codebot-ai 1.5.0 → 1.7.0

package/dist/sandbox.js

@@ -0,0 +1,214 @@
+"use strict";
+/**
+ * Docker Sandbox Execution for CodeBot v1.7.0
+ *
+ * Runs shell commands inside disposable Docker containers for isolation.
+ * Features:
+ * - Read-only root filesystem
+ * - Project directory mounted read-write
+ * - No network by default (configurable)
+ * - CPU, memory, PID limits
+ * - Automatic container cleanup
+ * - Graceful fallback to host execution when Docker unavailable
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isDockerAvailable = isDockerAvailable;
+exports.resetDockerCheck = resetDockerCheck;
+exports.sandboxExec = sandboxExec;
+exports.ensureSandboxImage = ensureSandboxImage;
+exports.getSandboxInfo = getSandboxInfo;
+const child_process_1 = require("child_process");
+const path = __importStar(require("path"));
+// ── Docker Detection ──
+let _dockerAvailable = null;
+/** Check if Docker is installed and the daemon is running */
+function isDockerAvailable() {
+    if (_dockerAvailable !== null)
+        return _dockerAvailable;
+    try {
+        (0, child_process_1.execSync)('docker info', {
+            timeout: 5000,
+            stdio: ['pipe', 'pipe', 'pipe'],
+            encoding: 'utf-8',
+        });
+        _dockerAvailable = true;
+    }
+    catch {
+        _dockerAvailable = false;
+    }
+    return _dockerAvailable;
+}
+/** Reset the cached Docker availability check (for testing) */
+function resetDockerCheck() {
+    _dockerAvailable = null;
+}
+// ── Sandbox Execution ──
+const DEFAULT_CONFIG = {
+    cpus: 2,
+    memoryMb: 512,
+    pidsLimit: 100,
+    network: false,
+    timeoutMs: 120_000,
+    workDir: '/workspace',
+    image: 'node:20-slim',
+};
+/**
+ * Execute a command inside a Docker sandbox.
+ *
+ * The project directory is mounted at /workspace (read-write).
+ * Root filesystem is read-only. /tmp is tmpfs (100MB).
+ * Network is disabled by default.
+ *
+ * Falls back to host execution if Docker is unavailable.
+ */
+function sandboxExec(command, projectDir, config) {
+    const cfg = { ...DEFAULT_CONFIG, ...config };
+    const resolvedProjectDir = path.resolve(projectDir);
+    if (!isDockerAvailable()) {
+        return hostFallback(command, resolvedProjectDir, cfg.timeoutMs);
+    }
+    // Build docker run command
+    const dockerArgs = [
+        'docker', 'run',
+        '--rm', // Cleanup on exit
+        '--read-only', // Read-only root filesystem
+        '--tmpfs', '/tmp:size=100m', // Writable /tmp
+        `--cpus="${cfg.cpus}"`, // CPU limit
+        `--memory="${cfg.memoryMb}m"`, // Memory limit
+        `--pids-limit`, String(cfg.pidsLimit), // PID limit
+        '--security-opt', 'no-new-privileges', // No privilege escalation
+        '--cap-drop=ALL', // Drop all capabilities
+    ];
+    // Network
+    if (!cfg.network) {
+        dockerArgs.push('--network', 'none');
+    }
+    // Mount project directory
