llama_bot_rails 0.1.11 → 0.1.13

data/bin/rdoc

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+#
+# This file was generated by RubyGems.
+#
+# The application 'rdoc' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'rubygems'
+
+Gem.use_gemdeps
+
+version = ">= 0.a"
+
+str = ARGV.first
+if str
+  str = str.b[/\A_(.*)_\z/, 1]
+  if str and Gem::Version.correct?(str)
+    version = str
+    ARGV.shift
+  end
+end
+
+if Gem.respond_to?(:activate_bin_path)
+load Gem.activate_bin_path('rdoc', 'rdoc', version)
+else
+gem "rdoc", version
+load Gem.bin_path("rdoc", "rdoc", version)
+end

data/bin/ri

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+#
+# This file was generated by RubyGems.
+#
+# The application 'rdoc' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'rubygems'
+
+Gem.use_gemdeps
+
+version = ">= 0.a"
+
+str = ARGV.first
+if str
+  str = str.b[/\A_(.*)_\z/, 1]
+  if str and Gem::Version.correct?(str)
+    version = str
+    ARGV.shift
+  end
+end
+
+if Gem.respond_to?(:activate_bin_path)
+load Gem.activate_bin_path('rdoc', 'ri', version)
+else
+gem "rdoc", version
+load Gem.bin_path("rdoc", "ri", version)
+end

data/bin/rspec

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+#
+# This file was generated by RubyGems.
+#
+# The application 'rspec-core' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'rubygems'
+
+Gem.use_gemdeps
+
+version = ">= 0.a"
+
+str = ARGV.first
+if str
+  str = str.b[/\A_(.*)_\z/, 1]
+  if str and Gem::Version.correct?(str)
+    version = str
+    ARGV.shift
+  end
+end
+
+if Gem.respond_to?(:activate_bin_path)
+load Gem.activate_bin_path('rspec-core', 'rspec', version)
+else
+gem "rspec-core", version
+load Gem.bin_path("rspec-core", "rspec", version)
+end

data/bin/ruby-parse

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+#
+# This file was generated by RubyGems.
+#
+# The application 'parser' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'rubygems'
+
+Gem.use_gemdeps
+
+version = ">= 0.a"
+
+str = ARGV.first
+if str
+  str = str.b[/\A_(.*)_\z/, 1]
+  if str and Gem::Version.correct?(str)
+    version = str
+    ARGV.shift
+  end
+end
+
+if Gem.respond_to?(:activate_bin_path)
+load Gem.activate_bin_path('parser', 'ruby-parse', version)
+else
+gem "parser", version
+load Gem.bin_path("parser", "ruby-parse", version)
+end

data/bin/ruby-rewrite

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+#
+# This file was generated by RubyGems.
+#
+# The application 'parser' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'rubygems'
+
+Gem.use_gemdeps
+
+version = ">= 0.a"
+
+str = ARGV.first
+if str
+  str = str.b[/\A_(.*)_\z/, 1]
+  if str and Gem::Version.correct?(str)
+    version = str
+    ARGV.shift
+  end
+end
+
+if Gem.respond_to?(:activate_bin_path)
+load Gem.activate_bin_path('parser', 'ruby-rewrite', version)
+else
+gem "parser", version
+load Gem.bin_path("parser", "ruby-rewrite", version)
+end

data/bin/sprockets

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+#
+# This file was generated by RubyGems.
+#
+# The application 'sprockets' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'rubygems'
+
+Gem.use_gemdeps
+
+version = ">= 0.a"
+
+str = ARGV.first
+if str
+  str = str.b[/\A_(.*)_\z/, 1]
+  if str and Gem::Version.correct?(str)
+    version = str
+    ARGV.shift
+  end
+end
+
+if Gem.respond_to?(:activate_bin_path)
+load Gem.activate_bin_path('sprockets', 'sprockets', version)
+else
+gem "sprockets", version
+load Gem.bin_path("sprockets", "sprockets", version)
+end

