codebot-ai 1.7.0 → 1.9.0

package/dist/metrics.d.ts

@@ -0,0 +1,60 @@
+/**
+ * MetricsCollector for CodeBot v1.9.0
+ *
+ * Structured telemetry: counters + histograms.
+ * Persists to ~/.codebot/telemetry/metrics-YYYY-MM-DD.jsonl
+ * Optional OTLP HTTP export when OTEL_EXPORTER_OTLP_ENDPOINT is set.
+ *
+ * Pattern: fail-safe, session-scoped, never throws.
+ * Follows TokenTracker conventions from src/telemetry.ts.
+ */
+export interface CounterValue {
+    name: string;
+    labels: Record<string, string>;
+    value: number;
+}
+export interface HistogramValue {
+    name: string;
+    labels: Record<string, string>;
+    count: number;
+    sum: number;
+    min: number;
+    max: number;
+    buckets: number[];
+}
+export interface MetricsSnapshot {
+    sessionId: string;
+    timestamp: string;
+    counters: CounterValue[];
+    histograms: HistogramValue[];
+}
+export declare class MetricsCollector {
+    private sessionId;
+    private counters;
+    private histograms;
+    constructor(sessionId?: string);
+    getSessionId(): string;
+    /** Increment a counter by delta (default 1) */
+    increment(name: string, labels?: Record<string, string>, delta?: number): void;
+    /** Record a histogram observation */
+    observe(name: string, value: number, labels?: Record<string, string>): void;
+    /** Read a counter value */
+    getCounter(name: string, labels?: Record<string, string>): number;
+    /** Read a histogram summary */
+    getHistogram(name: string, labels?: Record<string, string>): HistogramValue | null;
+    /** Full session snapshot */
+    snapshot(): MetricsSnapshot;
+    /** Persist snapshot to ~/.codebot/telemetry/metrics-YYYY-MM-DD.jsonl */
+    save(sessionId?: string): void;
+    /** Human-readable per-tool breakdown */
+    formatSummary(): string;
+    /**
+     * Export snapshot in OTLP JSON format via HTTP POST.
+     * Only fires when OTEL_EXPORTER_OTLP_ENDPOINT is set.
+     * Fails silently — never blocks or crashes.
+     */
+    exportOtel(snap?: MetricsSnapshot): void;
+    /** Build OTLP-compatible JSON payload */
+    private buildOtlpPayload;
+}
+//# sourceMappingURL=metrics.d.ts.map

