codebot-ai 1.4.2 → 1.5.0

package/dist/agent.d.ts

@@ -7,6 +7,8 @@ export declare class Agent {
     private maxIterations;
     private autoApprove;
     private model;
+    private cache;
+    private rateLimiter;
     private askPermission;
     private onMessage?;
     constructor(opts: {

package/dist/agent.js

@@ -43,6 +43,51 @@ const repo_map_1 = require("./context/repo-map");
 const memory_1 = require("./memory");
 const registry_1 = require("./providers/registry");
 const plugins_1 = require("./plugins");
+const cache_1 = require("./cache");
+const rate_limiter_1 = require("./rate-limiter");
+/** Lightweight schema validation — returns error string or null if valid */
+function validateToolArgs(args, schema) {
+    const props = schema.properties;
+    const required = schema.required;
+    if (!props)
+        return null;
+    // Check required fields exist
+    if (required) {
+        for (const field of required) {
+            if (args[field] === undefined || args[field] === null) {
+                return `missing required field '${field}'`;
+            }
+        }
+    }
+    // Check types match for provided fields
+    for (const [key, value] of Object.entries(args)) {
+        const propSchema = props[key];
+        if (!propSchema)
+            continue; // extra fields are OK
+        const expectedType = propSchema.type;
+        if (!expectedType)
+            continue;
+        const actualType = Array.isArray(value) ? 'array' : typeof value;
+        if (expectedType === 'string' && actualType !== 'string') {
+            return `field '${key}' expected string, got ${actualType}`;
+        }
+        if (expectedType === 'number' && actualType !== 'number') {
+            return `field '${key}' expected number, got ${actualType}`;
+        }
+        if (expectedType === 'boolean' && actualType !== 'boolean') {
+            return `field '${key}' expected boolean, got ${actualType}`;
+        }
+        if (expectedType === 'array' && !Array.isArray(value)) {
+            return `field '${key}' expected array, got ${actualType}`;
+        }
+        if (expectedType === 'object' && (actualType !== 'object' || Array.isArray(value))) {
+            return `field '${key}' expected object, got ${actualType}`;
+        }
+    }
+    return null;
+}
+/** Tools that use shared global state and must not run concurrently */
+const SEQUENTIAL_TOOLS = new Set(['browser']);
 class Agent {
     provider;
     tools;
@@ -51,6 +96,8 @@ class Agent {
     maxIterations;
     autoApprove;
     model;
+    cache;
+    rateLimiter;
     askPermission;
     onMessage;
     constructor(opts) {
@@ -62,6 +109,8 @@ class Agent {
         this.autoApprove = opts.autoApprove || false;
         this.askPermission = opts.askPermission || defaultAskPermission;
         this.onMessage = opts.onMessage;
+        this.cache = new cache_1.ToolCache();
+        this.rateLimiter = new rate_limiter_1.RateLimiter();
         // Load plugins
         try {
             const plugins = (0, plugins_1.loadPlugins)(process.cwd());
@@ -179,16 +228,12 @@ class Agent {
                 yield { type: 'done' };
                 return;
             }
-            // Execute each tool call
+            const prepared = [];
             for (const tc of toolCalls) {
                 const toolName = tc.function.name;
                 const tool = this.tools.get(toolName);
                 if (!tool) {
-                    const errResult = `Error: Unknown tool "${toolName}"`;
-                    const toolMsg = { role: 'tool', content: errResult, tool_call_id: tc.id };
-                    this.messages.push(toolMsg);
-                    this.onMessage?.(toolMsg);
-                    yield { type: 'tool_result', toolResult: { name: toolName, result: errResult, is_error: true } };
+                    prepared.push({ tc, tool: null, args: {}, denied: false, error: `Error: Unknown tool "${toolName}"` });
                     continue;
                 }
                 let args;
@@ -196,41 +241,111 @@ class Agent {
                     args = JSON.parse(tc.function.arguments);
                 }
                 catch {
-                    const errResult = `Error: Invalid JSON arguments for ${toolName}`;
-                    const toolMsg = { role: 'tool', content: errResult, tool_call_id: tc.id };
-                    this.messages.push(toolMsg);
-                    this.onMessage?.(toolMsg);
-                    yield { type: 'tool_result', toolResult: { name: toolName, result: errResult, is_error: true } };
+                    prepared.push({ tc, tool, args: {}, denied: false, error: `Error: Invalid JSON arguments for ${toolName}` });
+                    continue;
+                }
+                // Arg validation against schema
+                const validationError = validateToolArgs(args, tool.parameters);
+                if (validationError) {
+                    prepared.push({ tc, tool, args, denied: false, error: `Error: ${validationError} for ${toolName}` });
                     continue;
                 }
                 yield { type: 'tool_call', toolCall: { name: toolName, args } };
-                // Permission check
+                // Permission check (sequential — needs user interaction)
                 const needsPermission = tool.permission === 'always-ask' ||
                     (tool.permission === 'prompt' && !this.autoApprove);
+                let denied = false;
                 if (needsPermission) {
                     const approved = await this.askPermission(toolName, args);
                     if (!approved) {
-                        const toolMsg = { role: 'tool', content: 'Permission denied by user.', tool_call_id: tc.id };
-                        this.messages.push(toolMsg);
-                        this.onMessage?.(toolMsg);
-                        yield { type: 'tool_result', toolResult: { name: toolName, result: 'Permission denied.' } };
-                        continue;
+                        denied = true;
                     }
                 }
-                // Execute
+                prepared.push({ tc, tool, args, denied });
