patchpal 0.22.1__tar.gz → 0.22.3__tar.gz

{patchpal-0.22.1/patchpal.egg-info → patchpal-0.22.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: patchpal
-Version: 0.22.1
+Version: 0.22.3
 Summary: An agentic coding and automation assistant, supporting both local and cloud LLMs
 Author: PatchPal Contributors
 License-Expression: Apache-2.0
@@ -30,7 +30,7 @@ Requires-Dist: boto3
 Requires-Dist: pymupdf>=1.23.0
 Requires-Dist: python-docx>=1.0.0
 Requires-Dist: python-pptx>=0.6.0
-Requires-Dist: tree-sitter-language-pack>=0.3.0
+Requires-Dist: tree-sitter-language-pack<1.0.0,>=0.3.0
 Provides-Extra: dev
 Requires-Dist: pytest>=7.0.0; extra == "dev"
 Requires-Dist: pytest-cov>=4.0.0; extra == "dev"

{patchpal-0.22.1 → patchpal-0.22.3}/patchpal/__init__.py

@@ -1,6 +1,6 @@
 """PatchPal - An open-source Claude Code clone implemented purely in Python."""
 
-__version__ = "0.22.1"
+__version__ = "0.22.3"
 
 from patchpal.agent import create_agent, create_react_agent
 from patchpal.cli.autopilot import autopilot_loop

{patchpal-0.22.1 → patchpal-0.22.3}/patchpal/agent/function_calling.py

@@ -479,6 +479,10 @@ class PatchPalAgent:
         self.cumulative_input_tokens = 0
         self.cumulative_output_tokens = 0
 
+        # Track last prompt tokens from most recent API response (includes cache operations)
+        # This is the ACTUAL token count sent to the API, used for accurate context management
+        self.last_prompt_tokens = None
+
         # Track cache-related tokens (for Anthropic/Bedrock models with prompt caching)
         self.cumulative_cache_creation_tokens = 0
         self.cumulative_cache_read_tokens = 0
@@ -508,6 +512,14 @@ class PatchPalAgent:
         # Load MEMORY.md if it exists and has non-template content
         self._load_project_memory()
 
+        # Log session start
+        try:
+            from patchpal.tools.audit import log_session_start
+
+            log_session_start(agent_type="function_calling", model=self.model_id)
+        except Exception:
+            pass  # Don't fail if audit logging fails
+
     def _load_project_memory(self):
         """Load MEMORY.md file at session start if it has non-template content."""
         try:
@@ -945,7 +957,10 @@ It's currently empty (just the template). The file is automatically loaded at se
 
         # Check for compaction BEFORE starting work
         # This ensures we never compact mid-execution and lose tool results
-        if self.enable_auto_compact and self.context_manager.needs_compaction(self.messages):
+        # Use last_prompt_tokens from previous API call for accurate check (includes cache operations)
+        if self.enable_auto_compact and self.context_manager.needs_compaction(
+            self.messages, actual_prompt_tokens=self.last_prompt_tokens
+        ):
             self._perform_auto_compaction()
 
         # Agent loop with interrupt handling
@@ -1092,7 +1107,10 @@ It's currently empty (just the template). The file is automatically loaded at se
                 last_prompt_tokens = None  # Track for reactive context management
                 if hasattr(response, "usage") and response.usage:
                     if hasattr(response.usage, "prompt_tokens"):
+                        # LiteLLM already includes cache operations in prompt_tokens for Anthropic/Bedrock
+                        # (see litellm/llms/anthropic/chat/transformation.py)
                         last_prompt_tokens = response.usage.prompt_tokens
+                        self.last_prompt_tokens = last_prompt_tokens  # Store for /status command
                         self.cumulative_input_tokens += response.usage.prompt_tokens
                     if hasattr(response.usage, "completion_tokens"):
                         self.cumulative_output_tokens += response.usage.completion_tokens

{patchpal-0.22.1 → patchpal-0.22.3}/patchpal/agent/react.py

@@ -164,6 +164,14 @@ class ReActAgent:
         # Load project memory
         self._load_project_memory()
 