package/dist/metrics.js

@@ -0,0 +1,296 @@
+"use strict";
+/**
+ * MetricsCollector for CodeBot v1.9.0
+ *
+ * Structured telemetry: counters + histograms.
+ * Persists to ~/.codebot/telemetry/metrics-YYYY-MM-DD.jsonl
+ * Optional OTLP HTTP export when OTEL_EXPORTER_OTLP_ENDPOINT is set.
+ *
+ * Pattern: fail-safe, session-scoped, never throws.
+ * Follows TokenTracker conventions from src/telemetry.ts.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MetricsCollector = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const http = __importStar(require("http"));
+const https = __importStar(require("https"));
+// ── Helpers ──
+/** Encode a metric key: name|label1=val1|label2=val2 (sorted labels) */
+function encodeKey(name, labels) {
+    if (!labels || Object.keys(labels).length === 0)
+        return name;
+    const sorted = Object.entries(labels)
+        .sort(([a], [b]) => a.localeCompare(b))
+        .map(([k, v]) => `${k}=${v}`)
+        .join('|');
+    return `${name}|${sorted}`;
+}
+/** Decode a metric key back to name + labels */
+function decodeKey(key) {
+    const parts = key.split('|');
+    const name = parts[0];
+    const labels = {};
+    for (let i = 1; i < parts.length; i++) {
+        const eq = parts[i].indexOf('=');
+        if (eq > 0) {
+            labels[parts[i].substring(0, eq)] = parts[i].substring(eq + 1);
+        }
+    }
+    return { name, labels };
+}
+/** Compute percentile from sorted array */
+function percentile(sorted, p) {
+    if (sorted.length === 0)
+        return 0;
+    const idx = Math.ceil((p / 100) * sorted.length) - 1;
+    return sorted[Math.max(0, idx)];
+}
+// ── Collector ──
+const MAX_BUCKETS = 1000; // cap stored observations to prevent memory bloat
+class MetricsCollector {
+    sessionId;
+    counters = new Map();
+    histograms = new Map();
+    constructor(sessionId) {
+        this.sessionId = sessionId || `${Date.now()}-${Math.random().toString(36).substring(2, 8)}`;
+    }
+    getSessionId() {
+        return this.sessionId;
+    }
+    /** Increment a counter by delta (default 1) */
+    increment(name, labels, delta = 1) {
+        const key = encodeKey(name, labels);
+        this.counters.set(key, (this.counters.get(key) || 0) + delta);
+    }
+    /** Record a histogram observation */
+    observe(name, value, labels) {
+        const key = encodeKey(name, labels);
+        const existing = this.histograms.get(key);
+        if (existing) {
+            existing.count++;
+            existing.sum += value;
+            existing.min = Math.min(existing.min, value);
+            existing.max = Math.max(existing.max, value);
+            if (existing.buckets.length < MAX_BUCKETS) {
+                existing.buckets.push(value);
+            }
+        }
+        else {
+            this.histograms.set(key, {
+                count: 1,
+                sum: value,
+                min: value,
+                max: value,
+                buckets: [value],
+            });
+        }
+    }
+    /** Read a counter value */
+    getCounter(name, labels) {
+        return this.counters.get(encodeKey(name, labels)) || 0;
+    }
+    /** Read a histogram summary */
+    getHistogram(name, labels) {
+        const key = encodeKey(name, labels);
+        const h = this.histograms.get(key);
+        if (!h)
+            return null;
+        const { name: n, labels: l } = decodeKey(key);
+        return { name: n, labels: l, ...h };
+    }
+    /** Full session snapshot */
+    snapshot() {
+        const counters = [];
+        for (const [key, value] of this.counters) {
+            const { name, labels } = decodeKey(key);
+            counters.push({ name, labels, value });
+        }
+        const histograms = [];
+        for (const [key, h] of this.histograms) {
+            const { name, labels } = decodeKey(key);
+            histograms.push({ name, labels, ...h });
+        }
+        return {
+            sessionId: this.sessionId,
+            timestamp: new Date().toISOString(),
+            counters,
+            histograms,
+        };
+    }
+    /** Persist snapshot to ~/.codebot/telemetry/metrics-YYYY-MM-DD.jsonl */
+    save(sessionId) {
+        try {
+            const telemetryDir = path.join(os.homedir(), '.codebot', 'telemetry');
+            fs.mkdirSync(telemetryDir, { recursive: true });
+            const snap = this.snapshot();
+            if (sessionId)
+                snap.sessionId = sessionId;
+            const date = new Date().toISOString().split('T')[0];
+            const filePath = path.join(telemetryDir, `metrics-${date}.jsonl`);
+            fs.appendFileSync(filePath, JSON.stringify(snap) + '\n', 'utf-8');
+        }
+        catch {
+            // Telemetry failures are non-fatal
+        }
+    }
+    /** Human-readable per-tool breakdown */
+    formatSummary() {
+        const lines = ['Metrics Summary', '─'.repeat(50)];
+        // Counters
+        const counterEntries = Array.from(this.counters.entries())
