aidp 0.22.0 → 0.24.0

data/lib/aidp/logger.rb

@@ -3,6 +3,7 @@
 require "logger"
 require "json"
 require "fileutils"
+require "pathname"
 
 module Aidp
   # Unified structured logger for all AIDP operations
@@ -84,12 +85,30 @@ module Aidp
     private
 
     def determine_log_level
-      # Priority: ENV > config > default
-      level_str = ENV["AIDP_LOG_LEVEL"] || @config[:level] || "info"
-      level_sym = level_str.to_sym
+      # Priority: explicit env override > DEBUG flags > config > default
+      level_str = if ENV["AIDP_LOG_LEVEL"]
+        ENV["AIDP_LOG_LEVEL"]
+      elsif debug_env_enabled?
+        "debug"
+      elsif @config[:level]
+        @config[:level]
+      else
+        "info"
+      end
+      level_sym = level_str.to_s.to_sym
       LEVELS.key?(level_sym) ? level_sym : :info
     end
 
+    def debug_env_enabled?
+      raw = ENV["AIDP_DEBUG"] || ENV["DEBUG"]
+      return false if raw.nil?
+
+      normalized = raw.to_s.strip.downcase
+      return true if %w[true on yes debug].include?(normalized)
+
+      /\A\d+\z/.match?(normalized) ? normalized.to_i.positive? : false
+    end
+
     def should_log?(level)
       LEVELS[level] >= LEVELS[@level]
     end
@@ -106,7 +125,7 @@ module Aidp
     end
 
     def setup_logger
-      info_path = File.join(@project_dir, INFO_LOG)
+      info_path = determine_log_file_path
       @logger = create_logger(info_path)
       # Emit instrumentation after logger is available (avoid recursive Aidp.log_* calls during bootstrap)
       return unless @instrument_internal
@@ -181,6 +200,17 @@ module Aidp
       JSON.generate(entry)
     end
 
+    def determine_log_file_path
+      custom = (ENV["AIDP_LOG_FILE"] || @config[:file]).to_s.strip
+      relative_path = custom.empty? ? INFO_LOG : custom
+
+      if Pathname.new(relative_path).absolute?
+        relative_path
+      else
+        File.join(@project_dir, relative_path)
+      end
+    end
+
     # Redaction patterns for common secrets
     REDACTION_PATTERNS = [
       # API keys and tokens (with capture groups)

