rubino-agent 0.3.0

data/lib/rubino/tools/github_tool.rb

@@ -0,0 +1,233 @@
+# frozen_string_literal: true
+
+require "net/http"
+require "uri"
+require "json"
+
+module Rubino
+  module Tools
+    # Tool for GitHub/GitLab operations: PRs, issues, reviews.
+    # Uses GitHub CLI (gh) if available, otherwise uses the API directly.
+    class GitHubTool < Base
+      def name
+        "github"
+      end
+
+      def description
+        "Interact with GitHub: create/list PRs, issues, reviews, check status. " \
+          "Requires GITHUB_TOKEN or gh CLI authenticated."
+      end
+
+      def input_schema
+        {
+          type: "object",
+          properties: {
+            action: {
+              type: "string",
+              enum: %w[pr_create pr_list pr_view issue_create issue_list issue_view
+                       pr_checks pr_diff repo_view release_list],
+              description: "The GitHub action to perform"
+            },
+            title: {
+              type: "string",
+              description: "Title (for pr_create, issue_create)"
+            },
+            body: {
+              type: "string",
+              description: "Body/description (for pr_create, issue_create)"
+            },
+            number: {
+              type: "integer",
+              description: "PR or issue number (for view/checks/diff)"
+            },
+            repo: {
+              type: "string",
+              description: "Repository in owner/name format (optional, auto-detects from git remote)"
+            },
+            base: {
+              type: "string",
+              description: "Base branch for PR (default: main)"
+            },
+            labels: {
+              type: "string",
+              description: "Comma-separated labels"
+            }
+          },
+          required: %w[action]
+        }
+      end
+
+      def risk_level
+        :medium
+      end
+
+      def call(arguments)
+        action = arguments["action"] || arguments[:action]
+
+        if gh_available?
+          execute_gh(action, arguments)
+        else
+          execute_api(action, arguments)
+        end
+      end
+
+      private
+
+      def gh_available?
+        # Memoized — avoid spawning a subprocess on every call()
+        return @gh_available unless @gh_available.nil?
+
+        @gh_available = system("which gh > /dev/null 2>&1")
+      end
+
+      def execute_gh(action, args)
+        case action
+        when "pr_create"
+          title = args["title"] || args[:title] || "New PR"
+          body = args["body"] || args[:body] || ""
+          base = args["base"] || args[:base] || "main"
+          cmd = "gh pr create --title '#{escape(title)}' --body '#{escape(body)}' --base '#{base}'"
+          run_gh(cmd)
+        when "pr_list"
+          run_gh("gh pr list --limit 20")
+        when "pr_view"
+          number = args["number"] || args[:number]
+          run_gh("gh pr view #{number}")
+        when "pr_checks"
+          number = args["number"] || args[:number]
+          run_gh("gh pr checks #{number}")
+        when "pr_diff"
+          number = args["number"] || args[:number]
+          run_gh("gh pr diff #{number}")
+        when "issue_create"
+          title = args["title"] || args[:title] || "New Issue"
+          body = args["body"] || args[:body] || ""
+          labels = args["labels"] || args[:labels]
+          cmd = "gh issue create --title '#{escape(title)}' --body '#{escape(body)}'"
+          cmd += " --label '#{labels}'" if labels
+          run_gh(cmd)
+        when "issue_list"
+          run_gh("gh issue list --limit 20")
+        when "issue_view"
+          number = args["number"] || args[:number]
+          run_gh("gh issue view #{number}")
+        when "repo_view"
+          run_gh("gh repo view")
+        when "release_list"
+          run_gh("gh release list --limit 10")
+        else
+          "Unknown GitHub action: #{action}"
+        end
+      end
+
+      def execute_api(action, args)
+        token = ENV["GITHUB_TOKEN"] || ENV.fetch("GH_TOKEN", nil)
