npm - codebot-ai - Versions diffs - 1.6.0 → 1.8.0 - Mend

codebot-ai 1.6.0 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (38) hide show

package/dist/agent.d.ts +22 -0
package/dist/agent.js +138 -5
package/dist/audit.d.ts +31 -9
package/dist/audit.js +85 -11
package/dist/capabilities.d.ts +48 -0
package/dist/capabilities.js +187 -0
package/dist/cli.js +265 -26
package/dist/history.d.ts +7 -3
package/dist/history.js +55 -8
package/dist/index.d.ts +6 -0
package/dist/index.js +13 -1
package/dist/integrity.d.ts +35 -0
package/dist/integrity.js +135 -0
package/dist/policy.d.ts +132 -0
package/dist/policy.js +444 -0
package/dist/providers/anthropic.d.ts +1 -0
package/dist/providers/anthropic.js +4 -0
package/dist/providers/openai.d.ts +1 -0
package/dist/providers/openai.js +4 -0
package/dist/replay.d.ts +55 -0
package/dist/replay.js +196 -0
package/dist/sandbox.d.ts +65 -0
package/dist/sandbox.js +214 -0
package/dist/telemetry.d.ts +73 -0
package/dist/telemetry.js +286 -0
package/dist/tools/batch-edit.d.ts +3 -0
package/dist/tools/batch-edit.js +12 -0
package/dist/tools/edit.d.ts +3 -0
package/dist/tools/edit.js +11 -0
package/dist/tools/execute.js +29 -4
package/dist/tools/git.d.ts +5 -0
package/dist/tools/git.js +31 -0
package/dist/tools/index.d.ts +2 -1
package/dist/tools/index.js +6 -6
package/dist/tools/write.d.ts +3 -0
package/dist/tools/write.js +11 -0
package/dist/types.d.ts +1 -0
package/package.json +1 -1

