rubyn-code 0.5.1 → 0.7.0

data/lib/rubyn_code/llm/adapters/anthropic.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'faraday'
 require 'json'
 require 'securerandom'
 require_relative '../message_builder'
@@ -8,9 +7,11 @@ require_relative '../message_builder'
 module RubynCode
   module LLM
     module Adapters
+      # rubocop:disable Metrics/ClassLength -- auth helpers + streaming + finalize are all needed
       class Anthropic < Base
         include JsonParsing
         include PromptCaching
+        include TokenCaching
 
         API_URL = 'https://api.anthropic.com/v1/messages'
         ANTHROPIC_VERSION = '2023-06-01'
@@ -18,8 +19,9 @@ module RubynCode
         RETRY_DELAYS = [2, 5, 10].freeze
 
         AVAILABLE_MODELS = %w[
+          claude-fable-5
+          claude-opus-4-8
           claude-sonnet-4-20250514
-          claude-opus-4-6
           claude-haiku-4-20250506
         ].freeze
 
@@ -46,30 +48,73 @@ module RubynCode
           execute_with_retries(body, on_text)
         end
 
-        private
+        # -- Auth helpers ----------------------------------------------
 
-        def api_url
-          API_URL
-        end
+        # Validate the active auth path before sending the request.
+        # Raises Client::AuthExpiredError with a clear message instead
+        # of letting the HTTP request fail with a 401.
+        def ensure_valid_token!
+          return if token_valid? && access_token && !access_token.empty?
 
-        # -- Auth ---------------------------------------------------------
+          return if !oauth_token? && api_key && !api_key.empty?
 
-        def oauth_token?
-          access_token.include?('sk-ant-oat')
+          raise Client::AuthExpiredError, 'No valid authentication configured'
         end
 
-        def ensure_valid_token!
-          return if Auth::TokenStore.valid?
+        # @return [Boolean] true when using the OAuth token (vs API key).
+        #   A token from the keychain (or marked source: :keychain /
+        #   :oauth) is treated as OAuth; a token from :env or
+        #   :tokens_file is treated as a long-lived API key.
+        def oauth_token?
+          token = raw_access_token
+          return false unless token.is_a?(Hash)
 
-          raise Client::AuthExpiredError,
-                'No valid authentication. Run `rubyn-code --auth` or set ANTHROPIC_API_KEY.'
+          source = token[:source] || token['source']
+          [:keychain, 'keychain', :oauth].include?(source)
         end
 
+        # @return [String, nil] the access token in use.
+        #   Accepts either a raw String token or a Hash like
+        #   { access_token: "...", expires_at: ..., source: :keychain }.
+        #   Memoized per-instance so that repeated calls during one
+        #   request don't re-hit the token store.
         def access_token
-          tokens = Auth::TokenStore.load
-          raise Client::AuthExpiredError, 'No stored access token' unless tokens&.dig(:access_token)
+          return @access_token if defined?(@access_token)
+
+          token = raw_access_token
+          @access_token =
+            case token
+            when nil    then nil
+            when String then token.empty? ? nil : token
+            when Hash   then token[:access_token] || token['access_token']
+            end
+        end
+
+        # @return [String, nil] the API key (ANTHROPIC_API_KEY), or nil
+        def api_key
+          ENV.fetch('ANTHROPIC_API_KEY', nil)
+        end
+
+        # @return [Boolean] true if the token store says the active
+        #   credential is still valid
+        def token_valid?
+          return true unless defined?(Auth::TokenStore)
+          return true unless Auth::TokenStore.respond_to?(:valid?)
+
+          Auth::TokenStore.valid?
+        end
+
+        def raw_access_token
+          return @raw_access_token if defined?(@raw_access_token)
 
-          tokens[:access_token]
+          @raw_access_token =
+            (Auth::TokenStore.load if defined?(Auth::TokenStore) && Auth::TokenStore.respond_to?(:load))
+        end
+
+        private
+
+        def api_url
+          API_URL
         end
 
         # -- Request execution --------------------------------------------
@@ -144,6 +189,7 @@ module RubynCode
 
           error_msg = extract_error_message(error_chunks.join)
 
+          invalidate_token_cache! if response.status == 401
           raise Client::AuthExpiredError, "Authentication expired: #{error_msg}" if response.status == 401
           raise Client::PromptTooLongError, "Prompt too long: #{error_msg}" if response.status == 413
 
