kairos-chain 3.6.0 → 3.6.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e63245a9c8dd3d8e79b83ad1eba7697cbf2075832b1afbae7080c4b1dea0e0de
-  data.tar.gz: 56ec7236649c644bd73fccbe35989640ac169831e8300531821c46ff01805475
+  metadata.gz: 02a83d13eab2a28deb385acb5e3e57f62204923c2efe4f2768fcf063bca5def2
+  data.tar.gz: fcc519fed062416470e34d9fa95f1760b92ba61d8fb76b1f568a056e244f8c85
 SHA512:
-  metadata.gz: cb2ddc02ed24e10dcd76e6cf6f8149588b135011b8e777c52324961fc06ecb44a6810c1b97cdedda66bbcc8bcca484400a7f6a245dfbe7c1b831b7b2b0b04003
-  data.tar.gz: 455843011cef593d7ff7693d66f22be19dad14f70fe5b26cccc131cae903362089e35367e4410ba91138a9822b9b8adb6823f7ca98420bb6d9811e8f5233f106
+  metadata.gz: fd5586084ac9d3b6faa446bd7471b9c812dfe6e506d52c6f00471100e8554ce1a7734001d9a0fc8ce715795bf82a606b3592d87d02812d5aeafa0db7ecd64325
+  data.tar.gz: fb0cc839b19d882bc89c1bcb1b3f95a9737f3d5000eeaf12a0fc6ed2927426d6d7b6d6084d5871a87a6ab362f5b533475d7e94cd13d473b6fb8982b91d82d647

data/lib/kairos_mcp/version.rb

@@ -1,4 +1,4 @@
 module KairosMcp
-  VERSION = "3.6.0"
+  VERSION = "3.6.1"
   CHANGELOG_URL = "https://github.com/masaomi/KairosChain_2026/blob/main/CHANGELOG.md"
 end

data/templates/skillsets/document_authoring/config/document_authoring.yml

@@ -0,0 +1,22 @@
+# Document Authoring SkillSet configuration
+llm_model: null  # uses llm_client default
+
+# Output settings
+output_base_dir: null  # null = workspace root (@safety.safe_root)
+
+# Per-section limits
+max_words_default: 500
+
+# Context assembly
+max_context_chars: 4000        # per source, truncated at paragraph boundary
+max_total_context_chars: 16000  # total context budget
+max_context_sources: 10        # max number of context URIs
+
+# File safety
+allowed_output_extensions:
+  - ".md"
+  - ".txt"
+max_output_file_size_bytes: 1048576  # 1MB — refuse to overwrite larger files
+
+# document_status limits
+max_status_files: 50  # max files to scan

data/templates/skillsets/document_authoring/knowledge/document_authoring_guide/document_authoring_guide.md

@@ -0,0 +1,64 @@
+---
+tags: [document, authoring, grant, writing, agent, ooda]
+version: "1.0"
+---
+
+# Document Authoring Guide
+
+## Overview
+
+The `document_authoring` SkillSet provides LLM-driven document section generation
+with L1/L2 context injection. It integrates with the Agent SkillSet's OODA loop
+via autoexec's `internal_execute` dispatcher — no Agent or autoexec changes required.
+
+## Tools
+
+### write_section
+
+Generates a document section using an LLM, with optional context from L1 knowledge
+and L2 session contexts.
+
+```json
+{
+  "section_name": "research_significance",
+  "instructions": "Explain why genomic data ownership matters for open science",
+  "context_sources": ["knowledge://genomicschain_design"],
+  "output_file": "grant_draft/02_significance.md",
+  "max_words": 500,
+  "language": "en"
+}
+```
+
+### document_status
+
+Lists existing draft files with word counts. Non-recursive directory scan.
+
+```json
+{
+  "output_dir": "grant_draft/"
+}
+```
+
+## Agent Integration
+
+When used with the Agent SkillSet, the workflow is:
+
+1. Create L1 knowledge with the document goal (e.g., grant requirements)
+2. Start Agent session: `agent_start(goal_name: "grant_application_uzh")`
+3. Agent ORIENT identifies required sections from the goal
+4. Agent DECIDE generates task steps with `tool_name: "write_section"`
+5. Human approves the plan at [proposed] checkpoint
+6. Agent ACT executes write_section for each section via autoexec
+7. Agent REFLECT evaluates completeness
+
+## Context Sources
+
+Use the platform URI scheme:
+
+- `knowledge://genomicschain_design` — L1 knowledge
+- `context://session_id/context_name` — L2 session context
+
+## Output
+
+Generated text is written directly to the specified file (no JSON wrapper).
+Files are created under the workspace root with symlink-safe path validation.

