wolverine-ai 1.0.0

package/src/core/verifier.js

@@ -0,0 +1,146 @@
+const { spawn } = require("child_process");
+const chalk = require("chalk");
+
+/**
+ * Fix Verifier — validates that a patch actually fixes the error
+ * by running the script in a short-lived probe process.
+ *
+ * Verification strategies:
+ * 1. SYNTAX CHECK: Run `node --check` to verify no syntax errors
+ * 2. BOOT PROBE:   Start the process and wait for it to either crash or stay alive
+ * 3. ERROR MATCH:  If it crashes, check if it's the SAME error (fix didn't work)
+ *                  or a DIFFERENT error (fix worked but new problem)
+ */
+
+// How long to wait for the process to boot before considering it alive
+const BOOT_PROBE_TIMEOUT_MS = 10000; // 10 seconds
+
+/**
+ * Run a syntax check on a file using `node --check`.
+ * Returns { valid: boolean, error?: string }
+ */
+function syntaxCheck(scriptPath) {
+  return new Promise((resolve) => {
+    const child = spawn("node", ["--check", scriptPath], {
+      stdio: ["ignore", "ignore", "pipe"],
+      timeout: 5000,
+    });
+
+    let stderr = "";
+    child.stderr.on("data", (data) => { stderr += data.toString(); });
+
+    child.on("exit", (code) => {
+      resolve({
+        valid: code === 0,
+        error: code !== 0 ? stderr.trim() : undefined,
+      });
+    });
+
+    child.on("error", (err) => {
+      resolve({ valid: false, error: err.message });
+    });
+  });
+}
+
+/**
+ * Boot probe — start the process and see if it stays alive or crashes.
+ *
+ * Returns:
+ * - { status: "alive" }              — process booted and stayed alive for BOOT_PROBE_TIMEOUT_MS
+ * - { status: "crashed", stderr, sameError: boolean } — crashed, with comparison to original error
+ */
+function bootProbe(scriptPath, cwd, originalErrorSignature) {
+  return new Promise((resolve) => {
+    let stderr = "";
+    let settled = false;
+
+    // Use an ephemeral port for the probe so it doesn't conflict with the real server
+    const probeEnv = { ...process.env, PORT: "0", WOLVERINE_PROBE: "1" };
+
+    const child = spawn("node", [scriptPath], {
+      cwd,
+      env: probeEnv,
+      stdio: ["ignore", "ignore", "pipe"],
+    });
+
+    child.stderr.on("data", (data) => { stderr += data.toString(); });
+
+    // If the process crashes within the timeout, the fix may not have worked
+    child.on("exit", (code) => {
+      if (settled) return;
+      settled = true;
+
+      if (code === 0) {
+        resolve({ status: "alive" });
+        return;
+      }
+
+      // Check if it's the same error
+      const sameError = originalErrorSignature &&
+        stderr.includes(originalErrorSignature.split("::").pop().trim());
+
+      resolve({
+        status: "crashed",
+        stderr,
+        sameError,
+        exitCode: code,
+      });
+    });
+
+    child.on("error", (err) => {
+      if (settled) return;
+      settled = true;
+      resolve({ status: "crashed", stderr: err.message, sameError: false, exitCode: null });
+    });
+
+    // If the process is still alive after the timeout, consider it good
+    setTimeout(() => {
+      if (settled) return;
+      settled = true;
+      child.kill("SIGTERM");
+      resolve({ status: "alive" });
+    }, BOOT_PROBE_TIMEOUT_MS);
+  });
+}
+
+/**
+ * Full verification pipeline.
