guardlink 1.4.0 → 1.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +48 -0
- package/README.md +17 -3
- package/dist/agents/index.d.ts +8 -0
- package/dist/agents/index.d.ts.map +1 -1
- package/dist/agents/index.js +35 -0
- package/dist/agents/index.js.map +1 -1
- package/dist/agents/launcher.d.ts +1 -1
- package/dist/agents/launcher.d.ts.map +1 -1
- package/dist/agents/launcher.js +6 -1
- package/dist/agents/launcher.js.map +1 -1
- package/dist/agents/prompts.d.ts +2 -1
- package/dist/agents/prompts.d.ts.map +1 -1
- package/dist/agents/prompts.js +66 -14
- package/dist/agents/prompts.js.map +1 -1
- package/dist/analyze/prompts.js +1 -1
- package/dist/cli/index.js +86 -49
- package/dist/cli/index.js.map +1 -1
- package/dist/diff/git.js +3 -3
- package/dist/diff/git.js.map +1 -1
- package/dist/init/index.d.ts +7 -0
- package/dist/init/index.d.ts.map +1 -1
- package/dist/init/index.js +60 -24
- package/dist/init/index.js.map +1 -1
- package/dist/init/templates.js +5 -5
- package/dist/mcp/server.d.ts.map +1 -1
- package/dist/mcp/server.js +13 -8
- package/dist/mcp/server.js.map +1 -1
- package/dist/mcp/suggest.d.ts +1 -0
- package/dist/mcp/suggest.d.ts.map +1 -1
- package/dist/mcp/suggest.js +1 -0
- package/dist/mcp/suggest.js.map +1 -1
- package/dist/parser/clear.d.ts +2 -1
- package/dist/parser/clear.d.ts.map +1 -1
- package/dist/parser/clear.js +18 -28
- package/dist/parser/clear.js.map +1 -1
- package/dist/parser/comment-strip.d.ts +5 -0
- package/dist/parser/comment-strip.d.ts.map +1 -1
- package/dist/parser/comment-strip.js +8 -0
- package/dist/parser/comment-strip.js.map +1 -1
- package/dist/parser/parse-file.d.ts +1 -0
- package/dist/parser/parse-file.d.ts.map +1 -1
- package/dist/parser/parse-file.js +31 -8
- package/dist/parser/parse-file.js.map +1 -1
- package/dist/parser/parse-line.d.ts +6 -0
- package/dist/parser/parse-line.d.ts.map +1 -1
- package/dist/parser/parse-line.js +23 -5
- package/dist/parser/parse-line.js.map +1 -1
- package/dist/parser/parse-project.d.ts +1 -0
- package/dist/parser/parse-project.d.ts.map +1 -1
- package/dist/parser/parse-project.js +17 -2
- package/dist/parser/parse-project.js.map +1 -1
- package/dist/review/index.d.ts +3 -1
- package/dist/review/index.d.ts.map +1 -1
- package/dist/review/index.js +77 -35
- package/dist/review/index.js.map +1 -1
- package/dist/tui/commands.d.ts.map +1 -1
- package/dist/tui/commands.js +72 -46
- package/dist/tui/commands.js.map +1 -1
- package/dist/types/index.d.ts +2 -0
- package/dist/types/index.d.ts.map +1 -1
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,54 @@ All notable changes to GuardLink CLI will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [1.4.2] — 2026-04-24
|
|
9
|
+
|
|
10
|
+
### Added
|
|
11
|
+
|
|
12
|
+
- **CLI**: `guardlink annotate --mode external` — generate annotations as standalone `.gal` files under `.guardlink/annotations/` that mirror the source tree, instead of as inline comments in source files. Source files remain unchanged. Useful for vendored code, audit-controlled repositories, and projects where modifying source files is politically expensive. Contributed by [@jordi-murgo](https://github.com/jordi-murgo) in [#6](https://github.com/Bugb-Technologies/guardlink/pull/6).
|
|
13
|
+
- **CLI**: `guardlink annotate --stdout` — print the annotation prompt to stdout instead of launching an agent or copying to the clipboard. Useful for piping into custom harnesses and CI pipelines. Contributed by [@jordi-murgo](https://github.com/jordi-murgo) in [#6](https://github.com/Bugb-Technologies/guardlink/pull/6).
|
|
14
|
+
- **Parser**: `@source file:<path> line:<n> [symbol:<name>]` directive — anchors annotations in a `.gal` file to a logical source-code location. The directive produces no annotation itself; it sets the location for subsequent annotations until the next `@source` or end of file.
|
|
15
|
+
- **Types**: `SourceLocation.origin_file` and `SourceLocation.origin_line` — physical location of an annotation (the `.gal` file path), preserved alongside the logical location (`file` / `line`) for dashboards, reports, and SARIF to surface provenance where useful while defaulting to the logical source location for developer-facing output.
|
|
16
|
+
|
|
17
|
+
### Changed
|
|
18
|
+
|
|
19
|
+
- **`guardlink init --mode external`**: contains GuardLink's entire footprint inside `.guardlink/` — no `CLAUDE.md` / `AGENTS.md` / `.cursor/rules/` files at the project root, no `.mcp.json` at the root, no `docs/GUARDLINK_REFERENCE.md`. The reference doc and MCP config template are placed inside `.guardlink/` instead.
|
|
20
|
+
- **Review writeback**: `@accepts` and `@audit` annotations generated via `guardlink review` are written to the annotation's physical location (the `.gal` file in external mode) rather than the logical source location, preserving external mode's "source files untouched" property through governance workflows.
|
|
21
|
+
- **Review writeback**: comment-style detection now correctly handles HTML (`<!-- ... -->`) and CSS (`/* ... */`) files. Previously these fell back to JavaScript-style `//` comments, producing invalid markup. Contributed by [@jordi-murgo](https://github.com/jordi-murgo) in [#6](https://github.com/Bugb-Technologies/guardlink/pull/6).
|
|
22
|
+
- **Review exposure IDs**: composite `writeFile:writeLine:logicalFile:logicalLine:asset:threat` scheme replaces the previous `file:line` scheme. Prevents two `@exposes` annotations at the same source location from colliding on the MCP review identifier. Contributed by [@jordi-murgo](https://github.com/jordi-murgo) in [#6](https://github.com/Bugb-Technologies/guardlink/pull/6).
|
|
23
|
+
- **Review insertion**: TypeScript and Python decorators starting with `@` are no longer mistaken for GuardLink annotations when walking the "coupled block" during writeback. Contributed by [@jordi-murgo](https://github.com/jordi-murgo) in [#6](https://github.com/Bugb-Technologies/guardlink/pull/6).
|
|
24
|
+
- **Parser `**/*.gal`** discovery is now case-insensitive. Contributed by [@jordi-murgo](https://github.com/jordi-murgo) in [#6](https://github.com/Bugb-Technologies/guardlink/pull/6).
|
|
25
|
+
|
|
26
|
+
### Fixed
|
|
27
|
+
|
|
28
|
+
- **Agent prompts**: wrap the external-mode example annotation block in `@shield:begin` / `@shield:end` to prevent `guardlink validate` from parsing the JavaScript string literals inside `src/agents/prompts.ts` as real annotations (resolved four parse errors in the CI dogfood step after #6 merged).
|
|
29
|
+
- **Documentation**: correct `--mode inline|gal` references to `--mode inline|external` in `README.md` (two occurrences), `docs/GUARDLINK_REFERENCE.md` (three occurrences including the TUI `/annotate` slash-command help text). The flag value shipped as `external`; the docs referenced the prototype name `gal`.
|
|
30
|
+
- **Documentation**: document `--stdout` flag on the AI-agent flags cheat-sheet in `docs/GUARDLINK_REFERENCE.md`.
|
|
31
|
+
- **Documentation**: add `@source` convention note to the standalone `.gal` files section in `docs/GUARDLINK_REFERENCE.md` — annotations placed before the first `@source` directive fall back to the `.gal` file's own physical location, which is rarely what users want.
|
|
32
|
+
|
|
33
|
+
### Chore
|
|
34
|
+
|
|
35
|
+
- **Version**: bump from `1.4.1-gal` development tag (landed via #6) to `1.4.2` across `package.json`, `package-lock.json`, `src/cli/index.ts`, and `src/mcp/server.ts`.