data/lib/aidp/providers/adapter.rb

@@ -0,0 +1,241 @@
+# frozen_string_literal: true
+
+module Aidp
+  module Providers
+    # ProviderAdapter defines the standardized interface that all provider implementations
+    # must conform to. This ensures consistent behavior across different AI model providers
+    # while allowing for provider-specific implementations.
+    #
+    # Design Philosophy:
+    # - Adapters are stateless; delegate throttling, retries, and escalation to coordinator
+    # - Store provider-specific regex matchers adjacent to adapters for maintainability
+    # - Single semantic flags map to provider-specific equivalents
+    #
+    # @see https://github.com/viamin/aidp/issues/243
+    module Adapter
+      # Core interface methods that all providers must implement
+
+      # Provider identifier (e.g., "anthropic", "cursor", "gemini")
+      # @return [String] unique lowercase identifier for this provider
+      def name
+        raise NotImplementedError, "#{self.class} must implement #name"
+      end
+
+      # Human-friendly display name for UI
+      # @return [String] display name (e.g., "Anthropic Claude", "Cursor AI")
+      def display_name
+        name
+      end
+
+      # Send a message to the provider and get a response
+      # @param prompt [String] the prompt to send
+      # @param session [String, nil] optional session identifier for context
+      # @param options [Hash] additional options for the request
+      # @return [Hash, String] provider response
+      def send_message(prompt:, session: nil, **options)
+        raise NotImplementedError, "#{self.class} must implement #send_message"
+      end
+
+      # Capability declaration methods
+
+      # Check if the provider supports Model Context Protocol
+      # @return [Boolean] true if MCP is supported
+      def supports_mcp?
+        false
+      end
+
+      # Fetch MCP servers configured for this provider
+      # @return [Array<Hash>] array of MCP server configurations
+      def fetch_mcp_servers
+        []
+      end
+
+      # Check if the provider is available on this system
+      # @return [Boolean] true if provider CLI or API is accessible
+      def available?
+        true
+      end
+
+      # Declare provider capabilities
+      # @return [Hash] capabilities hash with feature flags
+      # @example
+      #   {
+      #     reasoning_tiers: ["mini", "standard", "thinking"],
+      #     context_window: 200_000,
+      #     supports_json_mode: true,
+      #     supports_tool_use: true,
+      #     supports_vision: false,
+      #     supports_file_upload: true,
+      #     streaming: true
+      #   }
+      def capabilities
+        {
+          reasoning_tiers: [],
+          context_window: 100_000,
+          supports_json_mode: false,
+          supports_tool_use: false,
+          supports_vision: false,
+          supports_file_upload: false,
+          streaming: false
+        }
+      end
+
+      # Dangerous permissions abstraction
+
+      # Check if the provider supports dangerous/elevated permissions mode
+      # @return [Boolean] true if dangerous mode is supported
+      def supports_dangerous_mode?
+        false
+      end
+
+      # Get the provider-specific flag(s) for enabling dangerous mode
+      # Maps the semantic `dangerous: true` flag to provider-specific equivalents
+      # @return [Array<String>] provider-specific CLI flags
+      # @example Anthropic
+      #   ["--dangerously-skip-permissions"]
+      # @example Gemini (hypothetical)
+      #   ["--yolo"]
+      def dangerous_mode_flags
+        []
+      end
+
+      # Check if dangerous mode is currently enabled
+      # @return [Boolean] true if dangerous mode is active
+      def dangerous_mode_enabled?
+        @dangerous_mode_enabled ||= false
+      end
+
+      # Enable or disable dangerous mode
+      # @param enabled [Boolean] whether to enable dangerous mode
+      # @return [void]
+      def dangerous_mode=(enabled)
+        @dangerous_mode_enabled = enabled
+      end
+
+      # Error classification and handling
+
+      # Get error classification regex patterns for this provider
+      # @return [Hash<Symbol, Array<Regexp>>] mapping of error categories to regex patterns
+      # @example
+      #   {
+      #     rate_limited: [/rate.?limit/i, /quota.*exceeded/i],
+      #     auth_expired: [/authentication.*failed/i, /invalid.*api.*key/i],
+      #     quota_exceeded: [/quota.*exceeded/i, /usage.*limit/i],
+      #     transient: [/timeout/i, /connection.*reset/i, /temporary.*error/i],
+      #     permanent: [/invalid.*model/i, /unsupported.*operation/i]
+      #   }
+      def error_patterns
+        {}
+      end
+
+      # Classify an error into the standardized error taxonomy
+      # @param error [StandardError] the error to classify
+      # @return [Symbol] error category (:rate_limited, :auth_expired, :quota_exceeded, :transient, :permanent)
+      def classify_error(error)
+        message = error.message.to_s
+
+        # First check provider-specific patterns
+        error_patterns.each do |category, patterns|
+          patterns.each do |pattern|
+            return category if message.match?(pattern)
+          end
+        end
+
+        # Fall back to ErrorTaxonomy for classification
+        require_relative "error_taxonomy"
+        Aidp::Providers::ErrorTaxonomy.classify_message(message)
+      end
+
+      # Get normalized error metadata
+      # @param error [StandardError] the error to process
+      # @return [Hash] normalized error information
+      def error_metadata(error)
+        {
+          provider: name,
+          error_category: classify_error(error),
+          error_class: error.class.name,
+          message: redact_secrets(error.message),
+          timestamp: Time.now.iso8601,
+          retryable: retryable_error?(error)
+        }
+      end
+
+      # Check if an error is retryable
+      # @param error [StandardError] the error to check
+      # @return [Boolean] true if the error should be retried
+      def retryable_error?(error)
+        category = classify_error(error)
+        [:transient].include?(category)
+      end
+
+      # Logging and metrics
+
+      # Get logging metadata for this provider
+      # @return [Hash] metadata for structured logging
+      def logging_metadata
+        {
+          provider: name,
+          display_name: display_name,
+          supports_mcp: supports_mcp?,
+          available: available?,
+          dangerous_mode: dangerous_mode_enabled?
+        }
+      end
+
+      # Redact secrets from log messages
+      # @param message [String] message potentially containing secrets
+      # @return [String] message with secrets redacted
+      def redact_secrets(message)
+        # Redact common secret patterns
+        message = message.gsub(/api[_-]?key[:\s=]+[^\s&]+/i, "api_key=[REDACTED]")
+        message = message.gsub(/token[:\s=]+[^\s&]+/i, "token=[REDACTED]")
+        message = message.gsub(/password[:\s=]+[^\s&]+/i, "password=[REDACTED]")
+        message = message.gsub(/bearer\s+[^\s&]+/i, "bearer [REDACTED]")
+        message.gsub(/sk-[a-zA-Z0-9_-]{20,}/i, "sk-[REDACTED]")
+      end
+
+      # Configuration validation
+
+      # Validate provider configuration
+      # @param config [Hash] configuration to validate
+      # @return [Hash] validation result with :valid, :errors, :warnings keys
+      def validate_config(config)
+        errors = []
+        warnings = []
+
+        # Validate required fields
+        unless config[:type]
+          errors << "Provider type is required"
+        end
+
+        unless ["usage_based", "subscription", "passthrough"].include?(config[:type])
+          errors << "Provider type must be one of: usage_based, subscription, passthrough"
+        end
+
+        # Validate models if present
+        if config[:models] && !config[:models].is_a?(Array)
+          errors << "Models must be an array"
+        end
+
+        {
+          valid: errors.empty?,
+          errors: errors,
+          warnings: warnings
+        }
+      end
+
+      # Provider health and status
+
+      # Check provider health
+      # @return [Hash] health status information
+      def health_status
+        {
+          provider: name,
+          available: available?,
+          healthy: available?,
+          timestamp: Time.now.iso8601
+        }
+      end
+    end
+  end
+end

