patchpal 0.22.1__tar.gz → 0.22.2__tar.gz

{patchpal-0.22.1/patchpal.egg-info → patchpal-0.22.2}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: patchpal
-Version: 0.22.1
+Version: 0.22.2
 Summary: An agentic coding and automation assistant, supporting both local and cloud LLMs
 Author: PatchPal Contributors
 License-Expression: Apache-2.0

{patchpal-0.22.1 → patchpal-0.22.2}/patchpal/__init__.py

@@ -1,6 +1,6 @@
 """PatchPal - An open-source Claude Code clone implemented purely in Python."""
 
-__version__ = "0.22.1"
+__version__ = "0.22.2"
 
 from patchpal.agent import create_agent, create_react_agent
 from patchpal.cli.autopilot import autopilot_loop

{patchpal-0.22.1 → patchpal-0.22.2}/patchpal/agent/function_calling.py

@@ -508,6 +508,14 @@ class PatchPalAgent:
         # Load MEMORY.md if it exists and has non-template content
         self._load_project_memory()
 
+        # Log session start
+        try:
+            from patchpal.tools.audit import log_session_start
+
+            log_session_start(agent_type="function_calling", model=self.model_id)
+        except Exception:
+            pass  # Don't fail if audit logging fails
+
     def _load_project_memory(self):
         """Load MEMORY.md file at session start if it has non-template content."""
         try:

{patchpal-0.22.1 → patchpal-0.22.2}/patchpal/agent/react.py

@@ -164,6 +164,14 @@ class ReActAgent:
         # Load project memory
         self._load_project_memory()
 
+        # Log session start
+        try:
+            from patchpal.tools.audit import log_session_start
+
+            log_session_start(agent_type="react", model=self.model_id)
+        except Exception:
+            pass  # Don't fail if audit logging fails
+
     def _load_project_memory(self):
         """Load project memory file if it exists."""
         from pathlib import Path

{patchpal-0.22.1 → patchpal-0.22.2}/patchpal/cli/autopilot.py

@@ -112,10 +112,27 @@ def autopilot_loop(
         print(f"🔄 Autopilot Iteration {iteration + 1}/{max_iterations}")
         print(f"{'=' * 80}\n")
 
+        # Log user prompt to audit log (first iteration only)
+        if iteration == 0:
+            try:
+                from patchpal.tools.audit import log_user_prompt
+
+                log_user_prompt(prompt)
+            except Exception:
+                pass  # Don't fail if audit logging fails
+
         # Run agent with the SAME prompt every time
         # The agent's conversation history accumulates, so it can see all previous work
         response = agent.run(prompt, max_iterations=100)
 
+        # Log agent response to audit log
+        try:
+            from patchpal.tools.audit import log_agent_response
+
+            log_agent_response(response, success=True)
+        except Exception:
+            pass  # Don't fail if audit logging fails
+
         print(f"\n{'=' * 80}")
         print("📝 Agent Response:")
         print(f"{'=' * 80}")
@@ -144,6 +161,16 @@ def autopilot_loop(
             )
             if agent.cumulative_cost > 0:
                 print(f"Total cost: ${agent.cumulative_cost:.4f}")
+
+            # Log successful session end
+            try:
+                from patchpal.tools.audit import log_session_end
+                from patchpal.tools.common import get_operation_count
+
+                log_session_end(total_operations=get_operation_count(), success=True)
+            except Exception:
+                pass  # Don't fail if audit logging fails
+
             return response
 
         # Stop hook: Agent tried to complete, but no completion promise
@@ -168,6 +195,15 @@ def autopilot_loop(
     if agent.cumulative_cost > 0:
         print(f"Total cost: ${agent.cumulative_cost:.4f}")
 
+    # Log session end
+    try:
+        from patchpal.tools.audit import log_session_end
+        from patchpal.tools.common import get_operation_count
+
+        log_session_end(total_operations=get_operation_count(), success=False)
+    except Exception:
+        pass  # Don't fail if audit logging fails
+
     return None
 
 

{patchpal-0.22.1 → patchpal-0.22.2}/patchpal/cli/interactive.py

@@ -564,6 +564,15 @@ Supported models: Any LiteLLM-supported model
 
                     audit_logger.info(", ".join(log_parts))
 
+                # Log structured session end
+                try:
+                    from patchpal.tools.audit import log_session_end
+                    from patchpal.tools.common import get_operation_count
+
+                    log_session_end(total_operations=get_operation_count(), success=True)
+                except Exception:
+                    pass  # Don't fail if audit logging fails
+
                 print("\nGoodbye!")
                 break
 