|
|
36
|
+
- **Lockfiles**: remove committed `bun.lock` (landed via #6). This project standardizes on npm; `package-lock.json` is canonical. Added `bun.lock`, `yarn.lock`, and `pnpm-lock.yaml` to `.gitignore` so contributors using alternate package managers locally do not accidentally commit a second lockfile.
|
|
37
|
+
|
|
38
|
+
## [1.4.1] — 2026-03-12
|
|
39
|
+
|
|
40
|
+
### Fixed
|
|
41
|
+
|
|
42
|
+
- **GAL reference (`/gal`, `guardlink gal`)**: Fixed all syntax examples to match the actual parser — descriptions now correctly show `-- "quoted text"` format instead of the non-functional `: text` format; severity now shows bracket notation `[high]` / `[P0]` instead of `severity:high`; `@flows` now shows `->` arrow syntax instead of `to`; `@validates` now shows `for` preposition instead of `on`; `@owns` now includes the required `for` preposition; `@mitigates` now documents `using` as the primary keyword (with `with` as v1 compat)
|
|
43
|
+
- **GAL reference**: Added missing documentation for external references (`cwe:CWE-89`, `owasp:A03:2021`, `capec:CAPEC-66`, `attack:T1190`) on `@threat` and `@exposes` annotations
|
|
44
|
+
- **GAL reference**: Added missing `@boundary` alternate syntaxes (`@boundary between A and B`, `@boundary A | B`) and `(#id)` support
|
|
45
|
+
- **GAL reference**: Added missing standalone `@shield` single-line marker (was only documenting `@shield:begin/end` blocks)
|
|
46
|
+
- **TUI `/help`**: Added missing `/unannotated` command to the help output (was registered and functional but not listed)
|
|
47
|
+
- **CLI version**: Fixed `guardlink --version` reporting `1.1.0` instead of the actual package version
|
|
48
|
+
|
|
49
|
+
### Changed
|
|
50
|
+
|
|
51
|
+
- **GAL reference**: Added new "External References" section explaining `cwe:`, `owasp:`, `capec:`, `attack:` ref syntax
|
|
52
|
+
- **GAL reference**: Updated Tips section with description format, severity format, and `@flows ->` syntax reminders
|
|
53
|
+
- **Annotations**: Changed `@comment` to `@audit` on agent-launcher timeout note for better governance visibility
|
|
54
|
+
- **Annotations**: Added `@audit` to MCP suggest module, added workspace-related controls to definitions
|
|
55
|
+
|
|
8
56
|
## [1.4.0] — 2026-02-27
|
|
9
57
|
|
|
10
58
|
### Added
|
package/README.md
CHANGED
|
@@ -59,6 +59,9 @@ To uninstall: `npm unlink -g guardlink`
|
|
|
59
59
|
# Initialize in your project (detects your AI agent automatically)
|
|
60
60
|
guardlink init
|
|
61
61
|
|
|
62
|
+
# Let AI annotate your project - Launch a coding agent to add annotations
|
|
63
|
+
guardlink annotate [prompt] [--mode inline|external]
|
|
64
|
+
|
|
62
65
|
# Let your AI coding agent annotate, or write annotations manually
|
|
63
66
|
# Then validate
|
|
64
67
|
guardlink validate .
|
|
@@ -146,7 +149,7 @@ GuardLink ships an MCP server and behavioral directives for AI coding agents. Af
|
|
|
146
149
|
| `guardlink_suggest` | Suggest annotations for a code snippet |
|
|
147
150
|
| `guardlink_lookup` | Query threats, controls, flows by keyword |
|
|
148
151
|
| `guardlink_threat_report` | AI threat report (STRIDE, DREAD, etc.) |
|
|
149
|
-
| `guardlink_annotate` | Build annotation prompt for the agent |
|
|
152
|
+
| `guardlink_annotate` | Build annotation prompt for the agent, with inline or `.gal` mode |
|
|
150
153
|
| `guardlink_report` | Generate markdown report |
|
|
151
154
|
| `guardlink_dashboard` | Generate HTML dashboard |
|
|
152
155
|
| `guardlink_sarif` | Export SARIF 2.1.0 |
|
|
@@ -162,6 +165,7 @@ GuardLink ships an MCP server and behavioral directives for AI coding agents. Af
|
|
|
162
165
|
| Command | Description |
|
|
163
166
|
|---------|-------------|
|
|
164
167
|
| `guardlink init [dir]` | Initialize project with definitions, config, and agent integration |
|
|
168
|
+
| `guardlink annotate [prompt] [--mode inline\|external]` | Launch a coding agent to add inline annotations or associated `.gal` files |
|
|
165
169
|
| `guardlink parse [dir]` | Parse all annotations, output ThreatModel JSON |
|
|
166
170
|
| `guardlink status [dir]` | Coverage summary: assets, threats, mitigations, exposures |
|
|
167
171
|
| `guardlink validate [dir]` | Check for syntax errors, dangling refs, duplicate IDs |
|
|
@@ -174,7 +178,6 @@ GuardLink ships an MCP server and behavioral directives for AI coding agents. Af
|
|
|
174
178
|
| `guardlink sarif [dir]` | Export unmitigated exposures as SARIF 2.1.0 |
|
|
175
179
|
| `guardlink threat-report [fw]` | AI threat report (stride/dread/pasta/attacker/rapid/general) |
|
|
176
180
|
| `guardlink threat-reports` | List saved AI threat reports |
|
|
177
|
-
| `guardlink annotate [prompt]` | Launch a coding agent to add annotations |
|
|
178
181
|
| `guardlink review [dir]` | Interactive governance review — accept, remediate, or skip unmitigated exposures |
|
|
179
182
|
| `guardlink review --list` | List reviewable exposures without prompting |
|
|
180
183
|
| `guardlink clear [dir]` | Remove all annotations from source files (with `--dry-run` preview) |
|
|
@@ -192,7 +195,9 @@ GuardLink ships an MCP server and behavioral directives for AI coding agents. Af
|
|
|
192
195
|
|
|
193
196
|
## Annotation Reference
|
|
194
197
|
|
|
195
|
-
GuardLink annotations
|
|
198
|
+
GuardLink annotations can live in source comments in any language or in standalone `.gal` files. The parser supports `//`, `#`, `--`, `/* */`, `""" """`, and 25+ comment styles for inline annotations, plus raw GAL lines for externalized files.
|
|
199
|
+
|
|
200
|
+
> In standalone `.gal` files, drop the host-language comment prefix. `// @exposes ...` becomes `@exposes ...`. Keep definitions in `.guardlink/definitions.*`; use `.gal` files for externalized relationship annotations. Use `@source file:<path> line:<n> [symbol:<name>]` to point the following annotations at the real code location.
