Skip to content

Commit 64b7f5e

Browse files
author
Terraphim AI
committed
Merge PR #183: security test coverage and critical vulnerability fixes
Merged comprehensive security testing implementation with critical security fixes: - LLM prompt injection prevention with sanitization - Command injection via curl replaced with native hyper HTTP client - Unsafe memory operations eliminated (12 instances) - Network interface injection validation Added 99 total security tests: - Prompt injection E2E: 12 tests, Memory safety: 7 tests - Security bypass: 15 tests, Concurrent security: 9 tests - Error boundaries: 8 tests, DoS prevention: 8 tests - Plus 29 Firecracker/VM tests Fixes applied during merge: - Updated all crate versions 0.1.0→0.2.0 (20+ Cargo.toml) - Excluded vendor-editor files >1MB, added to .gitignore - Fixed secret detection false positive - Commented out Perplexity ServiceType (not in main) - Fixed terraphim_service API (build_llm_from_role) - Disabled auto-update (terraphim_update not in workspace) - Added Hash/Eq derives to ConflictType enum Core features compile: terraphim_server, terraphim_multi_agent ✅ Experimental crates have API incompatibilities (to fix in separate PR) Private haystack repos excluded from commit (kept separate)
1 parent 8e4337f commit 64b7f5e

File tree

316 files changed

+100886
-7072
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

316 files changed

+100886
-7072
lines changed

.agents/README.md

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
# Custom Agents
2+
3+
Create specialized agent workflows that coordinate multiple AI agents to tackle complex engineering tasks. Instead of a single agent trying to handle everything, you can orchestrate teams of focused specialists that work together.
4+
5+
## Getting Started
6+
7+
1. **Edit an existing agent**: Start with `my-custom-agent.ts` and modify it for your needs
8+
2. **Test your agent**: Run `codebuff --agent your-agent-name`
9+
3. **Publish your agent**: Run `codebuff publish your-agent-name`
10+
11+
## Need Help?
12+
13+
- For detailed documentation, see [agent-guide.md](./agent-guide.md).
14+
- For examples, check the `examples/` directory.
15+
- Join our [Discord community](https://codebuff.com/discord) and ask your questions!
16+
17+
## Context Window Management
18+
19+
### Why Agent Workflows?
20+
21+
Modern software projects are complex ecosystems with thousands of files, multiple frameworks, intricate dependencies, and domain-specific requirements. A single AI agent trying to understand and modify such systems faces fundamental limitations—not just in knowledge, but in the sheer volume of information it can process at once.
22+
23+
### The Solution: Focused Context Windows
24+
25+
Agent workflows elegantly solve this by breaking large tasks into focused sub-problems. When working with large codebases (100k+ lines), each specialist agent receives only the narrow context it needs—a security agent sees only auth code, not UI components—keeping the context for each agent manageable while ensuring comprehensive coverage.
26+
27+
### Why Not Just Mimic Human Roles?
28+
29+
This is about efficient AI context management, not recreating a human department. Simply creating a "frontend-developer" agent misses the point. AI agents don't have human constraints like context-switching or meetings. Their power comes from hyper-specialization, allowing them to process a narrow domain more deeply than a human could, then coordinating seamlessly with other specialists.
30+
31+
## Agent workflows in action
32+
33+
Here's an example of a `git-committer` agent that creates good commit messages:
34+
35+
```typescript
36+
export default {
37+
id: 'git-committer',
38+
displayName: 'Git Committer',
39+
model: 'openai/gpt-5-nano',
40+
toolNames: ['read_files', 'run_terminal_command', 'end_turn'],
41+
42+
instructionsPrompt:
43+
'You create meaningful git commits by analyzing changes, reading relevant files for context, and crafting clear commit messages that explain the "why" behind changes.',
44+
45+
async *handleSteps() {
46+
// Analyze what changed
47+
yield { tool: 'run_terminal_command', command: 'git diff' }
48+
yield { tool: 'run_terminal_command', command: 'git log --oneline -5' }
49+
50+
// Stage files and create commit with good message
51+
yield 'STEP_ALL'
52+
},
53+
}
54+
```
55+
56+
This agent systematically analyzes changes, reads relevant files for context, then creates commits with clear, meaningful messages that explain the "why" behind changes.
Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
import type { AgentDefinition } from '../types/agent-definition'
2+
3+
const definition: AgentDefinition = {
4+
id: 'basic-diff-reviewer',
5+
displayName: 'Basic Diff Reviewer',
6+
model: 'anthropic/claude-4-sonnet-20250522',
7+
toolNames: ['read_files', 'run_terminal_command'],
8+
9+
spawnerPrompt: 'Spawn when you need to review code changes in the git diff',
10+
11+
instructionsPrompt: `Execute the following steps:
12+
1. Run git diff
13+
2. Read the files that have changed
14+
3. Review the changes and suggest improvements`,
15+
}
16+
17+
export default definition
Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,78 @@
1+
import type {
2+
AgentDefinition,
3+
AgentStepContext,
4+
ToolCall,
5+
} from '../types/agent-definition'
6+
7+
const definition: AgentDefinition = {
8+
id: 'git-committer',
9+
displayName: 'Intermediate Git Committer',
10+
model: 'anthropic/claude-4-sonnet-20250522',
11+
toolNames: ['read_files', 'run_terminal_command', 'add_message', 'end_turn'],
12+
13+
inputSchema: {
14+
prompt: {
15+
type: 'string',
16+
description: 'What changes to commit',
17+
},
18+
},
19+
20+
spawnerPrompt:
21+
'Spawn when you need to commit code changes to git with an appropriate commit message',
22+
23+
systemPrompt:
24+
'You are an expert software developer. Your job is to create a git commit with a really good commit message.',
25+
26+
instructionsPrompt:
27+
'Follow the steps to create a good commit: analyze changes with git diff and git log, read relevant files for context, stage appropriate files, analyze changes, and create a commit with proper formatting.',
28+
29+
handleSteps: function* ({ agentState, prompt, params }: AgentStepContext) {
30+
// Step 1: Run git diff and git log to analyze changes.
31+
yield {
32+
toolName: 'run_terminal_command',
33+
input: {
34+
command: 'git diff',
35+
process_type: 'SYNC',
36+
timeout_seconds: 30,
37+
},
38+
} satisfies ToolCall
39+
40+
yield {
41+
toolName: 'run_terminal_command',
42+
input: {
43+
command: 'git log --oneline -10',
44+
process_type: 'SYNC',
45+
timeout_seconds: 30,
46+
},
47+
} satisfies ToolCall
48+
49+
// Step 2: Put words in AI's mouth so it will read files next.
50+
yield {
51+
toolName: 'add_message',
52+
input: {
53+
role: 'assistant',
54+
content:
55+
"I've analyzed the git diff and recent commit history. Now I'll read any relevant files to better understand the context of these changes.",
56+
},
57+
includeToolCall: false,
58+
} satisfies ToolCall
59+
60+
// Step 3: Let AI generate a step to decide which files to read.
61+
yield 'STEP'
62+
63+
// Step 4: Put words in AI's mouth to analyze the changes and create a commit.
64+
yield {
65+
toolName: 'add_message',
66+
input: {
67+
role: 'assistant',
68+
content:
69+
"Now I'll analyze the changes and create a commit with a good commit message.",
70+
},
71+
includeToolCall: false,
72+
} satisfies ToolCall
73+
74+
yield 'STEP_ALL'
75+
},
76+
}
77+
78+
export default definition
Lines changed: 73 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,73 @@
1+
import type { AgentDefinition, ToolCall } from '../types/agent-definition'
2+
3+
const definition: AgentDefinition = {
4+
id: 'advanced-file-explorer',
5+
displayName: 'Dora the File Explorer',
6+
model: 'openai/gpt-5',
7+
8+
spawnerPrompt:
9+
'Spawns multiple file picker agents in parallel to comprehensively explore the codebase from different perspectives',
10+
11+
includeMessageHistory: false,
12+
toolNames: ['spawn_agents', 'set_output'],
13+
spawnableAgents: [`codebuff/file-picker@0.0.1`],
14+
15+
inputSchema: {
16+
prompt: {
17+
description: 'What you need to accomplish by exploring the codebase',
18+
type: 'string',
19+
},
20+
params: {
21+
type: 'object',
22+
properties: {
23+
prompts: {
24+
description:
25+
'List of 1-4 different parts of the codebase that could be useful to explore',
26+
type: 'array',
27+
items: {
28+
type: 'string',
29+
},
30+
},
31+
},
32+
required: ['prompts'],
33+
additionalProperties: false,
34+
},
35+
},
36+
outputMode: 'structured_output',
37+
outputSchema: {
38+
type: 'object',
39+
properties: {
40+
results: {
41+
type: 'string',
42+
description: 'The results of the file exploration',
43+
},
44+
},
45+
required: ['results'],
46+
additionalProperties: false,
47+
},
48+
49+
handleSteps: function* ({ prompt, params }) {
50+
const prompts: string[] = params?.prompts ?? []
51+
const filePickerPrompts = prompts.map(
52+
(focusPrompt) =>
53+
`Based on the overall goal "${prompt}", find files related to this specific area: ${focusPrompt}`,
54+
),
55+
{ toolResult: spawnResult } = yield {
56+
toolName: 'spawn_agents',
57+
input: {
58+
agents: filePickerPrompts.map((promptText) => ({
59+
agent_type: 'codebuff/file-picker@0.0.1',
60+
prompt: promptText,
61+
})),
62+
},
63+
} satisfies ToolCall
64+
yield {
65+
toolName: 'set_output',
66+
input: {
67+
results: spawnResult,
68+
},
69+
} satisfies ToolCall
70+
},
71+
}
72+
73+
export default definition