@@ -1542,10 +1551,17 @@ Supported models: Any LiteLLM-supported model
                     if skill_args:
                         prompt += f"\n\nArguments: {skill_args}"
 
-                    # Log user prompt to audit log (sanitize to prevent Windows Unicode errors)
-                    audit_logger.info(
-                        _sanitize_for_logging(f"USER_PROMPT: /{skill_name} {skill_args}")
-                    )
+                    # Log skill invocation to audit log with hash-chaining
+                    try:
+                        from patchpal.tools.audit import log_user_prompt
+
+                        log_user_prompt(f"/{skill_name} {skill_args}")
+                    except Exception:
+                        # Fallback to old-style logging if audit fails
+                        audit_logger.info(
+                            _sanitize_for_logging(f"USER_PROMPT: /{skill_name} {skill_args}")
+                        )
+
                     result = agent.run(prompt, max_iterations=max_iterations)
 
                     print("\n" + "=" * 80)
@@ -1565,10 +1581,25 @@ Supported models: Any LiteLLM-supported model
             # Run the agent (Ctrl-C here will interrupt agent, not exit)
             try:
                 print()  # Add blank line before agent output
-                # Log user prompt to audit log (sanitize to prevent Windows Unicode errors)
-                audit_logger.info(_sanitize_for_logging(f"USER_PROMPT: {user_input}"))
+                # Log user prompt to audit log with hash-chaining
+                try:
+                    from patchpal.tools.audit import log_user_prompt
+
+                    log_user_prompt(user_input)
+                except Exception:
+                    # Fallback to old-style logging if audit fails
+                    audit_logger.info(_sanitize_for_logging(f"USER_PROMPT: {user_input}"))
+
                 result = agent.run(user_input, max_iterations=max_iterations)
 
+                # Log agent response to audit log with hash-chaining
+                try:
+                    from patchpal.tools.audit import log_agent_response
+
+                    log_agent_response(result, success=True)
+                except Exception:
+                    pass  # Don't fail if audit logging fails
+
                 print("\n" + "=" * 80)
                 print("\033[1;32mAgent:\033[0m")
                 print("=" * 80)

{patchpal-0.22.1 → patchpal-0.22.2}/patchpal/permissions.py

@@ -67,6 +67,11 @@ class PermissionManager:
         These commands replace dedicated tools that were removed (replaced by find tool)
         to reduce redundancy. Since those tools didn't require permissions, their shell
         equivalents shouldn't either.
+
+        SECURITY NOTE: Environment variable commands (env, printenv, set, Get-Variable)
+        are NOT in this list because they can expose API keys and secrets loaded from
+        .env files. While we block reading .env files directly, we must also block
+        reading the environment variables that were loaded from them.
         """
         # Check if web tools are enabled
         web_tools_enabled = config.ENABLE_WEB
@@ -99,9 +104,6 @@ class PermissionManager:
             "whereis",
             # Current directory
             "pwd",
-            # Environment
-            "env",
-            "printenv",
             # Network diagnostic
             "ifconfig",
             # Disk/system info
@@ -132,8 +134,6 @@ class PermissionManager:
             "assoc",
             "ftype",
             "doskey /history",
-            # Environment
-            "set",
             # Network diagnostic
             "tracert",
             "nslookup",
@@ -169,7 +169,6 @@ class PermissionManager:
             "get-host",
             "get-command",
             "get-alias",
-            "get-variable",
             "get-member",
             "get-help",
             # Search/filter
@@ -420,6 +419,19 @@ class PermissionManager:
 
         # Check if already granted (with full_command for multi-word pattern matching)
         if self._check_existing_grant(tool_name, pattern, full_command):
+            # Log that permission was auto-granted from previous session grant
+            try:
+                from patchpal.tools.audit import log_action_approved
+
+                log_action_approved(
+                    tool_name=tool_name,
+                    description=description,
+                    approval_type="auto_granted",
+                    pattern=pattern,
+                    context={"working_dir": context} if context else None,
+                )
+            except Exception:
+                pass  # Don't fail if audit logging fails
             return True
 
