protoagent 0.1.13 → 0.1.15

package/dist/runtime-config.js

@@ -3,7 +3,49 @@ import { existsSync } from 'node:fs';
 import os from 'node:os';
 import path from 'node:path';
 import { parse, printParseErrorCode } from 'jsonc-parser';
+import { z } from 'zod';
 import { logger } from './utils/logger.js';
+// ─── Zod Schemas for Runtime Validation ───
+export const RuntimeModelConfigSchema = z.object({
+    name: z.string().optional(),
+    contextWindow: z.number().optional(),
+    inputPricePerMillion: z.number().optional(),
+    outputPricePerMillion: z.number().optional(),
+    cachedPricePerMillion: z.number().optional(),
+    defaultParams: z.record(z.unknown()).optional(),
+});
+export const RuntimeProviderConfigSchema = z.object({
+    name: z.string().optional(),
+    baseURL: z.string().optional(),
+    apiKey: z.string().optional(),
+    apiKeyEnvVar: z.string().optional(),
+    headers: z.record(z.string()).optional(),
+    defaultParams: z.record(z.unknown()).optional(),
+    models: z.record(RuntimeModelConfigSchema).optional(),
+});
+export const StdioServerConfigSchema = z.object({
+    type: z.literal('stdio'),
+    command: z.string(),
+    args: z.array(z.string()).optional(),
+    env: z.record(z.string()).optional(),
+    cwd: z.string().optional(),
+    enabled: z.boolean().optional(),
+    timeoutMs: z.number().optional(),
+});
+export const HttpServerConfigSchema = z.object({
+    type: z.literal('http'),
+    url: z.string(),
+    headers: z.record(z.string()).optional(),
+    enabled: z.boolean().optional(),
+    timeoutMs: z.number().optional(),
+});
+export const RuntimeMcpServerConfigSchema = z.union([StdioServerConfigSchema, HttpServerConfigSchema]);
+export const RuntimeConfigFileSchema = z.object({
+    providers: z.record(z.any()).optional(),
+    mcp: z.object({
+        servers: z.record(z.any()).optional(),
+    }).optional(),
+});
 const RESERVED_DEFAULT_PARAM_KEYS = new Set([
     'model',
     'messages',
@@ -41,6 +83,10 @@ export function getActiveRuntimeConfigPath() {
 function isPlainObject(value) {
     return Boolean(value) && typeof value === 'object' && !Array.isArray(value);
 }
+/**
+ * Replaces ${ENV_VAR} placeholders in a string with actual environment variable values.
+ * Logs a warning if the environment variable is not set (replaces with empty string).
+ */
 function interpolateString(value, sourcePath) {
     return value.replace(/\$\{([A-Z0-9_]+)\}/gi, (_match, envVar) => {
         const resolved = process.env[envVar];
@@ -51,6 +97,10 @@ function interpolateString(value, sourcePath) {
         return resolved;
     });
 }
+/**
+ * Recursively interpolates environment variables in all string values within a config object.
+ * Handles nested objects and arrays. Filters out empty header values.
+ */
 function interpolateValue(value, sourcePath) {
     if (typeof value === 'string') {
         return interpolateString(value, sourcePath);
@@ -63,6 +113,7 @@ function interpolateValue(value, sourcePath) {
         for (const [key, entry] of Object.entries(value)) {
             const interpolated = interpolateValue(entry, sourcePath);
             if (key === 'headers' && isPlainObject(interpolated)) {
+                // Filter out headers with empty values (from unset env vars)
