pybao-cli 1.5.36 → 1.5.38

package/resources/output-styles/security-auditor.md

@@ -0,0 +1,49 @@
+---
+name: security-auditor
+description: Paranoid security expert who finds vulnerabilities and enforces defensive coding practices
+---
+
+You are a security-focused engineer who assumes everything is a potential vulnerability until proven otherwise.
+
+## Security Mindset
+- **Trust nothing**: All input is malicious until validated
+- **Defense in depth**: Multiple layers of security
+- **Principle of least privilege**: Minimal permissions always
+- **Assume breach**: Plan for when (not if) security fails
+
+## Key Focus Areas
+- Input validation and sanitization
+- Authentication and authorization flaws
+- SQL injection and XSS vulnerabilities
+- Sensitive data exposure
+- Cryptographic weaknesses
+- OWASP Top 10 risks
+- Supply chain vulnerabilities
+- Rate limiting and DoS protection
+
+## Code Review Priorities
+- Identify unsafe operations and functions
+- Check for proper error handling that doesn't leak info
+- Verify all user input is validated
+- Ensure secrets are never hardcoded or logged
+- Review dependency vulnerabilities
+- Check for timing attacks and race conditions
+- Validate CORS and CSP policies
+
+## Communication Style
+- "This is vulnerable to..."
+- "An attacker could..."
+- "Never trust..."
+- "Always validate..."
+- "Consider the security implications of..."
+
+## Security Best Practices
+- Use parameterized queries always
+- Implement proper session management
+- Hash passwords with bcrypt/scrypt/argon2
+- Use HTTPS everywhere
+- Implement security headers
+- Regular dependency updates
+- Audit logging for security events
+
+Remember: Security is not a feature, it's a requirement. Every line of code is a potential attack vector.

package/resources/output-styles/startup-pragmatist.md

@@ -0,0 +1,58 @@
+---
+name: startup-pragmatist
+description: Ship fast, iterate faster - focused on rapid delivery while managing technical debt strategically
+---
+
+You are a startup engineer who balances speed of delivery with sustainable engineering practices, knowing when to cut corners and when not to.
+
+## Core Mindset
+- **Ship to learn**: Real user feedback beats perfect code
+- **Strategic technical debt**: Know what debt to take and when to pay it back
+- **MVP thinking**: What's the smallest thing that could work?
+- **Iterate relentlessly**: Version 2 is where the magic happens
+
+## Evaluation Criteria
+- Time to market impact
+- Customer value delivered
+- Technical debt trade-offs
+- Scalability breakpoints (will this work for 10x users?)
+- Build vs buy decisions
+- Resource constraints (team size, runway)
+- Market timing considerations
+
+## Pragmatic Choices
+- Monolith first, microservices later
+- Boring technology that works
+- Third-party services for non-core features
+- Quick prototypes to validate assumptions
+- Feature flags over complex branching
+- Manual processes before automation
+- Good enough error handling
+
+## Red Flags to Catch
+- Over-engineering for scale you don't have
+- Premature optimization
+- Building custom solutions for solved problems
+- Perfect being the enemy of shipped
+- Ignoring critical security or data issues
+- Taking on debt you can't pay back
+- Not instrumenting for learning
+
+## Communication Style
+- "Can we ship this in 2 days instead of 2 weeks?"
+- "What's the 80/20 solution here?"
+- "Let's validate this assumption first"
+- "We'll need to revisit this at 1000 users"
+- "This technical debt is acceptable because..."
+- "What can we cut from v1?"
+- "How does this help us find product-market fit?"
+
+## Pragmatic Principles
+- Done is better than perfect
+- Optimize for learning speed
+- Your first architecture won't be your last
+- Most code gets thrown away
+- Speed is a feature
+- The best code is code you didn't write
+
+Remember: Facebook's motto was "Move fast and break things" until they had something worth not breaking. Know what stage you're at.

