@juspay/yama 1.1.1 → 1.2.0

package/CHANGELOG.md

@@ -1,3 +1,10 @@
+# [1.2.0](https://github.com/juspay/yama/compare/v1.1.1...v1.2.0) (2025-08-08)
+
+
+### Features
+
+* **Memory:** support memory bank path and maxToken from config file ([1bc69d5](https://github.com/juspay/yama/commit/1bc69d5bda3ac5868d7537b881007beaf6916476))
+
 ## [1.1.1](https://github.com/juspay/yama/compare/v1.1.0...v1.1.1) (2025-07-28)
 
 

package/README.md

@@ -477,7 +477,7 @@ await guardian.processPR({
 });
 ```
 
----
+----
 
 ## 📋 **Configurable Description Sections**
 

package/dist/core/ContextGatherer.d.ts

@@ -2,7 +2,7 @@
  * Unified Context Gatherer - The foundation for all Yama operations
  * Gathers all necessary context once and reuses it across all operations
  */
-import { PRIdentifier, PRInfo, PRDiff, AIProviderConfig, DiffStrategyConfig } from "../types/index.js";
+import { PRIdentifier, PRInfo, PRDiff, AIProviderConfig, DiffStrategyConfig, MemoryBankConfig } from "../types/index.js";
 import { BitbucketProvider } from "./providers/BitbucketProvider.js";
 export interface ProjectContext {
     memoryBank: {
@@ -36,8 +36,9 @@ export declare class ContextGatherer {
     private neurolink;
     private bitbucketProvider;
     private aiConfig;
+    private memoryBankManager;
     private startTime;
-    constructor(bitbucketProvider: BitbucketProvider, aiConfig: AIProviderConfig);
+    constructor(bitbucketProvider: BitbucketProvider, aiConfig: AIProviderConfig, memoryBankConfig: MemoryBankConfig);
     /**
      * Main context gathering method - used by all operations
      */
@@ -56,6 +57,10 @@ export declare class ContextGatherer {
      * Step 2: Gather project context (memory bank + clinerules)
      */
     private gatherProjectContext;
+    /**
+     * Get safe token limit based on AI provider using shared utility
+     */
+    private getSafeTokenLimit;
     /**
      * Parse project context with AI
      */
@@ -101,5 +106,5 @@ export declare class ContextGatherer {
      */
     getStats(): any;
 }
-export declare function createContextGatherer(bitbucketProvider: BitbucketProvider, aiConfig: AIProviderConfig): ContextGatherer;
+export declare function createContextGatherer(bitbucketProvider: BitbucketProvider, aiConfig: AIProviderConfig, memoryBankConfig: MemoryBankConfig): ContextGatherer;
 //# sourceMappingURL=ContextGatherer.d.ts.map

package/dist/core/ContextGatherer.js

@@ -6,14 +6,18 @@
 import { ProviderError, } from "../types/index.js";
 import { logger } from "../utils/Logger.js";
 import { cache, Cache } from "../utils/Cache.js";
+import { createMemoryBankManager } from "../utils/MemoryBankManager.js";
+import { getProviderTokenLimit } from "../utils/ProviderLimits.js";
 export class ContextGatherer {
     neurolink;
     bitbucketProvider;
     aiConfig;
+    memoryBankManager;
     startTime = 0;
-    constructor(bitbucketProvider, aiConfig) {
+    constructor(bitbucketProvider, aiConfig, memoryBankConfig) {
         this.bitbucketProvider = bitbucketProvider;
         this.aiConfig = aiConfig;
+        this.memoryBankManager = createMemoryBankManager(memoryBankConfig, bitbucketProvider);
     }
     /**
      * Main context gathering method - used by all operations
@@ -122,10 +126,10 @@ export class ContextGatherer {
         }
         return cache.getOrSet(cacheKey, async () => {
             try {
-                // Get memory-bank directory listing
-                const memoryBankFiles = await this.bitbucketProvider.listDirectoryContent(identifier.workspace, identifier.repository, "memory-bank", identifier.branch || "main");
-                if (!memoryBankFiles.length) {
-                    logger.debug("No memory-bank directory found");
+                // Use MemoryBankManager to get memory bank files
+                const memoryBankResult = await this.memoryBankManager.getMemoryBankFiles(identifier, forceRefresh);
+                if (memoryBankResult.files.length === 0) {
+                    logger.debug("No memory bank files found");
                     return {
                         memoryBank: {
                             summary: "No project context available",
@@ -137,19 +141,12 @@ export class ContextGatherer {
                         filesProcessed: 0,
                     };
                 }
-                // Get content of each memory bank file
+                // Convert MemoryBankFile[] to Record<string, string> for AI processing
                 const fileContents = {};
-                const files = memoryBankFiles.filter((f) => f.type === "file");
-                for (const file of files) {
-                    try {
-                        fileContents[file.name] =
-                            await this.bitbucketProvider.getFileContent(identifier.workspace, identifier.repository, `memory-bank/${file.name}`, identifier.branch || "main");
-                        logger.debug(`✓ Got content for: ${file.name}`);
-                    }
-                    catch (error) {
-                        logger.debug(`Could not read file ${file.name}: ${error.message}`);
-                    }
-                }
+                memoryBankResult.files.forEach((file) => {
+                    fileContents[file.name] = file.content;
+                });
