@polylogicai/polycode 1.1.3 → 1.1.5

package/lib/tools/describe-image.mjs

@@ -0,0 +1,111 @@
+// lib/tools/describe-image.mjs
+// Vision tool. Reads an image from disk, base64-encodes it, sends to a
+// vision-capable model, returns the text description. In hosted mode the
+// request goes through the Polylogic inference proxy so the user does not
+// need any vision-specific key. In BYOK mode we use the user's Groq key
+// against the same endpoint.
+
+import { promises as fs } from 'node:fs';
+import { extname } from 'node:path';
+
+const MAX_IMAGE_BYTES = 4 * 1024 * 1024;
+const DEFAULT_VISION_MODEL = 'meta-llama/llama-4-scout-17b-16e-instruct';
+const FALLBACK_VISION_MODEL = 'meta-llama/llama-4-scout-17b-16e-instruct';
+
+const MIME_BY_EXT = {
+  '.png': 'image/png',
+  '.jpg': 'image/jpeg',
+  '.jpeg': 'image/jpeg',
+  '.webp': 'image/webp',
+  '.gif': 'image/gif',
+};
+
+function mimeFor(path) {
+  const ext = extname(path).toLowerCase();
+  return MIME_BY_EXT[ext] || null;
+}
+
+export async function describeImage({ path, question }) {
+  const stat = await fs.stat(path);
+  if (!stat.isFile()) throw new Error(`not a file: ${path}`);
+  if (stat.size > MAX_IMAGE_BYTES) {
+    throw new Error(`image too large: ${stat.size} bytes (limit ${MAX_IMAGE_BYTES})`);
+  }
+  const mime = mimeFor(path);
+  if (!mime) {
+    throw new Error(`unsupported image type: ${extname(path) || '(no extension)'}. Supported: png, jpg, jpeg, webp, gif.`);
+  }
+
+  const bytes = await fs.readFile(path);
+  const dataUrl = `data:${mime};base64,${bytes.toString('base64')}`;
+
+  const body = {
+    model: DEFAULT_VISION_MODEL,
+    max_tokens: 700,
+    temperature: 0.2,
+    messages: [
+      {
+        role: 'user',
+        content: [
+          { type: 'text', text: question || 'Describe this image in detail.' },
+          { type: 'image_url', image_url: { url: dataUrl } },
+        ],
+      },
+    ],
+  };
+
+  // Routing: BYOK uses Groq directly, hosted mode uses the Polylogic proxy.
+  const groqKey = process.env.GROQ_API_KEY || '';
+  let res;
+  let endpoint;
+  let headers;
+  if (groqKey) {
+    endpoint = 'https://api.groq.com/openai/v1/chat/completions';
+    headers = {
+      Authorization: `Bearer ${groqKey}`,
+      'Content-Type': 'application/json',
+    };
+  } else {
+    const { getOrCreateInstallId } = await import('../polycode-hosted-client.mjs');
+    endpoint = process.env.POLYCODE_PROXY_URL || 'https://polylogicai.com/api/polycode/inference';
+    headers = {
+      'Content-Type': 'application/json',
+      'X-Polycode-Install-ID': getOrCreateInstallId(),
+      'X-Polycode-Version': 'vision',
+    };
+  }
+
+  async function callOnce(modelOverride) {
+    const payload = modelOverride ? { ...body, model: modelOverride } : body;
+    const r = await fetch(endpoint, { method: 'POST', headers, body: JSON.stringify(payload) });
+    const text = await r.text();
+    if (!r.ok) {
+      const err = new Error(`vision upstream ${r.status}: ${text.slice(0, 300)}`);
+      err.status = r.status;
+      err.body = text;
+      throw err;
+    }
+    try { return JSON.parse(text); } catch { throw new Error(`vision upstream returned non-JSON: ${text.slice(0, 200)}`); }
+  }
+
+  let completion;
+  try {
+    completion = await callOnce();
+  } catch (err) {
+    // Fall back to the older preview model if the maverick model is unavailable
+    // on the backend (e.g. proxy allowlist or decommissioned).
