gm-oc 2.0.178 → 2.0.179
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/hooks/pre-tool-use-hook.js +29 -3
- package/package.json +1 -1
|
@@ -90,7 +90,7 @@ const run = () => {
|
|
|
90
90
|
if (/^\s*(echo |ls |cd |mkdir |rm |cat |grep |find |export |source |#!)/.test(src)) return 'bash';
|
|
91
91
|
return 'nodejs';
|
|
92
92
|
};
|
|
93
|
-
const aliases = { js: 'nodejs', javascript: 'nodejs', ts: 'typescript', node: 'nodejs', py: 'python', sh: 'bash', shell: 'bash', zsh: 'bash', powershell: 'bash', ps1: 'bash', cmd: 'bash', browser: 'agent-browser', ab: 'agent-browser' };
|
|
93
|
+
const aliases = { js: 'nodejs', javascript: 'nodejs', ts: 'typescript', node: 'nodejs', py: 'python', sh: 'bash', shell: 'bash', zsh: 'bash', powershell: 'bash', ps1: 'bash', cmd: 'bash', browser: 'agent-browser', ab: 'agent-browser', codesearch: 'codesearch', search: 'search', status: 'status', sleep: 'sleep', close: 'close', runner: 'runner' };
|
|
94
94
|
const lang = aliases[rawLang] || rawLang || detectLang(code);
|
|
95
95
|
const IS_WIN = process.platform === 'win32';
|
|
96
96
|
const stripFooter = (s) => s.replace(/\n\[Running tools\][\s\S]*$/, '').trimEnd();
|
|
@@ -108,7 +108,7 @@ const run = () => {
|
|
|
108
108
|
const r = spawnSync('bun', ['x', 'gm-exec', 'exec', `--lang=${l}`, `--file=${tmp}`, ...(cwd ? [`--cwd=${cwd}`] : [])], { encoding: 'utf-8', timeout: 65000 });
|
|
109
109
|
try { fs.unlinkSync(tmp); } catch (e) {}
|
|
110
110
|
let out = stripFooter((r.stdout || '') + (r.stderr || ''));
|
|
111
|
-
const bg = out.match(/
|
|
111
|
+
const bg = out.match(/Task ID:\s*(task_\S+)/);
|
|
112
112
|
if (bg) {
|
|
113
113
|
spawnSync('bun', ['x', 'gm-exec', 'sleep', bg[1], '60'], { encoding: 'utf-8', timeout: 70000 });
|
|
114
114
|
const sr = spawnSync('bun', ['x', 'gm-exec', 'status', bg[1]], { encoding: 'utf-8', timeout: 15000 });
|
|
@@ -123,6 +123,32 @@ const run = () => {
|
|
|
123
123
|
try { const d = Buffer.from(t, 'base64').toString('utf-8'); return /[\x00-\x08\x0b\x0e-\x1f]/.test(d) ? s : d; } catch { return s; }
|
|
124
124
|
};
|
|
125
125
|
const safeCode = decodeB64(code);
|
|
126
|
+
if (['codesearch', 'search'].includes(lang)) {
|
|
127
|
+
const query = safeCode.trim();
|
|
128
|
+
const r = spawnSync('bun', ['x', 'codebasesearch', query], { encoding: 'utf-8', timeout: 30000, ...(cwd && { cwd }) });
|
|
129
|
+
return allowWithNoop(`exec:${lang} output:\n\n${stripFooter((r.stdout || '') + (r.stderr || '')) || '(no results)'}`);
|
|
130
|
+
}
|
|
131
|
+
if (lang === 'status') {
|
|
132
|
+
const taskId = safeCode.trim();
|
|
133
|
+
const r = spawnSync('bun', ['x', 'gm-exec', 'status', taskId], { encoding: 'utf-8', timeout: 15000 });
|
|
134
|
+
return allowWithNoop(`exec:status output:\n\n${stripFooter((r.stdout || '') + (r.stderr || ''))}`);
|
|
135
|
+
}
|
|
136
|
+
