npm - moltblock - Versions diffs - 0.11.2 → 0.11.4 - Mend

moltblock 0.11.2 → 0.11.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 /**
  * Moltblock — framework for evolving composite intelligences (Entities).
  */
-export declare const VERSION = "0.11.2";
+export declare const VERSION = "0.11.4";
 export type { ModelBinding, BindingEntry, AgentConfig, MoltblockConfig, ChatMessage, VerifiedMemoryEntry, CheckpointEntry, OutcomeEntry, InboxEntry, StrategySuggestion, ReceivedArtifact, GovernanceConfig, } from "./types.js";
 export { WorkingMemory } from "./memory.js";
 export { signArtifact, verifyArtifact, artifactHash } from "./signing.js";

package/dist/index.js CHANGED Viewed

@@ -1,7 +1,7 @@
 /**
  * Moltblock — framework for evolving composite intelligences (Entities).
  */
-export const VERSION = "0.11.2";
+export const VERSION = "0.11.4";
 // Memory
 export { WorkingMemory } from "./memory.js";
 // Signing

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "moltblock",
-  "version": "0.11.2",
+  "version": "0.11.4",
   "description": "Framework for building evolving composite AI intelligences (Entities)",
   "type": "module",
   "main": "dist/index.js",

package/skill/SKILL.md CHANGED Viewed

@@ -1,7 +1,9 @@
 ---
 name: moltblock - Trust Layer for AI Agents
-description: Verification gating for AI-generated artifacts. Policy checks and code verification to catch dangerous patterns before execution.
-version: 0.11.0
+description: Verification gating for AI-generated artifacts. Policy checks to catch dangerous patterns before execution.
+version: 0.11.4
+homepage: https://github.com/moltblock/moltblock
+repository: https://github.com/moltblock/moltblock
 metadata:
   openclaw:
     requires:
@@ -19,7 +21,7 @@ metadata:
     homepage: https://github.com/moltblock/moltblock
     install:
       - kind: node
-        package: moltblock@0.11.0
+        package: moltblock@0.11.4
         bins: [moltblock]
 ---
@@ -27,13 +29,14 @@ metadata:
 ## Description
-Moltblock provides verification gating for AI-generated artifacts. It runs policy checks and optional code verification (via vitest) to catch dangerous patterns before they reach production.
+Moltblock provides verification gating for AI-generated artifacts. It runs policy checks to catch dangerous patterns before they reach production.
 **What moltblock does:**
-- Generates code via LLM API calls, then runs policy checks against the output
-- When `--test` is provided, executes vitest to verify generated code against a user-provided test file (see **Security: Test Execution** below)
+- Generates artifacts via LLM API calls, then runs policy checks against the output
+- Returns a structured verification result (pass/fail with evidence)
 - Reads its own config files (`moltblock.json`, `~/.moltblock/moltblock.json`) if present
 - API keys are read from environment variables at runtime and sent only to the configured LLM provider endpoint
+- **No code execution occurs** — moltblock only performs policy checks on generated artifacts
 ## When to Use
@@ -50,7 +53,7 @@ Verify a task before execution.
 ### Usage
 ```bash
-npx moltblock@0.11.0 "<task description>" --provider <provider> --json
+npx moltblock@0.11.4 "<task description>" --provider <provider> --json
 ```
 ### Parameters
@@ -60,7 +63,6 @@ npx moltblock@0.11.0 "<task description>" --provider <provider> --json
 | task | Yes | The task description to verify |
 | --provider | No | LLM provider: openai, google, zai, local (auto-detected from env) |
 | --model | No | Model override |
-| --test | No | Path to test file (for code verification) |
 | --json | No | Output structured JSON result |
 ### Environment Variables
@@ -75,10 +77,7 @@ Moltblock auto-detects the LLM provider from whichever API key is set. If no key
 ```bash
 # Verify a task
-npx moltblock@0.11.0 "implement a function that validates email addresses" --json
-# Verify code with tests
-npx moltblock@0.11.0 "implement a markdown-to-html converter" --test ./tests/markdown.test.ts --json
+npx moltblock@0.11.4 "implement a function that validates email addresses" --json
 ```
 ### Output (JSON mode)
@@ -99,13 +98,13 @@ npx moltblock@0.11.0 "implement a markdown-to-html converter" --test ./tests/mar
 Use directly with npx (recommended, no install needed):
 ```bash
-npx moltblock@0.11.0 "your task" --json
+npx moltblock@0.11.4 "your task" --json
 ```
 Or install globally:
 ```bash
-npm install -g moltblock@0.11.0
+npm install -g moltblock@0.11.4
 ```
 ## Configuration
@@ -134,16 +133,11 @@ See the [full configuration docs](https://github.com/moltblock/moltblock#configu
 - npm: [npmjs.com/package/moltblock](https://www.npmjs.com/package/moltblock)
 - License: MIT
-## Security: Test Execution
-When `--test` is used, moltblock writes LLM-generated code to a temporary file and runs vitest against it using the user-provided test file. **This executes LLM-generated code in a Node.js process on the host machine.** Mitigations:
+## Security
-- The test file path must be provided explicitly by the user — moltblock does not select or generate test files
-- Generated code is written to `os.tmpdir()` and cleaned up after execution
-- Policy rules run **before** test execution to deny known dangerous patterns (e.g. `rm -rf`, `eval`, `child_process`, filesystem writes)
-- Without `--test`, no code execution occurs — only policy checks run against the generated artifact
+When used as a skill, moltblock performs **policy checks only** — no code is generated, written to disk, or executed. The tool analyzes task descriptions against configurable policy rules and returns a pass/fail verification result.
-**Residual risk:** Policy rules are pattern-based and cannot catch all dangerous code. LLM-generated code executed via `--test` may perform arbitrary actions within the permissions of the Node.js process. Users should review generated code or run moltblock in a sandboxed environment when verifying untrusted tasks.
+The CLI additionally supports a `--test` flag for direct user invocation that executes code verification via vitest. This flag is not exposed to agents through this skill and should only be used directly by developers in sandboxed environments. See the [CLI documentation](https://github.com/moltblock/moltblock#security) for details.
 ## Disclaimer