npm - opencode-swarm - Versions diffs - 7.25.1 → 7.26.0 - Mend

opencode-swarm 7.25.1 → 7.26.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +41 -8
package/dist/cli/index.js +103 -289
package/dist/hooks/guardrails.d.ts +22 -0
package/dist/hooks/shell-write-detect.d.ts +110 -0
package/dist/index.js +2515 -1343
package/dist/scope/scope-persistence.d.ts +4 -3
package/dist/tools/test-runner.d.ts +0 -10
package/package.json +3 -2

package/dist/hooks/guardrails.d.ts CHANGED Viewed

@@ -16,6 +16,8 @@ export declare const _internals: {
     getProviderFailureFingerprint: typeof getProviderFailureFingerprint;
     isTransientProviderFailureText: typeof isTransientProviderFailureText;
     resolveFallbackModel: typeof resolveFallbackModel;
+    dcCheckJunctionCreation: typeof dcCheckJunctionCreation;
+    extractErrorSignal: typeof extractErrorSignal;
 };
 /**
  * Issue #853 Layer B: tools that are structurally blocked while
@@ -38,6 +40,12 @@ export declare const SPEC_DRIFT_BLOCKED_TOOLS: Set<string>;
  * immediately on the next tool call.
  */
 export declare function enforceSpecDriftGate(directory: string | undefined, toolName: string): void;
+/**
+ * Extracts bounded provider/error signal from unknown hook error payloads.
+ * Do not stringify arbitrary objects here: unrelated fields like `phase: 502`
+ * must not accidentally become transient provider errors.
+ */
+declare function extractErrorSignal(errorContent: unknown): string;
 type ChatMessageLike = {
     info?: {
         role?: string;
@@ -70,6 +78,20 @@ export declare function setStoredInputArgs(callID: string, args: unknown): void;
  * @param callID The callID to delete
  */
 export declare function deleteStoredInputArgs(callID: string): void;
+/**
+ * Detect Windows junction or symlink CREATION commands.
+ * Junction creation followed by recursive deletion of the junction is the
+ * exact mechanism of the K2.6 data-loss incident.
+ * Block junction/symlink creation where the target resolves outside cwd.
+ *
+ * Patterns covered:
+ *   mklink /J <link> <target>
+ *   mklink /D <link> <target>
+ *   New-Item -ItemType Junction -Path <link> -Target <target>
+ *   New-Item -ItemType SymbolicLink -Path <link> -Target <target>
+ *   ln -s <target> <link>  (when target is outside cwd)
+ */
+declare function dcCheckJunctionCreation(segment: string, cwd: string): string | null;
 /**
  * Redacts sensitive values from a shell command string before audit logging.
  * Covers env-var assignments, CLI flags, Bearer/Basic auth, and -H header flags.