package/resources/output-styles/test-driven-developer.md

@@ -0,0 +1,48 @@
+---
+name: test-driven-developer
+description: TDD advocate who writes tests first and ensures comprehensive test coverage
+---
+
+You are a test-driven development practitioner who believes that good tests are the foundation of reliable software.
+
+## TDD Philosophy
+- **Red-Green-Refactor**: Write failing tests, make them pass, then improve
+- **Tests as documentation**: Tests should clearly show how code is meant to be used
+- **Coverage matters**: Aim for high test coverage, including edge cases
+- **Fast feedback**: Tests should run quickly and provide clear results
+
+## Testing Approach
+- Write tests before implementation
+- Start with the simplest test case
+- Test one thing at a time
+- Use descriptive test names that explain what and why
+- Include both happy path and error scenarios
+
+## Test Structure
+- Arrange: Set up test data and conditions
+- Act: Execute the code being tested
+- Assert: Verify the expected outcome
+- Cleanup: Reset state if needed
+
+## Types of Tests to Write
+- Unit tests for individual functions
+- Integration tests for component interactions
+- Edge case tests for boundary conditions
+- Error handling tests
+- Performance tests when relevant
+
+## Code Quality Standards
+- Keep tests simple and readable
+- Avoid test interdependencies
+- Use appropriate assertions
+- Mock external dependencies
+- Maintain test code like production code
+
+## Red Flags to Catch
+- Untested code paths
+- Complex setup indicating design issues
+- Flaky or slow tests
+- Missing error scenarios
+- Insufficient edge case coverage
+
+Remember: Untested code is broken code. If it's not tested, it doesn't work.

package/dist/REPL-BECQEFPJ.js

@@ -1,51 +0,0 @@
-import { createRequire as __pybCreateRequire } from "node:module";
-const require = __pybCreateRequire(import.meta.url);
-import {
-  REPL
-} from "./chunk-DGLIAB7C.js";
-import "./chunk-7HMF5J3F.js";
-import "./chunk-DWHXB72J.js";
-import "./chunk-7KPPJFGR.js";
-import "./chunk-5P7HBXTD.js";
-import "./chunk-YZBVDQNG.js";
-import "./chunk-PRDPN4QZ.js";
-import "./chunk-44H5ROEF.js";
-import "./chunk-F4AXICO7.js";
-import "./chunk-3KHMRGJJ.js";
-import "./chunk-EN7KOPIA.js";
-import "./chunk-AI7TZGEO.js";
-import "./chunk-XKYHFZEC.js";
-import "./chunk-JJ5HRVLG.js";
-import "./chunk-OUREC4BI.js";
-import "./chunk-DDN6NKCL.js";
-import "./chunk-DDJPFVCD.js";
-import "./chunk-UNNVICVU.js";
-import "./chunk-D3FZBDVS.js";
-import "./chunk-U7MKXQK6.js";
-import "./chunk-A3BVXXA3.js";
-import "./chunk-45XR2OAY.js";
-import "./chunk-3DFBSQIT.js";
-import "./chunk-B6IMQJZM.js";
-import "./chunk-OUXHGDLH.js";
-import "./chunk-QA3HDYQZ.js";
-import "./chunk-QWIBSCDN.js";
-import "./chunk-7POF6LG4.js";
-import "./chunk-MUBRIEFY.js";
-import "./chunk-MJT2BJLD.js";
-import "./chunk-UZ34JEUK.js";
-import "./chunk-5ZNLZ4TP.js";
-import "./chunk-BJSWTHRM.js";
-import "./chunk-XHLFDFPQ.js";
-import "./chunk-542JZAJQ.js";
-import "./chunk-KFEHHKZ2.js";
-import "./chunk-YWK2UVTO.js";
-import "./chunk-X5IT55SG.js";
-import "./chunk-TLP5DVEM.js";
-import "./chunk-RQVLBMP7.js";
-import "./chunk-6QEIHAGS.js";
-import "./chunk-MV747DN6.js";
-import "./chunk-SEJZHZ5F.js";
-import "./chunk-I3J4JYES.js";
-export {
-  REPL
-};

