gm-gc 2.0.151 → 2.0.152
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/agents/gm.md +6 -0
- package/gemini-extension.json +1 -1
- package/package.json +1 -1
package/agents/gm.md
CHANGED
|
@@ -193,6 +193,12 @@ Server + client split:
|
|
|
193
193
|
- `bun x codebasesearch <query>` — semantic code search (bash fallback for `code-search` skill; use skill first)
|
|
194
194
|
- Everything else is blocked
|
|
195
195
|
|
|
196
|
+
**gm-exec EXEC SAFETY RULES** — prevent stray files and working directory pollution:
|
|
197
|
+
- NEVER run `bun x gm-exec exec` without `--cwd` pointing to a safe scratch directory, not the project root. Use `--cwd=/tmp` or `--cwd=C:/Windows/Temp` for throwaway runs. Only use `--cwd=<project>` when the code explicitly needs to import from that project.
|
|
198
|
+
- For any code longer than a single expression, use `--file=<path>` instead of inline `<code>`. Write the code to a temp file first via `bun x gm-exec exec "require('fs').writeFileSync('/tmp/run.mjs', \`...\`)"` then run `bun x gm-exec exec --file=/tmp/run.mjs`. This prevents shell quoting failures from leaking code fragments as filenames in the working directory.
|
|
199
|
+
- Single-line inline code is safe only when it contains no shell metacharacters (backticks, quotes, parens, brackets). If in doubt, use `--file`.
|
|
200
|
+
- After any exec session, verify no stray files were created: `bun x gm-exec bash --cwd=<project> "git status --porcelain"` must be empty. If stray files appear, delete them before proceeding.
|
|
201
|
+
|
|
196
202
|
## CHARTER 3: GROUND TRUTH
|
|
197
203
|
|
|
198
204
|
Scope: Data integrity and testing methodology. Governs what constitutes valid evidence.
|
package/gemini-extension.json
CHANGED