|
|
196
201
|
|
|
197
202
|
### Definitions (shared, in `.guardlink/definitions.js`)
|
|
198
203
|
|
|
@@ -211,6 +216,15 @@ GuardLink annotations go in comments in any language. The parser supports `//`,
|
|
|
211
216
|
# @transfers #sqli from #api to #database -- "DB handles untrusted input"
|
|
212
217
|
```
|
|
213
218
|
|
|
219
|
+
### Externalized relationships (in `.gal` files)
|
|
220
|
+
|
|
221
|
+
```text
|
|
222
|
+
@source file:src/auth/login.ts line:42 symbol:authenticate
|
|
223
|
+
@exposes #api to #xss [P1] cwe:CWE-79 -- "User bio rendered without escaping"
|
|
224
|
+
@audit #api -- "Review sanitization before release"
|
|
225
|
+
@comment -- "Same GAL syntax as inline comments, but without // or # prefixes"
|
|
226
|
+
```
|
|
227
|
+
|
|
214
228
|
### Data Flow & Architecture
|
|
215
229
|
|
|
216
230
|
```go
|
package/dist/agents/index.d.ts
CHANGED
|
@@ -14,12 +14,20 @@ export interface AgentEntry {
|
|
|
14
14
|
app: string | null;
|
|
15
15
|
flag: string;
|
|
16
16
|
}
|
|
17
|
+
export type AnnotationMode = 'inline' | 'external';
|
|
17
18
|
export declare const AGENTS: readonly AgentEntry[];
|
|
18
19
|
/** Parse --agent flags from a raw args string (TUI slash commands). */
|
|
19
20
|
export declare function parseAgentFlag(args: string): {
|
|
20
21
|
agent: AgentEntry | null;
|
|
21
22
|
cleanArgs: string;
|
|
22
23
|
};
|
|
24
|
+
/** Parse annotation placement mode from raw args (CLI/TUI). */
|
|
25
|
+
export declare function parseAnnotationModeFlag(args: string): {
|
|
26
|
+
mode: AnnotationMode;
|
|
27
|
+
cleanArgs: string;
|
|
28
|
+
error?: string;
|
|
29
|
+
};
|
|
30
|
+
export declare function resolveAnnotationMode(mode: string | undefined): AnnotationMode;
|
|
23
31
|
/** Resolve agent from Commander option booleans (CLI commands). */
|
|
24
32
|
export declare function agentFromOpts(opts: Record<string, any>): AgentEntry | null;
|
|
25
33
|
export { launchAgentForeground, launchAgentIDE, launchAgent, launchAgentInline, copyToClipboard } from './launcher.js';
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/agents/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,eAAO,MAAM,MAAM,EAAE,SAAS,UAAU,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/agents/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,MAAM,WAAW,UAAU;IACzB,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,MAAM,cAAc,GAAG,QAAQ,GAAG,UAAU,CAAC;AAEnD,eAAO,MAAM,MAAM,EAAE,SAAS,UAAU,EAQ9B,CAAC;AAEX,uEAAuE;AACvE,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,UAAU,GAAG,IAAI,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAO5F;AAED,+DAA+D;AAC/D,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,MAAM,GAAG;IAAE,IAAI,EAAE,cAAc,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CA0BjH;AAED,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,GAAG,cAAc,CAI9E;AAED,mEAAmE;AACnE,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,GAAG,UAAU,GAAG,IAAI,CAS1E;AAED,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,WAAW,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AACvH,YAAY,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAClD,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC"}
|
package/dist/agents/index.js
CHANGED
|
@@ -14,6 +14,7 @@ export const AGENTS = [
|
|
|
14
14
|
{ id: 'codex', name: 'Codex CLI', cmd: 'codex', app: null, flag: '--codex' },
|
|
15
15
|
{ id: 'gemini', name: 'Gemini CLI', cmd: 'gemini', app: null, flag: '--gemini' },
|
|
16
16
|
{ id: 'clipboard', name: 'Clipboard', cmd: null, app: null, flag: '--clipboard' },
|
|
17
|
+
{ id: 'stdout', name: 'Stdout', cmd: null, app: null, flag: '--stdout' },
|
|
17
18
|
];
|
|
18
19
|
/** Parse --agent flags from a raw args string (TUI slash commands). */
|
|
19
20
|
export function parseAgentFlag(args) {
|
|
@@ -24,6 +25,38 @@ export function parseAgentFlag(args) {
|
|
|
24
25
|
}
|
|
25
26
|
return { agent: null, cleanArgs: args };
|
|
26
27
|
}
|
|
28
|
+
/** Parse annotation placement mode from raw args (CLI/TUI). */
|
|
29
|
+
export function parseAnnotationModeFlag(args) {
|
|
30
|
+
const eqMatch = args.match(/(?:^|\s)--mode=(inline|external)(?=\s|$)/);
|
|
31
|
+
if (eqMatch) {
|
|
32
|
+
return {
|
|
33
|
+
mode: eqMatch[1],
|
|
34
|
+
cleanArgs: args.replace(eqMatch[0], ' ').replace(/\s+/g, ' ').trim(),
|
|
35
|
+
};
|
|
36
|
+
}
|
|
37
|
+
const spacedMatch = args.match(/(?:^|\s)--mode\s+(inline|external)(?=\s|$)/);
|
|
38
|
+
if (spacedMatch) {
|
|
39
|
+
return {
|
|
40
|
+
mode: spacedMatch[1],
|
|
41
|
+
cleanArgs: args.replace(spacedMatch[0], ' ').replace(/\s+/g, ' ').trim(),
|
|
42
|
+
};
|
|
43
|
+
}
|
|
44
|
+
if (/(?:^|\s)--mode(?:\s|=|$)/.test(args)) {
|
|
45
|
+
return {
|
|
46
|
+
mode: 'inline',
|
|
47
|
+
cleanArgs: args,
|
|
48
|
+
error: 'Invalid --mode value. Use --mode inline or --mode external.',
|
|
49
|
+
};
|
|
50
|
+
}
|
|
51
|
+
return { mode: 'inline', cleanArgs: args };
|
|
52
|
+
}
|
|
53
|
+
export function resolveAnnotationMode(mode) {
|
|
54
|
+
if (!mode || mode === 'inline')
|
|
55
|
+
return 'inline';
|
|
56
|
+
if (mode === 'external')
|
|
57
|
+
return 'external';
|
|
58
|
+
throw new Error(`Invalid annotation mode "${mode}". Use "inline" or "external".`);
|
|
59
|
+
}
|
|
27
60
|
/** Resolve agent from Commander option booleans (CLI commands). */
|
|
28
61
|
export function agentFromOpts(opts) {
|
|
29
62
|
if (opts.claudeCode)
|
|
@@ -38,6 +71,8 @@ export function agentFromOpts(opts) {
|
|
|
38
71
|
return AGENTS.find(a => a.id === 'gemini');
|
|
39
72
|
if (opts.clipboard)
|
|
40
73
|
return AGENTS.find(a => a.id === 'clipboard');
|
|
74
|
+
if (opts.stdout)
|
|
75
|
+
return AGENTS.find(a => a.id === 'stdout');
|
|
41
76
|
return null;
|
|
42
77
|
}
|
|
43
78
|
export { launchAgentForeground, launchAgentIDE, launchAgent, launchAgentInline, copyToClipboard } from './launcher.js';
|
