codebot-ai 1.7.0 → 1.8.0

package/dist/agent.d.ts

@@ -15,6 +15,7 @@ export declare class Agent {
     private auditLogger;
     private policyEnforcer;
     private tokenTracker;
+    private branchCreated;
     private askPermission;
     private onMessage?;
     constructor(opts: {
@@ -54,6 +55,15 @@ export declare class Agent {
      * or session resume corruption.
      */
     private repairToolCallMessages;
+    /**
+     * Auto-create a feature branch when always_branch is enabled and on main/master.
+     * Called before the first write/edit operation. Fail-open: if branching fails, continue.
+     */
+    private ensureBranch;
+    /** Sanitize user message into a branch-safe slug. */
+    private sanitizeSlug;
+    /** Check capability-based restrictions before tool execution. Returns reason string or null. */
+    private checkToolCapabilities;
     private buildSystemPrompt;
 }
 //# sourceMappingURL=agent.d.ts.map

package/dist/agent.js

@@ -104,15 +104,16 @@ class Agent {
     auditLogger;
     policyEnforcer;
     tokenTracker;
+    branchCreated = false;
     askPermission;
     onMessage;
     constructor(opts) {
         this.provider = opts.provider;
         this.model = opts.model;
-        this.tools = new tools_1.ToolRegistry(process.cwd());
-        this.context = new manager_1.ContextManager(opts.model, opts.provider);
-        // Load policy
+        // Load policy FIRST — tools need it for filesystem/git enforcement
         this.policyEnforcer = new policy_1.PolicyEnforcer((0, policy_1.loadPolicy)(process.cwd()), process.cwd());
+        this.tools = new tools_1.ToolRegistry(process.cwd(), this.policyEnforcer);
+        this.context = new manager_1.ContextManager(opts.model, opts.provider);
         // Use policy-defined max iterations as default, CLI overrides
         this.maxIterations = opts.maxIterations || this.policyEnforcer.getMaxIterations();
         this.autoApprove = opts.autoApprove || false;
@@ -326,6 +327,19 @@ class Agent {
             // Helper to execute a single tool with cache + rate limiting
             const executeTool = async (prep) => {
                 const toolName = prep.tc.function.name;
+                // Auto-branch on first write/edit when always_branch is enabled (v1.8.0)
+                if (toolName === 'write_file' || toolName === 'edit_file' || toolName === 'batch_edit') {
+                    const branchName = await this.ensureBranch();
+                    if (branchName) {
+                        this.auditLogger.log({ tool: 'git', action: 'execute', args: { branch: branchName }, result: 'auto-branch' });
+                    }
+                }
+                // Capability check: fine-grained resource restrictions (v1.8.0)
+                const capBlock = this.checkToolCapabilities(toolName, prep.args);
+                if (capBlock) {
+                    this.auditLogger.log({ tool: toolName, action: 'capability_block', args: prep.args, reason: capBlock });
+                    return { content: `Error: ${capBlock}`, is_error: true };
+                }
                 // Check cache first
                 if (prep.tool.cacheable) {
                     const cacheKey = cache_1.ToolCache.key(toolName, prep.args);
@@ -501,6 +515,78 @@ class Agent {
             }
         }
     }
+    /**
+     * Auto-create a feature branch when always_branch is enabled and on main/master.
+     * Called before the first write/edit operation. Fail-open: if branching fails, continue.
+     */
+    async ensureBranch() {
+        if (this.branchCreated)
+            return null;
+        if (!this.policyEnforcer.shouldAlwaysBranch())
+            return null;
+        try {
+            const { execSync } = require('child_process');
+            const cwd = process.cwd();
+            const currentBranch = execSync('git rev-parse --abbrev-ref HEAD', {
+                cwd, encoding: 'utf-8', timeout: 5000,
+            }).trim();
+            if (currentBranch !== 'main' && currentBranch !== 'master') {
+                this.branchCreated = true;
+                return null; // Already on a feature branch
+            }
+            // Generate branch name from first user message
+            const firstUserMsg = this.messages.find(m => m.role === 'user');
+            const prefix = this.policyEnforcer.getBranchPrefix();
+            const timestamp = new Date().toISOString().replace(/[:.]/g, '-').substring(0, 19);
+            const slug = this.sanitizeSlug(firstUserMsg?.content || 'task');
+            const branchName = `${prefix}${timestamp}-${slug}`;
+            execSync(`git checkout -b "${branchName}"`, {
+                cwd, encoding: 'utf-8', timeout: 10000,
+            });
+            this.branchCreated = true;
+            return branchName;
+        }
+        catch {
+            // Don't block the operation if branching fails (not in a git repo, etc.)
+            this.branchCreated = true; // Don't retry
+            return null;
+        }
+    }
+    /** Sanitize user message into a branch-safe slug. */
+    sanitizeSlug(message) {
+        return message
+            .toLowerCase()
+            .replace(/[^a-z0-9\s-]/g, '')
+            .replace(/\s+/g, '-')
+            .substring(0, 30)
+            .replace(/-+$/, '') || 'task';
+    }
+    /** Check capability-based restrictions before tool execution. Returns reason string or null. */
+    checkToolCapabilities(toolName, args) {
+        // fs_write check for write/edit tools
+        if ((toolName === 'write_file' || toolName === 'edit_file' || toolName === 'batch_edit') && args.path) {
+            const check = this.policyEnforcer.checkCapability(toolName, 'fs_write', args.path);
+            if (!check.allowed)
+                return check.reason || 'Capability blocked';
+        }
+        // shell_commands check for execute tool
+        if (toolName === 'execute' && args.command) {
+            const check = this.policyEnforcer.checkCapability(toolName, 'shell_commands', args.command);
+            if (!check.allowed)
+                return check.reason || 'Capability blocked';
+        }
+        // net_access check for web tools
+        if ((toolName === 'web_fetch' || toolName === 'http_client') && args.url) {
+            try {
+                const domain = new URL(args.url).hostname;
+                const check = this.policyEnforcer.checkCapability(toolName, 'net_access', domain);
+                if (!check.allowed)
+                    return check.reason || 'Capability blocked';
+            }
+            catch { /* invalid URL handled by the tool itself */ }
+        }
+        return null;
+    }
     buildSystemPrompt(supportsTools) {
         let repoMap = '';
         try {

