@wrongstack/core 0.276.4 → 0.277.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{agent-bridge-D7A-eu3C.d.ts → agent-bridge-BFJ2ODzI.d.ts} +1 -1
- package/dist/{agent-subagent-runner-CEuw4ATz.d.ts → agent-subagent-runner-BimKihiC.d.ts} +7 -7
- package/dist/{brain-BLOyN5ZP.d.ts → brain-CCfuEOdp.d.ts} +1 -1
- package/dist/{compactor-DcBpaJsI.d.ts → compactor-D3BGw26y.d.ts} +1 -1
- package/dist/{config-Bf5mj-ad.d.ts → config-DAOjriz9.d.ts} +1 -1
- package/dist/{context-CLnUMW5g.d.ts → context-DPlA6kid.d.ts} +5 -6
- package/dist/coordination/index.d.ts +17 -17
- package/dist/coordination/index.js +38 -14
- package/dist/coordination/index.js.map +1 -1
- package/dist/defaults/index.d.ts +27 -27
- package/dist/defaults/index.js +96 -53
- package/dist/defaults/index.js.map +1 -1
- package/dist/execution/index.d.ts +15 -15
- package/dist/execution/index.js +13 -1
- package/dist/execution/index.js.map +1 -1
- package/dist/execution/prompt-enhancer.d.ts +1 -1
- package/dist/extension/index.d.ts +6 -6
- package/dist/{global-mailbox-Iqfkgmwu.d.ts → global-mailbox-Dr4cTKqL.d.ts} +1 -1
- package/dist/{goal-store-DGb6b5Ed.d.ts → goal-store-C1uH4srH.d.ts} +1 -1
- package/dist/hq/index.d.ts +5 -5
- package/dist/{index-Cn0NOshr.d.ts → index-DJXj-dcr.d.ts} +5 -5
- package/dist/{index-L4RZN9jJ.d.ts → index-cMEmzCVN.d.ts} +23 -5
- package/dist/index.d.ts +41 -41
- package/dist/index.js +139 -71
- package/dist/index.js.map +1 -1
- package/dist/infrastructure/index.d.ts +6 -6
- package/dist/infrastructure/index.js +4 -1
- package/dist/infrastructure/index.js.map +1 -1
- package/dist/kernel/index.d.ts +11 -11
- package/dist/{mcp-servers-CuZGf9fI.d.ts → mcp-servers-CFb60-pH.d.ts} +3 -3
- package/dist/models/index.d.ts +5 -5
- package/dist/{models-registry-8XOdxWQu.d.ts → models-registry-5Ufn7f2m.d.ts} +1 -1
- package/dist/{multi-agent-coordinator-CiRtKVTk.d.ts → multi-agent-coordinator-CcrcncvG.d.ts} +1 -1
- package/dist/{null-fleet-bus-d9G-bVy9.d.ts → null-fleet-bus-C9KsYyrI.d.ts} +13 -6
- package/dist/observability/index.d.ts +2 -2
- package/dist/{path-resolver-BhIb6mtd.d.ts → path-resolver-CEeX9I7O.d.ts} +3 -3
- package/dist/{permission-BCbQDR2s.d.ts → permission-DbsGOA1C.d.ts} +7 -6
- package/dist/{permission-policy-C0ikndX_.d.ts → permission-policy-BpEea3r7.d.ts} +12 -14
- package/dist/{pipeline-Dl6XbfE7.d.ts → pipeline-CEjBjzVA.d.ts} +2 -2
- package/dist/{provider-model-resolve-B70epO19.d.ts → provider-model-resolve-BpfXp3Jj.d.ts} +3 -3
- package/dist/{provider-runner-DZ808MSM.d.ts → provider-runner-CnOSr5BN.d.ts} +3 -3
- package/dist/{retry-policy-Dt3_z8Aj.d.ts → retry-policy-Git9WF6d.d.ts} +1 -1
- package/dist/sdd/index.d.ts +9 -9
- package/dist/{secret-vault-BUJ2d1gB.d.ts → secret-vault-DDSMHqIm.d.ts} +1 -1
- package/dist/security/index.d.ts +5 -5
- package/dist/security/index.js +83 -45
- package/dist/security/index.js.map +1 -1
- package/dist/{selector-BCkWgdwy.d.ts → selector-Cq72C0Oy.d.ts} +1 -1
- package/dist/{session-event-bridge-CMvIO59_.d.ts → session-event-bridge-DG94B3Bk.d.ts} +1 -1
- package/dist/{session-reader-C8aiChUu.d.ts → session-reader-BzT-iMQT.d.ts} +1 -1
- package/dist/storage/index.d.ts +11 -11
- package/dist/{strategy-compactor-DI1OHVbB.d.ts → strategy-compactor-Bt_ZH6R0.d.ts} +10 -10
- package/dist/{todos-checkpoint-Ddd2CGr0.d.ts → todos-checkpoint-CH1pcua9.d.ts} +5 -5
- package/dist/{tool-executor-Bmd5Ygoo.d.ts → tool-executor-SVFq7IOR.d.ts} +9 -9
- package/dist/tools/index.d.ts +2 -2
- package/dist/tools/index.js +5 -6
- package/dist/tools/index.js.map +1 -1
- package/dist/types/index.d.ts +19 -19
- package/dist/types/index.js +13 -1
- package/dist/types/index.js.map +1 -1
- package/dist/utils/index.d.ts +17 -3
- package/dist/utils/index.js +5 -1
- package/dist/utils/index.js.map +1 -1
- package/dist/{worktree-manager-DBdl_5rs.d.ts → worktree-manager-C4YIf1Fa.d.ts} +1 -1
- package/instructions/leader-after-task.md +6 -0
- package/package.json +2 -2
- package/skills/output-standards/SKILL.md +1 -0
- package/skills/research-web/SKILL.md +1 -1
package/dist/kernel/index.d.ts
CHANGED
|
@@ -1,20 +1,20 @@
|
|
|
1
|
-
import { T as Token, a as Renderer, S as SystemPromptBuilder, H as HookRegistry } from '../pipeline-
|
|
2
|
-
export { d as BindOptions, C as Container, D as Decorator, F as Factory, b as Middleware, M as MiddlewareHandler, N as NextFn, P as Pipeline, e as PipelineOptions } from '../pipeline-
|
|
3
|
-
import { c as MemoryStore, B as BrainArbiter } from '../brain-
|
|
4
|
-
export { E as EventBus, m as EventLogger, n as EventMap, a as EventName, L as Listener, v as ScopedEventBus } from '../brain-
|
|
5
|
-
import { C as Compactor } from '../compactor-
|
|
6
|
-
import { j as ConfigLoader, l as ConfigStore, M as ModelsRegistry } from '../config-
|
|
7
|
-