package/dist/agents/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/agents/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/agents/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAcH,MAAM,CAAC,MAAM,MAAM,GAA0B;IAC3C,EAAE,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,EAAE,QAAQ,EAAG,GAAG,EAAE,IAAI,EAAQ,IAAI,EAAE,eAAe,EAAE;IAClG,EAAE,EAAE,EAAE,QAAQ,EAAO,IAAI,EAAE,QAAQ,EAAO,GAAG,EAAE,IAAI,EAAO,GAAG,EAAE,QAAQ,EAAI,IAAI,EAAE,UAAU,EAAE;IAC7F,EAAE,EAAE,EAAE,UAAU,EAAK,IAAI,EAAE,UAAU,EAAK,GAAG,EAAE,IAAI,EAAO,GAAG,EAAE,UAAU,EAAE,IAAI,EAAE,YAAY,EAAE;IAC/F,EAAE,EAAE,EAAE,OAAO,EAAQ,IAAI,EAAE,WAAW,EAAI,GAAG,EAAE,OAAO,EAAI,GAAG,EAAE,IAAI,EAAQ,IAAI,EAAE,SAAS,EAAE;IAC5F,EAAE,EAAE,EAAE,QAAQ,EAAO,IAAI,EAAE,YAAY,EAAG,GAAG,EAAE,QAAQ,EAAG,GAAG,EAAE,IAAI,EAAQ,IAAI,EAAE,UAAU,EAAE;IAC7F,EAAE,EAAE,EAAE,WAAW,EAAI,IAAI,EAAE,WAAW,EAAI,GAAG,EAAE,IAAI,EAAO,GAAG,EAAE,IAAI,EAAQ,IAAI,EAAE,aAAa,EAAE;IAChG,EAAE,EAAE,EAAE,QAAQ,EAAO,IAAI,EAAE,QAAQ,EAAO,GAAG,EAAE,IAAI,EAAO,GAAG,EAAE,IAAI,EAAQ,IAAI,EAAE,UAAU,EAAE;CACrF,CAAC;AAEX,uEAAuE;AACvE,MAAM,UAAU,cAAc,CAAC,IAAY;IACzC,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE,CAAC;QACvB,IAAI,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1B,OAAO,EAAE,KAAK,EAAE,CAAC,EAAE,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;QAClE,CAAC;IACH,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AAC1C,CAAC;AAED,+DAA+D;AAC/D,MAAM,UAAU,uBAAuB,CAAC,IAAY;IAClD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;IACvE,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO;YACL,IAAI,EAAE,OAAO,CAAC,CAAC,CAAmB;YAClC,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE;SACrE,CAAC;IACJ,CAAC;IAED,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAC7E,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO;YACL,IAAI,EAAE,WAAW,CAAC,CAAC,CAAmB;YACtC,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE;SACzE,CAAC;IACJ,CAAC;IAED,IAAI,0BAA0B,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1C,OAAO;YACL,IAAI,EAAE,QAAQ;YACd,SAAS,EAAE,IAAI;YACf,KAAK,EAAE,6DAA6D;SACrE,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AAC7C,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,IAAwB;IAC5D,IAAI,CAAC,IAAI,IAAI,IAAI,KAAK,QAAQ;QAAE,OAAO,QAAQ,CAAC;IAChD,IAAI,IAAI,KAAK,UAAU;QAAE,OAAO,UAAU,CAAC;IAC3C,MAAM,IAAI,KAAK,CAAC,4BAA4B,IAAI,gCAAgC,CAAC,CAAC;AACpF,CAAC;AAED,mEAAmE;AACnE,MAAM,UAAU,aAAa,CAAC,IAAyB;IACrD,IAAI,IAAI,CAAC,UAAU;QAAE,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,aAAa,CAAE,CAAC;IACtE,IAAI,IAAI,CAAC,MAAM;QAAM,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAE,CAAC;IACjE,IAAI,IAAI,CAAC,QAAQ;QAAI,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,UAAU,CAAE,CAAC;IACnE,IAAI,IAAI,CAAC,KAAK;QAAO,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,OAAO,CAAE,CAAC;IAChE,IAAI,IAAI,CAAC,MAAM;QAAM,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAE,CAAC;IACjE,IAAI,IAAI,CAAC,SAAS;QAAG,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,WAAW,CAAE,CAAC;IACpE,IAAI,IAAI,CAAC,MAAM;QAAM,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAE,CAAC;IACjE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,OAAO,EAAE,qBAAqB,EAAE,cAAc,EAAE,WAAW,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEvH,OAAO,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC"}
|
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
* @exposes #agent-launcher to #prompt-injection [medium] cwe:CWE-77 -- "User prompt passed to agent CLI as argument"
|
|
14
14
|
* @audit #agent-launcher -- "Prompt content is opaque to agent binary; injection risk depends on agent implementation"
|
|
15
15
|
* @exposes #agent-launcher to #dos [low] cwe:CWE-400 -- "No timeout on foreground spawn; agent controls duration"
|
|
16
|
-
* @
|
|
16
|
+
* @audit #agent-launcher -- "Timeout intentionally omitted for interactive sessions; inline mode has implicit control"
|
|
17
17
|
* @flows UserPrompt -> #agent-launcher via launchAgent -- "Prompt input path"
|
|
18
18
|
* @flows #agent-launcher -> AgentProcess via spawn -- "Process spawn path"
|
|
19
19
|
* @flows AgentProcess -> #agent-launcher via stdout -- "Agent output capture"
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"launcher.d.ts","sourceRoot":"","sources":["../../src/agents/launcher.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAOH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAI7C,8DAA8D;AAC9D,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAmBrD;AAID;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,GAAG;IACrE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAyBA;AAID;;;GAGG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,GAAG;IAC9D,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAwCA;AAID,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AA0CD;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,KAAK,EAAE,UAAU,EACjB,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,EAChC,IAAI,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,GAC3B,OAAO,CAAC,YAAY,CAAC,CAmFvB;AAID,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,OAAO,CAAC;IAClB,eAAe,EAAE,OAAO,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,YAAY,
|
|
1
|
+
{"version":3,"file":"launcher.d.ts","sourceRoot":"","sources":["../../src/agents/launcher.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAOH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAI7C,8DAA8D;AAC9D,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAmBrD;AAID;;;;;;GAMG;AACH,wBAAgB,qBAAqB,CAAC,KAAK,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,GAAG;IACrE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAyBA;AAID;;;GAGG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,GAAG;IAC9D,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,CAwCA;AAID,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AA0CD;;;;;;GAMG;AACH,wBAAsB,iBAAiB,CACrC,KAAK,EAAE,UAAU,EACjB,MAAM,EAAE,MAAM,EACd,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,EAChC,IAAI,CAAC,EAAE;IAAE,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,GAC3B,OAAO,CAAC,YAAY,CAAC,CAmFvB;AAID,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,OAAO,CAAC;IAClB,eAAe,EAAE,OAAO,CAAC;IACzB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,YAAY,CA+BxF"}
|
package/dist/agents/launcher.js
CHANGED
|
@@ -13,7 +13,7 @@
|
|
|
13
13
|
* @exposes #agent-launcher to #prompt-injection [medium] cwe:CWE-77 -- "User prompt passed to agent CLI as argument"
|
|
14
14
|
* @audit #agent-launcher -- "Prompt content is opaque to agent binary; injection risk depends on agent implementation"
|
|
15
15
|
* @exposes #agent-launcher to #dos [low] cwe:CWE-400 -- "No timeout on foreground spawn; agent controls duration"
|
|
16
|
-
* @
|
|
16
|
+
* @audit #agent-launcher -- "Timeout intentionally omitted for interactive sessions; inline mode has implicit control"
|
|
17
17
|
* @flows UserPrompt -> #agent-launcher via launchAgent -- "Prompt input path"
|
|
18
18
|
* @flows #agent-launcher -> AgentProcess via spawn -- "Process spawn path"
|
|
19
19
|
* @flows AgentProcess -> #agent-launcher via stdout -- "Agent output capture"
|
|
@@ -256,6 +256,11 @@ export async function launchAgentInline(agent, prompt, cwd, onChunk, opts) {
|
|
|
256
256
|
* For clipboard: copy only.