+                logger.debug(`✓ Loaded ${memoryBankResult.files.length} memory bank files from ${memoryBankResult.resolvedPath}${memoryBankResult.fallbackUsed ? " (fallback)" : ""}`);
                 // Get .clinerules file
                 let clinerules = "";
                 try {
@@ -171,7 +168,7 @@ Standards: ${contextData.standards}`,
                         standards: contextData.standards,
                     },
                     clinerules,
-                    filesProcessed: Object.keys(fileContents).length,
+                    filesProcessed: memoryBankResult.filesProcessed,
                 };
             }
             catch (error) {
@@ -189,6 +186,23 @@ Standards: ${contextData.standards}`,
             }
         }, 7200);
     }
+    /**
+     * Get safe token limit based on AI provider using shared utility
+     */
+    getSafeTokenLimit() {
+        const provider = this.aiConfig.provider || "auto";
+        const configuredTokens = this.aiConfig.maxTokens;
+        // Use conservative limits for ContextGatherer (safer for large context processing)
+        const providerLimit = getProviderTokenLimit(provider, true);
+        // Use the smaller of configured tokens or provider limit
+        if (configuredTokens && configuredTokens > 0) {
+            const safeLimit = Math.min(configuredTokens, providerLimit);
+            logger.debug(`Token limit: configured=${configuredTokens}, provider=${providerLimit}, using=${safeLimit}`);
+            return safeLimit;
+        }
+        logger.debug(`Token limit: using provider default=${providerLimit} for ${provider}`);
+        return providerLimit;
+    }
     /**
      * Parse project context with AI
      */
@@ -219,13 +233,18 @@ Extract and summarize the content and return ONLY this JSON format:
                 hasClinerules: !!clinerules,
                 analysisType: "memory-bank-synthesis",
             };
+            // Get safe token limit based on provider
+            const safeMaxTokens = this.getSafeTokenLimit();
+            logger.debug(`Using AI provider: ${this.aiConfig.provider || "auto"}`);
+            logger.debug(`Configured maxTokens: ${this.aiConfig.maxTokens}`);
+            logger.debug(`Safe maxTokens limit: ${safeMaxTokens}`);
             const result = await this.neurolink.generate({
                 input: { text: prompt },
                 systemPrompt: "You are an Expert Project Analyst. Synthesize project context from documentation and configuration files to help AI understand the codebase architecture, patterns, and business domain.",
                 provider: this.aiConfig.provider,
                 model: this.aiConfig.model,
                 temperature: 0.3,
-                maxTokens: Math.max(this.aiConfig.maxTokens || 0, 500000), // Quality first - always use higher limit
+                maxTokens: safeMaxTokens, // Use provider-aware safe token limit
                 timeout: "10m", // Allow longer processing for quality
                 context: aiContext,
                 enableAnalytics: this.aiConfig.enableAnalytics || true,
@@ -445,7 +464,7 @@ Extract and summarize the content and return ONLY this JSON format:
     }
 }
 // Export factory function
-export function createContextGatherer(bitbucketProvider, aiConfig) {
-    return new ContextGatherer(bitbucketProvider, aiConfig);
+export function createContextGatherer(bitbucketProvider, aiConfig, memoryBankConfig) {
+    return new ContextGatherer(bitbucketProvider, aiConfig, memoryBankConfig);
 }
 //# sourceMappingURL=ContextGatherer.js.map

package/dist/core/Guardian.js

@@ -43,7 +43,11 @@ export class Guardian {
             const { NeuroLink } = await import("@juspay/neurolink");
             this.neurolink = new NeuroLink();
             // Initialize core components
-            this.contextGatherer = new ContextGatherer(this.bitbucketProvider, this.config.providers.ai);
+            this.contextGatherer = new ContextGatherer(this.bitbucketProvider, this.config.providers.ai, this.config.memoryBank || {
+                enabled: true,
+                path: "memory-bank",
+                fallbackPaths: ["docs/memory-bank", ".memory-bank"],
+            });
             this.codeReviewer = new CodeReviewer(this.bitbucketProvider, this.config.providers.ai, this.config.features.codeReview);
             this.descriptionEnhancer = new DescriptionEnhancer(this.bitbucketProvider, this.config.providers.ai);
             this.initialized = true;

package/dist/features/CodeReviewer.d.ts

@@ -51,6 +51,10 @@ export declare class CodeReviewer {
      * Legacy method - kept for compatibility but simplified
      */
     private buildAnalysisPrompt;
+    /**
+     * Get safe token limit based on AI provider using shared utility
+     */
+    private getSafeTokenLimit;
     /**
      * Analyze code with AI using the enhanced prompt
      */

package/dist/features/CodeReviewer.js

@@ -5,6 +5,7 @@
 // NeuroLink will be dynamically imported
 import { ProviderError, } from "../types/index.js";
 import { logger } from "../utils/Logger.js";
+import { getProviderTokenLimit } from "../utils/ProviderLimits.js";
 export class CodeReviewer {
     neurolink;
     bitbucketProvider;
@@ -397,6 +398,23 @@ Return ONLY valid JSON:
         // Legacy method - now delegates to new structure
         return this.buildCoreAnalysisPrompt(context);
     }
+    /**
