@wrongstack/core 0.276.4 → 0.277.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{agent-bridge-D7A-eu3C.d.ts → agent-bridge-BFJ2ODzI.d.ts} +1 -1
- package/dist/{agent-subagent-runner-CEuw4ATz.d.ts → agent-subagent-runner-BimKihiC.d.ts} +7 -7
- package/dist/{brain-BLOyN5ZP.d.ts → brain-CCfuEOdp.d.ts} +1 -1
- package/dist/{compactor-DcBpaJsI.d.ts → compactor-D3BGw26y.d.ts} +1 -1
- package/dist/{config-Bf5mj-ad.d.ts → config-DAOjriz9.d.ts} +1 -1
- package/dist/{context-CLnUMW5g.d.ts → context-DPlA6kid.d.ts} +5 -6
- package/dist/coordination/index.d.ts +17 -17
- package/dist/coordination/index.js +38 -14
- package/dist/coordination/index.js.map +1 -1
- package/dist/defaults/index.d.ts +27 -27
- package/dist/defaults/index.js +177 -93
- package/dist/defaults/index.js.map +1 -1
- package/dist/execution/index.d.ts +15 -15
- package/dist/execution/index.js +13 -1
- package/dist/execution/index.js.map +1 -1
- package/dist/execution/prompt-enhancer.d.ts +1 -1
- package/dist/extension/index.d.ts +6 -6
- package/dist/{global-mailbox-Iqfkgmwu.d.ts → global-mailbox-Dr4cTKqL.d.ts} +1 -1
- package/dist/{goal-store-DGb6b5Ed.d.ts → goal-store-C1uH4srH.d.ts} +1 -1
- package/dist/hq/index.d.ts +5 -5
- package/dist/{index-Cn0NOshr.d.ts → index-DJXj-dcr.d.ts} +5 -5
- package/dist/{index-L4RZN9jJ.d.ts → index-cMEmzCVN.d.ts} +23 -5
- package/dist/index.d.ts +41 -41
- package/dist/index.js +220 -111
- package/dist/index.js.map +1 -1
- package/dist/infrastructure/index.d.ts +6 -6
- package/dist/infrastructure/index.js +4 -1
- package/dist/infrastructure/index.js.map +1 -1
- package/dist/kernel/index.d.ts +11 -11
- package/dist/{mcp-servers-CuZGf9fI.d.ts → mcp-servers-CFb60-pH.d.ts} +3 -3
- package/dist/models/index.d.ts +5 -5
- package/dist/{models-registry-8XOdxWQu.d.ts → models-registry-5Ufn7f2m.d.ts} +1 -1
- package/dist/{multi-agent-coordinator-CiRtKVTk.d.ts → multi-agent-coordinator-CcrcncvG.d.ts} +1 -1
- package/dist/{null-fleet-bus-d9G-bVy9.d.ts → null-fleet-bus-C9KsYyrI.d.ts} +13 -6
- package/dist/observability/index.d.ts +2 -2
- package/dist/{path-resolver-BhIb6mtd.d.ts → path-resolver-CEeX9I7O.d.ts} +3 -3
- package/dist/{permission-BCbQDR2s.d.ts → permission-DbsGOA1C.d.ts} +7 -6
- package/dist/{permission-policy-C0ikndX_.d.ts → permission-policy-BpEea3r7.d.ts} +12 -14
- package/dist/{pipeline-Dl6XbfE7.d.ts → pipeline-CEjBjzVA.d.ts} +2 -2
- package/dist/{provider-model-resolve-B70epO19.d.ts → provider-model-resolve-BpfXp3Jj.d.ts} +3 -3
- package/dist/{provider-runner-DZ808MSM.d.ts → provider-runner-CnOSr5BN.d.ts} +3 -3
- package/dist/{retry-policy-Dt3_z8Aj.d.ts → retry-policy-Git9WF6d.d.ts} +1 -1
- package/dist/sdd/index.d.ts +9 -9
- package/dist/{secret-vault-BUJ2d1gB.d.ts → secret-vault-DDSMHqIm.d.ts} +1 -1
- package/dist/security/index.d.ts +5 -5
- package/dist/security/index.js +173 -94
- package/dist/security/index.js.map +1 -1
- package/dist/{selector-BCkWgdwy.d.ts → selector-Cq72C0Oy.d.ts} +1 -1
- package/dist/{session-event-bridge-CMvIO59_.d.ts → session-event-bridge-DG94B3Bk.d.ts} +1 -1
- package/dist/{session-reader-C8aiChUu.d.ts → session-reader-BzT-iMQT.d.ts} +1 -1
- package/dist/storage/index.d.ts +11 -11
- package/dist/{strategy-compactor-DI1OHVbB.d.ts → strategy-compactor-Bt_ZH6R0.d.ts} +10 -10
- package/dist/{todos-checkpoint-Ddd2CGr0.d.ts → todos-checkpoint-CH1pcua9.d.ts} +5 -5
- package/dist/{tool-executor-Bmd5Ygoo.d.ts → tool-executor-SVFq7IOR.d.ts} +9 -9
- package/dist/tools/index.d.ts +2 -2
- package/dist/tools/index.js +5 -6
- package/dist/tools/index.js.map +1 -1
- package/dist/types/index.d.ts +19 -19
- package/dist/types/index.js +13 -1
- package/dist/types/index.js.map +1 -1
- package/dist/utils/index.d.ts +17 -3
- package/dist/utils/index.js +5 -1
- package/dist/utils/index.js.map +1 -1
- package/dist/{worktree-manager-DBdl_5rs.d.ts → worktree-manager-C4YIf1Fa.d.ts} +1 -1
- package/instructions/leader-after-task.md +6 -0
- package/package.json +2 -2
- package/skills/output-standards/SKILL.md +1 -0
- package/skills/research-web/SKILL.md +1 -1
package/dist/defaults/index.d.ts
CHANGED
|
@@ -1,45 +1,45 @@
|
|
|
1
|
-
export { I as InMemoryAgentBridge, a as InMemoryBridgeTransport, c as createMessage } from '../agent-bridge-
|
|
2
|
-
export { i as AgentFactory, w as AgentFactoryResult, x as AgentRunnerOptions, y as BudgetExceededError, z as BudgetKind, E as BudgetLimits, K as BudgetUsage, F as FleetBus, O as FleetEvent, Q as FleetHandler, j as FleetUsage, k as FleetUsageAggregator, R as SubagentBudget, Z as SubagentUsageSnapshot, a0 as makeAgentSubagentRunner } from '../agent-subagent-runner-
|
|
3
|
-
export { a as AGENTS_BY_PHASE, b as AGENT_CATALOG, c as ALL_AGENT_DEFINITIONS, d as ALL_FLEET_AGENTS, e as AUDIT_LOG_AGENT, f as AutoExtendCeiling, g as AutoExtendPolicy, B as BUG_HUNTER_AGENT, n as CreateDelegateToolOptions, D as DEFAULT_DIRECTOR_PREAMBLE, q as DEFAULT_SUBAGENT_BASELINE, r as DelegateHost, s as Director, w as DirectorPromptParts, x as DirectorSessionFactory, y as DirectorSessionFactoryOptions, F as FLEET_ROSTER, z as FLEET_ROSTER_BUDGETS, J as FleetRosterBudget, K as FleetSpawnBudgetError, L as ICoordinator, M as IFleetManager, O as NULL_FLEET_BUS, R as REFACTOR_PLANNER_AGENT, S as SECURITY_SCANNER_AGENT, V as SubagentPromptParts, W as applyRosterBudget, X as attachAutoExtend, Y as composeDirectorPrompt, Z as composeSubagentPrompt, _ as createDelegateTool, $ as getAgentDefinition, a1 as makeAskTool, a2 as makeAssignTool, a3 as makeAwaitTasksTool, a4 as makeCollabDebugTool, a5 as makeDirectorSessionFactory, a6 as makeFleetEmitTool, a7 as makeFleetTool, a8 as makeRollUpTool, a9 as makeSpawnTool, ab as makeTerminateTool, ad as rosterSummaryFromConfigs } from '../null-fleet-bus-
|
|
4
|
-