import { E as ErrorHandler, R as RetryPolicy } from '../retry-policy-
|
|
1
|
+
import { T as Token, a as Renderer, S as SystemPromptBuilder, H as HookRegistry } from '../pipeline-CEjBjzVA.js';
|
|
2
|
+
export { d as BindOptions, C as Container, D as Decorator, F as Factory, b as Middleware, M as MiddlewareHandler, N as NextFn, P as Pipeline, e as PipelineOptions } from '../pipeline-CEjBjzVA.js';
|
|
3
|
+
import { c as MemoryStore, B as BrainArbiter } from '../brain-CCfuEOdp.js';
|
|
4
|
+
export { E as EventBus, m as EventLogger, n as EventMap, a as EventName, L as Listener, v as ScopedEventBus } from '../brain-CCfuEOdp.js';
|
|
5
|
+
import { C as Compactor } from '../compactor-D3BGw26y.js';
|
|
6
|
+
import { j as ConfigLoader, l as ConfigStore, M as ModelsRegistry } from '../config-DAOjriz9.js';
|
|
7
|
+
import { E as ErrorHandler, R as RetryPolicy } from '../retry-policy-Git9WF6d.js';
|
|
8
8
|
import { I as InputReader } from '../input-reader-E-ffP2ee.js';
|
|
9
9
|
import { L as Logger } from '../logger-B63L5bTg.js';
|
|
10
10
|
import { M as ModeStore } from '../mode-CZlO9iU1.js';
|
|
11
11
|
import { P as PathResolver } from '../path-resolver-CPRj4bFY.js';
|
|
12
|
-
import { P as PermissionPolicy, S as SecretScrubber } from '../permission-
|
|
13
|
-
import { P as ProviderRunner } from '../provider-runner-
|
|
14
|
-
import { e as TokenCounter, k as SessionStore } from '../context-
|
|
12
|
+
import { P as PermissionPolicy, S as SecretScrubber } from '../permission-DbsGOA1C.js';
|
|
13
|
+
import { P as ProviderRunner } from '../provider-runner-CnOSr5BN.js';
|
|
14
|
+
import { e as TokenCounter, k as SessionStore } from '../context-DPlA6kid.js';
|
|
15
15
|
import { P as PromptLoader } from '../prompt-DLd35n4Q.js';
|
|
16
16
|
import { S as SkillLoader } from '../skill-DGIXCtdv.js';
|
|
17
|
-
import { W as WorktreeManager } from '../worktree-manager-
|
|
17
|
+
import { W as WorktreeManager } from '../worktree-manager-C4YIf1Fa.js';
|
|
18
18
|
import '../mailbox-types-DTl7bRH3.js';
|
|
19
19
|
import '../observability-D-HZN_mF.js';
|
|
20
20
|
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { C as Compactor } from './compactor-
|
|
2
|
-
import { M as Message, T as Tool } from './context-
|
|
3
|
-
import { c as MCPServerConfig } from './config-
|
|
1
|
+
import { C as Compactor } from './compactor-D3BGw26y.js';
|
|
2
|
+
import { M as Message, T as Tool } from './context-DPlA6kid.js';
|
|
3
|
+
import { c as MCPServerConfig } from './config-DAOjriz9.js';
|
|
4
4
|
|
|
5
5
|
type ContextManagerAction = 'check' | 'summary' | 'prune' | 'add_note' | 'compact' | 'repair';
|
|
6
6
|
interface ContextManagerInput {
|
package/dist/models/index.d.ts
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
export { D as DefaultModelsRegistry, a as DefaultModelsRegistryOptions, c as classifyFamily } from '../models-registry-
|
|
2
|
-
export { C as CODEX_MODELS, a as CodexModelMeta, D as DefaultModeStore, L as LLMSelector, b as LLMSelectorOptions, M as ModeLoaderOptions, P as ProviderModelDescriptor, c as codexModelMeta, d as describeCatalogModel, l as loadProjectModes, e as loadUserModes, r as resolveProviderModelList } from '../provider-model-resolve-
|
|
3
|
-
import { d as ModelMatrixEntry, P as ProviderConfig } from '../config-
|
|
4
|
-
import '../context-
|
|
5
|
-
import '../selector-
|
|
1
|
+
export { D as DefaultModelsRegistry, a as DefaultModelsRegistryOptions, c as classifyFamily } from '../models-registry-5Ufn7f2m.js';
|
|
2
|
+
export { C as CODEX_MODELS, a as CodexModelMeta, D as DefaultModeStore, L as LLMSelector, b as LLMSelectorOptions, M as ModeLoaderOptions, P as ProviderModelDescriptor, c as codexModelMeta, d as describeCatalogModel, l as loadProjectModes, e as loadUserModes, r as resolveProviderModelList } from '../provider-model-resolve-BpfXp3Jj.js';
|
|
3
|
+
import { d as ModelMatrixEntry, P as ProviderConfig } from '../config-DAOjriz9.js';
|
|
4
|
+
import '../context-DPlA6kid.js';
|
|
5
|
+
import '../selector-Cq72C0Oy.js';
|
|
6
6
|
import '../mode-CZlO9iU1.js';
|
|
7
7
|
|
|
8
8
|
/**
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { M as ModelsRegistry, a as ModelsDevPayload, R as ResolvedProvider, b as ResolvedModel, W as WireFamily } from './config-
|
|
1
|
+
import { M as ModelsRegistry, a as ModelsDevPayload, R as ResolvedProvider, b as ResolvedModel, W as WireFamily } from './config-DAOjriz9.js';
|
|
2
2
|
|
|
3
3
|
interface DefaultModelsRegistryOptions {
|
|
4
4
|
cacheFile: string;
|
package/dist/{multi-agent-coordinator-CiRtKVTk.d.ts → multi-agent-coordinator-CcrcncvG.d.ts}
RENAMED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { S as SubagentConfig, M as MultiAgentCoordinator, c as MultiAgentConfig, d as SubagentRunner, e as BudgetSessionIdSource, F as FleetBus, f as SpawnResult, T as TaskSpec, a as BridgeMessage, A as AgentBridge, C as CoordinatorStatus, g as TaskResult } from './agent-subagent-runner-
