nex-code 0.3.63 → 0.3.65
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +29 -1
- package/dist/nex-code.js +421 -421
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -289,6 +289,13 @@ Supported formats: PNG, JPG, GIF, WebP, BMP. Works with Anthropic, OpenAI, Gemin
|
|
|
289
289
|
|
|
290
290
|
Skip all confirmation prompts — file changes, dangerous commands, and tool permissions are auto-approved. The banner shows a `⚡ YOLO` indicator. Toggle at runtime with `/autoconfirm`.
|
|
291
291
|
|
|
292
|
+
On macOS, nex-code automatically runs `caffeinate` for the duration of the session (idle sleep and disk sleep are suppressed), so long autonomous tasks won't be interrupted by the system going to sleep. This applies to all modes, not just YOLO.
|
|
293
|
+
|
|
294
|
+
You can also enable YOLO mode permanently for a project via `.nex/config.json`:
|
|
295
|
+
```json
|
|
296
|
+
{ "yolo": true }
|
|
297
|
+
```
|
|
298
|
+
|
|
292
299
|
### Headless / Programmatic Mode
|
|
293
300
|
|
|
294
301
|
Run nex-code non-interactively from scripts, CI pipelines, or other processes:
|
|
@@ -314,7 +321,7 @@ nex-code --prompt-file /tmp/task.txt --yolo --json
|
|
|
314
321
|
| `--prompt-file <path>` | Read prompt from a UTF-8 file and run headless |
|
|
315
322
|
| `--delete-prompt-file` | Delete the prompt file after reading (use with `--prompt-file`) |
|
|
316
323
|
| `--auto` | Skip confirmations (non-interactive, no REPL banner) |
|
|
317
|
-
| `--yolo` | Skip all confirmations including dangerous commands |
|
|
324
|
+
| `--yolo` | Skip all confirmations including dangerous commands (also configurable via `.nex/config.json` `"yolo": true`) |
|
|
318
325
|
| `--server` | Start JSON-lines IPC server (used by the VS Code extension) |
|
|
319
326
|
| `--json` | Output `{"success":true,"response":"..."}` to stdout |
|
|
320
327
|
| `--max-turns <n>` | Override the agentic loop iteration limit |
|
|
@@ -1084,6 +1091,27 @@ Arguments are automatically sanitized — keys matching `key`, `token`, `passwor
|
|
|
1084
1091
|
|
|
1085
1092
|
---
|
|
1086
1093
|
|
|
1094
|
+
## Safety
|
|
1095
|
+
|
|
1096
|
+
nex-code includes multi-layer protections to prevent accidental damage — even in `--auto` and `--yolo` mode:
|
|
1097
|
+
|
|
1098
|
+
| Layer | What it guards | Bypass possible? |
|
|
1099
|
+
|---|---|---|
|
|
1100
|
+
| **Forbidden patterns** | `rm -rf /`, fork bombs, reverse shells, `cat .env` | No |
|
|
1101
|
+
| **Protected paths** | Destructive bash ops (`rm`, `mv`, `truncate`, …) on `.env`, `credentials/`, `venv/`, `.ssh/`, `.aws/`, `.sqlite3`, `.git/` internals | Only via `NEX_UNPROTECT=1` |
|
|
1102
|
+
| **Sensitive file tools** | `read_file` / `write_file` / `edit_file` on `.env`, `.ssh/`, `.npmrc`, `.kube/config`, etc. | No |
|
|
1103
|
+
| **Critical commands** | `rm -rf`, `sudo`, `git push --force`, `git reset --hard` | Requires explicit confirmation |
|
|
1104
|
+
|
|
1105
|
+
**Override:** If you intentionally need to modify a protected path via bash (e.g. rotating credentials in a deploy script), set `NEX_UNPROTECT=1`:
|
|
1106
|
+
|
|
1107
|
+
```bash
|
|
1108
|
+
NEX_UNPROTECT=1 nex-code
|
|
1109
|
+
```
|
|
1110
|
+
|
|
1111
|
+
This disables the protected-path check only — forbidden patterns and critical-command prompts remain active.
|
|
1112
|
+
|
|
1113
|
+
---
|
|
1114
|
+
|
|
1087
1115
|
## Team Permissions
|
|
1088
1116
|
|
|
1089
1117
|
Permission presets for team environments:
|