@probelabs/probe 0.6.0-rc232 → 0.6.0-rc233

package/src/agent/dsl/validator.js

@@ -0,0 +1,183 @@
+/**
+ * DSL Validator - AST whitelist validation for LLM-generated code.
+ *
+ * Parses code with Acorn and walks the AST, rejecting any node type
+ * not in the whitelist. This is an allow-list approach — unknown syntax
+ * is rejected by default.
+ */
+
+import * as acorn from 'acorn';
+import * as walk from 'acorn-walk';
+
+// Node types the LLM is allowed to generate
+const ALLOWED_NODE_TYPES = new Set([
+  'Program',
+  'ExpressionStatement',
+  'BlockStatement',
+  'VariableDeclaration',
+  'VariableDeclarator',
+  'ArrowFunctionExpression',
+  'FunctionExpression',
+  'CallExpression',
+  'MemberExpression',
+  'Identifier',
+  'Literal',
+  'TemplateLiteral',
+  'TemplateElement',
+  'ArrayExpression',
+  'ObjectExpression',
+  'SpreadElement',
+  'IfStatement',
+  'ConditionalExpression',
+  'ForOfStatement',
+  'ForInStatement',
+  'ForStatement',
+  'WhileStatement',
+  'TryStatement',
+  'CatchClause',
+  'ThrowStatement',
+  'ReturnStatement',
+  'BreakStatement',
+  'ContinueStatement',
+  'AssignmentExpression',
+  'UpdateExpression',
+  'BinaryExpression',
+  'LogicalExpression',
+  'UnaryExpression',
+  'Property',
+  'SequenceExpression',
+  'ChainExpression',
+]);
+
+// Identifiers that are never allowed
+const BLOCKED_IDENTIFIERS = new Set([
+  'eval',
+  'Function',
+  'require',
+  'process',
+  'globalThis',
+  '__proto__',
+  'constructor',
+  'prototype',
+  'import',
+  'exports',
+  'setTimeout',
+  'setInterval',
+  'setImmediate',
+  'queueMicrotask',
+  'Proxy',
+  'Reflect',
+  'Symbol',
+]);
+
+// Property names that are never allowed on member expressions
+const BLOCKED_PROPERTIES = new Set([
+  '__proto__',
+  'constructor',
+  'prototype',
+  '__defineGetter__',
+  '__defineSetter__',
+  '__lookupGetter__',
+  '__lookupSetter__',
+]);
+
+/**
+ * Validate DSL code against the whitelist.
+ *
+ * @param {string} code - The LLM-generated code to validate
+ * @returns {{ valid: boolean, errors: string[] }}
+ */
+export function validateDSL(code) {
+  const errors = [];
+
+  // Step 1: Parse with Acorn
+  let ast;
+  try {
+    ast = acorn.parse(code, {
+      ecmaVersion: 2022,
+      sourceType: 'script',
+      allowReturnOutsideFunction: true,
+    });
+  } catch (e) {
+    return { valid: false, errors: [`Syntax error: ${e.message}`] };
+  }
+
+  // Step 2: Walk every node and validate
+  walk.full(ast, (node) => {
+    // Check node type against whitelist
+    if (!ALLOWED_NODE_TYPES.has(node.type)) {
+      errors.push(`Blocked node type: ${node.type} at position ${node.start}`);
+      return;
+    }
+
+    // Block async functions (LLM should not write async/await)
+    if (
+      (node.type === 'ArrowFunctionExpression' ||
+        node.type === 'FunctionExpression') &&
+      node.async
+    ) {
+      errors.push(`Async functions are not allowed at position ${node.start}. Write synchronous code — the runtime handles async.`);
+    }
+
+    // Block generator functions
+    if (
+      (node.type === 'FunctionExpression') &&
+      node.generator
+    ) {
+      errors.push(`Generator functions are not allowed at position ${node.start}`);
+    }
+
+    // Block regex literals — SandboxJS doesn't support them
+    if (node.type === 'Literal' && node.regex) {
+      errors.push(`Regex literals are not supported at position ${node.start}. Use String methods like indexOf(), includes(), startsWith() instead.`);
+    }
+
+    // Check identifiers against blocklist
+    if (node.type === 'Identifier' && BLOCKED_IDENTIFIERS.has(node.name)) {
+      errors.push(`Blocked identifier: '${node.name}' at position ${node.start}`);
+    }
+
+    // Check member expressions for blocked properties
+    if (node.type === 'MemberExpression' && !node.computed) {
+      if (node.property.type === 'Identifier' && BLOCKED_PROPERTIES.has(node.property.name)) {
+        errors.push(`Blocked property access: '.${node.property.name}' at position ${node.property.start}`);
+      }
+    }
+
+    // Block computed member expressions with blocked string literals
+    if (node.type === 'MemberExpression' && node.computed) {
+      if (node.property.type === 'Literal' && typeof node.property.value === 'string') {
+        if (BLOCKED_PROPERTIES.has(node.property.value) || BLOCKED_IDENTIFIERS.has(node.property.value)) {
+          errors.push(`Blocked computed property access: '["${node.property.value}"]' at position ${node.property.start}`);
+        }
+      }
+    }
+
+    // Block variable declarations named with blocked identifiers
+    if (node.type === 'VariableDeclarator' && node.id.type === 'Identifier') {
+      if (BLOCKED_IDENTIFIERS.has(node.id.name)) {
+        errors.push(`Cannot declare variable with blocked name: '${node.id.name}' at position ${node.id.start}`);
+      }
+    }
+  });
+
+  return {
+    valid: errors.length === 0,
+    errors,
+  };
+}
+
+/**
+ * Parse DSL code into an AST.
+ * Exported for use by the transformer.
+ *
+ * @param {string} code
+ * @returns {import('acorn').Node}
+ */
+export function parseDSL(code) {
+  return acorn.parse(code, {
+    ecmaVersion: 2022,
+    sourceType: 'script',
+    allowReturnOutsideFunction: true,
+  });
+}

