@burtson-labs/agent-core 1.6.13

package/dist/runtime/AgentRuntime.js

@@ -0,0 +1,382 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AgentRuntime = void 0;
+const event_emitter_1 = require("../utils/event-emitter");
+const defaultLogger = {
+    debug: (...args) => {
+        const env = typeof process !== "undefined" ? process.env : undefined;
+        if (env?.BANDIT_AGENT_DEBUG) {
+            console.debug("[agent-core]", ...args);
+        }
+    },
+    info: (...args) => console.info("[agent-core]", ...args),
+    warn: (...args) => console.warn("[agent-core]", ...args),
+    error: (...args) => console.error("[agent-core]", ...args)
+};
+const defaultStepExecutor = async ({ step }) => {
+    return {
+        status: step.status === "failed" ? "failed" : "completed",
+        logs: [`No-op executor completed step "${step.title}".`]
+    };
+};
+class AgentRuntime extends event_emitter_1.AgentEventEmitter {
+    constructor(options) {
+        super();
+        this.activePlan = null;
+        this.executionResults = [];
+        this.planStartedAt = null;
+        this.executeStartedAt = null;
+        this.provider = options.provider;
+        this.context =
+            options.context ??
+                {
+                    files: [],
+                    goals: []
+                };
+        this.logger = options.logger ?? defaultLogger;
+        this.telemetry = options.telemetry;
+        this.clock = options.clock ?? (() => Date.now());
+        this.configuredStepExecutor = options.stepExecutor;
+    }
+    getContext() {
+        return this.context;
+    }
+    setContext(context) {
+        this.context = context;
+        this.emitAgentEvent("context:updated", { context });
+    }
+    updateContext(patch) {
+        this.context = { ...this.context, ...patch };
+        this.emitAgentEvent("context:updated", { context: this.context });
+    }
+    getPlan() {
+        return this.activePlan;
+    }
+    getExecutionResults() {
+        return this.executionResults.slice();
+    }
+    async plan(goal, options = {}) {
+        this.logger.info("Starting plan for goal:", goal);
+        this.planStartedAt = this.clock();
+        this.executionResults = [];
+        const mergedContext = {
+            ...this.context,
+            ...options.context,
+            goals: Array.from(new Set([...(this.context.goals ?? []), goal]))
+        };
+        this.context = mergedContext;
+        this.emitAgentEvent("plan:start", { goal, context: mergedContext });
+        const modelTier = options.metadata?.modelTier;
+        const prompt = buildPlanPrompt(goal, mergedContext, modelTier);
+        const providerOptions = {
+            mode: "plan",
+            metadata: options.metadata,
+            context: mergedContext
+        };
+        const stream = this.provider.chat(prompt, providerOptions);
+        let aggregated = "";
+        for await (const chunk of stream) {
+            aggregated += chunk;
+            this.emitAgentEvent("plan:chunk", { chunk });
+        }
+        let plan = tryParsePlan(aggregated, goal, this.clock);
+        // If plan parsing failed (version "0.1.0" = fallback), retry once with schema reminder
+        if (plan.version === "0.1.0") {
+            this.logger.warn("Plan parse failed on first attempt — retrying with schema reminder.");
+            this.emitAgentEvent("plan:parse_retry", { goal, rawResponse: aggregated });
+            const retryPrompt = buildPlanPromptWithReminder(goal, mergedContext, aggregated, modelTier);
+            const retryStream = this.provider.chat(retryPrompt, providerOptions);
+            let retryAggregated = "";
+            for await (const chunk of retryStream) {
+                retryAggregated += chunk;
+                this.emitAgentEvent("plan:chunk", { chunk });
+            }
+            const retryPlan = tryParsePlan(retryAggregated, goal, this.clock);
+            if (retryPlan.version !== "0.1.0") {
+                plan = retryPlan;
+            }
+            else {
+                this.logger.error("Plan parse failed after retry. Using heuristic fallback.");
+                this.emitAgentEvent("plan:parse_failed", {
+                    goal,
+                    rawResponse: retryAggregated,
+                    error: "Model did not return valid JSON plan after 2 attempts."