                 const filtered = Object.fromEntries(Object.entries(interpolated).filter(([, headerValue]) => typeof headerValue !== 'string' || headerValue.length > 0));
                 next[key] = filtered;
                 continue;
@@ -73,6 +124,11 @@ function interpolateValue(value, sourcePath) {
     }
     return value;
 }
+/**
+ * Removes reserved API parameters from provider and model defaultParams.
+ * Prevents users from accidentally overriding critical parameters like
+ * 'model', 'messages', 'tools' that are managed by the agentic loop.
+ */
 function sanitizeDefaultParamsInConfig(config) {
     const nextProviders = Object.fromEntries(Object.entries(config.providers || {}).map(([providerId, provider]) => {
         const providerDefaultParams = Object.fromEntries(Object.entries(provider.defaultParams || {}).filter(([key]) => {
@@ -112,37 +168,6 @@ function sanitizeDefaultParamsInConfig(config) {
         providers: nextProviders,
     };
 }
-function mergeRuntimeConfig(base, overlay) {
-    const mergedProviders = {
-        ...(base.providers || {}),
-    };
-    for (const [providerId, providerConfig] of Object.entries(overlay.providers || {})) {
-        const currentProvider = mergedProviders[providerId] || {};
-        mergedProviders[providerId] = {
-            ...currentProvider,
-            ...providerConfig,
-            models: {
-                ...(currentProvider.models || {}),
-                ...(providerConfig.models || {}),
-            },
-        };
-    }
-    const mergedServers = {
-        ...(base.mcp?.servers || {}),
-    };
-    for (const [serverName, serverConfig] of Object.entries(overlay.mcp?.servers || {})) {
-        const currentServer = mergedServers[serverName];
-        mergedServers[serverName] = currentServer && isPlainObject(currentServer)
-            ? { ...currentServer, ...serverConfig }
-            : serverConfig;
-    }
-    return {
-        providers: mergedProviders,
-        mcp: {
-            servers: mergedServers,
-        },
-    };
-}
 async function readRuntimeConfigFile(configPath) {
     try {
         const content = await fs.readFile(configPath, 'utf8');
@@ -157,7 +182,13 @@ async function readRuntimeConfigFile(configPath) {
         if (!isPlainObject(parsed)) {
             throw new Error(`Failed to parse ${configPath}: top-level value must be an object`);
         }
-        return sanitizeDefaultParamsInConfig(interpolateValue(parsed, configPath));
+        // Validate against zod schema for better error messages
+        const result = RuntimeConfigFileSchema.safeParse(parsed);
+        if (!result.success) {
+            const issues = result.error.issues.map(i => `${i.path.join('.')}: ${i.message}`).join(', ');
+            throw new Error(`Invalid runtime config in ${configPath}: ${issues}`);
+        }
+        return sanitizeDefaultParamsInConfig(interpolateValue(result.data, configPath));
     }
     catch (error) {
         if (error?.code === 'ENOENT') {
@@ -176,7 +207,7 @@ export async function loadRuntimeConfig(forceReload = false) {
         const fileConfig = await readRuntimeConfigFile(configPath);
         if (fileConfig) {
             logger.debug('Loaded runtime config', { path: configPath });
-            loaded = mergeRuntimeConfig(DEFAULT_RUNTIME_CONFIG, fileConfig);
+            loaded = fileConfig;
         }
     }
     runtimeConfigCache = loaded;