package/src/agent/index.js

@@ -142,6 +142,8 @@ function parseArgs() {
     skillDirs: null, // Comma-separated list of repo-relative skill directories
     // Task management
     enableTasks: false, // Enable task tracking for progress management
+    // Execute plan DSL tool
+    enableExecutePlan: false,
     // Bash tool configuration
     enableBash: false,
     bashAllow: null,
@@ -218,6 +220,8 @@ function parseArgs() {
       config.skillDirs = args[++i].split(',').map(dir => dir.trim()).filter(Boolean);
     } else if (arg === '--allow-tasks') {
       config.enableTasks = true;
+    } else if (arg === '--enable-execute-plan') {
+      config.enableExecutePlan = true;
     } else if (arg === '--enable-bash') {
       config.enableBash = true;
     } else if (arg === '--bash-allow' && i + 1 < args.length) {
@@ -295,6 +299,9 @@ Options:
   --no-mermaid-validation          Disable automatic mermaid diagram validation and fixing
   --help, -h                      Show this help message
 
+DSL Orchestration:
+  --enable-execute-plan            Enable execute_plan DSL tool for programmatic orchestration
+
 Bash Tool Options:
   --enable-bash                    Enable bash command execution for system exploration
   --bash-allow <patterns>          Additional bash command patterns to allow (comma-separated)
@@ -843,6 +850,7 @@ async function main() {
       disableTools: config.disableTools,
       allowSkills: config.allowSkills,
       skillDirs: config.skillDirs,
+      enableExecutePlan: config.enableExecutePlan,
       enableBash: config.enableBash,
       bashConfig: bashConfig,
       enableTasks: config.enableTasks

package/src/agent/probeTool.js

@@ -211,6 +211,15 @@ export function createWrappedTools(baseTools) {
     );
   }
 
+  // Wrap execute_plan tool
+  if (baseTools.executePlanTool) {
+    wrappedTools.executePlanToolInstance = wrapToolWithEmitter(
+      baseTools.executePlanTool,
+      'execute_plan',
+      baseTools.executePlanTool.execute
+    );
+  }
+
   // Wrap bash tool
   if (baseTools.bashTool) {
     wrappedTools.bashToolInstance = wrapToolWithEmitter(