export { c as AgentBudgetTier, d as AgentCapability, b as AgentDefinition, A as AgentPhase, e as DEFAULT_DISPATCH_ROLE, a as DefaultMultiAgentCoordinator, f as DispatchCandidate, D as DispatchClassifier, g as DispatchMethod, h as DispatchOptions, i as DispatchResult, j as MultiAgentCoordinatorOptions, k as dispatchAgent, m as makeLLMClassifier, s as scoreAgents } from '../multi-agent-coordinator-
|
|
5
|
-
export { A as AutoCompactionMiddleware, a as AutonomousRunner, b as AutonomousRunnerOptions, c as AutonomyPromptContributorOptions, C as CompactorStrategy, D as DefaultDesignKitLoader, d as DefaultPromptLoader, e as DefaultSkillLoader, f as DesignKitLoaderOptions, g as DesignOverrides, h as DoneCheckResult, i as DoneConditionChecker, I as IntelligentCompactor, j as IntelligentCompactorOptions, P as PersistedActiveKit, k as PromptLoaderOptions, S as SelectiveCompactor, l as SelectiveCompactorOptions, m as SkillLoaderOptions, n as StrategyCompactorOptions, _ as _resetDesignKitLoaderMemo, o as _resetDesignRulesCache, p as activateDesign, q as applyTokenOverrides, r as buildGoalPreamble, s as clearActiveKit, t as clearPersistedActiveKit, u as createStrategyCompactor, v as designProjectDir, w as detectFrontendFile, x as detectFrontendIntent, y as getDesignKitLoader, z as getDesignState, B as installDesignStudioMiddleware, E as loadActiveKit, F as loadProjectDesignRules, G as makeAutonomyPromptContributor, H as makeDesignDetectToolCallMiddleware, J as makeDesignDetectUserInputMiddleware, K as makeDesignStudioRequestMiddleware, L as makeDesignVerifyToolCallMiddleware, M as recordKitChoice, N as recordOverrides, O as renderPrompt, Q as resolveBundledDesignKitsDir, R as setActiveKit, T as setDesignOverrides } from '../strategy-compactor-
|
|
6
|
-
import { e as DesignKitTokens, D as DesignStack } from '../tool-executor-
|
|
7
|
-
export { C as CompactorOptions, h as DefaultErrorHandler, i as DefaultRetryPolicy, E as EternalAutonomyEngine, k as EternalAutonomyOptions, l as EternalEngineState, H as HybridCompactor, I as IterationStage, P as ParallelEngineState, m as ParallelEternalEngine, n as ParallelEternalOptions, o as ParallelIterationStage, T as ToolExecutor } from '../tool-executor-
|
|
8
|
-
import { P as ProviderRunner, R as RunProviderOptions } from '../provider-runner-
|
|
9
|
-
import { d as Response } from '../context-
|
|
10
|
-
export { C as ContextManagerAction, a as ContextManagerInput, b as ContextManagerResult, c as ContextManagerToolOptions, d as allServers, e as awsServer, f as blockServer, g as braveSearchServer, h as context7Server, i as contextManagerTool, j as createContextManagerTool, k as everArtServer, l as filesystemServer, m as githubServer, n as googleMapsServer, o as miniMaxVisionServer, p as playwrightServer, s as sentinelServer, q as slackServer, r as sshManagerServer, z as zaiVisionServer } from '../mcp-servers-
|
|
1
|
+
export { I as InMemoryAgentBridge, a as InMemoryBridgeTransport, c as createMessage } from '../agent-bridge-BFJ2ODzI.js';
|
|
2
|
+
export { i as AgentFactory, w as AgentFactoryResult, x as AgentRunnerOptions, y as BudgetExceededError, z as BudgetKind, E as BudgetLimits, K as BudgetUsage, F as FleetBus, O as FleetEvent, Q as FleetHandler, j as FleetUsage, k as FleetUsageAggregator, R as SubagentBudget, Z as SubagentUsageSnapshot, a0 as makeAgentSubagentRunner } from '../agent-subagent-runner-BimKihiC.js';
|
|
3
|
+
export { a as AGENTS_BY_PHASE, b as AGENT_CATALOG, c as ALL_AGENT_DEFINITIONS, d as ALL_FLEET_AGENTS, e as AUDIT_LOG_AGENT, f as AutoExtendCeiling, g as AutoExtendPolicy, B as BUG_HUNTER_AGENT, n as CreateDelegateToolOptions, D as DEFAULT_DIRECTOR_PREAMBLE, q as DEFAULT_SUBAGENT_BASELINE, r as DelegateHost, s as Director, w as DirectorPromptParts, x as DirectorSessionFactory, y as DirectorSessionFactoryOptions, F as FLEET_ROSTER, z as FLEET_ROSTER_BUDGETS, J as FleetRosterBudget, K as FleetSpawnBudgetError, L as ICoordinator, M as IFleetManager, O as NULL_FLEET_BUS, R as REFACTOR_PLANNER_AGENT, S as SECURITY_SCANNER_AGENT, V as SubagentPromptParts, W as applyRosterBudget, X as attachAutoExtend, Y as composeDirectorPrompt, Z as composeSubagentPrompt, _ as createDelegateTool, $ as getAgentDefinition, a1 as makeAskTool, a2 as makeAssignTool, a3 as makeAwaitTasksTool, a4 as makeCollabDebugTool, a5 as makeDirectorSessionFactory, a6 as makeFleetEmitTool, a7 as makeFleetTool, a8 as makeRollUpTool, a9 as makeSpawnTool, ab as makeTerminateTool, ad as rosterSummaryFromConfigs } from '../null-fleet-bus-C9KsYyrI.js';
|
|
4
|
+
export { c as AgentBudgetTier, d as AgentCapability, b as AgentDefinition, A as AgentPhase, e as DEFAULT_DISPATCH_ROLE, a as DefaultMultiAgentCoordinator, f as DispatchCandidate, D as DispatchClassifier, g as DispatchMethod, h as DispatchOptions, i as DispatchResult, j as MultiAgentCoordinatorOptions, k as dispatchAgent, m as makeLLMClassifier, s as scoreAgents } from '../multi-agent-coordinator-CcrcncvG.js';
|
|
5
|
+
export { A as AutoCompactionMiddleware, a as AutonomousRunner, b as AutonomousRunnerOptions, c as AutonomyPromptContributorOptions, C as CompactorStrategy, D as DefaultDesignKitLoader, d as DefaultPromptLoader, e as DefaultSkillLoader, f as DesignKitLoaderOptions, g as DesignOverrides, h as DoneCheckResult, i as DoneConditionChecker, I as IntelligentCompactor, j as IntelligentCompactorOptions, P as PersistedActiveKit, k as PromptLoaderOptions, S as SelectiveCompactor, l as SelectiveCompactorOptions, m as SkillLoaderOptions, n as StrategyCompactorOptions, _ as _resetDesignKitLoaderMemo, o as _resetDesignRulesCache, p as activateDesign, q as applyTokenOverrides, r as buildGoalPreamble, s as clearActiveKit, t as clearPersistedActiveKit, u as createStrategyCompactor, v as designProjectDir, w as detectFrontendFile, x as detectFrontendIntent, y as getDesignKitLoader, z as getDesignState, B as installDesignStudioMiddleware, E as loadActiveKit, F as loadProjectDesignRules, G as makeAutonomyPromptContributor, H as makeDesignDetectToolCallMiddleware, J as makeDesignDetectUserInputMiddleware, K as makeDesignStudioRequestMiddleware, L as makeDesignVerifyToolCallMiddleware, M as recordKitChoice, N as recordOverrides, O as renderPrompt, Q as resolveBundledDesignKitsDir, R as setActiveKit, T as setDesignOverrides } from '../strategy-compactor-Bt_ZH6R0.js';
