codebot-ai 1.5.0 → 1.7.0

package/dist/telemetry.js

@@ -0,0 +1,286 @@
+"use strict";
+/**
+ * Token & Cost Tracking for CodeBot v1.7.0
+ *
+ * Tracks per-request and per-session token usage and estimated costs.
+ * Supports cost limits and historical usage queries.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenTracker = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const PRICING = {
+    // Anthropic
+    'claude-opus-4-6': { input: 15.0, output: 75.0 },
+    'claude-sonnet-4-20250514': { input: 3.0, output: 15.0 },
+    'claude-haiku-3-5': { input: 0.80, output: 4.0 },
+    // OpenAI
+    'gpt-4o': { input: 2.50, output: 10.0 },
+    'gpt-4o-mini': { input: 0.15, output: 0.60 },
+    'gpt-4.1': { input: 2.0, output: 8.0 },
+    'gpt-4.1-mini': { input: 0.40, output: 1.60 },
+    'gpt-4.1-nano': { input: 0.10, output: 0.40 },
+    'o1': { input: 15.0, output: 60.0 },
+    'o3': { input: 10.0, output: 40.0 },
+    'o3-mini': { input: 1.10, output: 4.40 },
+    'o4-mini': { input: 1.10, output: 4.40 },
+    // Google
+    'gemini-2.5-pro': { input: 1.25, output: 10.0 },
+    'gemini-2.5-flash': { input: 0.15, output: 0.60 },
+    'gemini-2.0-flash': { input: 0.10, output: 0.40 },
+    // DeepSeek
+    'deepseek-chat': { input: 0.14, output: 0.28 },
+    'deepseek-reasoner': { input: 0.55, output: 2.19 },
+    // Groq (free tier pricing)
+    'llama-3.3-70b-versatile': { input: 0.59, output: 0.79 },
+    // Mistral
+    'mistral-large-latest': { input: 2.0, output: 6.0 },
+    'codestral-latest': { input: 0.30, output: 0.90 },
+    // xAI
+    'grok-3': { input: 3.0, output: 15.0 },
+    'grok-3-mini': { input: 0.30, output: 0.50 },
+};
+// Default pricing for unknown models (conservative estimate)
+const DEFAULT_PRICING = { input: 2.0, output: 8.0 };
+// Free pricing for local models
+const LOCAL_PRICING = { input: 0, output: 0 };
+class TokenTracker {
+    model;
+    provider;
+    sessionId;
+    records = [];
+    toolCallCount = 0;
+    filesModifiedSet = new Set();
+    startTime;
+    costLimitUsd = 0;
+    constructor(model, provider, sessionId) {
+        this.model = model;
+        this.provider = provider;
+        this.sessionId = sessionId || `${Date.now()}-${Math.random().toString(36).substring(2, 8)}`;
+        this.startTime = new Date().toISOString();
+    }
+    /** Set cost limit in USD. 0 = no limit. */
+    setCostLimit(usd) {
+        this.costLimitUsd = usd;
+    }
+    /** Record token usage from an LLM request */
+    recordUsage(inputTokens, outputTokens) {
+        const pricing = this.getPricing();
+        const costUsd = (inputTokens * pricing.input + outputTokens * pricing.output) / 1_000_000;
+        const record = {
+            timestamp: new Date().toISOString(),
+            model: this.model,
+            provider: this.provider,
+            inputTokens,
+            outputTokens,
+            costUsd,
+        };
+        this.records.push(record);
+        return record;
+    }
+    /** Record a tool call (for summary) */
+    recordToolCall() {
+        this.toolCallCount++;
+    }
+    /** Record a file modification (for summary) */
+    recordFileModified(filePath) {
+        this.filesModifiedSet.add(filePath);
+    }
+    /** Check if cost limit has been exceeded */
+    isOverBudget() {
+        if (this.costLimitUsd <= 0)
+            return false;
+        return this.getTotalCost() >= this.costLimitUsd;
+    }
+    /** Get remaining budget in USD (Infinity if no limit) */
+    getRemainingBudget() {
+        if (this.costLimitUsd <= 0)
+            return Infinity;
+        return Math.max(0, this.costLimitUsd - this.getTotalCost());
+    }
+    // ── Aggregates ──
+    getTotalInputTokens() {
+        return this.records.reduce((sum, r) => sum + r.inputTokens, 0);
+    }
+    getTotalOutputTokens() {
+        return this.records.reduce((sum, r) => sum + r.outputTokens, 0);
+    }
+    getTotalCost() {
+        return this.records.reduce((sum, r) => sum + r.costUsd, 0);
+    }
+    getRequestCount() {
+        return this.records.length;
+    }
+    /** Generate a session summary */
+    getSummary() {
+        return {
+            sessionId: this.sessionId,
+            model: this.model,
+            provider: this.provider,
+            startTime: this.startTime,
+            endTime: new Date().toISOString(),
+            totalInputTokens: this.getTotalInputTokens(),
+            totalOutputTokens: this.getTotalOutputTokens(),
+            totalCostUsd: this.getTotalCost(),
+            requestCount: this.getRequestCount(),
+            toolCalls: this.toolCallCount,
+            filesModified: this.filesModifiedSet.size,
