console_agent 0.10.0 → 0.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dc46d0592feb84b4d85481d1535dccbe417a4445593828424c12a84d96fcbc9c
-  data.tar.gz: 10fe29dc81cc425a498c6e7d6c6b82aaa586ec674c081ba3f7b5b1143b68df18
+  metadata.gz: 4605d79e21eecd9bdcc4d48ffee20e04f3881dbe285201887f997aefaefd13e6
+  data.tar.gz: f6b0f23b20d640d9f0e8d266f41a9c88dc6e1eb76c2d5185a5f05d30dae17890
 SHA512:
-  metadata.gz: 86760d6c3b7c4920fc2c01741be308fc3d3f133e264c8dc37cab6b1ab90e9b920a410d57c86d8f96e743396d6919735d7fad62ee584667c8ea177c4825a12d05
-  data.tar.gz: 6446b9b2af4803ccd860fd109484ef37de87850517ad117eb52892974a65a017c1b03188dfc1eb7f24aad3859749ce4f6d282220c8d5d78238e67cfdb7438def
+  metadata.gz: 28c4cb1aeef7d423f014c1fab6737f7dee89cd68a2a38380b708312c16d2f7c069d645078c013fc770fae005d8eb7e4bd118120aca0aac3eb7a22bafedecb995
+  data.tar.gz: 42b4f79d3d649a985c68d694fd390cc97f34982f5c4ea6c790845336e8723ab646eff7f814c56eed4a21c1946db8671b71564ffab25d609796a4f6595a0da5ed

data/CHANGELOG.md

@@ -2,6 +2,21 @@
 
 All notable changes to this project will be documented in this file.
 
+## [0.12.0]
+
+- Add `slack_allowed_usernames` to restrict Slack channel access
+
+## [0.11.0]
+
+- Add Slack channel integration with system instructions and connection pooling
+- Extract channels abstraction and ConversationEngine from Repl
+- Add built-in safety guards with `/danger` bypass and progressive safety allowlists
+- Add local model support with prompt truncation warnings
+- Add `clear!` command to clear bot messages in thread
+- Match code blocks in LLM results
+- Fix long query display and add cost tracking to session viewer
+- Strip quotes from session names when saving
+
 ## [0.10.0]
 
 - Add `/expand` command to view previous results

data/README.md

@@ -12,7 +12,7 @@ irb> ai "find the 5 most recent orders over $100"
 
   Order.where("total > ?", 100).order(created_at: :desc).limit(5)
 
