codebot-ai 1.5.0 → 1.7.0

package/dist/agent.d.ts

@@ -1,4 +1,7 @@
 import { Message, AgentEvent, LLMProvider } from './types';
+import { AuditLogger } from './audit';
+import { PolicyEnforcer } from './policy';
+import { TokenTracker } from './telemetry';
 export declare class Agent {
     private provider;
     private tools;
@@ -9,11 +12,15 @@ export declare class Agent {
     private model;
     private cache;
     private rateLimiter;
+    private auditLogger;
+    private policyEnforcer;
+    private tokenTracker;
     private askPermission;
     private onMessage?;
     constructor(opts: {
         provider: LLMProvider;
         model: string;
+        providerName?: string;
         maxIterations?: number;
         autoApprove?: boolean;
         askPermission?: (tool: string, args: Record<string, unknown>) => Promise<boolean>;
@@ -30,6 +37,12 @@ export declare class Agent {
         after: number;
     };
     getMessages(): Message[];
+    /** Get the token tracker for session summary / CLI display */
+    getTokenTracker(): TokenTracker;
+    /** Get the policy enforcer for inspection */
+    getPolicyEnforcer(): PolicyEnforcer;
+    /** Get the audit logger for verification */
+    getAuditLogger(): AuditLogger;
     /**
      * Validate and repair message history to prevent OpenAI 400 errors.
      * Handles three types of corruption:

