ollama_agent 0.3.0 → 1.0.0

data/lib/ollama_agent/providers/registry.rb

@@ -0,0 +1,76 @@
+# frozen_string_literal: true
+
+require_relative "base"
+require_relative "ollama"
+require_relative "openai"
+require_relative "anthropic"
+require_relative "router"
+
+module OllamaAgent
+  module Providers
+    # Central registry for model providers.
+    # Resolves a provider by name string or symbol and builds the Router.
+    #
+    # @example
+    #   provider = OllamaAgent::Providers::Registry.resolve("openai")
+    #   OllamaAgent::Providers::Registry.register("my_provider", MyProvider)
+    module Registry
+      BUILT_IN = {
+        "ollama"    => Ollama,
+        "openai"    => OpenAI,
+        "anthropic" => Anthropic
+      }.freeze
+
+      @custom = {}
+
+      class << self
+        # Register a custom provider class.
+        def register(name, klass)
+          raise ArgumentError, "#{klass} must inherit from Providers::Base" unless klass <= Base
+
+          @custom[name.to_s] = klass
+        end
+
+        # Resolve a provider instance by name.
+        # @param name [String, Symbol]  provider name or "auto"
+        # @param opts [Hash]            forwarded to the provider constructor
+        # @return [Base] provider instance
+        def resolve(name, **opts)
+          return auto_provider(**opts) if name.to_s == "auto"
+
+          klass = @custom[name.to_s] || BUILT_IN[name.to_s]
+          raise ArgumentError, "Unknown provider: #{name}. Known: #{known_names.join(", ")}" unless klass
+
+          klass.new(**opts)
+        end
+
+        # Build a router from a priority list of provider names.
+        # @param names [Array<String>]  provider names in fallback order
+        def router(names, strategy: :first_available, **shared_opts)
+          providers = names.map { |n| resolve(n, **shared_opts) }
+          Router.new(providers: providers, strategy: strategy)
+        end
+
+        # Returns a provider that is available right now.
+        # Checks Ollama first (free/local), then OpenAI, then Anthropic.
+        def auto_provider(**opts)
+          candidates = [
+            BUILT_IN["ollama"].new(**opts),
+            (BUILT_IN["openai"].new(**opts)    if ENV["OPENAI_API_KEY"]),
+            (BUILT_IN["anthropic"].new(**opts) if ENV["ANTHROPIC_API_KEY"])
+          ].compact
+
+          Router.new(providers: candidates, strategy: :first_available)
+        end
+
+        def known_names
+          (BUILT_IN.keys + @custom.keys).uniq
+        end
+
+        def reset_custom!
+          @custom = {}
+        end
+      end
+    end
+  end
+end

data/lib/ollama_agent/providers/router.rb

@@ -0,0 +1,93 @@
+# frozen_string_literal: true
+
+require_relative "base"
+
+module OllamaAgent
+  module Providers
+    # Routes chat requests to the first available provider.
+    # Falls back through the list on errors or unavailability.
+    #
+    # @example
+    #   router = OllamaAgent::Providers::Router.new(
+    #     providers: [
+    #       OllamaAgent::Providers::Ollama.new,
+    #       OllamaAgent::Providers::OpenAI.new(api_key: ENV["OPENAI_API_KEY"])
+    #     ],
+    #     strategy: :first_available   # or :round_robin, :cheapest
+    #   )
+    class Router < Base
+      STRATEGIES = %i[first_available round_robin cheapest].freeze
+
+      ProviderUnavailableError = Class.new(defined?(OllamaAgent::Error) ? OllamaAgent::Error : StandardError)
+
+      def initialize(providers:, strategy: :first_available, on_fallback: nil, **opts)
+        super(name: "router", **opts)
+        @providers  = Array(providers)
+        @strategy   = STRATEGIES.include?(strategy.to_sym) ? strategy.to_sym : :first_available
+        @on_fallback = on_fallback   # optional: lambda(from, to, reason)
+        @rr_index   = 0
+      end
+
+      def chat(messages:, model:, **kwargs)
+        candidates = ordered_providers
+        last_error = nil
+
+        candidates.each do |provider|
+          next unless provider.available?
+
+          return provider.chat(messages: messages, model: model, **kwargs)
+        rescue OllamaAgent::Error, StandardError => e
+          last_error = e
+          next_provider = candidates[candidates.index(provider).to_i + 1]
+          if next_provider
+            @on_fallback&.call(provider.name, next_provider.name, e.message)
+          end
+          next
+        end
+
+        raise ProviderUnavailableError, build_unavailable_message(last_error)
+      end
+
+      def available?
+        @providers.any?(&:available?)
+      end
+
+      def available_providers
+        @providers.select(&:available?)
+      end
+
+      def provider_status
+        @providers.map do |p|
+          { name: p.name, available: p.available?, streaming: p.streaming_supported? }
+        end
+      end
+
+      private
+
+      def ordered_providers
+        case @strategy
+        when :round_robin    then round_robin_order
+        when :cheapest       then cheapest_order
+        else                      @providers.dup  # first_available
+        end
+      end
+
+      def round_robin_order
+        n = @providers.size
+        @rr_index = (@rr_index + 1) % n
+        @providers.rotate(@rr_index)
+      end
+
+      def cheapest_order
+        # Sort by estimated cost per token (use a probe call with 0 tokens as proxy)
+        @providers.sort_by { |p| p.estimate_cost(input_tokens: 1000, output_tokens: 500) }
+      end
+
+      def build_unavailable_message(last_error)
+        names = @providers.map(&:name).join(", ")
+        base  = "No providers available (tried: #{names})"
+        last_error ? "#{base}. Last error: #{last_error.message}" : base
+      end
+    end
+  end
+end

