loki-mode 6.36.3 → 6.36.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/SKILL.md +2 -2
- package/VERSION +1 -1
- package/package.json +1 -1
- package/web-app/server.py +28 -4
package/SKILL.md
CHANGED
|
@@ -3,7 +3,7 @@ name: loki-mode
|
|
|
3
3
|
description: Multi-agent autonomous startup system. Triggers on "Loki Mode". Takes PRD to deployed product with minimal human intervention. Requires --dangerously-skip-permissions flag.
|
|
4
4
|
---
|
|
5
5
|
|
|
6
|
-
# Loki Mode v6.36.
|
|
6
|
+
# Loki Mode v6.36.4
|
|
7
7
|
|
|
8
8
|
**You are an autonomous agent. You make decisions. You do not ask questions. You do not stop.**
|
|
9
9
|
|
|
@@ -267,4 +267,4 @@ The following features are documented in skill modules but not yet fully automat
|
|
|
267
267
|
| Quality gates 3-reviewer system | Implemented (v5.35.0) | 5 specialist reviewers in `skills/quality-gates.md`; execution in run.sh |
|
|
268
268
|
| Benchmarks (HumanEval, SWE-bench) | Infrastructure only | Runner scripts and datasets exist in `benchmarks/`; no published results |
|
|
269
269
|
|
|
270
|
-
**v6.36.
|
|
270
|
+
**v6.36.4 | [Autonomi](https://www.autonomi.dev/) flagship product | ~260 lines core**
|
package/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
6.36.
|
|
1
|
+
6.36.4
|
package/package.json
CHANGED
package/web-app/server.py
CHANGED
|
@@ -44,9 +44,20 @@ DIST_DIR = SCRIPT_DIR / "dist"
|
|
|
44
44
|
|
|
45
45
|
app = FastAPI(title="Purple Lab", docs_url=None, redoc_url=None)
|
|
46
46
|
|
|
47
|
+
_default_cors_origins = [
|
|
48
|
+
f"http://127.0.0.1:{PORT}",
|
|
49
|
+
f"http://localhost:{PORT}",
|
|
50
|
+
]
|
|
51
|
+
_cors_env = os.environ.get("PURPLE_LAB_CORS_ORIGINS", "")
|
|
52
|
+
_cors_origins = (
|
|
53
|
+
[o.strip() for o in _cors_env.split(",") if o.strip()]
|
|
54
|
+
if _cors_env
|
|
55
|
+
else _default_cors_origins
|
|
56
|
+
)
|
|
57
|
+
|
|
47
58
|
app.add_middleware(
|
|
48
59
|
CORSMiddleware,
|
|
49
|
-
allow_origins=
|
|
60
|
+
allow_origins=_cors_origins,
|
|
50
61
|
allow_methods=["*"],
|
|
51
62
|
allow_headers=["*"],
|
|
52
63
|
)
|
|
@@ -149,12 +160,25 @@ def _loki_dir() -> Path:
|
|
|
149
160
|
|
|
150
161
|
|
|
151
162
|
def _safe_resolve(base: Path, requested: str) -> Optional[Path]:
|
|
152
|
-
"""Resolve a path ensuring it stays within base (path traversal protection).
|
|
163
|
+
"""Resolve a path ensuring it stays within base (path traversal protection).
|
|
164
|
+
|
|
165
|
+
Uses os.path.commonpath to avoid the startswith prefix collision where
|
|
166
|
+
/tmp/proj would incorrectly pass a check against /tmp/projother.
|
|
167
|
+
Also rejects symlinks that escape the base directory.
|
|
168
|
+
"""
|
|
153
169
|
try:
|
|
154
170
|
resolved = (base / requested).resolve()
|
|
155
171
|
base_resolved = base.resolve()
|
|
156
|
-
|
|
157
|
-
|
|
172
|
+
# Ensure resolved is strictly inside base_resolved
|
|
173
|
+
resolved.relative_to(base_resolved)
|
|
174
|
+
# Reject if any component is a symlink pointing outside base
|
|
175
|
+
check = base_resolved
|
|
176
|
+
for part in resolved.relative_to(base_resolved).parts:
|
|
177
|
+
check = check / part
|
|
178
|
+
if check.is_symlink():
|
|
179
|
+
link_target = check.resolve()
|
|
180
|
+
link_target.relative_to(base_resolved) # raises ValueError if outside
|
|
181
|
+
return resolved
|
|
158
182
|
except (ValueError, OSError):
|
|
159
183
|
pass
|
|
160
184
|
return None
|