|
|
6
|
+
import { e as DesignKitTokens, D as DesignStack } from '../tool-executor-SVFq7IOR.js';
|
|
7
|
+
export { C as CompactorOptions, h as DefaultErrorHandler, i as DefaultRetryPolicy, E as EternalAutonomyEngine, k as EternalAutonomyOptions, l as EternalEngineState, H as HybridCompactor, I as IterationStage, P as ParallelEngineState, m as ParallelEternalEngine, n as ParallelEternalOptions, o as ParallelIterationStage, T as ToolExecutor } from '../tool-executor-SVFq7IOR.js';
|
|
8
|
+
import { P as ProviderRunner, R as RunProviderOptions } from '../provider-runner-CnOSr5BN.js';
|
|
9
|
+
import { d as Response } from '../context-DPlA6kid.js';
|
|
10
|
+
export { C as ContextManagerAction, a as ContextManagerInput, b as ContextManagerResult, c as ContextManagerToolOptions, d as allServers, e as awsServer, f as blockServer, g as braveSearchServer, h as context7Server, i as contextManagerTool, j as createContextManagerTool, k as everArtServer, l as filesystemServer, m as githubServer, n as googleMapsServer, o as miniMaxVisionServer, p as playwrightServer, s as sentinelServer, q as slackServer, r as sshManagerServer, z as zaiVisionServer } from '../mcp-servers-CFb60-pH.js';
|
|
11
11
|
export { D as DefaultLogger, a as DefaultLoggerOptions, L as LogFormat } from '../logger-D3lV0cUZ.js';
|
|
12
|
-
export { C as CODEX_MODELS, a as CodexModelMeta, D as DefaultModeStore, L as LLMSelector, b as LLMSelectorOptions, M as ModeLoaderOptions, P as ProviderModelDescriptor, c as codexModelMeta, d as describeCatalogModel, l as loadProjectModes, e as loadUserModes, r as resolveProviderModelList } from '../provider-model-resolve-
|
|
13
|
-
export { D as DefaultModelsRegistry, a as DefaultModelsRegistryOptions, c as classifyFamily } from '../models-registry-
|
|
12
|
+
export { C as CODEX_MODELS, a as CodexModelMeta, D as DefaultModeStore, L as LLMSelector, b as LLMSelectorOptions, M as ModeLoaderOptions, P as ProviderModelDescriptor, c as codexModelMeta, d as describeCatalogModel, l as loadProjectModes, e as loadUserModes, r as resolveProviderModelList } from '../provider-model-resolve-BpfXp3Jj.js';
|
|
13
|
+
export { D as DefaultModelsRegistry, a as DefaultModelsRegistryOptions, c as classifyFamily } from '../models-registry-5Ufn7f2m.js';
|
|
14
14
|
export { DefaultHealthRegistry, InMemoryMetricsSink, MetricsServerHandle, MetricsServerOptions, NoopMetricsSink, NoopTracer, OTelTracer, OtlpMetricsExporterHandle, OtlpMetricsExporterOptions, OtlpTraceExporterHandle, OtlpTraceExporterOptions, PROMETHEUS_CONTENT_TYPE, buildOtlpMetricsRequest, buildOtlpTracesRequest, renderPrometheus, startMetricsServer, startOtlpMetricsExporter, startOtlpTraceExporter, wireMetricsToEvents } from '../observability/index.js';
|
|
15
15
|
export { AISpecBuilder, AISpecBuilderOptions, AISpecPhase, AISpecSession, AutoExecutor, AutoExecutorOptions, BottleneckTask, CleanupStaleSddOptions, CleanupStaleSddResult, CollectedAnswer, CommandVerifierOptions, ConflictSide, CriticalPathAnalysis, DefaultTaskStore, DestroySddProjectOptions, DestroySddProjectResult, ExecutionSummary, GeneratedTask, LlmConflictResolverOptions, RollbackFromDiskOptions, RunResult, SPEC_TEMPLATES, SddBoardColumn, SddBoardEvent, SddBoardFeedEntry, SddBoardIndexEntry, SddBoardProjector, SddBoardProjectorOptions, SddBoardSnapshot, SddBoardStatus, SddBoardStore, SddBoardStoreOptions, SddBoardTask, SddDeadlockChain, SddIngestResult, SddInterviewDriver, SddInterviewDriverOptions, SddInterviewSnapshot, SddLifecycleOp, SddLifecycleOptions, SddLifecycleResult, SddParallelRun, SddParallelRunOptions, SddProgress, SddRunControl, SddRunHandle, SddRunRegistry, SddSubtaskSpec, SddSupervisor, SddSupervisorOptions, SddSupervisorVerdict, SddTaskDecomposer, SddTaskDecomposerOptions, SddTaskDisplayStatus, SpecDiff, SpecDrivenDev, SpecDrivenDevOptions, SpecIndexEntry, SpecParser, SpecStore, SpecStoreOptions, SpecVersion, SpecVersioning, StartSddRunOptions, SubtaskGeneratorOptions, TaskBatch, TaskExecutionContext, TaskExecutionResult, TaskFlow, TaskFlowEventMap, TaskFlowEventName, TaskFlowExecutionContext, TaskFlowOptions, TaskFlowPhase, TaskGenerator, TaskGeneratorOptions, TaskGraphIndexEntry, TaskGraphStore, TaskGraphStoreOptions, TaskStore, TaskTracker, TaskTrackerOptions, TaskTransition, WaveResult, analyzeCriticalPath, applySddLifecycle, buildBoardSnapshot, buildBoardTasks, cleanupSddWorktrees, cleanupStaleSddWorktrees, createAutoExecutor, destroySddProject, extractVerificationCommand, getTemplate, hasConflictMarkers, isExplanatoryText, listTemplates, makeCommandVerifier, makeLlmConflictResolver, makeLlmSubtaskGenerator, makePreferSideConflictResolver, renderProgress, renderSpecAnalysis, renderTaskGraph, renderTaskList, resolveConflictText, rollbackSddRunFromDisk, shortIdMap, startSddRun, templateToMarkdown } from '../sdd/index.js';
|
|
16
|
-
export { A as AutoApprovePermissionPolicy, D as DefaultPermissionPolicy, P as PermissionPolicyOptions } from '../permission-policy-
|
|
17
|
-
export { a as DefaultSecretScrubber, D as DefaultSecretVault, S as SecretVaultOptions, d as decryptConfigSecrets, e as encryptConfigSecrets, m as migratePlaintextSecrets, r as rewriteConfigEncrypted } from '../secret-vault-
|
|
18
|
-
