@probelabs/probe 0.6.0-rc209 → 0.6.0-rc211

package/build/agent/ProbeAgent.js

@@ -24,6 +24,7 @@ import {
   queryToolDefinition,
   extractToolDefinition,
   delegateToolDefinition,
+  analyzeAllToolDefinition,
   bashToolDefinition,
   listFilesToolDefinition,
   searchFilesToolDefinition,
@@ -561,6 +562,9 @@ export class ProbeAgent {
     if (this.enableDelegate && wrappedTools.delegateToolInstance && isToolAllowed('delegate')) {
       this.toolImplementations.delegate = wrappedTools.delegateToolInstance;
     }
+    if (wrappedTools.analyzeAllToolInstance && isToolAllowed('analyze_all')) {
+      this.toolImplementations.analyze_all = wrappedTools.analyzeAllToolInstance;
+    }
 
     // File browsing tools
     if (isToolAllowed('listFiles')) {
@@ -2065,6 +2069,11 @@ ${extractGuidance}
       toolDefinitions += `${delegateToolDefinition}\n`;
     }
 
+    // Analyze All tool for bulk data processing
+    if (isToolAllowed('analyze_all')) {
+      toolDefinitions += `${analyzeAllToolDefinition}\n`;
+    }
+
     // Build XML tool guidelines with dynamic examples based on allowed tools
     // Build examples only for allowed tools
     let toolExamples = '';
@@ -2129,6 +2138,9 @@ The configuration is loaded from src/config.js lines 15-25 which contains the da
     if (this.enableDelegate && isToolAllowed('delegate')) {
       availableToolsList += '- delegate: Delegate big distinct tasks to specialized probe subagents.\n';
     }
+    if (isToolAllowed('analyze_all')) {
+      availableToolsList += '- analyze_all: Process ALL data matching a query using map-reduce (for aggregate questions needing 100% coverage).\n';
+    }
     if (this.enableBash && isToolAllowed('bash')) {
       availableToolsList += '- bash: Execute bash commands for system operations.\n';
     }
@@ -2587,6 +2599,11 @@ Follow these instructions carefully:
       let sameFormatErrorCount = 0;
       const MAX_REPEATED_FORMAT_ERRORS = 3;
 
+      // Circuit breaker for repeated identical responses without tool calls
+      let lastNoToolResponse = null;
+      let sameResponseCount = 0;
+      const MAX_REPEATED_IDENTICAL_RESPONSES = 3;
+
       // Tool iteration loop (only for non-CLI engines like Vercel/Anthropic/OpenAI)
       while (currentIteration < maxIterations && !completionAttempted) {
         currentIteration++;
@@ -2637,11 +2654,11 @@ Follow these instructions carefully:
         if (!maxResponseTokens) {
           // Use model-based defaults if not explicitly configured
           maxResponseTokens = 4000;
-          if (this.model.includes('opus') || this.model.includes('sonnet') || this.model.startsWith('gpt-4-')) {
+          if (this.model && this.model.includes('opus') || this.model && this.model.includes('sonnet') || this.model && this.model.startsWith('gpt-4-')) {
             maxResponseTokens = 8192;
-          } else if (this.model.startsWith('gpt-4o')) {
+          } else if (this.model && this.model.startsWith('gpt-4o')) {
             maxResponseTokens = 8192;
-          } else if (this.model.startsWith('gemini')) {
+          } else if (this.model && this.model.startsWith('gemini')) {
             maxResponseTokens = 32000;
           }
         }
@@ -3224,6 +3241,36 @@ Follow these instructions carefully:
             break;
           }
 
