V9n.d.ts → session-reader-C8aiChUu.d.ts} +1 -1
- package/dist/skills/index.js +1 -0
- package/dist/skills/index.js.map +1 -1
- package/dist/storage/index.d.ts +68 -30
- package/dist/storage/index.js +839 -528
- package/dist/storage/index.js.map +1 -1
- package/dist/{strategy-compactor-C2bmlWYg.d.ts → strategy-compactor-DI1OHVbB.d.ts} +10 -10
- package/dist/{todos-checkpoint-oDS9IBNS.d.ts → todos-checkpoint-Ddd2CGr0.d.ts} +56 -9
- package/dist/{tool-executor-D4YdaJ-M.d.ts → tool-executor-Bmd5Ygoo.d.ts} +45 -10
- package/dist/tools/index.d.ts +2 -2
- package/dist/tools/index.js.map +1 -1
- package/dist/types/index.d.ts +20 -20
- package/dist/types/index.js +331 -98
- package/dist/types/index.js.map +1 -1
- package/dist/utils/index.d.ts +16 -3
- package/dist/utils/index.js +159 -83
- package/dist/utils/index.js.map +1 -1
- package/dist/{worktree-manager-A1Efnvs0.d.ts → worktree-manager-DBdl_5rs.d.ts} +4 -1
- package/instructions/agents/shadow-agent.md +3 -3
- package/instructions/coordination/director-preamble.md +3 -3
- package/instructions/modes/research-web.md +4 -4
- package/package.json +1 -1
- package/skills/research-web/SKILL.md +26 -26
- package/skills/research-web/SKILL.save.md +1 -1
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { S as SecretScrubber } from './permission-
|
|
1
|
+
import { S as SecretScrubber } from './permission-BCbQDR2s.js';
|
|
2
2
|
import { L as Logger } from './logger-B63L5bTg.js';
|
|
3
3
|
import { R as RotatableSecretVault, S as SecretVault } from './secret-vault-BAKpgFw_.js';
|
|
4
4
|
|
package/dist/security/index.d.ts
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
export { a as DefaultSecretScrubber, D as DefaultSecretVault, S as SecretVaultOptions, d as decryptConfigSecrets, e as encryptConfigSecrets, i as isSecretField, m as migratePlaintextSecrets, r as rewriteConfigEncrypted, b as rotateConfigKeys } from '../secret-vault-
|
|
2
|
-
export { A as AutoApprovePermissionPolicy, D as DefaultPermissionPolicy, P as PermissionPolicyOptions } from '../permission-policy-
|
|
3
|
-
export { D as DANGEROUS_FOR_SUBAGENTS, T as ToolCapabilities, a as ToolCapability, g as getDangerousCapabilities, h as hasCapability, b as hasDangerousCapabilityForSubagents } from '../index-
|
|
4
|
-
import '../permission-
|
|
5
|
-
import '../context-
|
|
1
|
+
export { a as DefaultSecretScrubber, D as DefaultSecretVault, S as SecretVaultOptions, d as decryptConfigSecrets, e as encryptConfigSecrets, i as isSecretField, m as migratePlaintextSecrets, r as rewriteConfigEncrypted, b as rotateConfigKeys } from '../secret-vault-BUJ2d1gB.js';
|
|
2
|
+
export { A as AutoApprovePermissionPolicy, D as DefaultPermissionPolicy, P as PermissionPolicyOptions } from '../permission-policy-C0ikndX_.js';
|
|
3
|
+
export { D as DANGEROUS_FOR_SUBAGENTS, T as ToolCapabilities, a as ToolCapability, g as getDangerousCapabilities, h as hasCapability, b as hasDangerousCapabilityForSubagents } from '../index-L4RZN9jJ.js';
|
|
4
|
+
import '../permission-BCbQDR2s.js';
|
|
5
|
+
import '../context-CLnUMW5g.js';
|
|
6
6
|
import '../logger-B63L5bTg.js';
|
|
7
7
|
import '../secret-vault-BAKpgFw_.js';
|
|
8
8
|
import '../input-reader-E-ffP2ee.js';
|
package/dist/security/index.js
CHANGED
|
@@ -72,13 +72,27 @@ var PATTERNS = [
|
|
|
72
72
|
// Min 12 chars: some OAuth providers issue shorter-lived tokens (< 20
|
|
73
73
|
// chars). A 12-char base64 string has ~71 bits of entropy — above the
|
|
74
74
|
// threshold where random strings are unlikely to produce false matches.
|
|
75
|
-
|
|
75
|
+
// The trailing boundary is a NON-consuming lookahead: two adjacent bearer
|
|
76
|
+
// tokens sharing a single delimiter (`Bearer a… Bearer b…`) must both be
|
|
77
|
+
// redacted. A consuming trailing delimiter would eat the separator the
|
|
78
|
+
// next match needs for its leading anchor, leaking the second token.
