little-coder 1.6.0 → 1.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -16,7 +16,7 @@ const BUILTIN_SAFE_PREFIXES: readonly string[] = [
|
|
|
16
16
|
"which", "type", "env", "printenv", "uname", "whoami", "id",
|
|
17
17
|
"git log", "git status", "git diff", "git show", "git branch",
|
|
18
18
|
"git remote", "git stash list", "git tag",
|
|
19
|
-
"find ", "grep ", "rg ", "ag ", "fd ",
|
|
19
|
+
"find ", "grep ", "rg ", "ag ", "fd ", "sed ",
|
|
20
20
|
"python ", "python3 ", "node ", "ruby ", "perl ",
|
|
21
21
|
"pip show", "pip list", "npm list", "cargo metadata",
|
|
22
22
|
"df ", "du ", "free ", "top -bn", "ps ",
|
|
@@ -8,6 +8,7 @@ describe("isSafeBash", () => {
|
|
|
8
8
|
expect(isSafeBash("git log --oneline")).toBe(true);
|
|
9
9
|
expect(isSafeBash("grep -r pattern .")).toBe(true);
|
|
10
10
|
expect(isSafeBash("rg pattern src/")).toBe(true);
|
|
11
|
+
expect(isSafeBash("sed -n '1,20p' file.ts")).toBe(true);
|
|
11
12
|
});
|
|
12
13
|
it("allows routine filesystem scaffolding (cp/mv/mkdir/touch)", () => {
|
|
13
14
|
expect(isSafeBash("cp a b")).toBe(true);
|
package/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,18 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to little-coder are documented here. The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and little-coder's public interface (CLI, providers, tools, skills) follows semver starting at `v0.0.1` post-rename.
|
|
4
4
|
|
|
5
|
+
## [v1.6.1] — 2026-05-23
|
|
6
|
+
|
|
7
|
+
A one-line whitelist tweak: `sed` is now an allowed bash command in `auto` permission mode. Stream-editing and line-range printing (`sed -n '1,20p' file`) are routine enough that gating them behind a per-deployment `LITTLE_CODER_BASH_ALLOW` was friction without a safety payoff — `sed` sits naturally alongside the already-allowed text-search tools (`grep`, `rg`, `find`).
|
|
8
|
+
|
|
9
|
+
### Changed
|
|
10
|
+
- **`sed ` added to the built-in `SAFE_PREFIXES`** (`.pi/extensions/permission-gate/index.ts`). As with every prefix on that list, the trailing space is a word boundary, so `sed …` is allowed while `sedfoo` is not. Note this also permits in-place edits (`sed -i`), the same read-write trade-off the list already makes for `cp `/`mv `; `rm` still stays off the list by design.
|
|
11
|
+
|
|
12
|
+
### Notes for upgraders
|
|
13
|
+
- Purely additive. No CLI flag, `models.json`, `.pi/settings.json`, or per-model-profile schema changes. If a deployment had been allowing `sed` via `LITTLE_CODER_BASH_ALLOW`, that entry is now redundant (harmless — the lists are merged).
|
|
14
|
+
|
|
15
|
+
---
|
|
16
|
+
|
|
5
17
|
## [v1.6.0] — 2026-05-23
|
|
6
18
|
|
|
7
19
|
A new harness intervention for small-context models: oversized file reads no longer blow the context window. little-coder targets local models with small windows (`context_limit` is 32768, and the live window is often less), but pi's built-in `read` returns up to ~2000 lines in a single tool result — enough for one read to evict the conversation and derail the run. The harness now catches that read before it lands and replaces it with the file's head plus a "search, don't slurp" directive, surfaced through the same one-voice `harness intervention: …` line as the thinking-budget cap, write-guard redirect, and turn-cap.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "little-coder",
|
|
3
|
-
"version": "1.6.
|
|
3
|
+
"version": "1.6.1",
|
|
4
4
|
"description": "A pi-based coding agent optimized for small local language models. Reproduces the whitepaper's scaffold-model-fit adaptations as pi extensions.",
|
|
5
5
|
"homepage": "https://github.com/itayinbarr/little-coder",
|
|
6
6
|
"repository": {
|