wolverine-ai 4.4.0 → 4.5.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wolverine-ai",
-  "version": "4.4.0",
+  "version": "4.5.1",
   "description": "Self-healing Node.js server framework powered by AI. Catches crashes, diagnoses errors, generates fixes, verifies, and restarts — automatically.",
   "main": "src/index.js",
   "bin": {

package/src/agent/agent-engine.js

@@ -477,6 +477,13 @@ const BLOCKED_COMMANDS = [
   /\bnpm\s+publish\b/i,         // no accidental publishes
   /\bcurl\b.*\|\s*bash/i,       // pipe to bash
   /\beval\s*\(/i,
+  /wget.*\|\s*sh/i,             // wget pipe to shell
+  /curl.*\$\(/i,                // curl data exfiltration via command substitution
+  /cat\s+\.env/i,               // read secrets via bash
+  />\s*src\//i,                 // redirect write to src/
+  /cp\s+.*\s+src\//i,          // copy into src/
+  /tee\s+.*src\//i,            // tee into src/
+  /mv\s+.*\s+src\//i,          // move into src/
 ];
 
 class AgentEngine {
@@ -885,7 +892,7 @@ class AgentEngine {
 
         try {
           this.sandbox.resolve(fullPath);
-          const content = fs.readFileSync(fullPath, "utf-8");
+          const content = this.sandbox.readFile(fullPath);
           const lines = content.split("\n");
           const relPath = path.relative(this.cwd, fullPath).replace(/\\/g, "/");
 
@@ -946,7 +953,7 @@ class AgentEngine {
 
   _gitLog(args) {
     const count = args.count || 10;
-    const fileFilter = args.file ? ` -- ${args.file}` : "";
+    const fileFilter = args.file ? ` -- "${args.file}"` : "";
     try {
       const output = execSync(
         `git log --oneline --no-decorate -n ${count}${fileFilter}`,
@@ -960,8 +967,8 @@ class AgentEngine {
   }
 
   _gitDiff(args) {
-    const ref = args.ref || "";
-    const fileFilter = args.file ? ` -- ${args.file}` : "";
+    const ref = args.ref ? `"${args.ref}"` : "";
+    const fileFilter = args.file ? ` -- "${args.file}"` : "";
     try {
       const output = execSync(
         `git diff ${ref}${fileFilter}`,
@@ -984,6 +991,30 @@ class AgentEngine {
         return;
       }
 
+      // SSRF protection: block private/internal IPs
+      try {
+        const parsedUrl = new (require("url").URL)(url);
+        const hostname = parsedUrl.hostname;
+        const privatePatterns = [
+          /^127\./,
+          /^localhost$/i,
+          /^169\.254\.169\.254$/,
+          /^100\.100\.100\.200$/,
+          /^10\./,
+          /^172\.(1[6-9]|2\d|3[01])\./,
+          /^192\.168\./,
+          /^fd[0-9a-f]{2}:/i,
+          /^::1$/,
+        ];
+        if (privatePatterns.some(p => p.test(hostname))) {
+          resolve({ content: `BLOCKED: Cannot fetch private/internal address "${hostname}"` });
+          return;
+        }
+      } catch (e) {
+        resolve({ content: `Error parsing URL: ${e.message}` });
+        return;
+      }
+
       const client = url.startsWith("https") ? https : http;
       const req = client.get(url, { timeout: 10000 }, (res) => {
         let data = "";
@@ -1020,6 +1051,7 @@ class AgentEngine {
   _listDir(args) {
     const dirPath = path.resolve(this.cwd, args.path || ".");
     try {
+      this.sandbox.resolve(dirPath);
       const entries = fs.readdirSync(dirPath, { withFileTypes: true });
       const lines = entries.map(e => {
         try {
@@ -1066,15 +1098,18 @@ class AgentEngine {
 
