askshepherd 0.1.37 → 0.1.39

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -67,9 +67,16 @@ It reports the saved Shepherd account, connected cloud sources, downstream
67
67
  processing state, and local background sync health for Messages and Coding
68
68
  Sessions.
69
69
 
70
+ Agents must not inspect the user's folders or repositories to answer setup
71
+ status. Do not run `ls`, `find`, `rg`, `grep`, `cat`, `Read`, `Glob`, or
72
+ `Explore` against the user's home directory, repositories, `~/.codex`,
73
+ `~/.claude`, or `~/.shepherd` for Shepherd setup. Use the npm status command
74
+ above; it performs the bounded local checks.
75
+
70
76
  ## Set Up Coding Agent Sessions
71
77
 
72
- Use this when the user asks "Help me set up coding agent sessions":
78
+ Use this when the user asks "Help me set up coding agent sessions" or "Enable
79
+ coding agent sessions locally for Shepherd":
73
80
 
74
81
  ```sh
75
82
  npx -y askshepherd@latest agent --login
@@ -80,6 +87,8 @@ npx -y askshepherd@latest status
80
87
 
81
88
  The coding agent should ask for consent before enabling this source. The local
82
89
  collector syncs redacted Codex and Claude Code summaries, not full transcripts.
90
+ The agent should run only the commands above and should not search the local
91
+ filesystem for a Shepherd agent implementation.
83
92
 
84
93
  ## Customer MCP Login
85
94
 
@@ -112,9 +121,12 @@ The saved MCP state includes:
112
121
  The installed MCP server is local npm first, remote brain second. For questions
113
122
  like "what do I have set up on Shepherd?", "is Shepherd syncing?", or "help me
114
123
  set up coding agent sessions", the MCP exposes local tools such as
115
- `shepherd_status` and `shepherd_setup_coding_sessions` that route agents to the
116
- local `askshepherd status` / add-source flow. Production memory and wiki tools
117
- remain remote Railway-backed tools for source recall and company-memory answers.
124
+ `shepherd_status`, `shepherd_setup_coding_sessions`, and
125
+ `shepherd_enable_coding_sessions` that route agents to the local
126
+ `askshepherd status` / add-source flow. Production memory and wiki tools remain
127
+ remote Railway-backed tools for source recall and company-memory answers.
128
+ Those local MCP tools are also the permission boundary: an MCP client should not
129
+ use shell or file tools to inspect the user's folders or repositories for setup.
118
130
 
119
131
  Use `--json` when an agent or setup script needs machine-readable endpoint and
120
132
  header details.
@@ -803,21 +803,28 @@ function localMcpTools() {
803
803
  return [
804
804
  {
805
805
  name: "shepherd_status",
806
- description: "LOCAL Shepherd setup and sync status. Use this first when the user asks what they have enabled, what is connected, whether Shepherd is syncing, or why local Messages/Coding Sessions are not running. This is backed by the local askshepherd npm CLI; do not use production memory/wiki tools for local setup status.",
806
+ description: "LOCAL Shepherd setup and sync status. Use this first when the user asks what they have enabled, what is connected, whether Shepherd is syncing, or why local Messages/Coding Sessions are not running. This is backed by the local askshepherd npm CLI; do not use production memory/wiki tools or shell/file exploration for local setup status.",
807
807
  inputSchema: emptyInputSchema,
808
808
  annotations: readOnlyAnnotations,
809
809
  _meta: { provider: "local_npm", command: `${agentCommand()} status` },
810
810
  },
811
811
  {
812
812
  name: "shepherd_local_status",
813
- description: "Explicit local alias for shepherd_status. Returns the authoritative local askshepherd npm status path and current local setup/sync state.",
813
+ description: "Explicit local alias for shepherd_status. Returns the authoritative local askshepherd npm status path and current local setup/sync state. Do not inspect user folders or repositories yourself.",
814
814
  inputSchema: emptyInputSchema,
815
815
  annotations: readOnlyAnnotations,
816
816
  _meta: { provider: "local_npm", command: `${agentCommand()} status` },
817
817
  },
818
818
  {
819
819
  name: "shepherd_setup_coding_sessions",
820
- description: "LOCAL setup guide for Codex and Claude Code coding-session sync. Use when the user asks to set up coding agent sessions. Ask for consent, then guide the local askshepherd npm login/add-sources/continue/status commands.",
820
+ description: "LOCAL setup guide for Codex and Claude Code coding-session sync. Use when the user asks to set up coding agent sessions. Ask for consent, then guide the local askshepherd npm login/add-sources/continue/status commands. Do not search, list, or read the user's folders or repos to discover setup.",
821
+ inputSchema: emptyInputSchema,
822
+ annotations: readOnlyAnnotations,