+            }
+            const results = new Array(prepared.length);
+            // Immediately resolve errors and denials
+            const toExecute = [];
+            for (let idx = 0; idx < prepared.length; idx++) {
+                const prep = prepared[idx];
+                if (prep.error) {
+                    results[idx] = { content: prep.error, is_error: true };
+                }
+                else if (prep.denied) {
+                    results[idx] = { content: 'Permission denied by user.' };
+                }
+                else {
+                    toExecute.push({ index: idx, prep });
+                }
+            }
+            // Split into parallel-safe and sequential (browser) groups
+            const parallelBatch = [];
+            const sequentialBatch = [];
+            for (const item of toExecute) {
+                if (SEQUENTIAL_TOOLS.has(item.prep.tc.function.name)) {
+                    sequentialBatch.push(item);
+                }
+                else {
+                    parallelBatch.push(item);
+                }
+            }
+            // Helper to execute a single tool with cache + rate limiting
+            const executeTool = async (prep) => {
+                const toolName = prep.tc.function.name;
+                // Check cache first
+                if (prep.tool.cacheable) {
+                    const cacheKey = cache_1.ToolCache.key(toolName, prep.args);
+                    const cached = this.cache.get(cacheKey);
+                    if (cached !== null) {
+                        return { content: cached };
+                    }
+                }
+                // Rate limit
+                await this.rateLimiter.throttle(toolName);
                 try {
-                    const output = await tool.execute(args);
-                    const toolMsg = { role: 'tool', content: output, tool_call_id: tc.id };
-                    this.messages.push(toolMsg);
-                    this.onMessage?.(toolMsg);
-                    yield { type: 'tool_result', toolResult: { name: toolName, result: output } };
+                    const output = await prep.tool.execute(prep.args);
+                    // Store in cache for cacheable tools
+                    if (prep.tool.cacheable) {
+                        const ttl = cache_1.ToolCache.TTL[toolName] || 30_000;
+                        this.cache.set(cache_1.ToolCache.key(toolName, prep.args), output, ttl);
+                    }
+                    // Invalidate cache on write operations
+                    if (toolName === 'write_file' || toolName === 'edit_file' || toolName === 'batch_edit') {
+                        const filePath = prep.args.path;
+                        if (filePath)
+                            this.cache.invalidate(filePath);
+                    }
+                    return { content: output };
                 }
                 catch (err) {
                     const errMsg = err instanceof Error ? err.message : String(err);
-                    const toolMsg = { role: 'tool', content: `Error: ${errMsg}`, tool_call_id: tc.id };
-                    this.messages.push(toolMsg);
-                    this.onMessage?.(toolMsg);
-                    yield { type: 'tool_result', toolResult: { name: toolName, result: errMsg, is_error: true } };
+                    return { content: `Error: ${errMsg}`, is_error: true };
+                }
+            };
+            // Execute parallel batch concurrently
+            if (parallelBatch.length > 0) {
+                const promises = parallelBatch.map(async ({ index, prep }) => {
+                    results[index] = await executeTool(prep);
+                });
+                await Promise.allSettled(promises);
+            }
+            // Execute sequential batch one at a time
+            for (const { index, prep } of sequentialBatch) {
+                results[index] = await executeTool(prep);
+            }
+            // ── Phase 3: Push results in original order + yield events ──
+            for (let idx = 0; idx < prepared.length; idx++) {
+                const prep = prepared[idx];
+                const output = results[idx] || { content: 'Error: execution failed', is_error: true };
+                const toolName = prep.tc.function.name;
+                const toolMsg = { role: 'tool', content: output.content, tool_call_id: prep.tc.id };
+                this.messages.push(toolMsg);
+                this.onMessage?.(toolMsg);
+                if (prep.denied) {
+                    yield { type: 'tool_result', toolResult: { name: toolName, result: 'Permission denied.' } };
+                }
+                else {
+                    yield { type: 'tool_result', toolResult: { name: toolName, result: output.content, is_error: output.is_error } };
                 }
             }
             // Compact after tool results if needed
@@ -391,6 +506,7 @@ ${this.tools.all().map(t => `- ${t.name}: ${t.description}`).join('\n')}`;
     }
 }
 exports.Agent = Agent;
+const PERMISSION_TIMEOUT_MS = 30_000;
 async function defaultAskPermission(tool, args) {
     const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
     const summary = Object.entries(args)
@@ -399,11 +515,19 @@ async function defaultAskPermission(tool, args) {
         return `  ${k}: ${val}`;
     })
         .join('\n');
-    return new Promise(resolve => {
-        rl.question(`\n⚡ ${tool}\n${summary}\nAllow? [y/N] `, answer => {
+    const userResponse = new Promise(resolve => {
+        rl.question(`\n⚡ ${tool}\n${summary}\nAllow? [y/N] (${PERMISSION_TIMEOUT_MS / 1000}s timeout) `, answer => {
             rl.close();
             resolve(answer.toLowerCase().startsWith('y'));
         });
     });
+    const timeout = new Promise(resolve => {
+        setTimeout(() => {
+            rl.close();
+            process.stdout.write('\n⏱ Permission timed out — denied by default.\n');
+            resolve(false);
+        }, PERMISSION_TIMEOUT_MS);
+    });
+    return Promise.race([userResponse, timeout]);
 }
 //# sourceMappingURL=agent.js.map