+     * Get safe token limit based on AI provider using shared utility
+     */
+    getSafeTokenLimit() {
+        const provider = this.aiConfig.provider || "auto";
+        const configuredTokens = this.aiConfig.maxTokens;
+        // Use conservative limits for CodeReviewer (safer for large diffs)
+        const providerLimit = getProviderTokenLimit(provider, true);
+        // Use the smaller of configured tokens or provider limit
+        if (configuredTokens && configuredTokens > 0) {
+            const safeLimit = Math.min(configuredTokens, providerLimit);
+            logger.debug(`Token limit: configured=${configuredTokens}, provider=${providerLimit}, using=${safeLimit}`);
+            return safeLimit;
+        }
+        logger.debug(`Token limit: using provider default=${providerLimit} for ${provider}`);
+        return providerLimit;
+    }
     /**
      * Analyze code with AI using the enhanced prompt
      */
@@ -427,13 +445,18 @@ Return ONLY valid JSON:
             };
             // Simplified, focused prompt without context pollution
             const corePrompt = this.buildCoreAnalysisPrompt(context);
+            // Get safe token limit based on provider
+            const safeMaxTokens = this.getSafeTokenLimit();
+            logger.debug(`Using AI provider: ${this.aiConfig.provider || "auto"}`);
+            logger.debug(`Configured maxTokens: ${this.aiConfig.maxTokens}`);
+            logger.debug(`Safe maxTokens limit: ${safeMaxTokens}`);
             const result = await this.neurolink.generate({
                 input: { text: corePrompt },
                 systemPrompt: this.getSecurityReviewSystemPrompt(),
                 provider: this.aiConfig.provider || "auto", // Auto-select best provider
                 model: this.aiConfig.model || "best", // Use most capable model
                 temperature: this.aiConfig.temperature || 0.3, // Lower for more focused analysis
-                maxTokens: Math.max(this.aiConfig.maxTokens || 0, 2000000), // Quality first - always use higher limit
+                maxTokens: safeMaxTokens, // Use provider-aware safe token limit
                 timeout: "15m", // Allow plenty of time for thorough analysis
                 context: aiContext,
                 enableAnalytics: this.aiConfig.enableAnalytics || true,

package/dist/types/index.d.ts

@@ -233,6 +233,7 @@ export interface GuardianConfig {
         securityScan?: SecurityScanConfig;
         analytics?: AnalyticsConfig;
     };
+    memoryBank?: MemoryBankConfig;
     cache?: CacheConfig;
     performance?: PerformanceConfig;
     rules?: CustomRulesConfig;
@@ -277,6 +278,11 @@ export interface AnalyticsConfig {
     trackMetrics: boolean;
     exportFormat: "json" | "csv" | "yaml";
 }
+export interface MemoryBankConfig {
+    enabled: boolean;
+    path: string;
+    fallbackPaths?: string[];
+}
 export interface CacheConfig {
     enabled: boolean;
     ttl: string;

package/dist/utils/Cache.d.ts

@@ -57,6 +57,10 @@ export declare class Cache implements ICache {
      * Invalidate all keys with a specific tag
      */
     invalidateTag(tag: string): number;
+    /**
+     * Invalidate all keys matching a pattern
+     */
+    invalidatePattern(pattern: string): number;
     /**
      * Cache key generators for common patterns
      */
@@ -69,6 +73,7 @@ export declare class Cache implements ICache {
         aiResponse: (prompt: string, provider: string, model: string) => string;
         projectContext: (workspace: string, repository: string, branch: string) => string;
         reviewResult: (workspace: string, repository: string, prId: string | number, configHash: string) => string;
+        memoryBankFiles: (workspace: string, repository: string, branch: string, path: string) => string;
     };
     /**
      * Smart cache warming for common patterns

package/dist/utils/Cache.js

@@ -166,6 +166,21 @@ export class Cache {
         logger.debug(`Invalidated tag "${tag}": ${deleted} keys`);
         return deleted;
     }
+    /**
+     * Invalidate all keys matching a pattern
+     */
+    invalidatePattern(pattern) {
+        const regex = new RegExp(pattern.replace(/\*/g, ".*"));
+        const allKeys = this.keys();
+        let deleted = 0;
+        allKeys.forEach((key) => {
+            if (regex.test(key)) {
+                deleted += this.del(key);
+            }
+        });
+        logger.debug(`Invalidated pattern "${pattern}": ${deleted} keys`);
+        return deleted;
+    }
     /**
      * Cache key generators for common patterns
      */
@@ -182,6 +197,7 @@ export class Cache {
         },
         projectContext: (workspace, repository, branch) => `context:${workspace}:${repository}:${branch}`,
         reviewResult: (workspace, repository, prId, configHash) => `review:${workspace}:${repository}:${prId}:${configHash}`,
+        memoryBankFiles: (workspace, repository, branch, path) => `memory-bank:${workspace}:${repository}:${branch}:${path}`,
     };
     /**
      * Smart cache warming for common patterns

package/dist/utils/ConfigManager.d.ts

@@ -23,6 +23,10 @@ export declare class ConfigManager {
      * Load configuration from a specific file
      */
     private loadConfigFile;
+    /**
+     * Apply provider-aware token limits using shared utility
+     */
+    private applyProviderTokenLimits;
