teamcopilot 0.3.2 → 0.3.3

package/dist/workspace_files/.opencode/plugins/secret-proxy.ts

@@ -324,6 +324,12 @@ function isCurlExecutableToken(rawToken: string): boolean {
   return base === "curl"
 }
 
+function isGitExecutableToken(rawToken: string): boolean {
+  const { inner } = unwrapToken(rawToken)
+  const base = inner.split("/").pop() ?? inner
+  return base === "git"
+}
+
 function getLongOptionName(inner: string): string | null {
   const eqIndex = inner.indexOf("=")
   const optionName = eqIndex === -1 ? inner : inner.slice(0, eqIndex)
@@ -546,7 +552,12 @@ export const SecretProxyPlugin: Plugin = async ({ client }) => {
       return cached
     }
 
-    const rewritten = substitutePlaceholdersInCurlShellString(text)
+    const curlRewritten = substitutePlaceholdersInCurlShellString(text)
+    const gitRewritten = substitutePlaceholdersInGitShellString(curlRewritten.rewritten)
+    const rewritten = {
+      rewritten: gitRewritten.rewritten,
+      referencedKeys: Array.from(new Set([...curlRewritten.referencedKeys, ...gitRewritten.referencedKeys])).sort(),
+    }
     cache.set(text, rewritten)
     return rewritten
   }
@@ -564,6 +575,27 @@ export const SecretProxyPlugin: Plugin = async ({ client }) => {
     }
   }
 
+  function rewriteGitRawToken(rawToken: string): { rewritten: string; referencedKeys: string[] } {
+    const { quote, inner } = unwrapToken(rawToken)
+    const { rewritten, referencedKeys } = rewriteTokenInner(inner)
+    if (referencedKeys.length === 0) {
+      return {
+        rewritten: rawToken,
+        referencedKeys,
+      }
+    }
+    if (quote === null && rawToken.includes("'")) {
+      return {
+        rewritten: `"${escapeForDoubleQuotedShell(rewritten.replace(/'/g, ""))}"`,
+        referencedKeys,
+      }
+    }
+    return {
+      rewritten: wrapTokenForShellExpansion(quote, rewritten, true),
+      referencedKeys,
+    }
+  }
+
   function rewriteRawTokenValuePortion(rawToken: string): { rewritten: string; referencedKeys: string[] } {
     const { quote, inner } = unwrapToken(rawToken)
     const eqIndex = inner.indexOf("=")
@@ -760,6 +792,82 @@ export const SecretProxyPlugin: Plugin = async ({ client }) => {
     }
   }
 
+  function substitutePlaceholdersInGitShellString(
+    text: string,
+  ): { rewritten: string; referencedKeys: string[] } {
+    const rawTokens = tokenizeCommand(text)
+    if (rawTokens.length === 0) {
+      return {
+        rewritten: text,
+        referencedKeys: [],
+      }
+    }
+
+    const replacements: Array<{ start: number; end: number; text: string }> = []
+    const referencedKeys = new Set<string>()
+    let mutated = false
+    let atCommandStart = true
+
+    for (let index = 0; index < rawTokens.length; index += 1) {
+      const rawToken = rawTokens[index]
+
+      if (SHELL_CONTROL_TOKENS.has(rawToken.raw)) {
+        atCommandStart = true
+        continue
+      }
+
+      if (!atCommandStart) {
+        continue
+      }
+
+      if (!isGitExecutableToken(rawToken.raw)) {
+        atCommandStart = false
+        continue
+      }
+
+      atCommandStart = false
+      for (let j = index + 1; j < rawTokens.length; j += 1) {
+        const segmentToken = rawTokens[j]
+        if (SHELL_CONTROL_TOKENS.has(segmentToken.raw)) {
+          atCommandStart = true
+          index = j - 1
+          break
+        }
+
+        const rewritten = rewriteGitRawToken(segmentToken.raw)
+        if (rewritten.rewritten !== segmentToken.raw) {
+          replacements.push({
+            start: segmentToken.start,
+            end: segmentToken.end,
+            text: rewritten.rewritten,
+          })
+          mutated = true
+        }
+        for (const key of rewritten.referencedKeys) {
+          referencedKeys.add(key)
+        }
+      }
+    }
+
+    let rewrittenText = text
+    if (mutated) {
+      const output: string[] = []
+      let cursor = 0
+      for (const replacement of replacements.sort((left, right) => left.start - right.start)) {
+        output.push(text.slice(cursor, replacement.start))
+        output.push(replacement.text)
+        cursor = replacement.end
+      }
+      output.push(text.slice(cursor))
+      rewrittenText = output.join("")
+    }
+
+    return {
+      rewritten: rewrittenText,
+      referencedKeys: Array.from(referencedKeys).sort(),
+    }
+  }
+
   return {
     "command.execute.before": async (input) => {
       const sessionID = typeof input.sessionID === "string" ? input.sessionID.trim() : ""
@@ -772,11 +880,13 @@ export const SecretProxyPlugin: Plugin = async ({ client }) => {
 
