wormclaude 1.0.170 → 1.0.172
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands.js +7 -4
- package/dist/theme.js +1 -1
- package/dist/tools.js +2 -2
- package/package.json +1 -1
package/dist/commands.js
CHANGED
|
@@ -332,14 +332,17 @@ export function summarizeScan(target, findings) {
|
|
|
332
332
|
// Tarama sonucunu MODELİN context'ine ekle → kullanıcı tarama hakkında soru sorabilsin
|
|
333
333
|
// ("türkçe anlat", "neyi önce düzelteyim", "SSRF nedir"). assistant() sadece ekrana basar, geçmişe
|
|
334
334
|
// eklemez; bu yüzden model taramayı bilmiyordu. Özet + yüksek/orta bulgular eklenir (context şişmesin).
|
|
335
|
-
function injectScanContext(ctx, target, findings) {
|
|
335
|
+
function injectScanContext(ctx, target, findings, full = false) {
|
|
336
336
|
if (!findings || !findings.length)
|
|
337
337
|
return;
|
|
338
338
|
const imp = findings.filter((f) => ['critical', 'high', 'medium'].includes(f.severity)).slice(0, 40);
|
|
339
339
|
const note = summarizeScan(target, findings).join('\n') + (imp.length ? '\n' + imp.map(formatFinding).join('\n') : '');
|
|
340
|
+
// Tam tarama yapıldıysa modele bildir → "/fullscan'i TEKRAR önerme" (zaten koşuldu).
|
|
341
|
+
const hdr = full
|
|
342
|
+
? `[${tt('FULL scan result (all 16 scanners ran — do NOT suggest /fullscan again)', 'TAM tarama sonucu (16 tarayıcı koşuldu — /fullscan\'i TEKRAR ÖNERME)')} — ${target}]`
|
|
343
|
+
: `[${tt('Security scan result', 'Güvenlik tarama sonucu')} — ${target}]`;
|
|
340
344
|
try {
|
|
341
|
-
ctx.setHistory([...ctx.getHistory(),
|
|
342
|
-
{ role: 'assistant', content: `[${tt('Security scan result', 'Güvenlik tarama sonucu')} — ${target}]\n${note}` }]);
|
|
345
|
+
ctx.setHistory([...ctx.getHistory(), { role: 'assistant', content: `${hdr}\n${note}` }]);
|
|
343
346
|
}
|
|
344
347
|
catch { /* geçmiş güncellenemezse sessiz geç */ }
|
|
345
348
|
}
|
|
@@ -512,7 +515,7 @@ async function fullScanCmd(arg, ctx) {
|
|
|
512
515
|
lines.push(` … +${all.length - 60} ${tt('more', 'daha')}`);
|
|
513
516
|
}
|
|
514
517
|
ctx.assistant(lines.join('\n'));
|
|
515
|
-
injectScanContext(ctx, target, all); // model
|
|
518
|
+
injectScanContext(ctx, target, all, true); // full=true → model /fullscan'i tekrar önermez
|
|
516
519
|
}
|
|
517
520
|
// /exploit ve /harden — AKTİF tarama DEĞİL, model-üretim görevleri (PoC / YARA-Sigma yazar).
|
|
518
521
|
// Güçlü, yetkili-kapsam çerçevesiyle modele gider (skill gibi). Çıktı kullanıcının dilinde.
|
package/dist/theme.js
CHANGED
package/dist/tools.js
CHANGED
|
@@ -741,8 +741,8 @@ async function execOne(call, hooks) {
|
|
|
741
741
|
const _ck = tool + '|' + target.toLowerCase();
|
|
742
742
|
const _cached = _scanCache.get(_ck);
|
|
743
743
|
if (_cached && Date.now() - _cached.t < 120000) {
|
|
744
|
-
|
|
745
|
-
|
|
744
|
+
// SADECE kısa DUR notu — bulguları TEKRAR verme (yoksa model onları yeniden yazıp tekrar çağırır).
|
|
745
|
+
return { ok: false, args, output: `[ALREADY-SCANNED] "${tool} ${target}" already ran — its findings are ALREADY in the conversation above. STOP: do NOT call SecurityScan again. Reply to the user in TEXT now using those findings. Another scan call is a forbidden loop.` };
|
|
746
746
|
}
|
|
747
747
|
try {
|
|
748
748
|
const { runPentest } = await import('./pentest.js');
|