+        };
+    }
+    /** Format cost for display */
+    formatCost() {
+        const cost = this.getTotalCost();
+        if (cost === 0)
+            return 'free (local model)';
+        if (cost < 0.01)
+            return `< $0.01`;
+        return `$${cost.toFixed(4)}`;
+    }
+    /** Format a compact status line for CLI */
+    formatStatusLine() {
+        const inTk = this.getTotalInputTokens();
+        const outTk = this.getTotalOutputTokens();
+        const cost = this.formatCost();
+        return `${inTk.toLocaleString()} in / ${outTk.toLocaleString()} out | ${cost}`;
+    }
+    /** Save session usage to ~/.codebot/usage/ for historical tracking */
+    saveUsage() {
+        try {
+            const usageDir = path.join(os.homedir(), '.codebot', 'usage');
+            fs.mkdirSync(usageDir, { recursive: true });
+            const summary = this.getSummary();
+            const fileName = `usage-${summary.startTime.split('T')[0]}.jsonl`;
+            const filePath = path.join(usageDir, fileName);
+            fs.appendFileSync(filePath, JSON.stringify(summary) + '\n', 'utf-8');
+        }
+        catch {
+            // Usage tracking failures are non-fatal
+        }
+    }
+    /**
+     * Load historical usage from ~/.codebot/usage/
+     */
+    static loadHistory(days) {
+        const summaries = [];
+        try {
+            const usageDir = path.join(os.homedir(), '.codebot', 'usage');
+            if (!fs.existsSync(usageDir))
+                return [];
+            const files = fs.readdirSync(usageDir)
+                .filter(f => f.startsWith('usage-') && f.endsWith('.jsonl'))
+                .sort();
+            // Filter by date range if specified
+            const cutoff = days
+                ? new Date(Date.now() - days * 24 * 60 * 60 * 1000).toISOString()
+                : undefined;
+            for (const file of files) {
+                const content = fs.readFileSync(path.join(usageDir, file), 'utf-8');
+                for (const line of content.split('\n')) {
+                    if (!line.trim())
+                        continue;
+                    try {
+                        const summary = JSON.parse(line);
+                        if (cutoff && summary.startTime < cutoff)
+                            continue;
+                        summaries.push(summary);
+                    }
+                    catch { /* skip malformed */ }
+                }
+            }
+        }
+        catch {
+            // Can't read usage
+        }
+        return summaries;
+    }
+    /**
+     * Format a historical usage report.
+     */
+    static formatUsageReport(days = 30) {
+        const history = TokenTracker.loadHistory(days);
+        if (history.length === 0)
+            return 'No usage data found.';
+        let totalInput = 0;
+        let totalOutput = 0;
+        let totalCost = 0;
+        let totalRequests = 0;
+        let totalTools = 0;
+        for (const s of history) {
+            totalInput += s.totalInputTokens;
+            totalOutput += s.totalOutputTokens;
+            totalCost += s.totalCostUsd;
+            totalRequests += s.requestCount;
+            totalTools += s.toolCalls;
+        }
+        const lines = [
+            `Usage Report (last ${days} days)`,
+            '─'.repeat(40),
+            `Sessions:     ${history.length}`,
+            `LLM Requests: ${totalRequests.toLocaleString()}`,
+            `Tool Calls:   ${totalTools.toLocaleString()}`,
+            `Input Tokens: ${totalInput.toLocaleString()}`,
+            `Output Tokens: ${totalOutput.toLocaleString()}`,
+            `Total Cost:   $${totalCost.toFixed(4)}`,
+        ];
+        return lines.join('\n');
+    }
+    // ── Helpers ──
+    getPricing() {
+        // Local models are free
+        if (this.isLocalModel())
+            return LOCAL_PRICING;
+        // Exact match
+        if (PRICING[this.model])
+            return PRICING[this.model];
+        // Prefix match (for versioned models like claude-sonnet-4-20250514)
+        for (const [key, pricing] of Object.entries(PRICING)) {
+            if (this.model.startsWith(key))
+                return pricing;
+        }
+        return DEFAULT_PRICING;
+    }
+    isLocalModel() {
+        // Models running on Ollama, LM Studio, vLLM are free
+        return !this.provider ||
+            this.provider === 'ollama' ||
+            this.provider === 'lmstudio' ||
+            this.provider === 'vllm' ||
+            this.provider === 'local';
+    }
+}
+exports.TokenTracker = TokenTracker;
+//# sourceMappingURL=telemetry.js.map