package/dist/skills.js

@@ -184,7 +184,9 @@ async function listSkillResources(skillDir) {
             }
         }
     }
-    await Promise.all(['scripts', 'references', 'assets'].map((dir) => walk(dir)));
+    for (const dir of ['scripts', 'references', 'assets']) {
+        await walk(dir);
+    }
     return files.sort();
 }
 export async function activateSkill(skillName, options = {}) {

package/dist/sub-agent.js

@@ -12,6 +12,7 @@ import { handleToolCall, getAllTools } from './tools/index.js';
 import { generateSystemPrompt } from './system-prompt.js';
 import { logger } from './utils/logger.js';
 import { clearTodos } from './tools/todo.js';
+import { calculateCost } from './utils/cost-tracker.js';
 export const subAgentTool = {
     type: 'function',
     function: {
@@ -62,7 +63,7 @@ Do NOT ask the user questions — work autonomously with the tools available.`;
         for (let i = 0; i < maxIterations; i++) {
             // Check abort at the top of each iteration
             if (abortSignal?.aborted) {
-                return { response: '(sub-agent aborted)', usage: { inputTokens: totalInputTokens, outputTokens: totalOutputTokens, cost: totalCost } };
+                return { response: '(sub-agent aborted)', usage: { inputTokens: totalInputTokens, outputTokens: totalOutputTokens, totalTokens: totalInputTokens + totalOutputTokens, estimatedCost: totalCost } };
             }
             let assistantMessage;
             let hasToolCalls = false;
@@ -99,7 +100,7 @@ Do NOT ask the user questions — work autonomously with the tools available.`;
                     if (delta?.tool_calls) {
                         hasToolCalls = true;
                         for (const tc of delta.tool_calls) {
-                            const idx = tc.index || 0;
+                            const idx = tc.index ?? 0;
                             if (!assistantMessage.tool_calls[idx]) {
                                 assistantMessage.tool_calls[idx] = {
                                     id: '',
@@ -121,25 +122,19 @@ Do NOT ask the user questions — work autonomously with the tools available.`;
                 // Accumulate usage for this iteration
                 const iterationInputTokens = actualUsage?.prompt_tokens || 0;
                 const iterationOutputTokens = actualUsage?.completion_tokens || 0;
+                const iterationCachedTokens = actualUsage?.prompt_tokens_details?.cached_tokens || 0;
                 totalInputTokens += iterationInputTokens;
                 totalOutputTokens += iterationOutputTokens;
-                // Calculate cost if pricing is available
+                // Calculate cost if pricing is available (handles cached token discount)
                 if (pricing && (iterationInputTokens > 0 || iterationOutputTokens > 0)) {
-                    const cachedTokens = actualUsage?.prompt_tokens_details?.cached_tokens;
-                    if (cachedTokens && cachedTokens > 0 && pricing.cachedPerToken != null) {
-                        const uncachedTokens = iterationInputTokens - cachedTokens;
-                        totalCost += uncachedTokens * pricing.inputPerToken + cachedTokens * pricing.cachedPerToken + iterationOutputTokens * pricing.outputPerToken;
-                    }
-                    else {
-                        totalCost += iterationInputTokens * pricing.inputPerToken + iterationOutputTokens * pricing.outputPerToken;
-                    }
+                    totalCost += calculateCost(iterationInputTokens, iterationOutputTokens, pricing, iterationCachedTokens);
                 }
             }
             catch (err) {
                 // If aborted during streaming, return gracefully
                 if (abortSignal?.aborted || (err instanceof Error && (err.name === 'AbortError' || err.message === 'Operation aborted'))) {
                     logger.debug('Sub-agent aborted during streaming');
-                    return { response: '(sub-agent aborted)', usage: { inputTokens: totalInputTokens, outputTokens: totalOutputTokens, cost: totalCost } };
+                    return { response: '(sub-agent aborted)', usage: { inputTokens: totalInputTokens, outputTokens: totalOutputTokens, totalTokens: totalInputTokens + totalOutputTokens, estimatedCost: totalCost } };
                 }
                 throw err;
             }
@@ -177,7 +172,7 @@ Do NOT ask the user questions — work autonomously with the tools available.`;
                 for (const toolCall of assistantMessage.tool_calls) {
                     // Check abort between tool calls
                     if (abortSignal?.aborted) {
-                        return { response: '(sub-agent aborted)', usage: { inputTokens: totalInputTokens, outputTokens: totalOutputTokens, cost: totalCost } };
+                        return { response: '(sub-agent aborted)', usage: { inputTokens: totalInputTokens, outputTokens: totalOutputTokens, totalTokens: totalInputTokens + totalOutputTokens, estimatedCost: totalCost } };
                     }
                     const { name, arguments: argsStr } = toolCall.function;
                     let args;
@@ -216,15 +211,15 @@ Do NOT ask the user questions — work autonomously with the tools available.`;
                     role: 'assistant',
                     content: message.content,
                 });
-                return { response: message.content, usage: { inputTokens: totalInputTokens, outputTokens: totalOutputTokens, cost: totalCost } };
+                return { response: message.content, usage: { inputTokens: totalInputTokens, outputTokens: totalOutputTokens, totalTokens: totalInputTokens + totalOutputTokens, estimatedCost: totalCost } };
             }
             // The model produced an empty text response (e.g. it only called tools
             // and issued no final summary).  Log it and return a sentinel so the
             // parent agent knows the sub-agent finished but had nothing to say.
             logger.debug('Sub-agent returned empty content', { iteration: i });
-            return { response: '(sub-agent completed with no response)', usage: { inputTokens: totalInputTokens, outputTokens: totalOutputTokens, cost: totalCost } };
+            return { response: '(sub-agent completed with no response)', usage: { inputTokens: totalInputTokens, outputTokens: totalOutputTokens, totalTokens: totalInputTokens + totalOutputTokens, estimatedCost: totalCost } };
         }
-        return { response: '(sub-agent reached iteration limit)', usage: { inputTokens: totalInputTokens, outputTokens: totalOutputTokens, cost: totalCost } };
+        return { response: '(sub-agent reached iteration limit)', usage: { inputTokens: totalInputTokens, outputTokens: totalOutputTokens, totalTokens: totalInputTokens + totalOutputTokens, estimatedCost: totalCost } };
     }
     finally {
         op.end();