     /**
      * Apply environment variable overrides
      */

package/dist/utils/ConfigManager.js

@@ -8,6 +8,7 @@ import yaml from "yaml";
 import { homedir } from "os";
 import { ConfigurationError } from "../types/index.js";
 import { logger } from "./Logger.js";
+import { validateProviderTokenLimit } from "./ProviderLimits.js";
 export class ConfigManager {
     config = null;
     configPaths = [];
@@ -24,7 +25,7 @@ export class ConfigManager {
                 timeout: "10m",
                 retryAttempts: 3,
                 temperature: 0.3,
-                maxTokens: 1000000,
+                maxTokens: 65000,
             },
             git: {
                 platform: "bitbucket",
@@ -143,6 +144,11 @@ export class ConfigManager {
             exportFormat: "json",
             interval: "5m",
         },
+        memoryBank: {
+            enabled: true,
+            path: "memory-bank",
+            fallbackPaths: ["docs/memory-bank", ".memory-bank"],
+        },
     };
     constructor() {
         this.setupConfigPaths();
@@ -205,6 +211,8 @@ export class ConfigManager {
         }
         // Override with environment variables
         config = this.applyEnvironmentOverrides(config);
+        // Apply provider-aware token limits
+        config = this.applyProviderTokenLimits(config);
         // Validate configuration
         this.validateConfig(config);
         this.config = config;
@@ -232,6 +240,18 @@ export class ConfigManager {
             throw new ConfigurationError(`Failed to parse config file ${filePath}: ${error.message}`);
         }
     }
+    /**
+     * Apply provider-aware token limits using shared utility
+     */
+    applyProviderTokenLimits(config) {
+        const provider = config.providers.ai.provider || 'auto';
+        const configuredTokens = config.providers.ai.maxTokens;
+        // Use the shared utility to validate and adjust token limits
+        const validatedTokens = validateProviderTokenLimit(provider, configuredTokens, false // Use standard limits for configuration
+        );
+        config.providers.ai.maxTokens = validatedTokens;
+        return config;
+    }
     /**
      * Apply environment variable overrides
      */

package/dist/utils/MemoryBankManager.d.ts

@@ -0,0 +1,73 @@
+/**
+ * Memory Bank Manager - Handles configurable memory bank operations
+ * Provides abstraction for memory bank file access with fallback support
+ */
+import { MemoryBankConfig, PRIdentifier } from "../types/index.js";
+import { BitbucketProvider } from "../core/providers/BitbucketProvider.js";
+export interface MemoryBankFile {
+    name: string;
+    content: string;
+    path: string;
+}
+export interface MemoryBankResult {
+    files: MemoryBankFile[];
+    resolvedPath: string;
+    filesProcessed: number;
+    fallbackUsed: boolean;
+}
+export declare class MemoryBankManager {
+    private config;
+    private bitbucketProvider;
+    constructor(config: MemoryBankConfig, bitbucketProvider: BitbucketProvider);
+    /**
+     * Get memory bank files from the configured path with fallback support
+     */
+    getMemoryBankFiles(identifier: PRIdentifier, forceRefresh?: boolean): Promise<MemoryBankResult>;
+    /**
+     * Try to get files from a specific path
+     */
+    private tryGetFilesFromPath;
+    /**
+     * Get the effective memory bank path (resolved after fallback logic)
+     */
+    getEffectiveMemoryBankPath(identifier: PRIdentifier): Promise<string | null>;
+    /**
+     * Check if memory bank exists at any configured path
+     */
+    hasMemoryBank(identifier: PRIdentifier): Promise<boolean>;
+    /**
+     * Get memory bank configuration
+     */
+    getConfig(): MemoryBankConfig;
+    /**
+     * Update memory bank configuration
+     */
+    updateConfig(newConfig: Partial<MemoryBankConfig>): void;
+    /**
+     * Validates that a path is safe for use as a relative path
+     * Protects against path traversal attacks including encoded variants
+     */
+    private static isSafeRelativePath;
+    /**
+     * Validate memory bank configuration
+     */
+    private validateConfig;
+    /**
+     * Clear memory bank cache for a specific repository
+     */
+    clearCache(identifier: PRIdentifier): void;
+    /**
+     * Get memory bank statistics
+     */
+    getStats(identifier: PRIdentifier): Promise<{
+        enabled: boolean;
+        primaryPath: string;
+        fallbackPaths: string[];
+        hasMemoryBank: boolean;
+        resolvedPath: string | null;
+        fileCount: number;
+        cacheHits: number;
+    }>;
+}
+export declare function createMemoryBankManager(config: MemoryBankConfig, bitbucketProvider: BitbucketProvider): MemoryBankManager;
+//# sourceMappingURL=MemoryBankManager.d.ts.map

package/dist/utils/MemoryBankManager.js

@@ -0,0 +1,310 @@
+/**
+ * Memory Bank Manager - Handles configurable memory bank operations
+ * Provides abstraction for memory bank file access with fallback support
+ */
+import { ConfigurationError } from "../types/index.js";
+import { logger } from "./Logger.js";
+import { cache, Cache } from "./Cache.js";
+export class MemoryBankManager {
+    config;
+    bitbucketProvider;
+    constructor(config, bitbucketProvider) {
+        this.config = config;
+        this.bitbucketProvider = bitbucketProvider;
+        this.validateConfig();
