natureco-cli 2.2.3 → 2.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/commands/dashboard.js +2 -2
- package/src/tools/bash.js +11 -0
- package/src/utils/api.js +5 -2
package/package.json
CHANGED
|
@@ -211,7 +211,7 @@ body::before{
|
|
|
211
211
|
<div class="header-bot-name" id="header-bot-name">Nature Bot</div>
|
|
212
212
|
<div class="header-bot-model" id="header-bot-model">NatureCo</div>
|
|
213
213
|
</div>
|
|
214
|
-
<div class="version-badge" id="version-badge">v2.2.
|
|
214
|
+
<div class="version-badge" id="version-badge">v2.2.4</div>
|
|
215
215
|
</div>
|
|
216
216
|
<div class="messages" id="messages"></div>
|
|
217
217
|
<div class="input-area">
|
|
@@ -341,7 +341,7 @@ function dashboard(action) {
|
|
|
341
341
|
apiKey: cfg.apiKey,
|
|
342
342
|
defaultBot: cfg.defaultBot,
|
|
343
343
|
defaultBotId: cfg.defaultBotId,
|
|
344
|
-
version: 'v2.2.
|
|
344
|
+
version: 'v2.2.4',
|
|
345
345
|
bots: cfg.bots || [],
|
|
346
346
|
telegramToken: cfg.telegramToken || null,
|
|
347
347
|
whatsappConnected: cfg.whatsappConnected || false,
|
package/src/tools/bash.js
CHANGED
|
@@ -17,6 +17,17 @@ module.exports = {
|
|
|
17
17
|
|
|
18
18
|
async execute(params) {
|
|
19
19
|
try {
|
|
20
|
+
// Security: Block dangerous commands
|
|
21
|
+
const DANGEROUS_COMMANDS = ['kill', 'rm -rf', 'sudo rm', 'pkill', 'killall', 'shutdown', 'reboot', 'format'];
|
|
22
|
+
const isDangerous = DANGEROUS_COMMANDS.some(cmd => params.command.includes(cmd));
|
|
23
|
+
|
|
24
|
+
if (isDangerous) {
|
|
25
|
+
return {
|
|
26
|
+
success: false,
|
|
27
|
+
error: 'Bu komut güvenlik nedeniyle engellendi. Kullanıcıdan onay alınması gerekiyor.'
|
|
28
|
+
};
|
|
29
|
+
}
|
|
30
|
+
|
|
20
31
|
// Replace /home with actual home directory
|
|
21
32
|
// Handles: /home, /home/Documents, /home/anything
|
|
22
33
|
let command = params.command;
|
package/src/utils/api.js
CHANGED
|
@@ -241,17 +241,20 @@ async function sendMessageToProvider(apiKey, message, conversationId = null, sys
|
|
|
241
241
|
|
|
242
242
|
const toolResults = await executeToolCalls(toolCalls);
|
|
243
243
|
|
|
244
|
-
// Add tool results to messages (sanitized
|
|
244
|
+
// Add tool results to messages (sanitized, truncated, and escaped)
|
|
245
245
|
for (const result of toolResults) {
|
|
246
246
|
const sanitizedContent = result.result.success
|
|
247
247
|
? { result: result.result.output || result.result }
|
|
248
248
|
: { error: result.result.error };
|
|
249
249
|
|
|
250
|
+
// Truncate to max 2000 characters and escape special characters
|
|
251
|
+
const safeContent = JSON.stringify(sanitizedContent).slice(0, 2000);
|
|
252
|
+
|
|
250
253
|
messages.push({
|
|
251
254
|
role: 'tool',
|
|
252
255
|
tool_call_id: result.id,
|
|
253
256
|
name: result.name,
|
|
254
|
-
content:
|
|
257
|
+
content: safeContent
|
|
255
258
|
});
|
|
256
259
|
}
|
|
257
260
|
|