codebot-ai 1.3.0 → 1.4.0

package/README.md

@@ -107,7 +107,7 @@ echo "explain this error" | codebot            # Pipe mode
 
 ## Tools
 
-CodeBot has 13 built-in tools:
+CodeBot has 28 built-in tools:
 
 | Tool | Description | Permission |
 |------|-------------|-----------|
@@ -124,6 +124,21 @@ CodeBot has 13 built-in tools:
 | `web_search` | Internet search with result summaries | prompt |
 | `browser` | Chrome automation via CDP | prompt |
 | `routine` | Schedule recurring tasks with cron | prompt |
+| `git` | Git operations (status, diff, log, commit, branch, etc.) | prompt |
+| `code_analysis` | Symbol extraction, find references, imports, outline | auto |
+| `multi_search` | Fuzzy search across filenames, content, and symbols | auto |
+| `task_planner` | Hierarchical task tracking with priorities | auto |
+| `diff_viewer` | File comparison and git diffs | auto |
+| `docker` | Container management (ps, run, build, compose) | prompt |
+| `database` | Query SQLite databases (blocks destructive SQL) | prompt |
+| `test_runner` | Auto-detect and run tests (jest, vitest, pytest, go, cargo) | prompt |
+| `http_client` | Advanced HTTP requests with auth and headers | prompt |
+| `image_info` | Image dimensions and metadata (PNG, JPEG, GIF, SVG) | auto |
+| `ssh_remote` | Remote command execution and file transfer via SSH | always-ask |
+| `notification` | Webhook notifications (Slack, Discord, generic) | prompt |
+| `pdf_extract` | Extract text and metadata from PDF files | auto |
+| `package_manager` | Dependency management (npm, yarn, pip, cargo, go) | prompt |
+| `code_review` | Security scanning and complexity analysis | auto |
 
 ### Permission Levels
 

package/dist/cli.js

@@ -44,7 +44,7 @@ const setup_1 = require("./setup");
 const banner_1 = require("./banner");
 const tools_1 = require("./tools");
 const scheduler_1 = require("./scheduler");
-const VERSION = '1.3.0';
+const VERSION = '1.4.0';
 // Session-wide token tracking
 let sessionTokens = { input: 0, output: 0, total: 0 };
 const C = {

package/dist/tools/code-analysis.d.ts

@@ -0,0 +1,33 @@
+import { Tool } from '../types';
+export declare class CodeAnalysisTool implements Tool {
+    name: string;
+    description: string;
+    permission: Tool['permission'];
+    parameters: {
+        type: string;
+        properties: {
+            action: {
+                type: string;
+                description: string;
+            };
+            path: {
+                type: string;
+                description: string;
+            };
+            symbol: {
+                type: string;
+                description: string;
+            };
+        };
+        required: string[];
+    };
+    execute(args: Record<string, unknown>): Promise<string>;
+    private extractSymbols;
+    private extractImports;
+    private buildOutline;
+    private walkDir;
+    private findReferences;
+    private searchRefs;
+    private readFile;
+}
+//# sourceMappingURL=code-analysis.d.ts.map

