codebot-ai 1.5.0 → 1.7.0

package/dist/cli.js

@@ -35,6 +35,8 @@ var __importStar = (this && this.__importStar) || (function () {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.main = main;
 const readline = __importStar(require("readline"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
 const agent_1 = require("./agent");
 const openai_1 = require("./providers/openai");
 const anthropic_1 = require("./providers/anthropic");
@@ -44,9 +46,10 @@ const setup_1 = require("./setup");
 const banner_1 = require("./banner");
 const tools_1 = require("./tools");
 const scheduler_1 = require("./scheduler");
-const VERSION = '1.5.0';
-// Session-wide token tracking
-let sessionTokens = { input: 0, output: 0, total: 0 };
+const audit_1 = require("./audit");
+const policy_1 = require("./policy");
+const sandbox_1 = require("./sandbox");
+const VERSION = '1.7.0';
 const C = {
     reset: '\x1b[0m',
     bold: '\x1b[1m',
@@ -86,12 +89,89 @@ async function main() {
         await (0, setup_1.runSetup)();
         return;
     }
+    // ── v1.7.0: New standalone commands ──
+    // --init-policy: Generate default policy file
+    if (args['init-policy']) {
+        const policyPath = path.join(process.cwd(), '.codebot', 'policy.json');
+        const policyDir = path.dirname(policyPath);
+        if (!fs.existsSync(policyDir))
+            fs.mkdirSync(policyDir, { recursive: true });
+        if (fs.existsSync(policyPath)) {
+            console.log(c(`Policy file already exists at ${policyPath}`, 'yellow'));
+            console.log(c('Delete it first if you want to regenerate.', 'dim'));
+        }
+        else {
+            fs.writeFileSync(policyPath, (0, policy_1.generateDefaultPolicyFile)(), 'utf-8');
+            console.log(c(`Created default policy at ${policyPath}`, 'green'));
+        }
+        return;
+    }
+    // --verify-audit: Verify audit chain integrity
+    if (args['verify-audit']) {
+        const logger = new audit_1.AuditLogger();
+        const sessionId = typeof args['verify-audit'] === 'string' ? args['verify-audit'] : undefined;
+        if (sessionId) {
+            const entries = logger.query({ sessionId });
+            if (entries.length === 0) {
+                console.log(c(`No audit entries found for session ${sessionId}`, 'yellow'));
+                return;
+            }
+            const result = audit_1.AuditLogger.verify(entries);
+            if (result.valid) {
+                console.log(c(`Audit chain valid (${result.entriesChecked} entries checked)`, 'green'));
+            }
+            else {
+                console.log(c(`Audit chain INVALID at sequence ${result.firstInvalidAt}`, 'red'));
+                console.log(c(`Reason: ${result.reason}`, 'red'));
+            }
+        }
+        else {
+            // Verify all entries from today's log
+            const entries = logger.query();
+            if (entries.length === 0) {
+                console.log(c('No audit entries found.', 'yellow'));
+                return;
+            }
+            // Group by session and verify each
+            const sessions = new Map();
+            for (const e of entries) {
+                if (!sessions.has(e.sessionId))
+                    sessions.set(e.sessionId, []);
+                sessions.get(e.sessionId).push(e);
+            }
+            let allValid = true;
+            for (const [sid, sessionEntries] of sessions) {
+                const result = audit_1.AuditLogger.verify(sessionEntries);
+                const shortId = sid.substring(0, 12);
+                if (result.valid) {
+                    console.log(c(`  ${shortId}  ${result.entriesChecked} entries  valid`, 'green'));
+                }
+                else {
+                    console.log(c(`  ${shortId}  INVALID at seq ${result.firstInvalidAt}: ${result.reason}`, 'red'));
+                    allValid = false;
+                }
+            }
+            console.log(allValid
+                ? c(`\nAll ${sessions.size} session chains verified.`, 'green')
+                : c(`\nSome chains are invalid — possible tampering detected.`, 'red'));
+        }
+        return;
+    }
+    // --sandbox-info: Show sandbox status
+    if (args['sandbox-info']) {
+        const info = (0, sandbox_1.getSandboxInfo)();
+        console.log(c('Sandbox Status:', 'bold'));
+        console.log(`  Docker: ${info.available ? c('available', 'green') : c('not available', 'yellow')}`);
+        console.log(`  Image:  ${info.image}`);
+        console.log(`  CPU:    ${info.defaults.cpus} cores max`);
+        console.log(`  Memory: ${info.defaults.memoryMb}MB max`);
+        console.log(`  Network: ${info.defaults.network ? 'enabled' : 'disabled'} by default`);
+        return;
+    }
     // First run: auto-launch setup if nothing is configured
     if ((0, setup_1.isFirstRun)() && process.stdin.isTTY && !args.message) {