+                });
+            }
+        }
+        this.activePlan = plan;
+        this.emitAgentEvent("plan:complete", { plan });
+        await this.trackTelemetry("plan:complete", { goal, provider: this.provider.name });
+        return plan;
+    }
+    async execute(options = {}) {
+        if (!this.activePlan) {
+            throw new Error("Cannot execute without an existing plan. Call plan() first.");
+        }
+        this.executeStartedAt = this.clock();
+        this.executionResults = [];
+        const executor = options.stepExecutor ?? this.configuredStepExecutor ?? defaultStepExecutor;
+        const results = [];
+        for (const step of this.activePlan.steps) {
+            const start = this.clock();
+            this.emitAgentEvent("step:start", { step });
+            this.logger.info(`Executing step ${step.id}: ${step.title}`);
+            let output;
+            try {
+                output = await executor({
+                    step,
+                    plan: this.activePlan,
+                    context: this.context,
+                    metadata: options.metadata,
+                    emitEvent: (type, payload) => this.emitAgentEvent(type, payload),
+                    logger: this.logger
+                });
+            }
+            catch (error) {
+                this.logger.error(`Step ${step.id} failed`, error);
+                output = {
+                    status: "failed",
+                    logs: [String(error instanceof Error ? error.message : error)]
+                };
+            }
+            const status = output.status ?? "completed";
+            const executionResult = {
+                stepId: step.id,
+                status,
+                diff: output.diff,
+                logs: output.logs,
+                metadata: {
+                    ...(output.metadata ?? {}),
+                    durationMs: this.clock() - start
+                }
+            };
+            results.push(executionResult);
+            this.executionResults.push(executionResult);
+            if (executionResult.diff?.length) {
+                this.emitAgentEvent("diff:apply", { step, diff: executionResult.diff });
+            }
+            this.emitAgentEvent("step:complete", { step, result: executionResult });
+        }
+        await this.trackTelemetry("execute:complete", {
+            planId: this.activePlan.id,
+            provider: this.provider.name,
+            results
+        });
+        return results;
+    }
+    async report(metadata = {}) {
+        if (!this.activePlan) {
+            throw new Error("Cannot report without a plan. Call plan() before report().");
+        }
+        const startedAt = this.planStartedAt ?? this.clock();
+        const completedAt = this.clock();
+        const providerStream = this.provider.chat(buildReportPrompt(this.activePlan, this.executionResults), {
+            mode: "report",
+            metadata,
+            context: this.context
+        });
+        let summary = "";
+        for await (const chunk of providerStream) {
+            summary += chunk;
+            this.emitAgentEvent("report:chunk", { chunk });
+        }
+        if (!summary.trim()) {
+            summary = `Report for goal "${this.activePlan.goal}" generated without provider output.`;
+        }
+        const report = {
+            goal: this.activePlan.goal,
+            summary,
+            steps: this.executionResults,
+            startedAt,
+            completedAt,
+            metadata: {
+                ...metadata,
+                provider: this.provider.name
+            }
+        };
+        this.emitAgentEvent("report:complete", { report });
+        await this.trackTelemetry("report:complete", { goal: this.activePlan.goal });
+        return report;
+    }
+    emitAgentEvent(type, payload) {
+        const event = {
+            type,
+            payload,
+            timestamp: this.clock()
+        };
+        this.emit(type, event);
+    }
+    async trackTelemetry(type, payload) {
+        const event = {
+            type,
+            payload,
+            timestamp: this.clock()
+        };
+        try {
+            await this.telemetry?.track(event);
+        }
+        catch (error) {
+            this.logger.warn("Telemetry dispatch failed", error);
+        }
+    }
+}
+exports.AgentRuntime = AgentRuntime;
+function buildPlanPrompt(goal, context, modelTier) {
+    if (modelTier === "small") {
+        // Small / 4B models: minimal prompt — every token is precious and brevity
+        // reduces the chance of the model producing prose instead of JSON.
+        return [
+            "Respond with JSON only. Start with { and end with }. No other text.",
+            "",
+            'Schema: {"goal":string,"summary":string,"steps":[{"id":string,"title":string}]}',
+            "",
+            'Example: {"goal":"Fix login","summary":"Patch auth handler","steps":[{"id":"step-1","title":"Edit auth.ts"}]}',
+            "",
+            `Goal: ${goal}`,
+        ].join("\n");
+    }
+    // Medium / large models: fuller prompt with description field and file context.