+          // Check for repeated identical responses - if AI gives same response 3 times,
+          // accept it as the final answer instead of continuing the loop
+          if (lastNoToolResponse !== null && assistantResponseContent === lastNoToolResponse) {
+            sameResponseCount++;
+            if (sameResponseCount >= MAX_REPEATED_IDENTICAL_RESPONSES) {
+              // Clean up the response - remove thinking tags
+              let cleanedResponse = assistantResponseContent;
+              cleanedResponse = cleanedResponse.replace(/<thinking>[\s\S]*?<\/thinking>/gi, '').trim();
+              cleanedResponse = cleanedResponse.replace(/<thinking>[\s\S]*$/gi, '').trim();
+
+              const hasSubstantialContent = cleanedResponse.length > 50 &&
+                !cleanedResponse.includes('<api_call>') &&
+                !cleanedResponse.includes('<tool_name>') &&
+                !cleanedResponse.includes('<function>');
+
+              if (hasSubstantialContent) {
+                if (this.debug) {
+                  console.log(`[DEBUG] Same response repeated ${sameResponseCount} times - accepting as final answer (${cleanedResponse.length} chars)`);
+                }
+                finalResult = cleanedResponse;
+                completionAttempted = true;
+                break;
+              }
+            }
+          } else {
+            // Different response, reset counter
+            lastNoToolResponse = assistantResponseContent;
+            sameResponseCount = 1;
+          }
+
           // Add assistant response and ask for tool usage
           currentMessages.push({ role: 'assistant', content: assistantResponseContent });
 
@@ -3313,10 +3360,56 @@ Or if your previous response already contains a complete, direct answer (not a t
 Note: <attempt_complete></attempt_complete> reuses your PREVIOUS assistant message as the final answer. Only use this if that message was already a valid, complete response to the user's question.`;
           }
 
-          currentMessages.push({
-            role: 'user',
-            content: reminderContent
-          });
+          // Check if we should replace the previous reminder instead of appending
+          // After pushing assistant message, the previous user message (if a reminder) is at length - 2
+          // Message pattern: [..., prev_assistant, prev_user_reminder, current_assistant]
+          const prevUserMsgIndex = currentMessages.length - 2;
+          const prevUserMsg = currentMessages[prevUserMsgIndex];
+          const isExistingReminder = prevUserMsg && prevUserMsg.role === 'user' &&
+            (prevUserMsg.content.includes('Please use one of the available tools') ||
+             prevUserMsg.content.includes('<tool_result>'));
+
+          if (isExistingReminder && sameResponseCount > 1) {
+            // Replace the previous reminder with updated content and remove duplicated assistant message
+            // This prevents context bloat from repeated identical exchanges
+            // Pattern: [..., prev_assistant, prev_user_reminder, current_assistant] -> [..., current_assistant, new_reminder]
+            const prevAssistantIndex = prevUserMsgIndex - 1;
+
+            // Validate the expected pattern before splicing:
+            // 1. prevAssistantIndex must be valid (>= 0)
+            // 2. If there's a system message at index 0, don't remove it (prevAssistantIndex > 0)
+            // 3. Must be an assistant message at prevAssistantIndex
+            // 4. After removal, array should have at least 2 messages (current assistant + new reminder)
+            const hasSystemMessage = currentMessages.length > 0 && currentMessages[0].role === 'system';
+            const minValidIndex = hasSystemMessage ? 1 : 0;
+            const canSafelyRemove = prevAssistantIndex >= minValidIndex &&
+              currentMessages[prevAssistantIndex] &&
+              currentMessages[prevAssistantIndex].role === 'assistant' &&
+              (currentMessages.length - 2) >= (hasSystemMessage ? 2 : 1); // After removal: at least system+assistant or just assistant
+
+            if (canSafelyRemove) {
+              // Remove the duplicate assistant and old reminder (2 messages starting at prevAssistantIndex)
+              currentMessages.splice(prevAssistantIndex, 2);
+              if (this.debug) {
+                console.log(`[DEBUG] Removed duplicate assistant+reminder pair (iteration ${currentIteration}, same response #${sameResponseCount})`);
+              }
+            } else if (this.debug) {
+              console.log(`[DEBUG] Skipped deduplication: pattern validation failed (prevAssistantIndex=${prevAssistantIndex}, arrayLength=${currentMessages.length})`);
+            }
+
+            // Add iteration context to help the AI understand this is a repeated attempt
+            const iterationHint = `\n\n(Attempt #${sameResponseCount}: Your previous ${sameResponseCount} responses were identical. If you have a complete answer, use <attempt_complete></attempt_complete> to finalize it.)`;
+            currentMessages.push({
+              role: 'user',
+              content: reminderContent + iterationHint
+            });
+          } else {
+            currentMessages.push({
+              role: 'user',
+              content: reminderContent
+            });
+          }
+
           if (this.debug) {
             if (unrecognizedTool) {
               console.log(`[DEBUG] Unrecognized tool '${unrecognizedTool}' used. Providing error feedback.`);