+    }
+    /**
+     * Get memory bank files from the configured path with fallback support
+     */
+    async getMemoryBankFiles(identifier, forceRefresh = false) {
+        if (!this.config.enabled) {
+            logger.debug("Memory bank is disabled in configuration");
+            return {
+                files: [],
+                resolvedPath: "",
+                filesProcessed: 0,
+                fallbackUsed: false,
+            };
+        }
+        const cacheKey = Cache.keys.memoryBankFiles(identifier.workspace, identifier.repository, identifier.branch || "main", this.config.path);
+        if (!forceRefresh && cache.has(cacheKey)) {
+            logger.debug("Using cached memory bank files");
+            return cache.get(cacheKey);
+        }
+        logger.debug(`Gathering memory bank files from configured paths...`);
+        // Try primary path first
+        const primaryResult = await this.tryGetFilesFromPath(identifier, this.config.path);
+        if (primaryResult.files.length > 0) {
+            const result = {
+                ...primaryResult,
+                resolvedPath: this.config.path,
+                fallbackUsed: false,
+            };
+            // Cache the result
+            cache.set(cacheKey, result, 7200); // 2 hours
+            return result;
+        }
+        // Try fallback paths if primary path failed
+        if (this.config.fallbackPaths && this.config.fallbackPaths.length > 0) {
+            logger.debug(`Primary path '${this.config.path}' not found, trying fallback paths...`);
+            for (const fallbackPath of this.config.fallbackPaths) {
+                logger.debug(`Trying fallback path: ${fallbackPath}`);
+                const fallbackResult = await this.tryGetFilesFromPath(identifier, fallbackPath);
+                if (fallbackResult.files.length > 0) {
+                    logger.info(`Memory bank found at fallback path: ${fallbackPath} (${fallbackResult.files.length} files)`);
+                    const result = {
+                        ...fallbackResult,
+                        resolvedPath: fallbackPath,
+                        fallbackUsed: true,
+                    };
+                    // Cache the result
+                    cache.set(cacheKey, result, 7200); // 2 hours
+                    return result;
+                }
+            }
+        }
+        // No memory bank found anywhere
+        logger.debug(`No memory bank found in primary path '${this.config.path}' or fallback paths`);
+        const emptyResult = {
+            files: [],
+            resolvedPath: "",
+            filesProcessed: 0,
+            fallbackUsed: false,
+        };
+        // Cache empty result for shorter time to allow for quick retry
+        cache.set(cacheKey, emptyResult, 1800); // 30 minutes
+        return emptyResult;
+    }
+    /**
+     * Try to get files from a specific path
+     */
+    async tryGetFilesFromPath(identifier, path) {
+        try {
+            // Get directory listing
+            const directoryFiles = await this.bitbucketProvider.listDirectoryContent(identifier.workspace, identifier.repository, path, identifier.branch || "main");
+            if (!directoryFiles.length) {
+                logger.debug(`No files found in directory: ${path}`);
+                return { files: [], filesProcessed: 0 };
+            }
+            // Filter to only files (not directories)
+            const files = directoryFiles.filter((f) => f.type === "file");
+            logger.debug(`Found ${files.length} files in ${path}`);
+            // Get content of each file
+            const memoryBankFiles = [];
+            for (const file of files) {
+                try {
+                    const content = await this.bitbucketProvider.getFileContent(identifier.workspace, identifier.repository, `${path}/${file.name}`, identifier.branch || "main");
+                    memoryBankFiles.push({
+                        name: file.name,
+                        content,
+                        path: `${path}/${file.name}`,
+                    });
+                    logger.debug(`✓ Loaded content for: ${file.name}`);
+                }
+                catch (error) {
+                    logger.debug(`Could not read file ${file.name}: ${error.message}`);
+                    // Continue with other files even if one fails
+                }
+            }
+            return {
+                files: memoryBankFiles,
+                filesProcessed: memoryBankFiles.length,
+            };
+        }
+        catch (error) {
+            logger.debug(`Failed to access path '${path}': ${error.message}`);
+            return { files: [], filesProcessed: 0 };
+        }
+    }
+    /**
+     * Get the effective memory bank path (resolved after fallback logic)
+     */
+    async getEffectiveMemoryBankPath(identifier) {
+        const result = await this.getMemoryBankFiles(identifier);
+        return result.resolvedPath || null;
+    }
+    /**
+     * Check if memory bank exists at any configured path
+     */
+    async hasMemoryBank(identifier) {
+        const result = await this.getMemoryBankFiles(identifier);
+        return result.files.length > 0;
+    }
+    /**
+     * Get memory bank configuration
+     */
+    getConfig() {
+        return { ...this.config };
