CodeBot AI v2.9.0

CodeBot AI v2.9.0

Autonomous coding agent with governed execution.

Highlights

• --solve command: Point at a GitHub issue → get a PR with full audit trail
• Constitutional safety (CORD): Every action goes through a safety layer
• 32 tools: File ops, git, web, browser, docker, SSH, and more
• Self-review: Agent reviews its own diff before committing
• Electron desktop app: Signed, notarized, Gatekeeper-approved

Requirements

• macOS (Apple Silicon — M1/M2/M3/M4)
• Claude API key (get one at console.anthropic.com)

Install

1. Download the DMG below
2. Open it and drag CodeBot AI to Applications
3. Launch and enter your API key when prompted

v2.8.0 — Operational

What's New

Dashboard Models Panel

• VRAM detection card with real-time usage bar
• Quantization advisor — select a model size, get recommendations based on available VRAM
• Local model browser showing installed Ollama models

CodeAGI Continuous Mode

• Auto-run mission cycles on a configurable timer (30s to 5m intervals)
• SSE streaming for real-time phase updates
• Error-based auto-stop after 2+ consecutive failures

Documentation Overhaul

• Added "Who This Is For" section targeting security teams, regulated industries, solo devs
• Added dynamic badges (npm downloads, GitHub stars, last commit)
• Removed swarm references from public docs
• All version surfaces synchronized to 2.8.0

Testing

• 1,265 tests across 242 suites (was 1,217 / 232)
• 48 new tests covering swarm strategies, router, and scorer

Full Changelog

See CHANGELOG.md

v2.5.2 — Functional Command Center

What's New

Command Center (Dashboard)

• Terminal — execute shell commands with live streaming output, command history
• Quick Actions — 8 one-click buttons (Git Status, Run Tests, Git Log, Git Diff, Health Check, List Tools, List Files, NPM Outdated)
• Chat — interactive AI chat with agent (codebot --dashboard)
• Tool Runner — select any tool, fill parameters, execute with result display
• Standalone mode — Terminal + Quick Actions work without agent connection

Fixes

• Version alignment: cli.ts, index.ts, and package.json now all report 2.5.2
• CHANGELOG updated with v2.4.0–v2.5.2 entries

Install

npm install -g codebot-ai

Then run:

codebot --dashboard    # Full agent + dashboard
codebot                # CLI mode

Or try the standalone dashboard:

npx codebot-ai         # One-shot via npx

Stats

• 1125 tests passing
• 192 files in package
• 247 KB compressed
• Zero dependencies

v1.4.3: Bulletproof message integrity

The Problem

During multi-tool interactions, CodeBot's message history could get corrupted, causing OpenAI to permanently reject all requests with:

Invalid parameter: messages with role 'tool' must be a response to a preceeding message with 'tool_calls'

Root Cause

The context compaction code iterated message-by-message backward and could split assistant + tool_response groups in half. Example:

[assistant with tool_calls: call_1, call_2]  ← DROPPED (budget exceeded)
[tool: call_1 result]                        ← KEPT (orphaned!)
[tool: call_2 result]                        ← KEPT (orphaned!)

OpenAI requires every tool message to reference a preceding assistant's tool_calls — orphaned tool messages = instant 400.

The Fix (Two Layers)

Layer 1 — Prevention (this release): groupMessages() treats assistant + following tool responses as atomic blocks. Compaction now keeps or drops entire groups — it can never split them.

Layer 2 — Recovery (v1.4.2): repairToolCallMessages() runs before every LLM call as a safety net, removing any orphaned/duplicate tool messages and injecting placeholders for missing responses.

Stats

• 145 tests passing (up from 131 in v1.4.1)
• 10 new stability/repair/compaction tests across v1.4.2 + v1.4.3
• Zero dependencies

Upgrade

npm install -g codebot-ai

v1.4.2: Fix message history corruption

What's Fixed

Message history corruption causing OpenAI 400 errors — During multi-tool-call interactions, the message history could become corrupted (orphaned tool messages, duplicates), causing OpenAI to reject all subsequent requests with:

Invalid parameter: messages with role 'tool' must be a response to a preceeding message with 'tool_calls'

The circuit breaker (from v1.4.1) would stop the loop after 3 attempts, but the session was permanently broken.