package/build/agent/bashCommandUtils.js

@@ -1,10 +1,36 @@
 /**
  * Unified command parsing utilities for bash tool
- * 
+ *
  * This module provides a single source of truth for parsing shell commands.
  * It supports only simple commands (no pipes, operators, or substitutions)
  * to align with the executor's capabilities.
- * 
+ *
+ * ## Escape Handling Architecture
+ *
+ * There are THREE different escape handling behaviors in the bash permission system,
+ * each serving a distinct purpose:
+ *
+ * 1. **stripQuotedContent()** (in parseSimpleCommand): SKIPS both backslash AND next char
+ *    - Purpose: Detect operators (|, &&, ||) that exist OUTSIDE quoted strings
+ *    - Output is never used for execution, only for operator detection
+ *    - Example: `echo "a && b"` → strips quoted content → no `&&` detected outside quotes
+ *
+ * 2. **parseSimpleCommand()** main loop: STRIPS backslash, KEEPS escaped char
+ *    - Purpose: Extract actual argument values that would be passed to the command
+ *    - Matches bash behavior where `\"` inside double quotes becomes `"`
+ *    - Example: `echo "he said \"hi\""` → args: ['he said "hi"']
+ *
+ * 3. **_splitComplexCommand()** (in bashPermissions.js): PRESERVES both backslash AND next char
+ *    - Purpose: Split complex commands by operators while preserving escape sequences
+ *    - Output is passed to parseCommand() which will then interpret the escapes
+ *    - Example: `echo "test\" && b" && cmd` → components passed to parseCommand for final parsing
+ *
+ * This design ensures:
+ * - Commands with operators inside quotes (e.g., `echo "a && b"`) are NOT incorrectly
+ *   flagged as complex commands
+ * - Escaped quotes (e.g., `\"`) don't prematurely end quoted sections
+ * - Each component gets proper escape interpretation in the final parsing step
+ *
  * @module bashCommandUtils
  */
 
@@ -38,7 +64,64 @@ export function parseSimpleCommand(command) {
     };
   }
 
+  // Strip quoted content before checking for complex operators
+  // This prevents detecting operators inside quotes (e.g., echo "a && b")
+  //
+  // IMPORTANT: This function is ONLY used to detect operators, NOT for argument parsing.
+  // It REMOVES both backslash AND escaped character from the output, unlike parseSimpleCommand
+  // which interprets escapes. This is intentional - we only care about finding operators
+  // that exist outside of quoted strings. See module header for architecture details.
+  const stripQuotedContent = (str) => {
+    let result = '';
+    let inQuotes = false;
+    let quoteChar = '';
+
+    for (let i = 0; i < str.length; i++) {
+      const char = str[i];
+      const nextChar = str[i + 1];
+
+      // Handle escape sequences outside quotes - skip both chars (not operators)
+      if (!inQuotes && char === '\\' && nextChar !== undefined) {
+        // Skip the backslash and next char - they can't be operators
+        i++;
+        continue;
+      }
+
+      // Handle escape sequences inside double quotes
+      // In bash, only ", $, `, \, and newline are escapable in double quotes
+      if (inQuotes && quoteChar === '"' && char === '\\' && nextChar !== undefined) {
+        // Skip both the backslash and the escaped character (stays inside quotes)
+        i++;
+        continue;
+      }
+
+      // Start of quoted section
+      if (!inQuotes && (char === '"' || char === "'")) {
+        inQuotes = true;
+        quoteChar = char;
+        continue;
+      }
+
+      // End of quoted section
+      if (inQuotes && char === quoteChar) {
+        inQuotes = false;
+        quoteChar = '';
+        continue;
+      }
+
+      // Only add characters that are outside quotes
+      if (!inQuotes) {
+        result += char;
+      }
+    }
+
+    return result;
+  };
+
   // Check for complex shell constructs that we don't support
+  // Use stripped version (without quoted content) for operator detection
+  const strippedForOperators = stripQuotedContent(trimmed);
+
   const complexPatterns = [
     /\|/,           // Pipes
     /&&/,           // Logical AND
@@ -54,7 +137,7 @@ export function parseSimpleCommand(command) {
   ];
 