@@ -167,6 +213,7 @@ module RubynCode
         end
 
         def build_faraday_connection
+          require 'faraday'
           Faraday.new do |f|
             f.options.timeout = 300
             f.options.open_timeout = 30
@@ -227,6 +274,7 @@ module RubynCode
           error_type = body&.dig('error', 'type') || 'api_error'
 
           log_api_error(response)
+          invalidate_token_cache! if response.status == 401
           raise Client::AuthExpiredError, "Authentication expired: #{error_msg}" if response.status == 401
           raise Client::PromptTooLongError, "Prompt too long: #{error_msg}" if response.status == 413
 
@@ -270,5 +318,6 @@ module RubynCode
         end
       end
     end
+    # rubocop:enable Metrics/ClassLength
   end
 end

data/lib/rubyn_code/llm/adapters/openai.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'faraday'
 require 'json'
 require_relative '../message_builder'
 
@@ -141,6 +140,7 @@ module RubynCode
         end
 
         def build_faraday_connection
+          require 'faraday'
           Faraday.new do |f|
             f.options.timeout = 300
             f.options.open_timeout = 30

data/lib/rubyn_code/llm/adapters/prompt_caching.rb

@@ -36,7 +36,11 @@ module RubynCode
         def add_message_cache_breakpoint(messages)
           return messages if messages.nil? || messages.empty?
 
-          tagged = messages.map(&:dup)
+          # Only the last message gets the cache_control tag, so only it
+          # needs to be duped — copying the whole history every call is
+          # wasted work on long conversations.
+          tagged = messages.dup
+          tagged[-1] = tagged[-1].dup
           tag_last_message_content(tagged.last)
           tagged
         end

data/lib/rubyn_code/llm/adapters/token_caching.rb

@@ -0,0 +1,54 @@
+# frozen_string_literal: true
+
+module RubynCode
+  module LLM
+    module Adapters
+      # Cached access to the Anthropic credential.
+      #
+      # TokenStore.load shells out to the macOS keychain, so the loaded
+      # tokens are cached per adapter instance. The cache drops itself once
+      # the token nears expiry (picking up an externally refreshed
+      # credential) and must be invalidated on 401 responses.
+      module TokenCaching
+        private
+
+        def oauth_token?
+          return @oauth_token unless @oauth_token.nil?
+
+          @oauth_token = access_token.include?('sk-ant-oat')
+        end
+
+        def ensure_valid_token!
+          return if Auth::TokenStore.valid_tokens?(tokens)
+
+          raise Client::AuthExpiredError,
+                'No valid authentication. Run `rubyn-code --auth` or set ANTHROPIC_API_KEY.'
+        end
+
+        def access_token
+          token = tokens&.fetch(:access_token, nil)
+          raise Client::AuthExpiredError, 'No stored access token' unless token
+
+          token
+        end
+
+        def tokens
+          invalidate_token_cache! if token_cache_stale?
+          @tokens ||= Auth::TokenStore.load
+        end
+
+        def token_cache_stale?
+          expires_at = @tokens&.fetch(:expires_at, nil)
+          return false unless expires_at
+
+          expires_at <= Time.now + Auth::TokenStore::EXPIRY_BUFFER_SECONDS
+        end
+
+        def invalidate_token_cache!
+          @tokens = nil
+          @oauth_token = nil
+        end
+      end
+    end
+  end
+end

data/lib/rubyn_code/llm/model_router.rb

@@ -14,7 +14,7 @@ module RubynCode
     #       models:
     #         cheap: claude-haiku-4-5
     #         mid: claude-sonnet-4-6
-    #         top: claude-opus-4-6
+    #         top: claude-opus-4-8
     #     openai:
     #       env_key: OPENAI_API_KEY
     #       models:
@@ -50,7 +50,7 @@ module RubynCode
           %w[openai gpt-5.4-mini]
         ].freeze,
         top: [
-          %w[anthropic claude-opus-4-6],
+          %w[anthropic claude-opus-4-8],
           %w[openai gpt-5.4]
         ].freeze
       }.freeze

data/lib/rubyn_code/mcp/client.rb

@@ -60,6 +60,63 @@ module RubynCode
                                 })
       end
 