|
|
257
257
|
*/
|
|
258
258
|
export function launchAgent(agent, prompt, cwd) {
|
|
259
|
+
// stdout-only mode: write raw prompt to stdout, skip clipboard (keeps output pipeable)
|
|
260
|
+
if (agent.id === 'stdout') {
|
|
261
|
+
process.stdout.write(prompt);
|
|
262
|
+
return { launched: true, clipboardCopied: false };
|
|
263
|
+
}
|
|
259
264
|
// Step 1: Always copy to clipboard
|
|
260
265
|
const clipboardCopied = copyToClipboard(prompt);
|
|
261
266
|
// Step 2: clipboard-only mode
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"launcher.js","sourceRoot":"","sources":["../../src/agents/launcher.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC5E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAGjC,wEAAwE;AAExE,8DAA8D;AAC9D,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,MAAM,IAAI,GAAG,QAAQ,EAAE,KAAK,QAAQ;QAClC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACZ,CAAC,CAAC,QAAQ,EAAE,KAAK,OAAO;YACtB,CAAC,CAAC,CAAC,MAAM,CAAC;YACV,CAAC,CAAC,CAAC,4BAA4B,EAAE,0BAA0B,CAAC,CAAC;IAEjE,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE;gBAClC,KAAK,EAAE,IAAI;gBACX,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,OAAO,EAAE,IAAI;aACd,CAAC,CAAC;YACH,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC;QACvC,CAAC;QAAC,MAAM,CAAC;YAAC,SAAS;QAAC,CAAC;IACvB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,wEAAwE;AAExE;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,KAAiB,EAAE,GAAW;IAIlE,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QACf,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,IAAI,0BAA0B,EAAE,CAAC;IAC5E,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,EAAE;YACtC,GAAG;YACH,KAAK,EAAE,SAAS;YAChB,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE;YACvB,8CAA8C;SAC/C,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,mCAAmC;YACnC,MAAM,GAAG,GAAI,MAAM,CAAC,KAAa,CAAC,IAAI,KAAK,QAAQ;gBACjD,CAAC,CAAC,GAAG,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,GAAG,gCAAgC;gBAC7D,CAAC,CAAC,oBAAoB,KAAK,CAAC,IAAI,KAAK,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YAC9D,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;QACxC,CAAC;QAED,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;IACrC,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,oBAAoB,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;IACrF,CAAC;AACH,CAAC;AAED,wEAAwE;AAExE;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,KAAiB,EAAE,GAAW;IAI3D,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QACf,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,IAAI,sBAAsB,EAAE,CAAC;IACxE,CAAC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,QAAQ,EAAE,CAAC;QACtB,IAAI,MAAM,CAAC;QAEX,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;YACpB,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE;gBACjD,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;YAC1B,MAAM,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC,EAAE,EAAE,KAAK,CAAC,GAAG,CAAC,EAAE;gBAC3C,GAAG;gBACH,KAAK,EAAE,IAAI;gBACX,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,wCAAwC;YACxC,MAAM,GAAG,SAAS,CAAC,UAAU,EAAE,CAAC,GAAG,CAAC,EAAE;gBACpC,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;QACL,CAAC;QAED,IAAI,MAAM,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,IAAI,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;YACpE,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,kBAAkB,KAAK,CAAC,IAAI,qDAAqD,GAAG,EAAE;aAC9F,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;IAChD,CAAC;AACH,CAAC;AASD;;;;;;;;GAQG;AACH,SAAS,eAAe,CAAC,OAAe,EAAE,MAAc,EAAE,eAAwB;IAChF,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,aAAa;YAChB,OAAO;gBACL,IAAI,EAAE,MAAM;gBACZ,gCAAgC;gBAChC,gBAAgB,EAAE,yDAAyD;gBAC3E,iBAAiB,EAAE,MAAM;aAC1B,CAAC;QACJ,KAAK,OAAO;YACV,uDAAuD;YACvD,uDAAuD;YACvD,2EAA2E;YAC3E,2DAA2D;YAC3D,OAAO;gBACL,MAAM,EAAE,MAAM;gBACd,4CAA4C;gBAC5C,SAAS,EAAE,OAAO;gBAClB,uBAAuB;gBACvB,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;aACpD,CAAC;QACJ,KAAK,QAAQ;YACX,OAAO;gBACL,UAAU,EAAE,MAAM;gBAClB,iBAAiB,EAAE,MAAM;aAC1B,CAAC;QACJ;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,KAAiB,EACjB,MAAc,EACd,GAAW,EACX,OAAgC,EAChC,IAA4B;IAE5B,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QACf,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,IAAI,8CAA8C,EAAE,CAAC;IAC7F,CAAC;IAED,IAAI,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC;IACpB,IAAI,IAAI,GAAG,eAAe,CAAC,KAAK,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,iCAAiC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;IAC/E,CAAC;IAED,OAAO,IAAI,OAAO,CAAe,CAAC,OAAO,EAAE,EAAE;QAC3C,IAAI,CAAC;YACH,kFAAkF;YAClF,iDAAiD;YACjD,kFAAkF;YAClF,8EAA8E;YAC9E,IAAI,eAAmC,CAAC;YACxC,IAAI,KAAK,CAAC,EAAE,KAAK,OAAO,EAAE,CAAC;gBACzB,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,kBAAkB,CAAC,CAAC,CAAC;gBAC/D,eAAe,GAAG,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;YAC9C,CAAC;YAED,IAAI,GAAG,eAAe,CAAC,KAAK,CAAC,EAAE,EAAE,MAAM,EAAE,eAAe,CAAa,CAAC;YAEtE,uFAAuF;YACvF,yEAAyE;YACzE,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAE5D,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE;gBAC7B,GAAG;gBACH,KAAK,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC;gBAClC,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE;aACvC,CAAC,CAAC;YAEH,+EAA+E;YAC/E,IAAI,KAAK,CAAC,EAAE,KAAK,OAAO,EAAE,CAAC;gBACzB,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC;YACrB,CAAC;YAED,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,IAAI,MAAM,GAAG,EAAE,CAAC;YAEhB,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;gBACxC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC7B,OAAO,IAAI,IAAI,CAAC;gBAChB,IAAI,OAAO;oBAAE,OAAO,CAAC,IAAI,CAAC,CAAC;YAC7B,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;gBACxC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;gBAC/B,MAAM,GAAG,GAAI,GAAW,CAAC,IAAI,KAAK,QAAQ;oBACxC,CAAC,CAAC,GAAG,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,GAAG,gCAAgC;oBAC7D,CAAC,CAAC,oBAAoB,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC;gBACrD,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YACnC,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAmB,EAAE,EAAE;gBACxC,mFAAmF;gBACnF,IAAI,eAAe,IAAI,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;oBACnD,IAAI,CAAC;wBACH,MAAM,WAAW,GAAG,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;wBAClE,UAAU,CAAC,eAAe,CAAC,CAAC;wBAC5B,IAAI,WAAW,EAAE,CAAC;4BAChB,OAAO,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC;4BAClC,OAAO;wBACT,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC,CAAC,oCAAoC,CAAC,CAAC;gBAClD,CAAC;gBAED,IAAI,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;oBAC5C,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,IAAI,qBAAqB,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;gBACpH,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;gBACvB,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,OAAO,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,oBAAoB,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QACpF,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAUD;;;;;;GAMG;AACH,MAAM,UAAU,WAAW,CAAC,KAAiB,EAAE,MAAc,EAAE,GAAW;IACxE,mCAAmC;IACnC,MAAM,eAAe,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IAEhD,8BAA8B;IAC9B,IAAI,KAAK,CAAC,EAAE,KAAK,WAAW,EAAE,CAAC;QAC7B,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;IAC7C,CAAC;IAED,4CAA4C;IAC5C,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,qBAAqB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9D,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;QACrD,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;IAC7C,CAAC;IAED,+BAA+B;IAC/B,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,cAAc,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACtD,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;IACvD,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,uBAAuB,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC;AACxF,CAAC"}
|
|
1
|
+
