claude_swarm 0.1.8 → 0.1.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4694bdf654adfb2784e4156d504ace610c9b48bd7aedafb4d5571ee0483325e6
-  data.tar.gz: 9f26361aac4c2815b11f95ab28a67fbb684377d691b7ee5a1b99c89a1a4fa3c1
+  metadata.gz: c6060c41e9f648806744e61b547a7f43dddeea50377bd0e323881babb7146bbc
+  data.tar.gz: c057462ec65b862136b128eefb01f3e073399972839abe0d08869a3fe0c046bd
 SHA512:
-  metadata.gz: 8c5d95adfea48bb560e8ed04d1149284fa199e72a9051e85f7e3e23222a1c117c96b6eb977a418bc573d41a6e6c846d7071dd552121d3810a33b0937ac3228c4
-  data.tar.gz: aaf42838c5caf597bde330171ebd0aca702089731794f2c45df395b177fe6871c96f27f5838da587a9454de7cc397ca8fae7f910c6f61b1f775f6c2911444823
+  metadata.gz: '08eea752236a46872e9baa3a645240fcc08fc6d432d3723fa446daefa1d6735c24a1ffa026f222fa8aa9c2ce2d0e9a3c0076b92c11dc66b7047cd01b10e31946'
+  data.tar.gz: 104021e0d2017b3fcf7ecf09e5c3ec281f4f5bc0b397da6f7dc6da6e504d570acee81bf38cf14c33a23a12381bc1838c8915411dccba2e2146658f9b2c498b98

data/.rubocop.yml

@@ -62,4 +62,7 @@ Minitest/MultipleAssertions:
   Enabled: false
 
 Metrics/ParameterLists:
+  Enabled: false
+
+Style/PerlBackrefs:
   Enabled: false

data/CHANGELOG.md

@@ -1,3 +1,26 @@
+## [0.1.9]
+
+### Added
+- **Parameter-based tool patterns**: Custom tools now support explicit parameter patterns (e.g., `WebFetch(url:https://example.com/*)`)
+- **Enhanced pattern matching**: File tools support brace expansion and complex glob patterns (e.g., `Read(~/docs/**/*.{txt,md})`)
+- **Comprehensive test coverage**: Added extensive unit and integration tests for permission system
+
+### Changed
+- **Breaking change**: Custom tools with patterns now require explicit parameter syntax - `Tool(param:pattern)` instead of `Tool(pattern)`
+- **Improved pattern parsing**: Tool patterns are now parsed into structured hashes with `tool_name`, `pattern`, and `type` fields
+- **Better pattern enforcement**: Custom tool patterns are now strictly enforced - requests with non-matching parameters are denied
+- Tools without patterns (e.g., `WebFetch`) continue to accept any input parameters
+
+### Fixed
+- Fixed brace expansion in file glob patterns by adding `File::FNM_EXTGLOB` flag
+- Improved parameter pattern parsing to avoid conflicts with URL patterns containing colons
+
+### Internal
+- Major refactoring of `PermissionMcpServer` and `PermissionTool` for better maintainability and readability
+- Extracted pattern matching logic into focused, single-purpose methods
+- Added constants for tool categories and pattern types
+- Improved logging with structured helper methods
+
 ## [0.1.8]
 
 ### Added

data/lib/claude_swarm/cli.rb

@@ -171,9 +171,9 @@ module ClaudeSwarm
     end
 
     desc "tools-mcp", "Start a permission management MCP server for tool access control"
-    method_option :allowed_tools, aliases: "-t", type: :array,
+    method_option :allowed_tools, aliases: "-t", type: :string,
                                   desc: "Comma-separated list of allowed tool patterns (supports wildcards)"
-    method_option :disallowed_tools, type: :array,
+    method_option :disallowed_tools, type: :string,
                                      desc: "Comma-separated list of disallowed tool patterns (supports wildcards)"
     method_option :debug, type: :boolean, default: false,
                           desc: "Enable debug output"

data/lib/claude_swarm/permission_mcp_server.rb

@@ -8,9 +8,22 @@ require_relative "permission_tool"
 
 module ClaudeSwarm
   class PermissionMcpServer
+    # Directory constants
     SWARM_DIR = ".claude-swarm"
     SESSIONS_DIR = "sessions"
 
