codebot-ai 1.7.0 → 1.8.0

package/dist/index.js

@@ -14,7 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.detectProvider = exports.getModelInfo = exports.PROVIDER_DEFAULTS = exports.MODEL_REGISTRY = exports.loadMCPTools = exports.loadPlugins = exports.parseToolCalls = exports.MemoryManager = exports.SessionManager = exports.buildRepoMap = exports.ContextManager = exports.ToolRegistry = exports.AnthropicProvider = exports.OpenAIProvider = exports.Agent = void 0;
+exports.listReplayableSessions = exports.compareOutputs = exports.loadSessionForReplay = exports.ReplayProvider = exports.verifyMessages = exports.verifyMessage = exports.signMessage = exports.deriveSessionKey = exports.CapabilityChecker = exports.detectProvider = exports.getModelInfo = exports.PROVIDER_DEFAULTS = exports.MODEL_REGISTRY = exports.loadMCPTools = exports.loadPlugins = exports.parseToolCalls = exports.MemoryManager = exports.SessionManager = exports.buildRepoMap = exports.ContextManager = exports.ToolRegistry = exports.AnthropicProvider = exports.OpenAIProvider = exports.Agent = void 0;
 var agent_1 = require("./agent");
 Object.defineProperty(exports, "Agent", { enumerable: true, get: function () { return agent_1.Agent; } });
 var openai_1 = require("./providers/openai");
@@ -42,5 +42,17 @@ Object.defineProperty(exports, "MODEL_REGISTRY", { enumerable: true, get: functi
 Object.defineProperty(exports, "PROVIDER_DEFAULTS", { enumerable: true, get: function () { return registry_1.PROVIDER_DEFAULTS; } });
 Object.defineProperty(exports, "getModelInfo", { enumerable: true, get: function () { return registry_1.getModelInfo; } });
 Object.defineProperty(exports, "detectProvider", { enumerable: true, get: function () { return registry_1.detectProvider; } });
+var capabilities_1 = require("./capabilities");
+Object.defineProperty(exports, "CapabilityChecker", { enumerable: true, get: function () { return capabilities_1.CapabilityChecker; } });
+var integrity_1 = require("./integrity");
+Object.defineProperty(exports, "deriveSessionKey", { enumerable: true, get: function () { return integrity_1.deriveSessionKey; } });
+Object.defineProperty(exports, "signMessage", { enumerable: true, get: function () { return integrity_1.signMessage; } });
+Object.defineProperty(exports, "verifyMessage", { enumerable: true, get: function () { return integrity_1.verifyMessage; } });
+Object.defineProperty(exports, "verifyMessages", { enumerable: true, get: function () { return integrity_1.verifyMessages; } });
+var replay_1 = require("./replay");
+Object.defineProperty(exports, "ReplayProvider", { enumerable: true, get: function () { return replay_1.ReplayProvider; } });
+Object.defineProperty(exports, "loadSessionForReplay", { enumerable: true, get: function () { return replay_1.loadSessionForReplay; } });
+Object.defineProperty(exports, "compareOutputs", { enumerable: true, get: function () { return replay_1.compareOutputs; } });
+Object.defineProperty(exports, "listReplayableSessions", { enumerable: true, get: function () { return replay_1.listReplayableSessions; } });
 __exportStar(require("./types"), exports);
 //# sourceMappingURL=index.js.map

