@probelabs/probe 0.6.0-rc178 → 0.6.0-rc187

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@probelabs/probe",
-  "version": "0.6.0-rc178",
+  "version": "0.6.0-rc187",
   "description": "Node.js wrapper for the probe code search tool",
   "main": "src/index.js",
   "module": "src/index.js",

package/src/agent/ProbeAgent.d.ts

@@ -19,6 +19,21 @@ export interface ProbeAgentOptions {
   allowEdit?: boolean;
   /** Enable the delegate tool for task distribution to subagents */
   enableDelegate?: boolean;
+  /** Enable bash tool for command execution */
+  enableBash?: boolean;
+  /** Bash tool configuration (allow/deny patterns) */
+  bashConfig?: {
+    /** Additional allowed command patterns */
+    allow?: string[];
+    /** Additional denied command patterns */
+    deny?: string[];
+    /** Disable default allow list */
+    disableDefaultAllow?: boolean;
+    /** Disable default deny list */
+    disableDefaultDeny?: boolean;
+    /** Enable debug logging for permission checks */
+    debug?: boolean;
+  };
   /** Search directory path */
   path?: string;
   /** Force specific AI provider */

package/src/agent/ProbeAgent.js

@@ -2372,31 +2372,41 @@ When troubleshooting:
 
         // Parse tool call from response with valid tools list
         // Build validTools based on allowedTools configuration (same pattern as getSystemMessage)
+        // When _disableTools is set, only allow attempt_completion for JSON correction flows
         const validTools = [];
-        if (this.allowedTools.isEnabled('search')) validTools.push('search');
-        if (this.allowedTools.isEnabled('query')) validTools.push('query');
-        if (this.allowedTools.isEnabled('extract')) validTools.push('extract');
-        if (this.allowedTools.isEnabled('listFiles')) validTools.push('listFiles');
-        if (this.allowedTools.isEnabled('searchFiles')) validTools.push('searchFiles');
-        if (this.allowedTools.isEnabled('readImage')) validTools.push('readImage');
-        if (this.allowedTools.isEnabled('attempt_completion')) validTools.push('attempt_completion');
-
-        // Edit tools (require both allowEdit flag AND allowedTools permission)
-        if (this.allowEdit && this.allowedTools.isEnabled('implement')) {
-          validTools.push('implement', 'edit', 'create');
-        }
-        // Bash tool (require both enableBash flag AND allowedTools permission)
-        if (this.enableBash && this.allowedTools.isEnabled('bash')) {
-          validTools.push('bash');
-        }
-        // Delegate tool (require both enableDelegate flag AND allowedTools permission)
-        if (this.enableDelegate && this.allowedTools.isEnabled('delegate')) {
-          validTools.push('delegate');
+        if (options._disableTools) {
+          // Only allow attempt_completion for JSON correction - no search/query/edit tools
+          validTools.push('attempt_completion');
+          if (this.debug) {
+            console.log(`[DEBUG] Tools disabled for this call - only attempt_completion allowed`);
+          }
+        } else {
+          if (this.allowedTools.isEnabled('search')) validTools.push('search');
+          if (this.allowedTools.isEnabled('query')) validTools.push('query');
+          if (this.allowedTools.isEnabled('extract')) validTools.push('extract');
+          if (this.allowedTools.isEnabled('listFiles')) validTools.push('listFiles');
+          if (this.allowedTools.isEnabled('searchFiles')) validTools.push('searchFiles');
+          if (this.allowedTools.isEnabled('readImage')) validTools.push('readImage');
+          if (this.allowedTools.isEnabled('attempt_completion')) validTools.push('attempt_completion');
+
+          // Edit tools (require both allowEdit flag AND allowedTools permission)
+          if (this.allowEdit && this.allowedTools.isEnabled('implement')) {
+            validTools.push('implement', 'edit', 'create');
+          }
+          // Bash tool (require both enableBash flag AND allowedTools permission)
+          if (this.enableBash && this.allowedTools.isEnabled('bash')) {
+            validTools.push('bash');
+          }
+          // Delegate tool (require both enableDelegate flag AND allowedTools permission)
+          if (this.enableDelegate && this.allowedTools.isEnabled('delegate')) {
+            validTools.push('delegate');
+          }
         }
-        
+
         // Try parsing with hybrid parser that supports both native and MCP tools
+        // When _disableTools is set, skip MCP tools entirely
         const nativeTools = validTools;
-        const parsedTool = this.mcpBridge
+        const parsedTool = (this.mcpBridge && !options._disableTools)
           ? parseHybridXmlToolCall(assistantResponseContent, nativeTools, this.mcpBridge)
           : parseXmlToolCallWithThinking(assistantResponseContent, validTools);
         if (parsedTool) {
@@ -2501,10 +2511,26 @@ When troubleshooting:
               // Execute native tool
               try {
                 // Add sessionId and workingDirectory to params for tool execution
+                // Validate and resolve workingDirectory
+                let resolvedWorkingDirectory = (this.allowedFolders && this.allowedFolders[0]) || process.cwd();
+                if (params.workingDirectory) {
+                  const requestedDir = resolve(params.workingDirectory);
+                  // Check if the requested directory is within allowed folders
+                  const isWithinAllowed = !this.allowedFolders || this.allowedFolders.length === 0 ||
+                    this.allowedFolders.some(folder => {
+                      const resolvedFolder = resolve(folder);
+                      return requestedDir === resolvedFolder || requestedDir.startsWith(resolvedFolder + sep);
+                    });
+                  if (isWithinAllowed) {
+                    resolvedWorkingDirectory = requestedDir;
+                  } else if (this.debug) {
+                    console.error(`[DEBUG] Rejected workingDirectory "${params.workingDirectory}" - not within allowed folders`);
+                  }
+                }
                 const toolParams = {
                   ...params,
                   sessionId: this.sessionId,
-                  workingDirectory: (this.allowedFolders && this.allowedFolders[0]) || process.cwd()
+                  workingDirectory: resolvedWorkingDirectory
                 };
 