package/dist/tools/code-analysis.js

@@ -0,0 +1,232 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CodeAnalysisTool = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+class CodeAnalysisTool {
+    name = 'code_analysis';
+    description = 'Analyze code structure. Actions: symbols (list classes/functions/exports), imports (list imports), outline (file structure), references (find where a symbol is used).';
+    permission = 'auto';
+    parameters = {
+        type: 'object',
+        properties: {
+            action: { type: 'string', description: 'Action: symbols, imports, outline, references' },
+            path: { type: 'string', description: 'File or directory to analyze' },
+            symbol: { type: 'string', description: 'Symbol name to find references for (required for "references" action)' },
+        },
+        required: ['action', 'path'],
+    };
+    async execute(args) {
+        const action = args.action;
+        const targetPath = args.path;
+        if (!action)
+            return 'Error: action is required';
+        if (!targetPath)
+            return 'Error: path is required';
+        if (!fs.existsSync(targetPath)) {
+            return `Error: path not found: ${targetPath}`;
+        }
+        switch (action) {
+            case 'symbols': return this.extractSymbols(targetPath);
+            case 'imports': return this.extractImports(targetPath);
+            case 'outline': return this.buildOutline(targetPath);
+            case 'references': {
+                const symbol = args.symbol;
+                if (!symbol)
+                    return 'Error: symbol is required for references action';
+                return this.findReferences(targetPath, symbol);
+            }
+            default:
+                return `Error: unknown action "${action}". Use: symbols, imports, outline, references`;
+        }
+    }
+    extractSymbols(filePath) {
+        const content = this.readFile(filePath);
+        if (!content)
+            return 'Error: could not read file';
+        const symbols = [];
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+            const line = lines[i];
+            const lineNum = i + 1;
+            // Classes
+            const classMatch = line.match(/^(?:export\s+)?(?:abstract\s+)?class\s+(\w+)/);
+            if (classMatch)
+                symbols.push(`  class ${classMatch[1]} (line ${lineNum})`);
+            // Functions
+            const funcMatch = line.match(/^(?:export\s+)?(?:async\s+)?function\s+(\w+)/);
+            if (funcMatch)
+                symbols.push(`  function ${funcMatch[1]} (line ${lineNum})`);
+            // Arrow function exports
+            const arrowMatch = line.match(/^(?:export\s+)?(?:const|let)\s+(\w+)\s*=\s*(?:async\s+)?\(/);
+            if (arrowMatch)
+                symbols.push(`  const ${arrowMatch[1]} (line ${lineNum})`);
+            // Interfaces & Types
+            const ifaceMatch = line.match(/^(?:export\s+)?interface\s+(\w+)/);
+            if (ifaceMatch)
+                symbols.push(`  interface ${ifaceMatch[1]} (line ${lineNum})`);
+            const typeMatch = line.match(/^(?:export\s+)?type\s+(\w+)/);
+            if (typeMatch)
+                symbols.push(`  type ${typeMatch[1]} (line ${lineNum})`);
+            // Methods inside classes
+            const methodMatch = line.match(/^\s+(?:async\s+)?(?:private\s+|public\s+|protected\s+)?(\w+)\s*\([^)]*\)\s*[:{]/);
+            if (methodMatch && !['if', 'for', 'while', 'switch', 'catch', 'constructor'].includes(methodMatch[1])) {
+                symbols.push(`    method ${methodMatch[1]} (line ${lineNum})`);
+            }
+        }
+        if (symbols.length === 0)
+            return 'No symbols found.';
+        return `Symbols in ${path.basename(filePath)}:\n${symbols.join('\n')}`;
+    }
+    extractImports(filePath) {
+        const content = this.readFile(filePath);
+        if (!content)
+            return 'Error: could not read file';
+        const imports = [];
+        const lines = content.split('\n');
+        for (const line of lines) {
+            // ES imports
+            const esMatch = line.match(/^import\s+.*from\s+['"]([^'"]+)['"]/);
+            if (esMatch) {
+                imports.push(`  ${esMatch[1]}`);