package/dist/integrity.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Session History Integrity for CodeBot v1.8.0
+ *
+ * HMAC-SHA256 signing/verification for session messages.
+ * Key: SHA-256(sessionId + machineId) where machineId = hostname:username.
+ *
+ * This is tamper-DETECTION, not tamper-prevention. The key is deterministic
+ * per session+machine so verification works without storing keys separately.
+ *
+ * Uses Node's built-in crypto module — zero runtime dependencies.
+ */
+/** Derive a per-session HMAC key. Deterministic for same session+machine. */
+export declare function deriveSessionKey(sessionId: string): Buffer;
+/**
+ * Compute HMAC-SHA256 signature for a message object.
+ * Excludes the _sig field from the signing input.
+ */
+export declare function signMessage(message: Record<string, unknown>, key: Buffer): string;
+/**
+ * Verify a message's HMAC signature.
+ * Returns false if no signature present or if it doesn't match.
+ */
+export declare function verifyMessage(message: Record<string, unknown>, key: Buffer): boolean;
+export interface IntegrityResult {
+    valid: number;
+    tampered: number;
+    unsigned: number;
+    tamperedIndices: number[];
+}
+/**
+ * Verify an array of signed messages.
+ * Unsigned messages (pre-v1.8.0) are counted but not flagged as tampered.
+ */
+export declare function verifyMessages(messages: Array<Record<string, unknown>>, key: Buffer): IntegrityResult;
+//# sourceMappingURL=integrity.d.ts.map

package/dist/integrity.js

@@ -0,0 +1,135 @@
+"use strict";
+/**
+ * Session History Integrity for CodeBot v1.8.0
+ *
+ * HMAC-SHA256 signing/verification for session messages.
+ * Key: SHA-256(sessionId + machineId) where machineId = hostname:username.
+ *
+ * This is tamper-DETECTION, not tamper-prevention. The key is deterministic
+ * per session+machine so verification works without storing keys separately.
+ *
+ * Uses Node's built-in crypto module — zero runtime dependencies.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.deriveSessionKey = deriveSessionKey;
+exports.signMessage = signMessage;
+exports.verifyMessage = verifyMessage;
+exports.verifyMessages = verifyMessages;
+const crypto = __importStar(require("crypto"));
+const os = __importStar(require("os"));
+// ── Key Derivation ──
+/** Derive a per-session HMAC key. Deterministic for same session+machine. */
+function deriveSessionKey(sessionId) {
+    const machineId = os.hostname() + ':' + getUserName();
+    return crypto.createHash('sha256')
+        .update(sessionId + machineId)
+        .digest();
+}
+/** Get username safely. */
+function getUserName() {
+    try {
+        return os.userInfo().username;
+    }
+    catch {
+        return 'unknown';
+    }
+}
+// ── Signing & Verification ──
+/**
+ * Compute HMAC-SHA256 signature for a message object.
+ * Excludes the _sig field from the signing input.
+ */
+function signMessage(message, key) {
+    const payload = canonicalize(message);
+    return crypto.createHmac('sha256', key)
+        .update(payload)
+        .digest('hex');
+}
+/**
+ * Verify a message's HMAC signature.
+ * Returns false if no signature present or if it doesn't match.
+ */
+function verifyMessage(message, key) {
+    const sig = message._sig;
+    if (!sig)
+        return false;
+    const expected = signMessage(message, key);
+    try {
+        return crypto.timingSafeEqual(Buffer.from(sig, 'hex'), Buffer.from(expected, 'hex'));
+    }
+    catch {
+        return false; // Different lengths or invalid hex
+    }
+}
+/**
+ * Canonical JSON representation for signing.
+ * Excludes _sig field. Keys are sorted for determinism.
+ */
+function canonicalize(obj) {
+    const sorted = {};
+    for (const key of Object.keys(obj).sort()) {
+        if (key === '_sig')
+            continue;
+        sorted[key] = obj[key];
+    }
+    return JSON.stringify(sorted);
+}
+/**
+ * Verify an array of signed messages.
+ * Unsigned messages (pre-v1.8.0) are counted but not flagged as tampered.
+ */
+function verifyMessages(messages, key) {
+    let valid = 0;
+    let tampered = 0;
+    let unsigned = 0;
+    const tamperedIndices = [];
+    for (let i = 0; i < messages.length; i++) {
+        const msg = messages[i];
+        if (!msg._sig) {
+            unsigned++;
+            continue;
+        }
+        if (verifyMessage(msg, key)) {
+            valid++;
+        }
+        else {
+            tampered++;
+            tamperedIndices.push(i);
+        }
+    }
+    return { valid, tampered, unsigned, tamperedIndices };
+}
+//# sourceMappingURL=integrity.js.map