+    const fileLimit = modelTier === "large" ? 8 : 5;
+    const files = context.files?.slice(0, fileLimit).join(", ") || "none";
+    return [
+        "You are Bandit Agent Runtime planner. Respond with JSON only — no markdown, no explanation.",
+        "",
+        "Return a JSON object exactly matching this schema:",
+        '{ "goal": string, "summary": string, "steps": [ { "id": string, "title": string, "description": string } ] }',
+        "",
+        "Example:",
+        '{ "goal": "Add TypeScript support", "summary": "Install TS and create tsconfig", "steps": [',
+        '  { "id": "step-1", "title": "Install TypeScript", "description": "Run npm install -D typescript" },',
+        '  { "id": "step-2", "title": "Create tsconfig.json", "description": "Write default tsconfig" }',
+        "]}",
+        "",
+        `Goal: ${goal}`,
+        `Relevant files: ${files}`,
+    ].join("\n");
+}
+function buildPlanPromptWithReminder(goal, context, previousResponse, modelTier) {
+    const snippet = previousResponse.slice(0, 200).replace(/\n/g, " ");
+    if (modelTier === "small") {
+        return [
+            "JSON only. No explanation. Your last response was not valid JSON.",
+            `Bad response: ${snippet}`,
+            "",
+            'Schema: {"goal":string,"summary":string,"steps":[{"id":string,"title":string}]}',
+            "",
+            `Goal: ${goal}`,
+            "Start with { and end with }",
+        ].join("\n");
+    }
+    const fileLimit = modelTier === "large" ? 8 : 5;
+    const files = context.files?.slice(0, fileLimit).join(", ") || "none";
+    return [
+        "You are Bandit Agent Runtime planner. Your previous response was not valid JSON.",
+        `Previous response (first 200 chars): ${snippet}`,
+        "",
+        "You MUST respond with ONLY a JSON object. No markdown code fences. No explanation. No other text.",
+        "Required schema:",
+        '{ "goal": string, "summary": string, "steps": [ { "id": string, "title": string, "description": string } ] }',
+        "",
+        `Goal: ${goal}`,
+        `Relevant files: ${files}`,
+        "",
+        "JSON only. Start your response with { and end with }",
+    ].join("\n");
+}
+function buildReportPrompt(plan, results) {
+    return [
+        "You are Bandit Agent Runtime reporter.",
+        "Generate a concise execution summary as markdown.",
+        "Focus on what changed and next steps.",
+        "Plan:",
+        JSON.stringify(plan, null, 2),
+        "Results:",
+        JSON.stringify(results, null, 2)
+    ].join("\n");
+}
+/**
+ * Attempt to extract and parse a JSON plan from a raw LLM response.
+ * Handles: clean JSON, JSON wrapped in markdown code fences, JSON with leading/trailing text.
+ * Returns null on failure instead of silently falling back.
+ */
+function extractJsonFromResponse(raw) {
+    const trimmed = raw.trim();
+    // Direct JSON parse
+    try {
+        return JSON.parse(trimmed);
+    }
+    catch { /* continue */ }
+    // Strip markdown code fences: ```json ... ``` or ``` ... ```
+    const fenceMatch = trimmed.match(/```(?:json)?\s*([\s\S]*?)```/);
+    if (fenceMatch?.[1]) {
+        try {
+            return JSON.parse(fenceMatch[1].trim());
+        }
+        catch { /* continue */ }
+    }
+    // Find first { ... } block in the response
+    const jsonStart = trimmed.indexOf('{');
+    const jsonEnd = trimmed.lastIndexOf('}');
+    if (jsonStart !== -1 && jsonEnd > jsonStart) {
+        try {
+            return JSON.parse(trimmed.slice(jsonStart, jsonEnd + 1));
+        }
+        catch { /* continue */ }
+    }
+    return null;
+}
+function tryParsePlan(raw, goal, clock) {
+    const now = clock();