+        return "Error: No GitHub authentication. Set GITHUB_TOKEN or install gh CLI." unless token
+
+        repo = args["repo"] || args[:repo] || detect_repo
+
+        case action
+        when "pr_list"
+          api_get("/repos/#{repo}/pulls?state=open&per_page=20", token)
+        when "pr_view"
+          number = args["number"] || args[:number]
+          api_get("/repos/#{repo}/pulls/#{number}", token)
+        when "issue_list"
+          api_get("/repos/#{repo}/issues?state=open&per_page=20", token)
+        when "issue_view"
+          number = args["number"] || args[:number]
+          api_get("/repos/#{repo}/issues/#{number}", token)
+        when "pr_create"
+          title = args["title"] || args[:title]
+          body_text = args["body"] || args[:body] || ""
+          base = args["base"] || args[:base] || "main"
+          head = current_branch
+          api_post("/repos/#{repo}/pulls", token, {
+                     title: title, body: body_text, head: head, base: base
+                   })
+        when "issue_create"
+          title = args["title"] || args[:title]
+          body_text = args["body"] || args[:body] || ""
+          api_post("/repos/#{repo}/issues", token, {
+                     title: title, body: body_text
+                   })
+        else
+          "Action '#{action}' requires gh CLI"
+        end
+      end
+
+      def run_gh(cmd)
+        output = `#{cmd} 2>&1`
+        output.empty? ? "(no output)" : output
+      end
+
+      def api_get(path, token)
+        uri = URI("https://api.github.com#{path}")
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = true
+        request = Net::HTTP::Get.new(uri.request_uri)
+        request["Authorization"] = "Bearer #{token}"
+        request["Accept"] = "application/vnd.github+json"
+
+        response = http.request(request)
+        format_api_response(response)
+      end
+
+      def api_post(path, token, body)
+        uri = URI("https://api.github.com#{path}")
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = true
+        request = Net::HTTP::Post.new(uri.request_uri)
+        request["Authorization"] = "Bearer #{token}"
+        request["Accept"] = "application/vnd.github+json"
+        request["Content-Type"] = "application/json"
+        request.body = JSON.generate(body)
+
+        response = http.request(request)
+        format_api_response(response)
+      end
+
+      def format_api_response(response)
+        data = JSON.parse(response.body)
+        case data
+        when Array
+          data.first(10).map { |item| format_item(item) }.join("\n\n")
+        when Hash
+          if data["message"]
+            "API Error: #{data["message"]}"
+          else
+            format_item(data)
+          end
+        end
+      rescue StandardError
+        response.body[0..500]
+      end
+
+      def format_item(item)
+        parts = []
+        parts << "##{item["number"]} #{item["title"]}" if item["number"]
+        parts << "State: #{item["state"]}" if item["state"]
+        parts << "URL: #{item["html_url"]}" if item["html_url"]
+        parts << "Author: #{item.dig("user", "login")}" if item.dig("user", "login")
+        parts.join("\n")
+      end
+
+      def detect_repo
+        remote = `git remote get-url origin 2>/dev/null`.strip
+        if remote.match?(%r{github\.com[:/](.+?)(?:\.git)?$})
+          remote.match(%r{github\.com[:/](.+?)(?:\.git)?$})[1]
+        else
+          ""
+        end
+      end
+
+      def current_branch
+        `git branch --show-current 2>/dev/null`.strip
+      end
+
+      def escape(str)
+        str.gsub("'", "'\\''")
+      end
+    end
+  end
+end

data/lib/rubino/tools/glob_tool.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+module Rubino
+  module Tools
+    # Tool for finding files by glob patterns.
+    # Returns matching file paths sorted by modification time.
+    class GlobTool < Base
+      def name
+        "glob"
+      end
+
+      def description
+        "Find files by glob pattern (e.g., '**/*.rb', 'src/**/*.ts'). " \
+          "Returns matching file paths sorted by modification time."