|
|
1
|
+
import { S as SubagentConfig, M as MultiAgentCoordinator, c as MultiAgentConfig, d as SubagentRunner, e as BudgetSessionIdSource, F as FleetBus, f as SpawnResult, T as TaskSpec, a as BridgeMessage, A as AgentBridge, C as CoordinatorStatus, g as TaskResult } from './agent-subagent-runner-BimKihiC.js';
|
|
2
2
|
import { EventEmitter } from 'node:events';
|
|
3
3
|
|
|
4
4
|
/**
|
|
@@ -1,12 +1,12 @@
|
|
|
1
|
-
import { A as AgentPhase, b as AgentDefinition, a as DefaultMultiAgentCoordinator, D as DispatchClassifier } from './multi-agent-coordinator-
|
|
2
|
-
import { F as FleetBus, j as FleetUsage, S as SubagentConfig, k as FleetUsageAggregator, g as TaskResult, C as CoordinatorStatus, T as TaskSpec, c as MultiAgentConfig, d as SubagentRunner } from './agent-subagent-runner-
|
|
3
|
-
import { b as SessionWriter, T as Tool, k as SessionStore } from './context-
|
|
4
|
-
import { B as BrainArbiter, E as EventBus } from './brain-
|
|
1
|
+
import { A as AgentPhase, b as AgentDefinition, a as DefaultMultiAgentCoordinator, D as DispatchClassifier } from './multi-agent-coordinator-CcrcncvG.js';
|
|
2
|
+
import { F as FleetBus, j as FleetUsage, S as SubagentConfig, k as FleetUsageAggregator, g as TaskResult, C as CoordinatorStatus, T as TaskSpec, c as MultiAgentConfig, d as SubagentRunner } from './agent-subagent-runner-BimKihiC.js';
|
|
3
|
+
import { b as SessionWriter, T as Tool, k as SessionStore } from './context-DPlA6kid.js';
|
|
4
|
+
import { B as BrainArbiter, E as EventBus } from './brain-CCfuEOdp.js';
|
|
5
5
|
import { EventEmitter } from 'node:events';
|
|
6
6
|
import { L as Logger } from './logger-B63L5bTg.js';
|
|
7
7
|
import { D as DirectorStateSnapshot } from './director-state-BfeCUbmk.js';
|
|
8
|
-
import { d as ModelMatrixEntry } from './config-
|
|
9
|
-
import { I as InMemoryAgentBridge } from './agent-bridge-
|
|
8
|
+
import { d as ModelMatrixEntry } from './config-DAOjriz9.js';
|
|
9
|
+
import { I as InMemoryAgentBridge } from './agent-bridge-BFJ2ODzI.js';
|
|
10
10
|
|
|
11
11
|
/**
|
|
12
12
|
* Alert levels the Director can emit when a collab session needs attention.
|
|
@@ -518,6 +518,8 @@ declare class FleetManager implements IFleetManager {
|
|
|
518
518
|
private readonly stateCheckpoint;
|
|
519
519
|
private readonly sessionWriter;
|
|
520
520
|
private manifestTimer;
|
|
521
|
+
private manifestWriteChain;
|
|
522
|
+
private disposed;
|
|
521
523
|
private readonly manifestDebounceMs;
|
|
522
524
|
/** Fleet-wide cost cap. Infinity = no cap. Distinct from SubagentBudget limits,
|
|
523
525
|
* which track per-subagent spend — this field caps the entire fleet total. */
|
|
@@ -600,6 +602,7 @@ declare class FleetManager implements IFleetManager {
|
|
|
600
602
|
cacheWrite?: number | undefined;
|
|
601
603
|
}): void;
|
|
602
604
|
writeManifest(): Promise<string | null>;
|
|
605
|
+
private writeManifestNow;
|
|
603
606
|
/**
|
|
604
607
|
* Attach task ids to an already-spawned subagent. Called by
|
|
605
608
|
* `Director.assign()` after the coordinator assigns a task.
|
|
@@ -616,6 +619,7 @@ declare class FleetManager implements IFleetManager {
|
|
|
616
619
|
* Clears any pending debounce timer before writing.
|
|
617
620
|
*/
|
|
618
621
|
flushManifest(): Promise<void>;
|
|
622
|
+
private clearManifestTimer;
|
|
619
623
|
/** Best-effort session event writer. Swallows failures. */
|
|
620
624
|
private appendSessionEvent;
|
|
621
625
|
addPendingTask(taskId: string, subagentId: string, description: string): void;
|
|
@@ -1110,6 +1114,7 @@ declare class Director implements ICoordinator {
|
|
|
1110
1114
|
private readonly sessionIdSource;
|
|
1111
1115
|
/** Debounce timer for periodic manifest writes. */
|
|
1112
1116
|
private manifestTimer;
|
|
1117
|
+
private manifestWriteChain;
|
|
1113
1118
|
private readonly manifestDebounceMs;
|
|
1114
1119
|
/** Fleet-wide cost cap (entire fleet total, distinct from SubagentBudget limits). Infinity means no cap. */
|
|
1115
1120
|
private readonly maxFleetCostUsd;
|
|
@@ -1264,6 +1269,7 @@ declare class Director implements ICoordinator {
|
|
|
1264
1269
|
* collapses into one write. Set `manifestDebounceMs` to 0 to write
|
|
1265
1270
|
* synchronously (no debounce); set to negative to disable entirely. */
|
|
1266
1271
|
private scheduleManifest;
|
|
1272
|
+
private clearManifestTimer;
|
|
1267
1273
|
/**
|
|
1268
1274
|
* Spawn a subagent. Identical to the coordinator's `spawn()` but
|
|
1269
1275
|
* captures provider/model metadata for the usage aggregator and
|
|
@@ -1312,6 +1318,7 @@ declare class Director implements ICoordinator {
|
|
|
1312
1318
|
* replay an entire director run.