         # Display the request - use stderr to avoid Rich console capture
@@ -481,14 +493,53 @@ class PermissionManager:
                 choice = input("\n\033[1;36mChoice [1-3]:\033[0m ").strip()
 
                 if choice == "1":
+                    # Log approval
+                    try:
+                        from patchpal.tools.audit import log_action_approved
+
+                        log_action_approved(
+                            tool_name=tool_name,
+                            description=description,
+                            approval_type="user_approved",
+                            pattern=pattern,
+                            context={"working_dir": context} if context else None,
+                        )
+                    except Exception:
+                        pass  # Don't fail if audit logging fails
                     return True
                 elif choice == "2":
                     # Grant session-only permission (like Claude Code)
                     self._grant_permission(tool_name, persistent=False, pattern=pattern)
+                    # Log approval with session grant
+                    try:
+                        from patchpal.tools.audit import log_action_approved
+
+                        log_action_approved(
+                            tool_name=tool_name,
+                            description=description,
+                            approval_type="session_granted",
+                            pattern=pattern,
+                            context={"working_dir": context} if context else None,
+                        )
+                    except Exception:
+                        pass  # Don't fail if audit logging fails
                     return True
                 elif choice == "3":
                     sys.stderr.write("\n\033[1;31mOperation cancelled.\033[0m\n")
                     sys.stderr.flush()
+                    # Log rejection
+                    try:
+                        from patchpal.tools.audit import log_action_blocked
+
+                        log_action_blocked(
+                            tool_name=tool_name,
+                            description=description,
+                            reason="user_rejected",
+                            pattern=pattern,
+                            context={"working_dir": context} if context else None,
+                        )
+                    except Exception:
+                        pass  # Don't fail if audit logging fails
                     return False
                 else:
                     sys.stderr.write("Invalid choice. Please enter 1, 2, or 3.\n")