       const commandCache = new Map<string, { rewritten: string; referencedKeys: string[] }>()
       if (typeof input.command === "string" && input.command.includes("{{SECRET:")) {
-        if (isCurlExecutableToken(input.command) && typeof input.arguments === "string") {
-          const fullCurlCommand = input.arguments.trim().length > 0
+        if ((isCurlExecutableToken(input.command) || isGitExecutableToken(input.command)) && typeof input.arguments === "string") {
+          const fullCommand = input.arguments.trim().length > 0
             ? `${input.command} ${input.arguments}`
             : input.command
-          const rewritten = substitutePlaceholdersInCurlShellString(fullCurlCommand)
+          const rewritten = isCurlExecutableToken(input.command)
+            ? substitutePlaceholdersInCurlShellString(fullCommand)
+            : substitutePlaceholdersInGitShellString(fullCommand)
           const prefix = `${input.command} `
           if (rewritten.rewritten.startsWith(prefix)) {
             input.arguments = rewritten.rewritten.slice(prefix.length)
@@ -790,11 +900,13 @@ export const SecretProxyPlugin: Plugin = async ({ client }) => {
         }
       }
       if (typeof input.arguments === "string" && input.arguments.includes("{{SECRET:")) {
-        if (isCurlExecutableToken(input.command)) {
-          const fullCurlCommand = input.arguments.trim().length > 0
+        if (isCurlExecutableToken(input.command) || isGitExecutableToken(input.command)) {
+          const fullCommand = input.arguments.trim().length > 0
             ? `${input.command} ${input.arguments}`
             : input.command
-          const rewritten = substitutePlaceholdersInCurlShellString(fullCurlCommand)
+          const rewritten = isCurlExecutableToken(input.command)
+            ? substitutePlaceholdersInCurlShellString(fullCommand)
+            : substitutePlaceholdersInGitShellString(fullCommand)
           const prefix = `${input.command} `
           if (rewritten.rewritten.startsWith(prefix)) {
             input.arguments = rewritten.rewritten.slice(prefix.length)

package/dist/workspace_files/AGENTS.md

@@ -434,17 +434,18 @@ required_secrets:
 ```
 - Skill bodies may contain placeholders like `{{SECRET:OPENAI_API_KEY}}`.
 - When using secrets in bash commands, use placeholder references like `{{SECRET:OPENAI_API_KEY}}` (general form is `{{SECRET:KEY_NAME}}`).
-- In bash, TeamCopilot only substitutes `{{SECRET:KEY}}` placeholders in supported `curl` use cases. Unsupported contexts are left unchanged.
+- In bash, TeamCopilot substitutes `{{SECRET:KEY}}` placeholders in supported top-level `curl` use cases and top-level `git` commands. Unsupported contexts are left unchanged.
 - TeamCopilot may internally rewrite supported secret placeholders to runtime-only env references such as `${__TEAMCOPILOT_RUNTIME_SECRET_OPENAI_API_KEY}` before execution. Those `__TEAMCOPILOT_RUNTIME_SECRET_*` references are internal only.
 - Never write `__TEAMCOPILOT_RUNTIME_SECRET_*` yourself in tool calls, scripts, or command text, even without `$` or `${}`. Agent-authored `__TEAMCOPILOT_RUNTIME_SECRET_*` references are rejected. Always use `{{SECRET:KEY}}` instead.
 - Supported `curl` substitution contexts include:
   - auth-like headers passed with `-H` / `--header` when the header name is an allowed auth/session header
   - request URLs and explicit `--url` values
   - auth/data-related curl arguments such as `--user`, `--proxy-user`, `--oauth2-bearer`, `--data*`, `--form*`, `--cookie`, `--referer`, `--user-agent`, `--proxy`, `--resolve`, and `--connect-to`
+- Supported `git` substitution contexts include any argument in a top-level `git ...` command. This is intended for private repository operations such as `git clone`, authenticated remotes, `git -c http.extraHeader=... fetch`, commits, and pushes.
 - Do not assume `{{SECRET:KEY}}` will resolve inside arbitrary shell text.
 - Do not rely on placeholder substitution in `echo`, `printf`, heredocs, redirects, `tee`, `python -c`, `node -e`, `bash -lc`, `scp`, `wget`, or file-writing commands.
-- For non-`curl` secret usage, prefer workflow runtime env injection via `required_secrets`.
-- If the currently supported `curl` substitution cases or allowed headers are not sufficient, prefer creating (using the `createWorkflow` tool) or updating a workflow instead of trying to force secret use through bash.
+- For secret usage outside supported `curl` and `git` commands, prefer workflow runtime env injection via `required_secrets`.
+- If the currently supported `curl`/`git` substitution cases or allowed headers are not sufficient, prefer creating (using the `createWorkflow` tool) or updating a workflow instead of trying to force secret use through bash.
 - If you need to write a script or multi-step automation that uses secrets, prefer creating (using the `createWorkflow` tool) or updating a workflow instead of embedding secret placeholders in shell scripts. In workflows, all declared secrets are injected into the runtime environment (no matter where or how they are used) when you call the `runWorkflow` tool. This is secure since workflow execution is gated by engineer approval.
 - Do not try to manually replace `{{SECRET:KEY}}` with a raw value yourself.
 - If you use a secret like `{{SECRET:KEY_NAME}}` and that secret doesn't exist in the user's profile, the tool call will fail, and then you should ask the user to add that key to their Profile Secrets before retrying.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "teamcopilot",
-  "version": "0.3.2",
+  "version": "0.3.3",
   "description": "A shared AI Agent for Teams",
   "homepage": "https://teamcopilot.ai",
   "repository": {