-Execute? [y/N/edit] y
+Execute? [y/N/edit/danger] y
 => [#<Order id: 4821, ...>, ...]
 ```
 
@@ -75,6 +75,8 @@ end
 | Command | What it does |
 |---------|-------------|
 | `/auto` | Toggle auto-execute (skip confirmations) |
+| `/danger` | Toggle safe mode off/on (allow side effects) |
+| `/safe` | Show safety guard status |
 | `/compact` | Compress history into a summary (saves tokens) |
 | `/usage` | Show token stats |
 | `/cost` | Show per-model cost breakdown |
@@ -101,6 +103,49 @@ Say "think harder" in any query to auto-upgrade to the thinking model for that s
 - **History compaction** — `/compact` summarizes long conversations to reduce cost and latency
 - **Output trimming** — older execution outputs are automatically replaced with references; the LLM can recall them on demand via `recall_output`, and you can `/expand <id>` to see them
 - **Debug mode** — `/debug` shows context breakdown, token counts, and per-call cost estimates before and after each LLM call
+- **Safe mode** — configurable guards that block side effects (DB writes, HTTP mutations, email delivery) during AI code execution
+
+## Safety Guards
+
+Safety guards prevent AI-generated code from causing side effects. When a guard blocks an operation, the user is prompted to re-run with safe mode disabled.
+
+### Built-in Guards
+
+```ruby
+ConsoleAgent.configure do |config|
+  config.use_builtin_safety_guard :database_writes  # blocks INSERT/UPDATE/DELETE/DROP/etc.
+  config.use_builtin_safety_guard :http_mutations    # blocks POST/PUT/PATCH/DELETE via Net::HTTP
+  config.use_builtin_safety_guard :mailers           # disables ActionMailer delivery
+end
+```
+
+- **`:database_writes`** — intercepts the ActiveRecord connection adapter to block write SQL. Works on Rails 5+ with any database adapter.
+- **`:http_mutations`** — intercepts `Net::HTTP#request` to block non-GET/HEAD/OPTIONS requests. Covers libraries built on Net::HTTP (HTTParty, RestClient, Faraday).
+- **`:mailers`** — sets `ActionMailer::Base.perform_deliveries = false` during execution.
+
+### Custom Guards
+
+Write your own guards using the around-block pattern:
+
+```ruby
+ConsoleAgent.configure do |config|
+  config.safety_guard :jobs do |&execute|
+    Sidekiq::Testing.fake! { execute.call }
+  end
+end
+```
+
+Raise `ConsoleAgent::SafetyError` in your app code to trigger the safe mode prompt:
+
+```ruby
+raise ConsoleAgent::SafetyError, "Stripe charge blocked"
+```
+
+### Toggling Safe Mode
+
+- **`/danger`** in interactive mode toggles all guards off/on for the session
+- **`d`** at the `Execute? [y/N/edit/danger]` prompt disables guards for that single execution
+- When a guard blocks an operation, the user is prompted: `Re-run with safe mode disabled? [y/N]`
 
 ## Configuration
 
@@ -146,6 +191,61 @@ end
 
 When `authenticate` is set, `admin_username` / `admin_password` are ignored.
 
+## Channels
+
+ConsoleAgent can run through different channels beyond the Rails console. Each channel is a separate process that connects the same AI engine to a different interface.
+
+### Slack
+
+Run ConsoleAgent as a Slack bot. Each Slack thread becomes an independent AI session with full tool use, multi-step plans, and safety guards always on.
+
+#### Slack App Setup
+
+1. Create a new app at https://api.slack.com/apps → **Create New App** → **From scratch**
+
+2. **Enable Socket Mode** — Settings → Socket Mode → toggle ON. Generate an App-Level Token with the `connections:write` scope. Copy the `xapp-...` token.
+
+3. **Bot Token Scopes** — OAuth & Permissions → Bot Token Scopes, add:
+   - `chat:write`
+   - `channels:history` (public channels)
+   - `groups:history` (private channels, optional)
+   - `im:history` (direct messages)
+   - `users:read`
+
+4. **Event Subscriptions** — Event Subscriptions → toggle ON, then under "Subscribe to bot events" add:
+   - `message.channels` (public channels)
+   - `message.groups` (private channels, optional)
+   - `message.im` (direct messages)
+
+5. **App Home** — Show Tabs → toggle **Messages Tab** ON and check **"Allow users to send Slash commands and messages from the messages tab"**
+
+6. **Install to workspace** — Install App → Install to Workspace. Copy the `xoxb-...` Bot User OAuth Token.
+
+7. **Invite the bot** to a channel with `/invite @YourBotName`, or DM it directly.
+
+#### Configuration
+
+```ruby
+ConsoleAgent.configure do |config|
+  config.slack_bot_token = ENV['SLACK_BOT_TOKEN']   # xoxb-...
+  config.slack_app_token = ENV['SLACK_APP_TOKEN']    # xapp-...
+
+  # Optional: restrict to specific Slack channel IDs
+  # config.slack_channel_ids = 'C1234567890,C0987654321'
+
+  # Required: which users the bot responds to (by display name)
+  config.slack_allowed_usernames = ['alice', 'bob']  # or 'ALL' for everyone
+end
+```
+
+#### Running
+
+```bash
+bundle exec rake console_agent:slack
+```
+
+This starts a long-running process (run it separately from your web server). Each new message creates a session; threaded replies continue the conversation. The bot auto-executes code with safety guards always enabled — there is no `/danger` equivalent in Slack.
+
 ## Requirements
 
 Ruby >= 2.5, Rails >= 5.0, Faraday >= 1.0

data/app/helpers/console_agent/sessions_helper.rb

@@ -1,5 +1,19 @@
 module ConsoleAgent
   module SessionsHelper
+    def estimated_cost(session)
+      pricing = Configuration::PRICING[session.model]
+      return nil unless pricing
+
+      (session.input_tokens * pricing[:input]) + (session.output_tokens * pricing[:output])
+    end
+
+    def format_cost(session)
