agentsmesh 0.19.0 → 0.20.0

package/dist/index.js

@@ -1022,7 +1022,7 @@ ${legacy}`, "");
   }
   return result.trim();
 }
-var ROOT_INSTRUCTION_BODY_V1, ROOT_INSTRUCTION_BODY_V2, ROOT_INSTRUCTION_BODY_V3, ROOT_INSTRUCTION_BODY_V4, ROOT_INSTRUCTION_BODY_V5, ROOT_INSTRUCTION_BODY_V6, ROOT_INSTRUCTION_BODY_V7, ROOT_INSTRUCTION_BODY, LEGACY_AGENTSMESH_ROOT_INSTRUCTION_PARAGRAPH, LEGACY_AGENTSMESH_ROOT_INSTRUCTION_SECTION, AGENTSMESH_CONTRACT_WITH_V1_BODY, AGENTSMESH_CONTRACT_WITH_V2_BODY, AGENTSMESH_CONTRACT_WITH_V3_BODY, AGENTSMESH_CONTRACT_WITH_V4_BODY, AGENTSMESH_CONTRACT_WITH_V5_BODY, AGENTSMESH_CONTRACT_WITH_V6_BODY, AGENTSMESH_CONTRACT_WITH_V7_BODY, AGENTSMESH_ROOT_INSTRUCTION_PARAGRAPH, LEGACY_FORMS;
+var ROOT_INSTRUCTION_BODY_V1, ROOT_INSTRUCTION_BODY_V2, ROOT_INSTRUCTION_BODY_V3, ROOT_INSTRUCTION_BODY_V4, ROOT_INSTRUCTION_BODY_V5, ROOT_INSTRUCTION_BODY_V6, ROOT_INSTRUCTION_BODY_V7, ROOT_INSTRUCTION_BODY_V8, ROOT_INSTRUCTION_BODY, LEGACY_AGENTSMESH_ROOT_INSTRUCTION_PARAGRAPH, LEGACY_AGENTSMESH_ROOT_INSTRUCTION_SECTION, AGENTSMESH_CONTRACT_WITH_V1_BODY, AGENTSMESH_CONTRACT_WITH_V2_BODY, AGENTSMESH_CONTRACT_WITH_V3_BODY, AGENTSMESH_CONTRACT_WITH_V4_BODY, AGENTSMESH_CONTRACT_WITH_V5_BODY, AGENTSMESH_CONTRACT_WITH_V6_BODY, AGENTSMESH_CONTRACT_WITH_V7_BODY, AGENTSMESH_CONTRACT_WITH_V8_BODY, AGENTSMESH_ROOT_INSTRUCTION_PARAGRAPH, LEGACY_FORMS;
 var init_root_instruction_paragraph = __esm({
   "src/targets/projection/root-instruction-paragraph.ts"() {
     init_managed_blocks();
@@ -1033,7 +1033,8 @@ var init_root_instruction_paragraph = __esm({
     ROOT_INSTRUCTION_BODY_V5 = "Use Claude-style Markdown in `.agentsmesh`: `agents/*.md`, `commands/*.md`, and `skills/*/SKILL.md`; keep rules in `rules/*.md`, hooks in `hooks.yaml`, MCP in `mcp.json`, permissions in `permissions.yaml`, and ignore patterns in `ignore`, then run `agentsmesh generate`.";
     ROOT_INSTRUCTION_BODY_V6 = "Create canonical files in `.agentsmesh`: `rules/_root.md` and `rules/*.md` are Markdown rules; `commands/*.md`, `agents/*.md`, and `skills/*/SKILL.md` plus supporting files use Claude-style frontmatter Markdown; `mcp.json` is MCP JSON; `hooks.yaml` and `permissions.yaml` are YAML; `ignore` is gitignore-style text. Then run `agentsmesh generate`.";
     ROOT_INSTRUCTION_BODY_V7 = "`.agentsmesh` is the only folder you edit or add these files in: `rules/_root.md` and `rules/*.md` are Markdown rules; `commands/*.md`, `agents/*.md`, and `skills/*/SKILL.md` plus supporting files use Claude-style frontmatter Markdown; `mcp.json` is MCP JSON; `hooks.yaml` and `permissions.yaml` are YAML; `ignore` is gitignore-style text. Do not edit generated tool files; run `agentsmesh generate`.";
-    ROOT_INSTRUCTION_BODY = "`agentsmesh.yaml` selects targets/features (`agentsmesh.local.yaml` overrides locally), and `.agentsmesh` is the only place to add or edit canonical items: `rules/_root.md`, `rules/*.md`, `commands/*.md`, `agents/*.md`, `skills/*/SKILL.md` plus supporting files, `mcp.json`, `hooks.yaml`, `permissions.yaml`, and `ignore`; if missing run `agentsmesh init`, use `agentsmesh import --from <tool>` for native configs, `agentsmesh install <source>` or `install --sync` for reusable packs, then run `agentsmesh generate`. Use `diff`, `lint`, `check`, `watch`, `matrix`, and `merge` as needed; never edit generated tool files.";
+    ROOT_INSTRUCTION_BODY_V8 = "`agentsmesh.yaml` selects targets/features (`agentsmesh.local.yaml` overrides locally), and `.agentsmesh` is the only place to add or edit canonical items: `rules/_root.md`, `rules/*.md`, `commands/*.md`, `agents/*.md`, `skills/*/SKILL.md` plus supporting files, `mcp.json`, `hooks.yaml`, `permissions.yaml`, and `ignore`; if missing run `agentsmesh init`, use `agentsmesh import --from <tool>` for native configs, `agentsmesh install <source>` or `install --sync` for reusable packs, then run `agentsmesh generate`. Use `diff`, `lint`, `check`, `watch`, `matrix`, and `merge` as needed; never edit generated tool files.";
+    ROOT_INSTRUCTION_BODY = "`agentsmesh.yaml` selects targets/features (`agentsmesh.local.yaml` overrides locally), and `.agentsmesh` is the only place to add or edit canonical items: `rules/_root.md`, `rules/*.md`, `commands/*.md`, `agents/*.md`, `skills/*/SKILL.md` plus supporting files, `mcp.json`, `hooks.yaml`, `permissions.yaml`, and `ignore`; if missing run `agentsmesh init`, use `agentsmesh import --from <tool>` for native configs, `agentsmesh install <source>` or `install --sync` for reusable packs, then run `agentsmesh generate`. Use `diff`, `lint`, `check`, `watch`, `matrix`, `merge`, and `refresh` as needed; never edit generated tool files.";
     LEGACY_AGENTSMESH_ROOT_INSTRUCTION_PARAGRAPH = ROOT_INSTRUCTION_BODY_V1;
     LEGACY_AGENTSMESH_ROOT_INSTRUCTION_SECTION = `## Project-Specific Rules
 