export { A as AbandonedSession, a as AttachmentStoreOptions, C as ConfigLoaderOptions, b as ConfigMigration, c as ConfigMigrationError, d as ConfigSource, D as DEFAULT_CONFIG_MIGRATIONS, e as DefaultAttachmentStore, f as DefaultConfigLoader, g as DefaultConfigStore, h as DefaultMemoryStore, i as DefaultSessionStore, k as MemoryStoreOptions, l as MigrationContext, m as MigrationResult, P as PersistedQueueItem, n as PlanFile, o as PlanItem, p as PlanTemplate, Q as QueueStore, R as RecoveryLock, q as RecoveryLockOptions, S as SessionAnalyzer, r as SessionStoreOptions, T as TodosCheckpointFile, s as addPlanItem, t as attachPlanCheckpoint, u as attachTodosCheckpoint, v as clearPlan, w as deriveTodosFromPlanItem, x as emptyPlan, y as formatPlan, z as formatPlanTemplates, B as getPlanTemplate, E as listPlanTemplates, G as loadPlan, H as loadTodosCheckpoint, K as removePlanItem, L as runConfigMigrations, N as savePlan, O as saveTodosCheckpoint, U as setPlanItemStatus } from '../todos-checkpoint-
|
|
16
|
+
export { A as AutoApprovePermissionPolicy, D as DefaultPermissionPolicy, P as PermissionPolicyOptions } from '../permission-policy-BpEea3r7.js';
|
|
17
|
+
export { a as DefaultSecretScrubber, D as DefaultSecretVault, S as SecretVaultOptions, d as decryptConfigSecrets, e as encryptConfigSecrets, m as migratePlaintextSecrets, r as rewriteConfigEncrypted } from '../secret-vault-DDSMHqIm.js';
|
|
18
|
+
export { A as AbandonedSession, a as AttachmentStoreOptions, C as ConfigLoaderOptions, b as ConfigMigration, c as ConfigMigrationError, d as ConfigSource, D as DEFAULT_CONFIG_MIGRATIONS, e as DefaultAttachmentStore, f as DefaultConfigLoader, g as DefaultConfigStore, h as DefaultMemoryStore, i as DefaultSessionStore, k as MemoryStoreOptions, l as MigrationContext, m as MigrationResult, P as PersistedQueueItem, n as PlanFile, o as PlanItem, p as PlanTemplate, Q as QueueStore, R as RecoveryLock, q as RecoveryLockOptions, S as SessionAnalyzer, r as SessionStoreOptions, T as TodosCheckpointFile, s as addPlanItem, t as attachPlanCheckpoint, u as attachTodosCheckpoint, v as clearPlan, w as deriveTodosFromPlanItem, x as emptyPlan, y as formatPlan, z as formatPlanTemplates, B as getPlanTemplate, E as listPlanTemplates, G as loadPlan, H as loadTodosCheckpoint, K as removePlanItem, L as runConfigMigrations, N as savePlan, O as saveTodosCheckpoint, U as setPlanItemStatus } from '../todos-checkpoint-CH1pcua9.js';
|
|
19
19
|
export { a as DirectorStateCheckpoint, D as DirectorStateSnapshot, b as DirectorSubagentState, c as DirectorTaskState, l as loadDirectorState } from '../director-state-BfeCUbmk.js';
|
|
20
|
-
export { A as AuditLevel, S as SessionEventBridge, b as SessionEventBridgeOptions, c as SessionSamplingOptions, T as ToolProgressSamplingOptions, d as createSessionEventBridge, r as resolveAuditLevel, e as resolveSessionLoggingConfig } from '../session-event-bridge-
|
|
21
|
-
export { D as DefaultSessionReader } from '../session-reader-
|
|
20
|
+
export { A as AuditLevel, S as SessionEventBridge, b as SessionEventBridgeOptions, c as SessionSamplingOptions, T as ToolProgressSamplingOptions, d as createSessionEventBridge, r as resolveAuditLevel, e as resolveSessionLoggingConfig } from '../session-event-bridge-DG94B3Bk.js';
|
|
21
|
+
export { D as DefaultSessionReader } from '../session-reader-BzT-iMQT.js';
|
|
22
22
|
export { D as DEFAULT_AUTONOMY_CONFIG, b as DEFAULT_CONTEXT_CONFIG, e as DEFAULT_TOOLS_CONFIG } from '../default-config-azFprTB3.js';
|
|
23
|
-
import '../index-
|
|
23
|
+
import '../index-DJXj-dcr.js';
|
|
24
24
|
import '../logger-B63L5bTg.js';
|
|
25
|
-
import '../pipeline-
|
|
25
|
+
import '../pipeline-CEjBjzVA.js';
|
|
26
26
|
import '../mailbox-types-DTl7bRH3.js';
|
|
27
|
-
import '../config-
|
|
27
|
+
import '../config-DAOjriz9.js';
|
|
28
28
|
import '../observability-D-HZN_mF.js';
|
|
29
|
-
import '../brain-
|
|
30
|
-
import '../permission-
|
|
31
|
-
import '../retry-policy-
|
|
29
|
+
import '../brain-CCfuEOdp.js';
|
|
30
|
+
import '../permission-DbsGOA1C.js';
|
|
31
|
+
import '../retry-policy-Git9WF6d.js';
|
|
32
32
|
import 'node:events';
|
|
33
|
-
import '../compactor-
|
|
34
|
-
import '../selector-
|
|
33
|
+
import '../compactor-D3BGw26y.js';
|
|
34
|
+
import '../selector-Cq72C0Oy.js';
|
|
35
35
|
import '../skill-DGIXCtdv.js';
|
|
36
36
|
import '../wstack-paths-_NrRovdr.js';
|
|
37
37
|
import '../prompt-DLd35n4Q.js';
|
|
38
|
-
import '../goal-store-
|
|
38
|
+
import '../goal-store-C1uH4srH.js';
|
|
39
39
|
import '../mode-CZlO9iU1.js';
|
|
40
40
|
import '../spec-TBi3Jr6T.js';
|
|
41
41
|
import '../task-graph-u1q9Jkyk.js';
|
|
42
|
-
import '../worktree-manager-
|
|
42
|
+
import '../worktree-manager-C4YIf1Fa.js';
|
|
43
43
|
import '../input-reader-E-ffP2ee.js';
|
|
44
44
|
import '../secret-vault-BAKpgFw_.js';
|
|
45
45
|
|
package/dist/defaults/index.js
CHANGED
|
@@ -6546,6 +6546,8 @@ var ToolCapabilities = {
|
|
|
6546
6546
|
SHELL_ARBITRARY: "shell.arbitrary",
|
|
6547
6547
|
/** Can execute a restricted set of commands (the `exec` tool). */
|
|
6548
6548
|
SHELL_RESTRICTED: "shell.restricted",
|
|
6549
|
+
/** Can run a restricted project formatter/linter-style command. */
|
|
6550
|
+
SHELL_EXEC: "shell.exec",
|
|
6549
6551
|
/** Can read files inside the project (and possibly outside via symlinks if not guarded). */
|
|
6550
6552
|
FS_READ: "fs.read",
|
|
6551
6553
|
/** Can write / modify / delete files inside the project. */
|
|
@@ -6554,6 +6556,12 @@ var ToolCapabilities = {
|
|
|
6554
6556
|
FS_WRITE_OUTSIDE_PROJECT: "fs.write.outside-project",
|
|
6555
6557
|
/** Can perform outbound network requests. */
|
|
6556
6558
|
NET_OUTBOUND: "net.outbound",
|
|
6559
|
+
/** Can invoke arbitrary registered tools through a meta-tool. */