package/dist/agent.js

@@ -45,6 +45,9 @@ const registry_1 = require("./providers/registry");
 const plugins_1 = require("./plugins");
 const cache_1 = require("./cache");
 const rate_limiter_1 = require("./rate-limiter");
+const audit_1 = require("./audit");
+const policy_1 = require("./policy");
+const telemetry_1 = require("./telemetry");
 /** Lightweight schema validation — returns error string or null if valid */
 function validateToolArgs(args, schema) {
     const props = schema.properties;
@@ -98,6 +101,9 @@ class Agent {
     model;
     cache;
     rateLimiter;
+    auditLogger;
+    policyEnforcer;
+    tokenTracker;
     askPermission;
     onMessage;
     constructor(opts) {
@@ -105,12 +111,21 @@ class Agent {
         this.model = opts.model;
         this.tools = new tools_1.ToolRegistry(process.cwd());
         this.context = new manager_1.ContextManager(opts.model, opts.provider);
-        this.maxIterations = opts.maxIterations || 25;
+        // Load policy
+        this.policyEnforcer = new policy_1.PolicyEnforcer((0, policy_1.loadPolicy)(process.cwd()), process.cwd());
+        // Use policy-defined max iterations as default, CLI overrides
+        this.maxIterations = opts.maxIterations || this.policyEnforcer.getMaxIterations();
         this.autoApprove = opts.autoApprove || false;
         this.askPermission = opts.askPermission || defaultAskPermission;
         this.onMessage = opts.onMessage;
         this.cache = new cache_1.ToolCache();
         this.rateLimiter = new rate_limiter_1.RateLimiter();
+        this.auditLogger = new audit_1.AuditLogger();
+        // Token & cost tracking
+        this.tokenTracker = new telemetry_1.TokenTracker(opts.model, opts.providerName || 'unknown');
+        const costLimit = this.policyEnforcer.getCostLimitUsd();
+        if (costLimit > 0)
+            this.tokenTracker.setCostLimit(costLimit);
         // Load plugins
         try {
             const plugins = (0, plugins_1.loadPlugins)(process.cwd());
@@ -177,6 +192,10 @@ class Agent {
                             }
                             break;
                         case 'usage':
+                            // Track tokens and cost
+                            if (event.usage) {
+                                this.tokenTracker.recordUsage(event.usage.inputTokens || 0, event.usage.outputTokens || 0);
+                            }
                             yield { type: 'usage', usage: event.usage };
                             break;
                         case 'error':
@@ -228,6 +247,11 @@ class Agent {
                 yield { type: 'done' };
                 return;
             }
+            // Cost budget check: stop if over limit
+            if (this.tokenTracker.isOverBudget()) {
+                yield { type: 'error', error: `Cost limit exceeded ($${this.tokenTracker.getTotalCost().toFixed(4)} / $${this.policyEnforcer.getCostLimitUsd().toFixed(2)}). Stopping.` };
+                return;
+            }
             const prepared = [];
             for (const tc of toolCalls) {
                 const toolName = tc.function.name;
@@ -236,6 +260,13 @@ class Agent {
                     prepared.push({ tc, tool: null, args: {}, denied: false, error: `Error: Unknown tool "${toolName}"` });
                     continue;
                 }
+                // Policy check: is this tool allowed?
+                const policyCheck = this.policyEnforcer.isToolAllowed(toolName);
+                if (!policyCheck.allowed) {
+                    this.auditLogger.log({ tool: toolName, action: 'policy_block', args: {}, reason: policyCheck.reason });
+                    prepared.push({ tc, tool, args: {}, denied: false, error: `Error: ${policyCheck.reason}` });
+                    continue;
+                }
                 let args;
                 try {
                     args = JSON.parse(tc.function.arguments);
@@ -251,14 +282,17 @@ class Agent {
                     continue;
                 }
                 yield { type: 'tool_call', toolCall: { name: toolName, args } };
-                // Permission check (sequential — needs user interaction)
-                const needsPermission = tool.permission === 'always-ask' ||
-                    (tool.permission === 'prompt' && !this.autoApprove);
+                // Permission check: policy override > tool default
+                const policyPermission = this.policyEnforcer.getToolPermission(toolName);
+                const effectivePermission = policyPermission || tool.permission;
+                const needsPermission = effectivePermission === 'always-ask' ||
+                    (effectivePermission === 'prompt' && !this.autoApprove);
                 let denied = false;
                 if (needsPermission) {
                     const approved = await this.askPermission(toolName, args);
                     if (!approved) {
                         denied = true;
+                        this.auditLogger.log({ tool: toolName, action: 'deny', args, reason: 'User denied permission' });
                     }
                 }
                 prepared.push({ tc, tool, args, denied });
@@ -304,6 +338,13 @@ class Agent {
                 await this.rateLimiter.throttle(toolName);
                 try {
                     const output = await prep.tool.execute(prep.args);
+                    // Audit log: successful execution
+                    this.auditLogger.log({ tool: toolName, action: 'execute', args: prep.args, result: 'success' });
+                    // Telemetry: track tool calls and file modifications
+                    this.tokenTracker.recordToolCall();
+                    if ((toolName === 'write_file' || toolName === 'edit_file' || toolName === 'batch_edit') && prep.args.path) {
+                        this.tokenTracker.recordFileModified(prep.args.path);
+                    }
                     // Store in cache for cacheable tools
                     if (prep.tool.cacheable) {
                         const ttl = cache_1.ToolCache.TTL[toolName] || 30_000;
@@ -315,10 +356,16 @@ class Agent {
                         if (filePath)
                             this.cache.invalidate(filePath);
                     }
+                    // Audit log: check if tool returned a security block
+                    if (output.startsWith('Error: Blocked:') || output.startsWith('Error: CWD')) {
+                        this.auditLogger.log({ tool: toolName, action: 'security_block', args: prep.args, reason: output });
+                    }
                     return { content: output };
                 }
                 catch (err) {
                     const errMsg = err instanceof Error ? err.message : String(err);
+                    // Audit log: error
+                    this.auditLogger.log({ tool: toolName, action: 'error', args: prep.args, result: 'error', reason: errMsg });
                     return { content: `Error: ${errMsg}`, is_error: true };
                 }
             };
@@ -375,6 +422,18 @@ class Agent {
     getMessages() {
         return [...this.messages];
     }
+    /** Get the token tracker for session summary / CLI display */
+    getTokenTracker() {
+        return this.tokenTracker;
+    }
+    /** Get the policy enforcer for inspection */
+    getPolicyEnforcer() {
+        return this.policyEnforcer;
+    }
+    /** Get the audit logger for verification */
+    getAuditLogger() {
+        return this.auditLogger;
+    }
     /**
      * Validate and repair message history to prevent OpenAI 400 errors.
      * Handles three types of corruption:

