codebot-ai 1.6.0 → 1.8.0

package/dist/telemetry.js

@@ -0,0 +1,286 @@
+"use strict";
+/**
+ * Token & Cost Tracking for CodeBot v1.7.0
+ *
+ * Tracks per-request and per-session token usage and estimated costs.
+ * Supports cost limits and historical usage queries.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenTracker = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const PRICING = {
+    // Anthropic
+    'claude-opus-4-6': { input: 15.0, output: 75.0 },
+    'claude-sonnet-4-20250514': { input: 3.0, output: 15.0 },
+    'claude-haiku-3-5': { input: 0.80, output: 4.0 },
+    // OpenAI
+    'gpt-4o': { input: 2.50, output: 10.0 },
+    'gpt-4o-mini': { input: 0.15, output: 0.60 },
+    'gpt-4.1': { input: 2.0, output: 8.0 },
+    'gpt-4.1-mini': { input: 0.40, output: 1.60 },
+    'gpt-4.1-nano': { input: 0.10, output: 0.40 },
+    'o1': { input: 15.0, output: 60.0 },
+    'o3': { input: 10.0, output: 40.0 },
+    'o3-mini': { input: 1.10, output: 4.40 },
+    'o4-mini': { input: 1.10, output: 4.40 },
+    // Google
+    'gemini-2.5-pro': { input: 1.25, output: 10.0 },
+    'gemini-2.5-flash': { input: 0.15, output: 0.60 },
+    'gemini-2.0-flash': { input: 0.10, output: 0.40 },
+    // DeepSeek
+    'deepseek-chat': { input: 0.14, output: 0.28 },
+    'deepseek-reasoner': { input: 0.55, output: 2.19 },
+    // Groq (free tier pricing)
+    'llama-3.3-70b-versatile': { input: 0.59, output: 0.79 },
+    // Mistral
+    'mistral-large-latest': { input: 2.0, output: 6.0 },
+    'codestral-latest': { input: 0.30, output: 0.90 },
+    // xAI
+    'grok-3': { input: 3.0, output: 15.0 },
+    'grok-3-mini': { input: 0.30, output: 0.50 },
+};
+// Default pricing for unknown models (conservative estimate)
+const DEFAULT_PRICING = { input: 2.0, output: 8.0 };
+// Free pricing for local models
+const LOCAL_PRICING = { input: 0, output: 0 };
+class TokenTracker {
+    model;
+    provider;
+    sessionId;
+    records = [];
+    toolCallCount = 0;
+    filesModifiedSet = new Set();
+    startTime;
+    costLimitUsd = 0;
+    constructor(model, provider, sessionId) {
+        this.model = model;
+        this.provider = provider;
+        this.sessionId = sessionId || `${Date.now()}-${Math.random().toString(36).substring(2, 8)}`;
+        this.startTime = new Date().toISOString();
+    }
+    /** Set cost limit in USD. 0 = no limit. */
+    setCostLimit(usd) {
+        this.costLimitUsd = usd;
+    }
+    /** Record token usage from an LLM request */
+    recordUsage(inputTokens, outputTokens) {
+        const pricing = this.getPricing();
+        const costUsd = (inputTokens * pricing.input + outputTokens * pricing.output) / 1_000_000;
+        const record = {
+            timestamp: new Date().toISOString(),
+            model: this.model,
+            provider: this.provider,
+            inputTokens,
+            outputTokens,
+            costUsd,
+        };
+        this.records.push(record);
+        return record;
+    }
+    /** Record a tool call (for summary) */
+    recordToolCall() {
+        this.toolCallCount++;
+    }
+    /** Record a file modification (for summary) */
+    recordFileModified(filePath) {
+        this.filesModifiedSet.add(filePath);
+    }
+    /** Check if cost limit has been exceeded */
+    isOverBudget() {
+        if (this.costLimitUsd <= 0)
+            return false;
+        return this.getTotalCost() >= this.costLimitUsd;
+    }
+    /** Get remaining budget in USD (Infinity if no limit) */
+    getRemainingBudget() {
+        if (this.costLimitUsd <= 0)
+            return Infinity;
+        return Math.max(0, this.costLimitUsd - this.getTotalCost());
+    }
+    // ── Aggregates ──
+    getTotalInputTokens() {
+        return this.records.reduce((sum, r) => sum + r.inputTokens, 0);
+    }
+    getTotalOutputTokens() {
+        return this.records.reduce((sum, r) => sum + r.outputTokens, 0);
+    }
+    getTotalCost() {
+        return this.records.reduce((sum, r) => sum + r.costUsd, 0);
+    }
+    getRequestCount() {
+        return this.records.length;
+    }
+    /** Generate a session summary */
+    getSummary() {
+        return {
+            sessionId: this.sessionId,
+            model: this.model,
+            provider: this.provider,
+            startTime: this.startTime,
+            endTime: new Date().toISOString(),
+            totalInputTokens: this.getTotalInputTokens(),
+            totalOutputTokens: this.getTotalOutputTokens(),
+            totalCostUsd: this.getTotalCost(),
+            requestCount: this.getRequestCount(),
+            toolCalls: this.toolCallCount,
+            filesModified: this.filesModifiedSet.size,
