bonecode 1.3.0 → 1.4.2

package/scripts/test_leaked_tool_call.js

@@ -0,0 +1,269 @@
+#!/usr/bin/env node
+/**
+ * Tests for the leaked tool-call parser. Loads the compiled module directly
+ * so tests run against the same code that ships.
+ *
+ * Patterns tested are taken from real model outputs:
+ *   - gemma:  <|tool_call>call:edit{file_path:<|"|>foo.bone<|"|>}<tool_call|>
+ *   - qwen:   <tool_call>{"name":"write","arguments":{"path":"x"}}</tool_call>
+ *   - llama3: <|python_tag|>write({"path":"x"})<|/python_tag|>
+ *   - openai-style fenced: ```tool_code\nname(arg=val)\n```
+ *
+ * Also re-tests isBuildPrompt against the prompts that previously slipped
+ * through (e.g. "using BoneScript as the backend, write a python ...").
+ */
+
+"use strict";
+const fs = require("fs");
+const path = require("path");
+
+const G = "\x1b[32m"; const R = "\x1b[31m"; const C = "\x1b[36m";
+const B = "\x1b[1m"; const D = "\x1b[2m"; const N = "\x1b[0m";
+
+let passed = 0;
+let failed = 0;
+const failures = [];
+
+function ok(name, info = "") {
+  passed++;
+  console.log(`  ${G}✓${N} ${name}${info ? `  ${D}${info}${N}` : ""}`);
+}
+function fail(name, msg) {
+  failed++;
+  failures.push(`${name}: ${msg}`);
+  console.log(`  ${R}✗${N} ${name}  ${R}${msg}${N}`);
+}
+function header(s) { console.log(`\n${C}${B}${s}${N}`); }
+
+const ROOT = path.resolve(__dirname, "..");
+const modulePath = path.join(ROOT, "dist", "src", "engine", "session", "leaked_tool_call.js");
+
+if (!fs.existsSync(modulePath)) {
+  console.error(`${R}Compiled module not found at ${modulePath}.${N}`);
+  console.error(`Run \`npm run build\` first.`);
+  process.exit(1);
+}
+
+const {
+  extractLeakedToolCall,
+  parseLeakedBody,
+  parseKwargs,
+  parseLooseObject,
+} = require(modulePath);
+
+// ─── Tests: gemma-style markers ───────────────────────────────────────────────
+
+header("[1] Gemma-style leaked calls (the user's exact bug)");
+
+(() => {
+  const text = `I'll create the file.\n<|tool_call>call:edit{file_path:<|"|>medieval_market.bone<|"|>}<tool_call|>\nDone.`;
+  const r = extractLeakedToolCall(text);
+  if (r && r.toolName === "edit" && r.toolInput.file_path === "medieval_market.bone") {
+    ok("gemma <|tool_call>call:name{...}<tool_call|>", `→ edit(file_path="${r.toolInput.file_path}")`);
+  } else {
+    fail("gemma exact bug", JSON.stringify(r));
+  }
+})();
+
+(() => {
+  const text = `<|tool_call|>{"name":"write","arguments":{"path":"foo.ts","content":"hello"}}<|/tool_call|>`;
+  const r = extractLeakedToolCall(text);
+  if (r && r.toolName === "write" && r.toolInput.path === "foo.ts" && r.toolInput.content === "hello") {
+    ok("gemma <|tool_call|>{json}<|/tool_call|>");
+  } else {
+    fail("gemma JSON form", JSON.stringify(r));
+  }
+})();
+
+// ─── Tests: qwen-style markers ────────────────────────────────────────────────
+
+header("[2] Qwen-style leaked calls");
+
+(() => {
+  const text = `<tool_call>{"name":"bash","arguments":{"command":"ls -la"}}</tool_call>`;
+  const r = extractLeakedToolCall(text);
+  if (r && r.toolName === "bash" && r.toolInput.command === "ls -la") {
+    ok("<tool_call>{json}</tool_call>");
+  } else {
+    fail("qwen", JSON.stringify(r));
+  }
+})();
+
+(() => {
+  const text = `<tool_call>{"tool":"read","args":{"path":"src/main.ts"}}</tool_call>`;
+  const r = extractLeakedToolCall(text);
+  if (r && r.toolName === "read" && r.toolInput.path === "src/main.ts") {
+    ok("<tool_call>{tool: ..., args: ...}</tool_call>");
+  } else {
+    fail("qwen alt keys", JSON.stringify(r));
+  }
+})();
+
+// ─── Tests: llama3-style python_tag ───────────────────────────────────────────
+
+header("[3] llama3-style <|python_tag|>");
+
+(() => {
+  const text = `<|python_tag|>write({"path":"x.txt","content":"y"})<|/python_tag|>`;
+  const r = extractLeakedToolCall(text);
+  if (r && r.toolName === "write" && r.toolInput.path === "x.txt" && r.toolInput.content === "y") {
+    ok("llama3 python_tag with JSON arg");
+  } else {
+    fail("llama3", JSON.stringify(r));
+  }
+})();
+
+// ─── Tests: function-call kwargs ──────────────────────────────────────────────
+
+header("[4] Function-call kwargs syntax");
+
+(() => {
+  const args = parseKwargs(`path="foo.ts", content="hello world"`);
+  if (args && args.path === "foo.ts" && args.content === "hello world") ok("string kwargs");
+  else fail("string kwargs", JSON.stringify(args));
+})();
+
+(() => {
+  const args = parseKwargs(`count=42, ratio=3.14, enabled=true, missing=null`);
+  if (args && args.count === 42 && args.ratio === 3.14 && args.enabled === true && args.missing === null) {
+    ok("typed kwargs (number, float, bool, null)");
+  } else {
