codebot-ai 1.7.0 → 1.9.0

package/dist/replay.js

@@ -0,0 +1,196 @@
+"use strict";
+/**
+ * Session Replay Engine for CodeBot v1.8.0
+ *
+ * Replays saved sessions by feeding recorded assistant responses
+ * instead of calling the LLM. Tool calls are re-executed and outputs
+ * compared against recorded results to detect environment divergences.
+ *
+ * Usage:
+ *   codebot --replay <session-id>
+ *   codebot --replay              (replays latest session)
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ReplayProvider = void 0;
+exports.loadSessionForReplay = loadSessionForReplay;
+exports.compareOutputs = compareOutputs;
+exports.listReplayableSessions = listReplayableSessions;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+// ── Replay Provider ──
+/**
+ * Mock LLM provider that feeds recorded assistant messages.
+ * Used during replay to bypass actual LLM calls.
+ */
+class ReplayProvider {
+    name = 'replay';
+    assistantMessages;
+    callIndex = 0;
+    constructor(assistantMessages) {
+        this.assistantMessages = assistantMessages;
+    }
+    async *chat(_messages, _tools) {
+        const msg = this.assistantMessages[this.callIndex++];
+        if (!msg) {
+            yield { type: 'text', text: '[replay: no more recorded responses]' };
+            yield { type: 'done' };
+            return;
+        }
+        // Emit text content
+        if (msg.content) {
+            yield { type: 'text', text: msg.content };
+        }
+        // Emit tool calls
+        if (msg.tool_calls) {
+            for (const tc of msg.tool_calls) {
+                yield {
+                    type: 'tool_call_end',
+                    toolCall: tc,
+                };
+            }
+        }
+        yield { type: 'done' };
+    }
+}
+exports.ReplayProvider = ReplayProvider;
+/**
+ * Load a session from disk and prepare it for replay.
+ * Returns null if session doesn't exist or is empty.
+ */
+function loadSessionForReplay(sessionId) {
+    const sessionsDir = path.join(os.homedir(), '.codebot', 'sessions');
+    const filePath = path.join(sessionsDir, `${sessionId}.jsonl`);
+    if (!fs.existsSync(filePath))
+        return null;
+    let content;
+    try {
+        content = fs.readFileSync(filePath, 'utf-8').trim();
+    }
+    catch {
+        return null;
+    }
+    if (!content)
+        return null;
+    const messages = [];
+    for (const line of content.split('\n')) {
+        try {
+            const obj = JSON.parse(line);
+            delete obj._ts;
+            delete obj._model;
+            delete obj._sig;
+            messages.push(obj);
+        }
+        catch {
+            continue;
+        }
+    }
+    if (messages.length === 0)
+        return null;
+    const assistantMessages = messages.filter(m => m.role === 'assistant');
+    const userMessages = messages.filter(m => m.role === 'user');
+    const toolResults = new Map();
+    for (const msg of messages) {
+        if (msg.role === 'tool' && msg.tool_call_id) {
+            toolResults.set(msg.tool_call_id, msg.content);
+        }
+    }
+    return { messages, assistantMessages, userMessages, toolResults };
+}
+/**
+ * Compare recorded vs actual tool output.
+ * Returns null if identical, or a diff description.
+ */
+function compareOutputs(recorded, actual) {
+    if (recorded === actual)
+        return null;
+    // Normalize whitespace for soft comparison
+    const normRecorded = recorded.trim().replace(/\s+/g, ' ');
+    const normActual = actual.trim().replace(/\s+/g, ' ');
+    if (normRecorded === normActual)
+        return null;
+    const maxShow = 200;
+    const expectedSnippet = normRecorded.length > maxShow
+        ? normRecorded.substring(0, maxShow) + '...'
+        : normRecorded;
+    const actualSnippet = normActual.length > maxShow
+        ? normActual.substring(0, maxShow) + '...'
+        : normActual;
+    return `Expected: ${expectedSnippet}\nActual:   ${actualSnippet}`;
+}
+// ── Session Listing ──
+/**
+ * List sessions available for replay.