                 // Log tool execution in debug mode
@@ -3148,7 +3174,8 @@ Convert your previous response content into actual JSON data that follows this s
               finalResult = await this.answer(correctionPrompt, [], {
                 ...options,
                 _schemaFormatted: true,
-                _skipValidation: true  // Skip validation in recursive correction calls to prevent loops
+                _skipValidation: true,  // Skip validation in recursive correction calls to prevent loops
+                _disableTools: true     // Only allow attempt_completion - prevent AI from using search/query tools
               });
               finalResult = cleanSchemaResponse(finalResult);
               

package/src/agent/bashCommandUtils.js

@@ -159,6 +159,69 @@ export function isComplexCommand(command) {
   return result.isComplex;
 }
 
+/**
+ * Check if a pattern is a complex pattern (contains shell operators)
+ * Complex patterns are used to match full command strings including operators
+ * @param {string} pattern - Pattern to check
+ * @returns {boolean} True if pattern contains shell operators
+ */
+export function isComplexPattern(pattern) {
+  if (!pattern || typeof pattern !== 'string') return false;
+
+  // Check for operators in the pattern (aligned with complexPatterns in parseSimpleCommand)
+  const operatorPatterns = [
+    /\|/,           // Pipes
+    /&&/,           // Logical AND
+    /\|\|/,         // Logical OR
+    /;/,            // Command separator
+    /&$/,           // Background execution
+    /\$\(/,         // Command substitution $()
+    /`/,            // Command substitution ``
+    />/,            // Redirection >
+    /</,            // Redirection <
+  ];
+
+  return operatorPatterns.some(p => p.test(pattern));
+}
+
+/**
+ * Convert a glob-style pattern to regex for matching
+ * Supports * as wildcard (matches any characters except operators)
+ * @param {string} pattern - Glob pattern
+ * @returns {RegExp} Compiled regex
+ */
+function globToRegex(pattern) {
+  // Escape regex special characters except *
+  let escaped = pattern.replace(/[.+?^${}()|[\]\\]/g, '\\$&');
+  // Convert * to .*? (non-greedy match)
+  escaped = escaped.replace(/\*/g, '.*?');
+  // Make it match the full string
+  return new RegExp('^' + escaped + '$', 'i');
+}
+
+/**
+ * Match a command string against a complex pattern
+ * Complex patterns use glob-style wildcards (*) for matching
+ * @param {string} command - Full command string
+ * @param {string} pattern - Complex pattern with wildcards
+ * @returns {boolean} True if command matches the pattern
+ */
+export function matchesComplexPattern(command, pattern) {
+  if (!command || !pattern) return false;
+
+  // Normalize whitespace
+  const normalizedCommand = command.trim().replace(/\s+/g, ' ');
+  const normalizedPattern = pattern.trim().replace(/\s+/g, ' ');
+
+  try {
+    const regex = globToRegex(normalizedPattern);
+    return regex.test(normalizedCommand);
+  } catch (e) {
+    // If regex fails, fall back to exact match
+    return normalizedCommand === normalizedPattern;
+  }
+}
+
 /**
  * Legacy compatibility function - parses command for permission checking
  * @param {string} command - Command to parse