data/lib/ollama_agent/resilience/retry_middleware.rb

@@ -35,6 +35,11 @@ module OllamaAgent
       end
       # rubocop:enable Metrics/MethodLength
 
+      # Delegates to the inner Ollama client (+/api/tags+).
+      def list_model_names
+        @client.list_model_names
+      end
+
       private
 
       def http_error_non_retryable?(error)

data/lib/ollama_agent/runner.rb

@@ -39,6 +39,11 @@ module OllamaAgent
     # @param http_timeout [Integer, nil] HTTP timeout in seconds
     # @param stdin [IO] input for patch/write/delegate confirmations (default +$stdin+)
     # @param stdout [IO] output for confirmation prompts (default +$stdout+)
+    # @param provider [String, nil] provider name: "ollama" | "openai" | "anthropic" | "auto" (v2)
+    # @param permissions [Runtime::Permissions, nil] tool permission profile (v2)
+    # @param budget [Core::Budget, nil] token/step budget (v2)
+    # @param memory [Memory::Manager, nil] memory manager instance (v2)
+    # @param trace [Boolean] enable trace logging to stdout (v2)
     # @return [Runner]
     # rubocop:disable Metrics/ParameterLists -- library facade must expose all Agent options
     def self.build(
@@ -59,7 +64,13 @@ module OllamaAgent
       think:           nil,
       http_timeout:    nil,
       stdin:           $stdin,
-      stdout:          $stdout
+      stdout:          $stdout,
+      # v2 platform options
+      provider:        nil,
+      permissions:     nil,
+      budget:          nil,
+      memory:          nil,
+      trace:           false
     )
       new(
         root: root, model: model, stream: stream,
@@ -69,7 +80,9 @@ module OllamaAgent
         skills_enabled: skills_enabled, skill_paths: skill_paths,
         confirm_patches: confirm_patches, orchestrator: orchestrator,
         think: think, http_timeout: http_timeout,
-        stdin: stdin, stdout: stdout
+        stdin: stdin, stdout: stdout,
+        provider: provider, permissions: permissions,
+        budget: budget, memory: memory, trace: trace
       )
     end
     # rubocop:enable Metrics/ParameterLists
@@ -92,9 +105,12 @@ module OllamaAgent
                    max_tokens:, context_summarize:,
                    max_retries:, audit:, read_only:, skills_enabled:, skill_paths:,
                    confirm_patches:, orchestrator:, think:, http_timeout:,
-                   stdin:, stdout:)
+                   stdin:, stdout:,
+                   provider: nil, permissions: nil, budget: nil, memory: nil, trace: false)
       @session_id = session_id
 
+      trace_logger = trace ? Core::TraceLogger.new(format: :human) : nil
+
       config = Agent::AgentConfig.new(
         root: root,
         model: model,
@@ -112,7 +128,12 @@ module OllamaAgent
         max_tokens: max_tokens,
         context_summarize: context_summarize,
         stdin: stdin,
-        stdout: stdout
+        stdout: stdout,
+        provider_name:  provider,
+        permissions:    permissions,
+        budget:         budget,
+        memory_manager: memory,
+        trace_logger:   trace_logger
       )
       @agent = Agent.new(config: config)
 