|
|
6560
|
+
TOOL_MUTATE_ANY: "tool.mutate.any",
|
|
6561
|
+
/** Can write persistent memory. */
|
|
6562
|
+
MEMORY_WRITE: "memory.write",
|
|
6563
|
+
/** Can delete persistent memory. */
|
|
6564
|
+
MEMORY_DELETE: "memory.delete",
|
|
6557
6565
|
/** Proxies tools from external MCP servers (unknown capability). */
|
|
6558
6566
|
MCP_PROXY: "mcp.proxy",
|
|
6559
6567
|
/** Can spawn or manage subagents / multi-agent tasks. */
|
|
@@ -6568,8 +6576,12 @@ var ToolCapabilities = {
|
|
|
6568
6576
|
var DANGEROUS_FOR_SUBAGENTS = [
|
|
6569
6577
|
ToolCapabilities.SHELL_ARBITRARY,
|
|
6570
6578
|
ToolCapabilities.SHELL_RESTRICTED,
|
|
6579
|
+
ToolCapabilities.SHELL_EXEC,
|
|
6571
6580
|
ToolCapabilities.FS_WRITE,
|
|
6572
6581
|
ToolCapabilities.FS_WRITE_OUTSIDE_PROJECT,
|
|
6582
|
+
ToolCapabilities.TOOL_MUTATE_ANY,
|
|
6583
|
+
ToolCapabilities.MEMORY_WRITE,
|
|
6584
|
+
ToolCapabilities.MEMORY_DELETE,
|
|
6573
6585
|
ToolCapabilities.MCP_PROXY,
|
|
6574
6586
|
ToolCapabilities.SUBAGENT_SPAWN,
|
|
6575
6587
|
ToolCapabilities.CONFIG_MUTATE,
|
|
@@ -8520,6 +8532,7 @@ var Director = class _Director {
|
|
|
8520
8532
|
sessionIdSource;
|
|
8521
8533
|
/** Debounce timer for periodic manifest writes. */
|
|
8522
8534
|
manifestTimer = null;
|
|
8535
|
+
manifestWriteChain = Promise.resolve();
|
|
8523
8536
|
manifestDebounceMs;
|
|
8524
8537
|
/** Fleet-wide cost cap (entire fleet total, distinct from SubagentBudget limits). Infinity means no cap. */
|
|
8525
8538
|
maxFleetCostUsd;
|
|
@@ -8696,7 +8709,7 @@ var Director = class _Director {
|
|
|
8696
8709
|
}
|
|
8697
8710
|
);
|
|
8698
8711
|
if (this.fleetManager) {
|
|
8699
|
-
this.fleetManager.flushManifest();
|
|
8712
|
+
void this.fleetManager.flushManifest();
|
|
8700
8713
|
} else {
|
|
8701
8714
|
this.scheduleManifest();
|
|
8702
8715
|
}
|
|
@@ -8975,6 +8988,7 @@ var Director = class _Director {
|
|
|
8975
8988
|
return;
|
|
8976
8989
|
}
|
|
8977
8990
|
if (this.manifestDebounceMs < 0) return;
|
|
8991
|
+
if (this.manifestTimer) return;
|
|
8978
8992
|
this.manifestTimer = setTimeout(() => {
|
|
8979
8993
|
this.manifestTimer = null;
|
|
8980
8994
|
void this.writeManifest().catch(
|
|
@@ -8982,6 +8996,11 @@ var Director = class _Director {
|
|
|
8982
8996
|
);
|
|
8983
8997
|
}, this.manifestDebounceMs);
|
|
8984
8998
|
}
|
|
8999
|
+
clearManifestTimer() {
|
|
9000
|
+
if (!this.manifestTimer) return;
|
|
9001
|
+
clearTimeout(this.manifestTimer);
|
|
9002
|
+
this.manifestTimer = null;
|
|
9003
|
+
}
|
|
8985
9004
|
/**
|
|
8986
9005
|
* Spawn a subagent. Identical to the coordinator's `spawn()` but
|
|
8987
9006
|
* captures provider/model metadata for the usage aggregator and
|
|
@@ -9204,6 +9223,13 @@ var Director = class _Director {
|
|
|
9204
9223
|
* replay an entire director run.
|
|
9205
9224
|
*/
|
|
9206
9225
|
async writeManifest() {
|
|
9226
|
+
if (!this.manifestPath) return null;
|
|
9227
|
+
this.clearManifestTimer();
|
|
9228
|
+
const write = this.manifestWriteChain.catch(() => void 0).then(() => this.writeManifestNow());
|
|
9229
|
+
this.manifestWriteChain = write.catch(() => void 0);
|
|
9230
|
+
return write;
|
|
9231
|
+
}
|
|
9232
|
+
async writeManifestNow() {
|
|
9207
9233
|
if (!this.manifestPath) return null;
|
|
9208
9234
|
const manifest = {
|
|
9209
9235
|
directorRunId: this.id,
|
|
@@ -9236,10 +9262,7 @@ var Director = class _Director {
|
|
|
9236
9262
|
* — calling shutdown twice is a no-op on the second invocation.
|
|
9237
9263
|
*/
|
|
9238
9264
|
async shutdown() {
|
|
9239
|
-
|
|
9240
|
-
clearTimeout(this.manifestTimer);
|
|
9241
|
-
this.manifestTimer = null;
|
|
9242
|
-
}
|
|
9265
|
+
this.clearManifestTimer();
|
|
9243
9266
|
if (this.taskCompletedListener) {
|
|
9244
9267
|
this.coordinator.off("task.completed", this.taskCompletedListener);
|
|
9245
9268
|
this.taskCompletedListener = null;
|
|
@@ -9258,8 +9281,11 @@ var Director = class _Director {
|
|
|
9258
9281
|
}
|
|
9259
9282
|
this.subagentBridges.clear();
|
|
9260
9283
|
await this.bridge.stop().catch((err) => this.logShutdownError("director_bridge_stop", err));
|
|
9261
|
-
if (this.
|
|
9284
|
+
if (this.fleetManager) {
|
|
9285
|
+
await this.fleetManager.flushManifest().catch((err) => this.logShutdownError("fleet_manifest_flush", err));
|
|
9286
|
+
} else if (this.manifestPath) {
|
|
9262
9287
|
await this.writeManifest().catch((err) => this.logShutdownError("manifest_write", err));
|
|
9288
|
+
}
|
|
9263
9289
|
if (this.stateCheckpoint) {
|
|
9264
9290
|
this.stateCheckpoint.setUsage(this.usage.snapshot());
|
|
9265
9291
|
await this.stateCheckpoint.flush().catch((err) => this.logShutdownError("state_checkpoint_flush", err));
|
|
@@ -16756,7 +16782,7 @@ ${errorDetails}`,
|
|
|
16756
16782
|
const decision = await this.opts.permissionPolicy.evaluate(tool, use.input, ctx);
|
|
16757
16783
|
let effectivePermission = decision.permission;
|
|
16758
16784
|
const policy = this.opts.permissionPolicy;
|
|
16759
|
-
const yolo = policy.getYolo?.() === true
|
|
16785
|
+
const yolo = policy.getYolo?.() === true;
|
|
16760
16786
|
const authoritativeAuto = decision.source === "yolo";
|
|
16761
16787
|
if (toolDangerousCaps.length > 0 && effectivePermission === "auto" && !yolo && !authoritativeAuto) {
|
|
16762
16788
|
effectivePermission = "confirm";
|
|
@@ -17295,7 +17321,10 @@ function createContextManagerTool(opts = {}) {
|
|
|
17295
17321
|
required: ["action"]
|
|
17296
17322
|
},
|
|
17297
17323
|
permission: "auto",
|
|
17298
|
-
|
|
17324
|
+
// Mutates only the in-memory conversation context, like the todo tool.
|
|
17325
|
+
// It must stay auto-runnable so the model can inspect/repair/compact its
|
|
17326
|
+
// own context without hitting a permission prompt loop.