data/lib/aidp/providers/anthropic.rb

@@ -44,6 +44,68 @@ module Aidp
         self.class.available?
       end
 
+      # ProviderAdapter interface methods
+
+      def capabilities
+        {
+          reasoning_tiers: ["mini", "standard", "thinking"],
+          context_window: 200_000,
+          supports_json_mode: true,
+          supports_tool_use: true,
+          supports_vision: false,
+          supports_file_upload: true,
+          streaming: true
+        }
+      end
+
+      def supports_dangerous_mode?
+        true
+      end
+
+      def dangerous_mode_flags
+        ["--dangerously-skip-permissions"]
+      end
+
+      def error_patterns
+        {
+          rate_limited: [
+            /rate.?limit/i,
+            /too.?many.?requests/i,
+            /429/,
+            /overloaded/i
+          ],
+          auth_expired: [
+            /oauth.*token.*expired/i,
+            /authentication.*error/i,
+            /invalid.*api.*key/i,
+            /unauthorized/i,
+            /401/
+          ],
+          quota_exceeded: [
+            /quota.*exceeded/i,
+            /usage.*limit/i,
+            /credit.*exhausted/i
+          ],
+          transient: [
+            /timeout/i,
+            /connection.*reset/i,
+            /temporary.*error/i,
+            /service.*unavailable/i,
+            /503/,
+            /502/,
+            /504/
+          ],
+          permanent: [
+            /invalid.*model/i,
+            /unsupported.*operation/i,
+            /not.*found/i,
+            /404/,
+            /bad.*request/i,
+            /400/
+          ]
+        }
+      end
+
       def send_message(prompt:, session: nil)
         raise "claude CLI not available" unless self.class.available?
 
@@ -156,6 +218,8 @@ module Aidp
             TIMEOUT_STATIC_ANALYSIS
           when /REFACTORING_RECOMMENDATIONS/
             TIMEOUT_REFACTORING_RECOMMENDATIONS
+          when /IMPLEMENTATION/
+            TIMEOUT_IMPLEMENTATION
           else
             nil # Use default
           end
@@ -163,16 +227,20 @@ module Aidp
       end
 
       # Check if we should skip permissions based on devcontainer configuration
+      # Overrides base class to add logging and Claude-specific config check
       def should_skip_permissions?
-        # Check if harness context is available
-        return false unless @harness_context
+        # Use base class devcontainer detection
+        if in_devcontainer_or_codespace?
+          debug_log("🔓 Detected devcontainer/codespace environment - enabling full permissions", level: :info)
+          return true
+        end
 
-        # Get configuration from harness
-        config = @harness_context.config
-        return false unless config
+        # Fallback: Check harness context for Claude-specific configuration
+        if @harness_context&.config&.respond_to?(:should_use_full_permissions?)
+          return @harness_context.config.should_use_full_permissions?("claude")
+        end
 
-        # Use configuration method to determine if full permissions should be used
-        config.should_use_full_permissions?("claude")
+        false
       end
 
       # Parse stream-json output from Claude CLI

data/lib/aidp/providers/base.rb

@@ -2,6 +2,7 @@
 
 require "tty-prompt"
 require "tty-spinner"
+require_relative "adapter"
 
 module Aidp
   module Providers
@@ -9,6 +10,7 @@ module Aidp
 
     class Base
       include Aidp::MessageDisplay
+      include Aidp::Providers::Adapter
 