package/dist/tools/batch-edit.js

@@ -36,6 +36,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.BatchEditTool = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
+const security_1 = require("../security");
+const secrets_1 = require("../secrets");
 class BatchEditTool {
     name = 'batch_edit';
     description = 'Apply multiple find-and-replace edits across one or more files atomically. All edits are validated before any are applied. Useful for renaming, refactoring, and coordinated multi-file changes.';
@@ -64,8 +66,10 @@ class BatchEditTool {
         if (!edits || !Array.isArray(edits) || edits.length === 0) {
             return 'Error: edits array is required and must not be empty';
         }
+        const projectRoot = process.cwd();
         // Phase 1: Validate all edits before applying any
         const errors = [];
+        const warnings = [];
         const validated = [];
         // Group edits by file so we can chain them
         const byFile = new Map();
@@ -75,6 +79,12 @@ class BatchEditTool {
                 continue;
             }
             const filePath = path.resolve(edit.path);
+            // Security: path safety check
+            const safety = (0, security_1.isPathSafe)(filePath, projectRoot);
+            if (!safety.safe) {
+                errors.push(`${safety.reason}`);
+                continue;
+            }
             if (!byFile.has(filePath))
                 byFile.set(filePath, []);
             byFile.get(filePath).push(edit);
@@ -98,6 +108,11 @@ class BatchEditTool {
                     errors.push(`String found ${count} times in ${filePath} (must be unique): "${oldStr.substring(0, 60)}${oldStr.length > 60 ? '...' : ''}"`);
                     continue;
                 }
+                // Security: secret detection on new content
+                const secrets = (0, secrets_1.scanForSecrets)(newStr);
+                if (secrets.length > 0) {
+                    warnings.push(`Secrets detected in edit for ${filePath}: ${secrets.map(s => `${s.type} (${s.snippet})`).join(', ')}`);
+                }
                 content = content.replace(oldStr, newStr);
             }
             if (content !== originalContent) {
@@ -115,7 +130,11 @@ class BatchEditTool {
         }
         const fileCount = validated.length;
         const editCount = edits.length;
-        return `Applied ${editCount} edit${editCount > 1 ? 's' : ''} across ${fileCount} file${fileCount > 1 ? 's' : ''}:\n${results.map(f => `  ✓ ${f}`).join('\n')}`;
+        let output = `Applied ${editCount} edit${editCount > 1 ? 's' : ''} across ${fileCount} file${fileCount > 1 ? 's' : ''}:\n${results.map(f => `  ✓ ${f}`).join('\n')}`;
+        if (warnings.length > 0) {
+            output += `\n\n⚠️  Security warnings:\n${warnings.map(w => `  - ${w}`).join('\n')}`;
+        }
+        return output;
     }
 }
 exports.BatchEditTool = BatchEditTool;

