rubyn-code 0.1.0 → 0.2.0

data/lib/rubyn_code/auth/oauth.rb

@@ -1,17 +1,22 @@
 # frozen_string_literal: true
 
-require "securerandom"
-require "digest"
-require "base64"
-require "faraday"
-require "json"
+require 'securerandom'
+require 'digest'
+require 'base64'
+require 'faraday'
+require 'json'
 
 module RubynCode
   module Auth
     class OAuth
-      StateMismatchError = Class.new(RubynCode::AuthenticationError)
-      TokenExchangeError = Class.new(RubynCode::AuthenticationError)
-      RefreshError = Class.new(RubynCode::AuthenticationError)
+      class StateMismatchError < RubynCode::AuthenticationError
+      end
+
+      class TokenExchangeError < RubynCode::AuthenticationError
+      end
+
+      class RefreshError < RubynCode::AuthenticationError
+      end
 
       VERIFIER_LENGTH = 43
 
@@ -28,7 +33,7 @@ module RubynCode
         result = callback_server.wait_for_callback(timeout: 120)
 
         unless secure_compare(result[:state], state)
-          raise StateMismatchError, "OAuth state parameter mismatch — possible CSRF attack"
+          raise StateMismatchError, 'OAuth state parameter mismatch — possible CSRF attack'
         end
 
         tokens = exchange_code(code: result[:code], code_verifier:)
@@ -44,12 +49,12 @@ module RubynCode
 
       def refresh!
         stored = TokenStore.load
-        raise RefreshError, "No stored refresh token available" unless stored&.dig(:refresh_token)
+        raise RefreshError, 'No stored refresh token available' unless stored&.dig(:refresh_token)
 
         response = http_client.post(token_url) do |req|
-          req.headers["Content-Type"] = "application/x-www-form-urlencoded"
+          req.headers['Content-Type'] = 'application/x-www-form-urlencoded'
           req.body = URI.encode_www_form(
-            grant_type: "refresh_token",
+            grant_type: 'refresh_token',
             client_id: client_id,
             refresh_token: stored[:refresh_token]
           )
@@ -57,23 +62,23 @@ module RubynCode
 
         unless response.success?
           body = parse_json(response.body)
-          error_msg = body&.dig("error_description") || body&.dig("error") || response.body
+          error_msg = body&.dig('error_description') || body&.dig('error') || response.body
           raise RefreshError, "Token refresh failed (#{response.status}): #{error_msg}"
         end
 
         body = parse_json(response.body)
-        raise RefreshError, "Invalid response from token endpoint" unless body
+        raise RefreshError, 'Invalid response from token endpoint' unless body
 
         TokenStore.save(
-          access_token: body["access_token"],
-          refresh_token: body["refresh_token"] || stored[:refresh_token],
-          expires_at: Time.now + body["expires_in"].to_i
+          access_token: body['access_token'],
+          refresh_token: body['refresh_token'] || stored[:refresh_token],
+          expires_at: Time.now + body['expires_in'].to_i
         )
 
         {
-          access_token: body["access_token"],
-          refresh_token: body["refresh_token"] || stored[:refresh_token],
-          expires_in: body["expires_in"]
+          access_token: body['access_token'],
+          refresh_token: body['refresh_token'] || stored[:refresh_token],
+          expires_in: body['expires_in']
         }
       end
 
@@ -90,13 +95,13 @@ module RubynCode
 
       def build_authorization_url(code_challenge:, state:)
         params = URI.encode_www_form(
-          response_type: "code",
+          response_type: 'code',
           client_id: client_id,
           redirect_uri: redirect_uri,
           scope: scopes,
           state: state,
           code_challenge: code_challenge,
-          code_challenge_method: "S256"
+          code_challenge_method: 'S256'
         )
 