data/lib/ollama_agent/runtime/approval_gate.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module OllamaAgent
+  module Runtime
+    # Governs whether a tool call or action requires explicit user approval.
+    #
+    # Policy precedence (highest to lowest):
+    #   1. auto_approve: true  — approve everything silently
+    #   2. Tool's requires_approval flag
+    #   3. Registered per-tool overrides
+    #   4. Risk-level threshold
+    class ApprovalGate
+      RISK_ORDER = { low: 0, medium: 1, high: 2, critical: 3 }.freeze
+
+      # @param auto_approve     [Boolean] skip all approvals
+      # @param risk_threshold   [Symbol]  auto-approve tools below this risk (:low, :medium, :high, :critical)
+      # @param tool_overrides   [Hash]    { "tool_name" => true/false } per-tool override
+      # @param stdin            [IO]
+      # @param stdout           [IO]
+      def initialize(auto_approve: false, risk_threshold: :medium,
+                     tool_overrides: {}, stdin: $stdin, stdout: $stdout)
+        @auto_approve    = auto_approve
+        @risk_threshold  = risk_threshold.to_sym
+        @tool_overrides  = tool_overrides.transform_keys(&:to_s)
+        @stdin           = stdin
+        @stdout          = stdout
+      end
+
+      # Decide whether this tool call is approved.
+      # @param tool_name   [String]
+      # @param args        [Hash]
+      # @param risk_level  [Symbol]  from the tool definition
+      # @param approval_required [Boolean] from the tool definition
+      # @return [Boolean]
+      def approved?(tool_name, args: {}, risk_level: :low, approval_required: false)
+        return true if @auto_approve
+        return @tool_overrides[tool_name.to_s] if @tool_overrides.key?(tool_name.to_s)
+        return true unless needs_gate?(risk_level, approval_required)
+
+        prompt_user(tool_name, args, risk_level)
+      end
+
+      # Record a decision (useful for tests / audit).
+      attr_reader :last_decision
+
+      private
+
+      def needs_gate?(risk_level, approval_required)
+        return true if approval_required
+
+        RISK_ORDER[risk_level.to_sym].to_i >= RISK_ORDER[@risk_threshold].to_i
+      end
+
+      def prompt_user(tool_name, args, risk_level)
+        @stdout.puts ""
+        @stdout.puts "─" * 60
+        @stdout.puts "  Approval required: \e[33m#{tool_name}\e[0m (risk: #{risk_level})"
+        unless args.empty?
+          @stdout.puts "  Args:"
+          args.each { |k, v| @stdout.puts "    #{k}: #{v.inspect[0, 80]}" }
+        end
+        @stdout.puts "─" * 60
+        @stdout.print "  Allow? [y/N] "
+        @stdout.flush
+
+        response = @stdin.gets&.chomp.to_s.downcase
+        @last_decision = { tool: tool_name, approved: response == "y" }
+        response == "y"
+      rescue IOError
+        false
+      end
+    end
+  end
+end

data/lib/ollama_agent/runtime/permissions.rb

@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+
+module OllamaAgent
+  module Runtime
+    # Tool permission system. Controls which tools are accessible in a given run.
+    #
+    # Built-in profiles:
+    #   :read_only  — file reads + search only
+    #   :standard   — read + write files, no shell or git writes
+    #   :developer  — full file + git + shell tools
+    #   :full       — everything
+    class Permissions
+      PROFILES = {
+        read_only: {
+          allowed: %w[read_file list_files search_code git_status git_log git_diff
+                      memory_recall memory_list http_get],
+          denied:  []
+        },
+        standard: {
+          allowed: %w[read_file list_files search_code edit_file write_file
+                      memory_store memory_recall memory_list memory_delete
+                      git_status git_log git_diff http_get],
+          denied:  %w[run_shell git_commit http_post]
+        },
+        developer: {
+          allowed: %w[read_file list_files search_code edit_file write_file
+                      git_status git_log git_diff git_commit git_branch
+                      run_shell memory_store memory_recall memory_list memory_delete
+                      http_get],
+          denied:  %w[http_post]
+        },
+        full: {
+          allowed: :all,
+          denied:  []
+        }
+      }.freeze
+
+      # @param profile      [Symbol]         one of PROFILES keys
+      # @param allowed      [Array, :all]    explicit tool allowlist (overrides profile)
+      # @param denied       [Array]          explicit denylist (always wins)
+      def initialize(profile: :standard, allowed: nil, denied: nil)
+        @profile = profile.to_sym
+        @custom_allowed = allowed
+        @custom_denied  = Array(denied).map(&:to_s)
+      end
+
+      # Is this tool allowed?
+      # @param tool_name [String, Symbol]
+      # @return [Boolean]
+      def allowed?(tool_name)
+        name = tool_name.to_s
+
+        return false if effective_denied.include?(name)
+
+        eff_allowed = effective_allowed
+        return true if eff_allowed == :all
+
+        eff_allowed.include?(name)
+      end
+
+      # Filtered list of tool schemas — only allowed tools.
+      def filter_schemas(schemas)
+        schemas.select { |s| allowed?(schema_name(s)) }
+      end
+
+      def profile
+        @profile
+      end
+
+      def to_h
+        {
+          profile:         @profile,
+          effective_allowed: effective_allowed,
+          effective_denied:  effective_denied
+        }
+      end
+
+      private
+
+      def profile_config
+        PROFILES[@profile] || PROFILES[:standard]
+      end
+
+      def effective_allowed
+        return @custom_allowed if @custom_allowed
+
+        profile_config[:allowed]
+      end
+
+      def effective_denied
+        (profile_config[:denied] + @custom_denied).uniq
+      end
+
+      def schema_name(schema)
+        schema.dig(:function, :name) ||
+          schema.dig("function", "name") ||
+          schema[:name] ||
+          schema["name"] ||
+          ""
+      end
+    end
+  end
+end