package/dist/tools/edit.js

@@ -37,6 +37,8 @@ exports.EditFileTool = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const os = __importStar(require("os"));
+const security_1 = require("../security");
+const secrets_1 = require("../secrets");
 // Undo snapshot directory
 const UNDO_DIR = path.join(os.homedir(), '.codebot', 'undo');
 const MAX_UNDO = 50;
@@ -66,10 +68,32 @@ class EditFileTool {
         const filePath = path.resolve(args.path);
         const oldStr = String(args.old_string);
         const newStr = String(args.new_string);
-        if (!fs.existsSync(filePath)) {
+        // Security: path safety check
+        const projectRoot = process.cwd();
+        const safety = (0, security_1.isPathSafe)(filePath, projectRoot);
+        if (!safety.safe) {
+            return `Error: ${safety.reason}`;
+        }
+        // Security: resolve symlinks before reading
+        let realPath;
+        try {
+            realPath = fs.realpathSync(filePath);
+        }
+        catch {
             throw new Error(`File not found: ${filePath}`);
         }
-        const content = fs.readFileSync(filePath, 'utf-8');
+        if (!fs.existsSync(realPath)) {
+            throw new Error(`File not found: ${filePath}`);
+        }
+        // Security: secret detection on new content (warn but don't block)
+        const secrets = (0, secrets_1.scanForSecrets)(newStr);
+        let warning = '';
+        if (secrets.length > 0) {
+            warning = `\n\n⚠️  WARNING: ${secrets.length} potential secret(s) in new content:\n` +
+                secrets.map(s => `  ${s.type} — ${s.snippet}`).join('\n') +
+                '\nConsider using environment variables instead of hardcoding secrets.';
+        }
+        const content = fs.readFileSync(realPath, 'utf-8');
         const count = content.split(oldStr).length - 1;
         if (count === 0) {
             throw new Error(`String not found in ${filePath}. Make sure old_string matches exactly (including whitespace).`);
@@ -78,12 +102,12 @@ class EditFileTool {
             throw new Error(`String found ${count} times in ${filePath}. Provide more surrounding context to make it unique.`);
         }
         // Save undo snapshot
-        this.saveSnapshot(filePath, content);
+        this.saveSnapshot(realPath, content);
         const updated = content.replace(oldStr, newStr);
-        fs.writeFileSync(filePath, updated, 'utf-8');
+        fs.writeFileSync(realPath, updated, 'utf-8');
         // Generate diff preview
         const diff = this.generateDiff(oldStr, newStr, content, filePath);
-        return diff;
+        return diff + warning;
     }
     generateDiff(oldStr, newStr, content, filePath) {
         const lines = content.split('\n');