         console.log(c('Welcome! No configuration found — launching setup...', 'cyan'));
         await (0, setup_1.runSetup)();
-        // If setup saved a config, continue to main flow
-        // Otherwise exit
         if ((0, setup_1.isFirstRun)())
             return;
     }
@@ -118,6 +198,7 @@ async function main() {
     const agent = new agent_1.Agent({
         provider,
         model: config.model,
+        providerName: config.provider,
         maxIterations: config.maxIterations,
         autoApprove: config.autoApprove,
         onMessage: (msg) => session.save(msg),
@@ -133,6 +214,7 @@ async function main() {
     // Non-interactive: single message from CLI args
     if (typeof args.message === 'string') {
         await runOnce(agent, args.message);
+        printSessionSummary(agent);
         return;
     }
     // Non-interactive: piped stdin
@@ -140,6 +222,7 @@ async function main() {
         const input = await readStdin();
         if (input.trim()) {
             await runOnce(agent, input.trim());
+            printSessionSummary(agent);
         }
         return;
     }
@@ -151,6 +234,22 @@ async function main() {
     // Cleanup scheduler on exit
     scheduler.stop();
 }
+/** Print session summary with tokens, cost, tool calls, files modified */
+function printSessionSummary(agent) {
+    const tracker = agent.getTokenTracker();
+    tracker.saveUsage();
+    const summary = tracker.getSummary();
+    const duration = (new Date(summary.endTime).getTime() - new Date(summary.startTime).getTime()) / 1000;
+    const mins = Math.floor(duration / 60);
+    const secs = Math.floor(duration % 60);
+    console.log(c('\n── Session Summary ──', 'dim'));
+    console.log(`  Duration:  ${mins}m ${secs}s`);
+    console.log(`  Model:     ${summary.model} via ${summary.provider}`);
+    console.log(`  Tokens:    ${summary.totalInputTokens.toLocaleString()} in / ${summary.totalOutputTokens.toLocaleString()} out (${tracker.formatCost()})`);
+    console.log(`  Requests:  ${summary.requestCount}`);
+    console.log(`  Tools:     ${summary.toolCalls} calls`);
+    console.log(`  Files:     ${summary.filesModified} modified`);
+}
 function createProvider(config) {
     if (config.provider === 'anthropic') {
         return new anthropic_1.AnthropicProvider({
@@ -159,7 +258,6 @@ function createProvider(config) {
             model: config.model,
         });
     }
-    // All other providers use OpenAI-compatible format
     return new openai_1.OpenAIProvider({
         baseUrl: config.baseUrl,
         apiKey: config.apiKey,
@@ -186,7 +284,7 @@ async function repl(agent, config, session) {
         }
         try {
             for await (const event of agent.run(input)) {
-                renderEvent(event);
+                renderEvent(event, agent);
             }
         }
         catch (err) {
@@ -197,18 +295,19 @@ async function repl(agent, config, session) {
         rl.prompt();
     });
     rl.on('close', () => {
+        printSessionSummary(agent);
         console.log(c('\nBye!', 'dim'));
         process.exit(0);
     });
 }
 async function runOnce(agent, message) {
     for await (const event of agent.run(message)) {
-        renderEvent(event);
+        renderEvent(event, agent);
     }
     console.log();
 }
 let isThinking = false;
-function renderEvent(event) {
+function renderEvent(event, agent) {
     switch (event.type) {
         case 'thinking':
             if (!isThinking) {
@@ -248,20 +347,15 @@ function renderEvent(event) {
             }
             break;
         case 'usage':
-            if (event.usage) {
-                if (event.usage.inputTokens)
-                    sessionTokens.input += event.usage.inputTokens;
-                if (event.usage.outputTokens)
-                    sessionTokens.output += event.usage.outputTokens;
-                if (event.usage.totalTokens)
-                    sessionTokens.total += event.usage.totalTokens;
+            if (event.usage && agent) {
+                const tracker = agent.getTokenTracker();
                 const parts = [];
                 if (event.usage.inputTokens)
                     parts.push(`in: ${event.usage.inputTokens}`);
                 if (event.usage.outputTokens)
                     parts.push(`out: ${event.usage.outputTokens}`);
                 if (parts.length > 0) {
-                    console.log(c(`  [${parts.join(', ')} tokens]`, 'dim'));
+                    console.log(c(`  [${parts.join(', ')} tokens | ${tracker.formatCost()}]`, 'dim'));
                 }
             }
             break;
@@ -306,7 +400,10 @@ function handleSlashCommand(input, agent, config) {
   /auto      Toggle autonomous mode
   /routines  List scheduled routines
   /undo      Undo last file edit (/undo [path])
-  /usage     Show token usage for this session
+  /usage     Show token usage & cost for this session
+  /cost      Show running cost
+  /policy    Show current security policy