data/bin/thor

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+#
+# This file was generated by RubyGems.
+#
+# The application 'thor' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'rubygems'
+
+Gem.use_gemdeps
+
+version = ">= 0.a"
+
+str = ARGV.first
+if str
+  str = str.b[/\A_(.*)_\z/, 1]
+  if str and Gem::Version.correct?(str)
+    version = str
+    ARGV.shift
+  end
+end
+
+if Gem.respond_to?(:activate_bin_path)
+load Gem.activate_bin_path('thor', 'thor', version)
+else
+gem "thor", version
+load Gem.bin_path("thor", "thor", version)
+end

data/lib/generators/llama_bot_rails/install/install_generator.rb

@@ -63,6 +63,74 @@ module LlamaBotRails
               # Uncomment this line to use the builder in app/llama_bot/
               #
               # config.llama_bot_rails.state_builder_class = "#{app_name}::AgentStateBuilder"
+
+              # ------------------------------------------------------------------------
+              # Custom User Resolver
+              # ------------------------------------------------------------------------
+              # The gem uses `warden.user` by default.
+              # Uncomment this line to use a custom user resolver in app/llama_bot/
+              # Example: if you don't use Devise, uncomment and tweak:
+              # 
+              # LlamaBotRails.user_resolver = ->(user_id) do
+              #   # Try to find a User model, fallback to nil if not found
+              #   if defined?(Devise)
+              #     default_scope = Devise.default_scope # e.g., :user
+              #     user_class = Devise.mappings[default_scope].to
+              #     user_class.find_by(id: user_id)
+              #   else
+              #     Rails.logger.warn("[[LlamaBot]] Implement a user_resolver! in your app to resolve the user from the user_id.")
+              #     nil
+              #   end
+              # end
+
+              # ------------------------------------------------------------------------
+              # Custom Current User Resolver
+              # ------------------------------------------------------------------------
+              # Default (Devise / Warden); returns nil if Devise absent
+              # 
+              # LlamaBotRails.current_user_resolver = ->(env) do
+              #   # Try to find a User model, fallback to nil if not found
+              #   if defined?(Devise)
+              #     env['warden']&.user
+              #   else
+              #     Rails.logger.warn("[[LlamaBot]] Implement a current_user_resolver! in your app to resolve the current user from the environment.")
+              #     nil
+              #   end
+              # end
+
+              # ------------------------------------------------------------------------
+              # Custom Sign-in Method
+              # ------------------------------------------------------------------------
+              # Lambda that receives Rack env and user_id, and sets the user in the warden session
+              # Default sign-in method is configured for Devise with Warden.
+              # 
+              # LlamaBotRails.sign_in_method = ->(env, user) do
+              #   env['warden']&.set_user(user)
+              # end
+
+              # ------------------------------------------------------------------------
+              # Alternative Examples for Non-Devise Apps
+              # ------------------------------------------------------------------------
+              # Example: if you don't use Devise, uncomment and tweak:
+              # 
+              # LlamaBotRails.user_resolver = ->(user_id) do
+              #   # Rack session example
+              #   if user_id
+              #     User.find_by(id: user_id)
+              #   end
+              # end
+              #
+              # LlamaBotRails.current_user_resolver = ->(env) do
+              #   # Rack session example
+              #   if id = env['rack.session'][:user_id]
+              #     User.find_by(id: id)
+              #   end
+              # end
+              #
+              # LlamaBotRails.sign_in_method = ->(env, user) do
+              #   # Set user in rack session
+              #   env['rack.session'][:user_id] = user&.id
+              # end
             end
           RUBY
         end