+      end
+
+      def input_schema
+        {
+          type: "object",
+          properties: {
+            pattern: {
+              type: "string",
+              description: "The glob pattern to match files against (e.g., '**/*.rb')"
+            },
+            path: {
+              type: "string",
+              description: "Base directory to search in (defaults to current directory)"
+            },
+            max_results: {
+              type: "integer",
+              description: "Maximum number of results (default: 100)"
+            }
+          },
+          required: %w[pattern]
+        }
+      end
+
+      def risk_level
+        :low
+      end
+
+      def call(arguments)
+        pattern = arguments["pattern"] || arguments[:pattern]
+        path = arguments["path"] || arguments[:path] || "."
+        max_results = arguments["max_results"] || arguments[:max_results] || 100
+
+        expanded_path = File.expand_path(path)
+        return "Error: Directory not found: #{path}" unless File.directory?(expanded_path)
+
+        full_pattern = File.join(expanded_path, pattern)
+        files = Dir.glob(full_pattern)
+                   .select { |f| File.file?(f) }
+                   .sort_by { |f| -File.mtime(f).to_i }
+                   .first(max_results)
+
+        if files.empty?
+          "No files matched pattern: #{pattern}"
+        else
+          relative_files = files.map { |f| f.sub("#{expanded_path}/", "") }
+          full = "#{relative_files.size} file(s) found:\n\n#{relative_files.join("\n")}"
+          { output: full,
+            metrics: "#{relative_files.size} file#{"s" if relative_files.size != 1}",
+            body: Util::Output.preview(full),
+            body_kind: :plain }
+        end
+      end
+    end
+  end
+end

data/lib/rubino/tools/grep_tool.rb

@@ -0,0 +1,206 @@
+# frozen_string_literal: true
+
+module Rubino
+  module Tools
+    # Tool for searching file contents using regex patterns.
+    # Backed by ripgrep (rg) if available, falls back to Ruby grep.
+    class GrepTool < Base
+      def name
+        "grep"
+      end
+
+      def description
+        "Search file contents using regular expressions. " \
+          "Returns matching file paths and line numbers. " \
+          "Supports include patterns to filter by file type."
+      end
+
+      def input_schema
+        {
+          type: "object",
+          properties: {
+            pattern: {
+              type: "string",
+              description: "The regex pattern to search for"
+            },
+            path: {
+              type: "string",
+              description: "Directory to search in (defaults to current directory)"
+            },
+            include: {
+              type: "string",
+              description: "File pattern to include (e.g., '*.rb', '*.{ts,tsx}')"
+            },
+            max_results: {
+              type: "integer",
+              description: "Maximum number of results to return (default: 50)"
+            },
+            before: {
+              type: "integer",
+              description: "Lines of leading context to include before each match (-B). Default 0."
+            },
+            after: {
+              type: "integer",
+              description: "Lines of trailing context to include after each match (-A). Default 0."
+            },
+            context: {
+              type: "integer",
+              description: "Symmetric context (-C): sets both before and after. Wins over before/after when given."
+            }
+          },
+          required: %w[pattern]
+        }
+      end
+
+      def risk_level
+        :low
+      end
+
+      def call(arguments)
+        pattern = arguments["pattern"] || arguments[:pattern]
+        path = arguments["path"] || arguments[:path] || "."
+        include_pattern = arguments["include"] || arguments[:include]
+        max_results = arguments["max_results"] || arguments[:max_results] || 50
+
+        # -A/-B/-C semantics, mirroring ripgrep: `context` (-C) overrides
+        # both halves; otherwise each side defaults to 0. Clamp at 50 lines
+        # per side so a runaway model can't ask for 10_000 lines of context
+        # per match and overrun the output budget.