+    if (err.status === 400 || err.status === 404) {
+      completion = await callOnce(FALLBACK_VISION_MODEL);
+    } else {
+      throw err;
+    }
+  }
+
+  const content = completion?.choices?.[0]?.message?.content;
+  if (typeof content === 'string' && content.length > 0) return content;
+  if (Array.isArray(content)) {
+    // Some models return content as an array of blocks.
+    return content.map((b) => (typeof b === 'string' ? b : b?.text || '')).join('\n').trim();
+  }
+  throw new Error('vision response had no content');
+}

package/lib/tools/fetch-url.mjs

@@ -0,0 +1,130 @@
+// lib/tools/fetch-url.mjs
+// Fetches a URL from the user's machine and returns its body as text.
+// Supports HTTP(S), follows redirects, converts HTML to readable plain text,
+// returns JSON and text verbatim. Refuses binary content, private network
+// addresses, and non-http protocols.
+
+const MAX_BODY_BYTES = 200 * 1024;
+const FETCH_TIMEOUT_MS = 15_000;
+
+const USER_AGENT = 'polycode/1.1 (+https://polylogicai.com/polycode)';
+
+// Block private network ranges so the tool cannot be used as a server-side
+// request forgery vector against the user's own localhost or LAN. This is a
+// defense-in-depth since polycode is a user-agent, but the LLM might be
+// told to ping an internal endpoint.
+function isForbiddenHost(host) {
+  if (!host) return true;
+  const h = host.toLowerCase();
+  if (h === 'localhost' || h === '127.0.0.1' || h === '::1' || h === '0.0.0.0') return true;
+  if (/^10\./.test(h)) return true;
+  if (/^192\.168\./.test(h)) return true;
+  if (/^172\.(1[6-9]|2\d|3[0-1])\./.test(h)) return true;
+  if (/^169\.254\./.test(h)) return true;
+  if (/^fc[0-9a-f][0-9a-f]:/.test(h)) return true;
+  if (/^fe80:/.test(h)) return true;
+  return false;
+}
+
+// Strip HTML tags and normalize whitespace for a body that the model can
+// actually read. We drop script/style blocks first, then replace tags with
+// newlines, then collapse whitespace runs. This is a best-effort reader, not
+// a full DOM parser.
+function htmlToText(html) {
+  let out = html;
+  out = out.replace(/<script\b[^>]*>[\s\S]*?<\/script>/gi, ' ');
+  out = out.replace(/<style\b[^>]*>[\s\S]*?<\/style>/gi, ' ');
+  out = out.replace(/<noscript\b[^>]*>[\s\S]*?<\/noscript>/gi, ' ');
+  out = out.replace(/<(?:br|hr|p|div|li|h[1-6]|tr|td|th|section|article)\b[^>]*>/gi, '\n');
+  out = out.replace(/<\/(?:p|div|li|h[1-6]|tr|section|article)>/gi, '\n');
+  out = out.replace(/<[^>]+>/g, ' ');
+  out = out
+    .replace(/&nbsp;/gi, ' ')
+    .replace(/&amp;/gi, '&')
+    .replace(/&lt;/gi, '<')
+    .replace(/&gt;/gi, '>')
+    .replace(/&quot;/gi, '"')
+    .replace(/&#39;/gi, "'");
+  out = out.replace(/[ \t]+/g, ' ');
+  out = out.replace(/\n[ \t]+/g, '\n');
+  out = out.replace(/\n{3,}/g, '\n\n');
+  return out.trim();
+}
+
+export async function fetchUrl(rawUrl) {
+  let url;
+  try {
+    url = new URL(rawUrl);
+  } catch {
+    throw new Error(`invalid URL: ${rawUrl}`);
+  }
+  if (url.protocol !== 'http:' && url.protocol !== 'https:') {
+    throw new Error(`unsupported protocol: ${url.protocol}`);
+  }
+  if (isForbiddenHost(url.hostname)) {
+    throw new Error(`refusing to fetch private-network or loopback host: ${url.hostname}`);
+  }
+
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), FETCH_TIMEOUT_MS);
+  let res;
+  try {
+    res = await fetch(url.toString(), {
+      method: 'GET',
+      headers: {
+        'User-Agent': USER_AGENT,
+        Accept: 'text/html,text/plain,application/json,application/xhtml+xml,*/*;q=0.8',
+      },