+    dockerArgs.push('-v', `${resolvedProjectDir}:${cfg.workDir}:rw`);
+    // Working directory
+    dockerArgs.push('-w', cfg.workDir);
+    // Image
+    dockerArgs.push(cfg.image);
+    // Command (via sh -c for shell features)
+    dockerArgs.push('sh', '-c', command);
+    const dockerCmd = dockerArgs.join(' ');
+    try {
+        const stdout = (0, child_process_1.execSync)(dockerCmd, {
+            timeout: cfg.timeoutMs,
+            maxBuffer: 1024 * 1024, // 1MB
+            encoding: 'utf-8',
+            stdio: ['pipe', 'pipe', 'pipe'],
+        });
+        return { stdout: stdout || '', stderr: '', exitCode: 0, sandboxed: true };
+    }
+    catch (err) {
+        const e = err;
+        return {
+            stdout: e.stdout || '',
+            stderr: e.stderr || '',
+            exitCode: e.status || 1,
+            sandboxed: true,
+        };
+    }
+}
+/**
+ * Fallback: execute on host with existing security measures.
+ * Used when Docker is not available.
+ */
+function hostFallback(command, cwd, timeoutMs) {
+    try {
+        const stdout = (0, child_process_1.execSync)(command, {
+            cwd,
+            timeout: timeoutMs,
+            maxBuffer: 1024 * 1024,
+            encoding: 'utf-8',
+            stdio: ['pipe', 'pipe', 'pipe'],
+        });
+        return { stdout: stdout || '', stderr: '', exitCode: 0, sandboxed: false };
+    }
+    catch (err) {
+        const e = err;
+        return {
+            stdout: e.stdout || '',
+            stderr: e.stderr || '',
+            exitCode: e.status || 1,
+            sandboxed: false,
+        };
+    }
+}
+/**
+ * Build or pull the sandbox Docker image.
+ * Call this during `codebot --setup` or first sandbox use.
+ */
+function ensureSandboxImage(image) {
+    const img = image || DEFAULT_CONFIG.image;
+    if (!isDockerAvailable()) {
+        return { ready: false, error: 'Docker is not available' };
+    }
+    try {
+        // Check if image exists locally
+        (0, child_process_1.execSync)(`docker image inspect ${img}`, {
+            timeout: 10_000,
+            stdio: ['pipe', 'pipe', 'pipe'],
+        });
+        return { ready: true };
+    }
+    catch {
+        // Image not found, try to pull
+        try {
+            (0, child_process_1.execSync)(`docker pull ${img}`, {
+                timeout: 120_000,
+                stdio: ['pipe', 'pipe', 'pipe'],
+            });
+            return { ready: true };
+        }
+        catch (pullErr) {
+            const msg = pullErr instanceof Error ? pullErr.message : String(pullErr);
+            return { ready: false, error: `Failed to pull ${img}: ${msg}` };
+        }
+    }
+}
+/**
+ * Get a summary of sandbox configuration for display.
+ */
+function getSandboxInfo() {
+    return {
+        available: isDockerAvailable(),
+        image: DEFAULT_CONFIG.image,
+        defaults: { ...DEFAULT_CONFIG },
+    };
+}
+//# sourceMappingURL=sandbox.js.map