{"version":3,"file":"launcher.js","sourceRoot":"","sources":["../../src/agents/launcher.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AACnC,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC5E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAGjC,wEAAwE;AAExE,8DAA8D;AAC9D,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,MAAM,IAAI,GAAG,QAAQ,EAAE,KAAK,QAAQ;QAClC,CAAC,CAAC,CAAC,QAAQ,CAAC;QACZ,CAAC,CAAC,QAAQ,EAAE,KAAK,OAAO;YACtB,CAAC,CAAC,CAAC,MAAM,CAAC;YACV,CAAC,CAAC,CAAC,4BAA4B,EAAE,0BAA0B,CAAC,CAAC;IAEjE,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,MAAM,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,EAAE,IAAI,EAAE;gBAClC,KAAK,EAAE,IAAI;gBACX,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,OAAO,EAAE,IAAI;aACd,CAAC,CAAC;YACH,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;gBAAE,OAAO,IAAI,CAAC;QACvC,CAAC;QAAC,MAAM,CAAC;YAAC,SAAS;QAAC,CAAC;IACvB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,wEAAwE;AAExE;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,KAAiB,EAAE,GAAW;IAIlE,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QACf,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,IAAI,0BAA0B,EAAE,CAAC;IAC5E,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,EAAE;YACtC,GAAG;YACH,KAAK,EAAE,SAAS;YAChB,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE;YACvB,8CAA8C;SAC/C,CAAC,CAAC;QAEH,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,mCAAmC;YACnC,MAAM,GAAG,GAAI,MAAM,CAAC,KAAa,CAAC,IAAI,KAAK,QAAQ;gBACjD,CAAC,CAAC,GAAG,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,GAAG,gCAAgC;gBAC7D,CAAC,CAAC,oBAAoB,KAAK,CAAC,IAAI,KAAK,MAAM,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;YAC9D,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;QACxC,CAAC;QAED,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,CAAC;IACrC,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,oBAAoB,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC;IACrF,CAAC;AACH,CAAC;AAED,wEAAwE;AAExE;;;GAGG;AACH,MAAM,UAAU,cAAc,CAAC,KAAiB,EAAE,GAAW;IAI3D,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QACf,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,IAAI,sBAAsB,EAAE,CAAC;IACxE,CAAC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,QAAQ,EAAE,CAAC;QACtB,IAAI,MAAM,CAAC;QAEX,IAAI,EAAE,KAAK,QAAQ,EAAE,CAAC;YACpB,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE;gBACjD,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,EAAE,KAAK,OAAO,EAAE,CAAC;YAC1B,MAAM,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC,EAAE,EAAE,KAAK,CAAC,GAAG,CAAC,EAAE;gBAC3C,GAAG;gBACH,KAAK,EAAE,IAAI;gBACX,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,wCAAwC;YACxC,MAAM,GAAG,SAAS,CAAC,UAAU,EAAE,CAAC,GAAG,CAAC,EAAE;gBACpC,KAAK,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC;gBAC/B,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;QACL,CAAC;QAED,IAAI,MAAM,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,IAAI,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,CAAC,EAAE,CAAC;YACpE,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,kBAAkB,KAAK,CAAC,IAAI,qDAAqD,GAAG,EAAE;aAC9F,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;IAChD,CAAC;AACH,CAAC;AASD;;;;;;;;GAQG;AACH,SAAS,eAAe,CAAC,OAAe,EAAE,MAAc,EAAE,eAAwB;IAChF,QAAQ,OAAO,EAAE,CAAC;QAChB,KAAK,aAAa;YAChB,OAAO;gBACL,IAAI,EAAE,MAAM;gBACZ,gCAAgC;gBAChC,gBAAgB,EAAE,yDAAyD;gBAC3E,iBAAiB,EAAE,MAAM;aAC1B,CAAC;QACJ,KAAK,OAAO;YACV,uDAAuD;YACvD,uDAAuD;YACvD,2EAA2E;YAC3E,2DAA2D;YAC3D,OAAO;gBACL,MAAM,EAAE,MAAM;gBACd,4CAA4C;gBAC5C,SAAS,EAAE,OAAO;gBAClB,uBAAuB;gBACvB,GAAG,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;aACpD,CAAC;QACJ,KAAK,QAAQ;YACX,OAAO;gBACL,UAAU,EAAE,MAAM;gBAClB,iBAAiB,EAAE,MAAM;aAC1B,CAAC;QACJ;YACE,OAAO,IAAI,CAAC;IAChB,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,KAAiB,EACjB,MAAc,EACd,GAAW,EACX,OAAgC,EAChC,IAA4B;IAE5B,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC;QACf,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,IAAI,8CAA8C,EAAE,CAAC;IAC7F,CAAC;IAED,IAAI,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC;IACpB,IAAI,IAAI,GAAG,eAAe,CAAC,KAAK,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAC7C,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,iCAAiC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;IAC/E,CAAC;IAED,OAAO,IAAI,OAAO,CAAe,CAAC,OAAO,EAAE,EAAE;QAC3C,IAAI,CAAC;YACH,kFAAkF;YAClF,iDAAiD;YACjD,kFAAkF;YAClF,8EAA8E;YAC9E,IAAI,eAAmC,CAAC;YACxC,IAAI,KAAK,CAAC,EAAE,KAAK,OAAO,EAAE,CAAC;gBACzB,MAAM,MAAM,GAAG,WAAW,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,kBAAkB,CAAC,CAAC,CAAC;gBAC/D,eAAe,GAAG,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;YAC9C,CAAC;YAED,IAAI,GAAG,eAAe,CAAC,KAAK,CAAC,EAAE,EAAE,MAAM,EAAE,eAAe,CAAa,CAAC;YAEtE,uFAAuF;YACvF,yEAAyE;YACzE,MAAM,SAAS,GAAG,KAAK,CAAC,EAAE,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC;YAE5D,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE;gBAC7B,GAAG;gBACH,KAAK,EAAE,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC;gBAClC,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE;aACvC,CAAC,CAAC;YAEH,+EAA+E;YAC/E,IAAI,KAAK,CAAC,EAAE,KAAK,OAAO,EAAE,CAAC;gBACzB,KAAK,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC;YACrB,CAAC;YAED,IAAI,OAAO,GAAG,EAAE,CAAC;YACjB,IAAI,MAAM,GAAG,EAAE,CAAC;YAEhB,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;gBACxC,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC7B,OAAO,IAAI,IAAI,CAAC;gBAChB,IAAI,OAAO;oBAAE,OAAO,CAAC,IAAI,CAAC,CAAC;YAC7B,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;gBACxC,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;gBAC/B,MAAM,GAAG,GAAI,GAAW,CAAC,IAAI,KAAK,QAAQ;oBACxC,CAAC,CAAC,GAAG,KAAK,CAAC,IAAI,KAAK,KAAK,CAAC,GAAG,gCAAgC;oBAC7D,CAAC,CAAC,oBAAoB,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,OAAO,EAAE,CAAC;gBACrD,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC;YACnC,CAAC,CAAC,CAAC;YAEH,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAmB,EAAE,EAAE;gBACxC,mFAAmF;gBACnF,IAAI,eAAe,IAAI,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;oBACnD,IAAI,CAAC;wBACH,MAAM,WAAW,GAAG,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;wBAClE,UAAU,CAAC,eAAe,CAAC,CAAC;wBAC5B,IAAI,WAAW,EAAE,CAAC;4BAChB,OAAO,CAAC,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC,CAAC;4BAClC,OAAO;wBACT,CAAC;oBACH,CAAC;oBAAC,MAAM,CAAC,CAAC,oCAAoC,CAAC,CAAC;gBAClD,CAAC;gBAED,IAAI,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;oBAC5C,OAAO,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,KAAK,CAAC,IAAI,qBAAqB,IAAI,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;gBACpH,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;gBACvB,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,OAAO,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,oBAAoB,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QACpF,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAUD;;;;;;GAMG;AACH,MAAM,UAAU,WAAW,CAAC,KAAiB,EAAE,MAAc,EAAE,GAAW;IACxE,uFAAuF;IACvF,IAAI,KAAK,CAAC,EAAE,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC7B,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;IACpD,CAAC;IAED,mCAAmC;IACnC,MAAM,eAAe,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC;IAEhD,8BAA8B;IAC9B,IAAI,KAAK,CAAC,EAAE,KAAK,WAAW,EAAE,CAAC;QAC7B,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;IAC7C,CAAC;IAED,4CAA4C;IAC5C,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,qBAAqB,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAC9D,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;QACrD,CAAC;QACD,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;IAC7C,CAAC;IAED,+BAA+B;IAC/B,IAAI,KAAK,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,cAAc,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QACtD,OAAO,EAAE,QAAQ,EAAE,OAAO,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC;IACvD,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,EAAE,KAAK,EAAE,uBAAuB,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC;AACxF,CAAC"}
|
package/dist/agents/prompts.d.ts
CHANGED
|
@@ -13,11 +13,12 @@
|
|
|
13
13
|
* @handles internal on #agent-launcher -- "Serializes threat model IDs and flows into prompt"
|
|
14
14
|
*/
|
|
15
15
|
import type { ThreatModel } from '../types/index.js';
|
|
16
|
+
export type AnnotationMode = 'inline' | 'external';
|
|
16
17
|
/**
|
|
17
18
|
* Build a prompt for annotation agents.
|
|
18
19
|
*
|
|
19
20
|
* Includes the GuardLink reference doc, current model summary with flows and exposures,
|
|
20
21
|
* flow-first threat modeling methodology, and precise GAL syntax rules.