+            .sort(([a], [b]) => a.localeCompare(b));
+        if (counterEntries.length > 0) {
+            lines.push('Counters:');
+            for (const [key, value] of counterEntries) {
+                const { name, labels } = decodeKey(key);
+                const labelStr = Object.keys(labels).length > 0
+                    ? ` {${Object.entries(labels).map(([k, v]) => `${k}="${v}"`).join(', ')}}`
+                    : '';
+                lines.push(`  ${name}${labelStr}: ${value}`);
+            }
+        }
+        // Histograms — per-tool breakdown
+        const histEntries = Array.from(this.histograms.entries())
+            .sort(([a], [b]) => a.localeCompare(b));
+        if (histEntries.length > 0) {
+            lines.push('Histograms:');
+            for (const [key, h] of histEntries) {
+                const { name, labels } = decodeKey(key);
+                const labelStr = Object.keys(labels).length > 0
+                    ? ` {${Object.entries(labels).map(([k, v]) => `${k}="${v}"`).join(', ')}}`
+                    : '';
+                const sorted = [...h.buckets].sort((a, b) => a - b);
+                const avg = h.count > 0 ? (h.sum / h.count).toFixed(3) : '0';
+                const p50 = percentile(sorted, 50).toFixed(3);
+                const p95 = percentile(sorted, 95).toFixed(3);
+                const p99 = percentile(sorted, 99).toFixed(3);
+                lines.push(`  ${name}${labelStr}: count=${h.count} avg=${avg} p50=${p50} p95=${p95} p99=${p99} min=${h.min.toFixed(3)} max=${h.max.toFixed(3)}`);
+            }
+        }
+        if (counterEntries.length === 0 && histEntries.length === 0) {
+            lines.push('  (no metrics recorded)');
+        }
+        return lines.join('\n');
+    }
+    /**
+     * Export snapshot in OTLP JSON format via HTTP POST.
+     * Only fires when OTEL_EXPORTER_OTLP_ENDPOINT is set.
+     * Fails silently — never blocks or crashes.
+     */
+    exportOtel(snap) {
+        try {
+            const endpoint = process.env.OTEL_EXPORTER_OTLP_ENDPOINT;
+            if (!endpoint)
+                return;
+            const data = snap || this.snapshot();
+            const payload = this.buildOtlpPayload(data);
+            const url = new URL('/v1/metrics', endpoint);
+            const body = JSON.stringify(payload);
+            const mod = url.protocol === 'https:' ? https : http;
+            const req = mod.request(url, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                    'Content-Length': Buffer.byteLength(body),
+                },
+                timeout: 5000,
+            });
+            req.on('error', () => { });
+            req.on('timeout', () => req.destroy());
+            req.write(body);
+            req.end();
+        }
+        catch {
+            // OTLP export failures are non-fatal
+        }
+    }
+    /** Build OTLP-compatible JSON payload */
+    buildOtlpPayload(snap) {
+        const metrics = [];
+        for (const counter of snap.counters) {
+            metrics.push({
+                name: counter.name,
+                sum: {
+                    dataPoints: [{
+                            asInt: counter.value,
+                            attributes: Object.entries(counter.labels).map(([k, v]) => ({
+                                key: k, value: { stringValue: v },
+                            })),
+                            timeUnixNano: Date.now() * 1_000_000,
+                        }],
+                    isMonotonic: true,
+                    aggregationTemporality: 2, // CUMULATIVE
+                },
+            });
+        }
+        for (const hist of snap.histograms) {
+            metrics.push({
+                name: hist.name,
+                histogram: {
+                    dataPoints: [{
+                            count: hist.count,
+                            sum: hist.sum,
+                            min: hist.min,
+                            max: hist.max,
+                            attributes: Object.entries(hist.labels).map(([k, v]) => ({
+                                key: k, value: { stringValue: v },
+                            })),
+                            timeUnixNano: Date.now() * 1_000_000,
+                        }],
+                    aggregationTemporality: 2,
+                },
+            });
+        }
+        return {
+            resourceMetrics: [{
+                    resource: {
+                        attributes: [
+                            { key: 'service.name', value: { stringValue: 'codebot' } },
+                            { key: 'session.id', value: { stringValue: snap.sessionId } },
+                        ],
+                    },
+                    scopeMetrics: [{
+                            scope: { name: 'codebot-metrics', version: '1.9.0' },
+                            metrics,
+                        }],
+                }],
+        };
+    }
+}
+exports.MetricsCollector = MetricsCollector;
+//# sourceMappingURL=metrics.js.map

