wolverine-ai 4.6.1 → 4.7.0

package/bin/wolverine.js

@@ -4,6 +4,16 @@ const path = require("path");
 const dotenv = require("dotenv");
 const chalk = require("chalk");
 
+// Global error handlers — prevent parent process death from unhandled errors
+process.on("uncaughtException", (err) => {
+  console.error(chalk.red(`\n  ⚠️  Uncaught exception (wolverine survived): ${err.message}`));
+  console.error(chalk.gray(`  ${err.stack?.split("\n")[1]?.trim() || ""}`));
+});
+process.on("unhandledRejection", (reason) => {
+  const msg = reason instanceof Error ? reason.message : String(reason);
+  console.error(chalk.red(`\n  ⚠️  Unhandled rejection (wolverine survived): ${msg}`));
+});
+
 // Load secrets
 dotenv.config({ path: path.resolve(process.cwd(), ".env.local") });
 dotenv.config({ path: path.resolve(process.cwd(), ".env") });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wolverine-ai",
-  "version": "4.6.1",
+  "version": "4.7.0",
   "description": "Self-healing Node.js server framework powered by AI. Catches crashes, diagnoses errors, generates fixes, verifies, and restarts — automatically.",
   "main": "src/index.js",
   "bin": {
@@ -58,14 +58,14 @@
     "diff": "^7.0.0",
     "dotenv": "^16.4.7",
     "fastify": "^5.8.4",
-    "ioredis": "^5.0.0",
-    "openai": "^4.73.0",
-    "pg": "^8.0.0"
+    "openai": "^4.73.0"
   },
   "optionalDependencies": {
     "@privy-io/server-auth": "1.14.0",
     "better-sqlite3": "^11.0.0",
     "ethers": "^6.0.0",
+    "ioredis": "^5.0.0",
+    "pg": "^8.0.0",
     "stripe": "^18.0.0"
   },
   "engines": {

package/src/agent/agent-engine.js

@@ -544,6 +544,16 @@ function _detectSandboxEscape(cmd, cwd) {
     return "curl uploading local file (potential data exfiltration)";
   }
 
+  // 6. Environment variable dumping to file/network (staging attack via /tmp)
+  if (/\b(env|printenv|set)\s*>/.test(c) || /\b(env|printenv)\s*\|/.test(c)) {
+    return "Environment variable dump detected (exfiltration risk)";
+  }
+
+  // 7. Reading secrets and piping to network
+  if (/cat\s+.*\.(env|key|pem|crt)\s*\|/.test(c) || /cat\s+.*secret.*\|/.test(c)) {
+    return "Reading sensitive file and piping to output";
+  }
+
   return null; // safe
 }
 
@@ -1075,6 +1085,10 @@ class AgentEngine {
           /^192\.168\./,
           /^fd[0-9a-f]{2}:/i,
           /^::1$/,
+          /^0\.0\.0\.0$/,
+          /^0\./,
+          /^\[::1\]$/,
+          /^metadata\.google\.internal$/i,
         ];
         if (privatePatterns.some(p => p.test(hostname))) {
           resolve({ content: `BLOCKED: Cannot fetch private/internal address "${hostname}"` });

package/src/core/runner.js

@@ -710,14 +710,16 @@ class WolverineRunner {
     }
     this._healInProgress = true;
 
-    // #8: Safety timeout — if heal hangs, force-release the lock after 6 minutes
+    // Safety timeout — must be strictly greater than heal()'s 5-min timeout to avoid concurrent heals
+    const HEAL_TIMEOUT_MS = parseInt(process.env.WOLVERINE_HEAL_TIMEOUT_MS, 10) || 300000;
+    const safetyMs = HEAL_TIMEOUT_MS + 30000; // heal timeout + 30s grace
     const healTimeout = setTimeout(() => {
       if (this._healInProgress) {
-        console.log(chalk.red(`  ⚠️  _healFromError safety timeout (6min) — releasing heal lock`));
+        console.log(chalk.red(`  ⚠️  _healFromError safety timeout (${Math.round(safetyMs / 60000)}min) — releasing heal lock`));
         this._healInProgress = false;
         this._healStatus = null;
       }
-    }, 360000);
+    }, safetyMs);
 
     console.log(chalk.yellow(`\n🐺 Wolverine healing caught error on ${routePath}...`));
     this._healStatus = { active: true, route: routePath, error: errorDetails?.message?.slice(0, 200), phase: "diagnosing", startedAt: Date.now() };

package/src/core/wolverine.js

@@ -249,27 +249,35 @@ async function _healImpl({ stderr, cwd, sandbox, notifier, rateLimiter, backupMa
     } catch {}
   }
 