@@ -1059,12 +1060,16 @@ ${ROOT_INSTRUCTION_BODY_V6}`;
     AGENTSMESH_CONTRACT_WITH_V7_BODY = `## AgentsMesh Generation Contract
 
 ${ROOT_INSTRUCTION_BODY_V7}`;
+    AGENTSMESH_CONTRACT_WITH_V8_BODY = `## AgentsMesh Generation Contract
+
+${ROOT_INSTRUCTION_BODY_V8}`;
     AGENTSMESH_ROOT_INSTRUCTION_PARAGRAPH = `${ROOT_CONTRACT_START}
 ## AgentsMesh Generation Contract
 
 ${ROOT_INSTRUCTION_BODY}
 ${ROOT_CONTRACT_END}`;
     LEGACY_FORMS = [
+      AGENTSMESH_CONTRACT_WITH_V8_BODY,
       AGENTSMESH_CONTRACT_WITH_V7_BODY,
       AGENTSMESH_CONTRACT_WITH_V6_BODY,
       AGENTSMESH_CONTRACT_WITH_V5_BODY,
@@ -20018,10 +20023,12 @@ async function loadConfig(configPath) {
   }
   return result.data;
 }
+var PROTOTYPE_POLLUTION_KEYS = /* @__PURE__ */ new Set(["__proto__", "constructor", "prototype"]);
 function deepMergeObjects(base, overrides2) {
   const result = { ...base };
   for (const [k, v] of Object.entries(overrides2)) {
     if (v === null || v === void 0) continue;
+    if (PROTOTYPE_POLLUTION_KEYS.has(k)) continue;
     const baseVal = result[k];
     if (typeof v === "object" && !Array.isArray(v) && v !== null && typeof baseVal === "object" && baseVal !== null && !Array.isArray(baseVal)) {
       result[k] = deepMergeObjects(
@@ -20458,7 +20465,9 @@ function parseGitSource(source) {
   } catch {
     return null;
   }
-  if (!["https:", "http:", "ssh:", "file:"].includes(parsedUrl.protocol)) {
+  const allowInsecure = process.env.AGENTSMESH_ALLOW_INSECURE_GIT === "1" || process.env.AGENTSMESH_ALLOW_INSECURE_GIT === "true";
+  const allowedProtocols = allowInsecure ? ["https:", "http:", "ssh:", "file:"] : ["https:", "ssh:", "file:"];
+  if (!allowedProtocols.includes(parsedUrl.protocol)) {
     return null;
   }
   return { url, ref };
@@ -22246,15 +22255,30 @@ function isLocalSource(source) {
   // these on win32, and they must not be misinterpreted as bare npm package names.
   /^[A-Za-z]:[/\\]/.test(source);
 }
+function canonicalize(path) {
+  try {
+    return realpathSync(path);
+  } catch {
+    return path;
+  }
+}
+function assertSourceInsideProjectRoot(resolvedPath, projectRoot) {
+  const rootAbs = canonicalize(resolve(projectRoot));
+  const sourceAbs = canonicalize(resolvedPath);
+  if (sourceAbs === rootAbs || sourceAbs.startsWith(`${rootAbs}${sep}`)) return;
+  throw new Error(`Plugin source resolves outside project root (escapes ${rootAbs}): ${sourceAbs}`);
+}
 async function importPluginModule(entry, projectRoot) {
   const { source } = entry;
   let importTarget;
   if (isLocalSource(source)) {
     const raw = source.startsWith("file:") ? fileURLToPath(source) : source;
     const resolved = resolve(projectRoot, raw);
+    assertSourceInsideProjectRoot(resolved, projectRoot);
     importTarget = pathToFileURL(resolved).href;
   } else {
     const resolved = resolveNpmSpecifier(source, projectRoot);
+    assertSourceInsideProjectRoot(resolved, projectRoot);
     importTarget = pathToFileURL(resolved).href;
   }
   const mod = await import(importTarget);