|
|
1313
1319
|
*/
|
|
1314
1320
|
writeManifest(): Promise<string | null>;
|
|
1321
|
+
private writeManifestNow;
|
|
1315
1322
|
/**
|
|
1316
1323
|
* Tear down the director: stop every subagent, close every bridge
|
|
1317
1324
|
* endpoint, and (when configured) write the final manifest. Idempotent
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import { M as MetricsSink, d as MetricLabels, f as MetricsSnapshot, H as HealthRegistry, a as HealthCheck, A as AggregateHealth, T as Tracer, S as Span } from '../observability-D-HZN_mF.js';
|
|
2
|
-
import { E as EventBus } from '../brain-
|
|
3
|
-
import '../context-
|
|
2
|
+
import { E as EventBus } from '../brain-CCfuEOdp.js';
|
|
3
|
+
import '../context-DPlA6kid.js';
|
|
4
4
|
|
|
5
5
|
/**
|
|
6
6
|
* In-memory metrics sink. Suitable for embedded use, tests, and /metrics
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { E as EventBus } from './brain-
|
|
2
|
-
import { M as ModelsRegistry, b as ResolvedModel } from './config-
|
|
3
|
-
import { e as TokenCounter, U as Usage, f as CacheStats } from './context-
|
|
1
|
+
import { E as EventBus } from './brain-CCfuEOdp.js';
|
|
2
|
+
import { M as ModelsRegistry, b as ResolvedModel } from './config-DAOjriz9.js';
|
|
3
|
+
import { e as TokenCounter, U as Usage, f as CacheStats } from './context-DPlA6kid.js';
|
|
4
4
|
import { P as PathResolver } from './path-resolver-CPRj4bFY.js';
|
|
5
5
|
|
|
6
6
|
/**
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { T as Tool, C as Context, h as Permission } from './context-
|
|
1
|
+
import { T as Tool, C as Context, h as Permission } from './context-DPlA6kid.js';
|
|
2
2
|
|
|
3
3
|
interface SecretScrubber {
|
|
4
4
|
scrub(text: string): string;
|
|
@@ -43,8 +43,9 @@ interface PermissionPolicy {
|
|
|
43
43
|
pattern: string;
|
|
44
44
|
}): void;
|
|
45
45
|
/**
|
|
46
|
-
* Auto-approve this tool+pattern
|
|
47
|
-
*
|
|
46
|
+
* Auto-approve this tool+pattern once (no persistence). Used when user
|
|
47
|
+
* presses 'y' so the immediate confirmed re-run can proceed without making
|
|
48
|
+
* future destructive calls silent.
|
|
48
49
|
*/
|
|
49
50
|
allowOnce(rule: {
|
|
50
51
|
tool: string;
|
|
@@ -55,13 +56,13 @@ interface PermissionPolicy {
|
|
|
55
56
|
getYolo?(): boolean;
|
|
56
57
|
/** Optional runtime setter for policies that support leader YOLO toggling. */
|
|
57
58
|
setYolo?(enabled: boolean): void;
|
|
58
|
-
/** Optional runtime query for the destructive YOLO override. */
|
|
59
|
+
/** Optional runtime query for the deprecated destructive YOLO override. */
|
|
59
60
|
getYoloDestructive?(): boolean;
|
|
60
|
-
/** Optional runtime setter for the destructive YOLO override. */
|
|
61
|
+
/** Optional runtime setter for the deprecated destructive YOLO override. */
|
|
61
62
|
setYoloDestructive?(enabled: boolean): void;
|
|
62
63
|
/** Query whether destructive-operation confirmation gate is active. */
|
|
63
64
|
getConfirmDestructive?(): boolean;
|
|
64
|
-
/**
|
|
65
|
+
/** Compatibility setter; current default policy keeps the gate enabled in YOLO mode. */
|
|
65
66
|
setConfirmDestructive?(enabled: boolean): void;
|
|
66
67
|
/** Set the prompt delegate (optional). */
|
|
67
68
|
setPromptDelegate?(delegate: ((tool: Tool, input: unknown, suggestedPattern: string) => Promise<'yes' | 'no' | 'always' | 'deny'>) | undefined): void;
|
|
@@ -1,23 +1,20 @@
|
|
|
1
|
-
import { T as Tool, C as Context } from './context-
|
|
1
|
+
import { T as Tool, C as Context } from './context-DPlA6kid.js';
|
|
2
2
|
import { I as InputReader } from './input-reader-E-ffP2ee.js';
|
|
3
|
-
import { P as PermissionPolicy, a as PermissionDecision } from './permission-
|
|
3
|
+
import { P as PermissionPolicy, a as PermissionDecision } from './permission-DbsGOA1C.js';
|
|
4
4
|
|
|
5
5
|
interface PermissionPolicyOptions {
|
|
6
6
|
trustFile: string;
|
|
7
7
|
yolo?: boolean | undefined;
|
|
8
8
|
/**
|
|
9
|
-
*
|
|
10
|
-
*
|
|
11
|
-
* to opt back into destructive-operation confirmation prompts.
|
|
9
|
+
* @deprecated Kept for CLI compatibility only. YOLO no longer bypasses
|
|
10
|
+
* destructive-operation confirmation.
|
|
12
11
|
*/
|
|
13
12
|
yoloDestructive?: boolean | undefined;
|
|
14
13
|
/** @deprecated Use `yoloDestructive`. */
|
|
15
14
|
forceAllYolo?: boolean | undefined;
|
|
16
15
|
/**
|
|
17
|
-
*
|
|
18
|
-
*
|
|
19
|
-
* explicit approval for `rm -rf`, project-escaping writes, etc.
|
|
20
|
-
* Has no effect when yolo is false (normal permission flow applies).
|
|
16
|
+
* @deprecated Destructive confirmation is always enabled in YOLO mode.
|
|
17
|
+
* Kept for compatibility with older callers.
|
|
21
18
|
*/
|
|
22
19
|
confirmDestructive?: boolean | undefined;
|
|
23
20
|
promptDelegate?: (tool: Tool, input: unknown, suggestedPattern: string) => Promise<'yes' | 'no' | 'always' | 'deny'>;
|
|
@@ -40,9 +37,10 @@ declare class DefaultPermissionPolicy implements PermissionPolicy {
|
|
|
40
37
|
*/
|
|
41
38
|
private sessionDenied;
|
|
42
39
|
/**
|
|
43
|
-
* Session-scoped "soft trust" map. When the user presses '
|
|
44
|
-
*
|
|
45
|
-
*
|
|
40
|
+
* Session-scoped one-shot "soft trust" map. When the user presses 'y', the
|
|
41
|
+
* tool+pattern is added here so the immediate confirm re-run can proceed.
|
|
42
|
+
* The entry is consumed on first use; future calls must ask again unless the
|
|
43
|
+
* user chose persistent trust.
|
|
46
44
|
*
|
|
47
45
|
* Cleared on reload().