package/dist/cache.d.ts

@@ -0,0 +1,36 @@
+/**
+ * LRU Tool Result Cache with TTL
+ *
+ * Caches results from read-only tools (read_file, grep, glob, etc.)
+ * to avoid redundant I/O. Invalidates on writes to affected paths.
+ *
+ * @since v1.5.0
+ */
+export declare class ToolCache {
+    private cache;
+    private maxSize;
+    private currentSize;
+    /** Default TTLs per tool (ms) */
+    static readonly TTL: Record<string, number>;
+    constructor(maxSizeBytes?: number);
+    /** Build a deterministic cache key from tool name + sorted args */
+    static key(toolName: string, args: Record<string, unknown>): string;
+    /** Get a cached value, or null if expired/missing */
+    get(key: string): string | null;
+    /** Store a value with TTL */
+    set(key: string, value: string, ttlMs: number): void;
+    /** Remove a specific key */
+    private delete;
+    /**
+     * Invalidate all cache entries whose key contains the given substring.
+     * Used when a file is written/edited — invalidate any cached reads for that path.
+     */
+    invalidate(pattern: string): void;
+    /** Clear entire cache */
+    clear(): void;
+    /** Number of entries currently cached */
+    get size(): number;
+    /** Total bytes currently cached */
+    get bytes(): number;
+}
+//# sourceMappingURL=cache.d.ts.map