   for (const pattern of complexPatterns) {
-    if (pattern.test(trimmed)) {
+    if (pattern.test(strippedForOperators)) {
       return {
         success: false,
         error: 'Complex shell commands with pipes, operators, or redirections are not supported for security reasons',
@@ -71,22 +154,25 @@ export function parseSimpleCommand(command) {
   let current = '';
   let inQuotes = false;
   let quoteChar = '';
-  let escaped = false;
 
   for (let i = 0; i < trimmed.length; i++) {
     const char = trimmed[i];
     const nextChar = i + 1 < trimmed.length ? trimmed[i + 1] : '';
-    
-    if (escaped) {
-      // Handle escaped characters
-      current += char;
-      escaped = false;
+
+    // Handle escapes outside quotes
+    if (!inQuotes && char === '\\' && nextChar) {
+      // Add the escaped character (skip the backslash)
+      current += nextChar;
+      i++; // Skip next character
       continue;
     }
 
-    if (char === '\\' && !inQuotes) {
-      // Escape next character
-      escaped = true;
+    // Handle escapes inside double quotes (single quotes don't process escapes)
+    if (inQuotes && quoteChar === '"' && char === '\\' && nextChar) {
+      // In double quotes, backslash escapes certain characters
+      // Add the escaped character to current
+      current += nextChar;
+      i++; // Skip next character
       continue;
     }
 

package/build/agent/bashPermissions.js

@@ -272,8 +272,119 @@ export class BashPermissionChecker {
     return result;
   }
 
+  /**
+   * Split a complex command into component commands by operators
+   *
+   * ## Escape Handling (Security-Critical)
+   *
+   * This function intentionally PRESERVES escape sequences (both backslash AND
+   * escaped character) in the output. This is step 1 of a 2-step parsing process:
+   *
+   * 1. _splitComplexCommand: Splits by operators, PRESERVES escapes → `echo "test\" && b"`
+   * 2. parseCommand: Interprets escapes in each component → args: ['test" && b']
+   *
+   * This differs from stripQuotedContent() in bashCommandUtils.js which REMOVES
+   * escapes entirely (for operator detection only).
+   *
+   * The security rationale: if we stripped escapes here, `\"` would become `"`,
+   * potentially causing incorrect quote boundary detection and allowing operator
+   * injection. By preserving escapes, parseCommand() can correctly interpret them.
+   *
+   * See bashCommandUtils.js module header for the full escape handling architecture.
+   *
+   * @private
+   * @param {string} command - Complex command to split
+   * @returns {string[]} Array of component commands (with escapes preserved)
+   */
+  _splitComplexCommand(command) {
+    // Split by &&, ||, and | operators while respecting quotes and escape sequences
+    // IMPORTANT: Preserves backslashes so parseCommand() can interpret them correctly
+    const components = [];
+    let current = '';
+    let inQuotes = false;
+    let quoteChar = '';
+    let i = 0;
+
+    while (i < command.length) {
+      const char = command[i];
+      const nextChar = command[i + 1] || '';
+
+      // Handle escape sequences outside quotes
+      if (!inQuotes && char === '\\') {
+        // Keep the backslash and the next character
+        current += char;
+        if (nextChar) {
+          current += nextChar;
+          i += 2;
+        } else {
+          i++;
+        }
+        continue;
+      }
+
+      // Handle escape sequences inside double quotes (single quotes don't support escaping)
+      if (inQuotes && quoteChar === '"' && char === '\\' && nextChar) {
+        // Keep both the backslash and the escaped character
+        current += char + nextChar;
+        i += 2;
+        continue;
+      }
+
+      // Start of quoted section
+      if (!inQuotes && (char === '"' || char === "'")) {
+        inQuotes = true;
+        quoteChar = char;
+        current += char;
+        i++;
+        continue;
+      }
+
+      // End of quoted section
+      if (inQuotes && char === quoteChar) {
+        inQuotes = false;
+        quoteChar = '';
+        current += char;
+        i++;
+        continue;
+      }
+
+      // Check for operators only outside quotes
+      if (!inQuotes) {
+        // Check for && or ||
+        if ((char === '&' && nextChar === '&') || (char === '|' && nextChar === '|')) {
+          if (current.trim()) {
+            components.push(current.trim());
+          }
+          current = '';
+          i += 2; // Skip both characters
+          continue;
+        }
+        // Check for single pipe |
+        if (char === '|') {
+          if (current.trim()) {
+            components.push(current.trim());
+          }
+          current = '';
+          i++;
+          continue;
+        }
+      }
+
+      current += char;
+      i++;
+    }
+
+    // Add the last component
+    if (current.trim()) {
+      components.push(current.trim());
+    }
+
+    return components;
+  }
+
   /**
    * Check a complex command against complex patterns in allow/deny lists
+   * Also supports auto-allowing commands where all components are individually allowed
    * @private
    * @param {string} command - Complex command to check
    * @returns {Object} Permission result
@@ -336,7 +447,102 @@ export class BashPermissionChecker {
       }
     }
 