|
|
48
46
|
*/
|
|
@@ -94,7 +92,7 @@ declare class DefaultPermissionPolicy implements PermissionPolicy {
|
|
|
94
92
|
/** Check whether the destructive YOLO override is active. */
|
|
95
93
|
getYoloDestructive(): boolean;
|
|
96
94
|
/** Toggle destructive confirmation gate (only meaningful when yolo is active). */
|
|
97
|
-
setConfirmDestructive(
|
|
95
|
+
setConfirmDestructive(_enabled: boolean): void;
|
|
98
96
|
/** Check whether destructive confirmation gate is active. */
|
|
99
97
|
getConfirmDestructive(): boolean;
|
|
100
98
|
reload(): Promise<void>;
|
|
@@ -115,7 +113,7 @@ declare class DefaultPermissionPolicy implements PermissionPolicy {
|
|
|
115
113
|
tool: string;
|
|
116
114
|
pattern: string;
|
|
117
115
|
}): void;
|
|
118
|
-
/** Auto-approve this tool+pattern
|
|
116
|
+
/** Auto-approve this tool+pattern once (no trust file). */
|
|
119
117
|
allowOnce(rule: {
|
|
120
118
|
tool: string;
|
|
121
119
|
pattern: string;
|
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
import { T as Tool, r as TextBlock, i as ContentBlock } from './context-
|
|
1
|
+
import { T as Tool, r as TextBlock, i as ContentBlock } from './context-DPlA6kid.js';
|
|
2
2
|
import { a as MailboxAgentStatus } from './mailbox-types-DTl7bRH3.js';
|
|
3
|
-
import { H as HookEvent, f as HookMatcher, I as InProcessHook, S as ShellHook, g as HookEntry, T as ToolResultRenderMode } from './config-
|
|
3
|
+
import { H as HookEvent, f as HookMatcher, I as InProcessHook, S as ShellHook, g as HookEntry, T as ToolResultRenderMode } from './config-DAOjriz9.js';
|
|
4
4
|
|
|
5
5
|
/** Model capabilities relevant to prompt composition. */
|
|
6
6
|
interface ModelCapabilities {
|
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
import { P as Provider, M as Message } from './context-
|
|
2
|
-
import { M as MessageSelector, S as SelectorResult } from './selector-
|
|
1
|
+
import { P as Provider, M as Message } from './context-DPlA6kid.js';
|
|
2
|
+
import { M as MessageSelector, S as SelectorResult } from './selector-Cq72C0Oy.js';
|
|
3
3
|
import { M as ModeStore, a as ModeConfig, b as Mode } from './mode-CZlO9iU1.js';
|
|
4
|
-
import { e as ModelsDevModel, R as ResolvedProvider } from './config-
|
|
4
|
+
import { e as ModelsDevModel, R as ResolvedProvider } from './config-DAOjriz9.js';
|
|
5
5
|
|
|
6
6
|
/**
|
|
7
7
|
* Offline **floor** for the ChatGPT "Sign in with ChatGPT" (`openai-codex`)
|
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
import { E as EventBus } from './brain-
|
|
1
|
+
import { E as EventBus } from './brain-CCfuEOdp.js';
|
|
2
2
|
import { L as Logger } from './logger-B63L5bTg.js';
|
|
3
3
|
import { T as Tracer } from './observability-D-HZN_mF.js';
|
|
4
|
-
import { P as Provider, c as Request, C as Context, d as Response } from './context-
|
|
5
|
-
import { R as RetryPolicy } from './retry-policy-
|
|
4
|
+
import { P as Provider, c as Request, C as Context, d as Response } from './context-DPlA6kid.js';
|
|
5
|
+
import { R as RetryPolicy } from './retry-policy-Git9WF6d.js';
|
|
6
6
|
|
|
7
7
|
/**
|
|
8
8
|
* Options passed to a ProviderRunner when calling the provider.
|
package/dist/sdd/index.d.ts
CHANGED
|
@@ -1,17 +1,17 @@
|
|
|
1
1
|
import { h as Specification, e as SpecStatus, S as SpecAnalysis, g as SpecValidationResult, f as SpecTemplate, b as SpecRequirement } from '../spec-TBi3Jr6T.js';
|
|
2
2
|
import { d as TaskGraph, e as TaskNode, i as TaskFilter, j as TaskSort, c as TaskProgress, T as TaskType, a as TaskPriority } from '../task-graph-u1q9Jkyk.js';
|
|
3
|
-
import { E as EventBus, B as BrainArbiter } from '../brain-
|
|
4
|
-
import { h as Agent, i as AgentFactory, g as TaskResult, D as DoneCondition } from '../agent-subagent-runner-
|
|
5
|
-
import { W as WorktreeManager } from '../worktree-manager-
|
|
6
|
-
import '../context-
|
|
7
|
-
import '../index-
|
|
3
|
+
import { E as EventBus, B as BrainArbiter } from '../brain-CCfuEOdp.js';
|
|
4
|
+
import { h as Agent, i as AgentFactory, g as TaskResult, D as DoneCondition } from '../agent-subagent-runner-BimKihiC.js';
|
|
5
|
+
import { W as WorktreeManager } from '../worktree-manager-C4YIf1Fa.js';
|
|
6
|
+
import '../context-DPlA6kid.js';
|
|
7
|
+
import '../index-DJXj-dcr.js';
|
|
8
8
|
import '../logger-B63L5bTg.js';
|
|
9
|
-
import '../pipeline-
|
|
9
|
+
import '../pipeline-CEjBjzVA.js';
|
|
10
10
|
import '../mailbox-types-DTl7bRH3.js';
|
|
11
|
-
import '../config-
|
|
11
|
+
import '../config-DAOjriz9.js';
|
|
12
12
|
import '../observability-D-HZN_mF.js';
|
|
13
|
-
import '../permission-
|
|
14
|
-
import '../retry-policy-
|
|
13
|
+
import '../permission-DbsGOA1C.js';
|
|
14
|
+
import '../retry-policy-Git9WF6d.js';
|
|
15
15
|
|
|
16
16
|
interface TaskStore {
|
|
17
17
|
saveGraph(graph: TaskGraph): Promise<void>;
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { S as SecretScrubber } from './permission-
|
|
1
|
+
import { S as SecretScrubber } from './permission-DbsGOA1C.js';
|
|
2
2
|
import { L as Logger } from './logger-B63L5bTg.js';
|
|
3
3
|
import { R as RotatableSecretVault, S as SecretVault } from './secret-vault-BAKpgFw_.js';
|
|
4
4
|
|
package/dist/security/index.d.ts
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
export { a as DefaultSecretScrubber, D as DefaultSecretVault, S as SecretVaultOptions, d as decryptConfigSecrets, e as encryptConfigSecrets, i as isSecretField, m as migratePlaintextSecrets, r as rewriteConfigEncrypted, b as rotateConfigKeys } from '../secret-vault-
|
|
2
|
-
export { A as AutoApprovePermissionPolicy, D as DefaultPermissionPolicy, P as PermissionPolicyOptions } from '../permission-policy-