package/dist/tools/execute.js

@@ -2,6 +2,9 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ExecuteTool = void 0;
 const child_process_1 = require("child_process");
+const security_1 = require("../security");
+const sandbox_1 = require("../sandbox");
+const policy_1 = require("../policy");
 const BLOCKED_PATTERNS = [
     // Destructive filesystem operations
     /rm\s+-rf\s+\//,
@@ -39,6 +42,44 @@ const BLOCKED_PATTERNS = [
     /insmod\b/,
     /rmmod\b/,
     /modprobe\s+-r/,
+    // ── v1.6.0 security hardening: evasion-resistant patterns ──
+    // Base64 decode pipes (obfuscated command execution)
+    /base64\s+(-d|--decode)\s*\|/,
+    // Hex escape sequences (obfuscation)
+    /\\x[0-9a-fA-F]{2}.*\\x[0-9a-fA-F]{2}/,
+    // Variable-based obfuscation
+    /\$\{[^}]*rm\s/,
+    /eval\s+.*\$/,
+    // Backtick-based command injection
+    /`[^`]*rm\s+-rf/,
+    // Process substitution with dangerous commands
+    /<\(.*curl/,
+    /<\(.*wget/,
+    // Python/perl inline execution of destructive commands
+    /python[23]?\s+-c\s+.*import\s+os.*remove/,
+    /perl\s+-e\s+.*unlink/,
+    // Encoded shell commands
+    /echo\s+.*\|\s*base64\s+(-d|--decode)\s*\|\s*(ba)?sh/,
+    // Crontab manipulation
+    /crontab\s+-r/,
+    // Systemctl destructive operations
+    /systemctl\s+(disable|mask|stop)\s+(sshd|firewalld|iptables)/,
+];
+/** Sensitive environment variables to strip before passing to child process */
+const FILTERED_ENV_VARS = [
+    'AWS_SECRET_ACCESS_KEY',
+    'AWS_SESSION_TOKEN',
+    'GITHUB_TOKEN',
+    'GH_TOKEN',
+    'NPM_TOKEN',
+    'DATABASE_URL',
+    'OPENAI_API_KEY',
+    'ANTHROPIC_API_KEY',
+    'GOOGLE_API_KEY',
+    'STRIPE_SECRET_KEY',
+    'SENDGRID_API_KEY',
+    'SLACK_TOKEN',
+    'SLACK_BOT_TOKEN',
 ];
 class ExecuteTool {
     name = 'execute';
@@ -63,19 +104,55 @@ class ExecuteTool {
                 throw new Error(`Blocked: "${cmd}" matches a dangerous command pattern.`);
             }
         }
+        // Security: validate CWD
+        const cwd = args.cwd || process.cwd();
+        const projectRoot = process.cwd();
+        const cwdSafety = (0, security_1.isCwdSafe)(cwd, projectRoot);
+        if (!cwdSafety.safe) {
+            return `Error: ${cwdSafety.reason}`;
+        }
+        const timeout = args.timeout || 30000;
+        // ── v1.7.0: Sandbox routing ──
+        const policy = (0, policy_1.loadPolicy)(projectRoot);
+        const sandboxMode = policy.execution?.sandbox || 'auto';
+        const useSandbox = sandboxMode === 'docker' ||
+            (sandboxMode === 'auto' && (0, sandbox_1.isDockerAvailable)());
+        if (useSandbox) {
+            const result = (0, sandbox_1.sandboxExec)(cmd, projectRoot, {
+                network: policy.execution?.network !== false,
+                memoryMb: policy.execution?.max_memory_mb || 512,
+                timeoutMs: timeout,
+            });
+            if (result.sandboxed) {
+                const output = result.stdout || result.stderr || '(no output)';
+                const tag = '[sandboxed]';
+                if (result.exitCode !== 0) {
+                    return `${tag} Exit code ${result.exitCode}\nSTDOUT:\n${result.stdout}\nSTDERR:\n${result.stderr}`;
+                }
+                return `${tag} ${output}`;
+            }
+            // Fallthrough: sandboxExec returned sandboxed=false (Docker wasn't available after all)
+        }
+        // ── Host execution (existing path) ──
+        const safeEnv = { ...process.env };
+        for (const key of FILTERED_ENV_VARS) {
+            delete safeEnv[key];
+        }
+        const tag = useSandbox ? '[host-fallback]' : '[host]';
         try {
             const output = (0, child_process_1.execSync)(cmd, {
-                cwd: args.cwd || process.cwd(),
-                timeout: args.timeout || 30000,
+                cwd,
+                timeout,
                 maxBuffer: 1024 * 1024,
                 encoding: 'utf-8',
                 stdio: ['pipe', 'pipe', 'pipe'],
+                env: safeEnv,
             });
-            return output || '(no output)';
+            return `${tag} ${output || '(no output)'}`;
         }
         catch (err) {
             const e = err;
-            return `Exit code ${e.status || 1}\nSTDOUT:\n${e.stdout || ''}\nSTDERR:\n${e.stderr || ''}`;
+            return `${tag} Exit code ${e.status || 1}\nSTDOUT:\n${e.stdout || ''}\nSTDERR:\n${e.stderr || ''}`;
         }
     }
 }