package/src/agent/bashExecutor.js

@@ -6,7 +6,7 @@
 import { spawn } from 'child_process';
 import { resolve, join } from 'path';
 import { existsSync } from 'fs';
-import { parseCommandForExecution } from './bashCommandUtils.js';
+import { parseCommandForExecution, isComplexCommand } from './bashCommandUtils.js';
 
 /**
  * Execute a bash command with security controls
@@ -63,31 +63,46 @@ export async function executeBashCommand(command, options = {}) {
       ...env
     };
 
-    // Parse command for shell execution
-    // We use shell: false for security, so we need to parse manually
-    const args = parseCommandForExecution(command);
-    if (!args || args.length === 0) {
-      resolve({
-        success: false,
-        error: 'Failed to parse command',
-        stdout: '',
-        stderr: '',
-        exitCode: 1,
-        command,
-        workingDirectory: cwd,
-        duration: Date.now() - startTime
-      });
-      return;
-    }
+    // Check if this is a complex command (contains pipes, operators, etc.)
+    const isComplex = isComplexCommand(command);
 
-    const [cmd, ...cmdArgs] = args;
+    let cmd, cmdArgs, useShell;
+
+    if (isComplex) {
+      // For complex commands, use sh -c to execute through shell
+      // This is only reached if the permission checker allowed the complex command
+      cmd = 'sh';
+      cmdArgs = ['-c', command];
+      useShell = false; // We explicitly use sh -c, not spawn's shell option
+      if (debug) {
+        console.log(`[BashExecutor] Complex command - using sh -c`);
+      }
+    } else {
+      // Parse simple command for direct execution
+      const args = parseCommandForExecution(command);
+      if (!args || args.length === 0) {
+        resolve({
+          success: false,
+          error: 'Failed to parse command',
+          stdout: '',
+          stderr: '',
+          exitCode: 1,
+          command,
+          workingDirectory: cwd,
+          duration: Date.now() - startTime
+        });
+        return;
+      }
+      [cmd, ...cmdArgs] = args;
+      useShell = false;
+    }
 
     // Spawn the process
     const child = spawn(cmd, cmdArgs, {
       cwd,
       env: processEnv,
       stdio: ['ignore', 'pipe', 'pipe'], // stdin ignored, capture stdout/stderr
-      shell: false, // For security
+      shell: useShell, // false for security
       windowsHide: true
     });
 

package/src/agent/bashPermissions.js

@@ -4,7 +4,7 @@
  */
 
 import { DEFAULT_ALLOW_PATTERNS, DEFAULT_DENY_PATTERNS } from './bashDefaults.js';
-import { parseCommand, isComplexCommand } from './bashCommandUtils.js';
+import { parseCommand, isComplexCommand, isComplexPattern, matchesComplexPattern } from './bashCommandUtils.js';
 
 /**
  * Check if a pattern matches a parsed command
@@ -125,7 +125,7 @@ export class BashPermissionChecker {
   }
 
   /**
-   * Check if a simple command is allowed (rejects complex commands for security)
+   * Check if a simple command is allowed (complex commands allowed if they match patterns)
    * @param {string} command - Command to check
    * @returns {Object} Permission result
    */
@@ -138,19 +138,17 @@ export class BashPermissionChecker {
       };
     }
 
-    // First check if this is a complex command - reject immediately for security
-    if (isComplexCommand(command)) {
-      return {
-        allowed: false,
-        reason: 'Complex shell commands with pipes, operators, or redirections are not supported for security reasons',
-        command: command,
-        isComplex: true
-      };
+    // Check if this is a complex command
+    const commandIsComplex = isComplexCommand(command);
+
+    if (commandIsComplex) {
+      // For complex commands, check against complex patterns in allow/deny lists
+      return this._checkComplexCommand(command);
     }
 