+ */
+function listReplayableSessions(limit = 10) {
+    const sessionsDir = path.join(os.homedir(), '.codebot', 'sessions');
+    if (!fs.existsSync(sessionsDir))
+        return [];
+    const files = fs.readdirSync(sessionsDir)
+        .filter(f => f.endsWith('.jsonl'))
+        .map(f => {
+        const stat = fs.statSync(path.join(sessionsDir, f));
+        return { name: f, mtime: stat.mtime };
+    })
+        .sort((a, b) => b.mtime.getTime() - a.mtime.getTime())
+        .slice(0, limit);
+    return files.map(f => {
+        const id = f.name.replace('.jsonl', '');
+        const fullPath = path.join(sessionsDir, f.name);
+        try {
+            const content = fs.readFileSync(fullPath, 'utf-8').trim();
+            const lines = content ? content.split('\n') : [];
+            let preview = '';
+            for (const line of lines) {
+                try {
+                    const msg = JSON.parse(line);
+                    if (msg.role === 'user') {
+                        preview = msg.content.substring(0, 80);
+                        break;
+                    }
+                }
+                catch {
+                    continue;
+                }
+            }
+            return { id, preview, messageCount: lines.length, date: f.mtime.toISOString() };
+        }
+        catch {
+            return { id, preview: '', messageCount: 0, date: f.mtime.toISOString() };
+        }
+    });
+}
+//# sourceMappingURL=replay.js.map

package/dist/risk.d.ts

@@ -0,0 +1,52 @@
+/**
+ * RiskScorer for CodeBot v1.9.0
+ *
+ * Per-tool-call risk assessment using 6-factor weighted scoring (0–100).
+ * Factors: tool permission, file path sensitivity, command destructiveness,
+ * network access, data volume, cumulative session risk.
+ *
+ * Levels: green (0–25), yellow (26–50), orange (51–75), red (76+).
+ * NEVER throws — risk scoring failures must not crash the agent.
+ */
+export interface RiskAssessment {
+    score: number;
+    level: 'green' | 'yellow' | 'orange' | 'red';
+    factors: RiskFactor[];
+}
+export interface RiskFactor {
+    name: string;
+    weight: number;
+    rawScore: number;
+    weighted: number;
+    reason: string;
+}
+export declare class RiskScorer {
+    private sessionHistory;
+    /**
+     * Assess risk for a tool call.
+     *
+     * @param toolName — name of the tool being invoked
+     * @param args — tool arguments
+     * @param permission — tool's effective permission level
+     */
+    assess(toolName: string, args: Record<string, unknown>, permission?: 'auto' | 'prompt' | 'always-ask'): RiskAssessment;
+    /** Get all assessments from this session */
+    getHistory(): RiskAssessment[];
+    /** Get the session's cumulative average risk */
+    getSessionAverage(): number;
+    /** Format a colored risk indicator for CLI display */
+    static formatIndicator(assessment: RiskAssessment): string;
+    /** Factor 1: Tool permission level (weight 30) */
+    private scorePermissionLevel;
+    /** Factor 2: File path sensitivity (weight 20) */
+    private scoreFilePathSensitivity;
+    /** Factor 3: Command destructiveness (weight 20) */
+    private scoreCommandDestructiveness;
+    /** Factor 4: Network access (weight 15) */
+    private scoreNetworkAccess;
+    /** Factor 5: Data volume (weight 10) */
+    private scoreDataVolume;
+    /** Factor 6: Cumulative session risk (weight 5) */
+    private scoreCumulativeRisk;
+}
+//# sourceMappingURL=risk.d.ts.map

package/dist/risk.js

@@ -0,0 +1,367 @@
+"use strict";
+/**
+ * RiskScorer for CodeBot v1.9.0
+ *
+ * Per-tool-call risk assessment using 6-factor weighted scoring (0–100).
+ * Factors: tool permission, file path sensitivity, command destructiveness,
+ * network access, data volume, cumulative session risk.
+ *
+ * Levels: green (0–25), yellow (26–50), orange (51–75), red (76+).