data/templates/skillsets/document_authoring/lib/document_authoring/context_assembler.rb

@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+
+module KairosMcp
+  module SkillSets
+    module DocumentAuthoring
+      # Retrieves L1/L2 context via resource_read and assembles into prompt text.
+      # Uses the platform URI scheme (knowledge://, context://).
+      class ContextAssembler
+        # @param caller_tool [BaseTool] tool instance with invoke_tool access
+        # @param max_chars_per_source [Integer] max characters per source
+        # @param max_total_chars [Integer] total context budget
+        # @param max_sources [Integer] max number of sources
+        def initialize(caller_tool, max_chars_per_source: 4000,
+                       max_total_chars: 16_000, max_sources: 10)
+          @caller = caller_tool
+          @max_chars_per_source = max_chars_per_source
+          @max_total_chars = max_total_chars
+          @max_sources = max_sources
+        end
+
+        # Assemble context from resource URIs.
+        # @param sources [Array<String>] resource URIs (knowledge://, context://)
+        # @param context [Object, nil] InvocationContext for policy inheritance
+        # @return [Hash] { text: String, loaded: Integer, failed: Integer, warnings: Array<String> }
+        def assemble(sources, context: nil)
+          return { text: '', loaded: 0, failed: 0, warnings: [] } if sources.nil? || sources.empty?
+
+          warnings = []
+          texts = []
+          loaded = 0
+          failed = 0
+          total_chars = 0
+
+          if sources.size > @max_sources
+            warnings << "Truncated to #{@max_sources} sources (#{sources.size} provided)"
+          end
+
+          sources.first(@max_sources).each do |uri|
+            unless uri.match?(%r{\A(knowledge|context)://})
+              warnings << "Unknown URI scheme, skipped: #{uri}"
+              failed += 1
+              next
+            end
+
+            begin
+              result = @caller.invoke_tool('resource_read', { 'uri' => uri }, context: context)
+              text = extract_text(result)
+
+              if text.nil? || text.strip.empty?
+                warnings << "Empty content from: #{uri}"
+                failed += 1
+                next
+              end
+
+              truncated = truncate_at_paragraph(text, @max_chars_per_source)
+              remaining = @max_total_chars - total_chars
+              truncated = truncated[0...remaining] if truncated.length > remaining
+
+              texts << "### Source: #{uri}\n#{truncated}"
+              total_chars += truncated.length
+              loaded += 1
+            rescue StandardError => e
+              warnings << "Failed to load #{uri}: #{e.message}"
+              failed += 1
+            end
+
+            break if total_chars >= @max_total_chars
+          end
+
+          { text: texts.join("\n\n"), loaded: loaded, failed: failed, warnings: warnings }
+        end
+
+        private
+
+        def extract_text(result)
+          return '' unless result.is_a?(Array)
+
+          result.map { |b| b[:text] || b['text'] }.compact.join("\n")
+        end
+
+        def truncate_at_paragraph(text, max_chars)
+          return text if text.length <= max_chars
+
+          # Find last paragraph break (double newline) before max_chars
+          cut = text.rindex("\n\n", max_chars)
+          cut && cut > 0 ? text[0..cut] : text[0...max_chars]
+        end
+      end
+    end
+  end
+end

data/templates/skillsets/document_authoring/lib/document_authoring/path_validator.rb