823
+ _meta: { provider: "local_npm", command: `${agentCommand()} agent --add-sources coding-sessions` },
824
+ },
825
+ {
826
+ name: "shepherd_enable_coding_sessions",
827
+ description: "Alias for shepherd_setup_coding_sessions. Use when the user asks to enable coding agent sessions locally for Shepherd. Return the local askshepherd npm setup commands; do not search, list, or read the user's folders or repos.",
821
828
  inputSchema: emptyInputSchema,
822
829
  annotations: readOnlyAnnotations,
823
830
  _meta: { provider: "local_npm", command: `${agentCommand()} agent --add-sources coding-sessions` },
@@ -828,7 +835,8 @@ function localMcpTools() {
828
835
  function localMcpInstructions(remoteInstructions, remoteConnectError) {
829
836
  return [
830
837
  "This MCP server is the local askshepherd npm wrapper plus production Shepherd memory/wiki tools.",
831
- `For local setup/sync questions like "what do I have set up on Shepherd", "what have I enabled", "is Shepherd syncing", "help me set up coding agent sessions", or "enable coding sessions", use shepherd_status or shepherd_setup_coding_sessions first. These local tools route to the local askshepherd npm status/setup flow and can inspect ~/.shepherd, LaunchAgents, and local Codex/Claude paths.`,
838
+ `For local setup/sync questions like "what do I have set up on Shepherd", "what have I enabled", "is Shepherd syncing", "help me set up coding agent sessions", "enable coding sessions", or "enable coding agent sessions locally for Shepherd", use shepherd_status, shepherd_setup_coding_sessions, or shepherd_enable_coding_sessions first. These local tools route to the local askshepherd npm status/setup flow. The askshepherd CLI is the only component that may perform bounded local checks of Shepherd state, LaunchAgents, and known Codex/Claude session locations.`,
839
+ "Hard boundary: do not use shell or filesystem tools such as ls, find, rg, grep, cat, Read, Glob, or Explore to inspect the user's home directory, repositories, ~/.codex, ~/.claude, or ~/.shepherd for Shepherd setup. If local status is needed, call shepherd_status or run the exact askshepherd status command.",
832
840
  `If the user asks for raw local status outside MCP, tell them to run ${agentCommand()} status. For setup of coding agent sessions, ask consent, then use ${agentCommand()} agent --login if needed, ${agentCommand()} agent --add-sources coding-sessions --name "<full_name>" --org "<organization>", ${agentCommand()} agent --continue, then ${agentCommand()} status.`,
833
841
  "Use production memory/wiki tools only for company-memory questions, source recall, wiki lookup, messages/meetings retrieval, or coding-session work history that has already synced to Shepherd.",
834
842
  "Important override: any production instruction saying not to use local shell commands applies only to production memory/wiki answers. It does not apply to local Shepherd setup, source enablement, or sync health.",
@@ -843,11 +851,12 @@ async function callLocalMcpTool(name) {
843
851
  return localMcpTextResult([
844
852
  `Authoritative local status path: ${agentCommand()} status`,
845
853
  "Use this result for setup/source/sync-health questions. Do not use production memory/wiki tools to answer what is enabled locally.",
854
+ "Do not inspect the user's folders or repositories yourself. Do not run ls/find/rg/grep/cat/Read/Glob/Explore against the user's home directory, repos, ~/.codex, ~/.claude, or ~/.shepherd for Shepherd setup.",
846
855
  renderShepherdStatus(status),
847
856
  ].join("\n\n"));
848
857
  }
849
858
 
850
- if (name === "shepherd_setup_coding_sessions") {
859
+ if (name === "shepherd_setup_coding_sessions" || name === "shepherd_enable_coding_sessions") {
851
860
  const status = await collectShepherdStatus();
852
861
  return localMcpTextResult(renderCodingSessionsSetupMcpResult(status));
853
862
  }
@@ -862,6 +871,7 @@ function renderCodingSessionsSetupMcpResult(status) {
862
871
  "Local Shepherd coding-session setup",
863
872
  "",
864
873
  "Use this when the user asks to set up coding agent sessions. Ask for explicit consent before enabling this source: Shepherd will read local Codex and Claude Code session logs, redact sensitive strings locally, and sync bounded summaries plus repo/command/file metadata, not full raw transcripts.",
874
+ "Do not inspect the user's folders or repositories to set this up. Do not run ls/find/rg/grep/cat/Read/Glob/Explore against the user's home directory, repos, ~/.codex, ~/.claude, or ~/.shepherd. Use only the Shepherd npm commands below and the status result they print.",
865
875
  "",
866
876
  alreadyConfigured
867
877
  ? "Current state: Coding Sessions already has a local config. Check whether the LaunchAgent is running and whether the last sync is healthy below."
