npm - nexus-agents - Versions diffs - 2.57.0 → 2.58.0 - Mend

nexus-agents 2.57.0 → 2.58.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

package/dist/{chunk-BOZ26RIB.js → chunk-L3NHOUEX.js} RENAMED Viewed

@@ -29,7 +29,7 @@ import {
   getAvailableClis,
   isCliAvailable,
   withTimeout
-} from "./chunk-SXWZS2V4.js";
+} from "./chunk-YQAOMDR2.js";
 import {
   AgentError,
   CACHE_TIMEOUTS,
@@ -870,6 +870,38 @@ function isToolDenied(toolName) {
   return UNBYPASSABLE_TOOL_NAMES.includes(toolName);
 }
+// src/security/access-constraint-deriver/tool-risk.ts
+var READ_ONLY_TOOLS2 = /* @__PURE__ */ new Set([
+  // Discovery / listing
+  "list_experts",
+  "list_workflows",
+  // Research reads
+  "research_query",
+  "research_analyze",
+  "research_catalog_review",
+  "research_synthesize",
+  // Memory reads
+  "memory_query",
+  "memory_stats",
+  // Observability
+  "weather_report",
+  "query_trace",
+  "query_task_state",
+  // Codebase intelligence (read-only over local files)
+  "search_codebase",
+  "extract_symbols",
+  // Repo analysis (read-only)
+  "repo_analyze",
+  "repo_security_plan",
+  // Routing recommendation (no side effects — returns recommendation)
+  "delegate_to_model",
+  // Registry import (returns a draft template — does not write)
+  "registry_import"
+]);
+function isRiskyTool(toolName) {
+  return !READ_ONLY_TOOLS2.has(toolName);
+}
 // src/security/access-constraint-deriver/enforcer.ts
 function checkAccess(toolName, policy, args) {
   if (isToolDenied(toolName)) {
@@ -888,12 +920,28 @@ function checkAccess(toolName, policy, args) {
   }
   if (policy.allowedTools === "*") return { decision: "allow" };
   if (policy.allowedTools.includes(toolName)) return { decision: "allow" };
-  if (policy.mode === "audit") {
+  return decideOnViolation(toolName, policy.mode);
+}
+function decideOnViolation(toolName, mode) {
+  if (mode === "audit") {
     return {
       decision: "log-and-allow",
       warning: `tool "${toolName}" not in derived policy (audit mode)`
     };
   }
+  if (mode === "confirm_risky") {
+    if (!isRiskyTool(toolName)) {
+      return {
+        decision: "log-and-allow",
+        warning: `tool "${toolName}" not in derived policy (confirm_risky mode, read-only \u2014 would have required human approval, allowed because read-only)`
+      };
+    }
+    return {
+      decision: "deny",
+      reason: `tool "${toolName}" not in derived policy (confirm_risky mode, risky \u2014 would have required human approval; denied for now, add to allowedTools or run in audit mode to allow)`,
+      matchedRule: "allowedTools:confirm_risky"
+    };
+  }
   return {
     decision: "deny",
     reason: `tool "${toolName}" not in derived policy`,
@@ -12807,7 +12855,7 @@ async function processVotesWithCascade(votes, opts) {
 var CONTRARIAN_ESCALATION_THRESHOLD = 0.8;
 async function runContrarianCheck(proposal, log) {
   try {
-    const { executeExpert } = await import("./expert-bridge-LT7PKUPS.js");
+    const { executeExpert } = await import("./expert-bridge-BHTUNALT.js");
     const prompt = [
       "You are a contrarian analyst. Your job is to find reasons this proposal should be REJECTED.",
       "Look for: YAGNI (not needed), MISALIGNED (wrong tech/architecture), SECURITY_RISK, SCOPE_CREEP.",
@@ -13180,4 +13228,4 @@ export {
   CONSENSUS_VOTE_OUTPUT_SCHEMA,
   registerConsensusVoteTool
 };
-//# sourceMappingURL=chunk-BOZ26RIB.js.map
+//# sourceMappingURL=chunk-L3NHOUEX.js.map