data/lib/llama_bot_rails/agent_auth.rb

@@ -0,0 +1,155 @@
+module LlamaBotRails
+    module AgentAuth
+      extend ActiveSupport::Concern
+      AUTH_SCHEME = "LlamaBot"
+  
+      included do
+        # Add before_action filter to automatically check agent authentication for LlamaBot requests
+        before_action :check_agent_authentication, if: :should_check_agent_auth?
+        
+        # ------------------------------------------------------------------
+        # 1) For every Devise scope, alias authenticate_<scope>! so it now
+        #    accepts *either* a logged-in browser session OR a valid agent
+        #    token. Existing before/skip filters keep working.
+        # ------------------------------------------------------------------
+        if defined?(Devise)
+          Devise.mappings.keys.each do |scope|
+            scope_filter = :"authenticate_#{scope}!"
+  
+            # Next line is a no-op if the method wasn’t already defined.
+            alias_method scope_filter, :authenticate_user_or_agent! \
+              if method_defined?(scope_filter)
+  
+            # Emit a gentle nudge during development
+            define_method(scope_filter) do |*args|
+              Rails.logger.warn(
+                "#{scope_filter} is now handled by LlamaBotRails::AgentAuth "\
+                "and will be removed in a future version. "\
+                "Use authenticate_user_or_agent! instead."
+              )
+              authenticate_user_or_agent!(*args)
+            end
+          end
+        end
+  
+        # ------------------------------------------------------------------
+        # 2) If Devise isn’t loaded at all, fall back to one alias so apps
+        #    that had authenticate_user! manually defined don’t break.
+        # ------------------------------------------------------------------
+        unless defined?(Devise)
+          # Store the original method if it exists
+          original_authenticate_user = if method_defined?(:authenticate_user!)
+            instance_method(:authenticate_user!)
+          else
+            nil
+          end
+          
+          # Define the new method that calls authenticate_user_or_agent!
+          define_method(:authenticate_user!) do |*args|
+            authenticate_user_or_agent!(*args)
+          end
+        end
+      end
+  
+      # --------------------------------------------------------------------
+      # Public helper: true if the request carries a *valid* agent token
+      # --------------------------------------------------------------------
+      def should_check_agent_auth?
+        # Skip agent authentication entirely if a Devise user is already signed in
+        return false if devise_user_signed_in?
+        
+        # Only check for LlamaBot requests if no Devise user is signed in
+        llama_bot_request?
+      end
+
+      def llama_bot_request?
+        return false unless request&.headers
+        scheme, token = request.headers["Authorization"]&.split(" ", 2)
+        Rails.logger.debug("[LlamaBot] auth header = #{scheme.inspect} #{token&.slice(0,8)}…")
+        return false unless scheme == AUTH_SCHEME && token.present?
+
+        Rails.application.message_verifier(:llamabot_ws).verify(token)
+        true
+      rescue ActiveSupport::MessageVerifier::InvalidSignature
+        false
+      end
+  
+      private
+  
+      # --------------------------------------------------------------------
+      # Automatic check for LlamaBot requests - called by before_action filter
+      # --------------------------------------------------------------------
+      def check_agent_authentication
+        # Check if this controller has LlamaBot-aware actions
+        has_permitted_actions = self.class.respond_to?(:llama_bot_permitted_actions)
+        
+        # Skip if controller doesn't use llama_bot_allow at all
+        return unless has_permitted_actions
+        
+        is_llama_request = llama_bot_request?
+        action_is_whitelisted = self.class.llama_bot_permitted_actions.include?(action_name)
+        
+        if is_llama_request
+          # If it's a LlamaBot request, only allow whitelisted actions
+          unless action_is_whitelisted
+            Rails.logger.warn("[LlamaBot] Action '#{action_name}' isn't white-listed for LlamaBot. To fix this, add `llama_bot_allow :#{action_name}` in your controller.")
+            render json: { error: "Action '#{action_name}' isn't white-listed for LlamaBot. To fix this, add `llama_bot_allow :#{action_name}` in your controller." }, status: :forbidden
+            return
+          end
+          Rails.logger.debug("[[LlamaBot Debug]] Valid LlamaBot request for action '#{action_name}'")
+        elsif action_is_whitelisted
+          # If action requires LlamaBot auth but request isn't a LlamaBot request, reject it
+          Rails.logger.warn("[LlamaBot] Action '#{action_name}' requires LlamaBot authentication, but request is not a valid LlamaBot request.")
+          render json: { error: "Action '#{action_name}' requires LlamaBot authentication" }, status: :forbidden
+          return
+        end
+        
+        # All other cases: non-LlamaBot requests to non-whitelisted actions are allowed
+      end
+
+      # --------------------------------------------------------------------
+      # Unified guard — browser OR agent
+      # --------------------------------------------------------------------
+      def devise_user_signed_in?
+        return false unless defined?(Devise)
+        return false unless request&.env
+        request.env["warden"]&.authenticated?
+      end
+  
+      def authenticate_user_or_agent!(*)
+        return if devise_user_signed_in?  # any logged-in Devise scope
+
+        # 2) LlamaBot token present AND action allowed?
+        if llama_bot_request?
+          scheme, token = request.headers["Authorization"]&.split(" ", 2)
+          data = Rails.application.message_verifier(:llamabot_ws).verify(token)
+
+          allowed = self.class.respond_to?(:llama_bot_permitted_actions) &&
+                  self.class.llama_bot_permitted_actions.include?(action_name)
+
+          if allowed
+            
+            user_object = LlamaBotRails.user_resolver.call(data[:user_id])
+            unless LlamaBotRails.sign_in_method.call(request.env, user_object)
+              head :unauthorized
+            end
+
+            return  # ✅ token + allow-listed action + user found and set properly for rack environment
+          else
+            # ❌ auth token is valid, but the attempted controller action is not added to the whitelist.
+            Rails.logger.warn("[LlamaBot] Action '#{action_name}' isn't white-listed for LlamaBot. To fix this, include LlamaBotRails::ControllerExtensions and add `llama_bot_allow :method` in your controller.")
+            render json: { error: "Action '#{action_name}' isn't white-listed for LlamaBot. To fix this, include LlamaBotRails::ControllerExtensions and add `llama_bot_allow :method` in your controller." }, status: :forbidden
+            return false
+          end
+        end
+
+        # Neither path worked — fall back to Devise's normal behaviour and let Devise handle 401
+        if defined?(Devise) && request&.env
+          request.env["warden"].authenticate!  # 401 or redirect
+        else
+          head :unauthorized
+        end
+      end
+    end
+  end
+  