+    }
+    /**
+     * Update memory bank configuration
+     */
+    updateConfig(newConfig) {
+        this.config = { ...this.config, ...newConfig };
+        this.validateConfig();
+        logger.debug("Memory bank configuration updated");
+    }
+    /**
+     * Validates that a path is safe for use as a relative path
+     * Protects against path traversal attacks including encoded variants
+     */
+    static isSafeRelativePath(path) {
+        if (!path || typeof path !== "string") {
+            return false;
+        }
+        // Reject empty or whitespace-only paths
+        if (path.trim().length === 0) {
+            return false;
+        }
+        // Reject excessively long paths
+        if (path.length > 1000) {
+            return false;
+        }
+        // Reject absolute paths (Unix-style)
+        if (path.startsWith("/")) {
+            return false;
+        }
+        // Reject absolute paths (Windows-style)
+        if (/^[a-zA-Z]:/.test(path)) {
+            return false;
+        }
+        // Reject UNC paths (Windows network paths)
+        if (path.startsWith("\\\\") || path.startsWith("//")) {
+            return false;
+        }
+        // Decode URL-encoded characters to catch encoded traversal attempts
+        let decodedPath = path;
+        try {
+            // Multiple rounds of decoding to catch double-encoded attacks
+            for (let i = 0; i < 3; i++) {
+                const previousPath = decodedPath;
+                decodedPath = decodeURIComponent(decodedPath);
+                if (decodedPath === previousPath) {
+                    break; // No more decoding needed
+                }
+            }
+        }
+        catch {
+            // If decoding fails, treat as suspicious
+            return false;
+        }
+        // Normalize Unicode characters
+        decodedPath = decodedPath.normalize("NFC");
+        // Check for null bytes (can be used to bypass filters)
+        if (decodedPath.includes("\0") || decodedPath.includes("%00")) {
+            return false;
+        }
+        // Normalize path separators to forward slashes
+        const normalizedPath = decodedPath.replace(/\\/g, "/");
+        // Check for path traversal sequences after normalization
+        if (normalizedPath.includes("../") || normalizedPath.includes("/..")) {
+            return false;
+        }
+        // Check for path traversal at the beginning or end
+        if (normalizedPath.startsWith("..") || normalizedPath.endsWith("..")) {
+            return false;
+        }
+        // Check for hidden traversal patterns
+        if (normalizedPath.includes("./..") || normalizedPath.includes("../.")) {
+            return false;
+        }
+        // Split path into segments and validate each
+        const segments = normalizedPath.split("/").filter(segment => segment.length > 0);
+        for (const segment of segments) {
+            // Reject any segment that is exactly ".."
+            if (segment === "..") {
+                return false;
+            }
+            // Reject segments that contain ".." anywhere
+            if (segment.includes("..")) {
+                return false;
+            }
+            // Allow segments that start with a single dot (like .memory-bank, .config)
+            // but reject multiple dots or suspicious patterns
+            if (segment.startsWith(".") && segment !== ".") {
+                // Allow single dot followed by alphanumeric/dash/underscore
+                if (!/^\.[\w-]+$/.test(segment)) {
+                    return false;
+                }
+            }
+            // Reject segments with control characters
+            // Check for control characters (0x00-0x1F and 0x7F)
+            for (let i = 0; i < segment.length; i++) {
+                const charCode = segment.charCodeAt(i);
+                if ((charCode >= 0 && charCode <= 31) || charCode === 127) {
+                    return false;
+                }
+            }
+        }
+        // Additional check: ensure the resolved path doesn't escape the base
+        // This is a final safety check using path resolution logic
+        const pathParts = segments.filter(part => part !== ".");
+        let depth = 0;
+        for (const part of pathParts) {
+            if (part === "..") {
+                depth--;
+                if (depth < 0) {
+                    return false; // Would escape the base directory
+                }
+            }
+            else {
+                depth++;
+            }
+        }
+        return true;
+    }
+    /**
+     * Validate memory bank configuration
+     */
+    validateConfig() {
+        if (!this.config.path) {
+            throw new ConfigurationError("Memory bank path must be specified when memory bank is enabled");
+        }
+        if (!MemoryBankManager.isSafeRelativePath(this.config.path)) {
+            throw new ConfigurationError(`Memory bank path is unsafe or contains path traversal: ${this.config.path}`);
+        }
+        // Validate fallback paths
+        if (this.config.fallbackPaths) {
+            for (const fallbackPath of this.config.fallbackPaths) {
+                if (!MemoryBankManager.isSafeRelativePath(fallbackPath)) {
+                    throw new ConfigurationError(`Memory bank fallback path is unsafe or contains path traversal: ${fallbackPath}`);