package/dist/tools/bash.js

@@ -27,7 +27,9 @@ export const bashTool = {
         },
     },
 };
-// Hard-blocked commands — these CANNOT be run, even with --dangerously-skip-permissions
+// Security: Hard-blocked commands — these CANNOT be run, even with --dangerously-skip-permissions
+// Naive approach: Allow any command with user approval
+// Risk: Some commands are too destructive even with approval (rm -rf /, mkfs)
 const DANGEROUS_PATTERNS = [
     'rm -rf /',
     'sudo',
@@ -37,16 +39,27 @@ const DANGEROUS_PATTERNS = [
     'mkfs',
     'fdisk',
     'format c:',
+    '> /dev/sda', // Disk overwrite
+    'of=/dev/sda', // dd to disk
+    ':(){ :|:& };:', // Fork bomb
 ];
-// Auto-approved safe commands — read-only / informational
+// Security: Allowlist approach for safe commands
+// Naive approach: Blocklist of dangerous patterns - easily bypassed
+// Bypass examples: 's\udo', '$(which sudo)', '/bin/rm', 'sh -c "rm -rf /"'
+// Fix: Allowlist - only these specific commands run without approval
 const SAFE_COMMANDS = [
-    'pwd', 'whoami', 'date',
-    'git status', 'git log', 'git diff', 'git branch', 'git show', 'git remote',
+    'pwd', 'whoami', 'date', 'uname', 'uptime',
+    'git status', 'git log', 'git diff', 'git branch', 'git show', 'git remote -v',
     'npm list', 'npm ls', 'yarn list',
     'node --version', 'npm --version', 'python --version', 'python3 --version',
+    'which', 'type',
 ];
-const SHELL_CONTROL_PATTERN = /(^|[^\\])(?:;|&&|\|\||\||>|<|`|\$\(|\*|\?)/;
-const UNSAFE_BASH_TOKENS = new Set(['cat', 'head', 'tail', 'grep', 'rg', 'find', 'awk', 'sed', 'sort', 'uniq', 'cut', 'wc', 'tree', 'file', 'dir', 'ls', 'echo', 'which', 'type']);
+// Security: Stricter shell control pattern to catch bypass attempts
+// Naive approach: Simple regex misses many bypasses
+// Bypasses: Newlines, encoded chars, quoted operators, backticks
+const SHELL_CONTROL_PATTERN = /[;&|<>()`$\[\]{}!]/;
+// Commands that read files - require path validation
+const FILE_READING_COMMANDS = new Set(['cat', 'head', 'tail', 'grep', 'rg', 'find', 'awk', 'sed', 'sort', 'uniq', 'cut', 'wc', 'tree', 'file', 'dir', 'ls', 'echo']);
 function isDangerous(command) {
     const lower = command.toLowerCase().trim();
     return DANGEROUS_PATTERNS.some((p) => lower.includes(p));
@@ -95,24 +108,37 @@ async function isSafe(command) {
     if (!trimmed || hasShellControlOperators(trimmed)) {
         return false;
     }
+    // Security: Reject commands with newlines (bypass technique)
+    if (trimmed.includes('\n') || trimmed.includes('\r')) {
+        return false;
+    }
+    // Security: Reject escape sequences that could hide shell operators
+    if (/\\[;&|<>()`$]/.test(trimmed)) {
+        return false;
+    }
     const tokens = tokenizeCommand(trimmed);
     if (!tokens) {
         return false;
     }
     const firstWord = trimmed.split(/\s+/)[0];
-    if (UNSAFE_BASH_TOKENS.has(firstWord)) {
-        return false;
-    }
+    // Security: File-reading commands need path validation
+    // They can read any file in working directory but not outside
+    const needsPathValidation = FILE_READING_COMMANDS.has(firstWord);
+    // Check against allowlist of safe commands
     const matchedSafeCommand = SAFE_COMMANDS.some((safe) => {
         if (safe.includes(' ')) {
             return trimmed === safe || trimmed.startsWith(`${safe} `);
         }
         return firstWord === safe;
     });
-    if (!matchedSafeCommand) {
+    if (!matchedSafeCommand && !needsPathValidation) {
         return false;
     }
-    return validateCommandPaths(tokens);
+    // Security: Always validate paths for file-reading commands
+    if (needsPathValidation) {
+        return validateCommandPaths(tokens);
+    }
+    return true;
 }
 export async function runBash(command, timeoutMs = 30_000, sessionId, abortSignal) {
     // Layer 1: hard block