package/dist/audit.d.ts

@@ -15,7 +15,7 @@ export interface AuditEntry {
     sessionId: string;
     sequence: number;
     tool: string;
-    action: 'execute' | 'deny' | 'error' | 'security_block' | 'policy_block';
+    action: 'execute' | 'deny' | 'error' | 'security_block' | 'policy_block' | 'capability_block';
     args: Record<string, unknown>;
     result?: string;
     reason?: string;

package/dist/capabilities.d.ts

@@ -0,0 +1,48 @@
+/**
+ * Capability-Based Tool Permissions for CodeBot v1.8.0
+ *
+ * Fine-grained, per-tool resource restrictions.
+ * Configured via .codebot/policy.json → tools.capabilities.
+ *
+ * Example:
+ * {
+ *   "execute": {
+ *     "shell_commands": ["npm", "node", "git", "tsc"],
+ *     "max_output_kb": 500
+ *   },
+ *   "write_file": {
+ *     "fs_write": ["./src/**", "./tests/**"]
+ *   }
+ * }
+ */
+export interface ToolCapabilities {
+    fs_read?: string[];
+    fs_write?: string[];
+    net_access?: string[];
+    shell_commands?: string[];
+    max_output_kb?: number;
+}
+export type CapabilityConfig = Record<string, ToolCapabilities>;
+export declare class CapabilityChecker {
+    private capabilities;
+    private projectRoot;
+    constructor(capabilities: CapabilityConfig, projectRoot: string);
+    /** Get capabilities for a tool. undefined = no restrictions. */
+    getToolCapabilities(toolName: string): ToolCapabilities | undefined;
+    /** Check if a specific capability is allowed. */
+    checkCapability(toolName: string, capabilityType: keyof ToolCapabilities, value: string | number): {
+        allowed: boolean;
+        reason?: string;
+    };
+    /** Check if a path matches any of the allowed glob patterns. */
+    private checkGlobs;
+    /** Check if a domain is in the allowed list. */
+    private checkDomain;
+    /** Check if a command starts with an allowed prefix. */
+    private checkCommandPrefix;
+    /** Check if output size is within the cap. */
+    private checkOutputSize;
+    /** Simple glob matching (** = any depth, * = one segment). */
+    private matchGlob;
+}
+//# sourceMappingURL=capabilities.d.ts.map