+                continue;
+            }
+            // Require
+            const reqMatch = line.match(/require\s*\(\s*['"]([^'"]+)['"]\s*\)/);
+            if (reqMatch) {
+                imports.push(`  ${reqMatch[1]}`);
+                continue;
+            }
+            // Python imports
+            const pyMatch = line.match(/^(?:from\s+(\S+)\s+)?import\s+(\S+)/);
+            if (pyMatch && !line.includes('{')) {
+                imports.push(`  ${pyMatch[1] || pyMatch[2]}`);
+            }
+        }
+        if (imports.length === 0)
+            return 'No imports found.';
+        return `Imports in ${path.basename(filePath)}:\n${imports.join('\n')}`;
+    }
+    buildOutline(targetPath) {
+        const stat = fs.statSync(targetPath);
+        if (stat.isFile()) {
+            return this.extractSymbols(targetPath);
+        }
+        // Directory outline
+        const lines = [`Outline of ${path.basename(targetPath)}/`];
+        this.walkDir(targetPath, '', lines, 0, 3);
+        return lines.join('\n');
+    }
+    walkDir(dir, prefix, lines, depth, maxDepth) {
+        if (depth >= maxDepth)
+            return;
+        const skip = new Set(['node_modules', '.git', 'dist', 'build', 'coverage', '__pycache__', '.next']);
+        let entries;
+        try {
+            entries = fs.readdirSync(dir, { withFileTypes: true });
+        }
+        catch {
+            return;
+        }
+        const dirs = entries.filter(e => e.isDirectory() && !e.name.startsWith('.') && !skip.has(e.name));
+        const files = entries.filter(e => e.isFile() && !e.name.startsWith('.'));
+        for (const d of dirs.sort((a, b) => a.name.localeCompare(b.name))) {
+            lines.push(`${prefix}${d.name}/`);
+            this.walkDir(path.join(dir, d.name), prefix + '  ', lines, depth + 1, maxDepth);
+        }
+        for (const f of files.sort((a, b) => a.name.localeCompare(b.name))) {
+            lines.push(`${prefix}${f.name}`);
+        }
+    }
+    findReferences(targetPath, symbol) {
+        const stat = fs.statSync(targetPath);
+        const dir = stat.isFile() ? path.dirname(targetPath) : targetPath;
+        const results = [];
+        const regex = new RegExp(`\\b${symbol.replace(/[.*+?^${}()|[\]\\]/g, '\\$&')}\\b`, 'g');
+        this.searchRefs(dir, regex, results, 50);
+        if (results.length === 0)
+            return `No references to "${symbol}" found.`;
+        return `References to "${symbol}":\n${results.join('\n')}`;
+    }
+    searchRefs(dir, regex, results, max) {
+        if (results.length >= max)
+            return;
+        const skip = new Set(['node_modules', '.git', 'dist', 'build', 'coverage']);
+        let entries;
+        try {
+            entries = fs.readdirSync(dir, { withFileTypes: true });
+        }
+        catch {
+            return;
+        }
+        for (const entry of entries) {
+            if (results.length >= max)
+                break;
+            if (entry.name.startsWith('.') || skip.has(entry.name))
+                continue;
+            const full = path.join(dir, entry.name);
+            if (entry.isDirectory()) {
+                this.searchRefs(full, regex, results, max);
+            }
+            else {
+                const ext = path.extname(entry.name);
+                if (!['.ts', '.js', '.tsx', '.jsx', '.py', '.go', '.rs', '.java', '.rb', '.c', '.cpp', '.h'].includes(ext))
+                    continue;
+                try {
+                    const content = fs.readFileSync(full, 'utf-8');
+                    const lines = content.split('\n');
+                    for (let i = 0; i < lines.length && results.length < max; i++) {
+                        regex.lastIndex = 0;
+                        if (regex.test(lines[i])) {
+                            results.push(`  ${full}:${i + 1}: ${lines[i].trimEnd()}`);
+                        }
+                    }
+                }
+                catch { /* skip */ }
+            }
+        }
+    }
+    readFile(filePath) {
+        try {
+            return fs.readFileSync(filePath, 'utf-8');
+        }
+        catch {
+            return null;
+        }
+    }
+}
+exports.CodeAnalysisTool = CodeAnalysisTool;
+//# sourceMappingURL=code-analysis.js.map

