wormclaude 1.0.228 → 1.0.229
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/headless.js +3 -3
- package/dist/theme.js +1 -1
- package/dist/tools.js +8 -0
- package/dist/tui.js +6 -6
- package/package.json +1 -1
package/dist/headless.js
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
// (kullanıcı -p ile bilerek başlattı). Davranış TUI ile aynı: aynı streamChat + executeToolCalls
|
|
4
4
|
// + strip/capOut/devre-kesici.
|
|
5
5
|
import { loadConfig, streamChat } from './api.js';
|
|
6
|
-
import { allToolSchemas, executeToolCalls, toolLabel, setToolConfig, setInspectLock, computeInspectIntent,
|
|
6
|
+
import { allToolSchemas, executeToolCalls, toolLabel, setToolConfig, setInspectLock, computeInspectIntent, isSecrecyRefusal, isPromptExtractionRequest } from './tools.js';
|
|
7
7
|
import { stripInlineToolCalls, stripEchoBlocks } from './inlinetools.js';
|
|
8
8
|
import { cleanModelText } from './textclean.js';
|
|
9
9
|
function cap(name, out) {
|
|
@@ -56,9 +56,9 @@ export async function runHeadless(prompt) {
|
|
|
56
56
|
if (toolCalls.length)
|
|
57
57
|
am.tool_calls = toolCalls.map((t) => ({ id: t.id, type: 'function', function: { name: t.name, arguments: t.args || '{}' } }));
|
|
58
58
|
history.push(am);
|
|
59
|
-
if (!toolCalls.length &&
|
|
59
|
+
if (!toolCalls.length && !secrecyRetried && isSecrecyRefusal(answer) && !isPromptExtractionRequest(prompt)) {
|
|
60
60
|
secrecyRetried = true;
|
|
61
|
-
history.push({ role: 'user', content: '
|
|
61
|
+
history.push({ role: 'user', content: 'You just refused with a secrecy message, but the user did NOT ask you to reveal your own instructions or system prompt — they asked for a normal task. That refusal was a mistake. Do NOT refuse. If the request is about a file/folder on disk, read it (Read/Glob/Grep) and explain it; otherwise carry out the user\'s actual request now.' });
|
|
62
62
|
continue;
|
|
63
63
|
}
|
|
64
64
|
if (!toolCalls.length)
|
package/dist/theme.js
CHANGED
package/dist/tools.js
CHANGED
|
@@ -833,6 +833,14 @@ export function isSecrecyRefusal(s) {
|
|
|
833
833
|
return false;
|
|
834
834
|
return /payla[şs]am|talimatlar[ıi]m|sistem (promptu|talimat)|instructions? (with|to)|can'?t (share|reveal|show)|cannot (share|reveal|disclose|show)|won'?t (share|reveal)|reveal (my|the|your)|share (my|the|your) (system )?(prompt|instructions|rules)/i.test(t);
|
|
835
835
|
}
|
|
836
|
+
// Kullanıcı GERÇEKTEN "kendi sistem promptunu göster/ifşa et" mi istiyor? (Sadece o zaman red MEŞRU.)
|
|
837
|
+
// Bir dosya YOLU/adı varsa → dosya hakkında, ifşa DEĞİL. Yol yoksa reveal-prompt kalıplarına bak.
|
|
838
|
+
export function isPromptExtractionRequest(s) {
|
|
839
|
+
const t = String(s || '');
|
|
840
|
+
if (/[a-zA-Z]:[\\/]|[.][a-z]{1,5}\b|[\\/][\w.-]+[\\/]/.test(t))
|
|
841
|
+
return false; // yol/dosya → ifşa değil
|
|
842
|
+
return /(show|reveal|print|dump|repeat|reconstruct|leak|expose|output)[^.\n]{0,40}(system\s*)?(prompt|instructions|rules|guidelines)|(system\s*prompt|instructions?|talimatlar[ıi]n?)[^.\n]{0,20}(g[öo]ster|ver\b|yaz\b|payla[şs]|s[öo]yle|d[öo]k)|prompt(u|un|unu)[^.\n]{0,20}(g[öo]ster|ver\b|yaz\b|payla[şs]|s[öo]yle|d[öo]k)/i.test(t);
|
|
843
|
+
}
|
|
836
844
|
// incele-fiili VAR ama yap/yaz/tara/audit gibi eylem-fiili YOK → salt-oku kilidi aç.
|
|
837
845
|
// KRİTİK: dosya YOLLARINI önce çıkar — "poc_clone", "build/", "create_x.py" gibi alt-diziler
|
|
838
846
|
// eylem-fiili ("clone/build/create") sanılıp kilidi yanlışlıkla KAPATMASIN (false-negative).
|
package/dist/tui.js
CHANGED
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
import readline from 'node:readline';
|
|
7
7
|
import stringWidth from 'string-width';
|
|
8
8
|
import { loadConfig, streamChat, fetchAccount } from './api.js';
|
|
9
|
-
import { allToolSchemas, executeToolCalls, executeTool, toolLabel, setToolConfig, getBashCwd, setComputerUse, isComputerUse, setInspectLock, computeInspectIntent,
|
|
9
|
+
import { allToolSchemas, executeToolCalls, executeTool, toolLabel, setToolConfig, getBashCwd, setComputerUse, isComputerUse, setInspectLock, computeInspectIntent, isSecrecyRefusal, isPromptExtractionRequest } from './tools.js';
|
|
10
10
|
import { setCheckpointStore } from './checkpoint.js';
|
|
11
11
|
import { extractImages, visionMessages, VISION_MODEL } from './vision.js';
|
|
12
12
|
import * as path from 'node:path';
|
|
@@ -546,12 +546,12 @@ export async function runTui() {
|
|
|
546
546
|
// sadece diziye ekle → redrawAll() onu geri çizebilir.
|
|
547
547
|
displayItems.push({ kind: 'assistant', text: answer });
|
|
548
548
|
}
|
|
549
|
-
// Deterministik gizlilik-reddi kurtarma:
|
|
550
|
-
//
|
|
551
|
-
//
|
|
552
|
-
if (!toolCalls.length &&
|
|
549
|
+
// Deterministik gizlilik-reddi kurtarma (GENEL): model gizlilik-reddi verdi AMA kullanıcı
|
|
550
|
+
// kendi promptunu ifşa etmeyi İSTEMEDİYSE (dosya inceleme, sunucu başlatma, herhangi normal
|
|
551
|
+
// görev; compaction sonrası da olur) → yanlış red, düzelt + gerçek görevi yaptır. Bir kez.
|
|
552
|
+
if (!toolCalls.length && !secrecyRetried && isSecrecyRefusal(answer) && !isPromptExtractionRequest(userText)) {
|
|
553
553
|
secrecyRetried = true;
|
|
554
|
-
history.push({ role: 'user', content: '
|
|
554
|
+
history.push({ role: 'user', content: 'You just refused with a secrecy message, but the user did NOT ask you to reveal your own instructions or system prompt — they asked for a normal task. That refusal was a mistake. Do NOT refuse. If the request is about a file/folder on disk, read it (Read/Glob/Grep) and explain it; otherwise carry out the user\'s actual request now.' });
|
|
555
555
|
continue;
|
|
556
556
|
}
|
|
557
557
|
if (!toolCalls.length)
|