+ *
+ * Returns:
+ * - { verified: true,  status: "fixed" }        — fix works, no crash
+ * - { verified: false, status: "same-error" }    — same error, fix didn't work → rollback
+ * - { verified: false, status: "new-error" }     — different error, fix broke something else → rollback
+ * - { verified: false, status: "syntax-error" }  — introduced syntax error → rollback
+ */
+async function verifyFix(scriptPath, cwd, originalErrorSignature) {
+  console.log(chalk.yellow("\n🔬 Verifying fix...\n"));
+
+  // Step 1: Syntax check
+  console.log(chalk.gray("  [1/2] Syntax check..."));
+  const syntax = await syntaxCheck(scriptPath);
+  if (!syntax.valid) {
+    console.log(chalk.red(`  ❌ Syntax error introduced by fix:\n      ${syntax.error}`));
+    return { verified: false, status: "syntax-error", error: syntax.error };
+  }
+  console.log(chalk.green("  ✅ Syntax OK"));
+
+  // Step 2: Boot probe
+  console.log(chalk.gray("  [2/2] Boot probe (watching for crashes)..."));
+  const probe = await bootProbe(scriptPath, cwd, originalErrorSignature);
+
+  if (probe.status === "alive") {
+    console.log(chalk.green("  ✅ Process booted successfully and stayed alive."));
+    return { verified: true, status: "fixed" };
+  }
+
+  // It crashed
+  if (probe.sameError) {
+    console.log(chalk.red("  ❌ Same error occurred — fix did not resolve the issue."));
+    return { verified: false, status: "same-error", stderr: probe.stderr };
+  }
+
+  console.log(chalk.red("  ❌ A different error occurred — fix may have introduced a new bug."));
+  return { verified: false, status: "new-error", stderr: probe.stderr };
+}
+
+module.exports = { verifyFix, syntaxCheck, bootProbe, BOOT_PROBE_TIMEOUT_MS };

package/src/core/wolverine.js

@@ -0,0 +1,290 @@
+const chalk = require("chalk");
+const { parseError } = require("./error-parser");
+const { requestRepair, getClient } = require("./ai-client");
+const { getModel } = require("./models");
+const { applyPatch } = require("./patcher");
+const { verifyFix } = require("./verifier");
+const { Sandbox, SandboxViolationError } = require("../security/sandbox");
+const { RateLimiter } = require("../security/rate-limiter");
+const { detectInjection } = require("../security/injection-detector");
+const { BackupManager } = require("../backup/backup-manager");
+const { AgentEngine } = require("../agent/agent-engine");
+const { ResearchAgent } = require("../agent/research-agent");
+const { GoalLoop } = require("../agent/goal-loop");
+const { exploreAndFix, spawnParallel } = require("../agent/sub-agents");
+const { EVENT_TYPES } = require("../logger/event-logger");
+
+/**
+ * The Wolverine healing engine — v3.
+ *
+ * Two repair modes:
+ * 1. FAST PATH: Single-file fix (simple errors, uses CODING_MODEL)
+ * 2. AGENT PATH: Multi-file agent with tool use (complex errors, uses REASONING_MODEL)
+ *
+ * The engine tries fast path first. If that fails verification, it escalates to the agent.
