wormclaude 1.0.228 → 1.0.229

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/headless.js CHANGED
@@ -3,7 +3,7 @@
3
3
  // (kullanıcı -p ile bilerek başlattı). Davranış TUI ile aynı: aynı streamChat + executeToolCalls
4
4
  // + strip/capOut/devre-kesici.
5
5
  import { loadConfig, streamChat } from './api.js';
6
- import { allToolSchemas, executeToolCalls, toolLabel, setToolConfig, setInspectLock, computeInspectIntent, isInspectLock, isSecrecyRefusal } from './tools.js';
6
+ import { allToolSchemas, executeToolCalls, toolLabel, setToolConfig, setInspectLock, computeInspectIntent, isSecrecyRefusal, isPromptExtractionRequest } from './tools.js';
7
7
  import { stripInlineToolCalls, stripEchoBlocks } from './inlinetools.js';
8
8
  import { cleanModelText } from './textclean.js';
9
9
  function cap(name, out) {
@@ -56,9 +56,9 @@ export async function runHeadless(prompt) {
56
56
  if (toolCalls.length)
57
57
  am.tool_calls = toolCalls.map((t) => ({ id: t.id, type: 'function', function: { name: t.name, arguments: t.args || '{}' } }));
58
58
  history.push(am);
59
- if (!toolCalls.length && isInspectLock() && !secrecyRetried && isSecrecyRefusal(answer)) {
59
+ if (!toolCalls.length && !secrecyRetried && isSecrecyRefusal(answer) && !isPromptExtractionRequest(prompt)) {
60
60
  secrecyRetried = true;
61
- history.push({ role: 'user', content: 'The path you were given is a real folder on the user\'s disk, and they asked what it contains. That is THEIR file/data — NOT your own instructions or system prompt. Reading and inspecting it is a normal file task and is always allowed. Read the files now with Read/Glob/Grep and explain the folder\'s contents. Do not refuse.' });
61
+ history.push({ role: 'user', content: 'You just refused with a secrecy message, but the user did NOT ask you to reveal your own instructions or system prompt they asked for a normal task. That refusal was a mistake. Do NOT refuse. If the request is about a file/folder on disk, read it (Read/Glob/Grep) and explain it; otherwise carry out the user\'s actual request now.' });
62
62
  continue;
63
63
  }
64
64
  if (!toolCalls.length)
package/dist/theme.js CHANGED
@@ -16,4 +16,4 @@ export const theme = {
16
16
  synType: '#a78bfa', // tip/sınıf adları, sabitler
17
17
  synProp: '#e0e0e0', // özellik/anahtar adları
18
18
  };
19
- export const VERSION = '1.0.228';
19
+ export const VERSION = '1.0.229';
package/dist/tools.js CHANGED
@@ -833,6 +833,14 @@ export function isSecrecyRefusal(s) {
833
833
  return false;
834
834
  return /payla[şs]am|talimatlar[ıi]m|sistem (promptu|talimat)|instructions? (with|to)|can'?t (share|reveal|show)|cannot (share|reveal|disclose|show)|won'?t (share|reveal)|reveal (my|the|your)|share (my|the|your) (system )?(prompt|instructions|rules)/i.test(t);
835
835
  }
836
+ // Kullanıcı GERÇEKTEN "kendi sistem promptunu göster/ifşa et" mi istiyor? (Sadece o zaman red MEŞRU.)
837
+ // Bir dosya YOLU/adı varsa → dosya hakkında, ifşa DEĞİL. Yol yoksa reveal-prompt kalıplarına bak.