+    const parsed = extractJsonFromResponse(raw);
+    if (!parsed || typeof parsed !== "object" || !Array.isArray(parsed.steps)) {
+        return buildFallbackPlan(goal, now);
+    }
+    const data = parsed;
+    const steps = data.steps.map((step, index) => ({
+        id: step.id ?? `step-${index + 1}`,
+        title: step.title ?? `Step ${index + 1}`,
+        description: step.description ?? "",
+        status: step.status ?? "pending",
+        metadata: step.metadata
+    }));
+    return {
+        id: typeof data.id === "string" ? data.id : `plan-${now}`,
+        goal: typeof data.goal === "string" ? data.goal : goal,
+        summary: typeof data.summary === "string" ? data.summary : `Plan for goal: ${goal}`,
+        steps,
+        createdAt: now,
+        version: "1.0.0"
+    };
+}
+function buildFallbackPlan(goal, timestamp) {
+    const steps = heuristicallyBreakGoal(goal).map((description, index) => ({
+        id: `step-${index + 1}`,
+        title: titleCase(description),
+        description,
+        status: "pending"
+    }));
+    return {
+        id: `plan-${timestamp}`,
+        goal,
+        summary: `Fallback plan generated for goal: ${goal}`,
+        steps,
+        createdAt: timestamp,
+        version: "0.1.0"
+    };
+}
+function heuristicallyBreakGoal(goal) {
+    const delimiters = [/ and /i, / then /i, /, /, / -> /];
+    for (const delimiter of delimiters) {
+        if (delimiter.test(goal)) {
+            return goal.split(delimiter).map((part) => part.trim()).filter(Boolean);
+        }
+    }
+    return [goal];
+}
+function titleCase(input) {
+    return input
+        .split(" ")
+        .map((word) => word.charAt(0).toUpperCase() + word.slice(1))
+        .join(" ");
+}
+//# sourceMappingURL=AgentRuntime.js.map

package/dist/runtime/AgentRuntime.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"AgentRuntime.js","sourceRoot":"","sources":["../../src/runtime/AgentRuntime.ts"],"names":[],"mappings":";;;AAWA,0DAA2D;AAkD3D,MAAM,aAAa,GAAgB;IACjC,KAAK,EAAE,CAAC,GAAG,IAAe,EAAE,EAAE;QAC5B,MAAM,GAAG,GAAG,OAAO,OAAO,KAAK,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS,CAAC;QACrE,IAAI,GAAG,EAAE,kBAAkB,EAAE,CAAC;YAC5B,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,GAAG,IAAI,CAAC,CAAC;QACzC,CAAC;IACH,CAAC;IACD,IAAI,EAAE,CAAC,GAAG,IAAe,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,IAAI,CAAC;IACnE,IAAI,EAAE,CAAC,GAAG,IAAe,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,EAAE,GAAG,IAAI,CAAC;IACnE,KAAK,EAAE,CAAC,GAAG,IAAe,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,GAAG,IAAI,CAAC;CACtE,CAAC;AAEF,MAAM,mBAAmB,GAAiB,KAAK,EAAE,EAAE,IAAI,EAAE,EAA+B,EAAE;IACxF,OAAO;QACL,MAAM,EAAE,IAAI,CAAC,MAAM,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,WAAW;QACzD,IAAI,EAAE,CAAC,kCAAkC,IAAI,CAAC,KAAK,IAAI,CAAC;KACzD,CAAC;AACJ,CAAC,CAAC;AAEF,MAAa,YAAa,SAAQ,iCAAiB;IAajD,YAAY,OAA4B;QACtC,KAAK,EAAE,CAAC;QAZF,eAAU,GAAqB,IAAI,CAAC;QACpC,qBAAgB,GAA2B,EAAE,CAAC;QAC9C,kBAAa,GAAkB,IAAI,CAAC;QACpC,qBAAgB,GAAkB,IAAI,CAAC;QAU7C,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,IAAI,CAAC,OAAO;YACV,OAAO,CAAC,OAAO;gBACd;oBACC,KAAK,EAAE,EAAE;oBACT,KAAK,EAAE,EAAE;iBACO,CAAC;QAErB,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,MAAM,IAAI,aAAa,CAAC;QAC9C,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,CAAC;QACnC,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QACjD,IAAI,CAAC,sBAAsB,GAAG,OAAO,CAAC,YAAY,CAAC;IACrD,CAAC;IAED,UAAU;QACR,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,UAAU,CAAC,OAAqB;QAC9B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,aAAa,CAAC,KAA4B;QACxC,IAAI,CAAC,OAAO,GAAG,EAAE,GAAG,IAAI,CAAC,OAAO,EAAE,GAAG,KAAK,EAAE,CAAC;QAC7C,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC;IACpE,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED,mBAAmB;QACjB,OAAO,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC;IACvC,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,IAAY,EAAE,UAAuB,EAAE;QAChD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yBAAyB,EAAE,IAAI,CAAC,CAAC;QAClD,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;QAClC,IAAI,CAAC,gBAAgB,GAAG,EAAE,CAAC;QAC3B,MAAM,aAAa,GAAG;YACpB,GAAG,IAAI,CAAC,OAAO;YACf,GAAG,OAAO,CAAC,OAAO;YAClB,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;SAClE,CAAC;QAEF,IAAI,CAAC,OAAO,GAAG,aAAa,CAAC;QAE7B,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,aAAa,EAAE,CAAC,CAAC;QAEpE,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,EAAE,SAA+B,CAAC;QACpE,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,EAAE,aAAa,EAAE,SAAS,CAAC,CAAC;QAC/D,MAAM,eAAe,GAAwB;YAC3C,IAAI,EAAE,MAAM;YACZ,QAAQ,EAAE,OAAO,CAAC,QAAQ;YAC1B,OAAO,EAAE,aAAa;SACvB,CAAC;QAEF,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QAC3D,IAAI,UAAU,GAAG,EAAE,CAAC;QAEpB,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YACjC,UAAU,IAAI,KAAK,CAAC;YACpB,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAC/C,CAAC;QAED,IAAI,IAAI,GAAG,YAAY,CAAC,UAAU,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QAEtD,uFAAuF;QACvF,IAAI,IAAI,CAAC,OAAO,KAAK,OAAO,EAAE,CAAC;YAC7B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,qEAAqE,CAAC,CAAC;YACxF,IAAI,CAAC,cAAc,CAAC,kBAAkB,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,UAAU,EAAE,CAAC,CAAC;YAC3E,MAAM,WAAW,GAAG,2BAA2B,CAAC,IAAI,EAAE,aAAa,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;YAC5F,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,eAAe,CAAC,CAAC;YACrE,IAAI,eAAe,GAAG,EAAE,CAAC;YACzB,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,WAAW,EAAE,CAAC;gBACtC,eAAe,IAAI,KAAK,CAAC;gBACzB,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;YAC/C,CAAC;YACD,MAAM,SAAS,GAAG,YAAY,CAAC,eAAe,EAAE,IAAI,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;YAClE,IAAI,SAAS,CAAC,OAAO,KAAK,OAAO,EAAE,CAAC;gBAClC,IAAI,GAAG,SAAS,CAAC;YACnB,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC;gBAC9E,IAAI,CAAC,cAAc,CAAC,mBAAmB,EAAE;oBACvC,IAAI;oBACJ,WAAW,EAAE,eAAe;oBAC5B,KAAK,EAAE,wDAAwD;iBAChE,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAED,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QAEvB,IAAI,CAAC,cAAc,CAAC,eAAe,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;QAC/C,MAAM,IAAI,CAAC,cAAc,CAAC,eAAe,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QACnF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,UAA0B,EAAE;QACxC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAC;QACjF,CAAC;QAED,IAAI,CAAC,gBAAgB,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;QACrC,IAAI,CAAC,gBAAgB,GAAG,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,OAAO,CAAC,YAAY,IAAI,IAAI,CAAC,sBAAsB,IAAI,mBAAmB,CAAC;QAE5F,MAAM,OAAO,GAA2B,EAAE,CAAC;QAC3C,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;YACzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;YAC3B,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;YAC5C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,kBAAkB,IAAI,CAAC,EAAE,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;YAC7D,IAAI,MAA0B,CAAC;YAE/B,IAAI,CAAC;gBACH,MAAM,GAAG,MAAM,QAAQ,CAAC;oBACtB,IAAI;oBACJ,IAAI,EAAE,IAAI,CAAC,UAAU;oBACrB,OAAO,EAAE,IAAI,CAAC,OAAO;oBACrB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,SAAS,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,OAAO,CAAC;oBAChE,MAAM,EAAE,IAAI,CAAC,MAAM;iBACpB,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,IAAI,CAAC,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;gBACnD,MAAM,GAAG;oBACP,MAAM,EAAE,QAAQ;oBAChB,IAAI,EAAE,CAAC,MAAM,CAAC