data/lib/ollama_agent/runtime/policies.rb

@@ -0,0 +1,100 @@
+# frozen_string_literal: true
+
+module OllamaAgent
+  module Runtime
+    # Policy engine for the agent runtime.
+    #
+    # A Policy is a named rule that can:
+    #   - Block a tool call (returns a rejection reason string)
+    #   - Allow it (returns nil / :allow)
+    #   - Modify args before execution
+    #
+    # Policies are evaluated in registration order.
+    # First blocking policy wins.
+    #
+    # @example
+    #   policies = OllamaAgent::Runtime::Policies.new
+    #   policies.add(:no_outside_writes) do |tool, args, ctx|
+    #     if tool == "write_file" && !args["path"]&.start_with?(ctx[:root])
+    #       "write_file: cannot write outside project root"
+    #     end
+    #   end
+    class Policies
+      Policy = Data.define(:name, :handler)
+
+      def initialize
+        @policies = []
+        install_default_policies
+      end
+
+      # Register a policy.
+      # @param name    [Symbol, String]
+      # @param handler [Proc]  receives (tool_name, args, context) → nil | String (rejection reason)
+      def add(name, &handler)
+        raise ArgumentError, "Policy handler block required" unless block_given?
+
+        @policies << Policy.new(name: name.to_sym, handler: handler)
+      end
+
+      # Remove a named policy.
+      def remove(name)
+        @policies.reject! { |p| p.name == name.to_sym }
+      end
+
+      # Evaluate all policies for a tool call.
+      # @return [nil, String]  nil = allowed; String = rejection reason
+      def evaluate(tool_name, args, context = {})
+        @policies.each do |policy|
+          result = policy.handler.call(tool_name.to_s, args, context)
+          return result.to_s if result && result != :allow
+        end
+        nil
+      end
+
+      # Check read_only at the policy level
+      def blocked?(tool_name, args, context = {})
+        !evaluate(tool_name, args, context).nil?
+      end
+
+      def policy_names
+        @policies.map(&:name)
+      end
+
+      private
+
+      def install_default_policies
+        # Enforce read_only context flag
+        add(:read_only_enforcement) do |tool, _args, ctx|
+          write_tools = %w[edit_file write_file run_shell git_commit http_post memory_delete]
+          if ctx[:read_only] && write_tools.include?(tool)
+            "#{tool} is not allowed in read-only mode"
+          end
+        end
+
+        # Prevent writing outside project root for file tools
+        add(:path_sandbox_enforcement) do |tool, args, ctx|
+          next unless ctx[:root] && %w[edit_file write_file read_file].include?(tool)
+
+          path = (args["path"] || args[:path]).to_s
+          next if path.empty?
+
+          expanded = File.expand_path(path, ctx[:root])
+          root_abs = File.expand_path(ctx[:root])
+
+          unless expanded.start_with?(root_abs)
+            "#{tool}: path must stay within project root (#{root_abs})"
+          end
+        end
+
+        # Rate-limit shell commands (max 10 per run)
+        add(:shell_rate_limit) do |tool, _args, ctx|
+          next unless tool == "run_shell"
+
+          counter = (ctx[:shell_call_count] || 0)
+          limit   = (ctx[:shell_call_limit] || 10)
+          "run_shell: rate limit of #{limit} calls per run exceeded" if counter >= limit
+        end
+      end
+    end
+  end
+end

