Skip to content

Commit 92718db

Browse files
RobThePCGuyRobThePCGuy
committed
fix: migrate deprecated Gemini SDK, fix security fallbacks, and harden runtime
Critical fixes: - Migrate from archived @google/generative-ai to @google/genai (deprecated Nov 2025) - Rewrite gemini-provider.ts for new API surface (streaming, tool calling, thought signatures) - Update summarizer.ts Gemini factories to new SDK - Update web-search.ts to new SDK with proper GroundingChunk types - Update summarizer default model from retired gemini-2.0-flash to gemini-2.5-flash - Fix web_search silent Gemini coupling: thread providerApiKeys through ToolContext so web_search resolves the Gemini key regardless of active provider (kernel.ts, tool-handler.ts, tool-plugin.ts, run-controller.ts, autonomous-runner.ts) - Default to safe mode on YAML parse failure instead of granting gloves_off - Implement street/track safety mode aliases documented in README Hardening: - Collapse ../ sequences in normalizePath to prevent policy bypass - Cap event log at 10,000 entries to prevent OOM in long autonomous missions - Fix README defaults: token budget 500K (was 250K), max fanout 8 (was 5) - Fix LanceDB label to "Vector Embeddings" (no LanceDB dependency exists)
1 parent a37993d commit 92718db

22 files changed

Lines changed: 520 additions & 115 deletions

.gitignore

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,3 +30,6 @@ docs/
3030

3131
# Worktrees
3232
.worktrees/
33+
34+
# Codebase Intent
35+
.codebase-intent/

README.md

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -187,7 +187,7 @@ Every agent runs under one of three safety modes that control what it's allowed
187187
| Default reads | `agents/**`, `memory/**`, `artifacts/**` | `**` | `**` |
188188
| Default writes | `memory/**`, `artifacts/**` | `memory/**`, `artifacts/**` | `**` |
189189

190-
Aliases: `street` maps to `safe`; `autonomous` and `track` map to `gloves_off`.
190+
Aliases: `street` maps to `safe`; `autonomous`, `track`, `gloves-off`, and `glovesoff` map to `gloves_off`.
191191

192192
You can override individual permissions regardless of mode:
193193

@@ -457,11 +457,11 @@ Open Settings (⚙ in the top bar) to configure:
457457

458458
**API** - Provider (Gemini, Anthropic, OpenAI), API key, model selection.
459459

460-
**Kernel limits** - Max Concurrency (1-10, default 3), Max Depth (1-20, default 5), Max Fanout (1-20, default 5), Token Budget (default 250,000), Workflow Parallel Steps (1-10, default 1).
460+
**Kernel limits** - Max Concurrency (1-10, default 3), Max Depth (1-20, default 5), Max Fanout (1-20, default 8), Token Budget (default 500,000), Workflow Parallel Steps (1-10, default 1).
461461

462462
**Agent persistence** - Min Turns Before Stop (0-25, default 5), Force Reflection (auto-inject reflection prompt), Auto-Record Failures (write tool failures to memory).
463463

464-
**Memory** - Enable Memory, Use Vector Memory (LanceDB + embeddings vs JSON-based), Memory Token Budget (500-8000, default 2000).
464+
**Memory** - Enable Memory, Use Vector Memory (vector embeddings vs JSON-based), Memory Token Budget (500-8000, default 2000).
465465

466466
**Autonomous defaults** - Default Max Cycles, Resume Previous Mission, Stop When Complete, Seed Continuation Tasks.
467467

0 commit comments

Comments
 (0)