+      cost = estimated_cost(session)
+      return '-' unless cost
+
+      cost < 0.01 ? "<$0.01" : "$#{'%.2f' % cost}"
+    end
+
     # Convert ANSI escape codes to HTML spans for terminal-style rendering
     def ansi_to_html(text)
       return '' if text.nil? || text.empty?

data/app/models/console_agent/session.rb

@@ -4,7 +4,7 @@ module ConsoleAgent
 
     validates :query, presence: true
     validates :conversation, presence: true
-    validates :mode, presence: true, inclusion: { in: %w[one_shot interactive explain] }
+    validates :mode, presence: true, inclusion: { in: %w[one_shot interactive explain slack] }
 
     scope :recent, -> { order(created_at: :desc) }
     scope :named, ->(name) { where(name: name) }

data/app/views/console_agent/sessions/index.html.erb

@@ -14,10 +14,10 @@
         <th>Time</th>
         <th>User</th>
         <th>Name</th>
-        <th>Query</th>
+        <th style="max-width: 400px;">Query</th>
         <th>Mode</th>
         <th>Tokens</th>
-        <th>Executed?</th>
+        <th>Cost</th>
         <th>Duration</th>
       </tr>
     </thead>
@@ -27,10 +27,10 @@
           <td class="mono"><%= session.created_at.strftime('%Y-%m-%d %H:%M') %></td>
           <td><%= session.user_name %></td>
           <td><%= session.name.present? ? session.name : '-' %></td>
-          <td><a href="<%= console_agent.session_path(session) %>"><%= truncate(session.query, length: 80) %></a></td>
+          <td class="query-cell"><a href="<%= console_agent.session_path(session) %>" title="<%= h session.query.truncate(200) %>"><%= truncate(session.query.gsub(/\s+/, ' ').strip, length: 80) %></a></td>
           <td><span class="badge badge-<%= session.mode %>"><%= session.mode %></span></td>
           <td class="mono"><%= session.input_tokens + session.output_tokens %></td>
-          <td><%= session.executed? ? '<span class="check">Yes</span>'.html_safe : '<span class="cross">No</span>'.html_safe %></td>
+          <td class="mono"><%= format_cost(session) %></td>
           <td class="mono"><%= session.duration_ms ? "#{session.duration_ms}ms" : '-' %></td>
         </tr>
       <% end %>

data/app/views/console_agent/sessions/show.html.erb

@@ -2,9 +2,19 @@
 
 <div class="meta-card">
   <div class="meta-grid">
-    <div class="meta-item">
+    <div class="meta-item" style="grid-column: 1 / -1;">
       <label>Query</label>
-      <span><%= @session.query %></span>
+      <% if @session.query.length > 300 %>
+        <div class="query-preview">
+          <span><%= truncate(@session.query, length: 300) %></span>
+          <details style="margin-top: 4px;">
+            <summary style="cursor: pointer; font-size: 12px; color: #4a6fa5;">Show full query</summary>
+            <pre style="white-space: pre-wrap; word-wrap: break-word; font-size: 13px; margin-top: 8px; padding: 12px; background: #f8f9fa; border-radius: 4px; max-height: 400px; overflow-y: auto;"><%= @session.query %></pre>
+          </details>
+        </div>
+      <% else %>
+        <span><%= @session.query %></span>
+      <% end %>
     </div>
     <% if @session.name.present? %>
       <div class="meta-item">
@@ -29,12 +39,12 @@
       <span class="mono"><%= @session.input_tokens %> / <%= @session.output_tokens %></span>
     </div>
     <div class="meta-item">
-      <label>Duration</label>
-      <span class="mono"><%= @session.duration_ms ? "#{@session.duration_ms}ms" : '-' %></span>
+      <label>Est. Cost</label>
+      <span class="mono"><%= format_cost(@session) %></span>
     </div>
     <div class="meta-item">
-      <label>Executed?</label>
-      <span><%= @session.executed? ? '<span class="check">Yes</span>'.html_safe : '<span class="cross">No</span>'.html_safe %></span>
+      <label>Duration</label>
+      <span class="mono"><%= @session.duration_ms ? "#{@session.duration_ms}ms" : '-' %></span>
     </div>
     <div class="meta-item">
       <label>Time</label>

data/app/views/layouts/console_agent/application.html.erb

@@ -54,6 +54,7 @@
       overflow-x: auto; white-space: pre-wrap; word-wrap: break-word;
     }
     .mono { font-family: "SF Mono", "Monaco", "Menlo", "Consolas", monospace; font-size: 13px; }
+    .query-cell { max-width: 400px; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; }
     .text-muted { color: #888; }
     .back-link { margin-bottom: 16px; display: inline-block; }
     .check { color: #28a745; }

data/lib/console_agent/channel/base.rb

@@ -0,0 +1,23 @@
+module ConsoleAgent
+  module Channel
+    class Base
+      def display(text);            raise NotImplementedError; end
+      def display_dim(text);        raise NotImplementedError; end
+      def display_warning(text);    raise NotImplementedError; end
+      def display_error(text);      raise NotImplementedError; end
+      def display_code(code);       raise NotImplementedError; end
+      def display_result(text);     raise NotImplementedError; end
+      def display_result_output(text); end  # stdout output from code execution
+      def prompt(text);             raise NotImplementedError; end
+      def confirm(text);            raise NotImplementedError; end
+      def user_identity;            raise NotImplementedError; end
+      def mode;                     raise NotImplementedError; end
+      def cancelled?;               false; end
+      def supports_danger?;         true; end
+      def supports_editing?;        false; end
+      def edit_code(code);          code; end
+      def wrap_llm_call(&block);    yield; end
+      def system_instructions;      nil; end
+    end
+  end
+end