agdi 1.0.2 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +51 -1
- package/bin/agdi.js +1 -1
- package/dist/index.js +1068 -247
- package/package.json +5 -3
package/README.md
CHANGED
|
@@ -25,6 +25,9 @@ agdi init
|
|
|
25
25
|
# Generate from prompt
|
|
26
26
|
agdi generate "Create a todo app with dark mode"
|
|
27
27
|
|
|
28
|
+
# Interactive coding session
|
|
29
|
+
agdi chat
|
|
30
|
+
|
|
28
31
|
# Configure API keys
|
|
29
32
|
agdi auth
|
|
30
33
|
```
|
|
@@ -36,6 +39,45 @@ agdi auth
|
|
|
36
39
|
- ⚡ **Instant Generation** - Full React/Vite apps in seconds
|
|
37
40
|
- 💬 **Interactive Mode** - Chat-based coding assistant
|
|
38
41
|
- 🔑 **Bring Your Own Key** - Use your own OpenAI, Anthropic, or Gemini keys
|
|
42
|
+
- 🔒 **Enterprise Security** - Permission gate, audit logging, workspace trust
|
|
43
|
+
|
|
44
|
+
## Security Architecture
|
|
45
|
+
|
|
46
|
+
Agdi includes a comprehensive security system for safe command execution:
|
|
47
|
+
|
|
48
|
+
### Permission Gate
|
|
49
|
+
|
|
50
|
+
All commands pass through a single gatekeeper with 4-tier risk classification:
|
|
51
|
+
|
|
52
|
+
| Tier | Description | Examples |
|
|
53
|
+
|------|-------------|----------|
|
|
54
|
+
| **0** | Read-only | `ls`, `cat`, `git status` |
|
|
55
|
+
| **1** | Workspace write | `touch`, `mkdir`, `git commit` |
|
|
56
|
+
| **2** | System/package | `npm install`, `docker run` |
|
|
57
|
+
| **3** | Dangerous | `sudo`, `rm -rf`, `curl \| bash` |
|
|
58
|
+
|
|
59
|
+
### Approval Options
|
|
60
|
+
|
|
61
|
+
When prompted for permission:
|
|
62
|
+
- **[A] Approve once** - Allow this single execution
|
|
63
|
+
- **[S] Approve for session** - Allow for current session
|
|
64
|
+
- **[+] Always allow** - Save rule to allow permanently
|
|
65
|
+
- **[?] Always prompt** - Save rule to always ask
|
|
66
|
+
- **[-] Always forbid** - Save rule to always block
|
|
67
|
+
- **[D] Deny** - Block this execution
|
|
68
|
+
|
|
69
|
+
### Workspace Trust
|
|
70
|
+
|
|
71
|
+
On first run, you'll be prompted to trust the workspace:
|
|
72
|
+
- **Trust for session** - Allow commands for this session only
|
|
73
|
+
- **Trust and remember** - Permanently trust this workspace
|
|
74
|
+
- **Exit** - Don't grant trust, exit immediately
|
|
75
|
+
|
|
76
|
+
Untrusted workspaces are restricted to Tier 0 (read-only) commands.
|
|
77
|
+
|
|
78
|
+
### Audit Logging
|
|
79
|
+
|
|
80
|
+
All permission decisions are logged to `~/.agdi/audit.jsonl` in OWASP-aligned format.
|
|
39
81
|
|
|
40
82
|
## Commands
|
|
41
83
|
|
|
@@ -77,7 +119,15 @@ agdi generate "Build a blog" -p puter -m gpt-5
|
|
|
77
119
|
|
|
78
120
|
## Configuration
|
|
79
121
|
|
|
80
|
-
API keys are stored in `~/.agdi
|
|
122
|
+
API keys and rules are stored in `~/.agdi/`:
|
|
123
|
+
|
|
124
|
+
```
|
|
125
|
+
~/.agdi/
|
|
126
|
+
├── config.json # API keys and settings
|
|
127
|
+
├── rules.json # Permission rules
|
|
128
|
+
├── trusted-workspaces.json # Trusted workspaces
|
|
129
|
+
└── audit.jsonl # Audit log
|
|
130
|
+
```
|
|
81
131
|
|
|
82
132
|
```bash
|
|
83
133
|
agdi auth # Interactive setup
|
package/bin/agdi.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
#!/usr/bin/env node
|
|
1
|
+
#!/usr/bin/env node
|
|
2
2
|
import '../dist/index.js';
|