data/lib/llama_bot_rails/controller_extensions.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+module LlamaBotRails
+    module ControllerExtensions
+      extend ActiveSupport::Concern
+
+      included do
+        # NEW: per-controller class attribute that stores the allow-list
+        class_attribute :llama_bot_permitted_actions,
+                        instance_writer: false,
+                        default: []
+      end
+  
+      class_methods do
+        # Usage: llama_bot_allow :update, :preview
+        def llama_bot_allow(*actions)
+            # normalise to strings so `include?(action_name)` works
+            acts = actions.map(&:to_s)
+          
+            # Check if this specific class has had llama_bot_allow called directly on it
+            if instance_variable_defined?(:@_llama_bot_allow_called)
+              # This class has been configured before, accumulate with existing
+              current_actions = llama_bot_permitted_actions || []
+            else
+              # First time configuring this class, start fresh (ignore inherited values)
+              current_actions = []
+              @_llama_bot_allow_called = true
+            end
+            
+            # Create a new array to ensure inheritance doesn't share state
+            self.llama_bot_permitted_actions = (current_actions + acts).uniq
+          
+            # (optional) keep your global registry if you still need it
+            if defined?(LlamaBotRails.allowed_routes)
+              acts.each { |a| LlamaBotRails.allowed_routes << "#{controller_path}##{a}" }
+            end
+          end
+      end
+    end
+  end
+  