+      # Returns the resources advertised by the server (empty unless the
+      # server declared the `resources` capability). Each entry is a Hash with
+      # "uri", "name", and optionally "description"/"mimeType".
+      #
+      # @return [Array<Hash>]
+      def resources
+        return [] unless supports_resources?
+
+        @resources ||= @transport.send_request('resources/list')&.fetch('resources', []) || []
+      rescue StandardError => e
+        RubynCode::Debug.warn("MCP '#{@name}' resources/list failed: #{e.message}")
+        []
+      end
+
+      # Reads a single resource by URI.
+      #
+      # @param uri [String]
+      # @return [Hash] result with a "contents" array
+      def read_resource(uri)
+        ensure_connected!
+        @transport.send_request('resources/read', { uri: uri })
+      end
+
+      # Returns the prompts advertised by the server (empty unless the server
+      # declared the `prompts` capability). Each entry has "name" and
+      # optionally "description"/"arguments".
+      #
+      # @return [Array<Hash>]
+      def prompts
+        return [] unless supports_prompts?
+
+        @prompts ||= @transport.send_request('prompts/list')&.fetch('prompts', []) || []
+      rescue StandardError => e
+        RubynCode::Debug.warn("MCP '#{@name}' prompts/list failed: #{e.message}")
+        []
+      end
+
+      # Fetches a prompt, expanding its template with the given arguments.
+      #
+      # @param name [String]
+      # @param arguments [Hash]
+      # @return [Hash] result with "messages" (and optionally "description")
+      def get_prompt(name, arguments = {})
+        ensure_connected!
+        @transport.send_request('prompts/get', { name: name, arguments: arguments })
+      end
+
+      # @return [Boolean] whether the server advertised the resources capability
+      def supports_resources?
+        @server_capabilities.is_a?(Hash) && @server_capabilities.key?('resources')
+      end
+
+      # @return [Boolean] whether the server advertised the prompts capability
+      def supports_prompts?
+        @server_capabilities.is_a?(Hash) && @server_capabilities.key?('prompts')
+      end
+
       # Gracefully disconnects from the MCP server.
       #
       # @return [void]
@@ -67,6 +124,8 @@ module RubynCode
         @transport.stop!
         @initialized = false
         @tools = nil
+        @resources = nil
+        @prompts = nil
       end
 
       # Returns whether the client is connected and the transport is alive.

data/lib/rubyn_code/mcp/server_extras_bridge.rb

@@ -0,0 +1,110 @@
+# frozen_string_literal: true
+
+module RubynCode
+  module MCP
+    # Bridges an MCP server's *resources* and *prompts* into native RubynCode
+    # tools — the non-"tools" half of the MCP surface. Split out of ToolBridge
+    # so tool bridging and resource/prompt bridging each stay one focused job.
+    #
+    # Each capability registers a single tool whose description lists what's
+    # available (resource URIs / prompt names) and reads or fetches any of them.
+    module ServerExtrasBridge
+      class << self
+        # If the server exposes resources, register one tool that lists the
+        # available URIs (in its description) and reads any of them.
+        #
+        # @return [Array<Class>] the [read_resource] tool class, or [] if none
+        def bridge_resources(mcp_client)
+          resources = safe_list(mcp_client, :resources)
+          return [] if resources.empty?
+
+          klass = create_resource_tool(mcp_client, resources)
+          Tools::Registry.register(klass)
+          [klass]
+        end
+
+        # If the server exposes prompts, register one tool that lists the
+        # available prompt names and fetches any of them (with arguments).
+        #
+        # @return [Array<Class>] the [get_prompt] tool class, or [] if none
+        def bridge_prompts(mcp_client)
+          prompts = safe_list(mcp_client, :prompts)
+          return [] if prompts.empty?
+
+          klass = create_prompt_tool(mcp_client, prompts)
+          Tools::Registry.register(klass)
+          [klass]
+        end
+
+        private
+
+        def safe_list(mcp_client, method)
+          Array(mcp_client.public_send(method))
+        rescue StandardError
+          []
+        end
+
+        def create_resource_tool(mcp_client, resources)
+          listing = resources.map { |r| "- #{r['uri']}#{r['name'] && " (#{r['name']})"}" }.join("\n")
+          description = "Read a resource from MCP server '#{mcp_client.name}'. Available resources:\n#{listing}"
+          params = { uri: { type: :string, description: 'The resource URI to read', required: true } }
+
+          tool_name = "mcp_#{ToolBridge.sanitize_name(mcp_client.name)}_read_resource"
+          build_dynamic_tool(tool_name, description, params) do |args|
+            format_resource_contents(mcp_client.read_resource(args[:uri] || args['uri']))
+          end
+        end
+
+        def create_prompt_tool(mcp_client, prompts)
+          listing = prompts.map { |p| "- #{p['name']}#{p['description'] && ": #{p['description']}"}" }.join("\n")
+          description = "Fetch a prompt from MCP server '#{mcp_client.name}'. Available prompts:\n#{listing}"
+          params = {
+            name: { type: :string, description: 'The prompt name', required: true },
+            arguments: { type: :object, description: 'Prompt arguments (optional)', required: false }
+          }
+
+          tool_name = "mcp_#{ToolBridge.sanitize_name(mcp_client.name)}_get_prompt"
+          build_dynamic_tool(tool_name, description, params) do |args|
+            result = mcp_client.get_prompt(args[:name] || args['name'], args[:arguments] || args['arguments'] || {})
+            format_prompt_messages(result)
+          end
+        end
+
+        # Build a Tools::Base subclass whose #execute delegates to the block.
+        def build_dynamic_tool(tool_name, description, parameters, &handler)
+          Class.new(Tools::Base) do
+            const_set(:TOOL_NAME, tool_name)
+            const_set(:DESCRIPTION, description)
+            const_set(:PARAMETERS, parameters)
+            const_set(:RISK_LEVEL, :external)
+            const_set(:REQUIRES_CONFIRMATION, true)
+
+            define_method(:execute) { |**params| handler.call(params) }
+          end
+        end
+
+        def format_resource_contents(result)
+          contents = result.is_a?(Hash) ? Array(result['contents']) : []
+          return result.to_s if contents.empty?
+
+          contents.map { |c| c['text'] || "[binary resource: #{c['uri']} #{c['mimeType']}]" }.join("\n")
+        end
+
+        def format_prompt_messages(result)
+          messages = result.is_a?(Hash) ? Array(result['messages']) : []
+          return result.to_s if messages.empty?
+
+          messages.map { |m| "#{m['role']}: #{prompt_message_text(m['content'])}" }.join("\n\n")
+        end
+
+        def prompt_message_text(content)
+          case content
+          when Hash then content['text'] || content.to_s
+          when Array then content.map { |b| b.is_a?(Hash) ? b['text'] : b }.compact.join("\n")
+          else content.to_s
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rubyn_code/mcp/sse_transport.rb