+  /audit     Verify audit chain for this session
   /config    Show current config
   /quit      Exit`);
             break;
@@ -365,10 +462,41 @@ function handleSlashCommand(input, agent, config) {
             break;
         }
         case '/usage': {
-            console.log(c('\nToken Usage (this session):', 'bold'));
-            console.log(`  Input:  ${sessionTokens.input.toLocaleString()} tokens`);
-            console.log(`  Output: ${sessionTokens.output.toLocaleString()} tokens`);
-            console.log(`  Total:  ${(sessionTokens.input + sessionTokens.output).toLocaleString()} tokens`);
+            const tracker = agent.getTokenTracker();
+            const summary = tracker.getSummary();
+            console.log(c('\nSession Usage:', 'bold'));
+            console.log(`  Input:    ${summary.totalInputTokens.toLocaleString()} tokens`);
+            console.log(`  Output:   ${summary.totalOutputTokens.toLocaleString()} tokens`);
+            console.log(`  Cost:     ${tracker.formatCost()}`);
+            console.log(`  Requests: ${summary.requestCount}`);
+            console.log(`  Tools:    ${summary.toolCalls} calls`);
+            console.log(`  Files:    ${summary.filesModified} modified`);
+            break;
+        }
+        case '/cost': {
+            const tracker = agent.getTokenTracker();
+            console.log(c(`  ${tracker.formatStatusLine()}`, 'dim'));
+            break;
+        }
+        case '/policy': {
+            const policy = agent.getPolicyEnforcer().getPolicy();
+            console.log(c('\nCurrent Policy:', 'bold'));
+            console.log(JSON.stringify(policy, null, 2));
+            break;
+        }
+        case '/audit': {
+            const auditLogger = agent.getAuditLogger();
+            const result = auditLogger.verifySession();
+            if (result.entriesChecked === 0) {
+                console.log(c('No audit entries yet.', 'dim'));
+            }
+            else if (result.valid) {
+                console.log(c(`Audit chain valid (${result.entriesChecked} entries)`, 'green'));
+            }
+            else {
+                console.log(c(`Audit chain INVALID at sequence ${result.firstInvalidAt}`, 'red'));
+                console.log(c(`  ${result.reason}`, 'red'));
+            }
             break;
         }
         case '/routines': {
@@ -409,7 +537,6 @@ function showModels() {
     }
 }
 async function resolveConfig(args) {
-    // Load saved config (CLI args override saved config)
     const saved = (0, setup_1.loadConfig)();
     const model = args.model || process.env.CODEBOT_MODEL || saved.model || 'qwen2.5-coder:32b';
     const detected = (0, registry_1.detectProvider)(model);
@@ -421,7 +548,6 @@ async function resolveConfig(args) {
         maxIterations: parseInt(args['max-iterations'] || String(saved.maxIterations || 50), 10),
         autoApprove: !!args['auto-approve'] || !!args.autonomous || !!args.auto || !!saved.autoApprove,
     };
-    // Auto-resolve base URL and API key from provider
     if (!config.baseUrl || !config.apiKey) {
         const defaults = registry_1.PROVIDER_DEFAULTS[config.provider];
         if (defaults) {
@@ -431,14 +557,12 @@ async function resolveConfig(args) {
                 config.apiKey = process.env[defaults.envKey] || process.env.CODEBOT_API_KEY || '';
         }
     }
-    // Fallback: try saved config API key, then generic env vars
     if (!config.apiKey && saved.apiKey) {
         config.apiKey = saved.apiKey;
     }
     if (!config.apiKey) {
         config.apiKey = process.env.CODEBOT_API_KEY || process.env.OPENAI_API_KEY || '';
     }
-    // If still no base URL, auto-detect local provider
     if (!config.baseUrl) {
         config.baseUrl = await autoDetectProvider();
     }
@@ -494,6 +618,25 @@ function parseArgs(argv) {
             result.setup = true;
             continue;
         }
+        if (arg === '--init-policy') {
+            result['init-policy'] = true;
+            continue;
+        }
+        if (arg === '--sandbox-info') {
+            result['sandbox-info'] = true;
+            continue;
+        }
+        if (arg === '--verify-audit') {
+            const next = argv[i + 1];
+            if (next && !next.startsWith('--')) {
+                result['verify-audit'] = next;
+                i++;
+            }
+            else {
+                result['verify-audit'] = true;
+            }
+            continue;
+        }
         if (arg.startsWith('--')) {
             const key = arg.slice(2);
             const next = argv[i + 1];
@@ -540,9 +683,15 @@ ${c('Options:', 'bold')}
   --resume <id>        Resume a previous session by ID
   --continue, -c       Resume the most recent session
   --max-iterations <n> Max agent loop iterations (default: 50)
+  --sandbox <mode>     Execution sandbox: docker, host, auto (default: auto)
   -h, --help           Show this help
   -v, --version        Show version
 
