mawkone
e91e5e0e37
Replaces the single 800-line tools.ts and its switch dispatcher with a Theia-inspired registry pattern — each tool domain is its own file, and dispatch is a plain Map.get() call with no central routing function. New structure in src/tools/: registry.ts — ToolDefinition (with handler), registerTool(), executeTool(), ALL_TOOLS context.ts — ToolContext, MemoryUpdate interfaces security.ts — PROTECTED_* constants + assertGiteaWritable/assertCoolifyDeployable utils.ts — safeResolve(), EXCLUDED set file.ts — read_file, write_file, replace_in_file, list_directory, find_files, search_code shell.ts — execute_command git.ts — git_commit_and_push coolify.ts — coolify_*, list_all_apps, get_app_status, deploy_app gitea.ts — gitea_*, list_repos, list_all_issues, read_repo_file agent.ts — spawn_agent, get_job_status memory.ts — save_memory index.ts — barrel with side-effect imports + re-exports Adding a new tool now requires only a new file + registerTool() call. No switch statement, no shared array to edit. External API unchanged. Made-with: Cursor
45 lines
2.0 KiB
JavaScript
45 lines
2.0 KiB
JavaScript
"use strict";
|
|
// =============================================================================
|
|
// SECURITY GUARDRAILS — Protected VIBN Platform Resources
|
|
//
|
|
// These repos and Coolify resources belong to the Vibn platform itself.
|
|
// Agents must never be allowed to push code or trigger deployments here.
|
|
// Read-only operations (list, read file, get status) are still permitted
|
|
// so agents can observe platform state, but all mutations are blocked.
|
|
// =============================================================================
|
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
exports.PROTECTED_COOLIFY_APPS = exports.PROTECTED_COOLIFY_PROJECT = exports.PROTECTED_GITEA_REPOS = void 0;
|
|
exports.assertGiteaWritable = assertGiteaWritable;
|
|
exports.assertCoolifyDeployable = assertCoolifyDeployable;
|
|
/** Gitea repos agents can NEVER push to, commit to, or write issues on. */
|
|
exports.PROTECTED_GITEA_REPOS = new Set([
|
|
'mark/vibn-frontend',
|
|
'mark/theia-code-os',
|
|
'mark/vibn-agent-runner',
|
|
'mark/vibn-api',
|
|
'mark/master-ai',
|
|
]);
|
|
/** Coolify project UUID for the VIBN platform — agents cannot deploy here. */
|
|
exports.PROTECTED_COOLIFY_PROJECT = 'f4owwggokksgw0ogo0844os0';
|
|
/**
|
|
* Specific Coolify app UUIDs that must never be deployed by an agent.
|
|
* Belt-and-suspenders check in case the project UUID filter is bypassed.
|
|
*/
|
|
exports.PROTECTED_COOLIFY_APPS = new Set([
|
|
'y4cscsc8s08c8808go0448s0', // vibn-frontend
|
|
'kggs4ogckc0w8ggwkkk88kck', // vibn-postgres
|
|
'o4wwck0g0c04wgoo4g4s0004', // gitea
|
|
]);
|
|
function assertGiteaWritable(repo) {
|
|
if (exports.PROTECTED_GITEA_REPOS.has(repo)) {
|
|
throw new Error(`SECURITY: Repo "${repo}" is a protected Vibn platform repo. ` +
|
|
`Agents cannot push code or modify issues in this repository.`);
|
|
}
|
|
}
|
|
function assertCoolifyDeployable(appUuid) {
|
|
if (exports.PROTECTED_COOLIFY_APPS.has(appUuid)) {
|
|
throw new Error(`SECURITY: App "${appUuid}" is a protected Vibn platform application. ` +
|
|
`Agents cannot trigger deployments for this application.`);
|
|
}
|
|
}
|