package/dist/audit.d.ts

@@ -0,0 +1,61 @@
+/**
+ * Audit logger for CodeBot v1.7.0
+ *
+ * Provides append-only JSONL logging of all security-relevant actions.
+ * Logs are stored at ~/.codebot/audit/audit-YYYY-MM-DD.jsonl
+ *
+ * v1.7.0: Hash-chained entries for tamper detection.
+ * Each entry includes a SHA-256 hash of (prevHash + entry content).
+ * Verification walks the chain and detects any modifications.
+ *
+ * NEVER throws — audit failures must not crash the agent.
+ */
+export interface AuditEntry {
+    timestamp: string;
+    sessionId: string;
+    sequence: number;
+    tool: string;
+    action: 'execute' | 'deny' | 'error' | 'security_block' | 'policy_block';
+    args: Record<string, unknown>;
+    result?: string;
+    reason?: string;
+    prevHash: string;
+    hash: string;
+}
+/** Result of verifying an audit chain */
+export interface VerifyResult {
+    valid: boolean;
+    entriesChecked: number;
+    firstInvalidAt?: number;
+    reason?: string;
+}
+export declare class AuditLogger {
+    private logDir;
+    private sessionId;
+    private sequence;
+    private prevHash;
+    constructor(logDir?: string);
+    getSessionId(): string;
+    /** Append a hash-chained audit entry to the log file */
+    log(entry: Omit<AuditEntry, 'timestamp' | 'sessionId' | 'sequence' | 'prevHash' | 'hash'>): void;
+    /** Read log entries, optionally filtered */
+    query(filter?: {
+        tool?: string;
+        action?: string;
+        since?: string;
+        sessionId?: string;
+    }): AuditEntry[];
+    /**
+     * Verify the hash chain integrity of audit entries.
+     * Walks through entries for a given session and checks each hash.
+     */
+    static verify(entries: AuditEntry[]): VerifyResult;
+    /**
+     * Verify all entries for a given session.
+     */
+    verifySession(sessionId?: string): VerifyResult;
+    private getLogFilePath;
+    private rotateIfNeeded;
+    private sanitizeArgs;
+}
+//# sourceMappingURL=audit.d.ts.map