data/lib/ollama_agent/runtime/sandbox.rb

@@ -0,0 +1,130 @@
+# frozen_string_literal: true
+
+require "fileutils"
+require "tmpdir"
+
+module OllamaAgent
+  module Runtime
+    # Workspace sandbox: copies a project to a temp directory for isolated edits.
+    # Used by self-improvement and automated modes to prevent live-tree mutations.
+    #
+    # @example
+    #   sandbox = OllamaAgent::Runtime::Sandbox.new(source_root: "/my/project")
+    #   sandbox.setup!
+    #   # agent runs inside sandbox.root
+    #   sandbox.changed_files  # => list of modified files
+    #   sandbox.sync_back!(target: "/my/project")  # merge changes
+    #   sandbox.teardown!
+    class Sandbox
+      attr_reader :root, :source_root
+
+      IGNORED_DIRS = %w[.git node_modules vendor .bundle tmp log coverage .ollama_agent].freeze
+
+      def initialize(source_root:, prefix: "ollama_agent_sandbox")
+        @source_root = File.expand_path(source_root)
+        @prefix      = prefix
+        @root        = nil
+        @setup_done  = false
+      end
+
+      # Copy source tree to a temp directory.
+      # @return [String] sandbox root path
+      def setup!
+        @root      = Dir.mktmpdir(@prefix)
+        copy_tree(@source_root, @root)
+        @setup_done = true
+        @root
+      end
+
+      # Returns relative paths of files changed inside the sandbox vs the original.
+      def changed_files
+        return [] unless @setup_done
+
+        find_files(@root).each_with_object([]) do |abs_path, changed|
+          rel       = abs_path.sub("#{@root}/", "")
+          orig      = File.join(@source_root, rel)
+          changed << rel if !File.exist?(orig) || File.read(abs_path) != File.read(orig)
+        rescue StandardError
+          next
+        end
+      end
+
+      # Files present in source but deleted in sandbox.
+      def deleted_files
+        return [] unless @setup_done
+
+        find_files(@source_root).each_with_object([]) do |abs_path, deleted|
+          rel = abs_path.sub("#{@source_root}/", "")
+          deleted << rel unless File.exist?(File.join(@root, rel))
+        end
+      end
+
+      # Copy changed sandbox files back to target (defaults to source_root).
+      # @param target     [String]  destination directory
+      # @param only_files [Array]   restrict to specific relative paths
+      # @return [Array<String>] list of relative paths copied
+      def sync_back!(target: nil, only_files: nil)
+        raise "Sandbox not set up" unless @setup_done
+
+        dest    = File.expand_path(target || @source_root)
+        to_copy = only_files || changed_files
+
+        to_copy.each do |rel|
+          src  = File.join(@root, rel)
+          dst  = File.join(dest, rel)
+          FileUtils.mkdir_p(File.dirname(dst))
+          FileUtils.cp(src, dst)
+        end
+
+        to_copy
+      end
+
+      # Remove the temporary directory.
+      def teardown!
+        return unless @root && File.directory?(@root)
+
+        FileUtils.rm_rf(@root)
+        @root       = nil
+        @setup_done = false
+      end
+
+      # Run a block inside the sandbox, then teardown.
+      def use
+        setup!
+        yield self
+      ensure
+        teardown!
+      end
+
+      private
+
+      def copy_tree(src, dst)
+        Dir.foreach(src) do |entry|
+          next if entry.start_with?(".")
+          next if IGNORED_DIRS.include?(entry)
+
+          src_path = File.join(src, entry)
+          dst_path = File.join(dst, entry)
+
+          if File.directory?(src_path)
+            FileUtils.mkdir_p(dst_path)
+            copy_tree(src_path, dst_path)
+          else
+            FileUtils.cp(src_path, dst_path)
+          end
+        end
+      end
+
+      def find_files(dir)
+        files = []
+        Dir.glob(File.join(dir, "**", "*"), File::FNM_DOTMATCH).each do |path|
+          next if File.directory?(path)
+          next if IGNORED_DIRS.any? { |d| path.include?("/#{d}/") }
+
+          files << path
+        end
+        files
+      end
+    end
+  end
+end

data/lib/ollama_agent/streaming/hooks.rb

@@ -5,7 +5,9 @@ module OllamaAgent
     # Lightweight event bus for agent lifecycle events.
     # All layers share one Hooks instance per Agent run.
     class Hooks
-      EVENTS = %i[on_token on_thinking on_chunk on_tool_call on_tool_result on_complete on_error on_retry].freeze
+      EVENTS = %i[
+        on_token on_thinking on_chunk on_tool_call on_tool_result on_assistant_message on_complete on_error on_retry
+      ].freeze
 
       MISSING_BLOCK_MESSAGE = "Hooks require a block when registering a handler"