package/dist/capabilities.js

@@ -0,0 +1,187 @@
+"use strict";
+/**
+ * Capability-Based Tool Permissions for CodeBot v1.8.0
+ *
+ * Fine-grained, per-tool resource restrictions.
+ * Configured via .codebot/policy.json → tools.capabilities.
+ *
+ * Example:
+ * {
+ *   "execute": {
+ *     "shell_commands": ["npm", "node", "git", "tsc"],
+ *     "max_output_kb": 500
+ *   },
+ *   "write_file": {
+ *     "fs_write": ["./src/**", "./tests/**"]
+ *   }
+ * }
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CapabilityChecker = void 0;
+const path = __importStar(require("path"));
+// ── Capability Checker ──
+class CapabilityChecker {
+    capabilities;
+    projectRoot;
+    constructor(capabilities, projectRoot) {
+        this.capabilities = capabilities;
+        this.projectRoot = projectRoot;
+    }
+    /** Get capabilities for a tool. undefined = no restrictions. */
+    getToolCapabilities(toolName) {
+        return this.capabilities[toolName];
+    }
+    /** Check if a specific capability is allowed. */
+    checkCapability(toolName, capabilityType, value) {
+        const caps = this.capabilities[toolName];
+        if (!caps)
+            return { allowed: true }; // No caps defined = unrestricted
+        switch (capabilityType) {
+            case 'fs_read':
+                return this.checkGlobs(caps.fs_read, value, 'fs_read', toolName);
+            case 'fs_write':
+                return this.checkGlobs(caps.fs_write, value, 'fs_write', toolName);
+            case 'net_access':
+                return this.checkDomain(caps.net_access, value, toolName);
+            case 'shell_commands':
+                return this.checkCommandPrefix(caps.shell_commands, value, toolName);
+            case 'max_output_kb':
+                return this.checkOutputSize(caps.max_output_kb, value, toolName);
+            default:
+                return { allowed: true };
+        }
+    }
+    /** Check if a path matches any of the allowed glob patterns. */
+    checkGlobs(patterns, filePath, capName, toolName) {
+        if (!patterns || patterns.length === 0)
+            return { allowed: true };
+        const resolved = path.resolve(filePath);
+        const relative = path.relative(this.projectRoot, resolved);
+        // Don't restrict paths outside the project (those are handled by security.ts)
+        if (relative.startsWith('..'))
+            return { allowed: true };
+        for (const pattern of patterns) {
+            if (this.matchGlob(relative, pattern)) {
+                return { allowed: true };
+            }
+        }
+        return {
+            allowed: false,
+            reason: `Tool "${toolName}" ${capName} capability blocks "${relative}" (allowed: ${patterns.join(', ')})`,
+        };
+    }
+    /** Check if a domain is in the allowed list. */
+    checkDomain(allowed, domain, toolName) {
+        if (allowed === undefined)
+            return { allowed: true }; // undefined = unrestricted
+        if (allowed.length === 0) {
+            // Empty array = no network access allowed
+            return {
+                allowed: false,
+                reason: `Tool "${toolName}" has no allowed network domains`,
+            };
+        }
+        if (allowed.includes('*'))
+            return { allowed: true };
+        const normalizedDomain = domain.toLowerCase();
+        for (const d of allowed) {
+            const nd = d.toLowerCase();
+            if (normalizedDomain === nd)
+                return { allowed: true };
+            if (normalizedDomain.endsWith('.' + nd))
+                return { allowed: true };
+        }
+        return {
+            allowed: false,
+            reason: `Tool "${toolName}" cannot access domain "${domain}" (allowed: ${allowed.join(', ')})`,
+        };
+    }
+    /** Check if a command starts with an allowed prefix. */
+    checkCommandPrefix(allowed, command, toolName) {
+        if (!allowed || allowed.length === 0)
+            return { allowed: true };
+        const cmd = command.trim();
+        for (const prefix of allowed) {
+            if (cmd === prefix || cmd.startsWith(prefix + ' ')) {
+                return { allowed: true };
+            }
+        }
+        // Extract first word for the error message
+        const firstWord = cmd.split(/\s+/)[0] || cmd.substring(0, 30);
+        return {
+            allowed: false,
+            reason: `Tool "${toolName}" cannot run "${firstWord}" (allowed commands: ${allowed.join(', ')})`,
+        };
+    }
+    /** Check if output size is within the cap. */
+    checkOutputSize(maxKb, actualKb, toolName) {
+        if (maxKb === undefined || maxKb <= 0)
+            return { allowed: true };
+        if (actualKb <= maxKb)
+            return { allowed: true };
+        return {
+            allowed: false,
+            reason: `Tool "${toolName}" output ${actualKb}KB exceeds cap of ${maxKb}KB`,
+        };
+    }
+    /** Simple glob matching (** = any depth, * = one segment). */
+    matchGlob(relativePath, pattern) {
+        const cleanPattern = pattern.replace(/^\.\//, '');
+        const cleanPath = relativePath.replace(/^\.\//, '');
+        // Exact match
+        if (cleanPath === cleanPattern)
+            return true;
+        // Prefix match (directory)
+        if (cleanPath.startsWith(cleanPattern + '/'))
+            return true;
+        if (cleanPath.startsWith(cleanPattern + path.sep))
+            return true;
+        // Glob expansion
+        if (pattern.includes('*')) {
+            const regex = new RegExp('^' +
+                cleanPattern
+                    .replace(/[.+^${}()|[\]\\]/g, '\\$&')
+                    .replace(/\*\*/g, '<<GLOBSTAR>>')
+                    .replace(/\*/g, '[^/]*')
+                    .replace(/<<GLOBSTAR>>/g, '.*') +
+                '$');
+            return regex.test(cleanPath);
+        }
+        return false;
+    }
+}
+exports.CapabilityChecker = CapabilityChecker;
+//# sourceMappingURL=capabilities.js.map