|
|
79
|
+
regex: /(?:^|[^A-Za-z0-9_.~+/-])Bearer\s+[A-Za-z0-9._~+/-]{12,512}=*(?=$|[^A-Za-z0-9_.~+/-])/g
|
|
76
80
|
},
|
|
77
81
|
{
|
|
78
82
|
type: "high_entropy_env",
|
|
79
83
|
// Anchored with alternation instead of lookbehind to avoid backtracking.
|
|
80
84
|
// Value bounded at 512 chars.
|
|
81
|
-
|
|
85
|
+
// The trailing boundary is a NON-consuming lookahead so two secrets
|
|
86
|
+
// separated by a single delimiter (one space OR one newline, e.g.
|
|
87
|
+
// `printenv` / `.env` dumps: `API_KEY=… \n SESSION_TOKEN=…`) are BOTH
|
|
88
|
+
// redacted. A consuming trailing `\s` would swallow the separator the
|
|
89
|
+
// next match needs for its leading anchor, so every other secret would
|
|
90
|
+
// leak in plaintext.
|
|
91
|
+
// The leading delimiter is CAPTURED (group 1) and re-emitted by the
|
|
92
|
+
// replacement so the separator between adjacent secrets is preserved
|
|
93
|
+
// rather than collapsed. Capture groups are therefore: 1=leading
|
|
94
|
+
// delimiter, 2=key name, 3=value.
|
|
95
|
+
regex: /(^|\s)([A-Z_]{4,}(?:KEY|TOKEN|SECRET|PASSWORD|PWD))\s*[:=]\s*['"]?([A-Za-z0-9_/+=-]{20,512})['"]?(?=\s|$)/g
|
|
82
96
|
}
|
|
83
97
|
];
|
|
84
98
|
var SIMPLE_PATTERNS = PATTERNS.filter((p) => p.type !== "high_entropy_env");
|
|
@@ -86,6 +100,7 @@ var COMBINED_REGEX = new RegExp(SIMPLE_PATTERNS.map((p) => `(${p.regex.source})`
|
|
|
86
100
|
var HIGH_ENTROPY_REGEX = PATTERNS.find((p) => p.type === "high_entropy_env").regex;
|
|
87
101
|
var COMBINED_REPLACEMENTS = SIMPLE_PATTERNS.map((p) => `[REDACTED:${p.type}]`);
|
|
88
102
|
var SCRUB_CHUNK_BYTES = 64 * 1024;
|
|
103
|
+
var SCRUB_OVERLAP_BYTES = 1024;
|
|
89
104
|
function hasCredentialAnchors(text) {
|
|
90
105
|
return text.includes("-----BEGIN") || // Private keys (most unique → cheap reject)
|
|
91
106
|
text.includes("sk-") || // Anthropic + OpenAI keys
|
|
@@ -120,8 +135,16 @@ var DefaultSecretScrubber = class {
|
|
|
120
135
|
while (i < text.length) {
|
|
121
136
|
let end = Math.min(i + SCRUB_CHUNK_BYTES, text.length);
|
|
122
137
|
if (end < text.length) {
|
|
123
|
-
const
|
|
124
|
-
|
|
138
|
+
const limit = Math.min(end + SCRUB_OVERLAP_BYTES, text.length);
|
|
139
|
+
let safe = -1;
|
|
140
|
+
for (let j = end; j < limit; j++) {
|
|
141
|
+
const ch = text.charCodeAt(j);
|
|
142
|
+
if (ch === 32 || ch === 9 || ch === 10 || ch === 13) {
|
|
143
|
+
safe = j;
|
|
144
|
+
break;
|
|
145
|
+
}
|
|
146
|
+
}
|
|
147
|
+
end = safe === -1 ? end : safe + 1;
|
|
125
148
|
}
|
|
126
149
|
out.push(this.scrubOne(text.slice(i, end)));
|
|
127
150
|
i = end;
|
|
@@ -139,8 +162,8 @@ var DefaultSecretScrubber = class {
|
|
|
139
162
|
return replacement !== void 0 ? replacement : match;
|
|
140
163
|
}
|
|
141
164
|
);
|
|
142
|
-
out = out.replace(HIGH_ENTROPY_REGEX, (_match,
|
|
143
|
-
return `${
|
|
165
|
+
out = out.replace(HIGH_ENTROPY_REGEX, (_match, lead, key, _value) => {
|
|
166
|
+
return `${lead}${key}=[REDACTED:high_entropy_env]`;
|
|
144
167
|
});
|
|
145
168
|
return out;
|
|
146
169
|
}
|
|
@@ -496,6 +519,7 @@ var ERROR_CODES = {
|
|
|
496
519
|
SDD_NOT_READY: "SDD_NOT_READY",
|
|
497
520
|
// General
|
|
498
521
|
VALIDATION_ERROR: "VALIDATION_ERROR",
|
|
522
|
+
PARSE_FAILED: "PARSE_FAILED",
|
|
499
523
|
UNKNOWN: "UNKNOWN"
|
|
500
524
|
};
|
|
501
525
|
var WrongStackError = class extends Error {
|