Stateless, task-oriented AI agent core
No confirmed malicious attack surface is established. Shell, workflow, and network features are exposed only through explicit consumer APIs or the `sema-tb` CLI, not installation or import.
Package source references child process execution.
dist/core/session-store.jsView on unpkg · L95Package source references a known benign dynamic code generation pattern.
dist/core/auto-promote.jsView on unpkg · L32Source matches reverse-shell style process and socket wiring.
dist/core/auto-mode-prompt-assets.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/core/auto-mode-prompt-assets.jsView on unpkg · L1This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/engine/execution-env/node-execution-env.jsView on unpkgPackage source references child process execution.
dist/core/session-store.jsView on unpkg · L95This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.
dist/engine/execution-env/node-execution-env.jsView on unpkgPackage source references a known benign dynamic code generation pattern.
dist/core/auto-promote.jsView on unpkg · L32Source matches reverse-shell style process and socket wiring.
dist/core/auto-mode-prompt-assets.jsView on unpkg · L1A package entrypoint or install-time lifecycle script reaches a source file with blocking dangerous behavior.
dist/core/auto-mode-prompt-assets.jsView on unpkg · L1