wolverine-ai 3.7.2 → 3.7.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/bin/wolverine.js +2 -1
  2. package/package.json +1 -1
  3. package/src/agent/agent-engine.js +2 -2
  4. package/src/core/config.js +1 -0
  5. package/src/core/models.js +5 -2
  6. package/src/security/injection-detector.js +22 -4
package/bin/wolverine.js CHANGED
@@ -144,9 +144,10 @@ console.log(chalk.yellow.bold("\n 🐺 Wolverine Node.js — Autonomous Server
144
144
  logSystemInfo(systemInfo);
145
145
  console.log("");
146
146
 
147
- console.log(chalk.bold(" Models:"));
147
+ console.log(chalk.bold(` Models (${config.provider}):`));
148
148
  logModelConfig(chalk);
149
149
  console.log("");
150
+ console.log(chalk.gray(` Provider: ${config.provider}`));
150
151
  console.log(chalk.gray(` Script: ${scriptPath}`));
151
152
  console.log(chalk.gray(` Port: ${config.server.port}`));
152
153
  console.log(chalk.gray(` Retries: ${config.server.maxRetries}`));
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "wolverine-ai",
3
- "version": "3.7.2",
3
+ "version": "3.7.4",
4
4
  "description": "Self-healing Node.js server framework powered by AI. Catches crashes, diagnoses errors, generates fixes, verifies, and restarts — automatically.",
5
5
  "main": "src/index.js",
6
6
  "bin": {
package/src/agent/agent-engine.js CHANGED
@@ -414,7 +414,7 @@ class AgentEngine {
414
414
  }
415
415
 
416
416
  let response;
417
- const AI_CALL_TIMEOUT_MS = 45000; // 45s per API call — prevents indefinite hangs
417
+ const AI_CALL_TIMEOUT_MS = parseInt(process.env.WOLVERINE_AI_CALL_TIMEOUT_MS, 10) || 90000; // 90s per API call — self-hosted GPU needs more time
418
418
  try {
419
419
  response = await Promise.race([
420
420
  aiCallWithHistory({
@@ -423,7 +423,7 @@ class AgentEngine {
423
423
  tools: allTools,
424
424
  maxTokens: 4096,
425
425
  }),
426
- new Promise((_, reject) => setTimeout(() => reject(new Error("AI call timed out after 45s")), AI_CALL_TIMEOUT_MS)),
426
+ new Promise((_, reject) => setTimeout(() => reject(new Error(`AI call timed out after ${AI_CALL_TIMEOUT_MS / 1000}s`)), AI_CALL_TIMEOUT_MS)),
427
427
  ]);
428
428
  } catch (err) {
429
429
  console.log(chalk.red(` Agent API error: ${err.message}`));
package/src/core/config.js CHANGED
@@ -43,6 +43,7 @@ function loadConfig() {
43
43
  classifier: process.env.CLASSIFIER_MODEL || modelSource.classifier || "gpt-4o-mini",
44
44
  audit: process.env.AUDIT_MODEL || modelSource.audit || "gpt-4o-mini",
45
45
  compacting: process.env.COMPACTING_MODEL || modelSource.compacting || "gpt-4o-mini",
46
+ utility: process.env.COMPACTING_MODEL || modelSource.compacting || "gpt-4o-mini",
46
47
  research: process.env.RESEARCH_MODEL || modelSource.research || "gpt-4o",
47
48
  embedding: process.env.TEXT_EMBEDDING_MODEL || modelSource.embedding || "text-embedding-3-small",
48
49
  },
package/src/core/models.js CHANGED
@@ -119,9 +119,12 @@ function getModel(role) {
119
119
  function getModelConfig() {
120
120
  const config = {};
121
121
  for (const [role, def] of Object.entries(MODEL_ROLES)) {
122
+ const resolved = getModel(role);
123
+ const fromEnv = !!process.env[def.envKey];
124
+ const fromDefault = resolved === def.default;
122
125
  config[role] = {
123
- model: process.env[def.envKey] || def.default,
124
- source: process.env[def.envKey] ? "env" : "default",
126
+ model: resolved,
127
+ source: fromEnv ? "env" : fromDefault ? "default" : "settings",
125
128
  tier: def.tier,
126
129
  };
127
130
  }
package/src/security/injection-detector.js CHANGED
@@ -98,13 +98,31 @@ Respond with ONLY valid JSON:
98
98
  category: "audit",
99
99
  });
100
100
 
101
- const content = result.content;
102
- const cleaned = content.replace(/^```(?:json)?\n?/, "").replace(/\n?```$/, "");
101
+ const content = (result.content || "").trim();
102
+ // Strip markdown code blocks, thinking tags, and any prefix text
103
+ let cleaned = content
104
+ .replace(/^```(?:json)?\s*/gm, "")
105
+ .replace(/```\s*$/gm, "")
106
+ .replace(/<\|channel>.*?<channel\|>/gs, "") // Gemma thinking tags
107
+ .replace(/<\|think\|>[\s\S]*?<\|\/think\|>/g, "") // thinking blocks
108
+ .trim();
109
+
110
+ // Extract JSON object from response (might have text before/after)
111
+ const jsonMatch = cleaned.match(/\{[\s\S]*"safe"\s*:\s*(true|false)[\s\S]*\}/);
112
+ if (jsonMatch) cleaned = jsonMatch[0];
103
113
 
104
114
  try {
105
- return JSON.parse(cleaned);
115
+ const parsed = JSON.parse(cleaned);
116
+ return parsed;
106
117
  } catch {
107
- return { safe: false, risk_level: "medium", explanation: "Could not parse safety scan response" };
118
+ // If the response contains "safe" as text, infer the result
119
+ if (/\bsafe\b.*\btrue\b/i.test(content) || /\bnone\b.*\brisk/i.test(content)) {
120
+ return { safe: true, risk_level: "none", explanation: "Inferred safe from unparseable response" };
121
+ }
122
+ // Default to SAFE for parse failures — blocking heals on bad JSON is worse than allowing a safe error through
123
+ // The regex layer already caught obvious injection patterns
124
+ console.log(chalk.yellow(` ⚠️ AI audit: could not parse response, defaulting to safe`));
125
+ return { safe: true, risk_level: "none", explanation: "Could not parse safety scan — defaulting safe (regex layer passed)" };
108
126
  }
109
127
  }
110
128