package/dist/secrets.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Secret detection module for CodeBot.
+ *
+ * Scans content for common credential patterns (API keys, tokens, passwords).
+ * Returns matches with line numbers and masked excerpts.
+ * Used to warn before writing secrets to files — does NOT block writes.
+ */
+export interface SecretMatch {
+    type: string;
+    line: number;
+    snippet: string;
+}
+/**
+ * Scan content for secrets. Returns array of matches with line numbers and masked snippets.
+ */
+export declare function scanForSecrets(content: string): SecretMatch[];
+/**
+ * Quick check: does the content contain any secrets?
+ */
+export declare function hasSecrets(content: string): boolean;
+/**
+ * Mask secrets in an arbitrary string (e.g., for audit logging).
+ * Replaces all detected secret matches with masked versions.
+ */
+export declare function maskSecretsInString(text: string): string;
+//# sourceMappingURL=secrets.d.ts.map

package/dist/secrets.js

@@ -0,0 +1,86 @@
+"use strict";
+/**
+ * Secret detection module for CodeBot.
+ *
+ * Scans content for common credential patterns (API keys, tokens, passwords).
+ * Returns matches with line numbers and masked excerpts.
+ * Used to warn before writing secrets to files — does NOT block writes.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.scanForSecrets = scanForSecrets;
+exports.hasSecrets = hasSecrets;
+exports.maskSecretsInString = maskSecretsInString;
+const SECRET_PATTERNS = [
+    { name: 'aws_access_key', pattern: /AKIA[0-9A-Z]{16}/ },
+    { name: 'aws_secret_key', pattern: /(?:aws_secret_access_key|aws_secret)\s*[:=]\s*['"]?[A-Za-z0-9/+=]{40}/ },
+    { name: 'private_key', pattern: /-----BEGIN (RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----/ },
+    { name: 'github_token', pattern: /gh[ps]_[A-Za-z0-9_]{36,}/ },
+    { name: 'github_oauth', pattern: /gho_[A-Za-z0-9_]{36,}/ },
+    { name: 'generic_api_key', pattern: /(?:api[_-]?key|apikey|secret[_-]?key)\s*[:=]\s*['"]?[A-Za-z0-9_\-]{20,}/i },
+    { name: 'jwt', pattern: /eyJ[A-Za-z0-9_-]{10,}\.eyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_\-]+/ },
+    { name: 'password_assign', pattern: /(?:password|passwd|pwd)\s*[:=]\s*['"][^'"]{8,}['"]/i },
+    { name: 'connection_string', pattern: /(?:mongodb|postgres|postgresql|mysql|redis|amqp):\/\/[^\s]{10,}/ },
+    { name: 'slack_token', pattern: /xox[bprs]-[0-9]{10,}-[A-Za-z0-9\-]+/ },
+    { name: 'slack_webhook', pattern: /hooks\.slack\.com\/services\/T[A-Z0-9]+\/B[A-Z0-9]+\/[A-Za-z0-9]+/ },
+    { name: 'generic_secret', pattern: /(?:secret|token|credential|auth_token)\s*[:=]\s*['"][^'"]{16,}['"]/i },
+    { name: 'npm_token', pattern: /\/\/registry\.npmjs\.org\/:_authToken=[^\s]+/ },
+    { name: 'sendgrid_key', pattern: /SG\.[A-Za-z0-9_\-]{22}\.[A-Za-z0-9_\-]{43}/ },
+    { name: 'stripe_key', pattern: /sk_(live|test)_[A-Za-z0-9]{24,}/ },
+];
+/**
+ * Mask a matched secret for safe display.
+ * Shows first 4 chars + **** + last 4 chars for strings >= 12 chars.
+ * For shorter strings, shows first 2 + **** + last 2.
+ */
+function maskSecret(match) {
+    if (match.length >= 12) {
+        return match.substring(0, 4) + '****' + match.substring(match.length - 4);
+    }
+    if (match.length >= 6) {
+        return match.substring(0, 2) + '****' + match.substring(match.length - 2);
+    }
+    return '****';
+}
+/**
+ * Scan content for secrets. Returns array of matches with line numbers and masked snippets.
+ */
+function scanForSecrets(content) {
+    const matches = [];
+    const lines = content.split('\n');
+    for (let i = 0; i < lines.length; i++) {
+        const line = lines[i];
+        for (const { name, pattern } of SECRET_PATTERNS) {
+            const match = line.match(pattern);
+            if (match) {
+                matches.push({
+                    type: name,
+                    line: i + 1,
+                    snippet: maskSecret(match[0]),
+                });
+            }
+        }
+    }
+    return matches;
+}
+/**
+ * Quick check: does the content contain any secrets?
+ */
+function hasSecrets(content) {
+    for (const { pattern } of SECRET_PATTERNS) {
+        if (pattern.test(content))
+            return true;
+    }
+    return false;
+}
+/**
+ * Mask secrets in an arbitrary string (e.g., for audit logging).
+ * Replaces all detected secret matches with masked versions.
+ */
+function maskSecretsInString(text) {
+    let masked = text;
+    for (const { pattern } of SECRET_PATTERNS) {
+        masked = masked.replace(new RegExp(pattern.source, pattern.flags + (pattern.flags.includes('g') ? '' : 'g')), match => maskSecret(match));
+    }
+    return masked;
+}
+//# sourceMappingURL=secrets.js.map

package/dist/security.d.ts

@@ -0,0 +1,18 @@
+export interface PathSafetyResult {
+    safe: boolean;
+    reason?: string;
+}
+/**
+ * Check if a file path is safe for write/edit operations.
+ *
+ * Resolves symlinks, checks against blocked system paths,
+ * and verifies the path is within the project or user home.
+ */
+export declare function isPathSafe(targetPath: string, projectRoot: string): PathSafetyResult;
+/**
+ * Check if a working directory is safe for command execution.
+ *
+ * Ensures the CWD exists, is a directory, and is under the project root.
+ */
+export declare function isCwdSafe(cwd: string, projectRoot: string): PathSafetyResult;
+//# sourceMappingURL=security.d.ts.map