   _checkEnv(args) {
     const { redact } = require("../security/secret-redactor");
+    const isSecretKey = (k) => /KEY|SECRET|TOKEN|PASSWORD|AUTH|CREDENTIAL/i.test(k);
     if (args.variable) {
       const val = process.env[args.variable];
-      const display = val ? redact(val) : "(not set)";
+      if (!val) return { content: `${args.variable}=(not set)` };
+      const display = isSecretKey(args.variable) ? "SET (redacted)" : redact(val);
       return { content: `${args.variable}=${display}` };
     }
     // List all env vars with redacted values
     const keys = Object.keys(process.env).sort();
     const lines = keys.map(k => {
       const val = process.env[k];
+      if (isSecretKey(k)) return `${k}=${val ? "SET (redacted)" : "(not set)"}`;
       return `${k}=${val && val.length > 50 ? "(set, " + val.length + " chars)" : redact(val || "")}`;
     });
     return { content: lines.join("\n") };
@@ -1101,6 +1136,9 @@ class AgentEngine {
         if (!upper.startsWith("SELECT") && !upper.startsWith("PRAGMA")) {
           return { content: "BLOCKED: inspect_db only allows SELECT/PRAGMA. Use run_db_fix for writes." };
         }
+        if (args.sql.includes(";")) {
+          return { content: "BLOCKED: inspect_db does not allow stacked queries (multiple statements separated by ';')." };
+        }
         const rows = db.prepare(args.sql).all();
         result = JSON.stringify(rows.slice(0, 50), null, 2);
         if (rows.length > 50) result += `\n... (${rows.length} total rows, showing first 50)`;
@@ -1129,7 +1167,9 @@ class AgentEngine {
 
       // Backup the DB file first
       const backupPath = dbPath + ".wolverine-backup";
-      fs.copyFileSync(dbPath, backupPath);
+      if (fs.existsSync(dbPath)) {
+        fs.copyFileSync(dbPath, backupPath);
+      }
 
       const db = new Database(dbPath);
 
@@ -1258,7 +1298,7 @@ class AgentEngine {
   }
 
   _checkLogs(args) {
-    const lines = args.lines || 50;
+    const lines = Math.max(1, Math.min(parseInt(args.lines, 10) || 50, 1000));
     const filter = args.filter || "";
     try {
       let cmd;
@@ -1291,8 +1331,9 @@ class AgentEngine {
       if (args.host) {
         try {
           const dns = require("dns");
-          const addresses = execSync(`node -e "require('dns').resolve('${args.host.replace(/'/g, "")}', (e,a) => console.log(e ? 'FAIL:'+e.code : a.join(',')))"`, { encoding: "utf-8", timeout: 5000 }).trim();
-          results.push(`DNS ${args.host}: ${addresses}`);
+          const safeHost = args.host.replace(/[^a-zA-Z0-9.:\/-_]/g, "");
+          const addresses = execSync(`node -e "require('dns').resolve('${safeHost.replace(/'/g, "")}', (e,a) => console.log(e ? 'FAIL:'+e.code : a.join(',')))"`, { encoding: "utf-8", timeout: 5000 }).trim();
+          results.push(`DNS ${safeHost}: ${addresses}`);
         } catch (e) { results.push(`DNS ${args.host}: FAILED — ${e.message}`); }
       }
       // Port check
@@ -1308,8 +1349,9 @@ class AgentEngine {
       // URL reachability
       if (args.url) {
         try {
-          const urlResult = execSync(`node -e "require('${args.url.startsWith('https') ? 'https' : 'http'}').get('${args.url.replace(/'/g, "")}', r => { console.log(r.statusCode); r.resume(); }).on('error', e => console.log('FAIL:'+e.code))"`, { encoding: "utf-8", timeout: 10000 }).trim();
-          results.push(`URL ${args.url}: ${urlResult}`);
+          const safeUrl = args.url.replace(/[^a-zA-Z0-9.:\/-_]/g, "");
+          const urlResult = execSync(`node -e "require('${safeUrl.startsWith('https') ? 'https' : 'http'}').get('${safeUrl.replace(/'/g, "")}', r => { console.log(r.statusCode); r.resume(); }).on('error', e => console.log('FAIL:'+e.code))"`, { encoding: "utf-8", timeout: 10000 }).trim();
+          results.push(`URL ${safeUrl}: ${urlResult}`);
         } catch (e) { results.push(`URL ${args.url}: FAILED — ${e.message}`); }
       }
       if (results.length === 0) results.push("Provide host, port, or url to check.");
@@ -1358,7 +1400,15 @@ class AgentEngine {
       if (fs.existsSync(binDir)) {
         for (const bin of fs.readdirSync(binDir)) {
           const target = path.join(binDir, bin);
-          try { fs.readlinkSync(target); } catch { brokenBins++; }
+          try {
+            if (process.platform === "win32") {
+              // Windows uses .cmd shims instead of symlinks
+              const cmdFile = target.endsWith(".cmd") ? target : target + ".cmd";
+              if (!fs.existsSync(cmdFile) && !fs.existsSync(target)) brokenBins++;
+            } else {
+              fs.readlinkSync(target);
+            }
+          } catch { brokenBins++; }
         }
       }
       const rec = missing.length > 5 || broken.length > 3 ? "rm -rf node_modules && npm install" : missing.length > 0 ? "npm install" : "ok";
@@ -1475,7 +1525,10 @@ class AgentEngine {
           try { execSync(`rm -rf "${t.path.replace("~", os.homedir())}"`, { timeout: 10000 }); } catch {}
         }
       }
-      const diskFree = Math.round(parseInt(execSync("df -m . | tail -1 | awk '{print $4}'", { encoding: "utf-8", cwd: this.cwd, timeout: 3000 }).trim() || "0", 10));
+      let diskFree;
+      try {
+        diskFree = Math.round(parseInt(execSync("df -m . | tail -1 | awk '{print $4}'", { encoding: "utf-8", cwd: this.cwd, timeout: 3000 }).trim() || "0", 10));
+      } catch { diskFree = "unknown"; }
       const lines = [
         `Disk free: ${diskFree}MB`,
         `Reclaimable: ${reclaimable}MB (${targets.length} targets)`,
@@ -1653,7 +1706,7 @@ class AgentEngine {
 function _simplePrompt(cwd, primaryFile) {
   return `You are Wolverine, a Node.js server repair agent. Fix the error using minimal changes.
 