package/dist/cache.js

@@ -0,0 +1,106 @@
+"use strict";
+/**
+ * LRU Tool Result Cache with TTL
+ *
+ * Caches results from read-only tools (read_file, grep, glob, etc.)
+ * to avoid redundant I/O. Invalidates on writes to affected paths.
+ *
+ * @since v1.5.0
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ToolCache = void 0;
+class ToolCache {
+    cache = new Map();
+    maxSize;
+    currentSize = 0;
+    /** Default TTLs per tool (ms) */
+    static TTL = {
+        read_file: 30_000,
+        grep: 30_000,
+        glob: 30_000,
+        code_analysis: 60_000,
+        code_review: 60_000,
+        image_info: 60_000,
+    };
+    constructor(maxSizeBytes = 50 * 1024 * 1024) {
+        this.maxSize = maxSizeBytes;
+    }
+    /** Build a deterministic cache key from tool name + sorted args */
+    static key(toolName, args) {
+        const sorted = Object.keys(args)
+            .sort()
+            .map(k => `${k}=${JSON.stringify(args[k])}`)
+            .join('&');
+        return `${toolName}:${sorted}`;
+    }
+    /** Get a cached value, or null if expired/missing */
+    get(key) {
+        const entry = this.cache.get(key);
+        if (!entry)
+            return null;
+        if (Date.now() > entry.expires) {
+            this.delete(key);
+            return null;
+        }
+        // Move to end (most recently used) — Map preserves insertion order
+        this.cache.delete(key);
+        this.cache.set(key, entry);
+        return entry.value;
+    }
+    /** Store a value with TTL */
+    set(key, value, ttlMs) {
+        // Delete existing entry first (update size tracking)
+        this.delete(key);
+        const size = key.length + value.length;
+        // Don't cache if single entry exceeds 10% of max
+        if (size > this.maxSize * 0.1)
+            return;
+        // Evict LRU entries until we have room
+        while (this.currentSize + size > this.maxSize && this.cache.size > 0) {
+            const oldest = this.cache.keys().next().value;
+            if (oldest !== undefined) {
+                this.delete(oldest);
+            }
+        }
+        this.cache.set(key, {
+            value,
+            expires: Date.now() + ttlMs,
+            size,
+        });
+        this.currentSize += size;
+    }
+    /** Remove a specific key */
+    delete(key) {
+        const entry = this.cache.get(key);
+        if (entry) {
+            this.currentSize -= entry.size;
+            this.cache.delete(key);
+        }
+    }
+    /**
+     * Invalidate all cache entries whose key contains the given substring.
+     * Used when a file is written/edited — invalidate any cached reads for that path.
+     */
+    invalidate(pattern) {
+        for (const key of [...this.cache.keys()]) {
+            if (key.includes(pattern)) {
+                this.delete(key);
+            }
+        }
+    }
+    /** Clear entire cache */
+    clear() {
+        this.cache.clear();
+        this.currentSize = 0;
+    }
+    /** Number of entries currently cached */
+    get size() {
+        return this.cache.size;
+    }
+    /** Total bytes currently cached */
+    get bytes() {
+        return this.currentSize;
+    }
+}
+exports.ToolCache = ToolCache;
+//# sourceMappingURL=cache.js.map

package/dist/cli.js

@@ -44,7 +44,7 @@ const setup_1 = require("./setup");
 const banner_1 = require("./banner");
 const tools_1 = require("./tools");
 const scheduler_1 = require("./scheduler");
-const VERSION = '1.4.2';
+const VERSION = '1.5.0';
 // Session-wide token tracking
 let sessionTokens = { input: 0, output: 0, total: 0 };
 const C = {