package/dist/cli.js

@@ -49,7 +49,8 @@ const scheduler_1 = require("./scheduler");
 const audit_1 = require("./audit");
 const policy_1 = require("./policy");
 const sandbox_1 = require("./sandbox");
-const VERSION = '1.7.0';
+const replay_1 = require("./replay");
+const VERSION = '1.8.0';
 const C = {
     reset: '\x1b[0m',
     bold: '\x1b[1m',
@@ -168,6 +169,65 @@ async function main() {
         console.log(`  Network: ${info.defaults.network ? 'enabled' : 'disabled'} by default`);
         return;
     }
+    // --replay: Replay a saved session
+    if (args.replay) {
+        const replayId = typeof args.replay === 'string'
+            ? args.replay
+            : history_1.SessionManager.latest();
+        if (!replayId) {
+            console.log(c('No session to replay. Specify an ID or ensure a previous session exists.', 'yellow'));
+            return;
+        }
+        const data = (0, replay_1.loadSessionForReplay)(replayId);
+        if (!data) {
+            console.log(c(`Session ${replayId} not found or empty.`, 'red'));
+            return;
+        }
+        console.log(c(`\nReplaying session ${replayId.substring(0, 12)}...`, 'cyan'));
+        console.log(c(`  ${data.messages.length} messages (${data.userMessages.length} user, ${data.assistantMessages.length} assistant)`, 'dim'));
+        const replayProvider = new replay_1.ReplayProvider(data.assistantMessages);
+        const config = await resolveConfig(args);
+        const agent = new agent_1.Agent({
+            provider: replayProvider,
+            model: config.model,
+            providerName: 'replay',
+            autoApprove: true,
+        });
+        // Collect recorded tool results in order for sequential comparison
+        const recordedResults = Array.from(data.toolResults.values());
+        let resultIndex = 0;
+        let divergences = 0;
+        for (const userMsg of data.userMessages) {
+            console.log(c(`\n> ${truncate(userMsg.content, 100)}`, 'cyan'));
+            for await (const event of agent.run(userMsg.content)) {
+                if (event.type === 'tool_result' && event.toolResult && !event.toolResult.is_error) {
+                    const recorded = recordedResults[resultIndex++];
+                    if (recorded !== undefined) {
+                        const diff = (0, replay_1.compareOutputs)(recorded, event.toolResult.result);
+                        if (diff) {
+                            divergences++;
+                            console.log(c(`  ⚠ Divergence in ${event.toolResult.name || 'tool'}:`, 'yellow'));
+                            console.log(c(`    ${diff.split('\n').join('\n    ')}`, 'dim'));
+                        }
+                        else {
+                            console.log(c(`  ✓ ${event.toolResult.name || 'tool'} — output matches`, 'green'));
+                        }
+                    }
+                }
+                else if (event.type === 'text') {
+                    process.stdout.write(c('.', 'dim'));
+                }
+            }
+        }
+        console.log(c(`\n\nReplay complete.`, 'bold'));
+        if (divergences === 0) {
+            console.log(c('  All tool outputs match — session is reproducible.', 'green'));
+        }
+        else {
+            console.log(c(`  ${divergences} divergence(s) detected — environment may have changed.`, 'yellow'));
+        }
+        return;
+    }
     // First run: auto-launch setup if nothing is configured
     if ((0, setup_1.isFirstRun)() && process.stdin.isTTY && !args.message) {
         console.log(c('Welcome! No configuration found — launching setup...', 'cyan'));
@@ -177,6 +237,11 @@ async function main() {
     }
     const config = await resolveConfig(args);
     const provider = createProvider(config);
+    // Deterministic mode: set temperature=0
+    if (args.deterministic) {
+        provider.temperature = 0;
+        console.log(c('  Deterministic mode: temperature=0', 'dim'));
+    }
     // Session management
     let resumeId;
     if (args.continue) {
@@ -637,6 +702,21 @@ function parseArgs(argv) {
             }
             continue;
         }
+        if (arg === '--replay') {
+            const next = argv[i + 1];
+            if (next && !next.startsWith('--')) {
+                result['replay'] = next;
+                i++;
+            }
+            else {
+                result['replay'] = true; // replay latest
+            }
+            continue;
+        }
+        if (arg === '--deterministic') {
+            result['deterministic'] = true;
+            continue;
+        }
         if (arg.startsWith('--')) {
             const key = arg.slice(2);
             const next = argv[i + 1];
@@ -692,6 +772,10 @@ ${c('Security & Policy:', 'bold')}
   --verify-audit [id]  Verify audit log hash chain integrity
   --sandbox-info       Show Docker sandbox status
 
