codebot-ai 1.6.0 → 1.7.0

package/dist/telemetry.d.ts

@@ -0,0 +1,73 @@
+/**
+ * Token & Cost Tracking for CodeBot v1.7.0
+ *
+ * Tracks per-request and per-session token usage and estimated costs.
+ * Supports cost limits and historical usage queries.
+ */
+export interface UsageRecord {
+    timestamp: string;
+    model: string;
+    provider: string;
+    inputTokens: number;
+    outputTokens: number;
+    costUsd: number;
+}
+export interface SessionSummary {
+    sessionId: string;
+    model: string;
+    provider: string;
+    startTime: string;
+    endTime: string;
+    totalInputTokens: number;
+    totalOutputTokens: number;
+    totalCostUsd: number;
+    requestCount: number;
+    toolCalls: number;
+    filesModified: number;
+}
+export declare class TokenTracker {
+    private model;
+    private provider;
+    private sessionId;
+    private records;
+    private toolCallCount;
+    private filesModifiedSet;
+    private startTime;
+    private costLimitUsd;
+    constructor(model: string, provider: string, sessionId?: string);
+    /** Set cost limit in USD. 0 = no limit. */
+    setCostLimit(usd: number): void;
+    /** Record token usage from an LLM request */
+    recordUsage(inputTokens: number, outputTokens: number): UsageRecord;
+    /** Record a tool call (for summary) */
+    recordToolCall(): void;
+    /** Record a file modification (for summary) */
+    recordFileModified(filePath: string): void;
+    /** Check if cost limit has been exceeded */
+    isOverBudget(): boolean;
+    /** Get remaining budget in USD (Infinity if no limit) */
+    getRemainingBudget(): number;
+    getTotalInputTokens(): number;
+    getTotalOutputTokens(): number;
+    getTotalCost(): number;
+    getRequestCount(): number;
+    /** Generate a session summary */
+    getSummary(): SessionSummary;
+    /** Format cost for display */
+    formatCost(): string;
+    /** Format a compact status line for CLI */
+    formatStatusLine(): string;
+    /** Save session usage to ~/.codebot/usage/ for historical tracking */
+    saveUsage(): void;
+    /**
+     * Load historical usage from ~/.codebot/usage/
+     */
+    static loadHistory(days?: number): SessionSummary[];
+    /**
+     * Format a historical usage report.
+     */
+    static formatUsageReport(days?: number): string;
+    private getPricing;
+    private isLocalModel;
+}
+//# sourceMappingURL=telemetry.d.ts.map