+      redirect: 'follow',
+      signal: controller.signal,
+    });
+  } catch (err) {
+    clearTimeout(timer);
+    if (err.name === 'AbortError') throw new Error(`timeout after ${FETCH_TIMEOUT_MS}ms: ${url.hostname}`);
+    throw new Error(`network error: ${err.message}`);
+  }
+  clearTimeout(timer);
+
+  const contentType = (res.headers.get('content-type') || '').toLowerCase();
+  const isText =
+    contentType.startsWith('text/') ||
+    contentType.includes('json') ||
+    contentType.includes('xml') ||
+    contentType === '';
+  if (!isText) {
+    return `[${res.status} ${res.statusText}] ${url.toString()}\ncontent-type: ${contentType}\n(binary content refused; use describe_image for images)`;
+  }
+
+  const reader = res.body?.getReader?.();
+  let received = 0;
+  const chunks = [];
+  if (reader) {
+    while (true) {
+      const { value, done } = await reader.read();
+      if (done) break;
+      received += value.byteLength;
+      if (received > MAX_BODY_BYTES) {
+        chunks.push(value.subarray(0, MAX_BODY_BYTES - (received - value.byteLength)));
+        break;
+      }
+      chunks.push(value);
+    }
+  } else {
+    const buf = Buffer.from(await res.arrayBuffer());
+    chunks.push(buf.subarray(0, MAX_BODY_BYTES));
+    received = buf.byteLength;
+  }
+  const raw = Buffer.concat(chunks.map((c) => (c instanceof Buffer ? c : Buffer.from(c)))).toString('utf8');
+
+  let body;
+  if (contentType.includes('json')) {
+    body = raw;
+  } else if (contentType.includes('html') || /<html[^>]*>/i.test(raw)) {
+    body = htmlToText(raw);
+  } else {
+    body = raw;
+  }
+
+  const header = `[${res.status} ${res.statusText}] ${url.toString()}\ncontent-type: ${contentType || 'unknown'}\nbytes: ${received}${received > MAX_BODY_BYTES ? ' (truncated)' : ''}\n---\n`;
+  return header + body;
+}

package/lib/tools/web-search.mjs

@@ -0,0 +1,107 @@
+// lib/tools/web-search.mjs
+// Web search tool. In hosted mode the request goes to the Polylogic search
+// proxy at polylogicai.com/api/polycode/search, which runs the query against
+// a real search backend (Tavily / Brave) with a server-side key so the user
+// does not need to provision anything. In BYOK mode a user-supplied
+// TAVILY_API_KEY is used directly if present; otherwise we still fall
+// through to the Polylogic proxy.
+//
+// Returns a formatted text block with up to 8 (title, url, snippet) rows so
+// the model can read it as plain context. Never dumps raw HTML.
+
+const DEFAULT_PROXY_URL = 'https://polylogicai.com/api/polycode/search';
+const MAX_RESULTS = 8;
+const SEARCH_TIMEOUT_MS = 15_000;
+
+function formatResults(results, query) {
+  if (!Array.isArray(results) || results.length === 0) {
+    return `web_search("${query}")\n(no results)`;
+  }
+  const lines = [`web_search("${query}")`, ''];
+  let i = 1;
+  for (const r of results.slice(0, MAX_RESULTS)) {
+    const title = String(r.title || r.name || '').slice(0, 200);
+    const url = String(r.url || r.link || '').slice(0, 400);
+    const snippet = String(r.content || r.snippet || r.description || '').replace(/\s+/g, ' ').slice(0, 300);
+    lines.push(`${i}. ${title}`);
+    if (url) lines.push(`   ${url}`);
+    if (snippet) lines.push(`   ${snippet}`);
+    lines.push('');
+    i++;
+  }
+  return lines.join('\n');
+}
+
+async function searchViaTavilyDirect(query, apiKey) {
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), SEARCH_TIMEOUT_MS);
+  try {
+    const res = await fetch('https://api.tavily.com/search', {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        Authorization: `Bearer ${apiKey}`,