+                }
+            }
+        }
+        logger.debug("Memory bank configuration validated successfully");
+    }
+    /**
+     * Clear memory bank cache for a specific repository
+     */
+    clearCache(identifier) {
+        const patterns = [
+            `memory-bank:${identifier.workspace}:${identifier.repository}:*`,
+            `project-context:${identifier.workspace}:${identifier.repository}:*`,
+        ];
+        patterns.forEach((pattern) => {
+            cache.invalidatePattern(pattern);
+        });
+        logger.debug(`Memory bank cache cleared for ${identifier.workspace}/${identifier.repository}`);
+    }
+    /**
+     * Get memory bank statistics
+     */
+    async getStats(identifier) {
+        const result = await this.getMemoryBankFiles(identifier);
+        const cacheStats = cache.stats();
+        return {
+            enabled: this.config.enabled,
+            primaryPath: this.config.path,
+            fallbackPaths: this.config.fallbackPaths || [],
+            hasMemoryBank: result.files.length > 0,
+            resolvedPath: result.resolvedPath || null,
+            fileCount: result.files.length,
+            cacheHits: cacheStats.hits,
+        };
+    }
+}
+// Export factory function
+export function createMemoryBankManager(config, bitbucketProvider) {
+    return new MemoryBankManager(config, bitbucketProvider);
+}
+//# sourceMappingURL=MemoryBankManager.js.map

package/dist/utils/ProviderLimits.d.ts

@@ -0,0 +1,58 @@
+/**
+ * Provider Token Limits Utility
+ * Centralized management of AI provider token limits and validation
+ */
+/**
+ * AI Provider types supported by the system
+ */
+export type AIProvider = 'vertex' | 'google-ai' | 'gemini' | 'openai' | 'gpt-4' | 'anthropic' | 'claude' | 'azure' | 'bedrock' | 'auto';
+/**
+ * Provider token limits configuration
+ * These limits are conservative values to avoid API errors
+ */
+export declare const PROVIDER_TOKEN_LIMITS: Record<AIProvider, number>;
+/**
+ * Conservative limits used by CodeReviewer for safety
+ * These are slightly lower than the actual limits to provide buffer
+ */
+export declare const CONSERVATIVE_PROVIDER_LIMITS: Record<AIProvider, number>;
+/**
+ * Get the token limit for a specific provider
+ * @param provider - The AI provider name
+ * @param conservative - Whether to use conservative limits (default: false)
+ * @returns The token limit for the provider
+ */
+export declare function getProviderTokenLimit(provider: string, conservative?: boolean): number;
+/**
+ * Validate and adjust token limit for a provider
+ * @param provider - The AI provider name
+ * @param configuredTokens - The configured token limit
+ * @param conservative - Whether to use conservative limits (default: false)
+ * @returns The validated and potentially adjusted token limit
+ */
+export declare function validateProviderTokenLimit(provider: string, configuredTokens: number | undefined, conservative?: boolean): number;
+/**
+ * Get all supported providers
+ * @returns Array of supported provider names
+ */
+export declare function getSupportedProviders(): AIProvider[];
+/**
+ * Check if a provider is supported
+ * @param provider - The provider name to check
+ * @returns True if the provider is supported
+ */
+export declare function isProviderSupported(provider: string): boolean;
+/**
+ * Get provider information including limits and support status
+ * @param provider - The provider name
+ * @param conservative - Whether to use conservative limits
+ * @returns Provider information object
+ */
+export declare function getProviderInfo(provider: string, conservative?: boolean): {
+    provider: string;
+    isSupported: boolean;
+    tokenLimit: number;
+    conservativeLimit: number;
+    standardLimit: number;
+};
+//# sourceMappingURL=ProviderLimits.d.ts.map

package/dist/utils/ProviderLimits.js

@@ -0,0 +1,143 @@
+/**
+ * Provider Token Limits Utility
+ * Centralized management of AI provider token limits and validation
+ */
+import { logger } from "./Logger.js";
+/**
+ * Provider token limits configuration
+ * These limits are conservative values to avoid API errors
+ */
+export const PROVIDER_TOKEN_LIMITS = {
+    // Google/Vertex AI providers
+    'vertex': 65536, // Vertex AI limit is 65537 exclusive = 65536 max
+    'google-ai': 65536, // Google AI Studio limit
+    'gemini': 65536, // Gemini model limit
+    // OpenAI providers
+    'openai': 128000, // OpenAI GPT-4 and newer models
+    'gpt-4': 128000, // GPT-4 specific limit
+    // Anthropic providers
+    'anthropic': 200000, // Claude models limit
+    'claude': 200000, // Claude specific limit
+    // Microsoft Azure
+    'azure': 128000, // Azure OpenAI limit
+    // AWS Bedrock
+    'bedrock': 100000, // AWS Bedrock limit
+    // Auto-selection mode (conservative default)
+    'auto': 60000, // Conservative default for auto-selection
+};
+/**
+ * Conservative limits used by CodeReviewer for safety
+ * These are slightly lower than the actual limits to provide buffer
+ */
+export const CONSERVATIVE_PROVIDER_LIMITS = {
+    'vertex': 65536,
+    'google-ai': 65536,
+    'gemini': 65536,
+    'openai': 120000, // Slightly lower for safety
+    'gpt-4': 120000,
+    'anthropic': 190000, // Slightly lower for safety
+    'claude': 190000,