+    # Server configuration
+    SERVER_NAME = "claude-swarm-permissions"
+    SERVER_VERSION = "1.0.0"
+
+    # Tool categories
+    FILE_TOOLS = %w[Read Write Edit].freeze
+    BASH_TOOL = "Bash"
+
+    # Pattern matching
+    TOOL_PATTERN_REGEX = /^([^()]+)\(([^)]+)\)$/
+    PARAM_PATTERN_REGEX = /^(\w+)\s*:\s*(.+)$/
+
     def initialize(allowed_tools: nil, disallowed_tools: nil)
       @allowed_tools = allowed_tools
       @disallowed_tools = disallowed_tools
@@ -18,64 +31,160 @@ module ClaudeSwarm
     end
 
     def start
-      # Parse allowed and disallowed tools
+      configure_permission_tool
+      create_and_start_server
+    end
+
+    private
+
+    def configure_permission_tool
       allowed_patterns = parse_tool_patterns(@allowed_tools)
       disallowed_patterns = parse_tool_patterns(@disallowed_tools)
 
-      @logger.info("Starting permission MCP server with allowed patterns: #{allowed_patterns.inspect}, " \
-                   "disallowed patterns: #{disallowed_patterns.inspect}")
+      log_configuration(allowed_patterns, disallowed_patterns)
 
-      # Set the patterns on the tool class
       PermissionTool.allowed_patterns = allowed_patterns
       PermissionTool.disallowed_patterns = disallowed_patterns
       PermissionTool.logger = @logger
+    end
 
+    def create_and_start_server
       server = FastMcp::Server.new(
-        name: "claude-swarm-permissions",
-        version: "1.0.0"
+        name: SERVER_NAME,
+        version: SERVER_VERSION
       )
 
-      # Register the tool class
       server.register_tool(PermissionTool)
-
       @logger.info("Permission MCP server started successfully")
-
-      # Start the stdio server
       server.start
     end
 
-    private
-
     def setup_logging
-      # Use environment variable for session timestamp if available
-      # Otherwise create a new timestamp
-      session_timestamp = ENV["CLAUDE_SWARM_SESSION_TIMESTAMP"] || Time.now.strftime("%Y%m%d_%H%M%S")
+      session_dir = create_session_directory
+      @logger = create_logger(session_dir)
+      @logger.info("Permission MCP server logging initialized")
+    end
 
-      # Ensure the session directory exists
+    def create_session_directory
+      session_timestamp = ENV["CLAUDE_SWARM_SESSION_TIMESTAMP"] || Time.now.strftime("%Y%m%d_%H%M%S")
       session_dir = File.join(Dir.pwd, SWARM_DIR, SESSIONS_DIR, session_timestamp)
       FileUtils.mkdir_p(session_dir)
+      session_dir
+    end
 
-      # Create logger with permissions.log filename
+    def create_logger(session_dir)
       log_path = File.join(session_dir, "permissions.log")
-      @logger = Logger.new(log_path)
-      @logger.level = Logger::DEBUG
+      logger = Logger.new(log_path)
+      logger.level = Logger::DEBUG
+      logger.formatter = log_formatter
+      logger
+    end
 
-      # Custom formatter for better readability
-      @logger.formatter = proc do |severity, datetime, _progname, msg|
+    def log_formatter
+      proc do |severity, datetime, _progname, msg|
         "[#{datetime.strftime("%Y-%m-%d %H:%M:%S.%L")}] [#{severity}] #{msg}\n"
       end
+    end
 
-      @logger.info("Permission MCP server logging initialized")
+    def log_configuration(allowed_patterns, disallowed_patterns)
+      @logger.info("Starting permission MCP server with allowed patterns: #{allowed_patterns.inspect}, " \
+                   "disallowed patterns: #{disallowed_patterns.inspect}")
     end
 
     def parse_tool_patterns(tools)
       return [] if tools.nil? || tools.empty?
 