       # Activity indicator states
       ACTIVITY_STATES = {
@@ -33,6 +35,7 @@ module Aidp
       TIMEOUT_DOCUMENTATION_ANALYSIS = 300 # 5 minutes - documentation analysis
       TIMEOUT_STATIC_ANALYSIS = 450 # 7.5 minutes - static analysis
       TIMEOUT_REFACTORING_RECOMMENDATIONS = 600 # 10 minutes - refactoring
+      TIMEOUT_IMPLEMENTATION = 900 # 15 minutes - implementation (write files, run tests, fix issues)
 
       attr_reader :activity_state, :last_activity_time, :start_time, :step_name
 
@@ -299,7 +302,7 @@ module Aidp
           error_message = e.message
 
           # Check if error is rate limiting
-          if e.message.match?(/rate.?limit/i) || e.message.match?(/quota/i)
+          if e.message.match?(/rate.?limit/i) || e.message.match?(/quota/i) || e.message.match?(/session limit/i)
             rate_limited = true
           end
 
@@ -391,6 +394,31 @@ module Aidp
         spinner&.stop
       end
 
+      # Check if we should skip permissions based on devcontainer/codespace environment
+      # This enables providers to run with elevated permissions in safe development environments
+      # Returns true if running in a devcontainer or GitHub Codespace
+      def in_devcontainer_or_codespace?
+        ENV["REMOTE_CONTAINERS"] == "true" || ENV["CODESPACES"] == "true"
+      end
+
+      # Check if provider should skip sandbox permissions
+      # Providers can override this to add additional logic beyond environment detection
+      def should_skip_permissions?
+        # First, check for devcontainer/codespace environment (most reliable)
+        return true if in_devcontainer_or_codespace?
+
+        # Fallback: Check if harness context is available and has configuration
+        return false unless @harness_context
+
+        # Get configuration from harness
+        config = @harness_context.config
+        return false unless config
+
+        # Use configuration method to determine if full permissions should be used
+        # Provider subclasses should pass their provider name
+        false # Base implementation returns false, subclasses should override
+      end
+
       private
     end
   end