         "#{authorize_url}?#{params}"
@@ -104,9 +109,9 @@ module RubynCode
 
       def exchange_code(code:, code_verifier:)
         response = http_client.post(token_url) do |req|
-          req.headers["Content-Type"] = "application/x-www-form-urlencoded"
+          req.headers['Content-Type'] = 'application/x-www-form-urlencoded'
           req.body = URI.encode_www_form(
-            grant_type: "authorization_code",
+            grant_type: 'authorization_code',
             client_id: client_id,
             code: code,
             redirect_uri: redirect_uri,
@@ -116,26 +121,26 @@ module RubynCode
 
         unless response.success?
           body = parse_json(response.body)
-          error_msg = body&.dig("error_description") || body&.dig("error") || response.body
+          error_msg = body&.dig('error_description') || body&.dig('error') || response.body
           raise TokenExchangeError, "Code exchange failed (#{response.status}): #{error_msg}"
         end
 
         body = parse_json(response.body)
-        raise TokenExchangeError, "Invalid response from token endpoint" unless body
+        raise TokenExchangeError, 'Invalid response from token endpoint' unless body
 
         {
-          access_token: body["access_token"],
-          refresh_token: body["refresh_token"],
-          expires_in: body["expires_in"]
+          access_token: body['access_token'],
+          refresh_token: body['refresh_token'],
+          expires_in: body['expires_in']
         }
       end
 
       def open_browser(url)
         launcher = case RUBY_PLATFORM
-                   when /darwin/  then "open"
-                   when /linux/   then "xdg-open"
-                   when /mingw|mswin/ then "start"
-                   else "xdg-open"
+                   when /darwin/  then 'open'
+                   when /linux/   then 'xdg-open'
+                   when /mingw|mswin/ then 'start'
+                   else 'xdg-open'
                    end
 
         system(launcher, url, exception: false)
@@ -159,8 +164,8 @@ module RubynCode
         return false if a.nil? || b.nil?
         return false unless a.bytesize == b.bytesize
 
-        l = a.unpack("C*")
-        r = b.unpack("C*")
+        l = a.unpack('C*')
+        r = b.unpack('C*')
         l.zip(r).reduce(0) { |acc, (x, y)| acc | (x ^ y) }.zero?
       end
 

data/lib/rubyn_code/auth/server.rb

@@ -1,15 +1,16 @@
 # frozen_string_literal: true
 
-require "webrick"
-require "uri"
+require 'webrick'
+require 'uri'
 
 module RubynCode
   module Auth
     class Server
-      LISTEN_HOST = "127.0.0.1"
+      LISTEN_HOST = '127.0.0.1'
       LISTEN_PORT = 19_275
 
-      CallbackTimeout = Class.new(RubynCode::AuthenticationError)
+      class CallbackTimeout < RubynCode::AuthenticationError
+      end
 
       def initialize
         @result = nil
@@ -46,7 +47,7 @@ module RubynCode
           AccessLog: access_log
         )
 
-        server.mount_proc("/callback") do |req, res|
+        server.mount_proc('/callback') do |req, res|
           handle_callback(req, res, server)
         end
 
@@ -55,8 +56,8 @@ module RubynCode
 
       def handle_callback(req, res, server)
         params = parse_query(req.query_string)
-        code = params["code"]
-        state = params["state"]
+        code = params['code']
+        state = params['state']
 
         if code
           @mutex.synchronize do
@@ -65,14 +66,14 @@ module RubynCode
           end
 
           res.status = 200
-          res.content_type = "text/html; charset=utf-8"
+          res.content_type = 'text/html; charset=utf-8'
           res.body = success_html
         else
-          error = params["error"] || "unknown"
-          description = params["error_description"] || "No authorization code received"
+          error = params['error'] || 'unknown'
+          description = params['error_description'] || 'No authorization code received'
 
           res.status = 400
-          res.content_type = "text/html; charset=utf-8"
+          res.content_type = 'text/html; charset=utf-8'
           res.body = error_html(error, description)
 
           @mutex.synchronize do
@@ -80,7 +81,10 @@ module RubynCode
           end
         end
 