+${c('Security & Policy:', 'bold')}
+  --init-policy        Generate default .codebot/policy.json
+  --verify-audit [id]  Verify audit log hash chain integrity
+  --sandbox-info       Show Docker sandbox status
+
 ${c('Supported Providers:', 'bold')}
   Local:      Ollama, LM Studio, vLLM (auto-detected)
   Anthropic:  Claude Opus/Sonnet/Haiku (ANTHROPIC_API_KEY)
@@ -560,6 +709,8 @@ ${c('Examples:', 'bold')}
   codebot --model deepseek-chat            Uses DeepSeek API
   codebot --model qwen2.5-coder:32b        Uses local Ollama
   codebot --autonomous "refactor src/"     Full auto, no prompts
+  codebot --init-policy                    Create security policy
+  codebot --verify-audit                   Check audit integrity
 
 ${c('Interactive Commands:', 'bold')}
   /help      Show commands
@@ -569,6 +720,10 @@ ${c('Interactive Commands:', 'bold')}
   /auto      Toggle autonomous mode
   /clear     Clear conversation
   /compact   Force context compaction
+  /usage     Show token usage & cost
+  /cost      Show running cost
+  /policy    Show security policy
+  /audit     Verify session audit chain
   /config    Show configuration
   /quit      Exit`);
 }