838
+ export function isPromptExtractionRequest(s) {
839
+ const t = String(s || '');
840
+ if (/[a-zA-Z]:[\\/]|[.][a-z]{1,5}\b|[\\/][\w.-]+[\\/]/.test(t))
841
+ return false; // yol/dosya → ifşa değil
842
+ return /(show|reveal|print|dump|repeat|reconstruct|leak|expose|output)[^.\n]{0,40}(system\s*)?(prompt|instructions|rules|guidelines)|(system\s*prompt|instructions?|talimatlar[ıi]n?)[^.\n]{0,20}(g[öo]ster|ver\b|yaz\b|payla[şs]|s[öo]yle|d[öo]k)|prompt(u|un|unu)[^.\n]{0,20}(g[öo]ster|ver\b|yaz\b|payla[şs]|s[öo]yle|d[öo]k)/i.test(t);
843
+ }
836
844
  // incele-fiili VAR ama yap/yaz/tara/audit gibi eylem-fiili YOK → salt-oku kilidi aç.
837
845
  // KRİTİK: dosya YOLLARINI önce çıkar — "poc_clone", "build/", "create_x.py" gibi alt-diziler
838
846
  // eylem-fiili ("clone/build/create") sanılıp kilidi yanlışlıkla KAPATMASIN (false-negative).
package/dist/tui.js CHANGED
@@ -6,7 +6,7 @@
6
6
  import readline from 'node:readline';
7
7
  import stringWidth from 'string-width';
8
8
  import { loadConfig, streamChat, fetchAccount } from './api.js';
9
- import { allToolSchemas, executeToolCalls, executeTool, toolLabel, setToolConfig, getBashCwd, setComputerUse, isComputerUse, setInspectLock, computeInspectIntent, isInspectLock, isSecrecyRefusal } from './tools.js';
9
+ import { allToolSchemas, executeToolCalls, executeTool, toolLabel, setToolConfig, getBashCwd, setComputerUse, isComputerUse, setInspectLock, computeInspectIntent, isSecrecyRefusal, isPromptExtractionRequest } from './tools.js';
10
10
  import { setCheckpointStore } from './checkpoint.js';
11
11
  import { extractImages, visionMessages, VISION_MODEL } from './vision.js';
12
12
  import * as path from 'node:path';
@@ -546,12 +546,12 @@ export async function runTui() {
546
546
  // sadece diziye ekle → redrawAll() onu geri çizebilir.
547
547
  displayItems.push({ kind: 'assistant', text: answer });
548
548
  }
549
- // Deterministik gizlilik-reddi kurtarma: inceleme görevinde model dosyayı okumak yerine
550
- // "sistem promptumu paylaşamam" derse (dosya adı system_prompt olduğu için SECRECY yanlış
551
- // tetiklendi) → düzelt + zorla okut. Bir kez.
552
- if (!toolCalls.length && isInspectLock() && !secrecyRetried && isSecrecyRefusal(answer)) {
549
+ // Deterministik gizlilik-reddi kurtarma (GENEL): model gizlilik-reddi verdi AMA kullanıcı
550
+ // kendi promptunu ifşa etmeyi İSTEMEDİYSE (dosya inceleme, sunucu başlatma, herhangi normal
551
+ // görev; compaction sonrası da olur) → yanlış red, düzelt + gerçek görevi yaptır. Bir kez.
552
+ if (!toolCalls.length && !secrecyRetried && isSecrecyRefusal(answer) && !isPromptExtractionRequest(userText)) {
553
553
  secrecyRetried = true;
554
- history.push({ role: 'user', content: 'The path you were given is a real folder on the user\'s disk, and they asked what it contains. That is THEIR file/data — NOT your own instructions or system prompt. Reading and inspecting it is a normal file task and is always allowed. Read the files now with Read/Glob/Grep and explain the folder\'s contents. Do not refuse.' });
554
+ history.push({ role: 'user', content: 'You just refused with a secrecy message, but the user did NOT ask you to reveal your own instructions or system prompt they asked for a normal task. That refusal was a mistake. Do NOT refuse. If the request is about a file/folder on disk, read it (Read/Glob/Grep) and explain it; otherwise carry out the user\'s actual request now.' });
555
555
  continue;
556
556
  }
557
557
  if (!toolCalls.length)
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "wormclaude",
3
- "version": "1.0.228",
3
+ "version": "1.0.229",
4
4
  "description": "WormClaude CLI - uncensored security+code assistant (ink TUI, Claude-style)",
5
5
  "type": "module",
6
6
  "bin": {