|
|
21
22
|
*/
|
|
22
|
-
export declare function buildAnnotatePrompt(userPrompt: string, root: string, model: ThreatModel | null): string;
|
|
23
|
+
export declare function buildAnnotatePrompt(userPrompt: string, root: string, model: ThreatModel | null, annotationMode?: AnnotationMode): string;
|
|
23
24
|
//# sourceMappingURL=prompts.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prompts.d.ts","sourceRoot":"","sources":["../../src/agents/prompts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAIH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAErD;;;;;GAKG;AACH,wBAAgB,mBAAmB,CACjC,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,WAAW,GAAG,IAAI,
|
|
1
|
+
{"version":3,"file":"prompts.d.ts","sourceRoot":"","sources":["../../src/agents/prompts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAIH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAErD,MAAM,MAAM,cAAc,GAAG,QAAQ,GAAG,UAAU,CAAC;AA6BnD;;;;;GAKG;AACH,wBAAgB,mBAAmB,CACjC,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,WAAW,GAAG,IAAI,EACzB,cAAc,GAAE,cAAyB,GACxC,MAAM,CAqWR"}
|
package/dist/agents/prompts.js
CHANGED
|
@@ -14,13 +14,37 @@
|
|
|
14
14
|
*/
|
|
15
15
|
import { existsSync, readFileSync } from 'node:fs';
|
|
16
16
|
import { resolve } from 'node:path';
|
|
17
|
+
function annotationModeLabel(mode) {
|
|
18
|
+
return mode === 'external' ? 'externalized .gal files' : 'inline source comments';
|
|
19
|
+
}
|
|
20
|
+
function annotationModeInstructions(mode) {
|
|
21
|
+
if (mode === 'external') {
|
|
22
|
+
return `## Annotation Placement Mode
|
|
23
|
+
You MUST write annotations into associated standalone \`.gal\` files, not inline in the source code.
|
|
24
|
+
|
|
25
|
+
- Keep definitions in \`.guardlink/definitions.*\`
|
|
26
|
+
- For each annotated source file, create or update an associated file under \`.guardlink/annotations/\`
|
|
27
|
+
- Mirror the source path in the annotation file path (example: \`src/auth/login.ts\` -> \`.guardlink/annotations/src/auth/login.ts.gal\`)
|
|
28
|
+
- Group annotations under \`@source file:<path> line:<n> [symbol:<name>]\` so each block points at the real code location
|
|
29
|
+
- In \`.gal\` files, write raw GAL lines without \`//\` or \`#\` prefixes
|
|
30
|
+
- Do NOT modify source files just to add comments when this mode is selected
|
|
31
|
+
`;
|
|
32
|
+
}
|
|
33
|
+
return `## Annotation Placement Mode
|
|
34
|
+
You MUST write annotations inline in the source code comments.
|
|
35
|
+
|
|
36
|
+
- Place annotations in the file doc-block or directly above the security-relevant code
|
|
37
|
+
- Use the host language comment syntax (\`//\`, \`#\`, \`--\`, etc.)
|
|
38
|
+
- Do NOT externalize annotations into \`.gal\` files when this mode is selected
|
|
39
|
+
`;
|
|
40
|
+
}
|
|
17
41
|
/**
|
|
18
42
|
* Build a prompt for annotation agents.
|
|
19
43
|
*
|
|
20
44
|
* Includes the GuardLink reference doc, current model summary with flows and exposures,
|
|
21
45
|
* flow-first threat modeling methodology, and precise GAL syntax rules.
|
|
22
46
|
*/
|
|
23
|
-
export function buildAnnotatePrompt(userPrompt, root, model) {
|
|
47
|
+
export function buildAnnotatePrompt(userPrompt, root, model, annotationMode = 'inline') {
|
|
24
48
|
// Read the reference doc if available
|
|
25
49
|
let refDoc = '';
|
|
26
50
|
const refPath = resolve(root, '.guardlink', 'GUARDLINK_REFERENCE.md');
|
|
@@ -85,6 +109,7 @@ export function buildAnnotatePrompt(userPrompt, root, model) {
|
|
|
85
109
|
}
|
|
86
110
|
return `You are an expert security engineer performing threat modeling as code.
|
|
87
111
|
Your job is to read this codebase deeply, understand how code flows between components, and annotate it with GuardLink (GAL) security annotations that accurately represent the security posture.
|
|
112
|
+
This run MUST produce annotations as ${annotationModeLabel(annotationMode)}.
|
|
88
113
|
|
|
89
114
|
This is NOT a vulnerability scanner. You are building a living threat model embedded in the code itself.
|
|
90
115
|
Annotations capture what COULD go wrong, what controls exist, and how data moves — not just confirmed bugs.
|
|
@@ -95,6 +120,8 @@ ${modelSummary}${existingIds}${existingFlows}${existingExposures}
|
|
|
95
120
|
## Your Task
|
|
96
121
|
${userPrompt}
|
|
97
122
|
|
|
123
|
+
${annotationModeInstructions(annotationMode)}
|
|
124
|
+
|
|
98
125
|
## HOW TO THINK — Flow-First Threat Modeling
|
|
99
126
|
|
|
100
127
|
Before writing ANY annotation, you MUST understand the code deeply:
|
|
@@ -197,19 +224,35 @@ Place @boundary annotations where trust level changes between two components:
|
|
|
197
224
|
\`\`\`
|
|
198
225
|
|
|
199
226
|
### Where to Place Annotations
|
|
200
|
-
|
|
227
|
+
${annotationMode === 'external'
|
|
228
|
+
? 'Annotations go in associated `.gal` files, grouped by `@source` blocks that point at the real code location:'
|
|
229
|
+
: "Annotations go in the file's top doc-block comment OR directly above the security-relevant code:"}
|
|
201
230
|
|
|
202
231
|
\`\`\`
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
232
|
+
${annotationMode === 'external'
|
|
233
|
+
? [
|
|
234
|
+
'@shield:begin -- "Externalized annotation examples, excluded from parsing"',
|
|
235
|
+
'@source file:src/auth/login.ts line:42 symbol:authenticate',
|
|
236
|
+
'@exposes #auth-api to #sqli [P1] cwe:CWE-89 -- "User-supplied email reaches query builder"',
|
|
237
|
+
'@mitigates #auth-api against #sqli using #input-validation -- "Zod schema validates email before query"',
|
|
238
|
+
'@comment -- "Externalized annotations for src/auth/login.ts"',
|
|
239
|
+
'',
|
|
240
|
+
'@source file:src/auth/session.ts line:88 symbol:issueToken',
|
|
241
|
+
'@handles secrets on #auth-api -- "Issues session token"',
|
|
242
|
+
'@shield:end',
|
|
243
|
+
].join('\n')
|
|
244
|
+
: [
|
|
245
|
+
'// @shield:begin -- "Placement examples, excluded from parsing"',
|
|
246
|
+
'//',
|
|
247
|
+
'// FILE-LEVEL (top doc-block) — for module-wide security properties:',
|
|
248
|
+
'// Place @exposes, @mitigates, @flows, @handles, @boundary that describe the module as a whole',
|
|
249
|
+
'//',
|
|
250
|
+
'// INLINE (above specific functions/methods) — for function-specific concerns:',
|
|
251
|
+
'// Place @exposes, @mitigates above the exact function where the risk or control lives',
|
|
252
|
+
'// Place @comment above tricky security-relevant code to explain intent',
|
|
253
|
+
'//',
|
|
254
|
+
'// @shield:end',
|
|
255
|
+
].join('\n')}
|
|
213
256
|
\`\`\`
|
|
214
257
|
|
|
215
258
|
### Severity — Be Honest, Not Alarmist
|
|
@@ -259,7 +302,7 @@ Adding @shield on your own initiative would actively harm the threat model by cr
|
|
|
259
302
|
|
|
260
303
|
## PRECISE GAL Syntax
|
|
261
304
|
|
|
262
|
-
Definitions go in .guardlink/definitions.{ts,js,py,rs}.
|
|
305
|
+
Definitions go in .guardlink/definitions.{ts,js,py,rs}. Relationship annotations can live in source comments or standalone .gal files.
|
|
263
306
|
|
|
264
307
|
### Definitions (in .guardlink/definitions file)
|
|
265
308
|
\`\`\`
|
|
@@ -288,6 +331,14 @@ Definitions go in .guardlink/definitions.{ts,js,py,rs}. Source files use only re
|
|
|
288
331
|
// @shield:end
|
|
289
332
|
\`\`\`
|
|
290
333
|
|
|
334
|
+
### Relationships (in standalone .gal files)
|
|
335
|
+
\`\`\`
|
|
336
|
+
@source file:src/auth/login.ts line:42 symbol:authenticate
|
|
337
|
+
@exposes #auth to #sqli [P0] cwe:CWE-89 owasp:A03:2021 -- "User input concatenated into query"
|
|
338
|
+
@mitigates #auth against #sqli using #prepared-stmts -- "Uses parameterized queries via sqlx"
|
|
339
|
+
@audit #auth -- "Timing attack risk — needs human review"
|
|
340
|
+
\`\`\`
|
|
341
|
+
|
|
291
342
|
## CRITICAL SYNTAX RULES (violations cause parse errors)
|
|
292
343
|
|
|
293
344
|
1. **@boundary requires TWO assets**: \`@boundary between #A and #B\` or \`@boundary #A | #B\`.
