agent-tempo 1.7.0-beta.3 → 1.7.0-beta.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dashboard/package.json +1 -1
  2. package/dist/types.d.ts +18 -14
  3. package/package.json +4 -4
package/dashboard/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "agent-tempo-dashboard",
3
3
  "private": true,
4
- "version": "1.7.0-beta.3",
4
+ "version": "1.7.0-beta.4",
5
5
  "type": "module",
6
6
  "description": "Web dashboard for agent-tempo. Bundled into the npm package; served by the daemon at /dashboard/*.",
7
7
  "scripts": {
package/dist/types.d.ts CHANGED
@@ -238,24 +238,28 @@ export interface SessionMetadata {
238
238
  * the real posture on EVERY attach (across restart / migrate / re-attach), so
239
239
  * a previously-`supervised` agent stays supervised. (tempo-architect ruling.)
240
240
  *
241
- * **★ Enforcement scope (#712 claims EXACTLY this, no more).** The daemon
242
- * enforces fail-closed for a `supervised` player's gate ENGAGEMENTS: the gate's
243
- * `open()` cross-check derives the `failMode` from THIS durable policy (read by
244
- * the daemon, populated at spawn + lazily resolved on a cache-miss), so the
245
- * `failMode` an engaging agent stamps on its `gate_pending` frame can't
246
- * self-downgrade a supervised player out of fail-closed (a `'open'` claim against
247
- * a `supervised` policy is overridden to `closed` and a `failmode-override`
248
- * audit record is written). This is **NOT a hard boundary** against an agent
249
- * that SKIPS gate-engagement entirely (runs the tool without emitting a
250
- * `gate_pending` frame) or bypasses the client-side MD-C exec-block — a true
251
- * boundary requires spawn-time tool-restriction (the agent physically lacks the
252
- * tools), tracked separately in **#715**.
241
+ * **★ Enforcement scope (#715).** `supervised` is the daemon-enforced approval
242
+ * boundary for the realistic threat: a prompt-injected agent. A manipulated LLM
243
+ * can only *emit* tool-call requests Pi routes every one to agent-tempo's
244
+ * `tool_call` handler, which engages the gate (non-`low-risk`) or hard-blocks
245
+ * (exec tools at `toolAccess: 'restricted'`). The agent **cannot** skip the gate
246
+ * or run a dangerous tool directly it doesn't control the hook. The daemon also
247
+ * derives `failMode` from this durable policy (populated at spawn, falling
248
+ * `closed` on any lookup failure no-fail-open), so an engaging agent can't
249
+ * self-downgrade a supervised player out of fail-closed.
250
+ *
251
+ * The **residual** is *process compromise*: code execution **inside** the Pi
252
+ * process (host RCE bypassing the handler entirely). No client-side gate defends
253
+ * that — it requires OS-level process sandboxing, tracked as a separate future
254
+ * `'sandboxed'` posture (#724). That is **not a gap in `supervised`'s scope**:
255
+ * supervised targets prompt-injection, and against that threat it **is** a real
256
+ * enforcement boundary.
253
257
  *
254
258
  * **Post-restart window:** on daemon restart the in-memory ingest tokens are
255
259
  * invalidated, so existing players' gate engagements are rejected (403) until a
256
260
  * re-spawn re-mints. In that window a `supervised` player's gate-client
257
- * fail-closes on its own derived deadline (client-side safety holds), but the
258
- * gate is NOT daemon-mediated — the #715 client-cooperative residual.
261
+ * fail-closes on its own derived deadline (client-side safety holds, not
262
+ * daemon-mediated)same process-compromise residual, not a distinct gap.
259
263
  */
260
264
  guardrailPolicy?: GuardrailPolicy;
261
265
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "agent-tempo",
3
- "version": "1.7.0-beta.3",
3
+ "version": "1.7.0-beta.4",
4
4
  "description": "Many agents, one tempo. Durable coordination for multi-agent work via Temporal.",
5
5
  "keywords": [
6
6
  "mcp",
@@ -72,12 +72,12 @@
72
72
  "copilot-bridge": "ts-node src/adapters/copilot/adapter.ts",
73
73
  "clean:test": "node -e \"require('fs').rmSync('dist-test',{recursive:true,force:true})\"",
74
74
  "build:test": "npm run clean:test && tsc -p test/tsconfig.json",
75
- "pretest": "npm run build:test",
75
+ "pretest": "node scripts/check-bundle-present.js && npm run build:test",
76
76
  "test:tui": "vitest run",
77
77
  "test:conformance": "npm run build:test && mocha --config .mocharc.conformance.yml",
78
- "pretest:shard-1": "npm run build:test && npm run build:scripts",
78
+ "pretest:shard-1": "node scripts/check-bundle-present.js && npm run build:test && npm run build:scripts",
79
79
  "test:shard-1": "node dist/scripts/run-shard.js 1",
80
- "pretest:shard-2": "npm run build:test && npm run build:scripts",
80
+ "pretest:shard-2": "node scripts/check-bundle-present.js && npm run build:test && npm run build:scripts",
81
81
  "test:shard-2": "node dist/scripts/run-shard.js 2",
82
82
  "test": "mocha && vitest run",
83
83
  "lint:surface-drift": "node scripts/check-surface-drift.js",