data/lib/aidp/providers/capability_registry.rb

@@ -0,0 +1,205 @@
+# frozen_string_literal: true
+
+module Aidp
+  module Providers
+    # CapabilityRegistry maintains a queryable registry of provider capabilities
+    # and features. This enables runtime feature detection and provider selection
+    # based on required capabilities.
+    #
+    # @see https://github.com/viamin/aidp/issues/243
+    class CapabilityRegistry
+      # Standard capability keys
+      CAPABILITY_KEYS = [
+        :reasoning_tiers,      # Array of supported reasoning tiers (mini, standard, thinking, etc.)
+        :context_window,       # Maximum context window size in tokens
+        :supports_json_mode,   # Boolean: supports JSON mode output
+        :supports_tool_use,    # Boolean: supports tool/function calling
+        :supports_vision,      # Boolean: supports image/vision inputs
+        :supports_file_upload, # Boolean: supports file uploads
+        :streaming,            # Boolean: supports streaming responses
+        :supports_mcp,         # Boolean: supports Model Context Protocol
+        :max_tokens,           # Maximum tokens per response
+        :supports_dangerous_mode # Boolean: supports elevated permissions mode
+      ].freeze
+
+      def initialize
+        @capabilities = {}
+        @providers = {}
+      end
+
+      # Register a provider and its capabilities
+      # @param provider [Aidp::Providers::Base] provider instance
+      # @return [void]
+      def register(provider)
+        provider_name = provider.name
+        @providers[provider_name] = provider
+
+        # Collect capabilities from provider
+        caps = provider.capabilities.dup
+        caps[:supports_mcp] = provider.supports_mcp?
+        caps[:supports_dangerous_mode] = provider.supports_dangerous_mode?
+
+        @capabilities[provider_name] = caps
+
+        Aidp.log_debug("CapabilityRegistry", "registered provider",
+          provider: provider_name,
+          capabilities: caps.keys)
+      end
+
+      # Unregister a provider
+      # @param provider_name [String] provider identifier
+      # @return [void]
+      def unregister(provider_name)
+        @capabilities.delete(provider_name)
+        @providers.delete(provider_name)
+      end
+
+      # Get capabilities for a specific provider
+      # @param provider_name [String] provider identifier
+      # @return [Hash, nil] capabilities hash or nil if not found
+      def capabilities_for(provider_name)
+        @capabilities[provider_name]
+      end
+
+      # Check if a provider has a specific capability
+      # @param provider_name [String] provider identifier
+      # @param capability [Symbol] capability key
+      # @param value [Object, nil] optional value to match
+      # @return [Boolean] true if provider has the capability
+      def has_capability?(provider_name, capability, value = nil)
+        caps = @capabilities[provider_name]
+        return false unless caps
+
+        if value.nil?
+          # Just check if capability exists and is truthy
+          caps.key?(capability) && caps[capability]
+        else
+          # Check if capability matches specific value
+          caps[capability] == value
+        end
+      end
+
+      # Find providers that match capability requirements
+      # @param requirements [Hash] capability requirements
+      # @return [Array<String>] array of matching provider names
+      # @example
+      #   registry.find_providers(supports_vision: true, min_context_window: 100_000)
+      def find_providers(**requirements)
+        matching = []
+
+        @capabilities.each do |provider_name, caps|
+          matches = requirements.all? do |key, required_value|
+            case key
+            when :min_context_window
+              caps[:context_window] && caps[:context_window] >= required_value
+            when :max_context_window
+              caps[:context_window] && caps[:context_window] <= required_value
+            when :reasoning_tier
+              caps[:reasoning_tiers]&.include?(required_value)
+            else
+              # Exact match for boolean and other values
+              caps[key] == required_value
+            end
+          end
+
+          matching << provider_name if matches
+        end
+
+        matching
+      end
+
+      # Get all registered providers
+      # @return [Array<String>] array of provider names
+      def registered_providers
+        @providers.keys
+      end
+
+      # Get detailed information about all registered providers
+      # @return [Hash] provider information indexed by provider name
+      def provider_info
+        info = {}
+
+        @providers.each do |provider_name, provider|
+          caps = @capabilities[provider_name] || {}
+
+          info[provider_name] = {
+            display_name: provider.display_name,
+            available: provider.available?,
+            capabilities: caps,
+            dangerous_mode_enabled: provider.dangerous_mode_enabled?,
+            health_status: provider.health_status
+          }
+        end
+
+        info
+      end
+
+      # Check capability compatibility between providers
+      # @param provider_name1 [String] first provider
+      # @param provider_name2 [String] second provider
+      # @return [Hash] compatibility report
+      def compatibility_report(provider_name1, provider_name2)
+        caps1 = @capabilities[provider_name1]
+        caps2 = @capabilities[provider_name2]
+
+        return {error: "Provider not found"} unless caps1 && caps2
+
+        common = {}
+        differences = {}
+
+        all_keys = (caps1.keys + caps2.keys).uniq
+
+        all_keys.each do |key|
+          val1 = caps1[key]
+          val2 = caps2[key]
+
+          if val1 == val2
+            common[key] = val1
+          else
+            differences[key] = {provider_name1 => val1, provider_name2 => val2}
+          end
+        end
+
+        {
+          common_capabilities: common,
+          differences: differences,
+          compatibility_score: common.size.to_f / all_keys.size
+        }
+      end
+
+      # Get capability statistics across all providers
+      # @return [Hash] statistics about capability support
+      def capability_statistics
+        stats = {}
+
+        CAPABILITY_KEYS.each do |key|
+          stats[key] = {
+            total_providers: @providers.size,
+            supporting_providers: 0,
+            providers: []
+          }
+        end
+
+        @capabilities.each do |provider_name, caps|
+          caps.each do |key, value|
+            next unless stats.key?(key)
+
+            if value.is_a?(TrueClass) || (value.is_a?(Array) && !value.empty?) || (value.is_a?(Integer) && value > 0)
+              stats[key][:supporting_providers] += 1
+              stats[key][:providers] << provider_name
+            end
+          end
+        end
+
+        stats
+      end
+
+      # Clear all registered providers
+      # @return [void]
+      def clear
+        @capabilities.clear
+        @providers.clear
+      end
+    end
+  end
+end

data/lib/aidp/providers/codex.rb

@@ -79,6 +79,20 @@ module Aidp
             args += ["--session", session]
           end
 
+          # In devcontainer, ensure sandbox mode and approval policy are set
+          # These are already set via environment variables in devcontainer.json
+          # but we verify and log them here for visibility
+          if in_devcontainer_or_codespace?
+            unless ENV["CODEX_SANDBOX_MODE"] == "danger-full-access"
+              ENV["CODEX_SANDBOX_MODE"] = "danger-full-access"
+              debug_log("🔓 Set CODEX_SANDBOX_MODE=danger-full-access for devcontainer", level: :info)
+            end
+            unless ENV["CODEX_APPROVAL_POLICY"] == "never"
+              ENV["CODEX_APPROVAL_POLICY"] = "never"
+              debug_log("🔓 Set CODEX_APPROVAL_POLICY=never for devcontainer", level: :info)
+            end
+          end
+
           # Use debug_execute_command for better debugging
           result = debug_execute_command("codex", args: args, timeout: timeout_seconds, streaming: streaming_enabled)