-        Thread.new { sleep(0.5); server.shutdown }
+        Thread.new do
+          sleep(0.5)
+          server.shutdown
+        end
       end
 
       def parse_query(query_string)

data/lib/rubyn_code/auth/token_store.rb

@@ -1,15 +1,15 @@
 # frozen_string_literal: true
 
-require "yaml"
-require "fileutils"
-require "json"
-require "time"
+require 'yaml'
+require 'fileutils'
+require 'json'
+require 'time'
 
 module RubynCode
   module Auth
     module TokenStore
       EXPIRY_BUFFER_SECONDS = 300 # 5 minutes
-      KEYCHAIN_SERVICE = "Claude Code-credentials"
+      KEYCHAIN_SERVICE = 'Claude Code-credentials'
 
       class << self
         # Load tokens with fallback chain:
@@ -24,9 +24,9 @@ module RubynCode
           ensure_directory!
 
           data = {
-            "access_token" => access_token,
-            "refresh_token" => refresh_token,
-            "expires_at" => expires_at.is_a?(Time) ? expires_at.iso8601 : expires_at.to_s
+            'access_token' => access_token,
+            'refresh_token' => refresh_token,
+            'expires_at' => expires_at.is_a?(Time) ? expires_at.iso8601 : expires_at.to_s
           }
 
           File.write(tokens_path, YAML.dump(data))
@@ -35,7 +35,7 @@ module RubynCode
         end
 
         def clear!
-          File.delete(tokens_path) if File.exist?(tokens_path)
+          FileUtils.rm_f(tokens_path)
           true
         end
 
@@ -71,22 +71,22 @@ module RubynCode
 
         # Read Claude Code's OAuth token from macOS Keychain
         def load_from_keychain
-          return nil unless RUBY_PLATFORM.include?("darwin")
+          return nil unless RUBY_PLATFORM.include?('darwin')
 
           output = `security find-generic-password -s "#{KEYCHAIN_SERVICE}" -w 2>/dev/null`.strip
           return nil if output.empty?
 
           data = JSON.parse(output)
-          oauth = data["claudeAiOauth"]
-          return nil unless oauth && oauth["accessToken"]
+          oauth = data['claudeAiOauth']
+          return nil unless oauth && oauth['accessToken']
 
-          expires_at = if oauth["expiresAt"]
-                         Time.at(oauth["expiresAt"] / 1000.0) # milliseconds to seconds
+          expires_at = if oauth['expiresAt']
+                         Time.at(oauth['expiresAt'] / 1000.0) # milliseconds to seconds
                        end
 
           {
-            access_token: oauth["accessToken"],
-            refresh_token: oauth["refreshToken"],
+            access_token: oauth['accessToken'],
+            refresh_token: oauth['refreshToken'],
             expires_at: expires_at,
             type: :oauth,
             source: :keychain
@@ -101,12 +101,12 @@ module RubynCode
 
           data = YAML.safe_load_file(tokens_path, permitted_classes: [Time])
           return nil unless data.is_a?(Hash)
-          return nil unless data["access_token"]
+          return nil unless data['access_token']
 
           {
-            access_token: data["access_token"],
-            refresh_token: data["refresh_token"],
-            expires_at: parse_time(data["expires_at"]),
+            access_token: data['access_token'],
+            refresh_token: data['refresh_token'],
+            expires_at: parse_time(data['expires_at']),
             type: :oauth,
             source: :file
           }
@@ -116,7 +116,7 @@ module RubynCode
 
         # Fall back to ANTHROPIC_API_KEY environment variable
         def load_from_env
-          api_key = ENV["ANTHROPIC_API_KEY"]
+          api_key = ENV.fetch('ANTHROPIC_API_KEY', nil)
           return nil unless api_key && !api_key.empty?
 