+ * NEVER throws — risk scoring failures must not crash the agent.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RiskScorer = void 0;
+// ── Constants ──
+const SENSITIVE_PATH_PATTERNS = [
+    /\.env($|\.)/,
+    /credentials/i,
+    /secrets?\b/i,
+    /\.pem$/,
+    /\.key$/,
+    /\.p12$/,
+    /\.pfx$/,
+    /id_rsa/,
+    /id_ed25519/,
+    /\.ssh\//,
+    /\/etc\/(passwd|shadow|sudoers)/,
+    /\/etc\/ssl/,
+    /\/System\//,
+    /\/Windows\/System32/,
+    /node_modules\//,
+    /package-lock\.json$/,
+];
+const MODERATE_PATH_PATTERNS = [
+    /\.config\//,
+    /\.gitconfig$/,
+    /\.npmrc$/,
+    /\.bashrc$/,
+    /\.zshrc$/,
+    /\.profile$/,
+    /tsconfig\.json$/,
+    /package\.json$/,
+];
+const DESTRUCTIVE_COMMANDS = [
+    /\brm\s+(-rf|-fr|--recursive)/,
+    /\brm\b.*\s+\//,
+    /\bchmod\s+[0-7]{3,4}/,
+    /\bchown\b/,
+    /\bkill\s+-9/,
+    /\bkillall\b/,
+    /\bpkill\b/,
+    /\bdrop\s+(table|database|schema)/i,
+    /\btruncate\s+table/i,
+    /\bdelete\s+from/i,
+    /\bgit\s+push\s+.*--force/,
+    /\bgit\s+reset\s+--hard/,
+    /\bgit\s+clean\s+-fd/,
+    /\bformat\s+[a-z]:/i,
+    /\bmkfs\b/,
+    /\bdd\s+if=/,
+    />\s*\/dev\/sd[a-z]/,
+];
+const MODERATE_COMMANDS = [
+    /\brm\b/,
+    /\bmv\b/,
+    /\bgit\s+push\b/,
+    /\bgit\s+checkout\b/,
+    /\bgit\s+merge\b/,
+    /\bgit\s+rebase\b/,
+    /\bnpm\s+(install|uninstall|update)\b/,
+    /\bpip\s+install\b/,
+    /\bcurl\b.*\|\s*(sh|bash)\b/,
+    /\bwget\b.*\|\s*(sh|bash)\b/,
+    /\bsudo\b/,
+];
+const SAFE_COMMANDS = [
+    /\bls\b/,
+    /\bcat\b/,
+    /\becho\b/,
+    /\bpwd\b/,
+    /\bwhoami\b/,
+    /\bdate\b/,
+    /\bgit\s+(status|log|diff|branch)\b/,
+    /\bnpm\s+(test|run|start)\b/,
+    /\bnode\b/,
+    /\btsc\b/,
+    /\bpython\b.*\.py/,
+];
+const NETWORK_TOOLS = new Set(['web_fetch', 'http_client', 'browser', 'web_search']);
+// ── Scorer ──
+class RiskScorer {
+    sessionHistory = [];
+    /**
+     * Assess risk for a tool call.
+     *
+     * @param toolName — name of the tool being invoked
+     * @param args — tool arguments
+     * @param permission — tool's effective permission level
+     */
+    assess(toolName, args, permission = 'auto') {
+        try {
+            const factors = [
+                this.scorePermissionLevel(permission),
+                this.scoreFilePathSensitivity(toolName, args),
+                this.scoreCommandDestructiveness(toolName, args),
+                this.scoreNetworkAccess(toolName),
+                this.scoreDataVolume(args),
+                this.scoreCumulativeRisk(),
+            ];
+            const score = Math.min(100, Math.round(factors.reduce((sum, f) => sum + f.weighted, 0)));
+            const level = scoreToLevel(score);
+            const assessment = { score, level, factors };
+            this.sessionHistory.push(assessment);
+            return assessment;
+        }
+        catch {
+            // Fail-safe: return zero risk if scoring fails
+            return { score: 0, level: 'green', factors: [] };
+        }
+    }
+    /** Get all assessments from this session */
+    getHistory() {
+        return [...this.sessionHistory];
+    }
+    /** Get the session's cumulative average risk */
+    getSessionAverage() {
+        if (this.sessionHistory.length === 0)
+            return 0;
+        const sum = this.sessionHistory.reduce((s, a) => s + a.score, 0);
+        return Math.round(sum / this.sessionHistory.length);
+    }
+    /** Format a colored risk indicator for CLI display */
+    static formatIndicator(assessment) {
+        const { score, level } = assessment;
+        const colorMap = {
+            green: '\x1b[32m',
+            yellow: '\x1b[33m',
+            orange: '\x1b[38;5;208m',
+            red: '\x1b[31m',
+        };
+        const color = colorMap[level] || '';
+        const reset = '\x1b[0m';
+        return `${color}[Risk: ${score} ${level}]${reset}`;
+    }
+    // ── Factor Scorers ──
+    /** Factor 1: Tool permission level (weight 30) */
+    scorePermissionLevel(permission) {
+        const weight = 30;
+        let rawScore;
+        let reason;
+        switch (permission) {
+            case 'auto':
+                rawScore = 0;
+                reason = 'Auto-approved tool';
+                break;
+            case 'prompt':
+                rawScore = 50;
+                reason = 'Requires prompt approval';
+                break;
+            case 'always-ask':
+                rawScore = 100;
+                reason = 'Always requires explicit approval';
+                break;
+            default:
+                rawScore = 0;
+                reason = 'Unknown permission level';