+${c('Debugging & Replay:', 'bold')}
+  --replay [id]        Replay a session, re-execute tools, compare outputs
+  --deterministic      Set temperature=0 for reproducible outputs
+
 ${c('Supported Providers:', 'bold')}
   Local:      Ollama, LM Studio, vLLM (auto-detected)
   Anthropic:  Claude Opus/Sonnet/Haiku (ANTHROPIC_API_KEY)

package/dist/history.d.ts

@@ -1,4 +1,5 @@
 import { Message } from './types';
+import { IntegrityResult } from './integrity';
 export interface SessionMeta {
     id: string;
     model: string;
@@ -11,14 +12,17 @@ export declare class SessionManager {
     private sessionId;
     private filePath;
     private model;
+    private integrityKey;
     constructor(model: string, sessionId?: string);
     getId(): string;
-    /** Append a message to the session file */
+    /** Append a message to the session file (HMAC signed) */
     save(message: Message): void;
-    /** Save all messages (atomic overwrite via temp file + rename) */
+    /** Save all messages (atomic overwrite, HMAC signed) */
     saveAll(messages: Message[]): void;
-    /** Load messages from a session file (skips malformed lines) */
+    /** Load messages from a session file (verifies HMAC, drops tampered) */
     load(): Message[];
+    /** Verify integrity of all messages in this session. */
+    verifyIntegrity(): IntegrityResult;
     /** List recent sessions */
     static list(limit?: number): SessionMeta[];
     /** Get the most recent session ID */