package/dist/tools/package-manager.js

@@ -63,6 +63,34 @@ const MANAGERS = {
         remove: 'go mod tidy', list: 'go list -m all', outdated: 'go list -m -u all', audit: 'govulncheck ./...',
     },
 };
+/**
+ * Package name validation patterns by ecosystem.
+ * Rejects names containing shell metacharacters or injection attempts.
+ */
+const SAFE_PKG_PATTERNS = {
+    // npm: @scope/pkg@version or pkg@version
+    npm: /^(@[a-z0-9\-~][a-z0-9\-._~]*\/)?[a-z0-9\-~][a-z0-9\-._~]*(@[a-z0-9^~>=<.*\-]+)?$/,
+    yarn: /^(@[a-z0-9\-~][a-z0-9\-._~]*\/)?[a-z0-9\-~][a-z0-9\-._~]*(@[a-z0-9^~>=<.*\-]+)?$/,
+    pnpm: /^(@[a-z0-9\-~][a-z0-9\-._~]*\/)?[a-z0-9\-~][a-z0-9\-._~]*(@[a-z0-9^~>=<.*\-]+)?$/,
+    // pip: allows hyphens, underscores, dots, optional version spec
+    pip: /^[a-zA-Z0-9][a-zA-Z0-9._\-]*(\[[a-zA-Z0-9,._\-]+\])?(([>=<!=~]+)[a-zA-Z0-9.*]+)?$/,
+    // cargo: lowercase alphanumeric + hyphens + underscores
+    cargo: /^[a-zA-Z][a-zA-Z0-9_\-]*(@[a-zA-Z0-9.^~>=<*\-]+)?$/,
+    // go: module paths
+    go: /^[a-zA-Z0-9][a-zA-Z0-9._\-/]*(@[a-zA-Z0-9.^~>=<*\-]+)?$/,
+};
+function isPackageNameSafe(pkgName, manager) {
+    // Split by spaces to handle multiple package args
+    const packages = pkgName.trim().split(/\s+/);
+    const pattern = SAFE_PKG_PATTERNS[manager];
+    if (!pattern)
+        return false;
+    for (const pkg of packages) {
+        if (!pattern.test(pkg))
+            return false;
+    }
+    return true;
+}
 class PackageManagerTool {
     name = 'package_manager';
     description = 'Manage dependencies. Auto-detects npm/yarn/pnpm/pip/cargo/go. Actions: install, add, remove, list, outdated, audit, detect.';
@@ -98,6 +126,10 @@ class PackageManagerTool {
                 const pkg = args.package;
                 if (!pkg)
                     return 'Error: package name is required for add';
+                // Security: validate package name
+                if (!isPackageNameSafe(pkg, mgr.name)) {
+                    return `Error: invalid package name "${pkg}". Package names must be alphanumeric with hyphens/underscores/dots only. Shell metacharacters are not allowed.`;
+                }
                 cmd = `${mgr.add} ${pkg}`;
                 break;
             }
@@ -105,6 +137,10 @@ class PackageManagerTool {
                 const pkg = args.package;
                 if (!pkg)
                     return 'Error: package name is required for remove';
+                // Security: validate package name
+                if (!isPackageNameSafe(pkg, mgr.name)) {
+                    return `Error: invalid package name "${pkg}". Package names must be alphanumeric with hyphens/underscores/dots only. Shell metacharacters are not allowed.`;
+                }
                 cmd = `${mgr.remove} ${pkg}`;
                 break;
             }