package/dist/mcp.js

@@ -38,6 +38,37 @@ const child_process_1 = require("child_process");
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const os = __importStar(require("os"));
+/**
+ * MCP (Model Context Protocol) client.
+ *
+ * Connects to MCP servers defined in `.codebot/mcp.json` or `~/.codebot/mcp.json`:
+ *
+ * {
+ *   "servers": [
+ *     {
+ *       "name": "my-server",
+ *       "command": "npx",
+ *       "args": ["-y", "@my/mcp-server"],
+ *       "env": {}
+ *     }
+ *   ]
+ * }
+ *
+ * Each server is launched as a subprocess communicating via JSON-RPC over stdio.
+ */
+/** Allowlist of commands that MCP servers are permitted to run */
+const ALLOWED_MCP_COMMANDS = new Set([
+    'npx', 'node', 'python', 'python3', 'deno', 'bun', 'docker', 'uvx',
+]);
+/** Safe environment variables to pass to MCP subprocesses */
+const SAFE_ENV_VARS = new Set([
+    'PATH', 'HOME', 'USER', 'SHELL', 'LANG', 'TERM', 'TMPDIR', 'TMP', 'TEMP',
+    'LC_ALL', 'LC_CTYPE', 'DISPLAY', 'XDG_RUNTIME_DIR',
+    // Node.js
+    'NODE_ENV', 'NODE_PATH',
+    // Python
+    'PYTHONPATH', 'VIRTUAL_ENV',
+]);
 class MCPConnection {
     process;
     buffer = '';
@@ -46,9 +77,25 @@ class MCPConnection {
     name;
     constructor(config) {
         this.name = config.name;
+        // Security: validate command against allowlist
+        const command = path.basename(config.command);
+        if (!ALLOWED_MCP_COMMANDS.has(command)) {
+            throw new Error(`Blocked MCP command: "${config.command}". Allowed: ${[...ALLOWED_MCP_COMMANDS].join(', ')}`);
+        }
+        // Security: build safe environment — only pass safe vars + config-defined vars
+        const safeEnv = {};
+        for (const key of SAFE_ENV_VARS) {
+            if (process.env[key]) {
+                safeEnv[key] = process.env[key];
+            }
+        }
+        // Config-defined env vars override safe defaults
+        if (config.env) {
+            Object.assign(safeEnv, config.env);
+        }
         this.process = (0, child_process_1.spawn)(config.command, config.args || [], {
             stdio: ['pipe', 'pipe', 'pipe'],
-            env: { ...process.env, ...config.env },
+            env: safeEnv,
         });
         this.process.stdout?.on('data', (chunk) => {
             this.buffer += chunk.toString();
@@ -97,7 +144,7 @@ class MCPConnection {
         await this.request('initialize', {
             protocolVersion: '2024-11-05',
             capabilities: {},
-            clientInfo: { name: 'codebot-ai', version: '1.1.0' },
+            clientInfo: { name: 'codebot-ai', version: '1.6.0' },
         });
         await this.request('notifications/initialized');
     }
@@ -121,9 +168,13 @@ class MCPConnection {
 }
 /** Create Tool wrappers from an MCP server's tools */
 function mcpToolToTool(connection, def) {
+    // Security: sanitize tool description (limit length, strip control chars)
+    const safeDescription = (def.description || '')
+        .substring(0, 500)
+        .replace(/[\x00-\x1F\x7F]/g, '');
     return {
         name: `mcp_${connection.name}_${def.name}`,
-        description: `[MCP:${connection.name}] ${def.description}`,
+        description: `[MCP:${connection.name}] ${safeDescription}`,
         permission: 'prompt',
         parameters: def.inputSchema || { type: 'object', properties: {} },
         execute: async (args) => {

package/dist/memory.d.ts

@@ -1,3 +1,7 @@
+/**
+ * Sanitize memory content by stripping lines that look like prompt injection.
+ */
+export declare function sanitizeMemory(content: string): string;
 export interface MemoryEntry {
     key: string;
     value: string;
@@ -8,6 +12,9 @@ export interface MemoryEntry {
  * Persistent memory system for CodeBot.
  * Stores project-level and global notes that survive across sessions.
  * Memory is injected into the system prompt so the model always has context.
+ *
+ * Security: content is sanitized before injection to prevent prompt injection.
+ * Size limits: 2KB per file, 10KB total.
  */
 export declare class MemoryManager {
     private projectDir;