+        ctx     = arguments["context"] || arguments[:context]
+        before  = (ctx || arguments["before"] || arguments[:before] || 0).to_i.clamp(0, 50)
+        after   = (ctx || arguments["after"]  || arguments[:after]  || 0).to_i.clamp(0, 50)
+
+        expanded_path = File.expand_path(path)
+        return "Error: Path not found: #{path}" unless File.exist?(expanded_path)
+
+        if ripgrep_available?
+          search_with_ripgrep(pattern, expanded_path, include_pattern, max_results, before, after)
+        else
+          search_with_ruby(pattern, expanded_path, include_pattern, max_results, before, after)
+        end
+      end
+
+      private
+
+      def ripgrep_available?
+        system("which rg > /dev/null 2>&1")
+      end
+
+      def search_with_ripgrep(pattern, path, include_pattern, max_results, before, after)
+        # Build argv array and use Open3 to avoid shell injection — pattern
+        # and path are passed as separate arguments, never interpolated into a
+        # shell string.
+        #
+        # NOTE: ripgrep has NO total-count flag — `--max-total-count` is not a
+        # real rg option and makes rg exit non-zero ("unrecognized flag"),
+        # which surfaced in prod as a wasted "Error executing search" turn.
+        # `--max-count` (-m) is PER-FILE, so it can't bound the total either.
+        # We therefore let rg run and cap the TOTAL number of result lines in
+        # Ruby below — true total cap, and it tames a pattern that matches
+        # thousands of lines in one file (the prod failure mode).
+        argv = ["rg", "--line-number", "--no-heading", "--color=never"]
+        argv += ["--glob=#{include_pattern}"] if include_pattern
+        argv += ["-B", before.to_s] if before.positive?
+        argv += ["-A", after.to_s]  if after.positive?
+        argv += [pattern, path]
+
+        output = IO.popen(argv, err: %i[child out], &:read)
+        status = $?.exitstatus
+
+        if status == 0
+          all_lines = output.lines
+          lines     = all_lines.first(max_results)
+          more      = all_lines.size - lines.size
+          header    = "#{lines.size} match(es) shown" \
+                      "#{" (#{more} more — raise max_results or narrow the pattern)" if more.positive?}"
+          full      = "#{header}:\n\n#{lines.join}"
+          { output: full,
+            metrics: "#{lines.size} match#{"es" if lines.size != 1}#{"+" if more.positive?}",
+            body: Util::Output.preview(full),
+            body_kind: :plain }
+        elsif status == 1
+          "No matches found for pattern: #{pattern}"
+        else
+          "Error executing search: #{output}"
+        end
+      end
+
+      def search_with_ruby(pattern, path, include_pattern, max_results, before, after)
+        regex   = Regexp.new(pattern)
+        results = []
+
+        # ripgrep accepts a single FILE as well as a directory; mirror that
+        # in the fallback. Dir.glob("<file>/**/*") yields nothing, so when
+        # `path` is a file we search it directly (include_pattern is moot).
+        files = File.file?(path) ? [path] : Dir.glob(File.join(path, "**", include_pattern || "*"))
+
+        files.each do |file|
+          next unless File.file?(file)
+          next if binary_file?(file)
+
+          begin
+            lines     = File.readlines(file)
+            relative  = file == path ? File.basename(file) : file.sub("#{path}/", "")
+            pending   = 0   # lines remaining to emit after a match
+            last_idx  = -1  # last line index already in results (to dedupe overlapping ctx)
+            separator_pending = false
+            lines.each_with_index do |line, idx|
+              matched = line.match?(regex)
+              if matched
+                # Emit `before` lines of context (skipping any already in results).
+                first_ctx = [idx - before, last_idx + 1].max
+                results << "--" if separator_pending && first_ctx > last_idx + 1
+                (first_ctx...idx).each do |ci|
+                  results << "#{relative}:#{ci + 1}- #{lines[ci].rstrip}"
+                  last_idx = ci
+                end
+                results << "#{relative}:#{idx + 1}: #{line.rstrip}"
+                last_idx = idx
+                pending = after
+                separator_pending = false
+                break if results.size >= max_results
+              elsif pending.positive?