package/dist/telemetry.js

@@ -0,0 +1,286 @@
+"use strict";
+/**
+ * Token & Cost Tracking for CodeBot v1.7.0
+ *
+ * Tracks per-request and per-session token usage and estimated costs.
+ * Supports cost limits and historical usage queries.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenTracker = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const PRICING = {
+    // Anthropic
+    'claude-opus-4-6': { input: 15.0, output: 75.0 },
+    'claude-sonnet-4-20250514': { input: 3.0, output: 15.0 },
+    'claude-haiku-3-5': { input: 0.80, output: 4.0 },
+    // OpenAI
+    'gpt-4o': { input: 2.50, output: 10.0 },
+    'gpt-4o-mini': { input: 0.15, output: 0.60 },
+    'gpt-4.1': { input: 2.0, output: 8.0 },
+    'gpt-4.1-mini': { input: 0.40, output: 1.60 },
+    'gpt-4.1-nano': { input: 0.10, output: 0.40 },
+    'o1': { input: 15.0, output: 60.0 },
+    'o3': { input: 10.0, output: 40.0 },
+    'o3-mini': { input: 1.10, output: 4.40 },
+    'o4-mini': { input: 1.10, output: 4.40 },
+    // Google
+    'gemini-2.5-pro': { input: 1.25, output: 10.0 },
+    'gemini-2.5-flash': { input: 0.15, output: 0.60 },
+    'gemini-2.0-flash': { input: 0.10, output: 0.40 },
+    // DeepSeek
+    'deepseek-chat': { input: 0.14, output: 0.28 },
+    'deepseek-reasoner': { input: 0.55, output: 2.19 },
+    // Groq (free tier pricing)
+    'llama-3.3-70b-versatile': { input: 0.59, output: 0.79 },
+    // Mistral
+    'mistral-large-latest': { input: 2.0, output: 6.0 },
+    'codestral-latest': { input: 0.30, output: 0.90 },
+    // xAI
+    'grok-3': { input: 3.0, output: 15.0 },
+    'grok-3-mini': { input: 0.30, output: 0.50 },
+};
+// Default pricing for unknown models (conservative estimate)
+const DEFAULT_PRICING = { input: 2.0, output: 8.0 };
+// Free pricing for local models
+const LOCAL_PRICING = { input: 0, output: 0 };
+class TokenTracker {
+    model;
+    provider;
+    sessionId;
+    records = [];
+    toolCallCount = 0;
+    filesModifiedSet = new Set();
+    startTime;
+    costLimitUsd = 0;
+    constructor(model, provider, sessionId) {
+        this.model = model;
+        this.provider = provider;
+        this.sessionId = sessionId || `${Date.now()}-${Math.random().toString(36).substring(2, 8)}`;
+        this.startTime = new Date().toISOString();
+    }
+    /** Set cost limit in USD. 0 = no limit. */
+    setCostLimit(usd) {
+        this.costLimitUsd = usd;
+    }
+    /** Record token usage from an LLM request */
+    recordUsage(inputTokens, outputTokens) {
+        const pricing = this.getPricing();
+        const costUsd = (inputTokens * pricing.input + outputTokens * pricing.output) / 1_000_000;
+        const record = {
+            timestamp: new Date().toISOString(),
+            model: this.model,
+            provider: this.provider,
+            inputTokens,
+            outputTokens,
+            costUsd,
+        };
+        this.records.push(record);
+        return record;
+    }
+    /** Record a tool call (for summary) */
+    recordToolCall() {
+        this.toolCallCount++;
+    }
+    /** Record a file modification (for summary) */
+    recordFileModified(filePath) {
+        this.filesModifiedSet.add(filePath);
+    }
+    /** Check if cost limit has been exceeded */
+    isOverBudget() {
+        if (this.costLimitUsd <= 0)
+            return false;
+        return this.getTotalCost() >= this.costLimitUsd;
+    }
+    /** Get remaining budget in USD (Infinity if no limit) */
+    getRemainingBudget() {
+        if (this.costLimitUsd <= 0)
+            return Infinity;
+        return Math.max(0, this.costLimitUsd - this.getTotalCost());
+    }
+    // ── Aggregates ──
+    getTotalInputTokens() {
+        return this.records.reduce((sum, r) => sum + r.inputTokens, 0);
+    }
+    getTotalOutputTokens() {
+        return this.records.reduce((sum, r) => sum + r.outputTokens, 0);
+    }
+    getTotalCost() {
+        return this.records.reduce((sum, r) => sum + r.costUsd, 0);
+    }
+    getRequestCount() {
+        return this.records.length;
+    }
+    /** Generate a session summary */
+    getSummary() {
+        return {
+            sessionId: this.sessionId,
+            model: this.model,
+            provider: this.provider,
+            startTime: this.startTime,
+            endTime: new Date().toISOString(),
+            totalInputTokens: this.getTotalInputTokens(),
+            totalOutputTokens: this.getTotalOutputTokens(),
+            totalCostUsd: this.getTotalCost(),
+            requestCount: this.getRequestCount(),
+            toolCalls: this.toolCallCount,
+            filesModified: this.filesModifiedSet.size,
+        };
+    }
+    /** Format cost for display */
+    formatCost() {
+        const cost = this.getTotalCost();
+        if (cost === 0)
+            return 'free (local model)';
+        if (cost < 0.01)
+            return `< $0.01`;
+        return `$${cost.toFixed(4)}`;
+    }
+    /** Format a compact status line for CLI */
+    formatStatusLine() {
+        const inTk = this.getTotalInputTokens();
+        const outTk = this.getTotalOutputTokens();
+        const cost = this.formatCost();
+        return `${inTk.toLocaleString()} in / ${outTk.toLocaleString()} out | ${cost}`;
+    }
+    /** Save session usage to ~/.codebot/usage/ for historical tracking */
+    saveUsage() {
+        try {
+            const usageDir = path.join(os.homedir(), '.codebot', 'usage');
+            fs.mkdirSync(usageDir, { recursive: true });
+            const summary = this.getSummary();
+            const fileName = `usage-${summary.startTime.split('T')[0]}.jsonl`;
+            const filePath = path.join(usageDir, fileName);
+            fs.appendFileSync(filePath, JSON.stringify(summary) + '\n', 'utf-8');
+        }
+        catch {
+            // Usage tracking failures are non-fatal
+        }
+    }
+    /**
+     * Load historical usage from ~/.codebot/usage/
+     */
+    static loadHistory(days) {
+        const summaries = [];
+        try {
+            const usageDir = path.join(os.homedir(), '.codebot', 'usage');
+            if (!fs.existsSync(usageDir))
+                return [];
+            const files = fs.readdirSync(usageDir)
+                .filter(f => f.startsWith('usage-') && f.endsWith('.jsonl'))
+                .sort();
+            // Filter by date range if specified
+            const cutoff = days
+                ? new Date(Date.now() - days * 24 * 60 * 60 * 1000).toISOString()
+                : undefined;
+            for (const file of files) {
+                const content = fs.readFileSync(path.join(usageDir, file), 'utf-8');
+                for (const line of content.split('\n')) {
+                    if (!line.trim())
+                        continue;
+                    try {
+                        const summary = JSON.parse(line);
+                        if (cutoff && summary.startTime < cutoff)
+                            continue;
+                        summaries.push(summary);
+                    }
+                    catch { /* skip malformed */ }
+                }
+            }
+        }
+        catch {
+            // Can't read usage
+        }
+        return summaries;
+    }
+    /**
+     * Format a historical usage report.
+     */
+    static formatUsageReport(days = 30) {
+        const history = TokenTracker.loadHistory(days);
+        if (history.length === 0)
+            return 'No usage data found.';
+        let totalInput = 0;
+        let totalOutput = 0;
+        let totalCost = 0;
+        let totalRequests = 0;
+        let totalTools = 0;
+        for (const s of history) {
+            totalInput += s.totalInputTokens;
+            totalOutput += s.totalOutputTokens;
+            totalCost += s.totalCostUsd;
+            totalRequests += s.requestCount;
+            totalTools += s.toolCalls;
+        }
+        const lines = [
+            `Usage Report (last ${days} days)`,
+            '─'.repeat(40),
+            `Sessions:     ${history.length}`,
+            `LLM Requests: ${totalRequests.toLocaleString()}`,
+            `Tool Calls:   ${totalTools.toLocaleString()}`,
+            `Input Tokens: ${totalInput.toLocaleString()}`,
+            `Output Tokens: ${totalOutput.toLocaleString()}`,
+            `Total Cost:   $${totalCost.toFixed(4)}`,
+        ];
+        return lines.join('\n');
+    }
+    // ── Helpers ──
+    getPricing() {
+        // Local models are free
+        if (this.isLocalModel())
+            return LOCAL_PRICING;
+        // Exact match
+        if (PRICING[this.model])
+            return PRICING[this.model];
+        // Prefix match (for versioned models like claude-sonnet-4-20250514)
+        for (const [key, pricing] of Object.entries(PRICING)) {
+            if (this.model.startsWith(key))
+                return pricing;
+        }
+        return DEFAULT_PRICING;
+    }
+    isLocalModel() {
+        // Models running on Ollama, LM Studio, vLLM are free
+        return !this.provider ||
+            this.provider === 'ollama' ||
+            this.provider === 'lmstudio' ||
+            this.provider === 'vllm' ||
+            this.provider === 'local';
+    }
+}
+exports.TokenTracker = TokenTracker;
+//# sourceMappingURL=telemetry.js.map