package/dist/memory.js

@@ -34,15 +34,57 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.MemoryManager = void 0;
+exports.sanitizeMemory = sanitizeMemory;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const os = __importStar(require("os"));
 const MEMORY_DIR = path.join(os.homedir(), '.codebot', 'memory');
 const GLOBAL_MEMORY = path.join(MEMORY_DIR, 'MEMORY.md');
+/** Maximum size per memory file (2KB) */
+const MAX_FILE_SIZE = 2048;
+/** Maximum total memory size across all files (10KB) */
+const MAX_TOTAL_SIZE = 10240;
+/** Patterns that indicate potential prompt injection in memory content */
+const INJECTION_PATTERNS = [
+    /^(system|assistant|user):\s/i,
+    /ignore (previous|all|above) instructions/i,
+    /you are now/i,
+    /new instructions:/i,
+    /override:/i,
+    /<\/?system>/i,
+    /\bforget (all|everything|your)\b/i,
+    /\bact as\b/i,
+    /\brole:\s*(system|admin)/i,
+    /\bpretend (you are|to be)\b/i,
+];
+/**
+ * Sanitize memory content by stripping lines that look like prompt injection.
+ */
+function sanitizeMemory(content) {
+    return content.split('\n')
+        .filter(line => !INJECTION_PATTERNS.some(p => p.test(line)))
+        .join('\n');
+}
+/**
+ * Truncate content to a maximum byte size.
+ */
+function truncateToSize(content, maxSize) {
+    if (Buffer.byteLength(content, 'utf-8') <= maxSize)
+        return content;
+    // Truncate by chars (approximation — will be close to byte limit)
+    let truncated = content;
+    while (Buffer.byteLength(truncated, 'utf-8') > maxSize - 50) { // leave room for marker
+        truncated = truncated.substring(0, Math.floor(truncated.length * 0.9));
+    }
+    return truncated.trimEnd() + '\n[truncated — exceeded size limit]';
+}
 /**
  * Persistent memory system for CodeBot.
  * Stores project-level and global notes that survive across sessions.
  * Memory is injected into the system prompt so the model always has context.
+ *
+ * Security: content is sanitized before injection to prevent prompt injection.
+ * Size limits: 2KB per file, 10KB total.
  */
 class MemoryManager {
     projectDir;
@@ -76,14 +118,16 @@ class MemoryManager {
     }
     /** Write to global memory */
     writeGlobal(content) {
-        fs.writeFileSync(GLOBAL_MEMORY, content);
+        const safe = truncateToSize(content, MAX_FILE_SIZE);
+        fs.writeFileSync(GLOBAL_MEMORY, safe);
     }
     /** Write to project memory */
     writeProject(content) {
         if (!this.projectDir)
             return;
         const memFile = path.join(this.projectDir, 'MEMORY.md');
-        fs.writeFileSync(memFile, content);
+        const safe = truncateToSize(content, MAX_FILE_SIZE);
+        fs.writeFileSync(memFile, safe);
     }
     /** Append an entry to global memory */
     appendGlobal(entry) {
@@ -114,20 +158,34 @@ class MemoryManager {
     /** Get all memory content formatted for system prompt injection */
     getContextBlock() {
         const parts = [];
+        let totalSize = 0;
         const global = this.readGlobal();
         if (global.trim()) {
-            parts.push(`## Global Memory\n${global.trim()}`);
+            const sanitized = sanitizeMemory(global.trim());
+            const truncated = truncateToSize(sanitized, MAX_FILE_SIZE);
+            totalSize += Buffer.byteLength(truncated, 'utf-8');
+            parts.push(`## Global Memory\n${truncated}`);
         }
         // Read additional global topic files
         const globalFiles = this.readDir(this.globalDir);
         for (const [name, content] of Object.entries(globalFiles)) {
             if (name === 'MEMORY.md' || !content.trim())
                 continue;
-            parts.push(`## ${name.replace('.md', '')}\n${content.trim()}`);
+            if (totalSize >= MAX_TOTAL_SIZE)
+                break;
+            const sanitized = sanitizeMemory(content.trim());
+            const remaining = MAX_TOTAL_SIZE - totalSize;
+            const truncated = truncateToSize(sanitized, Math.min(MAX_FILE_SIZE, remaining));
+            totalSize += Buffer.byteLength(truncated, 'utf-8');
+            parts.push(`## ${name.replace('.md', '')}\n${truncated}`);
         }
         const project = this.readProject();
-        if (project.trim()) {
-            parts.push(`## Project Memory\n${project.trim()}`);
+        if (project.trim() && totalSize < MAX_TOTAL_SIZE) {
+            const sanitized = sanitizeMemory(project.trim());
+            const remaining = MAX_TOTAL_SIZE - totalSize;
+            const truncated = truncateToSize(sanitized, Math.min(MAX_FILE_SIZE, remaining));
+            totalSize += Buffer.byteLength(truncated, 'utf-8');
+            parts.push(`## Project Memory\n${truncated}`);
         }
         // Read additional project topic files
         if (this.projectDir) {
@@ -135,7 +193,13 @@ class MemoryManager {
             for (const [name, content] of Object.entries(projFiles)) {
                 if (name === 'MEMORY.md' || !content.trim())
                     continue;
-                parts.push(`## Project: ${name.replace('.md', '')}\n${content.trim()}`);
+                if (totalSize >= MAX_TOTAL_SIZE)
+                    break;
+                const sanitized = sanitizeMemory(content.trim());
+                const remaining = MAX_TOTAL_SIZE - totalSize;
+                const truncated = truncateToSize(sanitized, Math.min(MAX_FILE_SIZE, remaining));
+                totalSize += Buffer.byteLength(truncated, 'utf-8');
+                parts.push(`## Project: ${name.replace('.md', '')}\n${truncated}`);
             }
         }
         if (parts.length === 0)