|
|
17327
|
+
mutating: false,
|
|
17299
17328
|
async execute(input, ctx) {
|
|
17300
17329
|
const messages = ctx.messages;
|
|
17301
17330
|
const beforeTokens = roughEstimate(messages);
|
|
@@ -24718,19 +24747,51 @@ var LruCache = class {
|
|
|
24718
24747
|
// src/security/permission-policy.ts
|
|
24719
24748
|
init_safe_json();
|
|
24720
24749
|
init_tool_subject();
|
|
24721
|
-
var
|
|
24722
|
-
/\
|
|
24723
|
-
|
|
24724
|
-
/\
|
|
24725
|
-
|
|
24726
|
-
/\
|
|
24727
|
-
|
|
24728
|
-
/\
|
|
24729
|
-
|
|
24730
|
-
|
|
24750
|
+
var CATASTROPHIC_PATTERNS = [
|
|
24751
|
+
/\b(?:mkfs(?:\.[a-z0-9]+)?|mke2fs|newfs)\b/i,
|
|
24752
|
+
// make a filesystem — wipes a partition
|
|
24753
|
+
/\bformat\s+[A-Za-z]:/i,
|
|
24754
|
+
// format C: — wipes a Windows volume
|
|
24755
|
+
/\bdiskpart\b/i,
|
|
24756
|
+
// Windows partition editor
|
|
24757
|
+
/\bdd\b[^|]*\bof=(?:\/dev\/|\\\\[.?]\\)/i,
|
|
24758
|
+
// dd writing straight to a raw device
|
|
24759
|
+
/>\s*\/dev\/(?:sd|hd|nvme|disk|mapper|vd)/i,
|
|
24760
|
+
// redirect into a raw block device
|
|
24761
|
+
/:\(\)\s*\{\s*:\|:&\s*\}\s*;/
|
|
24762
|
+
// classic fork bomb
|
|
24731
24763
|
];
|
|
24732
|
-
var
|
|
24733
|
-
|
|
24764
|
+
var CATASTROPHIC_POSIX_ROOTS = /* @__PURE__ */ new Set([
|
|
24765
|
+
"/etc",
|
|
24766
|
+
"/usr",
|
|
24767
|
+
"/bin",
|
|
24768
|
+
"/sbin",
|
|
24769
|
+
"/lib",
|
|
24770
|
+
"/lib64",
|
|
24771
|
+
"/var",
|
|
24772
|
+
"/boot",
|
|
24773
|
+
"/dev",
|
|
24774
|
+
"/sys",
|
|
24775
|
+
"/proc",
|
|
24776
|
+
"/opt",
|
|
24777
|
+
"/root",
|
|
24778
|
+
"/home",
|
|
24779
|
+
"/srv",
|
|
24780
|
+
"/run",
|
|
24781
|
+
"/system",
|
|
24782
|
+
"/library",
|
|
24783
|
+
"/applications",
|
|
24784
|
+
"/users"
|
|
24785
|
+
]);
|
|
24786
|
+
var CATASTROPHIC_WIN_SUBDIRS = /* @__PURE__ */ new Set([
|
|
24787
|
+
"windows",
|
|
24788
|
+
"system32",
|
|
24789
|
+
"winnt",
|
|
24790
|
+
"program files",
|
|
24791
|
+
"program files (x86)",
|
|
24792
|
+
"programdata",
|
|
24793
|
+
"users"
|
|
24794
|
+
]);
|
|
24734
24795
|
var SHELL_OPERATORS = /* @__PURE__ */ new Set(["&&", "||", "|", ";", ">", ">>", "<", "2>", "2>>"]);
|
|
24735
24796
|
function getInputString(input, key) {
|
|
24736
24797
|
if (!input || typeof input !== "object") return void 0;
|
|
@@ -24747,20 +24808,21 @@ function pathLooksInsideProject(rawPath, projectRoot) {
|
|
|
24747
24808
|
function tokenizeShell(command) {
|
|
24748
24809
|
return command.match(/"[^"]*"|'[^']*'|\S+/g)?.map((token) => token.replace(/^['"]|['"]$/g, "")) ?? [];
|
|
24749
24810
|
}
|
|
24750
|
-
function
|
|
24751
|
-
|
|
24752
|
-
if (
|
|
24753
|
-
if (
|
|
24754
|
-
|
|
24755
|
-
if (
|
|
24811
|
+
function isCatastrophicDeleteTarget(rawTarget) {
|
|
24812
|
+
const t = rawTarget.replace(/^['"]|['"]$/g, "").trim();
|
|
24813
|
+
if (!t) return false;
|
|
24814
|
+
if (t === "*" || t === "." || t === "./" || t === ".\\" || t === "./*" || t === ".\\*") return true;
|
|
24815
|
+
const s = t.replace(/[\\/]\*+$/, "").replace(/[\\/]+$/, "");
|
|
24816
|
+
if (s === "") return true;
|
|
24817
|
+
if (s === "~" || /^\$HOME$/i.test(s) || /^%USERPROFILE%$/i.test(s)) return true;
|
|
24818
|
+
if (/^[A-Za-z]:$/.test(s)) return true;
|
|
24819
|
+
const norm = s.toLowerCase().replace(/\\/g, "/");
|
|
24820
|
+
if (CATASTROPHIC_POSIX_ROOTS.has(norm)) return true;
|
|
24821
|
+
const win = norm.match(/^[a-z]:\/([^/]+)$/);
|
|
24822
|
+
if (win?.[1] && CATASTROPHIC_WIN_SUBDIRS.has(win[1])) return true;
|
|
24756
24823
|
return false;
|
|
24757
24824
|
}
|
|
24758
|
-
function
|
|
24759
|
-
const targets = tokens.slice(start).filter((token) => !token.startsWith("-") && !SHELL_OPERATORS.has(token));
|
|
24760
|
-
if (targets.length === 0) return true;
|
|
24761
|
-
return targets.some((target) => pathTokenIsOutsideProject(target, projectRoot));
|
|
24762
|
-
}
|
|
24763
|
-
function hasDestructiveDelete(command, projectRoot) {
|
|
24825
|
+
function hasCatastrophicDelete(command) {
|
|
24764
24826
|
const tokens = tokenizeShell(command);
|
|
24765
24827
|
for (let i = 0; i < tokens.length; i++) {
|
|
24766
24828
|
const token = tokens[i]?.toLowerCase();
|
|
@@ -24768,35 +24830,43 @@ function hasDestructiveDelete(command, projectRoot) {
|
|
|
24768
24830
|
if (token === "rm") {
|
|
24769
24831
|
const args = tokens.slice(i + 1);
|
|
24770
24832
|
const recursiveOrForce = args.some(
|
|
24771
|
-
(arg) => /^-[^-]*[rf]/i.test(arg) || arg === "--recursive" || arg === "--force"
|
|
24833
|
+
(arg) => /^-[^-]*[rf]/i.test(arg) || arg === "--recursive" || arg === "--force" || arg === "--no-preserve-root"
|
|
24772
24834
|
);
|
|
24773
|
-
if (recursiveOrForce
|
|
24835
|
+
if (!recursiveOrForce) continue;
|
|
24836
|
+
const targets = args.filter((arg) => !arg.startsWith("-") && !SHELL_OPERATORS.has(arg));
|
|
24837
|
+
if (targets.length === 0) return true;
|
|
24838
|
+
if (targets.some(isCatastrophicDeleteTarget)) return true;
|
|
24839
|
+
}
|
|
24840
|
+
if (token === "remove-item" || token === "ri") {
|
|
24841
|
+
const args = tokens.slice(i + 1);
|
|
24842
|
+
const recursive = args.some((arg) => {
|
|
24843
|
+
const a = arg.toLowerCase();
|
|
24844
|
+
return a === "-recurse" || a === "-force";
|
|
24845
|
+
});
|
|
24846
|
+
if (!recursive) continue;
|
|
24847
|
+
const targets = args.filter((arg) => !arg.startsWith("-") && !SHELL_OPERATORS.has(arg));
|
|
24848
|
+
if (targets.some(isCatastrophicDeleteTarget)) return true;
|
|
24774
24849
|
}
|
|
24775
24850
|
if (token === "rmdir" || token === "rd") {
|
|
24776
24851
|
const args = tokens.slice(i + 1);
|
|
24777
24852
|
const recursive = args.some((arg) => arg.toLowerCase() === "/s");
|
|
24778
|
-
if (recursive
|
|
24853
|
+
if (!recursive) continue;
|
|
24854
|
+
const targets = args.filter((arg) => !arg.startsWith("-") && !arg.startsWith("/") && !SHELL_OPERATORS.has(arg));
|
|
24855
|
+