package/dist/context/manager.d.ts

@@ -14,9 +14,16 @@ export declare class ContextManager {
     availableTokens(): number;
     /** Check if messages fit within budget */
     fitsInBudget(messages: Message[]): boolean;
-    /** Compact conversation by dropping old messages and inserting a summary placeholder */
+    /**
+     * Group messages into atomic blocks that must never be split.
+     * An assistant message with tool_calls + its following tool responses = one block.
+     * All other messages are individual blocks.
+     * This prevents compaction from creating orphaned tool messages.
+     */
+    private groupMessages;
+    /** Compact conversation by dropping old messages. Never splits tool_call groups. */
     compact(messages: Message[], force?: boolean): Message[];
-    /** Smart compaction: use LLM to summarize dropped messages instead of just discarding */
+    /** Smart compaction: use LLM to summarize dropped messages. Never splits tool_call groups. */
     compactWithSummary(messages: Message[]): Promise<{
         messages: Message[];
         summary: string;

package/dist/context/manager.js

@@ -29,23 +29,55 @@ class ContextManager {
         const total = messages.reduce((sum, m) => sum + this.estimateTokens(m.content), 0);
         return total <= this.availableTokens();
     }
-    /** Compact conversation by dropping old messages and inserting a summary placeholder */
+    /**
+     * Group messages into atomic blocks that must never be split.
+     * An assistant message with tool_calls + its following tool responses = one block.
+     * All other messages are individual blocks.
+     * This prevents compaction from creating orphaned tool messages.
+     */
+    groupMessages(messages) {
+        const groups = [];
+        let i = 0;
+        while (i < messages.length) {
+            const msg = messages[i];
+            if (msg.role === 'assistant' && msg.tool_calls?.length) {
+                // Start of a tool_call group — keep assistant + all following tool messages together
+                const group = [msg];
+                i++;
+                while (i < messages.length && messages[i].role === 'tool') {
+                    group.push(messages[i]);
+                    i++;
+                }
+                groups.push(group);
+            }
+            else {
+                groups.push([msg]);
+                i++;
+            }
+        }
+        return groups;
+    }
+    /** Compact conversation by dropping old messages. Never splits tool_call groups. */
     compact(messages, force = false) {
         if (!force && this.fitsInBudget(messages))
             return messages;
         const system = messages[0]?.role === 'system' ? messages[0] : null;
         const rest = system ? messages.slice(1) : [...messages];
-        // Keep recent messages that fit within 80% of budget
-        const kept = [];
+        // Group messages into atomic blocks (assistant + tool responses stay together)
+        const groups = this.groupMessages(rest);
+        // Keep recent groups that fit within 80% of budget
+        const keptGroups = [];
         let tokenCount = 0;
         const budget = this.availableTokens();
-        for (let i = rest.length - 1; i >= 0; i--) {
-            const msgTokens = this.estimateTokens(rest[i].content);
-            if (tokenCount + msgTokens > budget * 0.8)
+        for (let i = groups.length - 1; i >= 0; i--) {
+            const group = groups[i];
+            const groupTokens = group.reduce((sum, m) => sum + this.estimateTokens(m.content), 0);
+            if (tokenCount + groupTokens > budget * 0.8)
                 break;
-            kept.unshift(rest[i]);
-            tokenCount += msgTokens;
+            keptGroups.unshift(group);
+            tokenCount += groupTokens;
         }
+        const kept = keptGroups.flat();
         const dropped = rest.length - kept.length;
         if (dropped > 0) {
             kept.unshift({
@@ -57,21 +89,25 @@ class ContextManager {
             kept.unshift(system);
         return kept;
     }
-    /** Smart compaction: use LLM to summarize dropped messages instead of just discarding */
+    /** Smart compaction: use LLM to summarize dropped messages. Never splits tool_call groups. */
     async compactWithSummary(messages) {
         const system = messages[0]?.role === 'system' ? messages[0] : null;
         const rest = system ? messages.slice(1) : [...messages];
-        // Determine which messages to keep vs summarize
-        const kept = [];
+        // Group messages into atomic blocks
+        const groups = this.groupMessages(rest);
+        // Keep recent groups that fit within 80% of budget
+        const keptGroups = [];
         let tokenCount = 0;
         const budget = this.availableTokens();
-        for (let i = rest.length - 1; i >= 0; i--) {
-            const msgTokens = this.estimateTokens(rest[i].content);
-            if (tokenCount + msgTokens > budget * 0.8)
+        for (let i = groups.length - 1; i >= 0; i--) {
+            const group = groups[i];
+            const groupTokens = group.reduce((sum, m) => sum + this.estimateTokens(m.content), 0);
+            if (tokenCount + groupTokens > budget * 0.8)
                 break;
-            kept.unshift(rest[i]);
-            tokenCount += msgTokens;
+            keptGroups.unshift(group);
+            tokenCount += groupTokens;
         }
+        const kept = keptGroups.flat();
         const droppedCount = rest.length - kept.length;
         if (droppedCount === 0) {
             return { messages, summary: '' };