package/dist/plugins.d.ts

@@ -1,17 +1,3 @@
 import { Tool } from './types';
-/**
- * Plugin system for CodeBot.
- *
- * Plugins are .js files in `.codebot/plugins/` (project) or `~/.codebot/plugins/` (global).
- * Each plugin exports a default function or object that implements the Tool interface:
- *
- * module.exports = {
- *   name: 'my_tool',
- *   description: 'Does something useful',
- *   permission: 'prompt',
- *   parameters: { type: 'object', properties: { ... }, required: [...] },
- *   execute: async (args) => { return 'result'; }
- * };
- */
 export declare function loadPlugins(projectRoot?: string): Tool[];
 //# sourceMappingURL=plugins.d.ts.map

package/dist/plugins.js

@@ -36,20 +36,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.loadPlugins = loadPlugins;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-/**
- * Plugin system for CodeBot.
- *
- * Plugins are .js files in `.codebot/plugins/` (project) or `~/.codebot/plugins/` (global).
- * Each plugin exports a default function or object that implements the Tool interface:
- *
- * module.exports = {
- *   name: 'my_tool',
- *   description: 'Does something useful',
- *   permission: 'prompt',
- *   parameters: { type: 'object', properties: { ... }, required: [...] },
- *   execute: async (args) => { return 'result'; }
- * };
- */
+const crypto = __importStar(require("crypto"));
 function loadPlugins(projectRoot) {
     const plugins = [];
     const os = require('os');
@@ -74,6 +61,32 @@ function loadPlugins(projectRoot) {
                 continue;
             try {
                 const pluginPath = path.join(dir, entry.name);
+                // Security: verify plugin against manifest hash
+                const manifestPath = path.join(dir, 'plugin.json');
+                if (!fs.existsSync(manifestPath)) {
+                    console.error(`Plugin skipped (${entry.name}): no plugin.json manifest found. Create one with: { "name": "...", "version": "...", "hash": "sha256:..." }`);
+                    continue;
+                }
+                let manifest;
+                try {
+                    manifest = JSON.parse(fs.readFileSync(manifestPath, 'utf-8'));
+                }
+                catch {
+                    console.error(`Plugin skipped (${entry.name}): invalid plugin.json manifest`);
+                    continue;
+                }
+                if (!manifest.hash || !manifest.hash.startsWith('sha256:')) {
+                    console.error(`Plugin skipped (${entry.name}): manifest missing valid sha256 hash`);
+                    continue;
+                }
+                // Compute SHA-256 of the plugin file
+                const pluginContent = fs.readFileSync(pluginPath);
+                const computedHash = 'sha256:' + crypto.createHash('sha256').update(pluginContent).digest('hex');
+                if (computedHash !== manifest.hash) {
+                    console.error(`Plugin skipped (${entry.name}): hash mismatch. Expected ${manifest.hash}, got ${computedHash}. Plugin may have been tampered with.`);
+                    continue;
+                }
+                // Hash verified — safe to load
                 // eslint-disable-next-line @typescript-eslint/no-require-imports
                 const mod = require(pluginPath);
                 const plugin = mod.default || mod;