+                results << "#{relative}:#{idx + 1}- #{line.rstrip}"
+                last_idx = idx
+                pending -= 1
+                separator_pending = pending.zero?
+                break if results.size >= max_results
+              end
+            end
+          rescue StandardError
+            next
+          end
+
+          break if results.size >= max_results
+        end
+
+        if results.empty?
+          "No matches found for pattern: #{pattern}"
+        else
+          # We stop scanning once results hits max_results, so a full cap means
+          # more matches may exist — flag it the same way the ripgrep path does.
+          capped       = results.size >= max_results
+          match_count  = results.count { |l| l.include?(":") && l !~ /:\d+- / && l != "--" }
+          header       = "#{match_count} match(es) shown" \
+                         "#{" (more may exist — raise max_results or narrow the pattern)" if capped}"
+          full = "#{header}:\n\n#{results.join("\n")}"
+          { output: full,
+            metrics: "#{match_count} match#{"es" if match_count != 1}#{"+" if capped}",
+            body: Util::Output.preview(full),
+            body_kind: :plain }
+        end
+      end
+
+      def binary_file?(path)
+        sample = begin
+          File.read(path, 512)
+        rescue StandardError
+          nil
+        end
+        return true unless sample
+
+        sample.include?("\x00")
+      end
+    end
+  end
+end

data/lib/rubino/tools/memory_tool.rb

@@ -0,0 +1,184 @@
+# frozen_string_literal: true
+
+module Rubino
+  module Tools
+    # Agent-callable interface to the memory store.
+    #
+    # The agent uses this to record durable facts about the user or
+    # project across sessions. The schema is deliberately tiny — three
+    # actions, two targets — because every additional knob is another
+    # surface a prompt-injection attempt can probe. Threat scanning and
+    # the char-budget run inside Memory::Store; this tool only handles
+    # the action/target mapping and translates Store exceptions into
+    # tool-protocol error strings.
+    class MemoryTool < Base
+      VALID_ACTIONS = %w[add replace remove].freeze
+      VALID_TARGETS = %w[memory user].freeze
+
+      # target → memory kind. "user" is the user_profile slot; "memory"
+      # is the catch-all "fact" kind. Other kinds (preference,
+      # technical_decision, …) are reserved for the auto-extractor — the
+      # agent does not get to write to them directly through this tool.
+      TARGET_TO_KIND = { "memory" => "fact", "user" => "user_profile" }.freeze
+
+      def initialize(backend: nil)
+        @backend = backend
+      end
+
+      def name
+        "memory"
+      end
+
+      def description
+        "Persist facts across sessions. Use action=add to record a new fact, " \
+          "replace to update an existing fact (substring match on old_text), " \
+          "or remove to delete one. target=user writes to the user profile; " \
+          "target=memory writes to general memory. " \
+          "Store ONE atomic fact per call — make separate calls for separate " \
+          "facts so each can be superseded or forgotten independently. " \
+          "Content is scanned for prompt-injection / exfiltration patterns and " \
+          "subject to a character budget — refusals are reported in the output."
+      end
+
+      def input_schema
+        {
+          type: "object",
+          properties: {
+            action: {
+              type: "string",
+              enum: VALID_ACTIONS,
+              description: "add, replace, or remove"
+            },
+            target: {
+              type: "string",
+              enum: VALID_TARGETS,
+              description: "memory (general) or user (user profile)"
+            },
+            content: {
+              type: "string",
+              description: "New content (required for add and replace)"
+            },
+            old_text: {
+              type: "string",
+              description: "Substring of existing memory to match " \
+                           "(required for replace and remove)"
+            }
+          },
+          required: %w[action target]
+        }
+      end
+
+      def risk_level
+        # Memory store/retrieve/update is an internal, low-risk operation:
+        # an autonomous "scratchpad" the agent maintains, not an external
+        # side-effect like editing the user's files or running a shell
+        # command. It must not trip the approval gate. Every write is
+        # already threat-scanned and char-budgeted inside Memory::Store,
+        # and the only destructive action (remove) deletes a SINGLE entry
+        # by substring match — there is no full-wipe op exposed here — so
+        # there is nothing left for an approval prompt to guard.