package/dist/tools/code-review.d.ts

@@ -0,0 +1,32 @@
+import { Tool } from '../types';
+export declare class CodeReviewTool implements Tool {
+    name: string;
+    description: string;
+    permission: Tool['permission'];
+    parameters: {
+        type: string;
+        properties: {
+            action: {
+                type: string;
+                description: string;
+            };
+            path: {
+                type: string;
+                description: string;
+            };
+            severity: {
+                type: string;
+                description: string;
+            };
+        };
+        required: string[];
+    };
+    execute(args: Record<string, unknown>): Promise<string>;
+    private securityScan;
+    private complexityAnalysis;
+    private scanFile;
+    private scanDir;
+    private analyzeFileComplexity;
+    private analyzeDir;
+}
+//# sourceMappingURL=code-review.d.ts.map

package/dist/tools/code-review.js

@@ -0,0 +1,228 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CodeReviewTool = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const SECURITY_PATTERNS = [
+    { pattern: /\beval\s*\(/, rule: 'no-eval', message: 'eval() is a security risk — allows arbitrary code execution', severity: 'error' },
+    { pattern: /new\s+Function\s*\(/, rule: 'no-new-function', message: 'new Function() is equivalent to eval()', severity: 'error' },
+    { pattern: /child_process.*exec(?!Sync)/, rule: 'unsafe-exec', message: 'exec() can be vulnerable to command injection — prefer execFile()', severity: 'warning' },
+    { pattern: /innerHTML\s*=/, rule: 'no-innerhtml', message: 'innerHTML is vulnerable to XSS attacks', severity: 'warning' },
+    { pattern: /document\.write\s*\(/, rule: 'no-document-write', message: 'document.write() is a security and performance issue', severity: 'warning' },
+    { pattern: /(?:password|secret|api.?key|token)\s*[:=]\s*['"][^'"]{8,}['"]/i, rule: 'hardcoded-secret', message: 'Possible hardcoded secret/credential', severity: 'error' },
+    { pattern: /\bsqlite3?\s.*\+\s*(?:req\.|args\.|input)/i, rule: 'sql-injection', message: 'Possible SQL injection — use parameterized queries', severity: 'error' },
+    { pattern: /https?:\/\/[^'"]*['"]\s*\+/, rule: 'url-injection', message: 'String concatenation in URL — possible injection', severity: 'warning' },
+    { pattern: /console\.(log|debug|info)\(/, rule: 'no-console', message: 'Console statement (consider removing for production)', severity: 'info' },
+    { pattern: /TODO|FIXME|HACK|XXX/i, rule: 'todo-comment', message: 'TODO/FIXME comment found', severity: 'info' },
+];
+class CodeReviewTool {
+    name = 'code_review';
+    description = 'Review code for security issues, complexity, and code smells. Actions: security, complexity, review (full).';
+    permission = 'auto';
+    parameters = {
+        type: 'object',
+        properties: {
+            action: { type: 'string', description: 'Action: security (scan for vulnerabilities), complexity (function/nesting analysis), review (full review)' },
+            path: { type: 'string', description: 'File or directory to review' },
+            severity: { type: 'string', description: 'Minimum severity to report: error, warning, info (default: warning)' },
+        },
+        required: ['action', 'path'],
+    };
+    async execute(args) {
+        const action = args.action;
+        const targetPath = args.path;
+        if (!action)
+            return 'Error: action is required';
+        if (!targetPath)
+            return 'Error: path is required';
+        if (!fs.existsSync(targetPath))
+            return `Error: path not found: ${targetPath}`;
+        const minSeverity = args.severity || 'warning';
+        switch (action) {
+            case 'security': return this.securityScan(targetPath, minSeverity);
+            case 'complexity': return this.complexityAnalysis(targetPath);
+            case 'review': {
+                const sec = this.securityScan(targetPath, minSeverity);
+                const comp = this.complexityAnalysis(targetPath);
+                return `=== Security Review ===\n${sec}\n\n=== Complexity Analysis ===\n${comp}`;
+            }
+            default: return `Error: unknown action "${action}". Use: security, complexity, review`;
+        }
+    }
+    securityScan(targetPath, minSeverity) {
+        const issues = [];
+        const sevOrder = { error: 3, warning: 2, info: 1 };
+        const minLevel = sevOrder[minSeverity] || 2;
+        const stat = fs.statSync(targetPath);
+        if (stat.isFile()) {
+            this.scanFile(targetPath, issues);
+        }
+        else {
+            this.scanDir(targetPath, issues);
+        }
+        // Filter by severity
+        const filtered = issues.filter(i => (sevOrder[i.severity] || 0) >= minLevel);
+        if (filtered.length === 0)
+            return 'No security issues found.';
+        const errors = filtered.filter(i => i.severity === 'error').length;
+        const warnings = filtered.filter(i => i.severity === 'warning').length;
+        const infos = filtered.filter(i => i.severity === 'info').length;
+        const icons = { error: 'X', warning: '!', info: 'i' };
+        const lines = filtered.slice(0, 50).map(i => `  [${icons[i.severity]}] ${i.file}:${i.line} ${i.rule} — ${i.message}`);
+        return `Found ${filtered.length} issue(s): ${errors} errors, ${warnings} warnings, ${infos} info\n${lines.join('\n')}`;
+    }
+    complexityAnalysis(targetPath) {
+        const stat = fs.statSync(targetPath);
+        const results = [];
+        if (stat.isFile()) {
+            this.analyzeFileComplexity(targetPath, results);
+        }