-      # Handle both string and array inputs
-      tool_list = tools.is_a?(Array) ? tools : tools.split(/[,\s]+/)
+      normalize_tool_list(tools).filter_map do |tool|
+        parse_single_tool_pattern(tool.strip)
+      end
+    end
+
+    def normalize_tool_list(tools)
+      tools.is_a?(Array) ? tools : tools.split(/[,\s]+/)
+    end
+
+    def parse_single_tool_pattern(tool)
+      return nil if tool.empty?
+
+      if (match = tool.match(TOOL_PATTERN_REGEX))
+        parse_tool_with_pattern(match[1], match[2])
+      elsif tool.include?("*")
+        create_wildcard_tool_pattern(tool)
+      else
+        create_exact_tool_pattern(tool)
+      end
+    end
+
+    def parse_tool_with_pattern(tool_name, pattern)
+      case tool_name
+      when *FILE_TOOLS
+        create_file_tool_pattern(tool_name, pattern)
+      when BASH_TOOL
+        create_bash_tool_pattern(tool_name, pattern)
+      else
+        create_custom_tool_pattern(tool_name, pattern)
+      end
+    end
+
+    def create_file_tool_pattern(tool_name, pattern)
+      {
+        tool_name: tool_name,
+        pattern: File.expand_path(pattern),
+        type: :glob
+      }
+    end
+
+    def create_bash_tool_pattern(tool_name, pattern)
+      {
+        tool_name: tool_name,
+        pattern: process_bash_pattern(pattern),
+        type: :regex
+      }
+    end
+
+    def process_bash_pattern(pattern)
+      if pattern.include?(":")
+        # Colon syntax: convert parts and join with spaces
+        pattern.split(":")
+               .map { |part| part.gsub("*", ".*") }
+               .join(" ")
+      else
+        # Literal pattern: escape asterisks
+        pattern.gsub("*", "\\*")
+      end
+    end
+
+    def create_custom_tool_pattern(tool_name, pattern)
+      {
+        tool_name: tool_name,
+        pattern: parse_parameter_patterns(pattern),
+        type: :params
+      }
+    end
+
+    def parse_parameter_patterns(pattern)
+      pattern.split(",").each_with_object({}) do |param_pair, params|
+        param_pair = param_pair.strip
+        if (match = param_pair.match(PARAM_PATTERN_REGEX))
+          params[match[1]] = match[2]
+        end
+      end
+    end
+
+    def create_wildcard_tool_pattern(tool)
+      {
+        tool_name: tool.gsub("*", ".*"),
+        pattern: nil,
+        type: :regex
+      }
+    end
 
-      # Clean up and return
-      tool_list.map(&:strip).reject(&:empty?)
+    def create_exact_tool_pattern(tool)
+      {
+        tool_name: tool,
+        pattern: nil,
+        type: :exact
+      }
     end
   end
 end

data/lib/claude_swarm/permission_tool.rb

@@ -10,6 +10,17 @@ module ClaudeSwarm
       attr_accessor :allowed_patterns, :disallowed_patterns, :logger
     end
 
+    # Tool categories
+    FILE_TOOLS = %w[Read Write Edit].freeze
+    BASH_TOOL = "Bash"
+
+    # Response behaviors
+    BEHAVIOR_ALLOW = "allow"
+    BEHAVIOR_DENY = "deny"
+
+    # File matching flags
+    FILE_MATCH_FLAGS = File::FNM_DOTMATCH | File::FNM_PATHNAME | File::FNM_EXTGLOB
+
     tool_name "check_permission"
     description "Check if a tool is allowed to be used based on configured patterns"
 
