moltblock 0.11.5 → 0.11.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/cli.js +16 -1
  2. package/dist/config.js +6 -1
  3. package/dist/index.d.ts +1 -1
  4. package/dist/index.js +1 -1
  5. package/dist/signing.js +3 -8
  6. package/package.json +1 -1
  7. package/skill/SKILL.md +6 -6
package/dist/cli.js CHANGED
@@ -70,7 +70,22 @@ async function main() {
70
70
  });
71
71
  await program.parseAsync(process.argv);
72
72
  }
73
+ /** Sanitize error messages to strip sensitive data before logging. */
74
+ function sanitizeError(err) {
75
+ const msg = err instanceof Error ? err.message : String(err);
76
+ return msg
77
+ .replace(/[A-Za-z0-9_\-]{20,}/g, "[REDACTED]")
78
+ .replace(/https?:\/\/[^\s]+/g, (url) => {
79
+ try {
80
+ const u = new URL(url);
81
+ return `${u.protocol}//${u.hostname}/...`;
82
+ }
83
+ catch {
84
+ return "[REDACTED_URL]";
85
+ }
86
+ });
87
+ }
73
88
  main().catch((err) => {
74
- console.error(err);
89
+ console.error(`Error: ${sanitizeError(err)}`);
75
90
  process.exit(1);
76
91
  });
package/dist/config.js CHANGED
@@ -67,7 +67,12 @@ export const ModelBindingSchema = z.object({
67
67
  function isAllowedConfigPath(filePath) {
68
68
  const resolved = path.resolve(filePath);
69
69
  const allowed = [path.resolve(process.cwd()), path.resolve(os.homedir()), path.resolve(os.tmpdir())];
70
- return allowed.some((dir) => resolved.startsWith(dir + path.sep) || resolved === dir);
70
+ return allowed.some((dir) => {
71
+ if (resolved === dir)
72
+ return true;
73
+ const rel = path.relative(dir, resolved);
74
+ return !!rel && !rel.startsWith("..") && !path.isAbsolute(rel);
75
+ });
71
76
  }
72
77
  /**
73
78
  * Resolve moltblock config file: MOLTBLOCK_CONFIG env, then ./moltblock.json, ./.moltblock/moltblock.json, ~/.moltblock/moltblock.json.
package/dist/index.d.ts CHANGED
@@ -1,7 +1,7 @@
1
1
  /**
2
2
  * Moltblock — framework for evolving composite intelligences (Entities).
3
3
  */
4
- export declare const VERSION = "0.11.5";
4
+ export declare const VERSION = "0.11.6";
5
5
  export type { ModelBinding, BindingEntry, AgentConfig, MoltblockConfig, ChatMessage, VerifiedMemoryEntry, CheckpointEntry, OutcomeEntry, InboxEntry, StrategySuggestion, ReceivedArtifact, GovernanceConfig, } from "./types.js";
6
6
  export { WorkingMemory } from "./memory.js";
7
7
  export { signArtifact, verifyArtifact, artifactHash } from "./signing.js";
package/dist/index.js CHANGED
@@ -1,7 +1,7 @@
1
1
  /**
2
2
  * Moltblock — framework for evolving composite intelligences (Entities).
3
3
  */
4
- export const VERSION = "0.11.5";
4
+ export const VERSION = "0.11.6";
5
5
  // Memory
6
6
  export { WorkingMemory } from "./memory.js";
7
7
  // Signing
package/dist/signing.js CHANGED
@@ -42,14 +42,9 @@ function getSecret(entityId) {
42
42
  return key;
43
43
  }
44
44
  catch {
45
- // Weak deterministic fallback requires explicit opt-in
46
- if (process.env["MOLTBLOCK_INSECURE_DEV_SIGNING"] !== "1") {
47
- throw new Error(`No MOLTBLOCK_SIGNING_KEY set and filesystem unavailable. ` +
48
- `Set MOLTBLOCK_SIGNING_KEY for signing, or set MOLTBLOCK_INSECURE_DEV_SIGNING=1 to allow weak dev fallback.`);
49
- }
50
- console.warn(`Warning: Using weak default signing key for entity "${entityId}". ` +
51
- `Set MOLTBLOCK_SIGNING_KEY for secure artifact signing.`);
52
- return Buffer.from(`dev-only-insecure-key-${entityId}`, "utf-8");
45
+ // No weak deterministic fallback require explicit key material
46
+ throw new Error(`No MOLTBLOCK_SIGNING_KEY set and filesystem unavailable for dev key generation. ` +
47
+ `Set MOLTBLOCK_SIGNING_KEY or MOLTBLOCK_SIGNING_KEY_${entityId.toUpperCase()} environment variable.`);
53
48
  }
54
49
  }
55
50
  const keyBytes = Buffer.from(envKey, "utf-8");
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "moltblock",
3
- "version": "0.11.5",
3
+ "version": "0.11.6",
4
4
  "description": "Framework for building evolving composite AI intelligences (Entities)",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",
package/skill/SKILL.md CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  name: moltblock - Trust Layer for AI Agents
3
3
  description: Verification gating for AI-generated artifacts. Policy checks to catch dangerous patterns before execution.
4
- version: 0.11.5
4
+ version: 0.11.6
5
5
  homepage: https://github.com/moltblock/moltblock
6
6
  repository: https://github.com/moltblock/moltblock
7
7
  metadata:
@@ -21,7 +21,7 @@ metadata:
21
21
  homepage: https://github.com/moltblock/moltblock
22
22
  install:
23
23
  - kind: node
24
- package: moltblock@0.11.5
24
+ package: moltblock@0.11.6
25
25
  bins: [moltblock]
26
26
  ---
27
27
 
@@ -53,7 +53,7 @@ Verify a task before execution.
53
53
  ### Usage
54
54
 
55
55
  ```bash
56
- npx moltblock@0.11.5 "<task description>" --provider <provider> --json
56
+ npx moltblock@0.11.6 "<task description>" --provider <provider> --json
57
57
  ```
58
58
 
59
59
  ### Parameters
@@ -77,7 +77,7 @@ Moltblock auto-detects the LLM provider from whichever API key is set. If no key
77
77
 
78
78
  ```bash
79
79
  # Verify a task
80
- npx moltblock@0.11.5 "implement a function that validates email addresses" --json
80
+ npx moltblock@0.11.6 "implement a function that validates email addresses" --json
81
81
  ```
82
82
 
83
83
  ### Output (JSON mode)
@@ -98,13 +98,13 @@ npx moltblock@0.11.5 "implement a function that validates email addresses" --jso
98
98
  Use directly with npx (recommended, no install needed):
99
99
 
100
100
  ```bash
101
- npx moltblock@0.11.5 "your task" --json
101
+ npx moltblock@0.11.6 "your task" --json
102
102
  ```
103
103
 
104
104
  Or install globally:
105
105
 
106
106
  ```bash
107
- npm install -g moltblock@0.11.5
107
+ npm install -g moltblock@0.11.6
108
108
  ```
109
109
 
110
110
  ## Configuration