package/dist/history.d.ts

@@ -15,9 +15,9 @@ export declare class SessionManager {
     getId(): string;
     /** Append a message to the session file */
     save(message: Message): void;
-    /** Save all messages (overwrite) */
+    /** Save all messages (atomic overwrite via temp file + rename) */
     saveAll(messages: Message[]): void;
-    /** Load messages from a session file */
+    /** Load messages from a session file (skips malformed lines) */
     load(): Message[];
     /** List recent sessions */
     static list(limit?: number): SessionMeta[];

package/dist/history.js

@@ -54,31 +54,57 @@ class SessionManager {
     }
     /** Append a message to the session file */
     save(message) {
-        const line = JSON.stringify({
-            ...message,
-            _ts: new Date().toISOString(),
-            _model: this.model,
-        });
-        fs.appendFileSync(this.filePath, line + '\n');
+        try {
+            const line = JSON.stringify({
+                ...message,
+                _ts: new Date().toISOString(),
+                _model: this.model,
+            });
+            fs.appendFileSync(this.filePath, line + '\n');
+        }
+        catch {
+            // Don't crash on write failure — session persistence is best-effort
+        }
     }
-    /** Save all messages (overwrite) */
+    /** Save all messages (atomic overwrite via temp file + rename) */
     saveAll(messages) {
-        const lines = messages.map(m => JSON.stringify({ ...m, _ts: new Date().toISOString(), _model: this.model }));
-        fs.writeFileSync(this.filePath, lines.join('\n') + '\n');
+        try {
+            const lines = messages.map(m => JSON.stringify({ ...m, _ts: new Date().toISOString(), _model: this.model }));
+            const tmpPath = this.filePath + '.tmp';
+            fs.writeFileSync(tmpPath, lines.join('\n') + '\n');
+            fs.renameSync(tmpPath, this.filePath);
+        }
+        catch {
+            // Don't crash — session persistence is best-effort
+        }
     }
-    /** Load messages from a session file */
+    /** Load messages from a session file (skips malformed lines) */
     load() {
         if (!fs.existsSync(this.filePath))
             return [];
-        const content = fs.readFileSync(this.filePath, 'utf-8').trim();
+        let content;
+        try {
+            content = fs.readFileSync(this.filePath, 'utf-8').trim();
+        }
+        catch {
+            return [];
+        }
         if (!content)
             return [];
-        return content.split('\n').map(line => {
-            const obj = JSON.parse(line);
-            delete obj._ts;
-            delete obj._model;
-            return obj;
-        });
+        const messages = [];
+        for (const line of content.split('\n')) {
+            try {
+                const obj = JSON.parse(line);
+                delete obj._ts;
+                delete obj._model;
+                messages.push(obj);
+            }
+            catch {
+                // Skip malformed line — don't crash the whole load
+                continue;
+            }
+        }
+        return messages;
     }
     /** List recent sessions */
     static list(limit = 10) {

package/dist/rate-limiter.d.ts

@@ -0,0 +1,23 @@
+/**
+ * Per-tool Rate Limiter
+ *
+ * Simple sliding-window throttle that enforces minimum intervals between
+ * calls to the same tool. Prevents hammering web services and self-DOS.
+ *
+ * @since v1.5.0
+ */
+export declare class RateLimiter {
+    private lastCall;
+    /** Minimum interval (ms) between calls per tool */
+    private limits;
+    constructor(overrides?: Record<string, number>);
+    /** Wait if needed to respect the tool's rate limit */
+    throttle(toolName: string): Promise<void>;
+    /** Get the configured limit for a tool (0 = no limit) */
+    getLimit(toolName: string): number;
+    /** Update a tool's rate limit at runtime */
+    setLimit(toolName: string, intervalMs: number): void;
+    /** Reset all tracking (useful for tests) */
+    reset(): void;
+}
+//# sourceMappingURL=rate-limiter.d.ts.map