           {
@@ -134,7 +134,7 @@ module RubynCode
 
         def ensure_directory!
           dir = File.dirname(tokens_path)
-          FileUtils.mkdir_p(dir) unless Dir.exist?(dir)
+          FileUtils.mkdir_p(dir)
           File.chmod(0o700, dir)
         end
 

data/lib/rubyn_code/autonomous/RUBYN.md

@@ -0,0 +1,14 @@
+# Layer 11: Autonomous
+
+Daemon mode for hands-off task execution.
+
+## Classes
+
+- **`Daemon`** — Runs the agent in background mode. Polls for unclaimed tasks,
+  executes them, and reports results. No human in the loop.
+
+- **`IdlePoller`** — Watches for new tasks at a configurable interval. Wakes the
+  daemon when work is available.
+
+- **`TaskClaimer`** — Atomically claims tasks from the DAG to prevent double-execution
+  when multiple agents are running.

data/lib/rubyn_code/autonomous/daemon.rb

@@ -1,15 +1,19 @@
 # frozen_string_literal: true
 
-require "securerandom"
+require 'securerandom'
 
 module RubynCode
   module Autonomous
-    # The KAIROS daemon -- an always-on autonomous agent that cycles between
+    # The GOLEM daemon — an always-on autonomous agent that cycles between
     # working on tasks and polling for new work. The lifecycle is:
     #
-    #   spawn -> work -> idle -> work -> ... -> shutdown
+    #   spawned → working ⇄ idle → shutting_down → stopped
     #
-    # Safety limits (max_runs, max_cost) prevent runaway execution.
+    # Safety limits (max_runs, max_cost, idle_timeout) prevent runaway execution.
+    # Signal traps (SIGTERM, SIGINT) trigger graceful shutdown.
+    #
+    # Unlike the REPL, the daemon runs a full Agent::Loop per task — meaning
+    # it can read files, write code, run specs, and use every tool available.
     class Daemon
       LIFECYCLE_STATES = %i[spawned working idle shutting_down stopped].freeze
 
@@ -19,32 +23,38 @@ module RubynCode
       # @param role [String] the agent's role / persona description
       # @param llm_client [LLM::Client] LLM API client
       # @param project_root [String] path to the project being worked on
-      # @param task_manager [#db] task persistence layer
-      # @param mailbox [#pending_for] message mailbox
+      # @param task_manager [Tasks::Manager] task persistence layer
+      # @param mailbox [Teams::Mailbox] message mailbox
       # @param max_runs [Integer] maximum work cycles before auto-shutdown (default 100)
       # @param max_cost [Float] maximum cumulative LLM cost in USD before auto-shutdown (default 10.0)
       # @param poll_interval [Numeric] idle polling interval in seconds (default 5)
       # @param idle_timeout [Numeric] seconds of idle before shutdown (default 60)
       # @param on_state_change [Proc, nil] callback invoked with (old_state, new_state)
-      def initialize(agent_name:, role:, llm_client:, project_root:, task_manager:, mailbox:, # rubocop:disable Metrics/ParameterLists
-                     max_runs: 100, max_cost: 10.0, poll_interval: 5, idle_timeout: 60,
-                     on_state_change: nil)
-        @agent_name = agent_name
-        @role = role
-        @llm_client = llm_client
-        @project_root = File.expand_path(project_root)
-        @task_manager = task_manager
-        @mailbox = mailbox
-        @max_runs = max_runs
-        @max_cost = max_cost
-        @poll_interval = poll_interval
-        @idle_timeout = idle_timeout
+      # @param on_task_complete [Proc, nil] callback invoked with (task, result_text)
+      # @param on_task_error [Proc, nil] callback invoked with (task, error)
+      def initialize( # rubocop:disable Metrics/ParameterLists
+        agent_name:, role:, llm_client:, project_root:, task_manager:, mailbox:,
+        max_runs: 100, max_cost: 10.0, poll_interval: 5, idle_timeout: 60,
+        on_state_change: nil, on_task_complete: nil, on_task_error: nil
+      )
+        @agent_name      = agent_name
+        @role            = role
+        @llm_client      = llm_client
+        @project_root    = File.expand_path(project_root)
+        @task_manager    = task_manager
+        @mailbox         = mailbox
+        @max_runs        = max_runs
+        @max_cost        = max_cost
+        @poll_interval   = poll_interval
+        @idle_timeout    = idle_timeout
         @on_state_change = on_state_change
+        @on_task_complete = on_task_complete
+        @on_task_error   = on_task_error
 