package/dist/policy.d.ts

@@ -5,6 +5,7 @@
  * Policy files: .codebot/policy.json (project) + ~/.codebot/policy.json (global)
  * Project policy overrides global policy where specified.
  */
+import { ToolCapabilities } from './capabilities';
 export interface PolicyExecution {
     sandbox?: 'docker' | 'host' | 'auto';
     network?: boolean;
@@ -24,6 +25,7 @@ export interface PolicyTools {
     enabled?: string[];
     disabled?: string[];
     permissions?: PolicyToolPermission;
+    capabilities?: Record<string, ToolCapabilities>;
 }
 export interface PolicySecrets {
     block_on_detect?: boolean;
@@ -108,6 +110,13 @@ export declare class PolicyEnforcer {
     getMaxFileSizeBytes(): number;
     /** Get cost limit in USD (0 = no limit). */
     getCostLimitUsd(): number;
+    /** Get capability restrictions for a tool. undefined = unrestricted. */
+    getToolCapabilities(toolName: string): ToolCapabilities | undefined;
+    /** Check a specific capability for a tool. Returns { allowed, reason }. */
+    checkCapability(toolName: string, capabilityType: keyof ToolCapabilities, value: string | number): {
+        allowed: boolean;
+        reason?: string;
+    };
     /**
      * Simple glob-like pattern matching:
      * - `*` matches any single path component

package/dist/policy.js

@@ -46,12 +46,13 @@ exports.generateDefaultPolicyFile = generateDefaultPolicyFile;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const os = __importStar(require("os"));
+const capabilities_1 = require("./capabilities");
 // ── Default Policy ──
 exports.DEFAULT_POLICY = {
     version: '1.0',
     execution: {
         sandbox: 'auto',
-        network: true,
+        network: false, // safe default: no network in sandbox
         timeout_seconds: 120,
         max_memory_mb: 512,
     },
@@ -67,12 +68,12 @@ exports.DEFAULT_POLICY = {
         permissions: {},
     },
     secrets: {
-        block_on_detect: false,
+        block_on_detect: true, // safe default: block writes containing secrets
         scan_on_write: true,
         allowed_patterns: [],
     },
     git: {
-        always_branch: false,
+        always_branch: true, // safe default: auto-branch on first write
         branch_prefix: 'codebot/',
         require_tests_before_commit: false,
         never_push_main: true,
@@ -327,6 +328,19 @@ class PolicyEnforcer {
     getCostLimitUsd() {
         return this.policy.limits?.cost_limit_usd || 0;
     }
+    // ── Capabilities (v1.8.0) ──
+    /** Get capability restrictions for a tool. undefined = unrestricted. */
+    getToolCapabilities(toolName) {
+        return this.policy.tools?.capabilities?.[toolName];
+    }
+    /** Check a specific capability for a tool. Returns { allowed, reason }. */
+    checkCapability(toolName, capabilityType, value) {
+        const caps = this.policy.tools?.capabilities;
+        if (!caps)
+            return { allowed: true };
+        const checker = new capabilities_1.CapabilityChecker(caps, this.projectRoot);
+        return checker.checkCapability(toolName, capabilityType, value);
+    }
     // ── Helpers ──
     /**
      * Simple glob-like pattern matching:
@@ -374,7 +388,7 @@ function generateDefaultPolicyFile() {
         version: '1.0',
         execution: {
             sandbox: 'auto',
-            network: true,
+            network: false,
             timeout_seconds: 120,
             max_memory_mb: 512,
         },
@@ -392,13 +406,25 @@ function generateDefaultPolicyFile() {
                 write_file: 'prompt',
                 edit_file: 'prompt',
             },
+            capabilities: {
+                execute: {
+                    shell_commands: [
+                        'npm', 'npx', 'node', 'git', 'tsc', 'eslint', 'prettier',
+                        'jest', 'vitest', 'pytest', 'make', 'cargo', 'go', 'python',
+                        'python3', 'ruby', 'php', 'java', 'javac', 'mvn', 'gradle',
+                        'docker', 'ls', 'cat', 'head', 'tail', 'wc', 'sort', 'uniq',
+                        'find', 'which', 'echo', 'pwd', 'env', 'date',
+                    ],
+                    max_output_kb: 500,
+                },
+            },
         },
         secrets: {
-            block_on_detect: false,
+            block_on_detect: true,
             scan_on_write: true,
         },
         git: {
-            always_branch: false,
+            always_branch: true,
             branch_prefix: 'codebot/',
             require_tests_before_commit: false,
             never_push_main: true,