+        }
+        return {
+            name: 'permission_level',
+            weight,
+            rawScore,
+            weighted: rawScore * (weight / 100),
+            reason,
+        };
+    }
+    /** Factor 2: File path sensitivity (weight 20) */
+    scoreFilePathSensitivity(toolName, args) {
+        const weight = 20;
+        const filePath = args.path || args.file || '';
+        if (!filePath) {
+            return { name: 'file_path', weight, rawScore: 0, weighted: 0, reason: 'No file path' };
+        }
+        // Check sensitive patterns
+        for (const pattern of SENSITIVE_PATH_PATTERNS) {
+            if (pattern.test(filePath)) {
+                return {
+                    name: 'file_path',
+                    weight,
+                    rawScore: 100,
+                    weighted: weight,
+                    reason: `Sensitive path: ${filePath}`,
+                };
+            }
+        }
+        // Check moderate patterns
+        for (const pattern of MODERATE_PATH_PATTERNS) {
+            if (pattern.test(filePath)) {
+                return {
+                    name: 'file_path',
+                    weight,
+                    rawScore: 40,
+                    weighted: 40 * (weight / 100),
+                    reason: `Config file: ${filePath}`,
+                };
+            }
+        }
+        // Project source files — low risk
+        return {
+            name: 'file_path',
+            weight,
+            rawScore: 10,
+            weighted: 10 * (weight / 100),
+            reason: `Project file: ${filePath}`,
+        };
+    }
+    /** Factor 3: Command destructiveness (weight 20) */
+    scoreCommandDestructiveness(toolName, args) {
+        const weight = 20;
+        const command = args.command || '';
+        if (toolName !== 'execute' || !command) {
+            return { name: 'command', weight, rawScore: 0, weighted: 0, reason: 'Not a shell command' };
+        }
+        // Check destructive
+        for (const pattern of DESTRUCTIVE_COMMANDS) {
+            if (pattern.test(command)) {
+                return {
+                    name: 'command',
+                    weight,
+                    rawScore: 100,
+                    weighted: weight,
+                    reason: `Destructive command: ${command.substring(0, 60)}`,
+                };
+            }
+        }
+        // Check moderate
+        for (const pattern of MODERATE_COMMANDS) {
+            if (pattern.test(command)) {
+                return {
+                    name: 'command',
+                    weight,
+                    rawScore: 50,
+                    weighted: 50 * (weight / 100),
+                    reason: `Moderate risk command: ${command.substring(0, 60)}`,
+                };
+            }
+        }
+        // Check safe
+        for (const pattern of SAFE_COMMANDS) {
+            if (pattern.test(command)) {
+                return {
+                    name: 'command',
+                    weight,
+                    rawScore: 5,
+                    weighted: 5 * (weight / 100),
+                    reason: `Safe command: ${command.substring(0, 60)}`,
+                };
+            }
+        }
+        // Unknown command — moderate risk
+        return {
+            name: 'command',
+            weight,
+            rawScore: 30,
+            weighted: 30 * (weight / 100),
+            reason: `Unknown command: ${command.substring(0, 60)}`,
+        };
+    }
+    /** Factor 4: Network access (weight 15) */
+    scoreNetworkAccess(toolName) {
+        const weight = 15;
+        if (NETWORK_TOOLS.has(toolName)) {
+            return {
+                name: 'network',
+                weight,
+                rawScore: 70,
+                weighted: 70 * (weight / 100),
+                reason: `Network-accessing tool: ${toolName}`,
+            };
+        }
+        return { name: 'network', weight, rawScore: 0, weighted: 0, reason: 'No network access' };
+    }
+    /** Factor 5: Data volume (weight 10) */
+    scoreDataVolume(args) {
+        const weight = 10;
+        const content = args.content || args.body || '';
+        const command = args.command || '';
+        const totalSize = content.length + command.length + JSON.stringify(args).length;
+        // Check for pipes/redirects in commands
+        const hasPipe = /\|/.test(command);
+        const hasRedirect = />/.test(command);
+        if (totalSize > 10240) {
+            return {
+                name: 'data_volume',
+                weight,
+                rawScore: 90,
+                weighted: 90 * (weight / 100),