+        };
+    }
+    /** Format cost for display */
+    formatCost() {
+        const cost = this.getTotalCost();
+        if (cost === 0)
+            return 'free (local model)';
+        if (cost < 0.01)
+            return `< $0.01`;
+        return `$${cost.toFixed(4)}`;
+    }
+    /** Format a compact status line for CLI */
+    formatStatusLine() {
+        const inTk = this.getTotalInputTokens();
+        const outTk = this.getTotalOutputTokens();
+        const cost = this.formatCost();
+        return `${inTk.toLocaleString()} in / ${outTk.toLocaleString()} out | ${cost}`;
+    }
+    /** Save session usage to ~/.codebot/usage/ for historical tracking */
+    saveUsage() {
+        try {
+            const usageDir = path.join(os.homedir(), '.codebot', 'usage');
+            fs.mkdirSync(usageDir, { recursive: true });
+            const summary = this.getSummary();
+            const fileName = `usage-${summary.startTime.split('T')[0]}.jsonl`;
+            const filePath = path.join(usageDir, fileName);
+            fs.appendFileSync(filePath, JSON.stringify(summary) + '\n', 'utf-8');
+        }
+        catch {
+            // Usage tracking failures are non-fatal
+        }
+    }
+    /**
+     * Load historical usage from ~/.codebot/usage/
+     */
+    static loadHistory(days) {
+        const summaries = [];
+        try {
+            const usageDir = path.join(os.homedir(), '.codebot', 'usage');
+            if (!fs.existsSync(usageDir))
+                return [];
+            const files = fs.readdirSync(usageDir)
+                .filter(f => f.startsWith('usage-') && f.endsWith('.jsonl'))
+                .sort();
+            // Filter by date range if specified
+            const cutoff = days
+                ? new Date(Date.now() - days * 24 * 60 * 60 * 1000).toISOString()
+                : undefined;
+            for (const file of files) {
+                const content = fs.readFileSync(path.join(usageDir, file), 'utf-8');
+                for (const line of content.split('\n')) {
+                    if (!line.trim())
+                        continue;
+                    try {
+                        const summary = JSON.parse(line);
+                        if (cutoff && summary.startTime < cutoff)
+                            continue;
+                        summaries.push(summary);
+                    }
+                    catch { /* skip malformed */ }
+                }
+            }
+        }
+        catch {
+            // Can't read usage
+        }
+        return summaries;
+    }
+    /**
+     * Format a historical usage report.
+     */
+    static formatUsageReport(days = 30) {
+        const history = TokenTracker.loadHistory(days);
+        if (history.length === 0)
+            return 'No usage data found.';
+        let totalInput = 0;
+        let totalOutput = 0;
+        let totalCost = 0;
+        let totalRequests = 0;
+        let totalTools = 0;
+        for (const s of history) {
+            totalInput += s.totalInputTokens;
+            totalOutput += s.totalOutputTokens;
+            totalCost += s.totalCostUsd;
+            totalRequests += s.requestCount;
+            totalTools += s.toolCalls;
+        }
+        const lines = [
+            `Usage Report (last ${days} days)`,
+            '─'.repeat(40),
+            `Sessions:     ${history.length}`,
+            `LLM Requests: ${totalRequests.toLocaleString()}`,
+            `Tool Calls:   ${totalTools.toLocaleString()}`,
+            `Input Tokens: ${totalInput.toLocaleString()}`,
+            `Output Tokens: ${totalOutput.toLocaleString()}`,
+            `Total Cost:   $${totalCost.toFixed(4)}`,
+        ];
+        return lines.join('\n');
+    }
+    // ── Helpers ──
+    getPricing() {
+        // Local models are free
+        if (this.isLocalModel())
+            return LOCAL_PRICING;
+        // Exact match
+        if (PRICING[this.model])
+            return PRICING[this.model];
+        // Prefix match (for versioned models like claude-sonnet-4-20250514)
+        for (const [key, pricing] of Object.entries(PRICING)) {
+            if (this.model.startsWith(key))
+                return pricing;
+        }
+        return DEFAULT_PRICING;
+    }
+    isLocalModel() {
+        // Models running on Ollama, LM Studio, vLLM are free
+        return !this.provider ||
+            this.provider === 'ollama' ||
+            this.provider === 'lmstudio' ||
+            this.provider === 'vllm' ||
+            this.provider === 'local';
+    }
+}
+exports.TokenTracker = TokenTracker;
+//# sourceMappingURL=telemetry.js.map