+ */
+async function heal({ stderr, cwd, sandbox, redactor, notifier, rateLimiter, backupManager, logger, brain, mcp, skills, repairHistory }) {
+  const healStartTime = Date.now();
+  // Redact secrets from stderr BEFORE any processing, logging, or AI calls
+  const safeStderr = redactor ? redactor.redact(stderr) : stderr;
+
+  if (logger) logger.info(EVENT_TYPES.HEAL_START, "Wolverine detected a crash", { stderr: safeStderr.slice(0, 500) });
+  console.log(chalk.yellow("\n🐺 Wolverine detected a crash. Analyzing...\n"));
+
+  // 1. Parse the error (use original for file path extraction, redacted for everything else)
+  const parsed = parseError(stderr);
+  const errorSignature = RateLimiter.signature(parsed.errorMessage, parsed.filePath);
+
+  // Redact the parsed fields — these go to AI, brain, and logs
+  if (redactor) {
+    parsed.errorMessage = redactor.redact(parsed.errorMessage);
+    parsed.stackTrace = redactor.redact(parsed.stackTrace);
+  }
+
+  if (redactor && redactor.containsSecrets(stderr)) {
+    console.log(chalk.yellow("  🔐 Secrets detected in error output — redacted before AI/brain/logs"));
+  }
+
+  if (logger) logger.debug(EVENT_TYPES.HEAL_PARSE, `Parsed: ${parsed.errorMessage}`, { file: parsed.filePath, line: parsed.line });
+
+  if (!parsed.filePath) {
+    console.log(chalk.red("  Could not identify the source file from the error. Skipping repair."));
+    if (logger) logger.error(EVENT_TYPES.HEAL_FAILED, "Could not parse file path from error");
+    return { healed: false, explanation: "Could not parse file path from error" };
+  }
+
+  // 2. Sandbox check
+  try {
+    sandbox.resolve(parsed.filePath);
+  } catch (e) {
+    if (e instanceof SandboxViolationError) {
+      console.log(chalk.red(`  🔒 SANDBOX: ${e.message}`));
+      if (logger) logger.error(EVENT_TYPES.SECURITY_SANDBOX_VIOLATION, e.message, { file: parsed.filePath });
+      return { healed: false, explanation: "File outside sandbox — access denied" };
+    }
+    throw e;
+  }
+
+  if (!sandbox.exists(parsed.filePath)) {
+    console.log(chalk.red(`  Source file not found: ${parsed.filePath}`));
+    return { healed: false, explanation: "Source file not found" };
+  }
+
+  console.log(chalk.cyan(`  File:  ${parsed.filePath}`));
+  console.log(chalk.cyan(`  Line:  ${parsed.line || "unknown"}`));
+  console.log(chalk.cyan(`  Error: ${parsed.errorMessage}`));
+
+  // 3. Rate limit check
+  const rateCheck = rateLimiter.check(errorSignature);
+  if (!rateCheck.allowed) {
+    console.log(chalk.red(`  ⏱️  ${rateCheck.reason}`));
+    if (logger) logger.warn(EVENT_TYPES.SECURITY_RATE_LIMITED, rateCheck.reason, { errorSignature });
+    return { healed: false, explanation: rateCheck.reason, waitMs: rateCheck.waitMs };
+  }
+
+  // 4. Prompt injection scan
+  console.log(chalk.gray(`  🛡️  Scanning for prompt injection (${getModel("audit")})...`));
+  let openaiClient = null;
+  try { openaiClient = getClient(); } catch { /* will fail later */ }
+
+  const injectionResult = await detectInjection(parsed.errorMessage, parsed.stackTrace, { openaiClient });
+
+  if (logger) logger.info(EVENT_TYPES.HEAL_INJECTION_SCAN, `Injection scan: ${injectionResult.safe ? "clean" : "BLOCKED"}`, injectionResult);
+
+  if (!injectionResult.safe) {
+    console.log(chalk.red("  🚨 BLOCKED: Potential prompt injection detected."));
+    if (logger) logger.critical(EVENT_TYPES.SECURITY_INJECTION_DETECTED, "Injection detected — repair blocked", injectionResult);
+    return { healed: false, explanation: "Prompt injection detected — repair blocked" };
+  }
+  console.log(chalk.green("  ✅ Clean — no injection detected."));
+
+  // 4b. Check if this is a human-required issue (expired keys, billing, etc.)
