buildwithnexus 0.10.7 → 0.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -4
- package/SECURITY.md +42 -30
- package/harness/Cargo.lock +1 -1
- package/harness/Cargo.toml +1 -1
- package/harness/src/agent.rs +929 -374
- package/harness/src/checkpoint.rs +98 -4
- package/harness/src/config.rs +47 -7
- package/harness/src/hooks.rs +294 -40
- package/harness/src/knowledge.rs +116 -3
- package/harness/src/lib.rs +93 -30
- package/harness/src/onboarding.rs +5 -1
- package/harness/src/provider.rs +974 -54
- package/harness/src/report.rs +300 -3
- package/harness/src/session.rs +74 -5
- package/harness/src/tools.rs +1926 -229
- package/harness/src/tui.rs +506 -117
- package/harness/src/verifier.rs +90 -6
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -5,8 +5,8 @@
|
|
|
5
5
|
|
|
6
6
|
A hilariously fast, **agentic AI CLI harness** — written in Rust. Remote models
|
|
7
7
|
via API key, or local models on your machine. It plans, edits files, and runs
|
|
8
|
-
commands, asking before each change. One static binary,
|
|
9
|
-
runtime to babysit.
|
|
8
|
+
commands, asking before each change. One static binary, five direct
|
|
9
|
+
dependencies, no runtime to babysit.
|
|
10
10
|
|
|
11
11
|
```bash
|
|
12
12
|
npm install -g buildwithnexus
|
|
@@ -128,8 +128,9 @@ also carry build-provenance attestations (`gh attestation verify`).
|
|
|
128
128
|
|
|
129
129
|
- Default permission is **ask** — every file write, edit, and command is
|
|
130
130
|
confirmed. `auto` ("yolo") and `readonly` are opt-in.
|
|
131
|
-
-
|
|
132
|
-
|
|
131
|
+
- Mutating file tools (write/edit/patch) are confined to the working directory —
|
|
132
|
+
writes outside it require explicit confirmation. Reads are unconfined, but
|
|
133
|
+
sensitive paths (the key store, `~/.ssh`, `.env`, `*.pem`) require
|
|
133
134
|
confirmation even in `auto`. Catastrophic commands (`rm -rf /`, `mkfs`, …) too.
|
|
134
135
|
- API keys are never sent to a non-HTTPS endpoint, and key-like tokens are
|
|
135
136
|
redacted from surfaced errors.
|
package/SECURITY.md
CHANGED
|
@@ -7,8 +7,8 @@ released minor line receives security fixes.
|
|
|
7
7
|
|
|
8
8
|
| Version | Supported |
|
|
9
9
|
|------------|--------------------|
|
|
10
|
-
| 0.
|
|
11
|
-
| < 0.
|
|
10
|
+
| 0.10.x | :white_check_mark: |
|
|
11
|
+
| < 0.10 | :x: |
|
|
12
12
|
|
|
13
13
|
## Reporting a Vulnerability
|
|
14
14
|
|
|
@@ -28,11 +28,10 @@ will credit reporters in the advisory unless they ask to remain anonymous.
|
|
|
28
28
|
|
|
29
29
|
In scope:
|
|
30
30
|
|
|
31
|
-
- The `buildwithnexus` npm package
|
|
32
|
-
|
|
33
|
-
- The publish
|
|
34
|
-
- The
|
|
35
|
-
- Any release artifacts attached to GitHub Releases (SBOM, checksums).
|
|
31
|
+
- The `buildwithnexus` npm package: the Node wrapper (`bin/`, `scripts/`) and
|
|
32
|
+
the Rust harness source (`harness/`) it builds or downloads.
|
|
33
|
+
- The CI, release, and publish pipelines in `.github/workflows/`.
|
|
34
|
+
- The prebuilt binaries and checksums attached to GitHub Releases.