package/dist/history.js CHANGED Viewed

@@ -38,38 +38,50 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const os = __importStar(require("os"));
 const crypto = __importStar(require("crypto"));
+const integrity_1 = require("./integrity");
 const SESSIONS_DIR = path.join(os.homedir(), '.codebot', 'sessions');
 class SessionManager {
     sessionId;
     filePath;
     model;
+    integrityKey;
     constructor(model, sessionId) {
         this.model = model;
         this.sessionId = sessionId || crypto.randomUUID();
+        this.integrityKey = (0, integrity_1.deriveSessionKey)(this.sessionId);
         fs.mkdirSync(SESSIONS_DIR, { recursive: true });
         this.filePath = path.join(SESSIONS_DIR, `${this.sessionId}.jsonl`);
     }
     getId() {
         return this.sessionId;
     }
-    /** Append a message to the session file */
+    /** Append a message to the session file (HMAC signed) */
     save(message) {
         try {
-            const line = JSON.stringify({
+            const record = {
                 ...message,
                 _ts: new Date().toISOString(),
                 _model: this.model,
-            });
-            fs.appendFileSync(this.filePath, line + '\n');
+            };
+            record._sig = (0, integrity_1.signMessage)(record, this.integrityKey);
+            fs.appendFileSync(this.filePath, JSON.stringify(record) + '\n');
         }
         catch {
             // Don't crash on write failure — session persistence is best-effort
         }
     }
-    /** Save all messages (atomic overwrite via temp file + rename) */
+    /** Save all messages (atomic overwrite, HMAC signed) */
     saveAll(messages) {
         try {
-            const lines = messages.map(m => JSON.stringify({ ...m, _ts: new Date().toISOString(), _model: this.model }));
+            const lines = messages.map(m => {
+                const record = {
+                    ...m,
+                    _ts: new Date().toISOString(),
+                    _model: this.model,
+                };
+                record._sig = (0, integrity_1.signMessage)(record, this.integrityKey);
+                return JSON.stringify(record);
+            });
             const tmpPath = this.filePath + '.tmp';
             fs.writeFileSync(tmpPath, lines.join('\n') + '\n');
             fs.renameSync(tmpPath, this.filePath);
@@ -78,7 +90,7 @@ class SessionManager {
             // Don't crash — session persistence is best-effort
         }
     }
-    /** Load messages from a session file (skips malformed lines) */
+    /** Load messages from a session file (verifies HMAC, drops tampered) */
     load() {
         if (!fs.existsSync(this.filePath))
             return [];
@@ -92,20 +104,55 @@ class SessionManager {
         if (!content)
             return [];
         const messages = [];
+        let dropped = 0;
         for (const line of content.split('\n')) {
             try {
                 const obj = JSON.parse(line);
+                // Verify integrity if signature present (backward compat: unsigned messages pass)
+                if (obj._sig) {
+                    if (!(0, integrity_1.verifyMessage)(obj, this.integrityKey)) {
+                        dropped++;
+                        continue; // Drop tampered message
+                    }
+                }
                 delete obj._ts;
                 delete obj._model;
+                delete obj._sig;
                 messages.push(obj);
             }
             catch {
-                // Skip malformed line — don't crash the whole load
                 continue;
             }
         }
+        if (dropped > 0) {
+            console.warn(`Warning: Dropped ${dropped} tampered message(s) from session ${this.sessionId.substring(0, 8)}.`);
+        }
         return messages;
     }
+    /** Verify integrity of all messages in this session. */
+    verifyIntegrity() {
+        if (!fs.existsSync(this.filePath)) {
+            return { valid: 0, tampered: 0, unsigned: 0, tamperedIndices: [] };
+        }
+        try {
+            const content = fs.readFileSync(this.filePath, 'utf-8').trim();
+            if (!content)
+                return { valid: 0, tampered: 0, unsigned: 0, tamperedIndices: [] };
+            const records = [];
+            for (const line of content.split('\n')) {
+                try {
+                    records.push(JSON.parse(line));
+                }
+                catch {
+                    continue;
+                }
+            }
+            return (0, integrity_1.verifyMessages)(records, this.integrityKey);
+        }
+        catch {
+            return { valid: 0, tampered: 0, unsigned: 0, tamperedIndices: [] };
+        }
+    }
     /** List recent sessions */
     static list(limit = 10) {
         if (!fs.existsSync(SESSIONS_DIR))

package/dist/index.d.ts CHANGED Viewed

@@ -11,5 +11,11 @@ export { loadPlugins } from './plugins';
 export { loadMCPTools } from './mcp';
 export { MODEL_REGISTRY, PROVIDER_DEFAULTS, getModelInfo, detectProvider } from './providers/registry';
 export type { ModelInfo } from './providers/registry';
+export { CapabilityChecker } from './capabilities';
+export type { ToolCapabilities, CapabilityConfig } from './capabilities';
+export { deriveSessionKey, signMessage, verifyMessage, verifyMessages } from './integrity';
+export type { IntegrityResult } from './integrity';
+export { ReplayProvider, loadSessionForReplay, compareOutputs, listReplayableSessions } from './replay';
+export type { SessionReplayData, ReplayDivergence } from './replay';
 export * from './types';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.js CHANGED Viewed