package/dist/tools/batch-edit.d.ts

@@ -1,8 +1,11 @@
 import { Tool } from '../types';
+import { PolicyEnforcer } from '../policy';
 export declare class BatchEditTool implements Tool {
     name: string;
     description: string;
     permission: Tool['permission'];
+    private policyEnforcer?;
+    constructor(policyEnforcer?: PolicyEnforcer);
     parameters: {
         type: string;
         properties: {

package/dist/tools/batch-edit.js

@@ -42,6 +42,10 @@ class BatchEditTool {
     name = 'batch_edit';
     description = 'Apply multiple find-and-replace edits across one or more files atomically. All edits are validated before any are applied. Useful for renaming, refactoring, and coordinated multi-file changes.';
     permission = 'prompt';
+    policyEnforcer;
+    constructor(policyEnforcer) {
+        this.policyEnforcer = policyEnforcer;
+    }
     parameters = {
         type: 'object',
         properties: {
@@ -85,6 +89,14 @@ class BatchEditTool {
                 errors.push(`${safety.reason}`);
                 continue;
             }
+            // Policy: filesystem restrictions
+            if (this.policyEnforcer) {
+                const policyCheck = this.policyEnforcer.isPathWritable(filePath);
+                if (!policyCheck.allowed) {
+                    errors.push(`Blocked by policy — ${policyCheck.reason}`);
+                    continue;
+                }
+            }
             if (!byFile.has(filePath))
                 byFile.set(filePath, []);
             byFile.get(filePath).push(edit);

package/dist/tools/edit.d.ts

@@ -1,8 +1,11 @@
 import { Tool } from '../types';
+import { PolicyEnforcer } from '../policy';
 export declare class EditFileTool implements Tool {
     name: string;
     description: string;
     permission: Tool['permission'];
+    private policyEnforcer?;
+    constructor(policyEnforcer?: PolicyEnforcer);
     parameters: {
         type: string;
         properties: {

package/dist/tools/edit.js

@@ -46,6 +46,10 @@ class EditFileTool {
     name = 'edit_file';
     description = 'Edit a file by replacing an exact string match with new content. The old_string must appear exactly once in the file. Shows a diff preview and creates an undo snapshot.';
     permission = 'prompt';
+    policyEnforcer;
+    constructor(policyEnforcer) {
+        this.policyEnforcer = policyEnforcer;
+    }
     parameters = {
         type: 'object',
         properties: {
@@ -74,6 +78,13 @@ class EditFileTool {
         if (!safety.safe) {
             return `Error: ${safety.reason}`;
         }
+        // Policy: filesystem restrictions (denied paths, read-only, writable scope)
+        if (this.policyEnforcer) {
+            const policyCheck = this.policyEnforcer.isPathWritable(filePath);
+            if (!policyCheck.allowed) {
+                return `Error: Blocked by policy — ${policyCheck.reason}`;
+            }
+        }
         // Security: resolve symlinks before reading
         let realPath;
         try {