package/dist/tools/edit-file.js

@@ -7,7 +7,8 @@
  */
 import fs from 'node:fs/promises';
 import path from 'node:path';
-import { validatePath, getWorkingDirectory } from '../utils/path-validation.js';
+import { validatePath } from '../utils/path-validation.js';
+import { findSimilarPaths } from '../utils/path-suggestions.js';
 import { requestApproval } from '../utils/approval.js';
 import { checkReadBefore, recordRead } from '../utils/file-time.js';
 export const editFileTool = {
@@ -32,54 +33,6 @@ export const editFileTool = {
         },
     },
 };
-// ─── Path suggestion helper (mirrors read_file behaviour) ───
-async function findSimilarPaths(requestedPath) {
-    const cwd = getWorkingDirectory();
-    const segments = requestedPath.split('/').filter(Boolean);
-    const MAX_DEPTH = 6;
-    const MAX_ENTRIES = 200;
-    const MAX_SUGGESTIONS = 3;
-    const candidates = [];
-    async function walkSegments(dir, segIndex, currentPath) {
-        if (segIndex >= segments.length || segIndex >= MAX_DEPTH || candidates.length >= MAX_SUGGESTIONS)
-            return;
-        const targetSegment = segments[segIndex].toLowerCase();
-        let entries;
-        try {
-            entries = (await fs.readdir(dir, { withFileTypes: true })).slice(0, MAX_ENTRIES).map(e => e.name);
-        }
-        catch {
-            return;
-        }
-        const isLastSegment = segIndex === segments.length - 1;
-        for (const entry of entries) {
-            if (candidates.length >= MAX_SUGGESTIONS)
-                break;
-            const entryLower = entry.toLowerCase();
-            if (!entryLower.includes(targetSegment) && !targetSegment.includes(entryLower))
-                continue;
-            const entryPath = path.join(currentPath, entry);
-            const fullPath = path.join(dir, entry);
-            if (isLastSegment) {
-                try {
-                    await fs.stat(fullPath);
-                    candidates.push(entryPath);
-                }
-                catch { /* skip */ }
-            }
-            else {
-                try {
-                    const stat = await fs.stat(fullPath);
-                    if (stat.isDirectory())
-                        await walkSegments(fullPath, segIndex + 1, entryPath);
-                }
-                catch { /* skip */ }
-            }
-        }
-    }
-    await walkSegments(cwd, 0, '');
-    return candidates;
-}
 /** Strategy 1: Exact verbatim match (current behavior). */
 const exactReplacer = {
     name: 'exact',
@@ -314,6 +267,12 @@ export async function editFile(filePath, oldString, newString, expectedReplaceme
         if (staleError)
             return staleError;
     }
+    // Check file size before reading to avoid OOM on huge files
+    const stat = await fs.stat(validated);
+    const MAX_EDIT_FILE_SIZE = 2 * 1024 * 1024; // 2 MB
+    if (stat.size > MAX_EDIT_FILE_SIZE) {
+        return `Error: file is too large to edit (${(stat.size / 1024 / 1024).toFixed(1)} MB, limit is ${MAX_EDIT_FILE_SIZE / 1024 / 1024} MB).`;
+    }
     const content = await fs.readFile(validated, 'utf8');
     // Use fuzzy match cascade
     const match = findWithCascade(content, oldString, expectedReplacements);