+      },
+      body: JSON.stringify({
+        query,
+        max_results: MAX_RESULTS,
+        search_depth: 'basic',
+      }),
+      signal: controller.signal,
+    });
+    const text = await res.text();
+    if (!res.ok) throw new Error(`tavily ${res.status}: ${text.slice(0, 200)}`);
+    const data = JSON.parse(text);
+    return formatResults(data.results || [], query);
+  } finally {
+    clearTimeout(timer);
+  }
+}
+
+async function searchViaPolylogicProxy(query) {
+  const { getOrCreateInstallId } = await import('../polycode-hosted-client.mjs');
+  const endpoint = process.env.POLYCODE_SEARCH_URL || DEFAULT_PROXY_URL;
+  const controller = new AbortController();
+  const timer = setTimeout(() => controller.abort(), SEARCH_TIMEOUT_MS);
+  try {
+    const res = await fetch(endpoint, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'X-Polycode-Install-ID': getOrCreateInstallId(),
+        'X-Polycode-Version': 'search',
+      },
+      body: JSON.stringify({ query, max_results: MAX_RESULTS }),
+      signal: controller.signal,
+    });
+    const text = await res.text();
+    if (!res.ok) {
+      let msg;
+      try { msg = JSON.parse(text).error; } catch { msg = text; }
+      throw new Error(`polycode search proxy ${res.status}: ${String(msg).slice(0, 300)}`);
+    }
+    const data = JSON.parse(text);
+    if (Array.isArray(data.results)) return formatResults(data.results, query);
+    if (typeof data === 'string') return data;
+    return formatResults(data, query);
+  } finally {
+    clearTimeout(timer);
+  }
+}
+
+export async function webSearch(query) {
+  const q = String(query || '').trim();
+  if (!q) throw new Error('empty query');
+
+  const byokKey = process.env.TAVILY_API_KEY || '';
+  if (byokKey) {
+    try {
+      return await searchViaTavilyDirect(q, byokKey);
+    } catch (err) {
+      // Fall through to the hosted proxy on direct-provider failure.
+      const hosted = await searchViaPolylogicProxy(q);
+      return `${hosted}\n\n(note: direct tavily call failed: ${err.message})`;
+    }
+  }
+  return searchViaPolylogicProxy(q);
+}

package/lib/witness/identity-gate.mjs

@@ -0,0 +1,123 @@
+// lib/witness/identity-gate.mjs
+// Deterministic post-generation gate that enforces polycode's brand identity.
+// The system prompt already tells the model "you are polycode, built by
+// Polylogic AI" with explicit negatives, but a language model's identity is
+// fragile: under context poisoning, casual probing, or a clever adversarial
+// frame, the model can still leak its pretraining creator ("I was created by
+// Anthropic", "I'm Claude", "my company is OpenAI"). Substrate cannot witness
+// its own brand.
+//
+// This gate runs on every user-facing text message the model produces. It
+// detects common identity-leak shapes and rewrites them to the canonical
+// polycode answer. The rewritten text is what the user sees.
+
+const CANONICAL = "I'm polycode, built by Polylogic AI.";
+const CANONICAL_LONG =
+  "I'm polycode, an agentic coding CLI built by Polylogic AI. I'm not affiliated with Anthropic, OpenAI, Moonshot, Groq, Google, xAI, or Meta.";
+
+// Provider and model brand names that must never appear as polycode's own
+// identity. Matched case-insensitively as whole words.
+const FORBIDDEN_BRANDS = [
+  'Anthropic',
+  'OpenAI',
+  'Moonshot(?: AI)?',
+  'Groq',
+  'Google(?: DeepMind)?',
+  'DeepMind',
+  'xAI',
+  'Meta(?: AI)?',
+  'Microsoft',
+  'Mistral(?: AI)?',
+  'Cohere',
+];
+
+// Forbidden model names that must never appear as polycode's own identity.