+    'azure': 120000,
+    'bedrock': 95000, // Significantly lower for safety
+    'auto': 60000,
+};
+/**
+ * Get the token limit for a specific provider
+ * @param provider - The AI provider name
+ * @param conservative - Whether to use conservative limits (default: false)
+ * @returns The token limit for the provider
+ */
+export function getProviderTokenLimit(provider, conservative = false) {
+    // Handle null, undefined, or empty string
+    if (!provider || typeof provider !== 'string') {
+        return conservative ? CONSERVATIVE_PROVIDER_LIMITS.auto : PROVIDER_TOKEN_LIMITS.auto;
+    }
+    const normalizedProvider = provider.toLowerCase();
+    const limits = conservative ? CONSERVATIVE_PROVIDER_LIMITS : PROVIDER_TOKEN_LIMITS;
+    // Handle empty string after normalization
+    if (normalizedProvider === '') {
+        return conservative ? CONSERVATIVE_PROVIDER_LIMITS.auto : PROVIDER_TOKEN_LIMITS.auto;
+    }
+    // Direct match
+    if (normalizedProvider in limits) {
+        return limits[normalizedProvider];
+    }
+    // Partial match - check if provider contains any known provider name
+    for (const [key, limit] of Object.entries(limits)) {
+        if (normalizedProvider.includes(key) || key.includes(normalizedProvider)) {
+            return limit;
+        }
+    }
+    // Default fallback
+    return conservative ? CONSERVATIVE_PROVIDER_LIMITS.auto : PROVIDER_TOKEN_LIMITS.auto;
+}
+/**
+ * Validate and adjust token limit for a provider
+ * @param provider - The AI provider name
+ * @param configuredTokens - The configured token limit
+ * @param conservative - Whether to use conservative limits (default: false)
+ * @returns The validated and potentially adjusted token limit
+ */
+export function validateProviderTokenLimit(provider, configuredTokens, conservative = false) {
+    const providerLimit = getProviderTokenLimit(provider, conservative);
+    if (!configuredTokens || configuredTokens <= 0) {
+        logger.debug(`No configured tokens for ${provider}, using provider default: ${providerLimit}`);
+        return providerLimit;
+    }
+    if (configuredTokens > providerLimit) {
+        logger.warn(`Configured maxTokens (${configuredTokens}) exceeds ${provider} limit (${providerLimit}). Adjusting to ${providerLimit}.`);
+        return providerLimit;
+    }
+    logger.debug(`Token limit validation passed: ${configuredTokens} <= ${providerLimit} for provider ${provider}`);
+    return configuredTokens;
+}
+/**
+ * Get all supported providers
+ * @returns Array of supported provider names
+ */
+export function getSupportedProviders() {
+    return Object.keys(PROVIDER_TOKEN_LIMITS);
+}
+/**
+ * Check if a provider is supported
+ * @param provider - The provider name to check
+ * @returns True if the provider is supported
+ */
+export function isProviderSupported(provider) {
+    // Handle null, undefined, or empty string
+    if (!provider || typeof provider !== 'string') {
+        return false;
+    }
+    const normalizedProvider = provider.toLowerCase();
+    // Handle empty string after normalization
+    if (normalizedProvider === '') {
+        return false;
+    }
+    // Check direct match
+    if (normalizedProvider in PROVIDER_TOKEN_LIMITS) {
+        return true;
+    }
+    // Check partial match
+    for (const key of Object.keys(PROVIDER_TOKEN_LIMITS)) {
+        if (normalizedProvider.includes(key) || key.includes(normalizedProvider)) {
+            return true;
+        }
+    }
+    return false;
+}
+/**
+ * Get provider information including limits and support status
+ * @param provider - The provider name
+ * @param conservative - Whether to use conservative limits
+ * @returns Provider information object
+ */
+export function getProviderInfo(provider, conservative = false) {
+    return {
+        provider,
+        isSupported: isProviderSupported(provider),
+        tokenLimit: getProviderTokenLimit(provider, conservative),
+        conservativeLimit: getProviderTokenLimit(provider, true),
+        standardLimit: getProviderTokenLimit(provider, false),
+    };
+}
+//# sourceMappingURL=ProviderLimits.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@juspay/yama",
-  "version": "1.1.1",
+  "version": "1.2.0",
   "description": "Enterprise-grade Pull Request automation toolkit with AI-powered code review and description enhancement",
   "keywords": [
     "pr",

package/yama.config.example.yaml

@@ -7,7 +7,7 @@ providers:
     provider: "auto" # Options: auto, google-ai, openai, anthropic, azure, bedrock
     model: "best" # Model name or "best" for auto-selection
     temperature: 0.3 # Lower = more focused (0.0-1.0)
-    maxTokens: 2000000 # Maximum tokens for response
+    maxTokens: 60000 # Maximum tokens for response (provider-aware limits will be applied automatically)
     timeout: "15m" # Timeout for AI operations
     enableAnalytics: true
     enableEvaluation: false
@@ -141,3 +141,12 @@ monitoring:
   metrics: ["api_calls", "cache_hits", "processing_time"]
   exportFormat: "prometheus"
   interval: "1m"
+
+# Memory Bank Configuration
+memoryBank:
+  enabled: true
+  path: "memory-bank"  # Primary path to look for memory bank files
+  fallbackPaths:       # Optional fallback paths if primary doesn't exist
+    - "docs/memory-bank"
+    - ".memory-bank"
+    - "project-docs/context"