+        # Log session start
+        try:
+            from patchpal.tools.audit import log_session_start
+
+            log_session_start(agent_type="react", model=self.model_id)
+        except Exception:
+            pass  # Don't fail if audit logging fails
+
     def _load_project_memory(self):
         """Load project memory file if it exists."""
         from pathlib import Path

{patchpal-0.22.1 → patchpal-0.22.3}/patchpal/cli/autopilot.py

@@ -112,10 +112,27 @@ def autopilot_loop(
         print(f"🔄 Autopilot Iteration {iteration + 1}/{max_iterations}")
         print(f"{'=' * 80}\n")
 
+        # Log user prompt to audit log (first iteration only)
+        if iteration == 0:
+            try:
+                from patchpal.tools.audit import log_user_prompt
+
+                log_user_prompt(prompt)
+            except Exception:
+                pass  # Don't fail if audit logging fails
+
         # Run agent with the SAME prompt every time
         # The agent's conversation history accumulates, so it can see all previous work
         response = agent.run(prompt, max_iterations=100)
 
+        # Log agent response to audit log
+        try:
+            from patchpal.tools.audit import log_agent_response
+
+            log_agent_response(response, success=True)
+        except Exception:
+            pass  # Don't fail if audit logging fails
+
         print(f"\n{'=' * 80}")
         print("📝 Agent Response:")
         print(f"{'=' * 80}")
@@ -144,6 +161,16 @@ def autopilot_loop(
             )
             if agent.cumulative_cost > 0:
                 print(f"Total cost: ${agent.cumulative_cost:.4f}")
+
+            # Log successful session end
+            try:
+                from patchpal.tools.audit import log_session_end
+                from patchpal.tools.common import get_operation_count
+
+                log_session_end(total_operations=get_operation_count(), success=True)
+            except Exception:
+                pass  # Don't fail if audit logging fails
+
             return response
 
         # Stop hook: Agent tried to complete, but no completion promise
@@ -168,6 +195,15 @@ def autopilot_loop(
     if agent.cumulative_cost > 0:
         print(f"Total cost: ${agent.cumulative_cost:.4f}")
 
+    # Log session end
+    try:
+        from patchpal.tools.audit import log_session_end
+        from patchpal.tools.common import get_operation_count
+
+        log_session_end(total_operations=get_operation_count(), success=False)
+    except Exception:
+        pass  # Don't fail if audit logging fails
+
     return None
 
 

{patchpal-0.22.1 → patchpal-0.22.3}/patchpal/cli/interactive.py

@@ -564,6 +564,15 @@ Supported models: Any LiteLLM-supported model
 
                     audit_logger.info(", ".join(log_parts))
 
+                # Log structured session end
+                try:
+                    from patchpal.tools.audit import log_session_end
+                    from patchpal.tools.common import get_operation_count
+
+                    log_session_end(total_operations=get_operation_count(), success=True)
+                except Exception:
+                    pass  # Don't fail if audit logging fails
+
                 print("\nGoodbye!")
                 break
 
@@ -661,7 +670,9 @@ Supported models: Any LiteLLM-supported model
 
             # Handle /status command - show context window usage
             if user_input.lower() in ["status", "/status"]:
-                stats = agent.context_manager.get_usage_stats(agent.messages)
+                stats = agent.context_manager.get_usage_stats(
+                    agent.messages, actual_prompt_tokens=agent.last_prompt_tokens
+                )
 
                 print("\n" + "=" * 70)
                 print("\033[1;36mContext Window Status\033[0m")
@@ -1542,10 +1553,17 @@ Supported models: Any LiteLLM-supported model
                     if skill_args:
                         prompt += f"\n\nArguments: {skill_args}"
 