package/dist/providers/anthropic.d.ts

@@ -1,6 +1,7 @@
 import { LLMProvider, Message, ToolSchema, StreamEvent, ProviderConfig } from '../types';
 export declare class AnthropicProvider implements LLMProvider {
     name: string;
+    temperature?: number;
     private config;
     constructor(config: ProviderConfig);
     chat(messages: Message[], tools?: ToolSchema[]): AsyncGenerator<StreamEvent>;

package/dist/providers/anthropic.js

@@ -4,6 +4,7 @@ exports.AnthropicProvider = void 0;
 const retry_1 = require("../retry");
 class AnthropicProvider {
     name;
+    temperature;
     config;
     constructor(config) {
         this.config = config;
@@ -22,6 +23,9 @@ class AnthropicProvider {
             max_tokens: 8192,
             stream: true,
         };
+        if (this.temperature !== undefined) {
+            body.temperature = this.temperature;
+        }
         if (systemPrompt) {
             body.system = systemPrompt;
         }

package/dist/providers/openai.d.ts

@@ -1,6 +1,7 @@
 import { LLMProvider, Message, ToolSchema, StreamEvent, ProviderConfig } from '../types';
 export declare class OpenAIProvider implements LLMProvider {
     name: string;
+    temperature?: number;
     private config;
     private supportsTools;
     constructor(config: ProviderConfig);

package/dist/providers/openai.js

@@ -5,6 +5,7 @@ const registry_1 = require("./registry");
 const retry_1 = require("../retry");
 class OpenAIProvider {
     name;
+    temperature;
     config;
     supportsTools;
     constructor(config) {
@@ -25,6 +26,9 @@ class OpenAIProvider {
             messages: messages.map(m => this.formatMessage(m)),
             stream: true,
         };
+        if (this.temperature !== undefined) {
+            body.temperature = this.temperature;
+        }
         if (tools?.length && this.supportsTools) {
             body.tools = tools;
         }

package/dist/replay.d.ts

@@ -0,0 +1,55 @@
+/**
+ * Session Replay Engine for CodeBot v1.8.0
+ *
+ * Replays saved sessions by feeding recorded assistant responses
+ * instead of calling the LLM. Tool calls are re-executed and outputs
+ * compared against recorded results to detect environment divergences.
+ *
+ * Usage:
+ *   codebot --replay <session-id>
+ *   codebot --replay              (replays latest session)
+ */
+import { Message, LLMProvider, ToolSchema, StreamEvent } from './types';
+/**
+ * Mock LLM provider that feeds recorded assistant messages.
+ * Used during replay to bypass actual LLM calls.
+ */
+export declare class ReplayProvider implements LLMProvider {
+    name: string;
+    private assistantMessages;
+    private callIndex;
+    constructor(assistantMessages: Message[]);
+    chat(_messages: Message[], _tools?: ToolSchema[]): AsyncGenerator<StreamEvent>;
+}
+export interface SessionReplayData {
+    messages: Message[];
+    assistantMessages: Message[];
+    userMessages: Message[];
+    toolResults: Map<string, string>;
+}
+/**
+ * Load a session from disk and prepare it for replay.
+ * Returns null if session doesn't exist or is empty.
+ */
+export declare function loadSessionForReplay(sessionId: string): SessionReplayData | null;
+export interface ReplayDivergence {
+    toolCallId: string;
+    toolName: string;
+    type: 'output_mismatch';
+    diff: string;
+}
+/**
+ * Compare recorded vs actual tool output.
+ * Returns null if identical, or a diff description.
+ */
+export declare function compareOutputs(recorded: string, actual: string): string | null;
+/**
+ * List sessions available for replay.
+ */
+export declare function listReplayableSessions(limit?: number): Array<{
+    id: string;
+    preview: string;
+    messageCount: number;
+    date: string;
+}>;
+//# sourceMappingURL=replay.d.ts.map