patchpal-0.22.2/patchpal/tools/audit.py

@@ -0,0 +1,405 @@
+"""Enhanced audit logging for compliance with enterprise logging requirements.
+
+This module provides structured JSON-based audit logging with:
+- Unique session identifiers
+- User identity tracking
+- Action approval/rejection logging
+- Structured format for easy parsing
+- Tamper-evidence via cryptographic hash-chaining (SHA-256)
+
+Each log entry contains:
+- A hash of its own contents
+- The hash of the previous entry (creating an immutable chain)
+
+This makes logs tamper-evident: modifying any entry breaks the chain.
+"""
+
+import hashlib
+import json
+import os
+import uuid
+from datetime import datetime
+from typing import Optional
+
+from patchpal.config import config
+
+# Session ID - generated once per agent session
+_session_id: Optional[str] = None
+
+# Previous entry hash for chain verification
+_prev_hash: Optional[str] = None
+
+
+def _compute_hash(entry: dict) -> str:
+    """Compute SHA-256 hash of a log entry.
+
+    Args:
+        entry: Log entry dictionary (without hash field)
+
+    Returns:
+        Hex-encoded SHA-256 hash
+    """
+    # Create canonical JSON (sorted keys, no whitespace)
+    canonical = json.dumps(entry, sort_keys=True, separators=(",", ":"))
+
+    # Compute SHA-256 hash
+    hash_obj = hashlib.sha256(canonical.encode("utf-8"))
+
+    return hash_obj.hexdigest()
+
+
+def _log_entry(entry: dict):
+    """Log an entry with hash-chaining.
+
+    This centralizes the hash-chaining logic:
+    - Adds prev_hash from previous entry
+    - Computes hash of this entry
+    - Updates prev_hash for next entry
+    - Logs as JSON
+
+    Args:
+        entry: Log entry dictionary (without prev_hash/hash fields)
+    """
+    if not config.AUDIT_LOG:
+        return
+
+    from patchpal.tools.common import audit_logger
+
+    # Add previous hash for chain
+    global _prev_hash
+    if _prev_hash is not None:
+        entry["prev_hash"] = _prev_hash
+
+    # Compute hash of this entry
+    entry_hash = _compute_hash(entry)
+    entry["hash"] = entry_hash
+
+    # Update prev_hash for next entry
+    _prev_hash = entry_hash
+
+    # Log as JSON
+    audit_logger.info(json.dumps(entry))
+
+
+def verify_hash_chain(entries: list[dict]) -> tuple[bool, Optional[str]]:
+    """Verify the hash chain of log entries.
+
+    Args:
+        entries: List of log entry dictionaries (must include 'hash' and 'prev_hash' fields)
+
+    Returns:
+        Tuple of (is_valid, error_message)
+        - (True, None) if chain is valid
+        - (False, error_message) if chain is broken
+    """
+    if not entries:
+        return True, None
+
+    prev_hash = None
+
+    for i, entry in enumerate(entries):
+        # Check if entry has required hash field
+        if "hash" not in entry:
+            return False, f"Entry {i} missing 'hash' field"
+
+        # Extract hash and prev_hash
+        stored_hash = entry.pop("hash")
+        stored_prev_hash = entry.get("prev_hash")
+
+        # First entry should have no prev_hash (SESSION_START)
+        if i == 0:
+            if stored_prev_hash is not None:
+                entry["hash"] = stored_hash  # Restore
+                return False, "Entry 0 (SESSION_START) should not have 'prev_hash'"
+        else:
+            # Subsequent entries must have prev_hash matching previous entry
+            if stored_prev_hash != prev_hash:
+                entry["hash"] = stored_hash  # Restore
+                return (
+                    False,
+                    f"Entry {i}: prev_hash mismatch (expected {prev_hash[:8]}..., got {stored_prev_hash[:8] if stored_prev_hash else None}...)",
+                )
+
+        # Compute expected hash
+        expected_hash = _compute_hash(entry)
+
+        # Restore hash to entry
+        entry["hash"] = stored_hash
+
+        # Verify hash matches
+        if stored_hash != expected_hash:
+            return (
+                False,
+                f"Entry {i}: hash mismatch (expected {expected_hash[:8]}..., got {stored_hash[:8]}...)",
+            )
+
+        # Update prev_hash for next iteration
+        prev_hash = stored_hash
+
+    return True, None
+
+
+def reset_prev_hash():
+    """Reset previous hash (for testing or new sessions)."""
+    global _prev_hash
+    _prev_hash = None
+
+
+def get_session_id() -> str:
+    """Get or create session ID for this agent run.
+
+    Returns:
+        UUID string identifying this session
+    """
+    global _session_id
+    if _session_id is None:
+        _session_id = str(uuid.uuid4())
+    return _session_id
+
+
+def reset_session_id():
+    """Reset session ID (for testing or new sessions)."""
+    global _session_id
+    _session_id = None
+
+
+def get_user_identity() -> str:
+    """Get user identity from environment.
+
+    Returns:
+        Username from environment or 'unknown'
+    """
+    # Try multiple environment variables for cross-platform compatibility
+    return (
+        os.environ.get("USER")
+        or os.environ.get("USERNAME")
+        or os.environ.get("LOGNAME")
+        or "unknown"
+    )
+
+
+def log_action_blocked(
+    tool_name: str,
+    description: str,
+    reason: str,
+    pattern: Optional[str] = None,
+    context: Optional[dict] = None,
+):
+    """Log a blocked/rejected action.
+
+    Args:
+        tool_name: Name of the tool (e.g., 'run_shell', 'write_file')
+        description: Human-readable description of the action
+        reason: Why the action was blocked (e.g., 'user_rejected', 'dangerous_command', 'sensitive_file')
+        pattern: Optional pattern that was blocked (e.g., command pattern, file path)
+        context: Optional additional context dictionary
+    """
+    entry = {
+        "timestamp": datetime.utcnow().isoformat() + "Z",
+        "session_id": get_session_id(),