+        # :low keeps it autonomous even under approvals.mode: manual
+        # (Base#risky? only flags :medium/:high), matching how todo_tool
+        # and other internal state-mutating tools stay unprompted.
+        :low
+      end
+
+      def call(arguments)
+        args = symbolize(arguments)
+        action = args[:action].to_s
+        target = args[:target].to_s
+
+        return error("invalid action '#{action}'; expected one of #{VALID_ACTIONS.join(", ")}") \
+          unless VALID_ACTIONS.include?(action)
+        return error("invalid target '#{target}'; expected one of #{VALID_TARGETS.join(", ")}") \
+          unless VALID_TARGETS.include?(target)
+
+        kind = TARGET_TO_KIND.fetch(target)
+
+        case action
+        when "add"     then do_add(kind, args[:content])
+        when "replace" then do_replace(kind, args[:old_text], args[:content])
+        when "remove"  then do_remove(kind, args[:old_text])
+        end
+      end
+
+      private
+
+      def backend
+        @backend ||= Memory::Backends.build
+      end
+
+      def do_add(kind, content)
+        return error("content is required for add") if blank?(content)
+
+        memory = backend.store(kind: kind, content: content)
+        "Memory added (id=#{memory[:id][0, 8]}, kind=#{kind})."
+      rescue Memory::Store::ThreatDetectedError => e
+        threat_error(e)
+      rescue Memory::Store::BudgetExceededError => e
+        budget_error(e)
+      end
+
+      def do_replace(kind, old_text, content)
+        return error("old_text is required for replace") if blank?(old_text)
+        return error("content is required for replace") if blank?(content)
+
+        target = backend.replace(kind: kind, old_text: old_text, content: content)
+        return error("no #{kind} memory matched substring '#{truncate(old_text)}'") unless target
+
+        "Memory replaced (id=#{target[:id][0, 8]}, kind=#{kind})."
+      rescue Memory::Store::ThreatDetectedError => e
+        threat_error(e)
+      rescue Memory::Store::BudgetExceededError => e
+        budget_error(e)
+      end
+
+      def do_remove(kind, old_text)
+        return error("old_text is required for remove") if blank?(old_text)
+
+        target = backend.forget(kind: kind, old_text: old_text)
+        return error("no #{kind} memory matched substring '#{truncate(old_text)}'") unless target
+
+        "Memory removed (id=#{target[:id][0, 8]}, kind=#{kind})."
+      end
+
+      def threat_error(err)
+        {
+          output: "Error: refused to write memory (#{err.threat}). " \
+                  "Memory content was rejected by the threat scanner.",
+          error_code: :memory_threat_detected
+        }
+      end
+
+      def budget_error(err)
+        {
+          output: "Error: memory budget exceeded; delete or replace older entries first " \
+                  "(group=#{err.group}, used=#{err.current}, requested=#{err.requested}, " \
+                  "limit=#{err.limit}).",
+          error_code: :memory_budget_exceeded
+        }
+      end
+
+      def error(msg)
+        "Error: #{msg}"
+      end
+
+      def blank?(value)
+        value.nil? || value.to_s.strip.empty?
+      end
+
+      def truncate(text, max: 40)
+        s = text.to_s
+        s.length > max ? "#{s[0, max]}..." : s
+      end
+
+      def symbolize(arguments)
+        return {} unless arguments.is_a?(Hash)
+
+        arguments.each_with_object({}) do |(k, v), acc|
+          acc[k.to_sym] = v
+        end
+      end
+    end
+  end
+end