package/dist/tools/execute.js

@@ -3,6 +3,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.ExecuteTool = void 0;
 const child_process_1 = require("child_process");
 const security_1 = require("../security");
+const sandbox_1 = require("../sandbox");
+const policy_1 = require("../policy");
 const BLOCKED_PATTERNS = [
     // Destructive filesystem operations
     /rm\s+-rf\s+\//,
@@ -109,25 +111,48 @@ class ExecuteTool {
         if (!cwdSafety.safe) {
             return `Error: ${cwdSafety.reason}`;
         }
-        // Security: filter sensitive env vars
+        const timeout = args.timeout || 30000;
+        // ── v1.7.0: Sandbox routing ──
+        const policy = (0, policy_1.loadPolicy)(projectRoot);
+        const sandboxMode = policy.execution?.sandbox || 'auto';
+        const useSandbox = sandboxMode === 'docker' ||
+            (sandboxMode === 'auto' && (0, sandbox_1.isDockerAvailable)());
+        if (useSandbox) {
+            const result = (0, sandbox_1.sandboxExec)(cmd, projectRoot, {
+                network: policy.execution?.network !== false,
+                memoryMb: policy.execution?.max_memory_mb || 512,
+                timeoutMs: timeout,
+            });
+            if (result.sandboxed) {
+                const output = result.stdout || result.stderr || '(no output)';
+                const tag = '[sandboxed]';
+                if (result.exitCode !== 0) {
+                    return `${tag} Exit code ${result.exitCode}\nSTDOUT:\n${result.stdout}\nSTDERR:\n${result.stderr}`;
+                }
+                return `${tag} ${output}`;
+            }
+            // Fallthrough: sandboxExec returned sandboxed=false (Docker wasn't available after all)
+        }
+        // ── Host execution (existing path) ──
         const safeEnv = { ...process.env };
         for (const key of FILTERED_ENV_VARS) {
             delete safeEnv[key];
         }
+        const tag = useSandbox ? '[host-fallback]' : '[host]';
         try {
             const output = (0, child_process_1.execSync)(cmd, {
                 cwd,
-                timeout: args.timeout || 30000,
+                timeout,
                 maxBuffer: 1024 * 1024,
                 encoding: 'utf-8',
                 stdio: ['pipe', 'pipe', 'pipe'],
                 env: safeEnv,
             });
-            return output || '(no output)';
+            return `${tag} ${output || '(no output)'}`;
         }
         catch (err) {
             const e = err;
-            return `Exit code ${e.status || 1}\nSTDOUT:\n${e.stdout || ''}\nSTDERR:\n${e.stderr || ''}`;
+            return `${tag} Exit code ${e.status || 1}\nSTDOUT:\n${e.stdout || ''}\nSTDERR:\n${e.stderr || ''}`;
         }
     }
 }

package/dist/tools/git.d.ts

@@ -1,8 +1,10 @@
 import { Tool } from '../types';
+import { PolicyEnforcer } from '../policy';
 export declare class GitTool implements Tool {
     name: string;
     description: string;
     permission: Tool['permission'];
+    private policyEnforcer?;
     parameters: {
         type: string;
         properties: {
@@ -21,6 +23,9 @@ export declare class GitTool implements Tool {
         };
         required: string[];
     };
+    constructor(policyEnforcer?: PolicyEnforcer);
     execute(args: Record<string, unknown>): Promise<string>;
+    /** Get current git branch name. */
+    private getCurrentBranch;
 }
 //# sourceMappingURL=git.d.ts.map

package/dist/tools/git.js

@@ -10,6 +10,7 @@ class GitTool {
     name = 'git';
     description = 'Run git operations. Actions: status, diff, log, commit, branch, checkout, stash, push, pull, merge, blame, tag, add, reset.';
     permission = 'prompt';
+    policyEnforcer;
     parameters = {
         type: 'object',
         properties: {
@@ -19,6 +20,9 @@ class GitTool {
         },
         required: ['action'],
     };
+    constructor(policyEnforcer) {
+        this.policyEnforcer = policyEnforcer;
+    }
     async execute(args) {
         const action = args.action;
         if (!action)
@@ -36,6 +40,20 @@ class GitTool {
         if (/clean\s+-[a-z]*f/i.test(fullCmd)) {
             return 'Error: git clean -f is blocked for safety.';
         }
+        // Policy: block push to main/master when never_push_main=true
+        if (action === 'push' && this.policyEnforcer?.isMainPushBlocked()) {
+            const currentBranch = this.getCurrentBranch(cwd);
+            if (currentBranch === 'main' || currentBranch === 'master') {
+                return 'Error: Pushing to main/master is blocked by policy (git.never_push_main=true). Create a feature branch first.';
+            }
+        }
+        // Policy: block commit on main/master when always_branch=true
+        if (action === 'commit' && this.policyEnforcer?.shouldAlwaysBranch()) {
+            const currentBranch = this.getCurrentBranch(cwd);
+            if (currentBranch === 'main' || currentBranch === 'master') {
+                return 'Error: Committing to main/master is blocked by policy (git.always_branch=true). Create a feature branch first.';
+            }
+        }
         try {
             const output = (0, child_process_1.execSync)(fullCmd, {
                 cwd,
@@ -53,6 +71,19 @@ class GitTool {
             return `Exit ${e.status || 1}${stdout ? `\n${stdout}` : ''}${stderr ? `\nError: ${stderr}` : ''}`;
         }
     }
+    /** Get current git branch name. */
+    getCurrentBranch(cwd) {
+        try {
+            return (0, child_process_1.execSync)('git rev-parse --abbrev-ref HEAD', {
+                cwd,
+                encoding: 'utf-8',
+                timeout: 5000,
+            }).trim();
+        }
+        catch {
+            return '';
+        }
+    }
 }
 exports.GitTool = GitTool;
 //# sourceMappingURL=git.js.map