@@ -14,7 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.detectProvider = exports.getModelInfo = exports.PROVIDER_DEFAULTS = exports.MODEL_REGISTRY = exports.loadMCPTools = exports.loadPlugins = exports.parseToolCalls = exports.MemoryManager = exports.SessionManager = exports.buildRepoMap = exports.ContextManager = exports.ToolRegistry = exports.AnthropicProvider = exports.OpenAIProvider = exports.Agent = void 0;
+exports.listReplayableSessions = exports.compareOutputs = exports.loadSessionForReplay = exports.ReplayProvider = exports.verifyMessages = exports.verifyMessage = exports.signMessage = exports.deriveSessionKey = exports.CapabilityChecker = exports.detectProvider = exports.getModelInfo = exports.PROVIDER_DEFAULTS = exports.MODEL_REGISTRY = exports.loadMCPTools = exports.loadPlugins = exports.parseToolCalls = exports.MemoryManager = exports.SessionManager = exports.buildRepoMap = exports.ContextManager = exports.ToolRegistry = exports.AnthropicProvider = exports.OpenAIProvider = exports.Agent = void 0;
 var agent_1 = require("./agent");
 Object.defineProperty(exports, "Agent", { enumerable: true, get: function () { return agent_1.Agent; } });
 var openai_1 = require("./providers/openai");
@@ -42,5 +42,17 @@ Object.defineProperty(exports, "MODEL_REGISTRY", { enumerable: true, get: functi
 Object.defineProperty(exports, "PROVIDER_DEFAULTS", { enumerable: true, get: function () { return registry_1.PROVIDER_DEFAULTS; } });
 Object.defineProperty(exports, "getModelInfo", { enumerable: true, get: function () { return registry_1.getModelInfo; } });
 Object.defineProperty(exports, "detectProvider", { enumerable: true, get: function () { return registry_1.detectProvider; } });
+var capabilities_1 = require("./capabilities");
+Object.defineProperty(exports, "CapabilityChecker", { enumerable: true, get: function () { return capabilities_1.CapabilityChecker; } });
+var integrity_1 = require("./integrity");
+Object.defineProperty(exports, "deriveSessionKey", { enumerable: true, get: function () { return integrity_1.deriveSessionKey; } });
+Object.defineProperty(exports, "signMessage", { enumerable: true, get: function () { return integrity_1.signMessage; } });
+Object.defineProperty(exports, "verifyMessage", { enumerable: true, get: function () { return integrity_1.verifyMessage; } });
+Object.defineProperty(exports, "verifyMessages", { enumerable: true, get: function () { return integrity_1.verifyMessages; } });
+var replay_1 = require("./replay");
+Object.defineProperty(exports, "ReplayProvider", { enumerable: true, get: function () { return replay_1.ReplayProvider; } });
+Object.defineProperty(exports, "loadSessionForReplay", { enumerable: true, get: function () { return replay_1.loadSessionForReplay; } });
+Object.defineProperty(exports, "compareOutputs", { enumerable: true, get: function () { return replay_1.compareOutputs; } });
+Object.defineProperty(exports, "listReplayableSessions", { enumerable: true, get: function () { return replay_1.listReplayableSessions; } });
 __exportStar(require("./types"), exports);
 //# sourceMappingURL=index.js.map

package/dist/integrity.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+/**
+ * Session History Integrity for CodeBot v1.8.0
+ *
+ * HMAC-SHA256 signing/verification for session messages.
+ * Key: SHA-256(sessionId + machineId) where machineId = hostname:username.
+ *
+ * This is tamper-DETECTION, not tamper-prevention. The key is deterministic
+ * per session+machine so verification works without storing keys separately.
+ *
+ * Uses Node's built-in crypto module — zero runtime dependencies.
+ */
+/** Derive a per-session HMAC key. Deterministic for same session+machine. */
+export declare function deriveSessionKey(sessionId: string): Buffer;
+/**
+ * Compute HMAC-SHA256 signature for a message object.
+ * Excludes the _sig field from the signing input.
+ */
+export declare function signMessage(message: Record<string, unknown>, key: Buffer): string;
+/**
+ * Verify a message's HMAC signature.
+ * Returns false if no signature present or if it doesn't match.
+ */
+export declare function verifyMessage(message: Record<string, unknown>, key: Buffer): boolean;
+export interface IntegrityResult {
+    valid: number;
+    tampered: number;
+    unsigned: number;
+    tamperedIndices: number[];
+}
+/**
+ * Verify an array of signed messages.
+ * Unsigned messages (pre-v1.8.0) are counted but not flagged as tampered.
+ */
+export declare function verifyMessages(messages: Array<Record<string, unknown>>, key: Buffer): IntegrityResult;
+//# sourceMappingURL=integrity.d.ts.map