+                reason: `Large payload: ${(totalSize / 1024).toFixed(1)}KB`,
+            };
+        }
+        if (hasPipe || hasRedirect) {
+            return {
+                name: 'data_volume',
+                weight,
+                rawScore: 50,
+                weighted: 50 * (weight / 100),
+                reason: 'Command uses pipes/redirects',
+            };
+        }
+        if (totalSize > 2048) {
+            return {
+                name: 'data_volume',
+                weight,
+                rawScore: 30,
+                weighted: 30 * (weight / 100),
+                reason: `Moderate payload: ${(totalSize / 1024).toFixed(1)}KB`,
+            };
+        }
+        return { name: 'data_volume', weight, rawScore: 0, weighted: 0, reason: 'Small payload' };
+    }
+    /** Factor 6: Cumulative session risk (weight 5) */
+    scoreCumulativeRisk() {
+        const weight = 5;
+        const count = this.sessionHistory.length;
+        if (count === 0) {
+            return { name: 'cumulative', weight, rawScore: 0, weighted: 0, reason: 'First tool call' };
+        }
+        // Count high-risk calls in session
+        const highRisk = this.sessionHistory.filter(a => a.score > 50).length;
+        const ratio = highRisk / count;
+        if (ratio > 0.5) {
+            return {
+                name: 'cumulative',
+                weight,
+                rawScore: 80,
+                weighted: 80 * (weight / 100),
+                reason: `High-risk session: ${highRisk}/${count} calls above 50`,
+            };
+        }
+        if (count > 20) {
+            return {
+                name: 'cumulative',
+                weight,
+                rawScore: 40,
+                weighted: 40 * (weight / 100),
+                reason: `Long session: ${count} tool calls`,
+            };
+        }
+        return {
+            name: 'cumulative',
+            weight,
+            rawScore: 10,
+            weighted: 10 * (weight / 100),
+            reason: `Session: ${count} tool calls`,
+        };
+    }
+}
+exports.RiskScorer = RiskScorer;
+// ── Helpers ──
+function scoreToLevel(score) {
+    if (score <= 25)
+        return 'green';
+    if (score <= 50)
+        return 'yellow';
+    if (score <= 75)
+        return 'orange';
+    return 'red';
+}
+//# sourceMappingURL=risk.js.map

package/dist/sarif.d.ts

@@ -0,0 +1,82 @@
+/**
+ * SARIF 2.1.0 Export for CodeBot v1.9.0
+ *
+ * Converts AuditEntry[] to SARIF 2.1.0 JSON (Static Analysis Results
+ * Interchange Format). Only security-relevant entries become results;
+ * successful executes are excluded.
+ *
+ * Rule mapping:
+ *   security_block  → CB001 / error
+ *   policy_block    → CB002 / warning
+ *   capability_block → CB003 / warning
+ *   error           → CB004 / note
+ *   deny            → CB005 / note
+ *
+ * Usage: codebot --export-audit sarif [session-id] > results.sarif
+ *
+ * NEVER throws — export failures must not crash the agent.
+ */
+import type { AuditEntry } from './audit';
+export interface SarifLog {
+    $schema: string;
+    version: string;
+    runs: SarifRun[];
+}
+export interface SarifRun {
+    tool: {
+        driver: {
+            name: string;
+            version: string;
+            informationUri: string;
+            rules: SarifRule[];
+        };
+    };
+    results: SarifResult[];
+    invocations: SarifInvocation[];
+}
+export interface SarifRule {
+    id: string;
+    name: string;
+    shortDescription: {
+        text: string;
+    };
+    defaultConfiguration: {
+        level: 'error' | 'warning' | 'note';
+    };
+}
+export interface SarifResult {
+    ruleId: string;
+    level: 'error' | 'warning' | 'note';
+    message: {
+        text: string;
+    };
+    locations?: SarifLocation[];
+    properties?: Record<string, unknown>;
+}
+export interface SarifLocation {
+    physicalLocation: {
+        artifactLocation: {
+            uri: string;
+        };
+    };
+}
+export interface SarifInvocation {
+    executionSuccessful: boolean;
+    startTimeUtc?: string;
+    endTimeUtc?: string;
+    properties?: Record<string, unknown>;
+}
+export interface SarifExportOptions {
+    version?: string;
+    sessionId?: string;
+    startTime?: string;
+    endTime?: string;
+}
+/**
+ * Convert audit entries to SARIF 2.1.0 log.
+ * Only security-relevant entries (blocks, errors, denials) become results.
+ */
+export declare function exportSarif(entries: AuditEntry[], options?: SarifExportOptions): SarifLog;
+/** Serialize SARIF log to formatted JSON string */
+export declare function sarifToString(log: SarifLog): string;
+//# sourceMappingURL=sarif.d.ts.map