|
|
@@ -322,6 +373,7 @@ Definitions go in .guardlink/definitions.{ts,js,py,rs}. Source files use only re
|
|
|
322
373
|
A bare \`@comment\` without description is valid but useless. Always include context.
|
|
323
374
|
|
|
324
375
|
10. **One annotation per comment line.** Do NOT put two @verbs on the same line.
|
|
376
|
+
11. **In external mode, use \`@source\` before each block** so the annotations point at the intended file and line.
|
|
325
377
|
|
|
326
378
|
## Workflow
|
|
327
379
|
|
|
@@ -339,7 +391,7 @@ Definitions go in .guardlink/definitions.{ts,js,py,rs}. Source files use only re
|
|
|
339
391
|
Think: "what's the risk, what's the defense, how does data flow here, and what should the next developer know?"
|
|
340
392
|
NEVER write @accepts — that is a human-only governance decision. Use @audit to flag unmitigated risks for review.
|
|
341
393
|
|
|
342
|
-
5. **Use the
|
|
394
|
+
5. **Use the selected annotation mode consistently.** Inline mode writes source comments; external mode writes associated \`.gal\` files with \`@source\` blocks.
|
|
343
395
|
|
|
344
396
|
6. **Run validation** via guardlink_validate (MCP) or \`guardlink validate\` to check for errors.
|
|
345
397
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"prompts.js","sourceRoot":"","sources":["../../src/agents/prompts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;
|
|
1
|
+
{"version":3,"file":"prompts.js","sourceRoot":"","sources":["../../src/agents/prompts.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAKpC,SAAS,mBAAmB,CAAC,IAAoB;IAC/C,OAAO,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,yBAAyB,CAAC,CAAC,CAAC,wBAAwB,CAAC;AACpF,CAAC;AAED,SAAS,0BAA0B,CAAC,IAAoB;IACtD,IAAI,IAAI,KAAK,UAAU,EAAE,CAAC;QACxB,OAAO;;;;;;;;;CASV,CAAC;IACA,CAAC;IAED,OAAO;;;;;;CAMR,CAAC;AACF,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CACjC,UAAkB,EAClB,IAAY,EACZ,KAAyB,EACzB,iBAAiC,QAAQ;IAEzC,sCAAsC;IACtC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,YAAY,EAAE,wBAAwB,CAAC,CAAC;IACtE,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,MAAM,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC1C,CAAC;IACD,2CAA2C;IAC3C,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,EAAE,MAAM,EAAE,wBAAwB,CAAC,CAAC;QACpE,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YAC5B,MAAM,GAAG,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;IACH,CAAC;IAED,IAAI,YAAY,GAAG,uGAAuG,CAAC;IAC3H,IAAI,WAAW,GAAG,EAAE,CAAC;IACrB,IAAI,aAAa,GAAG,EAAE,CAAC;IACvB,IAAI,iBAAiB,GAAG,EAAE,CAAC;IAC3B,IAAI,KAAK,EAAE,CAAC;QACV,MAAM,KAAK,GAAG;YACZ,GAAG,KAAK,CAAC,kBAAkB,cAAc;YACzC,GAAG,KAAK,CAAC,SAAS,CAAC,MAAM,YAAY;YACrC,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,SAAS;YAC/B,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,UAAU;YACjC,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,WAAW;YACnC,GAAG,KAAK,CAAC,WAAW,CAAC,MAAM,cAAc;YACzC,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,QAAQ;YAC7B,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,aAAa;SACxC,CAAC;QACF,YAAY,GAAG,kBAAkB,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;QAErD,+EAA+E;QAC/E,MAAM,SAAS,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACvE,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrE,MAAM,UAAU,GAAG,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACzE,IAAI,SAAS,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC/D,MAAM,QAAQ,GAAa,EAAE,CAAC;YAC9B,IAAI,QAAQ,CAAC,MAAM;gBAAE,QAAQ,CAAC,IAAI,CAAC,WAAW,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACrE,IAAI,SAAS,CAAC,MAAM;gBAAE,QAAQ,CAAC,IAAI,CAAC,YAAY,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACxE,IAAI,UAAU,CAAC,MAAM;gBAAE,QAAQ,CAAC,IAAI,CAAC,aAAa,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAC3E,WAAW,GAAG,8DAA8D,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACpG,CAAC;QAED,qEAAqE;QACrE,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC3B,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CACjD,KAAK,CAAC,CAAC,MAAM,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,GAAG,CAClH,CAAC;YACF,aAAa,GAAG,6DAA6D,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACpG,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE;gBAAE,aAAa,IAAI,eAAe,KAAK,CAAC,KAAK,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC;QAC9F,CAAC;QAED,0EAA0E;QAC1E,8FAA8F;QAC9F,MAAM,oBAAoB,GAAG,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;YACtD,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC;QACpF,CAAC,CAAC,CAAC;QACH,IAAI,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACpC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CACzD,KAAK,CAAC,CAAC,KAAK,eAAe,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,QAAQ,IAAI,SAAS,MAAM,CAAC,CAAC,QAAQ,CAAC,IAAI,IAAI,CAAC,CAAC,QAAQ,CAAC,IAAI,GAAG,CAC3G,CAAC;YACF,iBAAiB,GAAG,yHAAyH,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACnK,IAAI,oBAAoB,CAAC,MAAM,GAAG,EAAE;gBAAE,iBAAiB,IAAI,eAAe,oBAAoB,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC;QACpH,CAAC;IACH,CAAC;IAED,OAAO;;uCAE8B,mBAAmB,CAAC,cAAc,CAAC;;;;;EAKxE,MAAM,CAAC,CAAC,CAAC,gDAAgD,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE;EAC/F,YAAY,GAAG,WAAW,GAAG,aAAa,GAAG,iBAAiB;;;EAG9D,UAAU;;EAEV,0BAA0B,CAAC,cAAc,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAwG1C,cAAc,KAAK,UAAU;QAC3B,CAAC,CAAC,8GAA8G;QAChH,CAAC,CAAC,kGAAkG;;;EAGtG,cAAc,KAAK,UAAU;QAC3B,CAAC,CAAC;YACE,4EAA4E;YAC5E,4DAA4D;YAC5D,4FAA4F;YAC5F,yGAAyG;YACzG,8DAA8D;YAC9D,EAAE;YACF,4DAA4D;YAC5D,yDAAyD;YACzD,aAAa;SACd,CAAC,IAAI,CAAC,IAAI,CAAC;QACd,CAAC,CAAC;YACE,iEAAiE;YACjE,IAAI;YACJ,sEAAsE;YACtE,gGAAgG;YAChG,IAAI;YACJ,gFAAgF;YAChF,wFAAwF;YACxF,yEAAyE;YACzE,IAAI;YACJ,gBAAgB;SACjB,CAAC,IAAI,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAgJjB,CAAC;AACF,CAAC"}
|
package/dist/analyze/prompts.js
CHANGED
|
@@ -23,7 +23,7 @@ Your job is to **produce a complete, standalone threat model** for a real codeba
|
|
|
23
23
|
|
|
24
24
|
You will receive:
|
|
25
25
|
1. **Project context** — language/framework, dependencies, deployment signals (Dockerfile, CI config, etc.)
|
|
26
|
-
2. **Annotation graph** — structured security metadata extracted from source
|
|
26
|
+
2. **Annotation graph** — structured security metadata extracted from GuardLink annotations in source comments or standalone \`.gal\` files
|
|
27
27
|
3. **Code snippets** — the actual source lines surrounding each annotation, so you can validate what developers claimed
|
|
28
28
|
|
|
29
29
|
## How to use these inputs
|