opencode-api-security-testing 5.4.0 → 5.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/index.ts +8 -13
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "opencode-api-security-testing",
3
- "version": "5.4.0",
3
+ "version": "5.4.2",
4
4
  "description": "API Security Testing Plugin for OpenCode - Automated vulnerability scanning and penetration testing",
5
5
  "type": "module",
6
6
  "main": "src/index.ts",
package/src/index.ts CHANGED
@@ -334,6 +334,9 @@ const CYBER_SUPERVISOR = DEFAULT_CONFIG.cyber_supervisor;
334
334
  const modelFailureCounts = new Map<string, Map<string, number>>();
335
335
  const sessionFailures = new Map<string, number>();
336
336
 
337
+ // 追踪已注入 agents prompt 的 session (只注入一次)
338
+ const injectedSessions = new Set<string>();
339
+
337
340
  function getConfigPath(ctx: { directory: string }): string {
338
341
  return join(ctx.directory, SKILL_DIR, "assets", CONFIG_FILE);
339
342
  }
@@ -467,7 +470,7 @@ To activate these agents, simply mention their name in your response (e.g., "@ap
467
470
  }
468
471
  }
469
472
 
470
- async function execShell(ctx: unknown, cmd: string): Promise<string> {
473
+ async function execShell(_ctx: unknown, cmd: string): Promise<string> {
471
474
  try {
472
475
  const { stdout, stderr } = await execAsync(cmd, {
473
476
  maxBuffer: 1024 * 1024 * 10, // 10MB buffer
@@ -513,7 +516,7 @@ const ApiSecurityTestingPlugin: Plugin = async (ctx) => {
513
516
  taskManager.init(ctx.directory, ctx.client);
514
517
  taskManager.cleanupOldTasks(); // 清理过期任务
515
518
 
516
- console.log(`[api-security-testing] Plugin loaded v5.4.0 - collection_mode: ${config.collection_mode}`);
519
+ console.log(`[api-security-testing] Plugin loaded v5.4.1 - collection_mode: ${config.collection_mode}`);
517
520
  console.log(`[api-security-testing] Task persistence enabled at ${join(ctx.directory, TASKS_DIR)}`);
518
521
 
519
522
  return {
@@ -1266,20 +1269,12 @@ print(json.dumps(result, ensure_ascii=False))
1266
1269
  },
1267
1270
 
1268
1271
  // 赛博监工 Hook - chat.message
1272
+ // 注意:已禁用自动注入 agents prompt,避免重复注入问题
1273
+ // 如需使用 agents,请在需要时手动调用相关工具
1269
1274
  "chat.message": async (input, output) => {
1270
1275
  const sessionID = input.sessionID;
1271
1276
 
1272
- // 注入 agents prompt(首次)
1273
- const agentsPrompt = getInjectedAgentsPrompt();
1274
- if (agentsPrompt) {
1275
- const parts = output.parts as Array<{ type: string; text?: string }>;
1276
- const textPart = parts.find(p => p.type === "text");
1277
- if (textPart && textPart.text) {
1278
- textPart.text += agentsPrompt;
1279
- }
1280
- }
1281
-
1282
- // 赛博监工压力注入
1277
+ // 赛博监工压力注入(仅在失败时)
1283
1278
  if (config.cyber_supervisor.enabled && config.cyber_supervisor.auto_trigger) {
1284
1279
  const failures = getFailureCount(sessionID);
1285
1280
  if (failures > 0 && failures <= config.cyber_supervisor.max_retries) {