|
|
3
|
-
export { D as DANGEROUS_FOR_SUBAGENTS, T as ToolCapabilities, a as ToolCapability, g as getDangerousCapabilities, h as hasCapability, b as hasDangerousCapabilityForSubagents } from '../index-
|
|
4
|
-
import '../permission-
|
|
5
|
-
import '../context-
|
|
1
|
+
export { a as DefaultSecretScrubber, D as DefaultSecretVault, S as SecretVaultOptions, d as decryptConfigSecrets, e as encryptConfigSecrets, i as isSecretField, m as migratePlaintextSecrets, r as rewriteConfigEncrypted, b as rotateConfigKeys } from '../secret-vault-DDSMHqIm.js';
|
|
2
|
+
export { A as AutoApprovePermissionPolicy, D as DefaultPermissionPolicy, P as PermissionPolicyOptions } from '../permission-policy-BpEea3r7.js';
|
|
3
|
+
export { D as DANGEROUS_FOR_SUBAGENTS, T as ToolCapabilities, a as ToolCapability, g as getDangerousCapabilities, h as hasCapability, b as hasDangerousCapabilityForSubagents } from '../index-cMEmzCVN.js';
|
|
4
|
+
import '../permission-DbsGOA1C.js';
|
|
5
|
+
import '../context-DPlA6kid.js';
|
|
6
6
|
import '../logger-B63L5bTg.js';
|
|
7
7
|
import '../secret-vault-BAKpgFw_.js';
|
|
8
8
|
import '../input-reader-E-ffP2ee.js';
|
package/dist/security/index.js
CHANGED
|
@@ -1101,6 +1101,8 @@ var ToolCapabilities = {
|
|
|
1101
1101
|
SHELL_ARBITRARY: "shell.arbitrary",
|
|
1102
1102
|
/** Can execute a restricted set of commands (the `exec` tool). */
|
|
1103
1103
|
SHELL_RESTRICTED: "shell.restricted",
|
|
1104
|
+
/** Can run a restricted project formatter/linter-style command. */
|
|
1105
|
+
SHELL_EXEC: "shell.exec",
|
|
1104
1106
|
/** Can read files inside the project (and possibly outside via symlinks if not guarded). */
|
|
1105
1107
|
FS_READ: "fs.read",
|
|
1106
1108
|
/** Can write / modify / delete files inside the project. */
|
|
@@ -1109,6 +1111,20 @@ var ToolCapabilities = {
|
|
|
1109
1111
|
FS_WRITE_OUTSIDE_PROJECT: "fs.write.outside-project",
|
|
1110
1112
|
/** Can perform outbound network requests. */
|
|
1111
1113
|
NET_OUTBOUND: "net.outbound",
|
|
1114
|
+
/** Can mutate in-memory session todos only. */
|
|
1115
|
+
SESSION_TODO: "session.todo",
|
|
1116
|
+
/** Can mutate in-memory session mode only. */
|
|
1117
|
+
SESSION_MODE: "session.mode",
|
|
1118
|
+
/** Can inspect registered tool metadata. */
|
|
1119
|
+
TOOL_META: "tool.meta",
|
|
1120
|
+
/** Can invoke arbitrary registered tools through a meta-tool. */
|
|
1121
|
+
TOOL_MUTATE_ANY: "tool.mutate.any",
|
|
1122
|
+
/** Can read persistent memory. */
|
|
1123
|
+
MEMORY_READ: "memory.read",
|
|
1124
|
+
/** Can write persistent memory. */
|
|
1125
|
+
MEMORY_WRITE: "memory.write",
|
|
1126
|
+
/** Can delete persistent memory. */
|
|
1127
|
+
MEMORY_DELETE: "memory.delete",
|
|
1112
1128
|
/** Proxies tools from external MCP servers (unknown capability). */
|
|
1113
1129
|
MCP_PROXY: "mcp.proxy",
|
|
1114
1130
|
/** Can spawn or manage subagents / multi-agent tasks. */
|
|
@@ -1127,8 +1143,12 @@ var ToolCapabilities = {
|
|
|
1127
1143
|
var DANGEROUS_FOR_SUBAGENTS = [
|
|
1128
1144
|
ToolCapabilities.SHELL_ARBITRARY,
|
|
1129
1145
|
ToolCapabilities.SHELL_RESTRICTED,
|
|
1146
|
+
ToolCapabilities.SHELL_EXEC,
|
|
1130
1147
|
ToolCapabilities.FS_WRITE,
|
|
1131
1148
|
ToolCapabilities.FS_WRITE_OUTSIDE_PROJECT,
|
|
1149
|
+
ToolCapabilities.TOOL_MUTATE_ANY,
|
|
1150
|
+
ToolCapabilities.MEMORY_WRITE,
|
|
1151
|
+
ToolCapabilities.MEMORY_DELETE,
|
|
1132
1152
|
ToolCapabilities.MCP_PROXY,
|
|
1133
1153
|
ToolCapabilities.SUBAGENT_SPAWN,
|
|
1134
1154
|
ToolCapabilities.CONFIG_MUTATE,
|
|
@@ -1138,8 +1158,12 @@ var DANGEROUS_FOR_SUBAGENTS = [
|
|
|
1138
1158
|
ToolCapabilities.FS_READ,
|
|
1139
1159
|
ToolCapabilities.FS_WRITE,
|
|
1140
1160
|
ToolCapabilities.NET_OUTBOUND,
|
|
1161
|
+
ToolCapabilities.SESSION_TODO,
|
|
1162
|
+
ToolCapabilities.TOOL_META,
|
|
1163
|
+
ToolCapabilities.MEMORY_READ,
|
|
1141
1164
|
ToolCapabilities.SHELL_ARBITRARY,
|
|
1142
1165
|
ToolCapabilities.SHELL_RESTRICTED,
|
|
1166
|
+
ToolCapabilities.SHELL_EXEC,
|
|
1143
1167
|
ToolCapabilities.PACKAGE_INSTALL
|
|
1144
1168
|
];
|
|
1145
1169
|
function hasDangerousCapabilityForSubagents(toolOrCaps) {
|
|
@@ -1284,6 +1308,15 @@ function isClearlyDestructiveBashCommand(command, projectRoot) {
|
|
|
1284
1308
|
function matchesTrust(patterns, subject) {
|
|
1285
1309
|
return patterns.includes(subject) || matchAny(patterns, subject);
|
|
1286
1310
|
}
|
|
1311
|
+
function shellCommandLineFromInput(input) {
|
|
1312
|
+
const command = getInputString(input, "command") ?? getInputString(input, "cmd") ?? getInputString(input, "script");
|
|
1313
|
+
if (!command) return void 0;
|
|
1314
|
+
if (!input || typeof input !== "object") return command;
|
|
1315
|
+
const args = input["args"];
|
|
1316
|
+
if (!Array.isArray(args) || args.length === 0) return command;
|
|
1317
|
+
const renderedArgs = args.filter((arg) => typeof arg === "string").map((arg) => /\s/.test(arg) ? `"${arg.replace(/"/g, '\\"')}"` : arg);
|
|
1318
|
+
return [command, ...renderedArgs].join(" ");
|
|
1319
|
+
}
|
|
1287
1320
|
var DefaultPermissionPolicy = class {
|
|
1288
1321
|
policy = {};
|
|
1289
1322
|
loaded = false;
|
|
@@ -1301,9 +1334,10 @@ var DefaultPermissionPolicy = class {
|
|
|
1301
1334
|
*/
|
|
1302
1335
|
sessionDenied = /* @__PURE__ */ new Map();
|
|
1303
1336
|
/**
|
|
1304
|
-
* Session-scoped "soft trust" map. When the user presses '
|
|
1305
|
-
*
|
|
1306
|
-
*
|
|
1337
|
+
* Session-scoped one-shot "soft trust" map. When the user presses 'y', the
|
|
1338
|
+
* tool+pattern is added here so the immediate confirm re-run can proceed.