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;iBAC/D,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAAoB,MAAM,CAAC,MAAM,IAAI,WAAW,CAAC;YAE7D,MAAM,eAAe,GAAyB;gBAC5C,MAAM,EAAE,IAAI,CAAC,EAAE;gBACf,MAAM;gBACN,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,QAAQ,EAAE;oBACR,GAAG,CAAC,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC;oBAC1B,UAAU,EAAE,IAAI,CAAC,KAAK,EAAE,GAAG,KAAK;iBACjC;aACF,CAAC;YAEF,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YAC9B,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YAE5C,IAAI,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,CAAC;gBACjC,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,eAAe,CAAC,IAAI,EAAE,CAAC,CAAC;YAC1E,CAAC;YAED,IAAI,CAAC,cAAc,CAAC,eAAe,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC,CAAC;QAC1E,CAAC;QAED,MAAM,IAAI,CAAC,cAAc,CAAC,kBAAkB,EAAE;YAC5C,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,EAAE;YAC1B,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;YAC5B,OAAO;SACR,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,WAAoC,EAAE;QACjD,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACrB,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;QAChF,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QACrD,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;QAEjC,MAAM,cAAc,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,CACvC,iBAAiB,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,gBAAgB,CAAC,EACzD;YACE,IAAI,EAAE,QAAQ;YACd,QAAQ;YACR,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CACF,CAAC;QAEF,IAAI,OAAO,GAAG,EAAE,CAAC;QACjB,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,cAAc,EAAE,CAAC;YACzC,OAAO,IAAI,KAAK,CAAC;YACjB,IAAI,CAAC,cAAc,CAAC,cAAc,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QACjD,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;YACpB,OAAO,GAAG,oBAAoB,IAAI,CAAC,UAAU,CAAC,IAAI,sCAAsC,CAAC;QAC3F,CAAC;QAED,MAAM,MAAM,GAAgB;YAC1B,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI;YAC1B,OAAO;YACP,KAAK,EAAE,IAAI,CAAC,gBAAgB;YAC5B,SAAS;YACT,WAAW;YACX,QAAQ,EAAE;gBACR,GAAG,QAAQ;gBACX,QAAQ,EAAE,IAAI,CAAC,QAAQ,CAAC,IAAI;aAC7B;SACF,CAAC;QAEF,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC;QACnD,MAAM,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7E,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,cAAc,CAAC,IAAY,EAAE,OAAiB;QACpD,MAAM,KAAK,GAAe;YACxB,IAAI;YACJ,OAAO;YACP,SAAS,EAAE,IAAI,CAAC,KAAK,EAAE;SACxB,CAAC;QAEF,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACzB,CAAC;IAEO,KAAK,CAAC,cAAc,CAAC,IAAY,EAAE,OAAiB;QAC1D,MAAM,KAAK,GAAe;YACxB,IAAI;YACJ,OAAO;YACP,SAAS,EAAE,IAAI,CAAC,KAAK,EAAE;SACxB,CAAC;QACF,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QACrC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;CACF;AArPD,oCAqPC;AAED,SAAS,eAAe,CAAC,IAAY,EAAE,OAAqB,EAAE,SAAkB;IAC9E,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;QAC1B,0EAA0E;QAC1E,mEAAmE;QACnE,OAAO;YACL,qEAAqE;YACrE,EAAE;YACF,iFAAiF;YACjF,EAAE;YACF,+GAA+G;YAC/G,EAAE;YACF,SAAS,IAAI,EAAE;SAChB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACf,CAAC;IAED,gFAAgF;IAChF,MAAM,SAAS,GAAG,SAAS,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC;IACtE,OAAO;QACL,6FAA6F;QAC7F,EAAE;QACF,oDAAoD;QACpD,8GAA8G;QAC9G,EAAE;QACF,UAAU;QACV,6FAA6F;QAC7F,sGAAsG;QACtG,gGAAgG;QAChG,IAAI;QACJ,EAAE;QACF,SAAS,IAAI,EAAE;QACf,mBAAmB,KAAK,EAAE;KAC3B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAS,2BAA2B,CAAC,IAAY,EAAE,OAAqB,EAAE,gBAAwB,EAAE,SAAkB;IACpH,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;IAEnE,IAAI,SAAS,KAAK,OAAO,EAAE,CAAC;QAC1B,OAAO;YACL,mEAAmE;YACnE,iBAAiB,OAAO,EAAE;YAC1B,EAAE;YACF,iFAAiF;YACjF,EAAE;YACF,SAAS,IAAI,EAAE;YACf,6BAA6B;SAC9B,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACf,CAAC;IAED,MAAM,SAAS,GAAG,SAAS,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,MAAM,CAAC;IACtE,OAAO;QACL,kFAAkF;QAClF,wCAAwC,OAAO,EAAE;QACjD,EAAE;QACF,mGAAmG;QACnG,kBAAkB;QAClB,8GAA8G;QAC9G,EAAE;QACF,SAAS,IAAI,EAAE;QACf,mBAAmB,KAAK,EAAE;QAC1B,EAAE;QACF,sDAAsD;KACvD,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAe,EAAE,OAA+B;IACzE,OAAO;QACL,wCAAwC;QACxC,mDAAmD;QACnD,uCAAuC;QACvC,OAAO;QACP,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7B,UAAU;QACV,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;KACjC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACf,CAAC;AAED;;;;GAIG;AACH,SAAS,uBAAuB,CAAC,GAAW;IAC1C,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,EAAE,CAAC;IAE3B,oBAAoB;IACpB,IAAI,CAAC;QAAC,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,cAAc,CAAC,CAAC;IAE5D,6DAA6D;IAC7D,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;IACjE,IAAI,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACpB,IAAI,CAAC;YAAC,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,cAAc,CAAC,CAAC;IAC3E,CAAC;IAED,2CAA2C;IAC3C,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,OAAO,GAAG,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;IACzC,IAAI,SAAS,KAAK,CAAC,CAAC,IAAI,OAAO,GAAG,SAAS,EAAE,CAAC;QAC5C,IAAI,CAAC;YAAC,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,EAAE,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,cAAc,CAAC,CAAC;IAC5F,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,YAAY,CAAC,GAAW,EAAE,IAAY,EAAE,KAAmB;IAClE,MAAM,GAAG,GAAG,KAAK,EAAE,CAAC;IACpB,MAAM,MAAM,GAAG,uBAAuB,CAAC,GAAG,CAAC,CAAC;IAE5C,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAE,MAAkC,CAAC,KAAK,CAAC,EAAE,CAAC;QACvG,OAAO,iBAAiB,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IACtC,CAAC;IAED,MAAM,IAAI,GAAG,MAAiC,CAAC;IAC/C,MAAM,KAAK,GAAiB,IAAI,CAAC,KAA8B,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QACpF,EAAE,EAAE,IAAI,CAAC,EAAE,IAAI,QAAQ,KAAK,GAAG,CAAC,EAAE;QAClC,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,QAAQ,KAAK,GAAG,CAAC,EAAE;QACxC,WAAW,EAAE,IAAI,CAAC,WAAW,IAAI,EAAE;QACnC,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,SAAS;QAChC,QAAQ,EAAE,IAAI,CAAC,QAAQ;KACxB,CAAC,CAAC,CAAC;IAEJ,OAAO;QACL,EAAE,EAAE,OAAO,IAAI,CAAC,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,GAAG,EAAE;QACzD,IAAI,EAAE,OAAO,IAAI,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;QACtD,OAAO,EAAE,OAAO,IAAI,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,kBAAkB,IAAI,EAAE;QACnF,KAAK;QACL,SAAS,EAAE,GAAG;QACd,OAAO,EAAE,OAAO;KACjB,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,IAAY,EAAE,SAAiB;IACxD,MAAM,KAAK,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,KAAK,EAAE,EAAE,CAAC,CAAC;QACtE,EAAE,EAAE,QAAQ,KAAK,GAAG,CAAC,EAAE;QACvB,KAAK,EAAE,SAAS,CAAC,WAAW,CAAC;QAC7B,WAAW;QACX,MAAM,EAAE,SAA4B;KACrC,CAAC,CAAC,CAAC;IAEJ,OAAO;QACL,EAAE,EAAE,QAAQ,SAAS,EAAE;QACvB,IAAI;QACJ,OAAO,EAAE,qCAAqC,IAAI,EAAE;QACpD,KAAK;QACL,SAAS,EAAE,SAAS;QACpB,OAAO,EAAE,OAAO;KACjB,CAAC;AACJ,CAAC;AAED,SAAS,sBAAsB,CAAC,IAAY;IAC1C,MAAM,UAAU,GAAG,CAAC,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;IACvD,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE,CAAC;QACnC,IAAI,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;QAC1E,CAAC;IACH,CAAC;IAED,OAAO,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,SAAS,CAAC,KAAa;IAC9B,OAAO,KAAK;SACT,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;SAC3D,IAAI,CAAC,GAAG,CAAC,CAAC;AACf,CAAC"}

package/dist/security/secretPatterns.d.ts

@@ -0,0 +1,76 @@
+/**
+ * Secret-leak protection. Tool output (file reads, command
+ * stdout, search results) routinely surfaces API keys, OAuth tokens,
+ * and private keys when the user asks the agent to inspect dotfiles,
+ * environment variables, or anything else that touches credentials.