package/dist/security.js

@@ -0,0 +1,167 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isPathSafe = isPathSafe;
+exports.isCwdSafe = isCwdSafe;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+/**
+ * Path safety module for CodeBot.
+ *
+ * Prevents tools from reading/writing system-critical files and directories.
+ * Resolves symlinks to prevent bypass attacks.
+ */
+/** System-critical absolute paths that should NEVER be written to */
+const BLOCKED_ABSOLUTE_PATHS = [
+    '/etc', '/usr', '/bin', '/sbin', '/boot', '/dev', '/proc', '/sys',
+    '/var/log', '/var/run', '/lib', '/lib64',
+    // macOS system directories
+    '/System', '/Library',
+    // Windows system directories
+    'C:\\Windows', 'C:\\Program Files', 'C:\\Program Files (x86)',
+];
+/** Home-relative sensitive directories/files that should NEVER be written to */
+const BLOCKED_HOME_RELATIVE = [
+    '.ssh',
+    '.gnupg',
+    '.aws/credentials',
+    '.config/gcloud',
+    '.bashrc',
+    '.bash_profile',
+    '.zshrc',
+    '.profile',
+    '.gitconfig',
+    '.npmrc',
+];
+/**
+ * Check if a file path is safe for write/edit operations.
+ *
+ * Resolves symlinks, checks against blocked system paths,
+ * and verifies the path is within the project or user home.
+ */
+function isPathSafe(targetPath, projectRoot) {
+    try {
+        const resolved = path.resolve(targetPath);
+        // Resolve symlinks — for new files, resolve the parent directory
+        let realPath;
+        try {
+            realPath = fs.realpathSync(resolved);
+        }
+        catch {
+            // File doesn't exist yet — resolve the parent
+            const parentDir = path.dirname(resolved);
+            try {
+                const realParent = fs.realpathSync(parentDir);
+                realPath = path.join(realParent, path.basename(resolved));
+            }
+            catch {
+                // Parent doesn't exist either — use the resolved path as-is
+                realPath = resolved;
+            }
+        }
+        // Check against blocked absolute paths
+        const normalizedPath = realPath.replace(/\\/g, '/').toLowerCase();
+        for (const blocked of BLOCKED_ABSOLUTE_PATHS) {
+            const normalizedBlocked = blocked.replace(/\\/g, '/').toLowerCase();
+            if (normalizedPath === normalizedBlocked || normalizedPath.startsWith(normalizedBlocked + '/')) {
+                return { safe: false, reason: `Blocked: "${realPath}" is inside system directory "${blocked}"` };
+            }
+        }
+        // Check against home-relative sensitive paths
+        const home = os.homedir();
+        for (const relative of BLOCKED_HOME_RELATIVE) {
+            const blockedPath = path.join(home, relative);
+            const normalizedBlockedHome = blockedPath.replace(/\\/g, '/').toLowerCase();
+            if (normalizedPath === normalizedBlockedHome || normalizedPath.startsWith(normalizedBlockedHome + '/')) {
+                return { safe: false, reason: `Blocked: "${realPath}" is a sensitive file/directory (~/${relative})` };
+            }
+        }
+        // Verify path is under project root or user home
+        const normalizedProject = path.resolve(projectRoot).replace(/\\/g, '/').toLowerCase();
+        const normalizedHome = home.replace(/\\/g, '/').toLowerCase();
+        const isUnderProject = normalizedPath.startsWith(normalizedProject + '/') || normalizedPath === normalizedProject;
+        const isUnderHome = normalizedPath.startsWith(normalizedHome + '/') || normalizedPath === normalizedHome;
+        if (!isUnderProject && !isUnderHome) {
+            return { safe: false, reason: `Blocked: "${realPath}" is outside both project root and user home directory` };
+        }
+        return { safe: true };
+    }
+    catch (err) {
+        return { safe: false, reason: `Path validation error: ${err instanceof Error ? err.message : String(err)}` };
+    }
+}
+/**
+ * Check if a working directory is safe for command execution.
+ *
+ * Ensures the CWD exists, is a directory, and is under the project root.
+ */
+function isCwdSafe(cwd, projectRoot) {
+    try {
+        const resolved = path.resolve(cwd);
+        // Check it exists and is a directory
+        try {
+            const stat = fs.statSync(resolved);
+            if (!stat.isDirectory()) {
+                return { safe: false, reason: `"${resolved}" is not a directory` };
+            }
+        }
+        catch {
+            return { safe: false, reason: `Directory does not exist: "${resolved}"` };
+        }
+        // Resolve symlinks
+        let realPath;
+        try {
+            realPath = fs.realpathSync(resolved);
+        }
+        catch {
+            realPath = resolved;
+        }
+        // Verify it's under project root or user home
+        const normalizedPath = realPath.replace(/\\/g, '/').toLowerCase();
+        const normalizedProject = path.resolve(projectRoot).replace(/\\/g, '/').toLowerCase();
+        const normalizedHome = os.homedir().replace(/\\/g, '/').toLowerCase();
+        const isUnderProject = normalizedPath.startsWith(normalizedProject + '/') || normalizedPath === normalizedProject;
+        const isUnderHome = normalizedPath.startsWith(normalizedHome + '/') || normalizedPath === normalizedHome;
+        if (!isUnderProject && !isUnderHome) {
+            return { safe: false, reason: `CWD "${realPath}" is outside project root and user home directory` };
+        }
+        return { safe: true };
+    }
+    catch (err) {
+        return { safe: false, reason: `CWD validation error: ${err instanceof Error ? err.message : String(err)}` };
+    }
+}
+//# sourceMappingURL=security.js.map