-                    # Log user prompt to audit log (sanitize to prevent Windows Unicode errors)
-                    audit_logger.info(
-                        _sanitize_for_logging(f"USER_PROMPT: /{skill_name} {skill_args}")
-                    )
+                    # Log skill invocation to audit log with hash-chaining
+                    try:
+                        from patchpal.tools.audit import log_user_prompt
+
+                        log_user_prompt(f"/{skill_name} {skill_args}")
+                    except Exception:
+                        # Fallback to old-style logging if audit fails
+                        audit_logger.info(
+                            _sanitize_for_logging(f"USER_PROMPT: /{skill_name} {skill_args}")
+                        )
+
                     result = agent.run(prompt, max_iterations=max_iterations)
 
                     print("\n" + "=" * 80)
@@ -1565,10 +1583,25 @@ Supported models: Any LiteLLM-supported model
             # Run the agent (Ctrl-C here will interrupt agent, not exit)
             try:
                 print()  # Add blank line before agent output
-                # Log user prompt to audit log (sanitize to prevent Windows Unicode errors)
-                audit_logger.info(_sanitize_for_logging(f"USER_PROMPT: {user_input}"))
+                # Log user prompt to audit log with hash-chaining
+                try:
+                    from patchpal.tools.audit import log_user_prompt
+
+                    log_user_prompt(user_input)
+                except Exception:
+                    # Fallback to old-style logging if audit fails
+                    audit_logger.info(_sanitize_for_logging(f"USER_PROMPT: {user_input}"))
+
                 result = agent.run(user_input, max_iterations=max_iterations)
 
+                # Log agent response to audit log with hash-chaining
+                try:
+                    from patchpal.tools.audit import log_agent_response
+
+                    log_agent_response(result, success=True)
+                except Exception:
+                    pass  # Don't fail if audit logging fails
+
                 print("\n" + "=" * 80)
                 print("\033[1;32mAgent:\033[0m")
                 print("=" * 80)

{patchpal-0.22.1 → patchpal-0.22.3}/patchpal/cli/sandbox.py

@@ -686,9 +686,6 @@ DESCRIPTION:
     - Pre-built image with patchpal installed (fast startup)
     - Auto-mounts ~/.patchpal for custom tools, config, and memory
     - Custom tools work automatically (from ~/.patchpal/tools/ and <repo>/.patchpal/tools/)
-    - Auto-sets OLLAMA_CONTEXT_LENGTH for Ollama models:
-      * 8192 for regular models (agents)
-      * 32768 for reasoning models (gpt-oss, deepseek-r1, qwq, qwen)
 
     Recommended for autopilot mode and high-risk operations.
 

{patchpal-0.22.1 → patchpal-0.22.3}/patchpal/context.py

@@ -355,15 +355,37 @@ Be comprehensive but concise. The goal is to continue work seamlessly without lo
         usage_ratio = total_tokens / self.context_limit
         return usage_ratio >= self.COMPACT_THRESHOLD
 
-    def get_usage_stats(self, messages: List[Dict[str, Any]]) -> Dict[str, Any]:
+    def get_usage_stats(
+        self, messages: List[Dict[str, Any]], actual_prompt_tokens: int = None
+    ) -> Dict[str, Any]:
         """Get current context usage statistics.
 
         Args:
             messages: Current message history
+            actual_prompt_tokens: Optional actual prompt tokens from latest API response (includes cache operations)
 
         Returns:
             Dict with usage statistics
         """
+        # If we have actual prompt tokens from API (includes cache writes/reads), use those
+        if actual_prompt_tokens is not None:
+            total_tokens = actual_prompt_tokens + self.output_reserve
+            # For display purposes, estimate system vs message breakdown
+            system_tokens = self.estimator.estimate_tokens(self.system_prompt)
+            datetime_tokens = 30
+            message_tokens = actual_prompt_tokens - system_tokens - datetime_tokens
+
+            return {
+                "system_tokens": system_tokens + datetime_tokens,
+                "message_tokens": max(0, message_tokens),  # Ensure non-negative
+                "output_reserve": self.output_reserve,
+                "total_tokens": total_tokens,
+                "context_limit": self.context_limit,
+                "usage_ratio": total_tokens / self.context_limit,
+                "usage_percent": int((total_tokens / self.context_limit) * 100),
+            }
+
+        # Fallback to estimation when actual tokens not available
         system_tokens = self.estimator.estimate_tokens(self.system_prompt)
         datetime_tokens = 30  # Approximate size of dynamic date/time message
         message_tokens = self.estimator.estimate_messages_tokens(messages)