data/lib/llama_bot_rails/engine.rb

@@ -11,8 +11,9 @@ module LlamaBotRails
     end
 
     config.llama_bot_rails = ActiveSupport::OrderedOptions.new
-    config.llama_bot_rails.websocket_url = ENV['LLAMABOT_WEBSOCKET_URL'] || 'ws://llamabot-backend:8000/ws' # <-- default for Docker Compose
-    config.llama_bot_rails.llamabot_api_url = ENV['LLAMABOT_API_URL'] || "http://llamabot-backend:8000" # <-- default for Docker Compose
+
+    config.llama_bot_rails.websocket_url = 'ws://llamabot-backend:8000/ws'
+    config.llama_bot_rails.llamabot_api_url ="http://llamabot-backend:8000"
     config.llama_bot_rails.enable_console_tool = true
     
     initializer "llama_bot_rails.assets.precompile" do |app|
@@ -22,5 +23,10 @@ module LlamaBotRails
     initializer "llama_bot_rails.defaults" do |app|
       app.config.llama_bot_rails.state_builder_class ||= "LlamaBotRails::AgentStateBuilder"
     end
+    
+    initializer "llama_bot_rails.message_verifier" do |app|
+      # Ensure the message verifier is available
+      Rails.application.message_verifier(:llamabot_ws)
+    end
   end
 end

data/lib/llama_bot_rails/railtie.rb

@@ -1,5 +1,11 @@
 module LlamaBotRails
   class Railtie < ::Rails::Railtie
+    initializer "llama_bot.include_controller_extensions" do
+      ActiveSupport.on_load(:action_controller) do
+        include LlamaBotRails::ControllerExtensions
+      end
+    end
+
     config.before_configuration do |app|
       llama_bot_path = Rails.root.join("app", "llama_bot")
 

data/lib/llama_bot_rails/version.rb

@@ -1,3 +1,3 @@
 module LlamaBotRails
-  VERSION = "0.1.11"
+  VERSION = "0.1.13"
 end

data/lib/llama_bot_rails.rb

@@ -1,35 +1,77 @@
+require "set"                                 # ← you call Set.new
 require "llama_bot_rails/version"
 require "llama_bot_rails/engine"
-
-# require "llama_bot_rails/railtie" # We don't need this, as we're loading the LlamaBot path directly in the engine.
 require "llama_bot_rails/llama_bot"
 require "llama_bot_rails/agent_state_builder"
+require "llama_bot_rails/controller_extensions"
+require "llama_bot_rails/agent_auth"
 
 module LlamaBotRails
+  # ------------------------------------------------------------------
+  # Public configuration
+  # ------------------------------------------------------------------
+
+  # Allow-list of routes the agent may hit
+  mattr_accessor :allowed_routes, default: Set.new
+
+  # Lambda that receives Rack env and returns a user-like object
   class << self
-    def config
-      Rails.application.config.llama_bot_rails
-    end
+    attr_accessor :user_resolver
+    attr_accessor :current_user_resolver
 
-    def agent_prompt_path
-      Rails.root.join("app", "llama_bot", "prompts", "agent_prompt.txt")
+    attr_accessor :sign_in_method
+  end
+  
+  # Default (Devise / Warden); returns nil if Devise absent
+  self.user_resolver = ->(user_id) do
+    # Try to find a User model, fallback to nil if not found
+    # byebug
+    if defined?(Devise)
+      default_scope = Devise.default_scope # e.g., :user
+      user_class = Devise.mappings[default_scope].to
+      user_class.find_by(id: user_id)
+    else
+      Rails.logger.warn("[[LlamaBot]] Implement a user_resolver! in your app to resolve the user from the user_id.")
+      nil
     end
+  end
 