package/dist/policy.d.ts

@@ -5,6 +5,7 @@
  * Policy files: .codebot/policy.json (project) + ~/.codebot/policy.json (global)
  * Project policy overrides global policy where specified.
  */
+import { ToolCapabilities } from './capabilities';
 export interface PolicyExecution {
     sandbox?: 'docker' | 'host' | 'auto';
     network?: boolean;
@@ -24,6 +25,7 @@ export interface PolicyTools {
     enabled?: string[];
     disabled?: string[];
     permissions?: PolicyToolPermission;
+    capabilities?: Record<string, ToolCapabilities>;
 }
 export interface PolicySecrets {
     block_on_detect?: boolean;
@@ -108,6 +110,13 @@ export declare class PolicyEnforcer {
     getMaxFileSizeBytes(): number;
     /** Get cost limit in USD (0 = no limit). */
     getCostLimitUsd(): number;
+    /** Get capability restrictions for a tool. undefined = unrestricted. */
+    getToolCapabilities(toolName: string): ToolCapabilities | undefined;
+    /** Check a specific capability for a tool. Returns { allowed, reason }. */
+    checkCapability(toolName: string, capabilityType: keyof ToolCapabilities, value: string | number): {
+        allowed: boolean;
+        reason?: string;
+    };
     /**
      * Simple glob-like pattern matching:
      * - `*` matches any single path component

package/dist/policy.js

@@ -46,12 +46,13 @@ exports.generateDefaultPolicyFile = generateDefaultPolicyFile;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const os = __importStar(require("os"));
+const capabilities_1 = require("./capabilities");
 // ── Default Policy ──
 exports.DEFAULT_POLICY = {
     version: '1.0',
     execution: {
         sandbox: 'auto',
-        network: true,
+        network: false, // safe default: no network in sandbox
         timeout_seconds: 120,
         max_memory_mb: 512,
     },
@@ -67,12 +68,12 @@ exports.DEFAULT_POLICY = {
         permissions: {},
     },
     secrets: {
-        block_on_detect: false,
+        block_on_detect: true, // safe default: block writes containing secrets
         scan_on_write: true,
         allowed_patterns: [],
     },
     git: {
-        always_branch: false,
+        always_branch: true, // safe default: auto-branch on first write
         branch_prefix: 'codebot/',
         require_tests_before_commit: false,
         never_push_main: true,
@@ -327,6 +328,19 @@ class PolicyEnforcer {
     getCostLimitUsd() {
         return this.policy.limits?.cost_limit_usd || 0;
     }
+    // ── Capabilities (v1.8.0) ──
+    /** Get capability restrictions for a tool. undefined = unrestricted. */
+    getToolCapabilities(toolName) {
+        return this.policy.tools?.capabilities?.[toolName];
+    }
+    /** Check a specific capability for a tool. Returns { allowed, reason }. */
+    checkCapability(toolName, capabilityType, value) {
+        const caps = this.policy.tools?.capabilities;
+        if (!caps)
+            return { allowed: true };
+        const checker = new capabilities_1.CapabilityChecker(caps, this.projectRoot);
+        return checker.checkCapability(toolName, capabilityType, value);
+    }
     // ── Helpers ──
     /**
      * Simple glob-like pattern matching:
@@ -374,7 +388,7 @@ function generateDefaultPolicyFile() {
         version: '1.0',
         execution: {
             sandbox: 'auto',
-            network: true,
+            network: false,
             timeout_seconds: 120,
             max_memory_mb: 512,
         },
@@ -392,13 +406,25 @@ function generateDefaultPolicyFile() {
                 write_file: 'prompt',
                 edit_file: 'prompt',
             },
+            capabilities: {
+                execute: {
+                    shell_commands: [
+                        'npm', 'npx', 'node', 'git', 'tsc', 'eslint', 'prettier',
+                        'jest', 'vitest', 'pytest', 'make', 'cargo', 'go', 'python',
+                        'python3', 'ruby', 'php', 'java', 'javac', 'mvn', 'gradle',
+                        'docker', 'ls', 'cat', 'head', 'tail', 'wc', 'sort', 'uniq',
+                        'find', 'which', 'echo', 'pwd', 'env', 'date',
+                    ],
+                    max_output_kb: 500,
+                },
+            },
         },
         secrets: {
-            block_on_detect: false,
+            block_on_detect: true,
             scan_on_write: true,
         },
         git: {
-            always_branch: false,
+            always_branch: true,
             branch_prefix: 'codebot/',
             require_tests_before_commit: false,
             never_push_main: true,