|
|
36
35
|
|
|
37
36
|
Out of scope:
|
|
38
37
|
|
|
@@ -44,42 +43,55 @@ Out of scope:
|
|
|
44
43
|
|
|
45
44
|
## Verifying a Release
|
|
46
45
|
|
|
47
|
-
Every release on npm from `v0.9.0` onward ships with **npm provenance** —
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
To verify:
|
|
46
|
+
Every release on npm from `v0.9.0` onward ships with **npm provenance** — an
|
|
47
|
+
attestation cryptographically tying the tarball back to the specific GitHub
|
|
48
|
+
Actions workflow run that built it:
|
|
52
49
|
|
|
53
50
|
```sh
|
|
54
51
|
npm view buildwithnexus@<version> --json | jq .dist.attestations
|
|
55
52
|
```
|
|
56
53
|
|
|
57
|
-
|
|
54
|
+
Each per-platform binary on a GitHub Release carries a `.sha256` checksum file
|
|
55
|
+
and a build-provenance attestation:
|
|
58
56
|
|
|
59
57
|
```sh
|
|
60
|
-
|
|
58
|
+
gh attestation verify buildwithnexus-<target> --repo Garretts-Apps/buildwithnexus
|
|
61
59
|
```
|
|
62
60
|
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
by checking out the corresponding tag and running:
|
|
61
|
+
You can also skip the prebuilt binaries entirely and build from the tagged
|
|
62
|
+
source:
|
|
66
63
|
|
|
67
64
|
```sh
|
|
68
65
|
git clone --branch v<version> https://github.com/Garretts-Apps/buildwithnexus
|
|
69
|
-
cd buildwithnexus
|
|
70
|
-
|
|
71
|
-
sha256sum dist/nexus-release.tar.gz
|
|
66
|
+
cd buildwithnexus/harness
|
|
67
|
+
cargo build --release --locked
|
|
72
68
|
```
|
|
73
69
|
|
|
70
|
+
## How `npm install` Behaves
|
|
71
|
+
|
|
72
|
+
The npm package is a thin wrapper with **zero runtime npm dependencies**. It
|
|
73
|
+
declares one lifecycle script, `postinstall`, which:
|
|
74
|
+
|
|
75
|
+
1. Downloads the prebuilt binary for your platform from the matching GitHub
|
|
76
|
+
Release over HTTPS.
|
|
77
|
+
2. **Verifies its SHA-256** against the checksum published with the release
|
|
78
|
+
before marking it executable.
|
|
79
|
+
3. Falls back to a local `cargo build` from the bundled Rust sources if no
|
|
80
|
+
binary matches your platform (or the download fails verification).
|
|
81
|
+
|
|
82
|
+
It executes nothing else and installs no transitive npm packages.
|
|
83
|
+
|
|
74
84
|
## Hardening Inside the Package
|
|
75
85
|
|
|
76
|
-
-
|
|
77
|
-
|
|
78
|
-
-
|
|
79
|
-
|
|
80
|
-
- All GitHub Actions in our workflows are pinned
|
|
81
|
-
|
|
82
|
-
-
|
|
83
|
-
|
|
84
|
-
-
|
|
85
|
-
|
|
86
|
+
- Publishing uses npm's **OIDC Trusted Publisher** flow — no long-lived npm
|
|
87
|
+
token exists to steal; `id-token: write` is granted only to the publish job.
|
|
88
|
+
- npm publish is **gated on the release workflow succeeding**, so a package
|
|
89
|
+
version can never point at binaries that don't exist.
|
|
90
|
+
- All GitHub Actions in our workflows are version-pinned (Dependabot proposes
|
|
91
|
+
bumps weekly).
|
|
92
|
+
- Workflows run with least-privilege permissions (`permissions: {}` at the
|
|
93
|
+
workflow level, escalated per job only where needed).
|
|
94
|
+
- Inside the harness itself: mutating file tools are gated by the permission
|
|
95
|
+
model, sensitive paths and catastrophic commands require confirmation even in
|
|
96
|
+
`auto`, API keys are refused over non-HTTPS endpoints, and key-like tokens are
|
|
97
|
+
redacted from surfaced errors.
|
package/harness/Cargo.lock
CHANGED
package/harness/Cargo.toml
CHANGED