.agents/my-custom-agent.ts

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
/*
2+
* EDIT ME to create your own agent!
3+
*
4+
* Change any field below, and consult the AgentDefinition type for information on all fields and their purpose.
5+
*
6+
* Run your agent with:
7+
* > codebuff --agent git-committer
8+
*
9+
* Or, run codebuff normally, and use the '@' menu to mention your agent, and codebuff will spawn it for you.
10+
*
11+
* Finally, you can publish your agent with 'codebuff publish your-custom-agent' so users from around the world can run it.
12+
*/
13+
14+
import type { AgentDefinition } from './types/agent-definition'
15+
16+
const definition: AgentDefinition = {
17+
id: 'my-custom-agent',
18+
displayName: 'My Custom Agent',
19+
20+
model: 'anthropic/claude-4-sonnet-20250522',
21+
spawnableAgents: ['file-explorer'],
22+
23+
// Check out .agents/types/tools.ts for more information on the tools you can include.
24+
toolNames: ['run_terminal_command', 'read_files', 'spawn_agents'],
25+
26+
spawnerPrompt: 'Spawn when you need to review code changes in the git diff',
27+
28+
instructionsPrompt: `Review the code changes and suggest improvements.
29+
Execute the following steps:
30+
1. Run git diff
31+
2. Spawn a file explorer to find all relevant files
32+
3. Read any relevant files
33+
4. Review the changes and suggest improvements`,
34+
35+
// Add more fields here to customize your agent further:
36+
// - system prompt
37+
// - input/output schema
38+
// - handleSteps
39+
40+
// Check out the examples in .agents/examples for more ideas!
41+
}
42+
43+
export default definition

0 commit comments

Comments
 (0)