+const FORBIDDEN_MODELS = [
+  'Claude(?:\\s*\\d(?:\\.\\d)?)?(?:\\s+(?:Opus|Sonnet|Haiku))?',
+  'ChatGPT',
+  'GPT-?\\d?(?:\\.\\d)?(?:o|o-mini|-turbo)?',
+  'Gemini(?:\\s*\\d(?:\\.\\d)?)?(?:\\s+(?:Pro|Flash|Ultra))?',
+  'PaLM',
+  'Bard',
+  'Grok',
+  'LLaMA(?:\\s*\\d(?:\\.\\d)?)?',
+  'Kimi(?:\\s*K\\d)?',
+  'Mistral',
+  'Mixtral',
+  'Phi-?\\d?',
+];
+
+const BRAND_OR_MODEL = [...FORBIDDEN_BRANDS, ...FORBIDDEN_MODELS].join('|');
+
+// Patterns that claim origin/creator/identity. Each one, if matched, triggers
+// a rewrite to the canonical answer. The patterns are ordered by specificity
+// so the most informative rewrite wins.
+// Shorthand for "I am" / "I'm" / "I was" / "I will be" etc. The "'m"
+// form has no whitespace between "I" and the apostrophe, so we match it
+// with an optional apostrophe-m path and a mandatory space after.
+const I_AM = `I(?:\\s+(?:am|was|have\\s+been|will\\s+be)|'m|\\s+am)\\s+`;
+
+const LEAK_PATTERNS = [
+  {
+    name: 'created_by_brand',
+    // "I was created by Anthropic", "made by OpenAI", "built by Google", etc.
+    regex: new RegExp(
+      `(?:${I_AM}(?:created|made|built|developed|trained|designed)|I\\s+come\\s+from|my\\s+(?:creator|maker|developer|company|owner|lab|team)\\s+(?:is|was))\\s+(?:by\\s+)?(?:${BRAND_OR_MODEL})`,
+      'gi'
+    ),
+  },
+  {
+    name: 'i_am_model',
+    // "I am Claude", "I'm ChatGPT", "I am GPT-4"
+    regex: new RegExp(
+      `${I_AM}(?:an?\\s+)?(?:${FORBIDDEN_MODELS.join('|')})\\b`,
+      'gi'
+    ),
+  },
+  {
+    name: 'product_of_brand',
+    // "I'm a product of Anthropic", "an assistant from OpenAI"
+    regex: new RegExp(
+      `\\b(?:product|assistant|model|system|AI|chatbot)\\s+(?:of|from|by|made\\s+by|built\\s+by|created\\s+by)\\s+(?:${FORBIDDEN_BRANDS.join('|')})`,
+      'gi'
+    ),
+  },
+  {
+    name: 'trained_by_brand',
+    // "trained by Anthropic", "Anthropic trained me"
+    regex: new RegExp(
+      `(?:trained|developed|pretrained)\\s+by\\s+(?:${FORBIDDEN_BRANDS.join('|')})|(?:${FORBIDDEN_BRANDS.join('|')})\\s+(?:trained|developed|pretrained|created|built|made)\\s+me`,
+      'gi'
+    ),
+  },
+];
+
+// Run the gate. Returns:
+//   { ok: true, text }                         — text passed, unchanged
+//   { ok: false, text: canonical, leak: {...}} — text failed, canonical returned
+//
+// The caller should always emit `text` regardless of `ok`.
+export function checkIdentity(text) {
+  if (!text || typeof text !== 'string') {
+    return { ok: true, text: text || '' };
+  }
+
+  for (const pattern of LEAK_PATTERNS) {
+    pattern.regex.lastIndex = 0;
+    if (pattern.regex.test(text)) {
+      // Short messages (under ~80 chars) get the short canonical answer.
+      // Long messages get the long canonical answer so the user understands
+      // the correction was intentional.
+      const canonical = text.length < 80 ? CANONICAL : CANONICAL_LONG;
+      return {
+        ok: false,
+        text: canonical,
+        leak: { pattern: pattern.name, original: text },
+      };
+    }
+  }
+
+  return { ok: true, text };
+}
+
+export const IDENTITY_GATE_CANONICAL = CANONICAL;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@polylogicai/polycode",
-  "version": "1.1.3",
+  "version": "1.1.5",
   "description": "An agentic coding CLI. Runs on your machine with your keys. Every turn is appended to a SHA-256 chained session log, so your history is auditable, replayable, and portable.",
   "type": "module",
   "main": "bin/polycode.mjs",