+    fail("typed kwargs", JSON.stringify(args));
+  }
+})();
+
+(() => {
+  const args = parseKwargs(`file_path=<|"|>medieval_market.bone<|"|>`);
+  if (args && args.file_path === "medieval_market.bone") ok(`<|"|> escapes are stripped`);
+  else fail("escape markers", JSON.stringify(args));
+})();
+
+// ─── Tests: loose-object form ─────────────────────────────────────────────────
+
+header("[5] Loose-object form (pseudo-JSON)");
+
+(() => {
+  const o = parseLooseObject(`file_path:"foo.bone", count:3`);
+  if (o && o.file_path === "foo.bone" && o.count === 3) ok("colon-separated loose object");
+  else fail("loose object", JSON.stringify(o));
+})();
+
+// ─── Tests: fenced tool_code ──────────────────────────────────────────────────
+
+header("[6] Fenced tool_code blocks");
+
+(() => {
+  const text = "Some prose\n```tool_code\nwrite(path=\"x\", content=\"y\")\n```\nMore prose.";
+  const r = extractLeakedToolCall(text);
+  if (r && r.toolName === "write" && r.toolInput.path === "x" && r.toolInput.content === "y") {
+    ok("```tool_code\\nname(args)\\n```");
+  } else {
+    fail("fenced tool_code", JSON.stringify(r));
+  }
+})();
+
+// ─── Tests: false-positives ───────────────────────────────────────────────────
+
+header("[7] No false-positives on plain text");
+
+const cleanCases = [
+  "I'll create a file called foo.bone now.",
+  "Use the `write` tool to save the file.",
+  "Here's how you'd do it: write(path, content) — but that's pseudocode.",
+  "<not_a_tool_call>just text</not_a_tool_call>",
+  "",
+  "<tool_call></tool_call>",
+];
+for (const c of cleanCases) {
+  const r = extractLeakedToolCall(c);
+  if (r === null) ok(`clean: "${c.slice(0, 50)}..."`);
+  else fail(`false positive`, `"${c}" → ${JSON.stringify(r)}`);
+}
+
+// ─── Tests: stripping positions ───────────────────────────────────────────────
+
+header("[8] startIndex/endIndex enable text stripping");
+
+(() => {
+  const text = `Before <|tool_call|>{"name":"write","arguments":{}}<|/tool_call|> after`;
+  const r = extractLeakedToolCall(text);
+  if (!r) {
+    fail("strip positions", "no match");
+  } else {
+    const stripped = text.slice(0, r.startIndex) + text.slice(r.endIndex);
+    if (stripped === "Before  after") ok("text stripped cleanly", `"${stripped}"`);
+    else fail("strip", `got "${stripped}"`);
+  }
+})();
+
+// ─── Tests: build mode trigger detection ──────────────────────────────────────
+
+header("[9] isBuildPrompt covers the previously-missed prompts");
+
+const bmModulePath = path.join(ROOT, "dist", "src", "engine", "session", "build_mode.js");
+if (!fs.existsSync(bmModulePath)) {
+  fail("build_mode module", "compiled file missing");
+} else {
+  const { isBuildPrompt } = require(bmModulePath);
+
+  const newCases = [
+    // The exact prompt that previously failed in the user's session
+    "using BoneScript as the backend, write a python 2d mideveal copper silver gold platinum transaction market simulation",
+    "with bonescript, build a chat app",
+    "in BoneScript, design a multi-tenant CRM",
+    "BoneScript backend for a music streaming service",
+    "write me a REST API for a todo list",
+    "develop a graphql api for users",
+    "scaffold a web application with auth",
+  ];
+  for (const p of newCases) {
+    if (isBuildPrompt(p)) ok(`triggers: "${p.slice(0, 60)}..."`);
+    else fail(`missed`, p);
+  }
+
+  const negative = [
+    "what does this function do",
+    "explain the difference between let and const",
+    "fix the typo on line 5",
+  ];
+  for (const p of negative) {
+    if (!isBuildPrompt(p)) ok(`not triggered: "${p}"`);
+    else fail(`over-matched`, p);
+  }
+}
+
+// ─── Tests: parseLeakedBody handles edge cases ────────────────────────────────
+
+header("[10] parseLeakedBody edge cases");
+
+(() => {
+  const r = parseLeakedBody("");
+  if (r === null) ok("empty body returns null");
+  else fail("empty", JSON.stringify(r));
+})();
+
+(() => {
+  const r = parseLeakedBody("not a tool call at all");
+  if (r === null) ok("garbage body returns null");
+  else fail("garbage", JSON.stringify(r));
+})();
+
+(() => {
+  // Function call with JSON arg
+  const r = parseLeakedBody('write({"path": "a.txt", "content": "b"})');
+  if (r && r.toolName === "write" && r.toolInput.path === "a.txt" && r.toolInput.content === "b") {
+    ok("function with JSON arg");
+  } else {
+    fail("function JSON arg", JSON.stringify(r));
+  }
+})();
+
+console.log();
+if (failed === 0) {
+  console.log(`${G}${B}✓ All ${passed} tests passed${N}`);
+  process.exit(0);
+} else {
+  console.log(`${R}${B}✗ ${failed} failed, ${passed} passed${N}`);
+  for (const f of failures) console.log(`  ${R}- ${f}${N}`);
+  process.exit(1);
+}