{patchpal-0.22.1 → patchpal-0.22.3}/patchpal/permissions.py

@@ -67,6 +67,11 @@ class PermissionManager:
         These commands replace dedicated tools that were removed (replaced by find tool)
         to reduce redundancy. Since those tools didn't require permissions, their shell
         equivalents shouldn't either.
+
+        SECURITY NOTE: Environment variable commands (env, printenv, set, Get-Variable)
+        are NOT in this list because they can expose API keys and secrets loaded from
+        .env files. While we block reading .env files directly, we must also block
+        reading the environment variables that were loaded from them.
         """
         # Check if web tools are enabled
         web_tools_enabled = config.ENABLE_WEB
@@ -99,9 +104,6 @@ class PermissionManager:
             "whereis",
             # Current directory
             "pwd",
-            # Environment
-            "env",
-            "printenv",
             # Network diagnostic
             "ifconfig",
             # Disk/system info
@@ -132,8 +134,6 @@ class PermissionManager:
             "assoc",
             "ftype",
             "doskey /history",
-            # Environment
-            "set",
             # Network diagnostic
             "tracert",
             "nslookup",
@@ -169,7 +169,6 @@ class PermissionManager:
             "get-host",
             "get-command",
             "get-alias",
-            "get-variable",
             "get-member",
             "get-help",
             # Search/filter
@@ -420,6 +419,19 @@ class PermissionManager:
 
         # Check if already granted (with full_command for multi-word pattern matching)
         if self._check_existing_grant(tool_name, pattern, full_command):
+            # Log that permission was auto-granted from previous session grant
+            try:
+                from patchpal.tools.audit import log_action_approved
+
+                log_action_approved(
+                    tool_name=tool_name,
+                    description=description,
+                    approval_type="auto_granted",
+                    pattern=pattern,
+                    context={"working_dir": context} if context else None,
+                )
+            except Exception:
+                pass  # Don't fail if audit logging fails
             return True
 
         # Display the request - use stderr to avoid Rich console capture
@@ -481,14 +493,53 @@ class PermissionManager:
                 choice = input("\n\033[1;36mChoice [1-3]:\033[0m ").strip()
 
                 if choice == "1":
+                    # Log approval
+                    try:
+                        from patchpal.tools.audit import log_action_approved
+
+                        log_action_approved(
+                            tool_name=tool_name,
+                            description=description,
+                            approval_type="user_approved",
+                            pattern=pattern,
+                            context={"working_dir": context} if context else None,
+                        )
+                    except Exception:
+                        pass  # Don't fail if audit logging fails
                     return True
                 elif choice == "2":
                     # Grant session-only permission (like Claude Code)
                     self._grant_permission(tool_name, persistent=False, pattern=pattern)
+                    # Log approval with session grant
+                    try:
+                        from patchpal.tools.audit import log_action_approved
+
+                        log_action_approved(
+                            tool_name=tool_name,
+                            description=description,
+                            approval_type="session_granted",
+                            pattern=pattern,
+                            context={"working_dir": context} if context else None,
+                        )
+                    except Exception:
+                        pass  # Don't fail if audit logging fails
                     return True
                 elif choice == "3":
                     sys.stderr.write("\n\033[1;31mOperation cancelled.\033[0m\n")
                     sys.stderr.flush()
+                    # Log rejection
+                    try:
+                        from patchpal.tools.audit import log_action_blocked
+
+                        log_action_blocked(
+                            tool_name=tool_name,
+                            description=description,
+                            reason="user_rejected",
+                            pattern=pattern,
+                            context={"working_dir": context} if context else None,
+                        )
+                    except Exception:
+                        pass  # Don't fail if audit logging fails
                     return False
                 else:
                     sys.stderr.write("Invalid choice. Please enter 1, 2, or 3.\n")