|
|
1339
|
+
* The entry is consumed on first use; future calls must ask again unless the
|
|
1340
|
+
* user chose persistent trust.
|
|
1307
1341
|
*
|
|
1308
1342
|
* Cleared on reload().
|
|
1309
1343
|
*/
|
|
@@ -1342,7 +1376,7 @@ var DefaultPermissionPolicy = class {
|
|
|
1342
1376
|
this.trustFile = opts.trustFile;
|
|
1343
1377
|
this.yolo = opts.yolo ?? false;
|
|
1344
1378
|
this.yoloDestructive = opts.yoloDestructive ?? opts.forceAllYolo ?? false;
|
|
1345
|
-
this.confirmDestructive =
|
|
1379
|
+
this.confirmDestructive = true;
|
|
1346
1380
|
this.promptDelegate = opts.promptDelegate;
|
|
1347
1381
|
}
|
|
1348
1382
|
/**
|
|
@@ -1373,9 +1407,9 @@ var DefaultPermissionPolicy = class {
|
|
|
1373
1407
|
return this.yoloDestructive;
|
|
1374
1408
|
}
|
|
1375
1409
|
/** Toggle destructive confirmation gate (only meaningful when yolo is active). */
|
|
1376
|
-
setConfirmDestructive(
|
|
1377
|
-
if (this.confirmDestructive
|
|
1378
|
-
this.confirmDestructive =
|
|
1410
|
+
setConfirmDestructive(_enabled) {
|
|
1411
|
+
if (!this.confirmDestructive) this._evalCache.clear();
|
|
1412
|
+
this.confirmDestructive = true;
|
|
1379
1413
|
}
|
|
1380
1414
|
/** Check whether destructive confirmation gate is active. */
|
|
1381
1415
|
getConfirmDestructive() {
|
|
@@ -1414,12 +1448,12 @@ var DefaultPermissionPolicy = class {
|
|
|
1414
1448
|
return decision;
|
|
1415
1449
|
}
|
|
1416
1450
|
if (this.sessionAllowed.has(cacheKey)) {
|
|
1451
|
+
this.sessionAllowed.delete(cacheKey);
|
|
1417
1452
|
const decision = {
|
|
1418
1453
|
permission: "auto",
|
|
1419
1454
|
source: "trust",
|
|
1420
|
-
reason: "session
|
|
1455
|
+
reason: "session one-shot allow (user pressed yes)"
|
|
1421
1456
|
};
|
|
1422
|
-
this._evalCache.set(cacheKey, decision);
|
|
1423
1457
|
return decision;
|
|
1424
1458
|
}
|
|
1425
1459
|
if (entry?.deny && subject && matchesTrust(entry.deny, subject)) {
|
|
@@ -1432,6 +1466,29 @@ var DefaultPermissionPolicy = class {
|
|
|
1432
1466
|
this._evalCache.set(cacheKey, decision);
|
|
1433
1467
|
return decision;
|
|
1434
1468
|
}
|
|
1469
|
+
if (this.yolo) {
|
|
1470
|
+
const destructive = this.isDestructiveYoloCall(tool, input, ctx);
|
|
1471
|
+
if (destructive) {
|
|
1472
|
+
if (this.promptDelegate) {
|
|
1473
|
+
const decision = await this.promptDelegate(tool, input, subject ?? tool.name);
|
|
1474
|
+
if (decision === "deny") {
|
|
1475
|
+
await this.deny({ tool: tool.name, pattern: subject ?? tool.name });
|
|
1476
|
+
return { permission: "deny", source: "user", reason: "user denied destructive yolo" };
|
|
1477
|
+
}
|
|
1478
|
+
return {
|
|
1479
|
+
permission: decision === "yes" || decision === "always" ? "auto" : "deny",
|
|
1480
|
+
source: "user",
|
|
1481
|
+
reason: "destructive yolo approved for this call"
|
|
1482
|
+
};
|
|
1483
|
+
}
|
|
1484
|
+
return {
|
|
1485
|
+
permission: "confirm",
|
|
1486
|
+
source: "yolo_destructive",
|
|
1487
|
+
riskTier: "destructive",
|
|
1488
|
+
reason: "destructive tool needs explicit approval in YOLO mode"
|
|
1489
|
+
};
|
|
1490
|
+
}
|
|
1491
|
+
}
|
|
1435
1492
|
if (entry?.allow && subject && matchesTrust(entry.allow, subject)) {
|
|
1436
1493
|
const decision = { permission: "auto", source: "trust", reason: "matched allow pattern" };
|
|
1437
1494
|
this._evalCache.set(cacheKey, decision);
|
|
@@ -1443,29 +1500,6 @@ var DefaultPermissionPolicy = class {
|
|
|
1443
1500
|
return decision;
|
|
1444
1501
|
}
|
|
1445
1502
|
if (this.yolo) {
|
|
1446
|
-
if (this.confirmDestructive) {
|
|
1447
|
-
const destructive = this.isDestructiveYoloCall(tool, input, ctx);
|
|
1448
|
-
if (destructive) {
|
|
1449
|
-
if (this.promptDelegate) {
|
|
1450
|
-
const decision2 = await this.promptDelegate(tool, input, subject ?? tool.name);
|
|
1451
|
-
if (decision2 === "always") {
|
|
1452
|
-
await this.trust({ tool: tool.name, pattern: subject ?? tool.name });
|
|
1453
|
-
return { permission: "auto", source: "user", reason: "destructive yolo always-allowed" };
|
|
1454
|
-
}
|
|
1455
|
-
if (decision2 === "deny") {
|
|
1456
|
-
await this.deny({ tool: tool.name, pattern: subject ?? tool.name });
|
|
1457
|
-