+  if (notifier) {
+    const notification = await notifier.notify(parsed.errorMessage, parsed.stackTrace);
+    if (notification) {
+      // This is not AI-fixable — don't waste tokens, just notify the human
+      return {
+        healed: false,
+        explanation: `Human action required [${notification.category}]: ${notification.summary}`,
+        notification,
+      };
+    }
+  }
+
+  // 5. Read the source file + get brain context
+  const sourceCode = sandbox.readFile(parsed.filePath);
+
+  let brainContext = "";
+  // Inject relevant skill context (claw-code: pre-enrich prompt with matched tools)
+  if (skills) {
+    const skillCtx = skills.buildContext(parsed.errorMessage);
+    if (skillCtx) brainContext += skillCtx + "\n";
+  }
+  if (brain && brain._initialized) {
+    try {
+      brainContext += await brain.getContext(parsed.errorMessage);
+      if (brainContext) {
+        console.log(chalk.gray(`  🧠 Brain + skills: ${brainContext.split("\n").length} lines of context`));
+      }
+      // Remember the error
+      await brain.remember("errors", `Error in ${parsed.filePath}:${parsed.line}: ${parsed.errorMessage}\n${parsed.stackTrace?.slice(0, 300) || ""}`, {
+        file: parsed.filePath,
+        line: parsed.line,
+        error: parsed.errorMessage,
+      });
+    } catch { /* non-fatal */ }
+  }
+
+  // 6. Research — check past attempts to avoid loops
+  const researcher = new ResearchAgent({ brain, logger, redactor });
+  let researchContext = "";
+  try {
+    researchContext = await researcher.buildFixContext(parsed.errorMessage);
+    if (researchContext) console.log(chalk.gray(`  🔍 Research: found past context for this error`));
+  } catch {}
+
+  // 7. Goal Loop — set goal, iterate until fixed or exhausted
+  // Iteration 1: fast path (CODING_MODEL)
+  // Iteration 2: agent path (REASONING_MODEL)
+  // Iteration 3: deep research (RESEARCH_MODEL) + agent retry
+  const loop = new GoalLoop({
+    maxIterations: parseInt(process.env.WOLVERINE_MAX_RETRIES, 10) || 3,
+    researcher,
+    logger,
+    goal: `Fix: ${parsed.errorMessage.slice(0, 80)}`,
+
+    onAttempt: async (iteration, researchCtx) => {
+      // Create backup for this attempt
+      // Full server/ backup — includes all files, configs, databases
+      const bid = backupManager.createBackup(null);
+      backupManager.setErrorSignature(bid, errorSignature);
+      if (logger) logger.info(EVENT_TYPES.BACKUP_CREATED, `Backup ${bid} (iteration ${iteration})`, { backupId: bid });
+
+      const fullContext = [brainContext, researchContext, researchCtx].filter(Boolean).join("\n");
+
+      let result;
+      if (iteration === 1) {
+        // Fast path — CODING_MODEL, single file
+        console.log(chalk.yellow(`  🧠 Fast path (${getModel("coding")})...`));
+        try {
+          const repair = await requestRepair({
+            filePath: parsed.filePath, sourceCode,
+            errorMessage: parsed.errorMessage, stackTrace: parsed.stackTrace,
+          });
+          rateLimiter.record(errorSignature);
+
+          const sandboxCheck = sandbox.validateChanges(repair.changes);
+          if (!sandboxCheck.valid) throw new Error("Changes outside sandbox");
+
+          const patchResults = applyPatch(repair.changes, cwd, sandbox);
+          if (!patchResults.every(r => r.success)) throw new Error("Patch failed");
+
+          for (const r of patchResults) console.log(chalk.green(`  ✅ Patched: ${r.file}`));
+
+          const verification = await verifyFix(parsed.filePath, cwd, errorSignature);
+          if (verification.verified) {
+            backupManager.markVerified(bid);
+            rateLimiter.clearSignature(errorSignature);
+            return { healed: true, explanation: repair.explanation, backupId: bid, mode: "fast" };
+          }
+
+          backupManager.rollbackTo(bid);
+          return { healed: false, explanation: `Fast path: ${verification.status}` };
+        } catch (err) {