package/dist/rate-limiter.js

@@ -0,0 +1,52 @@
+"use strict";
+/**
+ * Per-tool Rate Limiter
+ *
+ * Simple sliding-window throttle that enforces minimum intervals between
+ * calls to the same tool. Prevents hammering web services and self-DOS.
+ *
+ * @since v1.5.0
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RateLimiter = void 0;
+class RateLimiter {
+    lastCall = new Map();
+    /** Minimum interval (ms) between calls per tool */
+    limits = {
+        browser: 200,
+        web_fetch: 500,
+        web_search: 1000,
+        execute: 100,
+    };
+    constructor(overrides) {
+        if (overrides) {
+            Object.assign(this.limits, overrides);
+        }
+    }
+    /** Wait if needed to respect the tool's rate limit */
+    async throttle(toolName) {
+        const limit = this.limits[toolName];
+        if (!limit)
+            return; // no limit for this tool
+        const last = this.lastCall.get(toolName) || 0;
+        const elapsed = Date.now() - last;
+        if (elapsed < limit) {
+            await new Promise(resolve => setTimeout(resolve, limit - elapsed));
+        }
+        this.lastCall.set(toolName, Date.now());
+    }
+    /** Get the configured limit for a tool (0 = no limit) */
+    getLimit(toolName) {
+        return this.limits[toolName] || 0;
+    }
+    /** Update a tool's rate limit at runtime */
+    setLimit(toolName, intervalMs) {
+        this.limits[toolName] = intervalMs;
+    }
+    /** Reset all tracking (useful for tests) */
+    reset() {
+        this.lastCall.clear();
+    }
+}
+exports.RateLimiter = RateLimiter;
+//# sourceMappingURL=rate-limiter.js.map

package/dist/tools/browser.js

@@ -42,6 +42,7 @@ const fs = __importStar(require("fs"));
 // Shared browser instance across tool calls
 let client = null;
 let debugPort = 9222;
+let connectingPromise = null;
 const CHROME_DATA_DIR = path.join(os.homedir(), '.codebot', 'chrome-profile');
 /** Kill any Chrome using our debug port or data dir (but NEVER kill ourselves) */
 function killExistingChrome() {
@@ -71,8 +72,21 @@ function killExistingChrome() {
     }
 }
 async function ensureConnected() {
+    // Fast path: already connected
     if (client?.isConnected())
         return client;
+    // Mutex: if another call is already connecting, reuse that promise
+    if (connectingPromise)
+        return connectingPromise;
+    connectingPromise = doConnect();
+    try {
+        return await connectingPromise;
+    }
+    finally {
+        connectingPromise = null;
+    }
+}
+async function doConnect() {
     // Try connecting to existing Chrome with debug port
     try {
         const wsUrl = await (0, cdp_1.getDebuggerUrl)(debugPort);
@@ -172,10 +186,11 @@ async function ensureConnected() {
             'Or on macOS:\n' +
             `  /Applications/Google\\ Chrome.app/Contents/MacOS/Google\\ Chrome --remote-debugging-port=${debugPort}`);
     }
-    // Wait for Chrome to start
-    for (let i = 0; i < 10; i++) {
+    // Wait for Chrome to start — exponential backoff: 500ms, 1s, 2s, 4s
+    const backoffDelays = [500, 1000, 2000, 4000, 4000, 4000];
+    for (let i = 0; i < backoffDelays.length; i++) {
         try {
-            await new Promise(r => setTimeout(r, 500));
+            await new Promise(r => setTimeout(r, backoffDelays[i]));
             const wsUrl = await (0, cdp_1.getDebuggerUrl)(debugPort);
             client = new cdp_1.CDPClient();
             await client.connect(wsUrl);