package/dist/history.js

@@ -38,38 +38,50 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const os = __importStar(require("os"));
 const crypto = __importStar(require("crypto"));
+const integrity_1 = require("./integrity");
 const SESSIONS_DIR = path.join(os.homedir(), '.codebot', 'sessions');
 class SessionManager {
     sessionId;
     filePath;
     model;
+    integrityKey;
     constructor(model, sessionId) {
         this.model = model;
         this.sessionId = sessionId || crypto.randomUUID();
+        this.integrityKey = (0, integrity_1.deriveSessionKey)(this.sessionId);
         fs.mkdirSync(SESSIONS_DIR, { recursive: true });
         this.filePath = path.join(SESSIONS_DIR, `${this.sessionId}.jsonl`);
     }
     getId() {
         return this.sessionId;
     }
-    /** Append a message to the session file */
+    /** Append a message to the session file (HMAC signed) */
     save(message) {
         try {
-            const line = JSON.stringify({
+            const record = {
                 ...message,
                 _ts: new Date().toISOString(),
                 _model: this.model,
-            });
-            fs.appendFileSync(this.filePath, line + '\n');
+            };
+            record._sig = (0, integrity_1.signMessage)(record, this.integrityKey);
+            fs.appendFileSync(this.filePath, JSON.stringify(record) + '\n');
         }
         catch {
             // Don't crash on write failure — session persistence is best-effort
         }
     }
-    /** Save all messages (atomic overwrite via temp file + rename) */
+    /** Save all messages (atomic overwrite, HMAC signed) */
     saveAll(messages) {
         try {
-            const lines = messages.map(m => JSON.stringify({ ...m, _ts: new Date().toISOString(), _model: this.model }));
+            const lines = messages.map(m => {
+                const record = {
+                    ...m,
+                    _ts: new Date().toISOString(),
+                    _model: this.model,
+                };
+                record._sig = (0, integrity_1.signMessage)(record, this.integrityKey);
+                return JSON.stringify(record);
+            });
             const tmpPath = this.filePath + '.tmp';
             fs.writeFileSync(tmpPath, lines.join('\n') + '\n');
             fs.renameSync(tmpPath, this.filePath);
@@ -78,7 +90,7 @@ class SessionManager {
             // Don't crash — session persistence is best-effort
         }
     }
-    /** Load messages from a session file (skips malformed lines) */
+    /** Load messages from a session file (verifies HMAC, drops tampered) */
     load() {
         if (!fs.existsSync(this.filePath))
             return [];
@@ -92,20 +104,55 @@ class SessionManager {
         if (!content)
             return [];
         const messages = [];
+        let dropped = 0;
         for (const line of content.split('\n')) {
             try {
                 const obj = JSON.parse(line);
+                // Verify integrity if signature present (backward compat: unsigned messages pass)
+                if (obj._sig) {
+                    if (!(0, integrity_1.verifyMessage)(obj, this.integrityKey)) {
+                        dropped++;
+                        continue; // Drop tampered message
+                    }
+                }
                 delete obj._ts;
                 delete obj._model;
+                delete obj._sig;
                 messages.push(obj);
             }
             catch {
-                // Skip malformed line — don't crash the whole load
                 continue;
             }
         }
+        if (dropped > 0) {
+            console.warn(`Warning: Dropped ${dropped} tampered message(s) from session ${this.sessionId.substring(0, 8)}.`);
+        }
         return messages;
     }
+    /** Verify integrity of all messages in this session. */
+    verifyIntegrity() {
+        if (!fs.existsSync(this.filePath)) {
+            return { valid: 0, tampered: 0, unsigned: 0, tamperedIndices: [] };
+        }
+        try {
+            const content = fs.readFileSync(this.filePath, 'utf-8').trim();
+            if (!content)
+                return { valid: 0, tampered: 0, unsigned: 0, tamperedIndices: [] };
+            const records = [];
+            for (const line of content.split('\n')) {
+                try {
+                    records.push(JSON.parse(line));
+                }
+                catch {
+                    continue;
+                }
+            }
+            return (0, integrity_1.verifyMessages)(records, this.integrityKey);
+        }
+        catch {
+            return { valid: 0, tampered: 0, unsigned: 0, tamperedIndices: [] };
+        }
+    }
     /** List recent sessions */
     static list(limit = 10) {
         if (!fs.existsSync(SESSIONS_DIR))

package/dist/index.d.ts

@@ -11,5 +11,11 @@ export { loadPlugins } from './plugins';
 export { loadMCPTools } from './mcp';
 export { MODEL_REGISTRY, PROVIDER_DEFAULTS, getModelInfo, detectProvider } from './providers/registry';
 export type { ModelInfo } from './providers/registry';
+export { CapabilityChecker } from './capabilities';
+export type { ToolCapabilities, CapabilityConfig } from './capabilities';
+export { deriveSessionKey, signMessage, verifyMessage, verifyMessages } from './integrity';
+export type { IntegrityResult } from './integrity';
+export { ReplayProvider, loadSessionForReplay, compareOutputs, listReplayableSessions } from './replay';
+export type { SessionReplayData, ReplayDivergence } from './replay';
 export * from './types';
 //# sourceMappingURL=index.d.ts.map