+          backupManager.rollbackTo(bid);
+          return { healed: false, explanation: `Fast path error: ${err.message}` };
+        }
+      } else if (iteration === 2) {
+        // Iteration 2: Single agent — REASONING_MODEL
+        console.log(chalk.magenta(`  🤖 Agent path (${getModel("reasoning")})...`));
+        const agent = new AgentEngine({
+          sandbox, logger, cwd, mcp,
+          maxTurns: 8,
+          maxTokens: 25000,
+        });
+
+        const agentResult = await agent.run({
+          errorMessage: parsed.errorMessage, stackTrace: parsed.stackTrace,
+          primaryFile: parsed.filePath, sourceCode,
+          brainContext: fullContext,
+        });
+        rateLimiter.record(errorSignature, agentResult.totalTokens);
+
+        if (agentResult.success && agentResult.filesModified.length > 0) {
+          const verification = await verifyFix(parsed.filePath, cwd, errorSignature);
+          if (verification.verified) {
+            backupManager.markVerified(bid);
+            rateLimiter.clearSignature(errorSignature);
+            return { healed: true, explanation: agentResult.summary, backupId: bid, mode: "agent", agentStats: agentResult };
+          }
+        }
+
+        backupManager.rollbackTo(bid);
+        return { healed: false, explanation: agentResult.summary || "Agent could not fix" };
+      } else {
+        // Iteration 3+: Sub-agents — explore → plan → fix (divide and conquer)
+        console.log(chalk.magenta(`  🤖 Sub-agent path (explore → plan → fix)...`));
+
+        const subResult = await exploreAndFix(
+          `Error: ${parsed.errorMessage}\nFile: ${parsed.filePath}\nStack: ${parsed.stackTrace?.slice(0, 300)}`,
+          { sandbox, logger, cwd, mcp, brainContext: fullContext }
+        );
+        rateLimiter.record(errorSignature, subResult.totalTokens);
+
+        if (subResult.success && subResult.filesModified.length > 0) {
+          const verification = await verifyFix(parsed.filePath, cwd, errorSignature);
+          if (verification.verified) {
+            backupManager.markVerified(bid);
+            rateLimiter.clearSignature(errorSignature);
+            return { healed: true, explanation: subResult.summary, backupId: bid, mode: "sub-agents", agentStats: subResult };
+          }
+        }
+
+        backupManager.rollbackTo(bid);
+        return { healed: false, explanation: subResult.summary || "Sub-agents could not fix" };
+      }
+    },
+  });
+
+  const goalResult = await loop.run({
+    errorMessage: parsed.errorMessage,
+    filePath: parsed.filePath,
+    cwd,
+  });
+
+  backupManager.prune();
+
+  // Record to repair history
+  if (repairHistory) {
+    const duration = Date.now() - healStartTime;
+    const tokenUsage = goalResult.agentStats?.totalTokens || 0;
+    const { calculateCost } = require("../logger/pricing");
+    const model = goalResult.mode === "fast" ? getModel("coding") : getModel("reasoning");
+    const cost = calculateCost(model, tokenUsage * 0.7, tokenUsage * 0.3); // estimate in/out split
+
+    repairHistory.record({
+      error: parsed.errorMessage,
+      file: parsed.filePath,
+      line: parsed.line,
+      resolution: goalResult.explanation,
+      success: goalResult.success,
+      mode: goalResult.mode || "unknown",
+      model,
+      tokens: tokenUsage,
+      cost: cost.total,
+      iteration: goalResult.iteration,
+      duration,
+      filesModified: goalResult.agentStats?.filesModified || [],
+    });
+  }
+
+  if (goalResult.success) {
+    if (logger) logger.info(EVENT_TYPES.HEAL_SUCCESS, goalResult.explanation, { iteration: goalResult.iteration, mode: goalResult.mode });
+    return { healed: true, ...goalResult };
+  }
+
+  if (logger) logger.error(EVENT_TYPES.HEAL_FAILED, `Goal failed after ${goalResult.iteration} iterations`, { attempts: goalResult.attempts });
+  return { healed: false, explanation: goalResult.explanation };
+}
+
+module.exports = { heal };