package/dist/providers/anthropic.d.ts

@@ -1,6 +1,7 @@
 import { LLMProvider, Message, ToolSchema, StreamEvent, ProviderConfig } from '../types';
 export declare class AnthropicProvider implements LLMProvider {
     name: string;
+    temperature?: number;
     private config;
     constructor(config: ProviderConfig);
     chat(messages: Message[], tools?: ToolSchema[]): AsyncGenerator<StreamEvent>;

package/dist/providers/anthropic.js

@@ -4,6 +4,7 @@ exports.AnthropicProvider = void 0;
 const retry_1 = require("../retry");
 class AnthropicProvider {
     name;
+    temperature;
     config;
     constructor(config) {
         this.config = config;
@@ -22,6 +23,9 @@ class AnthropicProvider {
             max_tokens: 8192,
             stream: true,
         };
+        if (this.temperature !== undefined) {
+            body.temperature = this.temperature;
+        }
         if (systemPrompt) {
             body.system = systemPrompt;
         }

package/dist/providers/openai.d.ts

@@ -1,6 +1,7 @@
 import { LLMProvider, Message, ToolSchema, StreamEvent, ProviderConfig } from '../types';
 export declare class OpenAIProvider implements LLMProvider {
     name: string;
+    temperature?: number;
     private config;
     private supportsTools;
     constructor(config: ProviderConfig);

package/dist/providers/openai.js

@@ -5,6 +5,7 @@ const registry_1 = require("./registry");
 const retry_1 = require("../retry");
 class OpenAIProvider {
     name;
+    temperature;
     config;
     supportsTools;
     constructor(config) {
@@ -25,6 +26,9 @@ class OpenAIProvider {
             messages: messages.map(m => this.formatMessage(m)),
             stream: true,
         };
+        if (this.temperature !== undefined) {
+            body.temperature = this.temperature;
+        }
         if (tools?.length && this.supportsTools) {
             body.tools = tools;
         }

package/dist/replay.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Session Replay Engine for CodeBot v1.8.0
+ *
+ * Replays saved sessions by feeding recorded assistant responses
+ * instead of calling the LLM. Tool calls are re-executed and outputs
+ * compared against recorded results to detect environment divergences.
+ *
+ * Usage:
+ *   codebot --replay <session-id>
+ *   codebot --replay              (replays latest session)
+ */
+import { Message, LLMProvider, ToolSchema, StreamEvent } from './types';
+/**
+ * Mock LLM provider that feeds recorded assistant messages.
+ * Used during replay to bypass actual LLM calls.
+ */
+export declare class ReplayProvider implements LLMProvider {
+    name: string;
+    private assistantMessages;
+    private callIndex;
+    constructor(assistantMessages: Message[]);
+    chat(_messages: Message[], _tools?: ToolSchema[]): AsyncGenerator<StreamEvent>;
+}
+export interface SessionReplayData {
+    messages: Message[];
+    assistantMessages: Message[];
+    userMessages: Message[];
+    toolResults: Map<string, string>;
+}
+/**
+ * Load a session from disk and prepare it for replay.
+ * Returns null if session doesn't exist or is empty.
+ */
+export declare function loadSessionForReplay(sessionId: string): SessionReplayData | null;
+export interface ReplayDivergence {
+    toolCallId: string;
+    toolName: string;
+    type: 'output_mismatch';
+    diff: string;
+}
+/**
+ * Compare recorded vs actual tool output.
+ * Returns null if identical, or a diff description.
+ */
+export declare function compareOutputs(recorded: string, actual: string): string | null;
+/**
+ * List sessions available for replay.
+ */
+export declare function listReplayableSessions(limit?: number): Array<{
+    id: string;
+    preview: string;
+    messageCount: number;
+    date: string;
+}>;
+//# sourceMappingURL=replay.d.ts.map