package/dist/tools/web-fetch.js

@@ -31,17 +31,19 @@ class WebFetchTool {
         // Block requests to private/internal IPs
         const hostname = parsed.hostname.toLowerCase();
         // Block localhost variants
-        if (hostname === 'localhost' || hostname === '127.0.0.1' || hostname === '::1' || hostname === '0.0.0.0') {
+        if (hostname === 'localhost' || hostname === '::1' || hostname === '0.0.0.0') {
             return 'Blocked: requests to localhost are not allowed';
         }
         // Block cloud metadata endpoints
         if (hostname === '169.254.169.254' || hostname === 'metadata.google.internal') {
             return 'Blocked: requests to cloud metadata endpoints are not allowed';
         }
-        // Block private IP ranges (10.x, 172.16-31.x, 192.168.x)
+        // Block private IPv4 ranges
         const ipMatch = hostname.match(/^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
         if (ipMatch) {
             const [, a, b] = ipMatch.map(Number);
+            if (a === 127)
+                return 'Blocked: loopback IP range (127.x.x.x)'; // Full 127.0.0.0/8
             if (a === 10)
                 return 'Blocked: private IP range (10.x.x.x)';
             if (a === 172 && b >= 16 && b <= 31)
@@ -50,6 +52,44 @@ class WebFetchTool {
                 return 'Blocked: private IP range (192.168.x.x)';
             if (a === 0)
                 return 'Blocked: invalid IP (0.x.x.x)';
+            if (a === 169 && b === 254)
+                return 'Blocked: link-local IP (169.254.x.x)';
+        }
+        // ── v1.6.0 security hardening: IPv6 private range blocking ──
+        // Remove brackets for IPv6 addresses
+        const bare = hostname.replace(/^\[/, '').replace(/\]$/, '').toLowerCase();
+        // IPv6 loopback
+        if (bare === '::1' || bare === '0:0:0:0:0:0:0:1') {
+            return 'Blocked: IPv6 loopback (::1)';
+        }
+        // IPv6 link-local (fe80::/10)
+        if (/^fe[89ab][0-9a-f]:/i.test(bare)) {
+            return 'Blocked: IPv6 link-local address (fe80::/10)';
+        }
+        // IPv6 unique local address (fc00::/7 — includes fd00::/8)
+        if (/^f[cd][0-9a-f]{2}:/i.test(bare)) {
+            return 'Blocked: IPv6 unique local address (fc00::/7)';
+        }
+        // IPv6 multicast (ff00::/8)
+        if (/^ff[0-9a-f]{2}:/i.test(bare)) {
+            return 'Blocked: IPv6 multicast address (ff00::/8)';
+        }
+        // IPv6-mapped IPv4 addresses (::ffff:x.x.x.x)
+        const mappedMatch = bare.match(/^::ffff:(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/);
+        if (mappedMatch) {
+            const [, a, b] = mappedMatch.map(Number);
+            if (a === 127)
+                return 'Blocked: IPv4-mapped loopback';
+            if (a === 10)
+                return 'Blocked: IPv4-mapped private IP';
+            if (a === 172 && b >= 16 && b <= 31)
+                return 'Blocked: IPv4-mapped private IP';
+            if (a === 192 && b === 168)
+                return 'Blocked: IPv4-mapped private IP';
+            if (a === 0)
+                return 'Blocked: IPv4-mapped invalid IP';
+            if (a === 169 && b === 254)
+                return 'Blocked: IPv4-mapped link-local';
         }
         return null; // URL is safe
     }

package/dist/tools/write.js

@@ -37,6 +37,8 @@ exports.WriteFileTool = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const os = __importStar(require("os"));
+const security_1 = require("../security");
+const secrets_1 = require("../secrets");
 const UNDO_DIR = path.join(os.homedir(), '.codebot', 'undo');
 class WriteFileTool {
     name = 'write_file';
@@ -60,6 +62,20 @@ class WriteFileTool {
         const filePath = path.resolve(args.path);
         const content = String(args.content);
         const dir = path.dirname(filePath);
+        // Security: path safety check
+        const projectRoot = process.cwd();
+        const safety = (0, security_1.isPathSafe)(filePath, projectRoot);
+        if (!safety.safe) {
+            return `Error: ${safety.reason}`;
+        }
+        // Security: secret detection (warn but don't block)
+        const secrets = (0, secrets_1.scanForSecrets)(content);
+        let warning = '';
+        if (secrets.length > 0) {
+            warning = `\n\n⚠️  WARNING: ${secrets.length} potential secret(s) detected:\n` +
+                secrets.map(s => `  Line ${s.line}: ${s.type} — ${s.snippet}`).join('\n') +
+                '\nConsider using environment variables instead of hardcoding secrets.';
+        }
         if (!fs.existsSync(dir)) {
             fs.mkdirSync(dir, { recursive: true });
         }
@@ -74,7 +90,7 @@ class WriteFileTool {
         }
         fs.writeFileSync(filePath, content, 'utf-8');
         const lines = content.split('\n').length;
-        return `${existed ? 'Overwrote' : 'Created'} ${filePath} (${lines} lines, ${content.length} bytes)`;
+        return `${existed ? 'Overwrote' : 'Created'} ${filePath} (${lines} lines, ${content.length} bytes)${warning}`;
     }
     saveSnapshot(filePath, content) {
         try {