+        else {
+            this.analyzeDir(targetPath, results);
+        }
+        if (results.length === 0)
+            return 'No complexity issues found.';
+        return results.join('\n');
+    }
+    scanFile(filePath, issues) {
+        const ext = path.extname(filePath);
+        if (!['.ts', '.js', '.tsx', '.jsx', '.py', '.go', '.rb', '.java'].includes(ext))
+            return;
+        try {
+            const content = fs.readFileSync(filePath, 'utf-8');
+            const lines = content.split('\n');
+            for (let i = 0; i < lines.length; i++) {
+                for (const check of SECURITY_PATTERNS) {
+                    if (check.pattern.test(lines[i])) {
+                        issues.push({
+                            file: filePath, line: i + 1,
+                            severity: check.severity, rule: check.rule, message: check.message,
+                        });
+                    }
+                }
+            }
+        }
+        catch { /* skip */ }
+    }
+    scanDir(dir, issues) {
+        const skip = new Set(['node_modules', '.git', 'dist', 'build', 'coverage', '__pycache__']);
+        let entries;
+        try {
+            entries = fs.readdirSync(dir, { withFileTypes: true });
+        }
+        catch {
+            return;
+        }
+        for (const entry of entries) {
+            if (entry.name.startsWith('.') || skip.has(entry.name))
+                continue;
+            const full = path.join(dir, entry.name);
+            if (entry.isDirectory()) {
+                this.scanDir(full, issues);
+            }
+            else {
+                this.scanFile(full, issues);
+            }
+        }
+    }
+    analyzeFileComplexity(filePath, results) {
+        const ext = path.extname(filePath);
+        if (!['.ts', '.js', '.tsx', '.jsx', '.py', '.go'].includes(ext))
+            return;
+        try {
+            const content = fs.readFileSync(filePath, 'utf-8');
+            const lines = content.split('\n');
+            let currentFunc = '';
+            let funcStart = 0;
+            let maxNesting = 0;
+            let currentNesting = 0;
+            for (let i = 0; i < lines.length; i++) {
+                const line = lines[i];
+                // Detect function starts
+                const funcMatch = line.match(/(?:function|async function|def|fn|func)\s+(\w+)|(\w+)\s*[:=]\s*(?:async\s+)?\(/);
+                if (funcMatch) {
+                    // Report previous function if long
+                    if (currentFunc && (i - funcStart) > 50) {
+                        results.push(`  [!] ${filePath}:${funcStart + 1} "${currentFunc}" is ${i - funcStart} lines long (consider breaking up)`);
+                    }
+                    currentFunc = funcMatch[1] || funcMatch[2] || '';
+                    funcStart = i;
+                    maxNesting = 0;
+                }
+                // Track nesting
+                const opens = (line.match(/[{(]/g) || []).length;
+                const closes = (line.match(/[})]/g) || []).length;
+                currentNesting += opens - closes;
+                if (currentNesting > maxNesting)
+                    maxNesting = currentNesting;
+                if (maxNesting > 5 && currentFunc) {
+                    results.push(`  [!] ${filePath}:${i + 1} deep nesting (${maxNesting} levels) in "${currentFunc}"`);
+                    maxNesting = 0; // Don't re-report
+                }
+            }
+            // Check last function
+            if (currentFunc && (lines.length - funcStart) > 50) {
+                results.push(`  [!] ${filePath}:${funcStart + 1} "${currentFunc}" is ${lines.length - funcStart} lines long`);
+            }
+            // File-level checks
+            if (lines.length > 500) {
+                results.push(`  [i] ${filePath}: ${lines.length} lines — consider splitting into modules`);
+            }
+        }
+        catch { /* skip */ }
+    }
+    analyzeDir(dir, results) {
+        const skip = new Set(['node_modules', '.git', 'dist', 'build', 'coverage']);
+        let entries;
+        try {
+            entries = fs.readdirSync(dir, { withFileTypes: true });
+        }
+        catch {
+            return;
+        }
+        for (const entry of entries) {
+            if (entry.name.startsWith('.') || skip.has(entry.name))
+                continue;
+            const full = path.join(dir, entry.name);
+            if (entry.isDirectory())
+                this.analyzeDir(full, results);
+            else
+                this.analyzeFileComplexity(full, results);
+        }
+    }
+}
+exports.CodeReviewTool = CodeReviewTool;
+//# sourceMappingURL=code-review.js.map

package/dist/tools/database.d.ts

@@ -0,0 +1,35 @@
+import { Tool } from '../types';
+export declare class DatabaseTool implements Tool {
+    name: string;
+    description: string;
+    permission: Tool['permission'];
+    parameters: {
+        type: string;
+        properties: {
+            action: {
+                type: string;
+                description: string;
+            };
+            db: {
+                type: string;
+                description: string;
+            };
+            sql: {
+                type: string;
+                description: string;
+            };
+            table: {
+                type: string;
+                description: string;
+            };
+        };
+        required: string[];
+    };
+    execute(args: Record<string, unknown>): Promise<string>;
+    private runQuery;
+    private listTables;
+    private showSchema;
+    private dbInfo;
+    private sqlite;
+}
+//# sourceMappingURL=database.d.ts.map