@@ -0,0 +1,118 @@
+# frozen_string_literal: true
+
+require 'fileutils'
+require 'pathname'
+
+module KairosMcp
+  module SkillSets
+    module DocumentAuthoring
+      # Symlink-safe path validation for file writes.
+      # Uses File.realpath to resolve symlinks at every ancestor.
+      class PathValidator
+        ALLOWED_EXTENSIONS = %w[.md .txt].freeze
+
+        # Validate a relative output file path (symlink-safe).
+        # @param relative_path [String] user-provided relative path
+        # @param base_dir [String] workspace root (from @safety.safe_root)
+        # @param allowed_extensions [Array<String>] permitted file extensions
+        # @param max_file_size [Integer, nil] max existing file size to overwrite
+        # @return [String] validated absolute path
+        # @raise [ArgumentError] on invalid path
+        def self.validate!(relative_path, base_dir,
+                           allowed_extensions: ALLOWED_EXTENSIONS,
+                           max_file_size: nil)
+          raise ArgumentError, "Empty path" if relative_path.nil? || relative_path.strip.empty?
+          raise ArgumentError, "Absolute paths not allowed: #{relative_path}" if relative_path.start_with?('/')
+
+          # Extension whitelist
+          ext = File.extname(relative_path).downcase
+          unless allowed_extensions.include?(ext)
+            raise ArgumentError, "Extension not allowed: #{ext}. Allowed: #{allowed_extensions.join(', ')}"
+          end
+
+          # Resolve base_dir to its real path (handles symlinked workspace roots)
+          base_real = File.realpath(base_dir)
+
+          # Expand relative_path against the real base (not the possibly-symlinked base_dir)
+          expanded = File.expand_path(relative_path, base_real)
+
+          # Containment check on expanded path
+          unless expanded.start_with?(base_real + '/')
+            raise ArgumentError, "Path escapes workspace: #{relative_path}"
+          end
+
+          # Incremental mkdir with per-component symlink check
+          parent = File.dirname(expanded)
+          safe_mkdir_p(parent, base_real)
+
+          # Check if target itself is a symlink
+          if File.symlink?(expanded)
+            raise ArgumentError, "Target is a symlink: #{relative_path}"
+          end
+
+          # File size guard
+          if max_file_size && File.exist?(expanded) && File.size(expanded) > max_file_size
+            raise ArgumentError, "Existing file too large (#{File.size(expanded)} bytes > #{max_file_size})"
+          end
+
+          expanded
+        end
+
+        # Validate a directory path for document_status (read-only).
+        # @return [String] validated absolute directory path
+        # @raise [ArgumentError] on invalid path
+        def self.validate_dir!(relative_path, base_dir)
+          raise ArgumentError, "Empty directory path" if relative_path.nil? || relative_path.strip.empty?
+          raise ArgumentError, "Absolute paths not allowed: #{relative_path}" if relative_path.start_with?('/')
+
+          base_real = File.realpath(base_dir)
+          expanded = File.expand_path(relative_path, base_real)
+
+          unless expanded.start_with?(base_real + '/') || expanded == base_real
+            raise ArgumentError, "Path escapes workspace: #{relative_path}"
+          end
+
+          # If directory exists, resolve via realpath and re-check containment
+          if File.exist?(expanded)
+            real = File.realpath(expanded)
+            unless real.start_with?(base_real + '/') || real == base_real
+              raise ArgumentError, "Symlink escape detected: #{relative_path} resolves to #{real}"
+            end
+            return real
+          end
+
+          expanded
+        end
+
+        # Incrementally create directories, checking each component for symlinks.
+        # @param target_dir [String] absolute target directory
+        # @param base_real [String] realpath of workspace root
+        def self.safe_mkdir_p(target_dir, base_real)
+          # Decompose the path relative to base_real
+          rel = Pathname.new(target_dir).relative_path_from(Pathname.new(base_real))
+          parts = rel.each_filename.to_a
+
+          current = base_real
+          parts.each do |component|
+            current = File.join(current, component)
+
+            if File.symlink?(current)
+              raise ArgumentError, "Symlink in path: #{current}"
+            end
+
+            if File.exist?(current)
+              real = File.realpath(current)
+              unless real.start_with?(base_real + '/') || real == base_real
+                raise ArgumentError, "Path component escapes workspace: #{current} -> #{real}"
+              end
+            else
+              Dir.mkdir(current)
+            end
+          end
+        end
+
+        private_class_method :safe_mkdir_p
+      end
+    end
+  end
+end

data/templates/skillsets/document_authoring/lib/document_authoring/section_writer.rb