@@ -19,69 +30,172 @@ module ClaudeSwarm
     end
 
     def call(tool_name:, input:)
-      logger = self.class.logger
-      logger.info("Permission check requested for tool: #{tool_name}")
-      logger.info("Tool input: #{input.inspect}")
+      @current_tool_name = tool_name
+      log_request(tool_name, input)
+
+      result = evaluate_permission(tool_name, input)
+      response = JSON.generate(result)
+
+      log_response(response)
+      response
+    end
 
-      allowed_patterns = self.class.allowed_patterns || []
-      disallowed_patterns = self.class.disallowed_patterns || []
+    private
+
+    def evaluate_permission(tool_name, input)
+      if explicitly_disallowed?(tool_name, input)
+        deny_response(tool_name, "explicitly disallowed")
+      elsif implicitly_allowed?(tool_name, input)
+        allow_response(input)
+      else
+        deny_response(tool_name, "not allowed by configured patterns")
+      end
+    end
+
+    def explicitly_disallowed?(tool_name, input)
+      check_patterns(disallowed_patterns, tool_name, input, "Disallowed")
+    end
 
-      logger.info("Checking against allowed patterns: #{allowed_patterns.inspect}")
-      logger.info("Checking against disallowed patterns: #{disallowed_patterns.inspect}")
+    def implicitly_allowed?(tool_name, input)
+      allowed_patterns.empty? || check_patterns(allowed_patterns, tool_name, input, "Allowed")
+    end
 
-      # Check if tool matches any disallowed pattern first (takes precedence)
-      disallowed = disallowed_patterns.any? do |pattern|
-        match = matches_pattern?(tool_name, pattern)
-        logger.info("Disallowed pattern '#{pattern}' vs '#{tool_name}': #{match}")
+    def check_patterns(patterns, tool_name, input, pattern_type)
+      patterns.any? do |pattern_hash|
+        match = matches_pattern?(tool_name, input, pattern_hash)
+        log_pattern_check(pattern_type, pattern_hash, tool_name, input, match)
         match
       end
+    end
+
+    def matches_pattern?(tool_name, input, pattern_hash)
+      return false unless tool_name_matches?(tool_name, pattern_hash)
+      return true if pattern_hash[:pattern].nil?
+
+      match_tool_specific_pattern(tool_name, input, pattern_hash)
+    end
 
-      if disallowed
-        logger.info("DENIED: Tool '#{tool_name}' matches disallowed pattern")
-        result = {
-          "behavior" => "deny",
-          "message" => "Tool '#{tool_name}' is explicitly disallowed"
-        }
+    def tool_name_matches?(tool_name, pattern_hash)
+      case pattern_hash[:type]
+      when :regex
+        tool_name.match?(/^#{pattern_hash[:tool_name]}$/)
       else
-        # Check if the tool matches any allowed pattern
-        allowed = allowed_patterns.empty? || allowed_patterns.any? do |pattern|
-          match = matches_pattern?(tool_name, pattern)
-          logger.info("Allowed pattern '#{pattern}' vs '#{tool_name}': #{match}")
-          match
-        end
-
-        result = if allowed
-                   logger.info("ALLOWED: Tool '#{tool_name}' matches configured patterns")
-                   {
-                     "behavior" => "allow",
-                     "updatedInput" => input
-                   }
-                 else
-                   logger.info("DENIED: Tool '#{tool_name}' does not match any allowed patterns")
-                   {
-                     "behavior" => "deny",
-                     "message" => "Tool '#{tool_name}' is not allowed by configured patterns"
-                   }
-                 end
+        tool_name == pattern_hash[:tool_name]
       end
+    end
 
-      # Return JSON-stringified result as per SDK docs
-      response = JSON.generate(result)
-      logger.info("Returning response: #{response}")
-      response
+    def match_tool_specific_pattern(_tool_name, input, pattern_hash)
+      case pattern_hash[:tool_name]
+      when BASH_TOOL
+        match_bash_pattern(input, pattern_hash)
+      when *FILE_TOOLS
+        match_file_pattern(input, pattern_hash[:pattern])
+      else
+        match_custom_tool_pattern(input, pattern_hash)
+      end
     end
 