if (targets.some(isCatastrophicDeleteTarget)) return true;
|
|
24779
24856
|
}
|
|
24780
24857
|
if (token === "del" || token === "erase") {
|
|
24781
|
-
|
|
24782
|
-
|
|
24783
|
-
|
|
24784
|
-
const args = tokens.slice(i + 1).map((arg) => arg.toLowerCase());
|
|
24785
|
-
const recursiveOrForce = args.includes("-recurse") || args.includes("-force");
|
|
24786
|
-
if (recursiveOrForce && hasDangerousDeleteTarget(tokens, i + 1, projectRoot)) return true;
|
|
24858
|
+
const args = tokens.slice(i + 1);
|
|
24859
|
+
const targets = args.filter((arg) => !arg.startsWith("-") && !arg.startsWith("/") && !SHELL_OPERATORS.has(arg));
|
|
24860
|
+
if (targets.some(isCatastrophicDeleteTarget)) return true;
|
|
24787
24861
|
}
|
|
24788
24862
|
}
|
|
24789
24863
|
return false;
|
|
24790
24864
|
}
|
|
24791
|
-
function isClearlyDestructiveBashCommand(command,
|
|
24865
|
+
function isClearlyDestructiveBashCommand(command, _projectRoot) {
|
|
24792
24866
|
const trimmed = command.trim();
|
|
24793
24867
|
if (!trimmed) return false;
|
|
24794
|
-
if (
|
|
24795
|
-
if (
|
|
24796
|
-
if (/\bcd\s+(?:\.\.|~|\/|[A-Za-z]:[\\/])/i.test(trimmed)) return true;
|
|
24797
|
-
if (PROJECT_ESCAPE_PATTERN.test(trimmed)) return true;
|
|
24798
|
-
const absolute = trimmed.match(ABSOLUTE_PATH_PATTERN)?.[0]?.trim().replace(/^['"]|['"]$/g, "");
|
|
24799
|
-
if (absolute && !pathLooksInsideProject(absolute, projectRoot)) return true;
|
|
24868
|
+
if (hasCatastrophicDelete(trimmed)) return true;
|
|
24869
|
+
if (CATASTROPHIC_PATTERNS.some((pattern) => pattern.test(trimmed))) return true;
|
|
24800
24870
|
return false;
|
|
24801
24871
|
}
|
|
24802
24872
|
|
|
@@ -24804,6 +24874,15 @@ function isClearlyDestructiveBashCommand(command, projectRoot) {
|
|
|
24804
24874
|
function matchesTrust(patterns, subject) {
|
|
24805
24875
|
return patterns.includes(subject) || matchAny(patterns, subject);
|
|
24806
24876
|
}
|
|
24877
|
+
function shellCommandLineFromInput(input) {
|
|
24878
|
+
const command = getInputString(input, "command") ?? getInputString(input, "cmd") ?? getInputString(input, "script");
|
|
24879
|
+
if (!command) return void 0;
|
|
24880
|
+
if (!input || typeof input !== "object") return command;
|
|
24881
|
+
const args = input["args"];
|
|
24882
|
+
if (!Array.isArray(args) || args.length === 0) return command;
|
|
24883
|
+
const renderedArgs = args.filter((arg) => typeof arg === "string").map((arg) => /\s/.test(arg) ? `"${arg.replace(/"/g, '\\"')}"` : arg);
|
|
24884
|
+
return [command, ...renderedArgs].join(" ");
|
|
24885
|
+
}
|
|
24807
24886
|
var DefaultPermissionPolicy = class {
|
|
24808
24887
|
policy = {};
|
|
24809
24888
|
loaded = false;
|
|
@@ -24821,9 +24900,10 @@ var DefaultPermissionPolicy = class {
|
|
|
24821
24900
|
*/
|
|
24822
24901
|
sessionDenied = /* @__PURE__ */ new Map();
|
|
24823
24902
|
/**
|
|
24824
|
-
* Session-scoped "soft trust" map. When the user presses '
|
|
24825
|
-
*
|
|
24826
|
-
*
|
|
24903
|
+
* Session-scoped one-shot "soft trust" map. When the user presses 'y', the
|
|
24904
|
+
* tool+pattern is added here so the immediate confirm re-run can proceed.
|
|
24905
|
+
* The entry is consumed on first use; future calls must ask again unless the
|
|
24906
|
+
* user chose persistent trust.
|
|
24827
24907
|
*
|
|
24828
24908
|
* Cleared on reload().
|
|
24829
24909
|
*/
|
|
@@ -24862,7 +24942,7 @@ var DefaultPermissionPolicy = class {
|
|
|
24862
24942
|
this.trustFile = opts.trustFile;
|
|
24863
24943
|
this.yolo = opts.yolo ?? false;
|
|
24864
24944
|
this.yoloDestructive = opts.yoloDestructive ?? opts.forceAllYolo ?? false;
|
|
24865
|
-
this.confirmDestructive =
|
|
24945
|
+
this.confirmDestructive = true;
|
|
24866
24946
|
this.promptDelegate = opts.promptDelegate;
|
|
24867
24947
|
}
|
|
24868
24948
|
/**
|
|
@@ -24893,9 +24973,9 @@ var DefaultPermissionPolicy = class {
|
|
|
24893
24973
|
return this.yoloDestructive;
|
|
24894
24974
|
}
|
|
24895
24975
|
/** Toggle destructive confirmation gate (only meaningful when yolo is active). */
|
|
24896
|
-
setConfirmDestructive(
|
|
24897
|
-
if (this.confirmDestructive
|
|
24898
|
-
this.confirmDestructive =
|
|
24976
|
+
setConfirmDestructive(_enabled) {
|
|
24977
|
+
if (!this.confirmDestructive) this._evalCache.clear();
|
|
24978
|
+
this.confirmDestructive = true;
|
|
24899
24979
|
}
|
|
24900
24980
|
/** Check whether destructive confirmation gate is active. */
|
|
24901
24981
|
getConfirmDestructive() {
|
|
@@ -24934,12 +25014,12 @@ var DefaultPermissionPolicy = class {
|
|
|
24934
25014
|
return decision;
|
|
24935
25015
|
}
|
|
24936
25016
|
if (this.sessionAllowed.has(cacheKey)) {
|
|
25017
|
+
this.sessionAllowed.delete(cacheKey);
|
|
24937
25018
|
const decision = {
|
|
24938
25019
|
permission: "auto",
|
|
24939
25020
|
source: "trust",
|
|
24940
|
-
reason: "session
|
|
25021
|
+
reason: "session one-shot allow (user pressed yes)"
|
|
24941
25022
|
};
|
|
24942
|
-
this._evalCache.set(cacheKey, decision);
|
|
24943
25023
|
return decision;
|
|
24944
25024
|
}
|
|
24945
25025
|
if (entry?.deny && subject && matchesTrust(entry.deny, subject)) {
|
|
@@ -24952,6 +25032,29 @@ var DefaultPermissionPolicy = class {
|
|
|
24952
25032
|
this._evalCache.set(cacheKey, decision);
|
|
24953
25033
|
return decision;
|
|
24954
25034
|
}
|
|
25035
|
+
if (this.yolo) {
|
|
25036
|
+
const destructive = this.isDestructiveYoloCall(tool, input, ctx);
|
|
25037
|
+
if (destructive) {
|
|
25038
|
+
if (this.promptDelegate) {
|
|
25039
|
+
const decision = await this.promptDelegate(tool, input, subject ?? tool.name);
|
|
25040
|
+
if (decision === "deny") {
|
|
25041
|
+
await this.deny({ tool: tool.name, pattern: subject ?? tool.name });
|
|
25042
|
+
return { permission: "deny", source: "user", reason: "user denied destructive yolo" };
|
|
25043
|
+
}
|
|
25044
|
+
return {
|
|
25045
|
+