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module KairosMcp
+  module SkillSets
+    module DocumentAuthoring
+      # Core write logic: builds LLM prompt, calls llm_call, writes output file.
+      class SectionWriter
+        def initialize(caller_tool, config)
+          @caller = caller_tool
+          @config = config
+        end
+
+        # Write a document section via LLM.
+        # @return [Hash] result with 'status'/'error', 'word_count', etc.
+        def write(section_name:, instructions:, context_text:, output_file:,
+                  max_words: 500, language: 'en', append_mode: false,
+                  invocation_context: nil)
+          messages = [{
+            'role' => 'user',
+            'content' => build_user_prompt(section_name, instructions, context_text, max_words, language)
+          }]
+
+          llm_args = {
+            'messages' => messages,
+            'system' => system_prompt
+          }
+
+          # Forward InvocationContext via dispatch-level context: keyword only
+          # (not duplicated in arguments — llm_call uses dispatch context)
+          result = @caller.invoke_tool('llm_call', llm_args, context: invocation_context)
+
+          # Parse pinned response contract:
+          # { "status": "ok", "response": { "content": "..." }, "snapshot": {...} }
+          # { "status": "error", "error": { "type": "...", "message": "..." } }
+          raw = result.map { |b| b[:text] || b['text'] }.compact.join
+          parsed = JSON.parse(raw)
+
+          if parsed['status'] == 'error'
+            error = parsed['error'] || {}
+            error_msg = if error.is_a?(Hash)
+                          "#{error['type']}: #{error['message']}"
+                        else
+                          error.to_s
+                        end
+            return { 'error' => "LLM call failed: #{error_msg}" }
+          end
+
+          generated_text = parsed.dig('response', 'content')
+          if generated_text.nil? || generated_text.strip.empty?
+            return { 'error' => 'LLM returned empty content' }
+          end
+
+          # Write to file
+          if append_mode
+            File.open(output_file, 'a') { |f| f.write("\n\n#{generated_text}") }
+          else
+            File.write(output_file, generated_text)
+          end
+
+          {
+            'status' => 'ok',
+            'section_name' => section_name,
+            'output_file' => output_file,
+            'word_count' => generated_text.split.size
+          }
+        rescue JSON::ParserError => e
+          { 'error' => "Failed to parse LLM response: #{e.message}" }
+        end
+
+        private
+
+        def system_prompt
+          "You are a professional document writer. Write the requested section " \
+            "following the instructions precisely. Use the provided context for accuracy. " \
+            "Output ONLY the section content. You may use markdown formatting within the section."
+        end
+
+        def build_user_prompt(section_name, instructions, context_text, max_words, language)
+          parts = [
+            "## Section: #{section_name}",
+            "## Instructions\n#{instructions}",
+            "## Word limit: approximately #{max_words} words",
+            "## Language: #{language}"
+          ]
+          parts << "## Reference Context\n#{context_text}" if context_text && !context_text.empty?
+          parts << "\nWrite the section now."
+          parts.join("\n\n")
+        end
+      end
+    end
+  end
+end

data/templates/skillsets/document_authoring/lib/document_authoring.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require_relative 'document_authoring/path_validator'
+require_relative 'document_authoring/context_assembler'
+require_relative 'document_authoring/section_writer'
+
+module KairosMcp
+  module SkillSets
+    module DocumentAuthoring
+    end
+  end
+end

data/templates/skillsets/document_authoring/skillset.json

@@ -0,0 +1,19 @@
+{
+  "name": "document_authoring",
+  "version": "0.1.0",
+  "description": "LLM-driven document section generation with L1/L2 context injection. Integrates with Agent OODA via autoexec internal_execute.",
+  "author": "Masaomi Hatakeyama",
+  "layer": "L1",
+  "depends_on": ["llm_client"],
+  "provides": [
+    "document_authoring",
+    "section_writing"
+  ],
+  "tool_classes": [
+    "KairosMcp::SkillSets::DocumentAuthoring::Tools::WriteSection",
+    "KairosMcp::SkillSets::DocumentAuthoring::Tools::DocumentStatus"
+  ],
+  "config_files": ["config/document_authoring.yml"],
+  "knowledge_dirs": ["knowledge/document_authoring_guide"],
+  "min_core_version": "2.8.0"
+}