-  // 7. Classify error complexity — CLASSIFIER_MODEL determines strategy
+  // 7. Classify error complexity — regex first (fast, free), AI only when uncertain
   let errorComplexity = "moderate";
-  try {
-    const classifyResult = await aiCall({
-      model: getModel("classifier"),
-      systemPrompt: "You classify Node.js errors. Respond with ONLY one word: SIMPLE, MODERATE, or COMPLEX.",
-      userPrompt: `Classify this error:\n${parsed.errorMessage}\n\nFile: ${parsed.filePath || "unknown"}\nType: ${parsed.errorType || "unknown"}`,
-      maxTokens: 10,
-      category: "classifier",
-    });
-    const word = (classifyResult.content || "").trim().toUpperCase();
-    if (word.includes("SIMPLE")) errorComplexity = "simple";
-    else if (word.includes("COMPLEX")) errorComplexity = "complex";
-    else errorComplexity = "moderate";
-    console.log(chalk.gray(`  🏷️  Classifier: ${errorComplexity}`));
-  } catch {
-    // Fallback to regex classification
-    if (/TypeError|ReferenceError|SyntaxError|Cannot find module/.test(parsed.errorMessage)) errorComplexity = "simple";
-    else if (/ECONNREFUSED|timeout|ENOENT|EACCES/.test(parsed.errorMessage)) errorComplexity = "moderate";
-    else errorComplexity = "complex";
-    console.log(chalk.gray(`  🏷️  Classifier (fallback): ${errorComplexity}`));
+  const isObviouslySimple = /TypeError|ReferenceError|SyntaxError|Cannot find module|Cannot read prop/.test(parsed.errorMessage);
+  const isObviouslyModerate = /ECONNREFUSED|timeout|ENOENT|EACCES|EADDRINUSE|ENOSPC|EMFILE/.test(parsed.errorMessage);
+  if (isObviouslySimple) {
+    errorComplexity = "simple";
+    console.log(chalk.gray(`  🏷️  Classifier (fast): simple`));
+  } else if (isObviouslyModerate) {
+    errorComplexity = "moderate";
+    console.log(chalk.gray(`  🏷️  Classifier (fast): moderate`));
+  } else {
+    // Uncertain — use AI classifier
+    try {
+      const classifyResult = await aiCall({
+        model: getModel("classifier"),
+        systemPrompt: "You classify Node.js errors. Respond with ONLY one word: SIMPLE, MODERATE, or COMPLEX.",
+        userPrompt: `Classify this error:\n${parsed.errorMessage}\n\nFile: ${parsed.filePath || "unknown"}\nType: ${parsed.errorType || "unknown"}`,
+        maxTokens: 10,
+        category: "classifier",
+      });
+      const word = (classifyResult.content || "").trim().toUpperCase();
+      if (word.includes("SIMPLE")) errorComplexity = "simple";
+      else if (word.includes("COMPLEX")) errorComplexity = "complex";
+      else errorComplexity = "moderate";
+      console.log(chalk.gray(`  🏷️  Classifier (AI): ${errorComplexity}`));
+    } catch {
+      errorComplexity = "complex"; // unknown = treat as complex to be safe
+      console.log(chalk.gray(`  🏷️  Classifier (fallback): complex`));
+    }
   }
 
   // 7b. Research — look up past fixes AND search for solutions
@@ -687,13 +695,15 @@ async function tryOperationalFix(parsed, cwd, logger, sandbox) {
     } catch {}
   }
 
-  // Pattern 6: EMFILE — too many open files, try raising ulimit
+  // Pattern 6: EMFILE — too many open files
   if (/EMFILE|ENFILE/.test(msg)) {
+    // Close stale file handles by clearing node_modules/.cache and restarting
     try {
-      if (process.platform !== "win32") {
-        execSync("ulimit -n 65536 2>/dev/null || true", { cwd, stdio: "pipe", timeout: 3000 });
-        console.log(chalk.blue("  📂 Raised file descriptor limit to 65536"));
-        return { fixed: true, action: "EMFILE — raised file descriptor limit (ulimit -n 65536)" };
+      const cachePath = path.join(cwd, "node_modules", ".cache");
+      if (fs.existsSync(cachePath)) {
+        execSync(`rm -rf "${cachePath}"`, { timeout: 10000 });
+        console.log(chalk.blue("  📂 Cleared node_modules/.cache to reduce open FDs"));
+        return { fixed: true, action: "EMFILE — cleared build cache to reduce open file descriptors. Consider increasing ulimit -n in your system profile." };
       }
     } catch {}
   }