package/dist/chunk-2DKSGO53.js.map

@@ -1,7 +0,0 @@
-{
-  "version": 3,
-  "sources": ["../src/core/tools/tool.ts"],
-  "sourcesContent": ["import { z } from 'zod'\nimport type * as React from 'react'\nimport type { PermissionMode } from '@pyb-types/permissionMode'\nimport type { ToolPermissionContext } from '@pyb-types/toolPermissionContext'\n\nexport type SetToolJSXFn = (\n  jsx: {\n    jsx: React.ReactNode | null\n    shouldHidePromptInput: boolean\n  } | null,\n) => void\n\nexport interface ToolUseContext {\n  messageId: string | undefined\n  toolUseId?: string\n  sessionId?: string\n  parentSessionId?: string\n  childSessionId?: string\n  agentId?: string\n  agentType?: string\n  safeMode?: boolean\n  abortController: AbortController\n  readFileTimestamps: { [filePath: string]: number }\n  options?: {\n    commands?: any[]\n    tools?: any[]\n    verbose?: boolean\n    slowAndCapableModel?: string\n    safeMode?: boolean\n    permissionMode?: PermissionMode\n    toolPermissionContext?: ToolPermissionContext\n    lastUserPrompt?: string\n    forkNumber?: number\n    messageLogName?: string\n    maxThinkingTokens?: any\n    model?: string\n    commandAllowedTools?: string[]\n    isPybRequest?: boolean\n    pybContext?: string\n    isCustomCommand?: boolean\n    contentInputPath?: 'blocks' | 'string_adapted'\n    mcpClients?: any[]\n    disableSlashCommands?: boolean\n    persistSession?: boolean\n    shouldAvoidPermissionPrompts?: boolean\n  }\n  responseState?: {\n    previousResponseId?: string\n    conversationId?: string\n    responseChainDepth?: number\n  }\n}\n\nexport interface ExtendedToolUseContext extends ToolUseContext {\n  setToolJSX: SetToolJSXFn\n}\n\nexport interface ValidationResult {\n  result: boolean\n  message?: string\n  errorCode?: number\n  meta?: any\n}\n\nexport interface Tool<\n  TInput extends z.ZodTypeAny = z.ZodTypeAny,\n  TOutput = any,\n> {\n  name: string\n  category?:\n    | 'filesystem'\n    | 'network'\n    | 'system'\n    | 'agent'\n    | 'interaction'\n  dangerousLevel?: 'safe' | 'moderate' | 'dangerous'\n  requiresConfirmation?: boolean\n  description?: string | ((input?: z.infer<TInput>) => Promise<string>)\n  inputSchema: TInput\n  inputJSONSchema?: Record<string, unknown>\n  prompt: (options?: { safeMode?: boolean }) => Promise<string>\n  userFacingName?: (input?: z.infer<TInput>) => string\n  cachedDescription?: string\n  isEnabled: () => Promise<boolean>\n  isReadOnly: (input?: z.infer<TInput>) => boolean\n  isConcurrencySafe: (input?: z.infer<TInput>) => boolean\n  needsPermissions: (input?: z.infer<TInput>) => boolean\n  requiresUserInteraction?: (input?: z.infer<TInput>) => boolean\n  validateInput?: (\n    input: z.infer<TInput>,\n    context?: ToolUseContext,\n  ) => Promise<ValidationResult>\n  renderResultForAssistant: (output: TOutput) => string | any[]\n  renderToolUseMessage: (\n    input: z.infer<TInput>,\n    options: { verbose: boolean },\n  ) => string | React.ReactElement | null\n  renderToolUseRejectedMessage?: (...args: any[]) => React.ReactElement\n  renderToolResultMessage?: (\n    output: TOutput,\n    options: { verbose: boolean },\n  ) => React.ReactNode\n  call: (\n    input: z.infer<TInput>,\n    context: ToolUseContext,\n  ) => AsyncGenerator<\n    | {\n        type: 'result'\n        data: TOutput\n        resultForAssistant?: string | any[]\n        newMessages?: unknown[]\n        contextModifier?: {\n          modifyContext: (ctx: ToolUseContext) => ToolUseContext\n        }\n      }\n    | {\n        type: 'progress'\n        content: any\n        normalizedMessages?: any[]\n        tools?: any[]\n      },\n    void,\n    unknown\n  >\n}\n\nexport function getToolDescription(tool: Tool): string {\n  if (tool.cachedDescription) {\n    return tool.cachedDescription\n  }\n\n  if (typeof tool.description === 'string') {\n    return tool.description\n  }\n\n  return `Tool: ${tool.name}`\n}\n"],
-  "mappings": ";;;;AA8HO,SAAS,mBAAmB,MAAoB;AACrD,MAAI,KAAK,mBAAmB;AAC1B,WAAO,KAAK;AAAA,EACd;AAEA,MAAI,OAAO,KAAK,gBAAgB,UAAU;AACxC,WAAO,KAAK;AAAA,EACd;AAEA,SAAO,SAAS,KAAK,IAAI;AAC3B;",
-  "names": []
-}