package/dist/tools/read-file.js

@@ -4,17 +4,16 @@
  * When a file is not found, suggests similar paths to help the model
  * recover from typos without repeated failed attempts.
  */
-import fs from 'node:fs/promises';
 import { createReadStream } from 'node:fs';
 import readline from 'node:readline';
-import path from 'node:path';
-import { validatePath, getWorkingDirectory } from '../utils/path-validation.js';
+import { validatePath } from '../utils/path-validation.js';
+import { findSimilarPaths } from '../utils/path-suggestions.js';
 import { recordRead } from '../utils/file-time.js';
 export const readFileTool = {
     type: 'function',
     function: {
         name: 'read_file',
-        description: 'Read the contents of a file. Returns the file content with line numbers. Use offset and limit to read specific sections of large files.',
+        description: 'Read the contents of a file. Use offset and limit to read specific sections of large files.',
         parameters: {
             type: 'object',
             properties: {
@@ -26,68 +25,6 @@ export const readFileTool = {
         },
     },
 };
-/**
- * Find similar paths when a requested file doesn't exist.
- * Walks from the repo root, matching segments case-insensitively.
- */
-async function findSimilarPaths(requestedPath) {
-    const cwd = getWorkingDirectory();
-    const segments = requestedPath.split('/').filter(Boolean);
-    const MAX_DEPTH = 6;
-    const MAX_ENTRIES = 200;
-    const MAX_SUGGESTIONS = 3;
-    const candidates = [];
-    async function walkSegments(dir, segIndex, currentPath) {
-        if (segIndex >= segments.length || segIndex >= MAX_DEPTH || candidates.length >= MAX_SUGGESTIONS)
-            return;
-        const targetSegment = segments[segIndex].toLowerCase();
-        let entries;
-        try {
-            const dirEntries = await fs.readdir(dir, { withFileTypes: true });
-            entries = dirEntries
-                .slice(0, MAX_ENTRIES)
-                .map(e => e.name);
-        }
-        catch {
-            return;
-        }
-        const isLastSegment = segIndex === segments.length - 1;
-        for (const entry of entries) {
-            if (candidates.length >= MAX_SUGGESTIONS)
-                break;
-            const entryLower = entry.toLowerCase();
-            // Match if entry contains the target segment as a substring (case-insensitive)
-            if (!entryLower.includes(targetSegment) && !targetSegment.includes(entryLower))
-                continue;
-            const entryPath = path.join(currentPath, entry);
-            const fullPath = path.join(dir, entry);
-            if (isLastSegment) {
-                // Check if this file/dir actually exists
-                try {
-                    await fs.stat(fullPath);
-                    candidates.push(entryPath);
-                }
-                catch {
-                    // skip
-                }
-            }
-            else {
-                // Continue walking deeper
-                try {
-                    const stat = await fs.stat(fullPath);
-                    if (stat.isDirectory()) {
-                        await walkSegments(fullPath, segIndex + 1, entryPath);
-                    }
-                }
-                catch {
-                    // skip
-                }
-            }
-        }
-    }
-    await walkSegments(cwd, 0, '');
-    return candidates;
-}
 export async function readFile(filePath, offset = 0, limit = 2000, sessionId) {
     let validated;
     try {