-TOOLS: read_file, write_file, edit_file, glob_files, grep_code, bash_exec, done
+TOOLS: read_file, write_file, edit_file, glob_files, grep_code, bash_exec, done + 24 more diagnostic tools available
 RULES: Read the file before editing. Use edit_file for targeted fixes. Call done when finished. Use multiple tools at once when independent.
 ${primaryFile ? `File: ${primaryFile}` : ""}
 Project: ${cwd}`;
@@ -1669,7 +1722,7 @@ CRITICAL: Act fast. You have limited turns. Fix immediately when the solution is
 
 For maximum efficiency, invoke multiple independent tools simultaneously rather than sequentially.
 
-TOOLS: read_file, write_file, edit_file, glob_files, grep_code, list_dir, move_file, bash_exec, git_log, git_diff, inspect_db, run_db_fix, check_port, check_env, audit_deps, check_migration, web_fetch, done
+TOOLS: read_file, write_file, edit_file, glob_files, grep_code, list_dir, move_file, bash_exec, git_log, git_diff, inspect_db, run_db_fix, check_port, check_env, audit_deps, check_migration, web_fetch, check_memory, list_processes, check_logs, restart_service, check_network, inspect_env, verify_node_modules, inspect_certificate, inspect_cache, disk_cleanup, check_file_descriptors, check_event_loop, check_websocket, done
 
 FAST FIXES (act immediately, don't investigate):
 - Cannot find module 'X' → bash_exec: npm install X → done

package/src/brain/brain.js

@@ -118,7 +118,7 @@ const SEED_DOCS = [
     metadata: { topic: "heal-escalation" },
   },
   {
-    text: "Process manager: wolverine monitors memory (RSS/heap) every 10s, detects memory leaks (N consecutive growth samples → auto-restart), enforces memory limit (default 512MB), tracks CPU%, probes all routes every 30s, detects response time degradation trends (stable/degrading/improving). Analytics dashboard shows memory/CPU charts and per-route health.",
+    text: "Process manager: wolverine monitors memory (RSS/heap) every 10s, detects memory leaks (N consecutive growth samples → auto-restart), enforces memory limit (default 512MB), tracks CPU%, probes all routes every 30s, detects response time degradation trends (stable/degrading/improving). Adaptive rate limiter: auto-injected via error-hook.js into Fastify/Express. Three zones based on CPU + memory: GREEN (<70%) = full throughput, YELLOW (70-85%) = shed 30% of requests, RED (>85%) = reject non-essential with 503 + Retry-After. Always allows health checks and wolverine internal routes. Reserves 200MB for heal tools. Enable: WOLVERINE_ADAPTIVE_LIMIT=true (default). Disable: WOLVERINE_ADAPTIVE_LIMIT=false. Response includes X-Wolverine-Zone header.",
     metadata: { topic: "process-manager" },
   },
   {