-        @state = :spawned
-        @runs_completed = 0
-        @total_cost = 0.0
-        @stop_requested = false
+        @state           = :spawned
+        @runs_completed  = 0
+        @total_cost      = 0.0
+        @stop_requested  = false
       end
 
       # Enters the work-idle-work cycle. Blocks the calling thread until
@@ -52,6 +62,7 @@ module RubynCode
       #
       # @return [Symbol] the final state (:stopped)
       def start!
+        install_signal_handlers!
         transition_to(:working)
 
         loop do
@@ -108,37 +119,85 @@ module RubynCode
 
       private
 
-      # Executes the agent loop for a single claimed task.
+      # ── Signal handling ──────────────────────────────────────────
+
+      def install_signal_handlers!
+        %w[INT TERM].each do |sig|
+          Signal.trap(sig) { stop! }
+        end
+      rescue ArgumentError
+        # Some signals not available on all platforms (e.g. Windows)
+      end
+
+      # ── Work phase (full Agent::Loop) ────────────────────────────
+
+      # Executes a full agent loop for a single claimed task — with tools,
+      # context management, and budget enforcement.
       #
       # @param task [Tasks::Task]
       # @return [void]
       def run_work_phase(task)
         transition_to(:working)
 
-        conversation = Agent::Conversation.new
-        conversation.add_user_message(build_work_prompt(task))
-
-        response = @llm_client.chat(
-          messages: conversation.to_api_format,
-          system: build_system_prompt
-        )
+        agent_loop = build_agent_loop
+        result_text = agent_loop.send_message(build_work_prompt(task))
 
-        track_cost(response)
+        # Accumulate cost from the budget enforcer
+        track_cost_from_enforcer(agent_loop)
 
         # Mark the task as completed with the agent's result.
-        result_text = extract_result(response)
-        @task_manager.db.execute(
-          "UPDATE tasks SET status = 'completed', result = ?, updated_at = datetime('now') WHERE id = ?",
-          [result_text, task.id]
-        )
+        @task_manager.complete(task.id, result: result_text)
+        @on_task_complete&.call(task, result_text)
       rescue StandardError => e
         # On failure, release the task so another agent (or retry) can pick it up.
-        @task_manager.db.execute(
-          "UPDATE tasks SET status = 'pending', owner = NULL, result = ?, updated_at = datetime('now') WHERE id = ?",
-          ["Error: #{e.message}", task.id]
+        @task_manager.update(task.id, status: 'pending', owner: nil, result: "Error: #{e.message}")
+        @on_task_error&.call(task, e)
+      end
+
+      # Builds a fresh Agent::Loop wired with all the real tools.
+      # Each task gets its own conversation and context so they don't bleed.
+      #
+      # @return [Agent::Loop]
+      def build_agent_loop
+        conversation    = Agent::Conversation.new
+        tool_executor   = Tools::Executor.new(project_root: @project_root)
+        context_manager = Context::Manager.new
+        hook_runner     = Hooks::Runner.new(registry: Hooks::Registry.new)
+        stall_detector  = Agent::LoopDetector.new
+
+        # Wire dependencies the executor needs for sub-agents / background
+        tool_executor.llm_client = @llm_client
+        tool_executor.db = @task_manager.db
+
+        Agent::Loop.new(
+          llm_client: @llm_client,
+          tool_executor: tool_executor,
+          context_manager: context_manager,
+          hook_runner: hook_runner,
+          conversation: conversation,
+          permission_tier: :unrestricted,
+          stall_detector: stall_detector,
+          project_root: @project_root
         )
       end
 