package/dist/telemetry.d.ts

@@ -0,0 +1,73 @@
+/**
+ * Token & Cost Tracking for CodeBot v1.7.0
+ *
+ * Tracks per-request and per-session token usage and estimated costs.
+ * Supports cost limits and historical usage queries.
+ */
+export interface UsageRecord {
+    timestamp: string;
+    model: string;
+    provider: string;
+    inputTokens: number;
+    outputTokens: number;
+    costUsd: number;
+}
+export interface SessionSummary {
+    sessionId: string;
+    model: string;
+    provider: string;
+    startTime: string;
+    endTime: string;
+    totalInputTokens: number;
+    totalOutputTokens: number;
+    totalCostUsd: number;
+    requestCount: number;
+    toolCalls: number;
+    filesModified: number;
+}
+export declare class TokenTracker {
+    private model;
+    private provider;
+    private sessionId;
+    private records;
+    private toolCallCount;
+    private filesModifiedSet;
+    private startTime;
+    private costLimitUsd;
+    constructor(model: string, provider: string, sessionId?: string);
+    /** Set cost limit in USD. 0 = no limit. */
+    setCostLimit(usd: number): void;
+    /** Record token usage from an LLM request */
+    recordUsage(inputTokens: number, outputTokens: number): UsageRecord;
+    /** Record a tool call (for summary) */
+    recordToolCall(): void;
+    /** Record a file modification (for summary) */
+    recordFileModified(filePath: string): void;
+    /** Check if cost limit has been exceeded */
+    isOverBudget(): boolean;
+    /** Get remaining budget in USD (Infinity if no limit) */
+    getRemainingBudget(): number;
+    getTotalInputTokens(): number;
+    getTotalOutputTokens(): number;
+    getTotalCost(): number;
+    getRequestCount(): number;
+    /** Generate a session summary */
+    getSummary(): SessionSummary;
+    /** Format cost for display */
+    formatCost(): string;
+    /** Format a compact status line for CLI */
+    formatStatusLine(): string;
+    /** Save session usage to ~/.codebot/usage/ for historical tracking */
+    saveUsage(): void;
+    /**
+     * Load historical usage from ~/.codebot/usage/
+     */
+    static loadHistory(days?: number): SessionSummary[];
+    /**
+     * Format a historical usage report.
+     */
+    static formatUsageReport(days?: number): string;
+    private getPricing;
+    private isLocalModel;
+}
+//# sourceMappingURL=telemetry.d.ts.map