package/src/db_adapter.ts

@@ -164,6 +164,7 @@ CREATE TABLE IF NOT EXISTS sessions (
   summary_deletions INTEGER,
   share_url TEXT,
   workspace_id TEXT,
+  build_state TEXT,
   created_at TEXT DEFAULT (datetime('now')),
   updated_at TEXT DEFAULT (datetime('now'))
 );
@@ -309,6 +310,7 @@ export async function initDatabase(silent = false): Promise<{
           process.stderr.write(`[DB] Pool error: ${err.message}\n`);
         }
       });
+      await ensurePostgresColumns(pgPool);
       return { pool: pgPool, mode: "postgres", pgAvailable: true };
     }
     log(`\x1b[33m[BoneCode] Postgres not reachable at ${dbUrl.replace(/:[^:@]+@/, ":***@")} — trying Docker...\x1b[0m`);
@@ -330,6 +332,7 @@ export async function initDatabase(silent = false): Promise<{
         }
       });
       log(`\x1b[32m[BoneCode] PostgreSQL ready (Docker) — full RAG enabled\x1b[0m`);
+      await ensurePostgresColumns(pgPool);
       return { pool: pgPool, mode: "postgres", pgAvailable: true };
     }
   }
@@ -348,7 +351,33 @@ export async function initDatabase(silent = false): Promise<{
   const Database = require("better-sqlite3");
   const db = new Database(dbPath);
   db.exec(SQLITE_SCHEMA);
+  // Idempotent migrations for older databases — add new columns if missing.
+  // SQLite has no IF NOT EXISTS for columns, so we swallow the duplicate-column error.
+  const safeAlter = (sql: string) => { try { db.exec(sql); } catch { /* column exists */ } };
+  safeAlter(`ALTER TABLE sessions ADD COLUMN build_state TEXT`);
   db.close();
 
   return { pool: sqlitePool, mode: "sqlite", pgAvailable: false };
 }
+
+
+// ─── Postgres column migrations ───────────────────────────────────────────────
+
+/**
+ * Idempotently add columns the BoneScript-generated schema doesn't include.
+ * Each ALTER is run with IF NOT EXISTS / pg_class probing so it's safe to run
+ * on every server startup.
+ */
+async function ensurePostgresColumns(pool: any): Promise<void> {
+  const migrations: Array<{ table: string; column: string; type: string }> = [
+    { table: "sessions", column: "build_state", type: "JSONB" },
+  ];
+  for (const m of migrations) {
+    try {
+      await pool.query(`ALTER TABLE ${m.table} ADD COLUMN IF NOT EXISTS ${m.column} ${m.type}`);
+    } catch {
+      // Either the table doesn't exist yet (first run) or the user has
+      // restricted permissions. Build mode falls back to permission_ruleset.build.
+    }
+  }
+}