-    private
+    def match_bash_pattern(input, pattern_hash)
+      command = extract_field_value(input, "command")
+      return false unless command
 
-    def matches_pattern?(tool_name, pattern)
-      if pattern.include?("*")
-        # Convert wildcard pattern to regex
-        regex_pattern = pattern.gsub("*", ".*")
-        tool_name.match?(/^#{regex_pattern}$/)
+      if pattern_hash[:type] == :regex
+        command.match?(/^#{pattern_hash[:pattern]}$/)
       else
-        # Exact match
-        tool_name == pattern
+        command == pattern_hash[:pattern]
       end
     end
+
+    def match_file_pattern(input, pattern)
+      file_path = extract_field_value(input, "file_path")
+      unless file_path
+        log_missing_field("file_path", input)
+        return false
+      end
+
+      File.fnmatch(pattern, File.expand_path(file_path), FILE_MATCH_FLAGS)
+    end
+
+    def match_custom_tool_pattern(input, pattern_hash)
+      return false unless pattern_hash[:type] == :params && pattern_hash[:pattern].is_a?(Hash)
+      return false if pattern_hash[:pattern].empty?
+
+      match_parameter_patterns(input, pattern_hash[:pattern])
+    end
+
+    def match_parameter_patterns(input, param_patterns)
+      param_patterns.all? do |param_name, param_pattern|
+        value = extract_field_value(input, param_name.to_s)
+        return false unless value
+
+        regex_pattern = glob_to_regex(param_pattern)
+        value.to_s.match?(/^#{regex_pattern}$/)
+      end
+    end
+
+    def extract_field_value(input, field_name)
+      input[field_name] || input[field_name.to_sym]
+    end
+
+    def glob_to_regex(pattern)
+      Regexp.escape(pattern)
+            .gsub('\*', ".*")
+            .gsub('\?', ".")
+    end
+
+    # Response builders
+    def allow_response(input)
+      log_decision("ALLOWED", "matches configured patterns")
+      {
+        "behavior" => BEHAVIOR_ALLOW,
+        "updatedInput" => input
+      }
+    end
+
+    def deny_response(tool_name, reason)
+      log_decision("DENIED", "is #{reason}")
+      {
+        "behavior" => BEHAVIOR_DENY,
+        "message" => "Tool '#{tool_name}' is #{reason}"
+      }
+    end
+
+    # Logging helpers
+    def log_request(tool_name, input)
+      logger&.info("Permission check requested for tool: #{tool_name}")
+      logger&.info("Tool input: #{input.inspect}")
+      logger&.info("Checking against allowed patterns: #{allowed_patterns.inspect}")
+      logger&.info("Checking against disallowed patterns: #{disallowed_patterns.inspect}")
+    end
+
+    def log_response(response)
+      logger&.info("Returning response: #{response}")
+    end
+
+    def log_pattern_check(pattern_type, pattern_hash, tool_name, input, match)
+      logger&.info("#{pattern_type} pattern '#{pattern_hash.inspect}' vs '#{tool_name}' " \
+                   "with input '#{input.inspect}': #{match}")
+    end
+
+    def log_decision(status, reason)
+      logger&.info("#{status}: Tool '#{@current_tool_name}' #{reason}")
+    end
+
+    def log_missing_field(field_name, input)
+      logger&.info("#{field_name} not found in input: #{input.inspect}")
+    end
+
+    # Convenience accessors
+    def logger
+      self.class.logger
+    end
+
+    def allowed_patterns
+      self.class.allowed_patterns || []
+    end
+
+    def disallowed_patterns
+      self.class.disallowed_patterns || []
+    end
   end
 end

data/lib/claude_swarm/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module ClaudeSwarm
-  VERSION = "0.1.8"
+  VERSION = "0.1.9"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: claude_swarm
 version: !ruby/object:Gem::Version
-  version: 0.1.8
+  version: 0.1.9
 platform: ruby
 authors:
 - Paulo Arruda