package/dist/tools/code-analysis.d.ts

@@ -3,6 +3,7 @@ export declare class CodeAnalysisTool implements Tool {
     name: string;
     description: string;
     permission: Tool['permission'];
+    cacheable: boolean;
     parameters: {
         type: string;
         properties: {

package/dist/tools/code-analysis.js

@@ -40,6 +40,7 @@ class CodeAnalysisTool {
     name = 'code_analysis';
     description = 'Analyze code structure. Actions: symbols (list classes/functions/exports), imports (list imports), outline (file structure), references (find where a symbol is used).';
     permission = 'auto';
+    cacheable = true;
     parameters = {
         type: 'object',
         properties: {

package/dist/tools/code-review.d.ts

@@ -3,6 +3,7 @@ export declare class CodeReviewTool implements Tool {
     name: string;
     description: string;
     permission: Tool['permission'];
+    cacheable: boolean;
     parameters: {
         type: string;
         properties: {

package/dist/tools/code-review.js

@@ -52,6 +52,7 @@ class CodeReviewTool {
     name = 'code_review';
     description = 'Review code for security issues, complexity, and code smells. Actions: security, complexity, review (full).';
     permission = 'auto';
+    cacheable = true;
     parameters = {
         type: 'object',
         properties: {

package/dist/tools/glob.d.ts

@@ -3,6 +3,7 @@ export declare class GlobTool implements Tool {
     name: string;
     description: string;
     permission: Tool['permission'];
+    cacheable: boolean;
     parameters: {
         type: string;
         properties: {

package/dist/tools/glob.js

@@ -40,6 +40,7 @@ class GlobTool {
     name = 'glob';
     description = 'Find files matching a glob pattern. Returns matching file paths relative to the search directory.';
     permission = 'auto';
+    cacheable = true;
     parameters = {
         type: 'object',
         properties: {

package/dist/tools/grep.d.ts

@@ -3,6 +3,7 @@ export declare class GrepTool implements Tool {
     name: string;
     description: string;
     permission: Tool['permission'];
+    cacheable: boolean;
     parameters: {
         type: string;
         properties: {

package/dist/tools/grep.js

@@ -40,6 +40,7 @@ class GrepTool {
     name = 'grep';
     description = 'Search file contents for a regex pattern. Returns matching lines with file paths and line numbers.';
     permission = 'auto';
+    cacheable = true;
     parameters = {
         type: 'object',
         properties: {

package/dist/tools/image-info.d.ts

@@ -3,6 +3,7 @@ export declare class ImageInfoTool implements Tool {
     name: string;
     description: string;
     permission: Tool['permission'];
+    cacheable: boolean;
     parameters: {
         type: string;
         properties: {

package/dist/tools/image-info.js

@@ -40,6 +40,7 @@ class ImageInfoTool {
     name = 'image_info';
     description = 'Get image file information — dimensions, format, file size. Supports PNG, JPEG, GIF, BMP, SVG.';
     permission = 'auto';
+    cacheable = true;
     parameters = {
         type: 'object',
         properties: {

package/dist/tools/read.d.ts

@@ -3,6 +3,7 @@ export declare class ReadFileTool implements Tool {
     name: string;
     description: string;
     permission: Tool['permission'];
+    cacheable: boolean;
     parameters: {
         type: string;
         properties: {

package/dist/tools/read.js

@@ -40,6 +40,7 @@ class ReadFileTool {
     name = 'read_file';
     description = 'Read the contents of a file. Returns file content with line numbers.';
     permission = 'auto';
+    cacheable = true;
     parameters = {
         type: 'object',
         properties: {

package/dist/types.d.ts

@@ -23,6 +23,7 @@ export interface Tool {
     description: string;
     parameters: Record<string, unknown>;
     permission: 'auto' | 'prompt' | 'always-ask';
+    cacheable?: boolean;
     execute(args: Record<string, unknown>): Promise<string>;
 }
 export interface ProviderConfig {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codebot-ai",
-  "version": "1.4.2",
+  "version": "1.5.0",
   "description": "Zero-dependency autonomous AI agent. Code, browse, search, automate. Works with any LLM — Ollama, Claude, GPT, Gemini, DeepSeek, Groq, Mistral, Grok.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",