-    // No matching complex pattern found - reject complex command
+    // No explicit complex pattern matched - try component-based evaluation
+    // Split the command by &&, ||, and | operators and check each component
+    const components = this._splitComplexCommand(command);
+
+    if (this.debug) {
+      console.log(`[BashPermissions] Checking ${components.length} command components: ${JSON.stringify(components)}`);
+    }
+
+    if (components.length > 1) {
+      // Check each component individually
+      const componentResults = [];
+      let allAllowed = true;
+      let deniedComponent = null;
+      let deniedReason = null;
+
+      for (const component of components) {
+        // Parse the component as a simple command
+        const parsed = parseCommand(component);
+
+        if (parsed.error || parsed.isComplex) {
+          // Component itself is complex or has an error - can't auto-allow
+          if (this.debug) {
+            console.log(`[BashPermissions] Component "${component}" is complex or has error: ${parsed.error}`);
+          }
+          allAllowed = false;
+          deniedComponent = component;
+          deniedReason = parsed.error || 'Component contains nested complex constructs';
+          break;
+        }
+
+        // Check against deny patterns
+        if (matchesAnyPattern(parsed, this.denyPatterns)) {
+          if (this.debug) {
+            console.log(`[BashPermissions] Component "${component}" matches deny pattern`);
+          }
+          allAllowed = false;
+          deniedComponent = component;
+          deniedReason = 'Component matches deny pattern';
+          break;
+        }
+
+        // Check against allow patterns
+        if (!matchesAnyPattern(parsed, this.allowPatterns)) {
+          if (this.debug) {
+            console.log(`[BashPermissions] Component "${component}" not in allow list`);
+          }
+          allAllowed = false;
+          deniedComponent = component;
+          deniedReason = 'Component not in allow list';
+          break;
+        }
+
+        componentResults.push({ component, parsed, allowed: true });
+      }
+
+      if (allAllowed) {
+        if (this.debug) {
+          console.log(`[BashPermissions] ALLOWED - all ${components.length} components passed individual checks`);
+        }
+        const result = {
+          allowed: true,
+          command: command,
+          isComplex: true,
+          allowedByComponents: true,
+          components: componentResults
+        };
+        this.recordBashEvent('permission.allowed', {
+          command,
+          isComplex: true,
+          allowedByComponents: true,
+          componentCount: components.length
+        });
+        return result;
+      } else {
+        if (this.debug) {
+          console.log(`[BashPermissions] DENIED - component "${deniedComponent}" failed: ${deniedReason}`);
+        }
+        const result = {
+          allowed: false,
+          reason: `Component "${deniedComponent}" not allowed: ${deniedReason}`,
+          command: command,
+          isComplex: true,
+          failedComponent: deniedComponent
+        };
+        this.recordBashEvent('permission.denied', {
+          command,
+          reason: 'component_not_allowed',
+          failedComponent: deniedComponent,
+          componentReason: deniedReason,
+          isComplex: true
+        });
+        return result;
+      }
+    }
+
+    // No matching complex pattern found and couldn't split into components - reject
     if (this.debug) {
       console.log(`[BashPermissions] DENIED - no matching complex pattern found`);
     }