package/src/agent/tools.js

@@ -5,6 +5,7 @@ import {
   extractTool,
   delegateTool,
   analyzeAllTool,
+  createExecutePlanTool,
   bashTool,
   editTool,
   createTool,
@@ -16,6 +17,7 @@ import {
   extractSchema,
   delegateSchema,
   analyzeAllSchema,
+  executePlanSchema,
   bashSchema,
   editSchema,
   createSchema,
@@ -24,6 +26,7 @@ import {
   extractToolDefinition,
   delegateToolDefinition,
   analyzeAllToolDefinition,
+  getExecutePlanToolDefinition,
   bashToolDefinition,
   editToolDefinition,
   createToolDefinition,
@@ -58,7 +61,10 @@ export function createTools(configOptions) {
   if (configOptions.enableDelegate && isToolAllowed('delegate')) {
     tools.delegateTool = delegateTool(configOptions);
   }
-  if (isToolAllowed('analyze_all')) {
+  if (configOptions.enableExecutePlan && isToolAllowed('execute_plan')) {
+    tools.executePlanTool = createExecutePlanTool(configOptions);
+  } else if (isToolAllowed('analyze_all')) {
+    // analyze_all is fallback when execute_plan is not enabled
     tools.analyzeAllTool = analyzeAllTool(configOptions);
   }
 
@@ -97,6 +103,7 @@ export {
   extractSchema,
   delegateSchema,
   analyzeAllSchema,
+  executePlanSchema,
   bashSchema,
   editSchema,
   createSchema,
@@ -106,6 +113,7 @@ export {
   extractToolDefinition,
   delegateToolDefinition,
   analyzeAllToolDefinition,
+  getExecutePlanToolDefinition,
   bashToolDefinition,
   editToolDefinition,
   createToolDefinition,

package/src/index.js

@@ -26,6 +26,7 @@ import {
 	extractSchema,
 	delegateSchema,
 	analyzeAllSchema,
+	executePlanSchema,
 	attemptCompletionSchema,
 	bashSchema,
 	searchToolDefinition,
@@ -46,6 +47,7 @@ import {
 	createToolDefinition
 } from './tools/edit.js';
 import { searchTool, queryTool, extractTool, delegateTool, analyzeAllTool } from './tools/vercel.js';
+import { createExecutePlanTool, getExecutePlanToolDefinition } from './tools/executePlan.js';
 import { bashTool } from './tools/bash.js';
 import { editTool, createTool } from './tools/edit.js';
 import { ProbeAgent } from './agent/ProbeAgent.js';
@@ -90,6 +92,7 @@ export {
 	extractTool,
 	delegateTool,
 	analyzeAllTool,
+	createExecutePlanTool,
 	bashTool,
 	editTool,
 	createTool,
@@ -102,6 +105,7 @@ export {
 	extractSchema,
 	delegateSchema,
 	analyzeAllSchema,
+	executePlanSchema,
 	attemptCompletionSchema,
 	bashSchema,
 	editSchema,
@@ -112,6 +116,7 @@ export {
 	extractToolDefinition,
 	delegateToolDefinition,
 	analyzeAllToolDefinition,
+	getExecutePlanToolDefinition,
 	attemptCompletionToolDefinition,
 	bashToolDefinition,
 	editToolDefinition,

package/src/tools/common.js

@@ -54,6 +54,11 @@ export const analyzeAllSchema = z.object({
 	path: z.string().optional().default('.').describe('Directory path to search in')
 });
 
+export const executePlanSchema = z.object({
+	code: z.string().min(1).describe('JavaScript DSL code to execute. All function calls look synchronous — do NOT use async/await. Use map(items, fn) for batch operations. Use LLM(instruction, data) for AI processing.'),
+	description: z.string().optional().describe('Human-readable description of what this plan does, for logging.')
+});
+
 // Schema for the attempt_completion tool - flexible validation for direct XML response
 export const attemptCompletionSchema = {
 	// Custom validation that requires result parameter but allows direct XML response
@@ -425,6 +430,7 @@ export const DEFAULT_VALID_TOOLS = [
 	'extract',
 	'delegate',
 	'analyze_all',
+	'execute_plan',
 	'listSkills',
 	'useSkill',
 	'listFiles',
@@ -463,6 +469,7 @@ function getValidParamsForTool(toolName) {
 		extract: extractSchema,
 		delegate: delegateSchema,
 		analyze_all: analyzeAllSchema,
+		execute_plan: executePlanSchema,
 		listSkills: listSkillsSchema,
 		useSkill: useSkillSchema,
 		bash: bashSchema,