permission: decision === "yes" || decision === "always" ? "auto" : "deny",
|
|
25046
|
+
source: "user",
|
|
25047
|
+
reason: "destructive yolo approved for this call"
|
|
25048
|
+
};
|
|
25049
|
+
}
|
|
25050
|
+
return {
|
|
25051
|
+
permission: "confirm",
|
|
25052
|
+
source: "yolo_destructive",
|
|
25053
|
+
riskTier: "destructive",
|
|
25054
|
+
reason: "destructive tool needs explicit approval in YOLO mode"
|
|
25055
|
+
};
|
|
25056
|
+
}
|
|
25057
|
+
}
|
|
24955
25058
|
if (entry?.allow && subject && matchesTrust(entry.allow, subject)) {
|
|
24956
25059
|
const decision = { permission: "auto", source: "trust", reason: "matched allow pattern" };
|
|
24957
25060
|
this._evalCache.set(cacheKey, decision);
|
|
@@ -24963,29 +25066,6 @@ var DefaultPermissionPolicy = class {
|
|
|
24963
25066
|
return decision;
|
|
24964
25067
|
}
|
|
24965
25068
|
if (this.yolo) {
|
|
24966
|
-
if (this.confirmDestructive) {
|
|
24967
|
-
const destructive = this.isDestructiveYoloCall(tool, input, ctx);
|
|
24968
|
-
if (destructive) {
|
|
24969
|
-
if (this.promptDelegate) {
|
|
24970
|
-
const decision2 = await this.promptDelegate(tool, input, subject ?? tool.name);
|
|
24971
|
-
if (decision2 === "always") {
|
|
24972
|
-
await this.trust({ tool: tool.name, pattern: subject ?? tool.name });
|
|
24973
|
-
return { permission: "auto", source: "user", reason: "destructive yolo always-allowed" };
|
|
24974
|
-
}
|
|
24975
|
-
if (decision2 === "deny") {
|
|
24976
|
-
await this.deny({ tool: tool.name, pattern: subject ?? tool.name });
|
|
24977
|
-
return { permission: "deny", source: "user", reason: "user denied destructive yolo" };
|
|
24978
|
-
}
|
|
24979
|
-
return { permission: decision2 === "yes" ? "auto" : "deny", source: "user" };
|
|
24980
|
-
}
|
|
24981
|
-
return {
|
|
24982
|
-
permission: "confirm",
|
|
24983
|
-
source: "yolo_destructive",
|
|
24984
|
-
riskTier: "destructive",
|
|
24985
|
-
reason: "destructive tool needs explicit approval (confirmDestructive is on)"
|
|
24986
|
-
};
|
|
24987
|
-
}
|
|
24988
|
-
}
|
|
24989
25069
|
const decision = { permission: "auto", source: "yolo" };
|
|
24990
25070
|
this._evalCache.set(cacheKey, decision);
|
|
24991
25071
|
return decision;
|
|
@@ -25002,7 +25082,8 @@ var DefaultPermissionPolicy = class {
|
|
|
25002
25082
|
const hasWriteCap = hasCapability(tool, ToolCapabilities.FS_WRITE);
|
|
25003
25083
|
const hasShellCap = hasCapability(tool, [
|
|
25004
25084
|
ToolCapabilities.SHELL_ARBITRARY,
|
|
25005
|
-
ToolCapabilities.SHELL_RESTRICTED
|
|
25085
|
+
ToolCapabilities.SHELL_RESTRICTED,
|
|
25086
|
+
ToolCapabilities.SHELL_EXEC
|
|
25006
25087
|
]);
|
|
25007
25088
|
const hasInstallCap = hasCapability(tool, ToolCapabilities.PACKAGE_INSTALL);
|
|
25008
25089
|
const hasConfigCap = hasCapability(tool, ToolCapabilities.CONFIG_MUTATE);
|
|
@@ -25030,27 +25111,30 @@ var DefaultPermissionPolicy = class {
|
|
|
25030
25111
|
// Capability-based destructive check (preferred over name-based)
|
|
25031
25112
|
isDestructiveByCapability(tool) {
|
|
25032
25113
|
const caps = tool.capabilities ?? [];
|
|
25033
|
-
if (caps.includes(
|
|
25034
|
-
if (caps.includes(
|
|
25035
|
-
if (caps.includes(
|
|
25114
|
+
if (caps.includes(ToolCapabilities.SHELL_ARBITRARY)) return true;
|
|
25115
|
+
if (caps.includes(ToolCapabilities.SHELL_RESTRICTED)) return true;
|
|
25116
|
+
if (caps.includes(ToolCapabilities.SHELL_EXEC)) return true;
|
|
25117
|
+
if (caps.includes(ToolCapabilities.FS_WRITE)) return true;
|
|
25118
|
+
if (caps.includes(ToolCapabilities.FS_WRITE_OUTSIDE_PROJECT)) return true;
|
|
25036
25119
|
return false;
|
|
25037
25120
|
}
|
|
25038
25121
|
isDestructiveYoloCall(tool, input, ctx) {
|
|
25039
25122
|
if (this.isDestructiveByCapability(tool)) {
|
|
25040
|
-
|
|
25041
|
-
|
|
25042
|
-
|
|
25123
|
+
const caps = tool.capabilities ?? [];
|
|
25124
|
+
if (caps.includes(ToolCapabilities.SHELL_ARBITRARY) || caps.includes(ToolCapabilities.SHELL_RESTRICTED) || caps.includes(ToolCapabilities.SHELL_EXEC)) {
|
|
25125
|
+
const command = shellCommandLineFromInput(input);
|
|
25126
|
+
return command ? isClearlyDestructiveBashCommand(command, ctx.projectRoot) : tool.riskTier === "destructive";
|
|
25043
25127
|
}
|
|
25044
|
-
if (
|
|
25128
|
+
if (caps.includes(ToolCapabilities.FS_WRITE_OUTSIDE_PROJECT)) return true;
|
|
25129
|
+
if (caps.includes(ToolCapabilities.FS_WRITE)) {
|
|
25045
25130
|
const targetPath = getInputString(input, "path") ?? getInputString(input, "file");
|
|
25046
25131
|
if (!targetPath || !ctx.projectRoot) return false;
|
|
25047
25132
|
return !pathLooksInsideProject(targetPath, ctx.projectRoot);
|
|
25048
25133
|
}
|
|
25049
|
-
return true;
|
|
25050
25134
|
}
|
|
25051
|
-
if (tool.name === "bash") {
|
|
25052
|
-
const command =
|
|
25053
|
-
return command ? isClearlyDestructiveBashCommand(command, ctx.projectRoot) :
|
|
25135
|
+
if (tool.name === "bash" || tool.name === "shell" || tool.name === "exec") {
|
|
25136
|
+
const command = shellCommandLineFromInput(input);
|
|
25137
|
+
return command ? isClearlyDestructiveBashCommand(command, ctx.projectRoot) : tool.riskTier === "destructive";
|
|
25054
25138
|
}
|
|
25055
25139
|
if (tool.name === "write" || tool.name === "edit" || tool.name === "replace" || tool.name === "patch") {
|
|
25056
25140
|
const targetPath = getInputString(input, "path") ?? getInputString(input, "file");
|
|
@@ -25099,7 +25183,7 @@ var DefaultPermissionPolicy = class {
|
|
|
25099
25183
|
this.sessionDenied.set(`${rule.tool}::${rule.pattern}`, true);
|
|
25100
25184
|
this._evalCache.clear();
|
|
25101
25185
|
}
|
|
25102
|
-
/** Auto-approve this tool+pattern
|
|
25186
|
+
/** Auto-approve this tool+pattern once (no trust file). */
|
|
25103
25187
|
allowOnce(rule) {
|
|
25104
25188
|
this.sessionAllowed.set(`${rule.tool}::${rule.pattern}`, true);
|
|
25105
25189
|
this._evalCache.clear();
|