+      # Accumulates cost tracked by the Agent::Loop's context manager.
+      #
+      # @param agent_loop [Agent::Loop]
+      # @return [void]
+      def track_cost_from_enforcer(agent_loop)
+        # The context manager tracks token usage; we extract cost if available.
+        # This is best-effort — the daemon's own total_cost is an approximation.
+        cm = agent_loop.instance_variable_get(:@context_manager)
+        return unless cm.respond_to?(:total_cost)
+
+        @total_cost += cm.total_cost.to_f
+      rescue StandardError
+        # Non-critical
+      end
+
+      # ── Idle phase ───────────────────────────────────────────────
+
       # Delegates to IdlePoller to wait for new work.
       #
       # @return [:resume, :shutdown, :interrupted]
@@ -156,6 +215,8 @@ module RubynCode
         @idle_poller.poll!
       end
 
+      # ── Lifecycle ────────────────────────────────────────────────
+
       # Performs final shutdown bookkeeping.
       #
       # @return [Symbol] :stopped
@@ -184,49 +245,24 @@ module RubynCode
         @on_state_change&.call(old_state, new_state)
       end
 
-      # Accumulates cost from an LLM response.
-      #
-      # @param response [#usage] LLM response with usage data
-      # @return [void]
-      def track_cost(response)
-        return unless response.respond_to?(:usage) && response.usage.respond_to?(:cost)
-
-        @total_cost += response.usage.cost.to_f
-      end
-
-      # Extracts the textual result from an LLM response.
-      #
-      # @param response [#content] LLM response
-      # @return [String]
-      def extract_result(response)
-        return "" unless response.respond_to?(:content)
-
-        case response.content
-        when String
-          response.content
-        when Array
-          text_blocks = response.content.select { |b| b.is_a?(Hash) && b[:type] == "text" }
-          text_blocks.map { |b| b[:text] }.join("\n")
-        else
-          response.content.to_s
-        end
-      end
+      # ── Prompts ──────────────────────────────────────────────────
 
       # @param task [Tasks::Task]
       # @return [String]
       def build_work_prompt(task)
-        "Execute the following task:\n\n" \
-          "Title: #{task.title}\n" \
-          "Description: #{task.description}\n" \
-          "Priority: #{task.priority}\n" \
-          "Task ID: #{task.id}"
-      end
-
-      # @return [String]
-      def build_system_prompt
-        "You are #{@agent_name}, an autonomous agent with the role: #{@role}. " \
-          "You are working on the project at #{@project_root}. " \
-          "Complete tasks thoroughly and report results clearly."
+        <<~PROMPT
+          You are working autonomously as daemon agent "#{@agent_name}".
+          Complete the following task using the tools available to you.
+
+          Title: #{task.title}
+          Description: #{task.description}
+          Priority: #{task.priority}
+          Task ID: #{task.id}
+
+          Work in the project at: #{@project_root}
+          Be thorough. Use tools to read, write, test, and verify your work.
+          When done, summarize what you did.
+        PROMPT
       end
     end
   end

data/lib/rubyn_code/autonomous/idle_poller.rb

@@ -35,13 +35,9 @@ module RubynCode
           return :shutdown if monotonic_now >= deadline
 
           # Messages always take priority over tasks.
-          if has_pending_messages?
-            return :resume
-          end
+          return :resume if has_pending_messages?
 
-          if has_claimable_task?
-            return :resume
-          end
+          return :resume if has_claimable_task?
 
           remaining = deadline - monotonic_now
           return :shutdown if remaining <= 0
@@ -71,10 +67,10 @@ module RubynCode
 
         # Only re-inject if the identity is not already present as the
         # first user message.
-        first_user = messages.find { |m| m[:role] == "user" }
+        first_user = messages.find { |m| m[:role] == 'user' }
         return if first_user && first_user[:content].to_s.include?(identity[0, 100])
 
-        messages.unshift({ role: "user", content: identity })
+        messages.unshift({ role: 'user', content: identity })
       end
 
       private