codebot-ai 1.4.3 → 1.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/dist/agent.d.ts +3 -0
  2. package/dist/agent.js +165 -29
  3. package/dist/audit.d.ts +39 -0
  4. package/dist/audit.js +157 -0
  5. package/dist/cache.d.ts +36 -0
  6. package/dist/cache.js +106 -0
  7. package/dist/cli.js +1 -1
  8. package/dist/history.d.ts +2 -2
  9. package/dist/history.js +43 -17
  10. package/dist/mcp.js +54 -3
  11. package/dist/memory.d.ts +7 -0
  12. package/dist/memory.js +71 -7
  13. package/dist/plugins.d.ts +0 -14
  14. package/dist/plugins.js +27 -14
  15. package/dist/rate-limiter.d.ts +23 -0
  16. package/dist/rate-limiter.js +52 -0
  17. package/dist/secrets.d.ts +26 -0
  18. package/dist/secrets.js +86 -0
  19. package/dist/security.d.ts +18 -0
  20. package/dist/security.js +167 -0
  21. package/dist/tools/batch-edit.js +20 -1
  22. package/dist/tools/browser.js +18 -3
  23. package/dist/tools/code-analysis.d.ts +1 -0
  24. package/dist/tools/code-analysis.js +1 -0
  25. package/dist/tools/code-review.d.ts +1 -0
  26. package/dist/tools/code-review.js +1 -0
  27. package/dist/tools/edit.js +29 -5
  28. package/dist/tools/execute.js +53 -1
  29. package/dist/tools/glob.d.ts +1 -0
  30. package/dist/tools/glob.js +1 -0
  31. package/dist/tools/grep.d.ts +1 -0
  32. package/dist/tools/grep.js +1 -0
  33. package/dist/tools/image-info.d.ts +1 -0
  34. package/dist/tools/image-info.js +1 -0
  35. package/dist/tools/package-manager.js +36 -0
  36. package/dist/tools/read.d.ts +1 -0
  37. package/dist/tools/read.js +1 -0
  38. package/dist/tools/web-fetch.js +42 -2
  39. package/dist/tools/write.js +17 -1
  40. package/dist/types.d.ts +2 -0
  41. package/package.json +1 -1
package/dist/tools/write.js CHANGED
@@ -37,6 +37,8 @@ exports.WriteFileTool = void 0;
37
37
  const fs = __importStar(require("fs"));
38
38
  const path = __importStar(require("path"));
39
39
  const os = __importStar(require("os"));
40
+ const security_1 = require("../security");
41
+ const secrets_1 = require("../secrets");
40
42
  const UNDO_DIR = path.join(os.homedir(), '.codebot', 'undo');
41
43
  class WriteFileTool {
42
44
  name = 'write_file';
@@ -60,6 +62,20 @@ class WriteFileTool {
60
62
  const filePath = path.resolve(args.path);
61
63
  const content = String(args.content);
62
64
  const dir = path.dirname(filePath);
65
+ // Security: path safety check
66
+ const projectRoot = process.cwd();
67
+ const safety = (0, security_1.isPathSafe)(filePath, projectRoot);
68
+ if (!safety.safe) {
69
+ return `Error: ${safety.reason}`;
70
+ }
71
+ // Security: secret detection (warn but don't block)
72
+ const secrets = (0, secrets_1.scanForSecrets)(content);
73
+ let warning = '';
74
+ if (secrets.length > 0) {
75
+ warning = `\n\n⚠️ WARNING: ${secrets.length} potential secret(s) detected:\n` +
76
+ secrets.map(s => ` Line ${s.line}: ${s.type} — ${s.snippet}`).join('\n') +
77
+ '\nConsider using environment variables instead of hardcoding secrets.';
78
+ }
63
79
  if (!fs.existsSync(dir)) {
64
80
  fs.mkdirSync(dir, { recursive: true });
65
81
  }
@@ -74,7 +90,7 @@ class WriteFileTool {
74
90
  }
75
91
  fs.writeFileSync(filePath, content, 'utf-8');
76
92
  const lines = content.split('\n').length;
77
- return `${existed ? 'Overwrote' : 'Created'} ${filePath} (${lines} lines, ${content.length} bytes)`;
93
+ return `${existed ? 'Overwrote' : 'Created'} ${filePath} (${lines} lines, ${content.length} bytes)${warning}`;
78
94
  }
79
95
  saveSnapshot(filePath, content) {
80
96
  try {
package/dist/types.d.ts CHANGED
@@ -23,6 +23,7 @@ export interface Tool {
23
23
  description: string;
24
24
  parameters: Record<string, unknown>;
25
25
  permission: 'auto' | 'prompt' | 'always-ask';
26
+ cacheable?: boolean;
26
27
  execute(args: Record<string, unknown>): Promise<string>;
27
28
  }
28
29
  export interface ProviderConfig {
@@ -78,5 +79,6 @@ export interface Config {
78
79
  maxIterations: number;
79
80
  autoApprove: boolean;
80
81
  contextBudget?: number;
82
+ projectRoot?: string;
81
83
  }
82
84
  //# sourceMappingURL=types.d.ts.map
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "codebot-ai",
3
- "version": "1.4.3",
3
+ "version": "1.6.0",
4
4
  "description": "Zero-dependency autonomous AI agent. Code, browse, search, automate. Works with any LLM — Ollama, Claude, GPT, Gemini, DeepSeek, Groq, Mistral, Grok.",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",