if (lang === 'sleep') {
|
|
137
|
+
const parts = safeCode.trim().split(/\s+/);
|
|
138
|
+
const args = ['x', 'gm-exec', 'sleep', ...parts];
|
|
139
|
+
const r = spawnSync('bun', args, { encoding: 'utf-8', timeout: 70000 });
|
|
140
|
+
return allowWithNoop(`exec:sleep output:\n\n${stripFooter((r.stdout || '') + (r.stderr || ''))}`);
|
|
141
|
+
}
|
|
142
|
+
if (lang === 'close') {
|
|
143
|
+
const taskId = safeCode.trim();
|
|
144
|
+
const r = spawnSync('bun', ['x', 'gm-exec', 'close', taskId], { encoding: 'utf-8', timeout: 15000 });
|
|
145
|
+
return allowWithNoop(`exec:close output:\n\n${stripFooter((r.stdout || '') + (r.stderr || ''))}`);
|
|
146
|
+
}
|
|
147
|
+
if (lang === 'runner') {
|
|
148
|
+
const sub = safeCode.trim();
|
|
149
|
+
const r = spawnSync('bun', ['x', 'gm-exec', 'runner', sub], { encoding: 'utf-8', timeout: 15000 });
|
|
150
|
+
return allowWithNoop(`exec:runner output:\n\n${stripFooter((r.stdout || '') + (r.stderr || ''))}`);
|
|
151
|
+
}
|
|
126
152
|
try {
|
|
127
153
|
let result;
|
|
128
154
|
if (lang === 'bash') {
|
|
@@ -158,7 +184,7 @@ const run = () => {
|
|
|
158
184
|
if (!/^exec(\s|:)/.test(command) && !/^bun x gm-exec(@[^\s]*)?(\s|$)/.test(command) && !/^git /.test(command) && !/^bun x codebasesearch/.test(command) && !/(\bclaude\b)/.test(command) && !/^npm install .* \/config\/.gmweb/.test(command) && !/^bun install --cwd \/config\/.gmweb/.test(command)) {
|
|
159
185
|
let helpText = '';
|
|
160
186
|
try { helpText = '\n\n' + execSync('bun x gm-exec --help', { timeout: 10000 }).toString().trim(); } catch (e) {}
|
|
161
|
-
return deny(`Bash is restricted to exec:<lang> and git.\n\nexec:<lang> syntax (lang auto-detected if omitted):\n exec:nodejs / exec:python / exec:bash / exec:typescript\n exec:go / exec:rust / exec:java / exec:c / exec:cpp\n exec:agent-browser ← plain JS piped to browser eval (NO base64)\n exec ← auto-detects language\n\nNEVER encode agent-browser code as base64 — pass plain JS directly.\n\nbun x gm-exec${helpText}\n\nAll other Bash commands are blocked.`);
|
|
187
|
+
return deny(`Bash is restricted to exec:<lang> and git.\n\nexec:<lang> syntax (lang auto-detected if omitted):\n exec:nodejs / exec:python / exec:bash / exec:typescript\n exec:go / exec:rust / exec:java / exec:c / exec:cpp\n exec:agent-browser ← plain JS piped to browser eval (NO base64)\n exec ← auto-detects language\n\nTask management shortcuts (body = args):\n exec:status\n <task_id>\n\n exec:sleep\n <task_id> [seconds] [--next-output]\n\n exec:close\n <task_id>\n\n exec:runner\n start|stop|status\n\nCode search shortcut:\n exec:codesearch\n <natural language query>\n\nNEVER encode agent-browser code as base64 — pass plain JS directly.\n\nbun x gm-exec${helpText}\n\nAll other Bash commands are blocked.`);
|
|
162
188
|
}
|
|
163
189
|
}
|
|
164
190
|
|