package/dist/tools/index.d.ts

@@ -1,8 +1,9 @@
 import { Tool, ToolSchema } from '../types';
+import { PolicyEnforcer } from '../policy';
 export { EditFileTool } from './edit';
 export declare class ToolRegistry {
     private tools;
-    constructor(projectRoot?: string);
+    constructor(projectRoot?: string, policyEnforcer?: PolicyEnforcer);
     register(tool: Tool): void;
     get(name: string): Tool | undefined;
     getSchemas(): ToolSchema[];

package/dist/tools/index.js

@@ -34,12 +34,12 @@ var edit_2 = require("./edit");
 Object.defineProperty(exports, "EditFileTool", { enumerable: true, get: function () { return edit_2.EditFileTool; } });
 class ToolRegistry {
     tools = new Map();
-    constructor(projectRoot) {
-        // Core file tools
+    constructor(projectRoot, policyEnforcer) {
+        // Core file tools — policy-enforced tools receive the enforcer
         this.register(new read_1.ReadFileTool());
-        this.register(new write_1.WriteFileTool());
-        this.register(new edit_1.EditFileTool());
-        this.register(new batch_edit_1.BatchEditTool());
+        this.register(new write_1.WriteFileTool(policyEnforcer));
+        this.register(new edit_1.EditFileTool(policyEnforcer));
+        this.register(new batch_edit_1.BatchEditTool(policyEnforcer));
         this.register(new execute_1.ExecuteTool());
         this.register(new glob_1.GlobTool());
         this.register(new grep_1.GrepTool());
@@ -51,7 +51,7 @@ class ToolRegistry {
         this.register(new browser_1.BrowserTool());
         this.register(new routine_1.RoutineTool());
         // v1.4.0 — intelligence & dev tools
-        this.register(new git_1.GitTool());
+        this.register(new git_1.GitTool(policyEnforcer));
         this.register(new code_analysis_1.CodeAnalysisTool());
         this.register(new multi_search_1.MultiSearchTool());
         this.register(new task_planner_1.TaskPlannerTool());

package/dist/tools/write.d.ts

@@ -1,8 +1,11 @@
 import { Tool } from '../types';
+import { PolicyEnforcer } from '../policy';
 export declare class WriteFileTool implements Tool {
     name: string;
     description: string;
     permission: Tool['permission'];
+    private policyEnforcer?;
+    constructor(policyEnforcer?: PolicyEnforcer);
     parameters: {
         type: string;
         properties: {

package/dist/tools/write.js

@@ -44,6 +44,10 @@ class WriteFileTool {
     name = 'write_file';
     description = 'Create a new file or overwrite an existing file with the given content. Automatically saves an undo snapshot for existing files.';
     permission = 'prompt';
+    policyEnforcer;
+    constructor(policyEnforcer) {
+        this.policyEnforcer = policyEnforcer;
+    }
     parameters = {
         type: 'object',
         properties: {
@@ -68,6 +72,13 @@ class WriteFileTool {
         if (!safety.safe) {
             return `Error: ${safety.reason}`;
         }
+        // Policy: filesystem restrictions (denied paths, read-only, writable scope)
+        if (this.policyEnforcer) {
+            const policyCheck = this.policyEnforcer.isPathWritable(filePath);
+            if (!policyCheck.allowed) {
+                return `Error: Blocked by policy — ${policyCheck.reason}`;
+            }
+        }
         // Security: secret detection (warn but don't block)
         const secrets = (0, secrets_1.scanForSecrets)(content);
         let warning = '';

package/dist/types.d.ts

@@ -33,6 +33,7 @@ export interface ProviderConfig {
 }
 export interface LLMProvider {
     name: string;
+    temperature?: number;
     chat(messages: Message[], tools?: ToolSchema[]): AsyncGenerator<StreamEvent>;
     listModels?(): Promise<string[]>;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codebot-ai",
-  "version": "1.6.0",
+  "version": "1.8.0",
   "description": "Zero-dependency autonomous AI agent. Code, browse, search, automate. Works with any LLM — Ollama, Claude, GPT, Gemini, DeepSeek, Groq, Mistral, Grok.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",