@yemi33/minions 0.1.2096 → 0.1.2097
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -168,6 +168,14 @@ async function validateAcceptanceCriteria(workItem, opts = {}) {
|
|
|
168
168
|
model: _resolveModel(opts),
|
|
169
169
|
maxTurns: 1,
|
|
170
170
|
direct: true,
|
|
171
|
+
// Direct callLLM spawns the runtime CLI with cwd=MINIONS_DIR (engine/llm.js
|
|
172
|
+
// _spawnProcess). Without an allowedTools clamp the validator has full
|
|
173
|
+
// Edit/Write/Bash access to D:\squad and can leak partial implementations
|
|
174
|
+
// outside any worktree — confirmed in P-b5e2a481 (2026-06-01 23:44 UTC):
|
|
175
|
+
// the validator "previewed" the work by editing dashboard/js/refresh.js
|
|
176
|
+
// in MINIONS_DIR before the actual implement agent ran in its worktree.
|
|
177
|
+
// Read-only tools only — the eval is a JSON-decision call.
|
|
178
|
+
allowedTools: 'Read,Grep,Glob',
|
|
171
179
|
engineConfig: opts.engineConfig,
|
|
172
180
|
});
|
|
173
181
|
} catch (e) {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@yemi33/minions",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.2097",
|
|
4
4
|
"description": "Multi-agent AI dev team that runs from ~/.minions/ — five autonomous agents share a single engine, dashboard, and knowledge base",
|
|
5
5
|
"bin": {
|
|
6
6
|
"minions": "bin/minions.js"
|