+        "user": get_user_identity(),
+        "event_type": "ACTION_BLOCKED",
+        "tool_name": tool_name,
+        "description": description,
+        "reason": reason,
+        "outcome": "rejected",
+    }
+
+    if pattern:
+        entry["pattern"] = pattern
+
+    if context:
+        entry["context"] = context
+
+    _log_entry(entry)
+
+
+def log_action_approved(
+    tool_name: str,
+    description: str,
+    approval_type: str = "user_approved",
+    pattern: Optional[str] = None,
+    context: Optional[dict] = None,
+):
+    """Log an approved action.
+
+    Args:
+        tool_name: Name of the tool
+        description: Human-readable description of the action
+        approval_type: Type of approval (e.g., 'user_approved', 'session_granted', 'auto_granted')
+        pattern: Optional pattern that was approved
+        context: Optional additional context dictionary
+    """
+    entry = {
+        "timestamp": datetime.utcnow().isoformat() + "Z",
+        "session_id": get_session_id(),
+        "user": get_user_identity(),
+        "event_type": "ACTION_APPROVED",
+        "tool_name": tool_name,
+        "description": description,
+        "approval_type": approval_type,
+        "outcome": "approved",
+    }
+
+    if pattern:
+        entry["pattern"] = pattern
+
+    if context:
+        entry["context"] = context
+
+    _log_entry(entry)
+
+
+def log_action_result(
+    tool_name: str,
+    description: str,
+    success: bool,
+    error: Optional[str] = None,
+    context: Optional[dict] = None,
+):
+    """Log the result of an action execution.
+
+    Args:
+        tool_name: Name of the tool
+        description: Human-readable description of the action
+        success: Whether the action succeeded
+        error: Optional error message if action failed
+        context: Optional additional context dictionary
+    """
+    entry = {
+        "timestamp": datetime.utcnow().isoformat() + "Z",
+        "session_id": get_session_id(),
+        "user": get_user_identity(),
+        "event_type": "ACTION_RESULT",
+        "tool_name": tool_name,
+        "description": description,
+        "outcome": "success" if success else "error",
+    }
+
+    if error:
+        entry["error"] = error
+
+    if context:
+        entry["context"] = context
+
+    _log_entry(entry)
+
+
+def log_session_start(agent_type: str = "function_calling", model: str = "unknown"):
+    """Log the start of a new agent session.
+
+    Args:
+        agent_type: Type of agent (e.g., 'function_calling', 'react')
+        model: Model identifier being used
+    """
+    # Reset chain for new session
+    global _prev_hash
+    _prev_hash = None
+
+    entry = {
+        "timestamp": datetime.utcnow().isoformat() + "Z",
+        "session_id": get_session_id(),
+        "user": get_user_identity(),
+        "event_type": "SESSION_START",
+        "agent_type": agent_type,
+        "model": model,
+    }
+
+    _log_entry(entry)
+
+
+def log_session_end(total_operations: int = 0, success: bool = True):
+    """Log the end of an agent session.
+
+    Args:
+        total_operations: Total number of operations performed
+        success: Whether the session completed successfully
+    """
+    entry = {
+        "timestamp": datetime.utcnow().isoformat() + "Z",
+        "session_id": get_session_id(),
+        "user": get_user_identity(),
+        "event_type": "SESSION_END",
+        "total_operations": total_operations,
+        "outcome": "success" if success else "error",
+    }
+
+    _log_entry(entry)
+
+
+def log_user_prompt(prompt: str):
+    """Log a user prompt/message.
+
+    Args:
+        prompt: The user's prompt/request
+    """
+    # Truncate very long prompts for logging
+    max_length = 1000
+    if len(prompt) > max_length:
+        prompt = prompt[:max_length] + "... (truncated)"
+
+    entry = {
+        "timestamp": datetime.utcnow().isoformat() + "Z",
+        "session_id": get_session_id(),
+        "user": get_user_identity(),
+        "event_type": "USER_PROMPT",
+        "prompt": prompt,
+    }
+
+    _log_entry(entry)
+
+
+def log_agent_response(response: str, success: bool = True):
+    """Log an agent response.
+
+    Args:
+        response: The agent's response
+        success: Whether the response was successful
+    """
+    # Truncate very long responses for logging
+    max_length = 1000
+    if len(response) > max_length:
+        response = response[:max_length] + "... (truncated)"
+
+    entry = {
+        "timestamp": datetime.utcnow().isoformat() + "Z",
+        "session_id": get_session_id(),
+        "user": get_user_identity(),
+        "event_type": "AGENT_RESPONSE",
+        "response": response,
+        "outcome": "success" if success else "error",
+    }
+
+    _log_entry(entry)
+
+
+def log_tool_execution(tool_name: str, parameters: dict = None, operation_num: int = None):
+    """Log a tool execution.
+
+    Args:
+        tool_name: Name of the tool (e.g., 'run_shell', 'read_file')
+        parameters: Optional dict of parameters passed to the tool
+        operation_num: Optional operation number
+    """
+    entry = {
+        "timestamp": datetime.utcnow().isoformat() + "Z",
+        "session_id": get_session_id(),
+        "user": get_user_identity(),
+        "event_type": "TOOL_EXECUTION",
+        "tool_name": tool_name,
+    }
+
+    if parameters:
+        # Truncate large parameter values
+        truncated_params = {}
+        for key, value in parameters.items():
+            if isinstance(value, str) and len(value) > 200:
+                truncated_params[key] = value[:200] + "... (truncated)"
+            else:
+                truncated_params[key] = value
+        entry["parameters"] = truncated_params
+
+    if operation_num is not None:
+        entry["operation_num"] = operation_num
+
+    _log_entry(entry)