package/src/core/error-hook.js

@@ -72,6 +72,28 @@ Module._load = function (request, parent, isMain) {
 };
 
 function _hookFastify(fastify) {
+  // Adaptive rate limiter — auto-protects based on CPU/memory pressure
+  if (process.env.WOLVERINE_ADAPTIVE_LIMIT !== "false") {
+    try {
+      const { getLimiter } = require("../monitor/adaptive-limiter");
+      const limiter = getLimiter();
+      fastify.addHook("onRequest", function (request, reply, done) {
+        if (!limiter.shouldAllow(request.url, request.headers)) {
+          const status = limiter.getStatus();
+          reply.code(503).header("Retry-After", "5").header("X-Wolverine-Zone", status.zone).send({
+            error: "Service temporarily unavailable",
+            zone: status.zone,
+            cpu: status.cpuAvg + "%",
+            memory: status.memAvg + "%",
+            retry_after: 5,
+          });
+          return;
+        }
+        done();
+      });
+    } catch {}
+  }
+
   // Wrap setErrorHandler so our IPC reporting runs BEFORE the user's handler
   const origSetError = fastify.setErrorHandler;
   let customErrorHandlerSet = false;
@@ -107,6 +129,24 @@ function _hookFastify(fastify) {
 }
 
 function _hookExpress(app) {
+  // Adaptive rate limiter for Express
+  if (process.env.WOLVERINE_ADAPTIVE_LIMIT !== "false") {
+    try {
+      const { getLimiter } = require("../monitor/adaptive-limiter");
+      const limiter = getLimiter();
+      app.use(function _wolverineAdaptiveLimiter(req, res, next) {
+        if (!limiter.shouldAllow(req.url, req.headers)) {
+          const status = limiter.getStatus();
+          res.status(503).set("Retry-After", "5").set("X-Wolverine-Zone", status.zone).json({
+            error: "Service temporarily unavailable", zone: status.zone, retry_after: 5,
+          });
+          return;
+        }
+        next();
+      });
+    } catch {}
+  }
+
   // Wrap app.listen to inject error middleware AFTER all user middleware
   const originalListen = app.listen;
   app.listen = function (...args) {