package/dist/replay.js

@@ -0,0 +1,196 @@
+"use strict";
+/**
+ * Session Replay Engine for CodeBot v1.8.0
+ *
+ * Replays saved sessions by feeding recorded assistant responses
+ * instead of calling the LLM. Tool calls are re-executed and outputs
+ * compared against recorded results to detect environment divergences.
+ *
+ * Usage:
+ *   codebot --replay <session-id>
+ *   codebot --replay              (replays latest session)
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ReplayProvider = void 0;
+exports.loadSessionForReplay = loadSessionForReplay;
+exports.compareOutputs = compareOutputs;
+exports.listReplayableSessions = listReplayableSessions;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+// ── Replay Provider ──
+/**
+ * Mock LLM provider that feeds recorded assistant messages.
+ * Used during replay to bypass actual LLM calls.
+ */
+class ReplayProvider {
+    name = 'replay';
+    assistantMessages;
+    callIndex = 0;
+    constructor(assistantMessages) {
+        this.assistantMessages = assistantMessages;
+    }
+    async *chat(_messages, _tools) {
+        const msg = this.assistantMessages[this.callIndex++];
+        if (!msg) {
+            yield { type: 'text', text: '[replay: no more recorded responses]' };
+            yield { type: 'done' };
+            return;
+        }
+        // Emit text content
+        if (msg.content) {
+            yield { type: 'text', text: msg.content };
+        }
+        // Emit tool calls
+        if (msg.tool_calls) {
+            for (const tc of msg.tool_calls) {
+                yield {
+                    type: 'tool_call_end',
+                    toolCall: tc,
+                };
+            }
+        }
+        yield { type: 'done' };
+    }
+}
+exports.ReplayProvider = ReplayProvider;
+/**
+ * Load a session from disk and prepare it for replay.
+ * Returns null if session doesn't exist or is empty.
+ */
+function loadSessionForReplay(sessionId) {
+    const sessionsDir = path.join(os.homedir(), '.codebot', 'sessions');
+    const filePath = path.join(sessionsDir, `${sessionId}.jsonl`);
+    if (!fs.existsSync(filePath))
+        return null;
+    let content;
+    try {
+        content = fs.readFileSync(filePath, 'utf-8').trim();
+    }
+    catch {
+        return null;
+    }
+    if (!content)
+        return null;
+    const messages = [];
+    for (const line of content.split('\n')) {
+        try {
+            const obj = JSON.parse(line);
+            delete obj._ts;
+            delete obj._model;
+            delete obj._sig;
+            messages.push(obj);
+        }
+        catch {
+            continue;
+        }
+    }
+    if (messages.length === 0)
+        return null;
+    const assistantMessages = messages.filter(m => m.role === 'assistant');
+    const userMessages = messages.filter(m => m.role === 'user');
+    const toolResults = new Map();
+    for (const msg of messages) {
+        if (msg.role === 'tool' && msg.tool_call_id) {
+            toolResults.set(msg.tool_call_id, msg.content);
+        }
+    }
+    return { messages, assistantMessages, userMessages, toolResults };
+}
+/**
+ * Compare recorded vs actual tool output.
+ * Returns null if identical, or a diff description.
+ */
+function compareOutputs(recorded, actual) {
+    if (recorded === actual)
+        return null;
+    // Normalize whitespace for soft comparison
+    const normRecorded = recorded.trim().replace(/\s+/g, ' ');
+    const normActual = actual.trim().replace(/\s+/g, ' ');
+    if (normRecorded === normActual)
+        return null;
+    const maxShow = 200;
+    const expectedSnippet = normRecorded.length > maxShow
+        ? normRecorded.substring(0, maxShow) + '...'
+        : normRecorded;
+    const actualSnippet = normActual.length > maxShow
+        ? normActual.substring(0, maxShow) + '...'
+        : normActual;
+    return `Expected: ${expectedSnippet}\nActual:   ${actualSnippet}`;
+}
+// ── Session Listing ──
+/**
+ * List sessions available for replay.
+ */
+function listReplayableSessions(limit = 10) {
+    const sessionsDir = path.join(os.homedir(), '.codebot', 'sessions');
+    if (!fs.existsSync(sessionsDir))
+        return [];
+    const files = fs.readdirSync(sessionsDir)
+        .filter(f => f.endsWith('.jsonl'))
+        .map(f => {
+        const stat = fs.statSync(path.join(sessionsDir, f));
+        return { name: f, mtime: stat.mtime };
+    })
+        .sort((a, b) => b.mtime.getTime() - a.mtime.getTime())
+        .slice(0, limit);
+    return files.map(f => {
+        const id = f.name.replace('.jsonl', '');
+        const fullPath = path.join(sessionsDir, f.name);
+        try {
+            const content = fs.readFileSync(fullPath, 'utf-8').trim();
+            const lines = content ? content.split('\n') : [];
+            let preview = '';
+            for (const line of lines) {
+                try {
+                    const msg = JSON.parse(line);
+                    if (msg.role === 'user') {
+                        preview = msg.content.substring(0, 80);
+                        break;
+                    }
+                }
+                catch {
+                    continue;
+                }
+            }
+            return { id, preview, messageCount: lines.length, date: f.mtime.toISOString() };
+        }
+        catch {
+            return { id, preview: '', messageCount: 0, date: f.mtime.toISOString() };
+        }
+    });
+}
+//# sourceMappingURL=replay.js.map