The Fix

Enhanced repairToolCallMessages() to handle three types of corruption before every LLM call:

1. Orphaned tool messages — tool responses whose tool_call_id doesn't match any preceding assistant's tool_calls → removed
2. Duplicate tool responses — multiple responses for the same tool_call_id → keep first, remove rest
3. Missing tool responses — assistant has tool_calls but no matching tool response → inject placeholder (existing behavior)

This makes message history self-healing — corruption from stream errors, compaction, or session resume is automatically repaired.

Stats

• 142 tests passing (up from 138)
• 4 new message repair tests covering all corruption scenarios
• Zero dependencies

v1.4.1: Fix infinite error loop

Bug Fix

Fixed: Agent was looping 50 times on non-retryable errors (missing API key, auth failure, billing issues) instead of stopping immediately.

What changed

• Fatal error detection — New isFatalError() recognizes permanent failures (missing API key, 401/403, billing, model not found) and stops the agent loop immediately
• Circuit breaker — If the same non-fatal error repeats 3 times consecutively, the agent stops instead of burning through all 50 iterations
• Early API key check — Providers detect missing API keys before making HTTP requests and show actionable error messages
• Human-readable errors — No more raw JSON dumps. Errors now say things like "Set OPENAI_API_KEY or run: codebot --setup"

Before

✗ LLM error after retries:  — { "error": { "message": "You didn't provide an API key..." } }
(repeated 50 times)
✗ Max iterations (50) reached.

After

✗ No API key configured for gpt-4.1. Set OPENAI_API_KEY or run: codebot --setup

Tests

138 passing (up from 131), including new tests for fatal error detection, circuit breaker behavior, and billing/quota error patterns.

npm install -g codebot-ai@1.4.1

v1.4.0 — 28 Tools: The Full Agent

15 New Tools (13 → 28 total)

CodeBot now has parity with top-tier coding agents. All tools are zero-dependency, using only Node.js built-ins.

Tier 1 — Intelligence

Tool	What It Does
git	status, diff, log, commit, branch, checkout, stash, push, pull, merge, blame, tag
code_analysis	Symbol extraction, find references, imports, file outline
multi_search	Fuzzy search across filenames + content + symbols with ranking
task_planner	Hierarchical task tracking with priorities and persistence
diff_viewer	File comparison, git diffs, staged changes

Tier 2 — Development

Tool	What It Does
docker	Container management (ps, run, build, compose)
database	SQLite queries with destructive SQL blocking
test_runner	Auto-detect jest/vitest/pytest/go/cargo, run, parse results
http_client	HTTP requests with auth, headers, JSON handling
image_info	PNG/JPEG/GIF/SVG dimensions from binary headers

Tier 3 — Infrastructure

Tool	What It Does
ssh_remote	Remote exec and file transfer with injection protection
notification	Slack/Discord/webhook with severity formatting
pdf_extract	Text extraction and metadata from PDFs
package_manager	Auto-detect npm/yarn/pip/cargo/go
code_review	Security scanning and complexity analysis

Security

Every tool has safety guards: SQL injection blocking, SSH injection protection, SSRF blocking, dangerous command blocking, force-push prevention.

Tests

131 tests, all passing (up from 99 in v1.3.0).

Install / Update

npm install -g codebot-ai

v1.3.0 — Stability Hardening

What's New

9 stability fixes that eliminate silent crashes during continuous operation.

Error Recovery

• Automatic retry — 429 rate limits, 5xx server errors, and network failures (ECONNRESET, ETIMEDOUT) now retry with exponential backoff + jitter, respecting Retry-After headers
• Stream crash recovery — if the LLM connection drops mid-response, the agent loop retries on the next iteration instead of dying
• Compaction fallback — if LLM-powered context summarization fails, silently falls back to simple message dropping

Process Resilience

• Unhandled rejection/exception handlers — catches process-level errors, logs them in red, keeps the REPL alive (only exits on true OOM)
• Scheduler timeout — routines capped at 5 minutes; hanging tasks no longer permanently block the scheduler
• Web-fetch body timeout — AbortController now covers both connection AND response body reading

Testing

• 16 new stability tests (99 total, all passing)
• Tests cover: stream crash recovery, error event recovery, permission denial flow, retry logic, exponential backoff, Retry-After headers, invalid JSON handling

Distribution

• Overhauled README with badges, feature list, and complete tool documentation
• Expanded npm keywords for better discoverability
• Updated tool count: 13 built-in tools (added web_search and routine)

Install / Update

npm install -g codebot-ai