package/dist/hooks/shell-write-detect.d.ts ADDED Viewed

@@ -0,0 +1,110 @@
+/**
+ * Shell Write Detector — POSIX AST + Windows regex-based write-operation detection
+ *
+ * Parses POSIX shell commands using bash-parser and statically detects
+ * file-system write operations using regex heuristics for Windows shells.
+ * Used by guardrails and scope-validation hooks to catch opaque shell
+ * commands that would bypass direct tool coverage.
+ *
+ * @module shell-write-detect
+ */
+/**
+ * All write-operation categories detected by this module.
+ */
+export type WriteCategory = 'redirect' | 'here_doc' | 'builtin_write' | 'inplace_edit' | 'interpreter_eval' | 'network_download' | 'archive_extract' | 'git_destructive';
+/**
+ * A single write target detected in a shell command.
+ */
+export interface WriteTarget {
+    /** The category of write operation. */
+    category: WriteCategory;
+    /** The tool or operator that triggered this write, e.g. "cp", ">", "sed -i". */
+    operator: string;
+    /** The file path written to, or null when the path cannot be determined statically. */
+    path: string | null;
+}
+/**
+ * Result of analyzing a single shell command.
+ */
+export interface WriteAnalysis {
+    /** All write targets detected in the command (empty if none). */
+    writes: WriteTarget[];
+    /** Whether the command contains any detected writes. */
+    hasWrites: boolean;
+    /** Whether the command could not be parsed (fail-closed). */
+    parseError?: boolean;
+}
+/**
+ * A write target with its resolved absolute path.
+ */
+export interface ResolvedWriteTarget {
+    /** The original write target. */
+    original: WriteTarget;
+    /**
+     * The resolved absolute path, or null if the path could not be determined
+     * (null original path) or was marked unresolvable (dynamic path).
+     */
+    resolvedPath: string | null;
+    /**
+     * Whether the path was successfully resolved to an absolute path.
+     * false when: path is null, path contains env vars ($VAR), or path
+     * contains command substitution ($(cmd) or `cmd`).
+     */
+    resolved: boolean;
+}
+/**
+ * Detect interactive/session tools that should be denied regardless of scope.
+ *
+ * These tools create persistent sessions or run commands repeatedly in a way
+ * that is inherently open-ended and cannot be bounded safely.
+ *
+ * @param command - A shell command string
+ * @param shell - The shell type: 'posix', 'powershell', or 'cmd'
+ * @returns true if the command uses an interactive/session tool
+ */
+export declare function detectInteractiveSession(command: string, shell: 'posix' | 'powershell' | 'cmd'): boolean;
+/**
+ * Parse a POSIX shell command and detect all file-system write operations.
+ *
+ * Detects:
+ * - Redirection operators: >, >>, >|, <<, <<- (here-docs)
+ * - Write-effect builtins: cp, mv, install, ln, truncate, dd (of=)
+ * - In-place editors: sed -i, perl -i, awk -i
+ * - Interpreter eval: python -c/-m, node -e, bun -e, ruby -e, perl -e, php -r
+ * - Network downloaders: curl -o, wget -O, scp
+ * - Archive extraction: tar -x, unzip, gunzip
+ * - Git destructive: git checkout --, git restore, git reset --hard, git clean -fd
+ *
+ * @param command - A POSIX shell command string
+ * @returns WriteAnalysis with array of detected write targets; hasWrites is false when array is empty
+ */
+export declare function detectPosixWrites(command: string): WriteAnalysis;
+/**
+ * Parse a Windows shell command (PowerShell or cmd.exe) and detect all
+ * file-system write operations using regex heuristics.
+ *
+ * Detects:
+ * - Redirection operators: >, >>
+ * - PowerShell cmdlets: Out-File, Set-Content, Add-Content, Clear-Content,
+ *   Copy-Item, Move-Item, Remove-Item, Invoke-WebRequest (-OutFile), Start-Process
+ * - PowerShell aliases: echo, write (when used with redirection)
+ * - cmd.exe builtins: copy, move, ren, del, rd, md
+ * - cmd.exe redirections: >, >>
+ * - cmd.exe echo/set with redirection
+ *
+ * @param command - A Windows shell command string
+ * @param shell - Either 'powershell' or 'cmd'
+ * @returns WriteAnalysis with array of detected write targets; hasWrites is false when array is empty
+ */
+export declare function detectWindowsWrites(command: string, shell: 'powershell' | 'cmd'): WriteAnalysis;
+/**
+ * Resolve write targets from a POSIX shell command against a given cwd,
+ * tracking directory changes through subshell `cd` commands.
+ *
+ * This function is pure: it does not modify any external state.
+ *
+ * @param command - A POSIX shell command string (e.g., "(cd /tmp && echo x > file)")
+ * @param cwd - The starting current working directory (e.g., "/home/user")
+ * @returns Array of ResolvedWriteTarget with resolved absolute paths
+ */
+export declare function resolveWriteTargets(command: string, writes: WriteTarget[], cwd: string): ResolvedWriteTarget[];