package/dist/integrity.js ADDED Viewed

@@ -0,0 +1,135 @@
+"use strict";
+/**
+ * Session History Integrity for CodeBot v1.8.0
+ *
+ * HMAC-SHA256 signing/verification for session messages.
+ * Key: SHA-256(sessionId + machineId) where machineId = hostname:username.
+ *
+ * This is tamper-DETECTION, not tamper-prevention. The key is deterministic
+ * per session+machine so verification works without storing keys separately.
+ *
+ * Uses Node's built-in crypto module — zero runtime dependencies.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.deriveSessionKey = deriveSessionKey;
+exports.signMessage = signMessage;
+exports.verifyMessage = verifyMessage;
+exports.verifyMessages = verifyMessages;
+const crypto = __importStar(require("crypto"));
+const os = __importStar(require("os"));
+// ── Key Derivation ──
+/** Derive a per-session HMAC key. Deterministic for same session+machine. */
+function deriveSessionKey(sessionId) {
+    const machineId = os.hostname() + ':' + getUserName();
+    return crypto.createHash('sha256')
+        .update(sessionId + machineId)
+        .digest();
+}
+/** Get username safely. */
+function getUserName() {
+    try {
+        return os.userInfo().username;
+    }
+    catch {
+        return 'unknown';
+    }
+}
+// ── Signing & Verification ──
+/**
+ * Compute HMAC-SHA256 signature for a message object.
+ * Excludes the _sig field from the signing input.
+ */
+function signMessage(message, key) {
+    const payload = canonicalize(message);
+    return crypto.createHmac('sha256', key)
+        .update(payload)
+        .digest('hex');
+}
+/**
+ * Verify a message's HMAC signature.
+ * Returns false if no signature present or if it doesn't match.
+ */
+function verifyMessage(message, key) {
+    const sig = message._sig;
+    if (!sig)
+        return false;
+    const expected = signMessage(message, key);
+    try {
+        return crypto.timingSafeEqual(Buffer.from(sig, 'hex'), Buffer.from(expected, 'hex'));
+    }
+    catch {
+        return false; // Different lengths or invalid hex
+    }
+}
+/**
+ * Canonical JSON representation for signing.
+ * Excludes _sig field. Keys are sorted for determinism.
+ */
+function canonicalize(obj) {
+    const sorted = {};
+    for (const key of Object.keys(obj).sort()) {
+        if (key === '_sig')
+            continue;
+        sorted[key] = obj[key];
+    }
+    return JSON.stringify(sorted);
+}
+/**
+ * Verify an array of signed messages.
+ * Unsigned messages (pre-v1.8.0) are counted but not flagged as tampered.
+ */
+function verifyMessages(messages, key) {
+    let valid = 0;
+    let tampered = 0;
+    let unsigned = 0;
+    const tamperedIndices = [];
+    for (let i = 0; i < messages.length; i++) {
+        const msg = messages[i];
+        if (!msg._sig) {
+            unsigned++;
+            continue;
+        }
+        if (verifyMessage(msg, key)) {
+            valid++;
+        }
+        else {
+            tampered++;
+            tamperedIndices.push(i);
+        }
+    }
+    return { valid, tampered, unsigned, tamperedIndices };
+}
+//# sourceMappingURL=integrity.js.map