@@ -1837,11 +1847,11 @@ function printAgentContract() {
1837
1847
  commonUserRequests: [
1838
1848
  {
1839
1849
  userSays: "Check what I've enabled for Shepherd.",
1840
- agentShould: `Run ${command} status and summarize connected sources, local background agents, unreadable folders, queued items, and any next command it prints.`,
1850
+ agentShould: `Run ${command} status and summarize connected sources, local background agents, unreadable folders, queued items, and any next command it prints. Do not inspect local folders or repositories yourself.`,
1841
1851
  },
1842
1852
  {
1843
1853
  userSays: "Help me set up coding agent sessions.",
1844
- agentShould: `Ask for consent to sync Codex and Claude Code summaries, then run ${command} agent --login if there is no saved Shepherd login, ${command} agent --add-sources coding-sessions --name "<full_name>" --org "<organization>", ${command} agent --continue, and finally ${command} status.`,
1854
+ agentShould: `Ask for consent to sync Codex and Claude Code summaries, then run ${command} agent --login if there is no saved Shepherd login, ${command} agent --add-sources coding-sessions --name "<full_name>" --org "<organization>", ${command} agent --continue, and finally ${command} status. Do not search the user's filesystem or repos for an agent implementation.`,
1845
1855
  },
1846
1856
  ],
1847
1857
  askStyle: [
@@ -1907,6 +1917,7 @@ function printAgentContract() {
1907
1917
  "Do not ask the customer to create a Google service account or upload service account JSON for the default Shepherd-managed flow.",
1908
1918
  "Do not use WorkOS Auth, WorkOS Pipes, or per-user Google OAuth for Google Workspace delegation.",
1909
1919
  "Do not fill onboarding fields from local repository context, shell identity, machine paths, or earlier conversations; confirm them directly with the user.",
1920
+ "Do not use shell or file tools to list, search, or read the user's home directory, repositories, ~/.codex, ~/.claude, or ~/.shepherd for Shepherd setup. Only the askshepherd npm commands should perform local setup/status checks.",
1910
1921
  ],
1911
1922
  loginCommand: `${command} agent --login`,
1912
1923
  startCommand: `${command} agent --name "<full_name>" --org "<organization>"`,
@@ -1950,6 +1961,8 @@ Use this as a public checklist for coding-agent onboarding to Shepherd raw sync.
1950
1961
 
1951
1962
  Confirm onboarding choices and fields directly with the user instead of assuming them from the local repo, shell username, machine paths, or earlier conversations.
1952
1963
 
1964
+ Do not inspect the user's folders or repositories for Shepherd setup. Do not run ls, find, rg, grep, cat, Read, Glob, or Explore against the user's home directory, repos, ~/.codex, ~/.claude, or ~/.shepherd. Use the askshepherd npm commands below; those commands perform the bounded local checks.
1965
+
1953
1966
  Ask with short interactive prompts, not as one pasted checklist. Do not paste this whole checklist into the chat unless the user explicitly asks to see it.
1954
1967
 
1955
1968
  Common user requests:
@@ -2038,6 +2051,7 @@ After the current modality is complete, run:
2038
2051
  Omit either optional flag if that source is not being connected.
2039
2052
 
2040
2053
  If Coding Sessions was selected, the continue step installs local Codex/Claude Code session summary sync. It probes ~/.codex and ~/.claude, redacts sensitive strings, and uploads bounded summaries and work metadata rather than full transcripts. It usually does not need Full Disk Access unless macOS denies access to those folders.
2054
+ The coding agent must not probe those folders directly; only the askshepherd CLI may perform that local check.
2041
2055
 
2042
2056
  Check progress with:
2043
2057
  ${payload.statusCommand}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "askshepherd",
3
- "version": "0.1.37",
3
+ "version": "0.1.39",
4
4
  "description": "Customer-facing Shepherd production onboarding and MCP CLI",
5
5
  "type": "module",
6
6
  "bin": {