     // Parse the simple command
     const parsed = parseCommand(command);
-    
+
     if (parsed.error) {
       return {
         allowed: false,
@@ -203,14 +201,77 @@ export class BashPermissionChecker {
       parsed: parsed,
       isComplex: false
     };
-    
+
     if (this.debug) {
       console.log(`[BashPermissions] ALLOWED - command passed all checks`);
     }
-    
+
     return result;
   }
 
+  /**
+   * Check a complex command against complex patterns in allow/deny lists
+   * @private
+   * @param {string} command - Complex command to check
+   * @returns {Object} Permission result
+   */
+  _checkComplexCommand(command) {
+    if (this.debug) {
+      console.log(`[BashPermissions] Checking complex command: "${command}"`);
+    }
+
+    // Get complex patterns from allow and deny lists
+    const complexAllowPatterns = this.allowPatterns.filter(p => isComplexPattern(p));
+    const complexDenyPatterns = this.denyPatterns.filter(p => isComplexPattern(p));
+
+    if (this.debug) {
+      console.log(`[BashPermissions] Complex allow patterns: ${complexAllowPatterns.length}`);
+      console.log(`[BashPermissions] Complex deny patterns: ${complexDenyPatterns.length}`);
+    }
+
+    // Check deny patterns first (deny takes precedence)
+    for (const pattern of complexDenyPatterns) {
+      if (matchesComplexPattern(command, pattern)) {
+        if (this.debug) {
+          console.log(`[BashPermissions] DENIED - matches complex deny pattern: ${pattern}`);
+        }
+        return {
+          allowed: false,
+          reason: `Command matches deny pattern: ${pattern}`,
+          command: command,
+          isComplex: true,
+          matchedPatterns: [pattern]
+        };
+      }
+    }
+
+    // Check allow patterns
+    for (const pattern of complexAllowPatterns) {
+      if (matchesComplexPattern(command, pattern)) {
+        if (this.debug) {
+          console.log(`[BashPermissions] ALLOWED - matches complex allow pattern: ${pattern}`);
+        }
+        return {
+          allowed: true,
+          command: command,
+          isComplex: true,
+          matchedPattern: pattern
+        };
+      }
+    }
+
+    // No matching complex pattern found - reject complex command
+    if (this.debug) {
+      console.log(`[BashPermissions] DENIED - no matching complex pattern found`);
+    }
+    return {
+      allowed: false,
+      reason: 'Complex shell commands require explicit allow patterns (e.g., "cd * && git *")',
+      command: command,
+      isComplex: true
+    };
+  }
+
   /**
    * Get configuration summary
    * @returns {Object} Configuration info

package/src/agent/index.js

@@ -520,7 +520,7 @@ class ProbeAgentMcpServer {
                 // Retry once with correction prompt
                 const correctionPrompt = createJsonCorrectionPrompt(result, schema, validation.error);
                 try {
-                  result = await agent.answer(correctionPrompt, [], { schema, _schemaFormatted: true });
+                  result = await agent.answer(correctionPrompt, [], { schema, _schemaFormatted: true, _disableTools: true });
                   result = cleanSchemaResponse(result);
                   
                   // Validate again after correction
@@ -863,11 +863,11 @@ async function main() {
             try {
               if (appTracer) {
                 result = await appTracer.withSpan('agent.json_correction',
-                  () => agent.answer(correctionPrompt, [], { schema, _schemaFormatted: true }),
+                  () => agent.answer(correctionPrompt, [], { schema, _schemaFormatted: true, _disableTools: true }),
                   { 'original_error': validation.error }
                 );
               } else {
-                result = await agent.answer(correctionPrompt, [], { schema, _schemaFormatted: true });
+                result = await agent.answer(correctionPrompt, [], { schema, _schemaFormatted: true, _disableTools: true });
               }
               result = cleanSchemaResponse(result);
               

package/src/agent/schemaUtils.js

@@ -787,21 +787,22 @@ export function createJsonCorrectionPrompt(invalidResponse, schema, errorOrValid
   }
 