package/dist/policy.d.ts ADDED Viewed

@@ -0,0 +1,132 @@
+/**
+ * Policy Engine for CodeBot v1.7.0
+ *
+ * Loads, validates, and enforces declarative security policies.
+ * Policy files: .codebot/policy.json (project) + ~/.codebot/policy.json (global)
+ * Project policy overrides global policy where specified.
+ */
+import { ToolCapabilities } from './capabilities';
+export interface PolicyExecution {
+    sandbox?: 'docker' | 'host' | 'auto';
+    network?: boolean;
+    timeout_seconds?: number;
+    max_memory_mb?: number;
+}
+export interface PolicyFilesystem {
+    writable_paths?: string[];
+    read_only_paths?: string[];
+    denied_paths?: string[];
+    allow_outside_project?: boolean;
+}
+export interface PolicyToolPermission {
+    [toolName: string]: 'auto' | 'prompt' | 'always-ask';
+}
+export interface PolicyTools {
+    enabled?: string[];
+    disabled?: string[];
+    permissions?: PolicyToolPermission;
+    capabilities?: Record<string, ToolCapabilities>;
+}
+export interface PolicySecrets {
+    block_on_detect?: boolean;
+    scan_on_write?: boolean;
+    allowed_patterns?: string[];
+}
+export interface PolicyGit {
+    always_branch?: boolean;
+    branch_prefix?: string;
+    require_tests_before_commit?: boolean;
+    never_push_main?: boolean;
+}
+export interface PolicyMcp {
+    allowed_servers?: string[];
+    blocked_servers?: string[];
+}
+export interface PolicyLimits {
+    max_iterations?: number;
+    max_file_size_kb?: number;
+    max_files_per_operation?: number;
+    cost_limit_usd?: number;
+}
+export interface Policy {
+    version?: string;
+    execution?: PolicyExecution;
+    filesystem?: PolicyFilesystem;
+    tools?: PolicyTools;
+    secrets?: PolicySecrets;
+    git?: PolicyGit;
+    mcp?: PolicyMcp;
+    limits?: PolicyLimits;
+}
+export declare const DEFAULT_POLICY: Required<Policy>;
+/**
+ * Load and merge policies from project + global locations.
+ * Project policy overrides global where specified.
+ */
+export declare function loadPolicy(projectRoot?: string): Policy;
+export declare class PolicyEnforcer {
+    private policy;
+    private projectRoot;
+    constructor(policy?: Policy, projectRoot?: string);
+    getPolicy(): Policy;
+    /** Check if a tool is enabled by policy. Returns { allowed, reason }. */
+    isToolAllowed(toolName: string): {
+        allowed: boolean;
+        reason?: string;
+    };
+    /** Get the permission level for a tool (policy override or null for default). */
+    getToolPermission(toolName: string): 'auto' | 'prompt' | 'always-ask' | null;
+    /** Check if a path is writable according to policy. */
+    isPathWritable(filePath: string): {
+        allowed: boolean;
+        reason?: string;
+    };
+    /** Get sandbox mode. */
+    getSandboxMode(): 'docker' | 'host' | 'auto';
+    /** Check if network is allowed for executed commands. */
+    isNetworkAllowed(): boolean;
+    /** Get execution timeout in milliseconds. */
+    getTimeoutMs(): number;
+    /** Get max memory in MB for sandbox. */
+    getMaxMemoryMb(): number;
+    /** Check if agent should always work on a branch. */
+    shouldAlwaysBranch(): boolean;
+    /** Get branch prefix for auto-created branches. */
+    getBranchPrefix(): string;
+    /** Check if pushing to main/master is blocked. */
+    isMainPushBlocked(): boolean;
+    /** Should secrets block writes (vs just warn)? */
+    shouldBlockSecrets(): boolean;
+    /** Should scan for secrets on write? */
+    shouldScanSecrets(): boolean;
+    /** Check if an MCP server is allowed. */
+    isMcpServerAllowed(serverName: string): {
+        allowed: boolean;
+        reason?: string;
+    };
+    /** Get max iterations for the agent loop. */
+    getMaxIterations(): number;
+    /** Get max file size in bytes for write operations. */
+    getMaxFileSizeBytes(): number;
+    /** Get cost limit in USD (0 = no limit). */
+    getCostLimitUsd(): number;
+    /** Get capability restrictions for a tool. undefined = unrestricted. */
+    getToolCapabilities(toolName: string): ToolCapabilities | undefined;
+    /** Check a specific capability for a tool. Returns { allowed, reason }. */
+    checkCapability(toolName: string, capabilityType: keyof ToolCapabilities, value: string | number): {
+        allowed: boolean;
+        reason?: string;
+    };
+    /**
+     * Simple glob-like pattern matching:
+     * - `*` matches any single path component
+     * - `**` matches any number of path components
+     * - `.env` matches exact filename
+     */
+    private matchesPattern;
+}
+/**
+ * Generate a default policy file content for `codebot --init-policy`.
+ */
+export declare function generateDefaultPolicyFile(): string;
+//# sourceMappingURL=policy.d.ts.map