package/dist/tools/execute.js

@@ -3,6 +3,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.ExecuteTool = void 0;
 const child_process_1 = require("child_process");
 const security_1 = require("../security");
+const sandbox_1 = require("../sandbox");
+const policy_1 = require("../policy");
 const BLOCKED_PATTERNS = [
     // Destructive filesystem operations
     /rm\s+-rf\s+\//,
@@ -109,25 +111,48 @@ class ExecuteTool {
         if (!cwdSafety.safe) {
             return `Error: ${cwdSafety.reason}`;
         }
-        // Security: filter sensitive env vars
+        const timeout = args.timeout || 30000;
+        // ── v1.7.0: Sandbox routing ──
+        const policy = (0, policy_1.loadPolicy)(projectRoot);
+        const sandboxMode = policy.execution?.sandbox || 'auto';
+        const useSandbox = sandboxMode === 'docker' ||
+            (sandboxMode === 'auto' && (0, sandbox_1.isDockerAvailable)());
+        if (useSandbox) {
+            const result = (0, sandbox_1.sandboxExec)(cmd, projectRoot, {
+                network: policy.execution?.network !== false,
+                memoryMb: policy.execution?.max_memory_mb || 512,
+                timeoutMs: timeout,
+            });
+            if (result.sandboxed) {
+                const output = result.stdout || result.stderr || '(no output)';
+                const tag = '[sandboxed]';
+                if (result.exitCode !== 0) {
+                    return `${tag} Exit code ${result.exitCode}\nSTDOUT:\n${result.stdout}\nSTDERR:\n${result.stderr}`;
+                }
+                return `${tag} ${output}`;
+            }
+            // Fallthrough: sandboxExec returned sandboxed=false (Docker wasn't available after all)
+        }
+        // ── Host execution (existing path) ──
         const safeEnv = { ...process.env };
         for (const key of FILTERED_ENV_VARS) {
             delete safeEnv[key];
         }
+        const tag = useSandbox ? '[host-fallback]' : '[host]';
         try {
             const output = (0, child_process_1.execSync)(cmd, {
                 cwd,
-                timeout: args.timeout || 30000,
+                timeout,
                 maxBuffer: 1024 * 1024,
                 encoding: 'utf-8',
                 stdio: ['pipe', 'pipe', 'pipe'],
                 env: safeEnv,
             });
-            return output || '(no output)';
+            return `${tag} ${output || '(no output)'}`;
         }
         catch (err) {
             const e = err;
-            return `Exit code ${e.status || 1}\nSTDOUT:\n${e.stdout || ''}\nSTDERR:\n${e.stderr || ''}`;
+            return `${tag} Exit code ${e.status || 1}\nSTDOUT:\n${e.stdout || ''}\nSTDERR:\n${e.stderr || ''}`;
         }
     }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codebot-ai",
-  "version": "1.6.0",
+  "version": "1.7.0",
   "description": "Zero-dependency autonomous AI agent. Code, browse, search, automate. Works with any LLM — Ollama, Claude, GPT, Gemini, DeepSeek, Groq, Mistral, Grok.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",