return { permission: "deny", source: "user", reason: "user denied destructive yolo" };
|
|
1458
|
-
}
|
|
1459
|
-
return { permission: decision2 === "yes" ? "auto" : "deny", source: "user" };
|
|
1460
|
-
}
|
|
1461
|
-
return {
|
|
1462
|
-
permission: "confirm",
|
|
1463
|
-
source: "yolo_destructive",
|
|
1464
|
-
riskTier: "destructive",
|
|
1465
|
-
reason: "destructive tool needs explicit approval (confirmDestructive is on)"
|
|
1466
|
-
};
|
|
1467
|
-
}
|
|
1468
|
-
}
|
|
1469
1503
|
const decision = { permission: "auto", source: "yolo" };
|
|
1470
1504
|
this._evalCache.set(cacheKey, decision);
|
|
1471
1505
|
return decision;
|
|
@@ -1482,7 +1516,8 @@ var DefaultPermissionPolicy = class {
|
|
|
1482
1516
|
const hasWriteCap = hasCapability(tool, ToolCapabilities.FS_WRITE);
|
|
1483
1517
|
const hasShellCap = hasCapability(tool, [
|
|
1484
1518
|
ToolCapabilities.SHELL_ARBITRARY,
|
|
1485
|
-
ToolCapabilities.SHELL_RESTRICTED
|
|
1519
|
+
ToolCapabilities.SHELL_RESTRICTED,
|
|
1520
|
+
ToolCapabilities.SHELL_EXEC
|
|
1486
1521
|
]);
|
|
1487
1522
|
const hasInstallCap = hasCapability(tool, ToolCapabilities.PACKAGE_INSTALL);
|
|
1488
1523
|
const hasConfigCap = hasCapability(tool, ToolCapabilities.CONFIG_MUTATE);
|
|
@@ -1510,27 +1545,30 @@ var DefaultPermissionPolicy = class {
|
|
|
1510
1545
|
// Capability-based destructive check (preferred over name-based)
|
|
1511
1546
|
isDestructiveByCapability(tool) {
|
|
1512
1547
|
const caps = tool.capabilities ?? [];
|
|
1513
|
-
if (caps.includes(
|
|
1514
|
-
if (caps.includes(
|
|
1515
|
-
if (caps.includes(
|
|
1548
|
+
if (caps.includes(ToolCapabilities.SHELL_ARBITRARY)) return true;
|
|
1549
|
+
if (caps.includes(ToolCapabilities.SHELL_RESTRICTED)) return true;
|
|
1550
|
+
if (caps.includes(ToolCapabilities.SHELL_EXEC)) return true;
|
|
1551
|
+
if (caps.includes(ToolCapabilities.FS_WRITE)) return true;
|
|
1552
|
+
if (caps.includes(ToolCapabilities.FS_WRITE_OUTSIDE_PROJECT)) return true;
|
|
1516
1553
|
return false;
|
|
1517
1554
|
}
|
|
1518
1555
|
isDestructiveYoloCall(tool, input, ctx) {
|
|
1519
1556
|
if (this.isDestructiveByCapability(tool)) {
|
|
1520
|
-
|
|
1521
|
-
|
|
1522
|
-
|
|
1557
|
+
const caps = tool.capabilities ?? [];
|
|
1558
|
+
if (caps.includes(ToolCapabilities.SHELL_ARBITRARY) || caps.includes(ToolCapabilities.SHELL_RESTRICTED) || caps.includes(ToolCapabilities.SHELL_EXEC)) {
|
|
1559
|
+
const command = shellCommandLineFromInput(input);
|
|
1560
|
+
return command ? isClearlyDestructiveBashCommand(command, ctx.projectRoot) : tool.riskTier === "destructive";
|
|
1523
1561
|
}
|
|
1524
|
-
if (
|
|
1562
|
+
if (caps.includes(ToolCapabilities.FS_WRITE_OUTSIDE_PROJECT)) return true;
|
|
1563
|
+
if (caps.includes(ToolCapabilities.FS_WRITE)) {
|
|
1525
1564
|
const targetPath = getInputString(input, "path") ?? getInputString(input, "file");
|
|
1526
1565
|
if (!targetPath || !ctx.projectRoot) return false;
|
|
1527
1566
|
return !pathLooksInsideProject(targetPath, ctx.projectRoot);
|
|
1528
1567
|
}
|
|
1529
|
-
return true;
|
|
1530
1568
|
}
|
|
1531
|
-
if (tool.name === "bash") {
|
|
1532
|
-
const command =
|
|
1533
|
-
return command ? isClearlyDestructiveBashCommand(command, ctx.projectRoot) :
|
|
1569
|
+
if (tool.name === "bash" || tool.name === "shell" || tool.name === "exec") {
|
|
1570
|
+
const command = shellCommandLineFromInput(input);
|
|
1571
|
+
return command ? isClearlyDestructiveBashCommand(command, ctx.projectRoot) : tool.riskTier === "destructive";
|
|
1534
1572
|
}
|
|
1535
1573
|
if (tool.name === "write" || tool.name === "edit" || tool.name === "replace" || tool.name === "patch") {
|
|
1536
1574
|
const targetPath = getInputString(input, "path") ?? getInputString(input, "file");
|
|
@@ -1579,7 +1617,7 @@ var DefaultPermissionPolicy = class {
|
|
|
1579
1617
|
this.sessionDenied.set(`${rule.tool}::${rule.pattern}`, true);
|
|
1580
1618
|
this._evalCache.clear();
|
|
1581
1619
|
}
|
|
1582
|
-
/** Auto-approve this tool+pattern
|
|
1620
|
+
/** Auto-approve this tool+pattern once (no trust file). */
|
|
1583
1621
|
allowOnce(rule) {
|
|
1584
1622
|
this.sessionAllowed.set(`${rule.tool}::${rule.pattern}`, true);
|
|
1585
1623
|
this._evalCache.clear();
|