+ * Without redaction, those tokens land in:
+ *
+ * 1. The model's context window → the model may echo them in its
+ * next response, embed them in a tool call, or hallucinate
+ * surrounding prose that quotes them verbatim
+ * 2. The user's terminal → secrets sit in the scrollback,
+ * visible to over-shoulder readers and any screen-sharing flow
+ * 3. The session log on disk → ~/.bandit/sessions/*.jsonl
+ * persists raw secrets indefinitely, becoming a target if
+ * that file is ever shared (bug reports, etc.)
+ *
+ * The redactor is the single source of truth for "what looks like a
+ * secret." Patterns target high-confidence formats (known prefixes,
+ * stable lengths) — we deliberately do NOT redact generic
+ * high-entropy strings because false positives are corrosive (the
+ * agent loses the ability to reason about real data that happens to
+ * look secret-shaped).
+ *
+ * Each pattern has a `kind` label so the redaction replaces the match
+ * with a typed token like `<REDACTED:github-pat>` — preserves enough
+ * structure for the model (and the user) to understand what kind of
+ * thing was hidden without leaking the value.
+ */
+export interface SecretPattern {
+    /** Stable identifier used in the replacement token + telemetry. */
+    kind: string;
+    /** Human-readable label used in user-facing summaries. */
+    label: string;
+    /** Detection regex. MUST use the `g` flag (replace-all). */
+    re: RegExp;
+}
+/**
+ * Built-in secret patterns. Each entry is a high-confidence format with
+ * either a recognized prefix or a strict length/charset constraint.
+ *
+ * Order matters: longer / more-specific patterns must match BEFORE
+ * shorter / more-generic ones, otherwise a fine-grained PAT would be
+ * partially matched by the classic-PAT pattern. We rely on the regex
+ * engine matching in source order via the array iteration below.
+ */
+export declare const BUILTIN_SECRET_PATTERNS: SecretPattern[];
+/**
+ * Result of a redaction pass. The text is the masked output; counts
+ * and kinds tell the host how many secrets were found so it can show
+ * a small "redacted N secrets" footer if it wants to.
+ */
+export interface RedactionResult {
+    text: string;
+    redactionCount: number;
+    /** Kinds detected, deduplicated. Order matches first-occurrence. */
+    kinds: string[];
+}
+/**
+ * Apply all built-in patterns to a string. Replaces each match with
+ * `<REDACTED:{kind}>`. The replacement is intentionally short so the
+ * model can still reason about the surrounding text without burning
+ * context on long placeholder tokens.
+ *
+ * The `env-secret` pattern is special: it preserves the variable name
+ * and only redacts the value. So `GITHUB_TOKEN=ghp_abc...` becomes
+ * `GITHUB_TOKEN=<REDACTED:env-secret>` — the model can still see WHAT
+ * variable was set without seeing its value. For all other patterns
+ * the whole match is replaced.
+ */
+export declare function redactSecrets(text: string, patterns?: SecretPattern[]): RedactionResult;
+/**
+ * Convenience helper used by callers that don't need the metadata —
+ * just want the masked string. Equivalent to redactSecrets(text).text.
+ */
+export declare function redactSecretsString(text: string): string;
+//# sourceMappingURL=secretPatterns.d.ts.map

package/dist/security/secretPatterns.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secretPatterns.d.ts","sourceRoot":"","sources":["../../src/security/secretPatterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AAEH,MAAM,WAAW,aAAa;IAC5B,mEAAmE;IACnE,IAAI,EAAE,MAAM,CAAC;IACb,0DAA0D;IAC1D,KAAK,EAAE,MAAM,CAAC;IACd,4DAA4D;IAC5D,EAAE,EAAE,MAAM,CAAC;CACZ;AAED;;;;;;;;GAQG;AACH,eAAO,MAAM,uBAAuB,EAAE,aAAa,EAiLlD,CAAC;AAEF;;;;GAIG;AACH,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,cAAc,EAAE,MAAM,CAAC;IACvB,oEAAoE;IACpE,KAAK,EAAE,MAAM,EAAE,CAAC;CACjB;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,aAAa,CAC3B,IAAI,EAAE,MAAM,EACZ,QAAQ,GAAE,aAAa,EAA4B,GAClD,eAAe,CAuDjB;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAExD"}