package/dist/tools/batch-edit.d.ts

@@ -1,8 +1,11 @@
 import { Tool } from '../types';
+import { PolicyEnforcer } from '../policy';
 export declare class BatchEditTool implements Tool {
     name: string;
     description: string;
     permission: Tool['permission'];
+    private policyEnforcer?;
+    constructor(policyEnforcer?: PolicyEnforcer);
     parameters: {
         type: string;
         properties: {

package/dist/tools/batch-edit.js

@@ -42,6 +42,10 @@ class BatchEditTool {
     name = 'batch_edit';
     description = 'Apply multiple find-and-replace edits across one or more files atomically. All edits are validated before any are applied. Useful for renaming, refactoring, and coordinated multi-file changes.';
     permission = 'prompt';
+    policyEnforcer;
+    constructor(policyEnforcer) {
+        this.policyEnforcer = policyEnforcer;
+    }
     parameters = {
         type: 'object',
         properties: {
@@ -85,6 +89,14 @@ class BatchEditTool {
                 errors.push(`${safety.reason}`);
                 continue;
             }
+            // Policy: filesystem restrictions
+            if (this.policyEnforcer) {
+                const policyCheck = this.policyEnforcer.isPathWritable(filePath);
+                if (!policyCheck.allowed) {
+                    errors.push(`Blocked by policy — ${policyCheck.reason}`);
+                    continue;
+                }
+            }
             if (!byFile.has(filePath))
                 byFile.set(filePath, []);
             byFile.get(filePath).push(edit);

package/dist/tools/edit.d.ts

@@ -1,8 +1,11 @@
 import { Tool } from '../types';
+import { PolicyEnforcer } from '../policy';
 export declare class EditFileTool implements Tool {
     name: string;
     description: string;
     permission: Tool['permission'];
+    private policyEnforcer?;
+    constructor(policyEnforcer?: PolicyEnforcer);
     parameters: {
         type: string;
         properties: {