   // Create increasingly stronger prompts based on retry attempt
+  // These prompts explicitly instruct the AI to use attempt_completion with the JSON result
   const strengthLevels = [
     {
       prefix: "CRITICAL JSON ERROR:",
-      instruction: "You MUST fix this and return ONLY valid JSON.",
-      emphasis: "Return ONLY the corrected JSON, with no additional text or markdown formatting."
+      instruction: "You MUST fix this and respond using attempt_completion with ONLY valid JSON as the result.",
+      emphasis: "Use attempt_completion with ONLY the corrected JSON in the result field. No explanatory text, no markdown, no code blocks."
     },
     {
       prefix: "URGENT - JSON PARSING FAILED:",
-      instruction: "This is your second chance. Return ONLY valid JSON that can be parsed by JSON.parse().",
-      emphasis: "ABSOLUTELY NO explanatory text, greetings, or formatting. ONLY JSON."
+      instruction: "This is your second chance. Use attempt_completion with valid JSON that can be parsed by JSON.parse().",
+      emphasis: "ABSOLUTELY NO explanatory text or formatting. Use attempt_completion with ONLY raw JSON in the result."
     },
     {
       prefix: "FINAL ATTEMPT - CRITICAL JSON ERROR:",
-      instruction: "This is the final retry. You MUST return ONLY raw JSON without any other content.",
-      emphasis: "EXAMPLE: {\"key\": \"value\"} NOT: ```json{\"key\": \"value\"}``` NOT: Here is the JSON: {\"key\": \"value\"}"
+      instruction: "This is the final retry. You MUST use attempt_completion with ONLY raw JSON in the result field.",
+      emphasis: "CORRECT: <attempt_completion><result>{\"key\": \"value\"}</result></attempt_completion>\nWRONG: Here is the JSON: {\"key\": \"value\"}\nWRONG: ```json{\"key\": \"value\"}```"
     }
   ];
 

package/src/delegate.js

@@ -176,6 +176,8 @@ const delegationManager = new DelegationManager();
  * @param {string} [options.provider] - AI provider (inherited from parent)
  * @param {string} [options.model] - AI model (inherited from parent)
  * @param {Object} [options.tracer=null] - Telemetry tracer instance
+ * @param {boolean} [options.enableBash=false] - Enable bash tool (inherited from parent)
+ * @param {Object} [options.bashConfig] - Bash configuration (inherited from parent)
  * @returns {Promise<string>} The response from the delegate agent
  */
 export async function delegate({
@@ -188,7 +190,9 @@ export async function delegate({
 	parentSessionId = null,
 	path = null,
 	provider = null,
-	model = null
+	model = null,
+	enableBash = false,
+	bashConfig = null
 }) {
 	if (!task || typeof task !== 'string') {
 		throw new Error('Task parameter is required and must be a string');
@@ -234,9 +238,11 @@ export async function delegate({
 			maxIterations: remainingIterations,
 			debug,
 			tracer,
-			path,      // Inherit from parent
-			provider,  // Inherit from parent
-			model      // Inherit from parent
+			path,       // Inherit from parent
+			provider,   // Inherit from parent
+			model,      // Inherit from parent
+			enableBash, // Inherit from parent
+			bashConfig  // Inherit from parent
 		});
 
 		if (debug) {

package/src/tools/vercel.js

@@ -239,10 +239,12 @@ export const extractTool = (options = {}) => {
  * @param {number} [options.timeout=300] - Default timeout in seconds
  * @param {string} [options.cwd] - Working directory to use if not specified in call
  * @param {string[]} [options.allowedFolders] - Allowed folders for workspace isolation
+ * @param {boolean} [options.enableBash=false] - Enable bash tool for sub-agents
+ * @param {Object} [options.bashConfig] - Bash configuration (allow/deny patterns)
  * @returns {Object} Configured delegate tool
  */
 export const delegateTool = (options = {}) => {
-	const { debug = false, timeout = 300, cwd, allowedFolders } = options;
+	const { debug = false, timeout = 300, cwd, allowedFolders, enableBash = false, bashConfig } = options;
 
 	return tool({
 		name: 'delegate',
@@ -309,7 +311,9 @@ export const delegateTool = (options = {}) => {
 				path: effectivePath,
 				provider,
 				model,
-				tracer
+				tracer,
+				enableBash,
+				bashConfig
 			});
 
 			return result;