-    def agent_prompt_text
-      if File.exist?(agent_prompt_path)
-        File.read(agent_prompt_path)
-      else
-        "You are LlamaBot, a helpful assistant." #Fallback default.
-      end
+  # Default (Devise / Warden); returns nil if Devise absent
+  self.current_user_resolver = ->(env) do
+    # Try to find a User model, fallback to nil if not found
+    if defined?(Devise)
+      env['warden']&.user
+    else
+      Rails.logger.warn("[[LlamaBot]] Implement a current_user_resolver! in your app to resolve the current user from the environment.")
+      nil
     end
+  end
 
-    def add_instruction_to_agent_prompt!(new_instruction)
-      FileUtils.mkdir_p(agent_prompt_path.dirname)
-      File.write(agent_prompt_path, "\n#{new_instruction}", mode: 'a')
-    end
+  # Lambda that receives Rack env and user_id, and sets the user in the warden session
+  # Default sign-in method is configured for Devise with Warden.
+  self.sign_in_method = ->(env, user) do
+    env['warden']&.set_user(user)
+  end
 
-    def send_agent_message(agent_params)
-      LlamaBot.send_agent_message(agent_params)
-    end
+  # Convenience helper for host-app initializers
+  def self.config = Rails.application.config.llama_bot_rails
+
+  # ------------------------------------------------------------------
+  # Prompt helpers
+  # ------------------------------------------------------------------
+  def self.agent_prompt_path  = Rails.root.join("app", "llama_bot", "prompts", "agent_prompt.txt")
+
+  def self.agent_prompt_text
+    File.exist?(agent_prompt_path) ? File.read(agent_prompt_path) : "You are LlamaBot, a helpful assistant."
   end
+
+  def self.add_instruction_to_agent_prompt!(str)
+    FileUtils.mkdir_p(agent_prompt_path.dirname)
+    File.write(agent_prompt_path, "\n#{str}", mode: "a")
+  end
+
+  # ------------------------------------------------------------------
+  # Bridge to backend service
+  # ------------------------------------------------------------------
+  def self.send_agent_message(params) = LlamaBot.send_agent_message(params)
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: llama_bot_rails
 version: !ruby/object:Gem::Version
-  version: 0.1.11
+  version: 0.1.13
 platform: ruby
 authors:
 - Kody Kendall
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-07-11 00:00:00.000000000 Z
+date: 2025-07-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -119,15 +119,40 @@ files:
 - app/views/layouts/llama_bot_rails/application.html.erb
 - app/views/llama_bot_rails/agent/chat.html.erb
 - app/views/llama_bot_rails/agent/chat_ws.html.erb
-- bin/rails
-- bin/rubocop
+- bin/bundle
+- bin/bundle.lock
+- bin/bundler
+- bin/bundler.lock
+- bin/byebug
+- bin/coderay
+- bin/erb
+- bin/faker
+- bin/htmldiff
+- bin/irb
+- bin/ldiff
+- bin/nokogiri
+- bin/pry
+- bin/puma
+- bin/pumactl
+- bin/racc
+- bin/rackup
+- bin/rake
+- bin/rdoc
+- bin/ri
+- bin/rspec
+- bin/ruby-parse
+- bin/ruby-rewrite
+- bin/sprockets
+- bin/thor
 - config/initializers/llama_bot_rails.rb
 - config/routes.rb
 - lib/generators/llama_bot_rails/install/install_generator.rb
 - lib/generators/llama_bot_rails/install/templates/agent_prompt.txt
 - lib/generators/llama_bot_rails/install/templates/agent_state_builder.rb.erb
 - lib/llama_bot_rails.rb
+- lib/llama_bot_rails/agent_auth.rb
 - lib/llama_bot_rails/agent_state_builder.rb
+- lib/llama_bot_rails/controller_extensions.rb
 - lib/llama_bot_rails/engine.rb
 - lib/llama_bot_rails/llama_bot.rb
 - lib/llama_bot_rails/railtie.rb