package/dist/audit.js

@@ -0,0 +1,231 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuditLogger = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const crypto = __importStar(require("crypto"));
+const secrets_1 = require("./secrets");
+const MAX_LOG_SIZE = 10 * 1024 * 1024; // 10MB before rotation
+const MAX_ARG_LENGTH = 500;
+const GENESIS_HASH = 'genesis';
+class AuditLogger {
+    logDir;
+    sessionId;
+    sequence = 0;
+    prevHash = GENESIS_HASH;
+    constructor(logDir) {
+        this.logDir = logDir || path.join(os.homedir(), '.codebot', 'audit');
+        this.sessionId = `${Date.now()}-${Math.random().toString(36).substring(2, 8)}`;
+        try {
+            fs.mkdirSync(this.logDir, { recursive: true });
+        }
+        catch {
+            // Can't create dir — logging will be disabled
+        }
+    }
+    getSessionId() {
+        return this.sessionId;
+    }
+    /** Append a hash-chained audit entry to the log file */
+    log(entry) {
+        try {
+            this.sequence++;
+            // Build entry without hash first (hash is computed over the other fields)
+            const partial = {
+                timestamp: new Date().toISOString(),
+                sessionId: this.sessionId,
+                sequence: this.sequence,
+                tool: entry.tool,
+                action: entry.action,
+                args: this.sanitizeArgs(entry.args),
+                result: entry.result,
+                reason: entry.reason,
+                prevHash: this.prevHash,
+            };
+            // Compute hash: SHA-256 of (prevHash + JSON of partial entry)
+            const hashInput = this.prevHash + JSON.stringify(partial);
+            const hash = crypto.createHash('sha256').update(hashInput).digest('hex');
+            const fullEntry = { ...partial, hash };
+            this.prevHash = hash;
+            const logFile = this.getLogFilePath();
+            const line = JSON.stringify(fullEntry) + '\n';
+            this.rotateIfNeeded(logFile);
+            fs.appendFileSync(logFile, line, 'utf-8');
+        }
+        catch {
+            // Audit failures must NEVER crash the agent
+        }
+    }
+    /** Read log entries, optionally filtered */
+    query(filter) {
+        const entries = [];
+        try {
+            const files = fs.readdirSync(this.logDir)
+                .filter(f => f.startsWith('audit-') && f.endsWith('.jsonl'))
+                .sort();
+            for (const file of files) {
+                const content = fs.readFileSync(path.join(this.logDir, file), 'utf-8');
+                for (const line of content.split('\n')) {
+                    if (!line.trim())
+                        continue;
+                    try {
+                        const entry = JSON.parse(line);
+                        if (filter?.tool && entry.tool !== filter.tool)
+                            continue;
+                        if (filter?.action && entry.action !== filter.action)
+                            continue;
+                        if (filter?.since && entry.timestamp < filter.since)
+                            continue;
+                        if (filter?.sessionId && entry.sessionId !== filter.sessionId)
+                            continue;
+                        entries.push(entry);
+                    }
+                    catch { /* skip malformed */ }
+                }
+            }
+        }
+        catch {
+            // Can't read logs
+        }
+        return entries;
+    }
+    /**
+     * Verify the hash chain integrity of audit entries.
+     * Walks through entries for a given session and checks each hash.
+     */
+    static verify(entries) {
+        if (entries.length === 0) {
+            return { valid: true, entriesChecked: 0 };
+        }
+        // Sort by sequence
+        const sorted = [...entries].sort((a, b) => a.sequence - b.sequence);
+        for (let i = 0; i < sorted.length; i++) {
+            const entry = sorted[i];
+            // Check sequence continuity
+            if (i === 0 && entry.prevHash !== GENESIS_HASH) {
+                // First entry should reference genesis (unless it's a continuation)
+                // Allow non-genesis for continuation of previous sessions
+            }
+            // Recompute hash
+            const partial = {
+                timestamp: entry.timestamp,
+                sessionId: entry.sessionId,
+                sequence: entry.sequence,
+                tool: entry.tool,
+                action: entry.action,
+                args: entry.args,
+                result: entry.result,
+                reason: entry.reason,
+                prevHash: entry.prevHash,
+            };
+            const hashInput = entry.prevHash + JSON.stringify(partial);
+            const expectedHash = crypto.createHash('sha256').update(hashInput).digest('hex');
+            if (entry.hash !== expectedHash) {
+                return {
+                    valid: false,
+                    entriesChecked: i + 1,
+                    firstInvalidAt: entry.sequence,
+                    reason: `Hash mismatch at sequence ${entry.sequence}: expected ${expectedHash.substring(0, 16)}..., got ${entry.hash.substring(0, 16)}...`,
+                };
+            }
+            // Check chain continuity (sequence i+1 should reference sequence i's hash)
+            if (i < sorted.length - 1) {
+                const next = sorted[i + 1];
+                if (next.prevHash !== entry.hash) {
+                    return {
+                        valid: false,
+                        entriesChecked: i + 2,
+                        firstInvalidAt: next.sequence,
+                        reason: `Chain break at sequence ${next.sequence}: prevHash doesn't match previous entry's hash`,
+                    };
+                }
+            }
+        }
+        return { valid: true, entriesChecked: sorted.length };
+    }
+    /**
+     * Verify all entries for a given session.
+     */
+    verifySession(sessionId) {
+        const sid = sessionId || this.sessionId;
+        const entries = this.query({ sessionId: sid });
+        return AuditLogger.verify(entries);
+    }
+    getLogFilePath() {
+        const date = new Date().toISOString().split('T')[0];
+        return path.join(this.logDir, `audit-${date}.jsonl`);
+    }
+    rotateIfNeeded(logFile) {
+        try {
+            if (!fs.existsSync(logFile))
+                return;
+            const stat = fs.statSync(logFile);
+            if (stat.size >= MAX_LOG_SIZE) {
+                const rotated = logFile.replace('.jsonl', `-${Date.now()}.jsonl`);
+                fs.renameSync(logFile, rotated);
+            }
+        }
+        catch {
+            // Rotation failure is non-fatal
+        }
+    }
+    sanitizeArgs(args) {
+        const sanitized = {};
+        for (const [key, value] of Object.entries(args)) {
+            if (typeof value === 'string') {
+                let masked = (0, secrets_1.maskSecretsInString)(value);
+                if (masked.length > MAX_ARG_LENGTH) {
+                    masked = masked.substring(0, MAX_ARG_LENGTH) + `... (${value.length} chars)`;
+                }
+                sanitized[key] = masked;
+            }
+            else if (typeof value === 'object' && value !== null) {
+                const str = JSON.stringify(value);
+                const masked = (0, secrets_1.maskSecretsInString)(str);
+                sanitized[key] = masked.length > MAX_ARG_LENGTH
+                    ? masked.substring(0, MAX_ARG_LENGTH) + '...'
+                    : masked;
+            }
+            else {
+                sanitized[key] = value;
+            }
+        }
+        return sanitized;
+    }
+}
+exports.AuditLogger = AuditLogger;
+//# sourceMappingURL=audit.js.map