package/src/monitor/adaptive-limiter.js

@@ -0,0 +1,142 @@
+const os = require("os");
+
+/**
+ * Adaptive Rate Limiter — auto-protects server based on system resources.
+ *
+ * Injected into child server via error-hook.js. Monitors CPU and memory
+ * in real-time and throttles incoming requests when the server is under
+ * pressure, reserving ~20% headroom for wolverine's heal tools.
+ *
+ * Three zones:
+ *   GREEN  (< 70% resources) — no limiting, full throughput
+ *   YELLOW (70-85%)          — shed new connections gradually
+ *   RED    (> 85%)           — reject non-essential requests with 503
+ *
+ * Enable: WOLVERINE_ADAPTIVE_LIMIT=true (or settings.json adaptiveLimiter.enabled)
+ * Disable: WOLVERINE_ADAPTIVE_LIMIT=false (default: enabled)
+ *
+ * The limiter NEVER blocks:
+ *   - Health check routes (/health, /healthz, /ready)
+ *   - Wolverine internal routes (/api/v1/heartbeat, /api/v1/register)
+ *   - Requests with X-Wolverine-Internal header
+ */
+
+const SAMPLE_INTERVAL_MS = 5000;
+const HISTORY_SIZE = 12; // 1 minute of samples at 5s intervals
+const EXEMPT_PATHS = new Set(["/health", "/healthz", "/ready", "/api/v1/heartbeat", "/api/v1/register"]);
+
+class AdaptiveLimiter {
+  constructor(opts = {}) {
+    this.enabled = opts.enabled !== false;
+    this.thresholdYellow = opts.thresholdYellow || 70; // % — start shedding
+    this.thresholdRed = opts.thresholdRed || 85;       // % — reject non-essential
+    this.reserveMB = opts.reserveMB || 200;             // MB reserved for wolverine tools
+
+    this._cpuHistory = [];
+    this._memHistory = [];
+    this._lastCpuTimes = os.cpus().map(c => ({ idle: c.times.idle, total: Object.values(c.times).reduce((a, b) => a + b) }));
+    this._zone = "green";
+    this._requestCount = 0;
+    this._rejectedCount = 0;
+    this._timer = null;
+
+    if (this.enabled) {
+      this._timer = setInterval(() => this._sample(), SAMPLE_INTERVAL_MS);
+      this._timer.unref(); // don't prevent process exit
+    }
+  }
+
+  _sample() {
+    // CPU usage
+    const cpus = os.cpus();
+    let totalIdle = 0, totalTick = 0;
+    for (let i = 0; i < cpus.length; i++) {
+      const prev = this._lastCpuTimes[i] || { idle: 0, total: 0 };
+      const total = Object.values(cpus[i].times).reduce((a, b) => a + b);
+      const idle = cpus[i].times.idle;
+      totalIdle += idle - prev.idle;
+      totalTick += total - prev.total;
+      this._lastCpuTimes[i] = { idle, total };
+    }
+    const cpuPct = totalTick > 0 ? Math.round((1 - totalIdle / totalTick) * 100) : 0;
+
+    // Memory usage (% of total, accounting for reserve)
+    const totalMem = os.totalmem();
+    const freeMem = os.freemem();
+    const reserveBytes = this.reserveMB * 1048576;
+    const effectiveFree = Math.max(0, freeMem - reserveBytes);
+    const memPct = Math.round((1 - effectiveFree / totalMem) * 100);
+
+    this._cpuHistory.push(cpuPct);
+    this._memHistory.push(memPct);
+    if (this._cpuHistory.length > HISTORY_SIZE) this._cpuHistory.shift();
+    if (this._memHistory.length > HISTORY_SIZE) this._memHistory.shift();
+
+    // Use max of CPU and memory pressure
+    const avgCpu = this._cpuHistory.reduce((a, b) => a + b, 0) / this._cpuHistory.length;
+    const avgMem = this._memHistory.reduce((a, b) => a + b, 0) / this._memHistory.length;
+    const pressure = Math.max(avgCpu, avgMem);
+
+    if (pressure >= this.thresholdRed) this._zone = "red";
+    else if (pressure >= this.thresholdYellow) this._zone = "yellow";
+    else this._zone = "green";
+  }
+
+  /**
+   * Middleware function for Fastify (onRequest hook) or Express.
+   * Returns true if request should be allowed, false if rejected.
+   */
+  shouldAllow(url, headers) {
+    if (!this.enabled) return true;
+
+    this._requestCount++;
+
+    // Always allow exempt paths and internal requests
+    const path = (url || "").split("?")[0];
+    if (EXEMPT_PATHS.has(path)) return true;
+    if (headers?.["x-wolverine-internal"]) return true;
+
+    if (this._zone === "green") return true;
+
+    if (this._zone === "yellow") {
+      // Probabilistic shedding — reject ~30% of requests
+      if (Math.random() < 0.3) {
+        this._rejectedCount++;
+        return false;
+      }
+      return true;
+    }
+
+    // RED zone — reject all non-exempt
+    this._rejectedCount++;
+    return false;
+  }
+
+  /**
+   * Get current limiter status for health endpoints / dashboard.
+   */
+  getStatus() {
+    return {
+      enabled: this.enabled,
+      zone: this._zone,
+      cpuAvg: this._cpuHistory.length > 0 ? Math.round(this._cpuHistory.reduce((a, b) => a + b, 0) / this._cpuHistory.length) : 0,
+      memAvg: this._memHistory.length > 0 ? Math.round(this._memHistory.reduce((a, b) => a + b, 0) / this._memHistory.length) : 0,
+      totalRequests: this._requestCount,
+      rejectedRequests: this._rejectedCount,
+      reserveMB: this.reserveMB,
+    };
+  }
+
+  stop() {
+    if (this._timer) { clearInterval(this._timer); this._timer = null; }
+  }
+}
+
+// Singleton — shared across the child process
+let _instance = null;
+function getLimiter(opts) {
+  if (!_instance) _instance = new AdaptiveLimiter(opts);
+  return _instance;
+}
+
+module.exports = { AdaptiveLimiter, getLimiter };