@@ -1,6 +1,5 @@
 # frozen_string_literal: true
 
-require 'faraday'
 require 'json'
 require 'uri'
 
@@ -111,6 +110,7 @@ module RubynCode
       end
 
       def connection
+        require 'faraday'
         @connection ||= Faraday.new(url: base_url) do |f|
           f.options.timeout = @timeout
           f.options.open_timeout = @timeout
@@ -165,6 +165,7 @@ module RubynCode
       end
 
       def build_sse_connection
+        require 'faraday'
         Faraday.new(url: base_url) do |f|
           f.options.timeout = nil
           f.options.open_timeout = @timeout

data/lib/rubyn_code/mcp/tool_bridge.rb

@@ -10,6 +10,9 @@ module RubynCode
     # - Has RISK_LEVEL = :external
     # - Delegates #execute to the MCP client's #call_tool
     # - Registers itself with Tools::Registry
+    #
+    # A server's resources and prompts are bridged separately by
+    # {ServerExtrasBridge}, which #bridge folds into the returned classes.
     module ToolBridge
       JSON_TYPE_MAP = {
         'string' => :string, 'integer' => :integer, 'number' => :number,
@@ -18,17 +21,24 @@ module RubynCode
 
       class << self
         # Discovers tools from an MCP client and creates corresponding
-        # RubynCode tool classes.
+        # RubynCode tool classes (plus any resource/prompt bridge tools).
         #
         # @param mcp_client [MCP::Client] a connected MCP client
         # @return [Array<Class>] the dynamically created tool classes
         def bridge(mcp_client)
-          tools = mcp_client.tools
-          return [] if tools.nil? || tools.empty?
+          classes = Array(mcp_client.tools).map { |tool_def| build_tool_class(mcp_client, tool_def) }
+          classes.concat(ServerExtrasBridge.bridge_resources(mcp_client))
+          classes.concat(ServerExtrasBridge.bridge_prompts(mcp_client))
+          classes
+        end
 
-          tools.map do |tool_def|
-            build_tool_class(mcp_client, tool_def)
-          end
+        # Sanitizes a tool name into a Ruby-friendly identifier. Public so
+        # {ServerExtrasBridge} names its resource/prompt tools the same way.
+        #
+        # @param name [String] the original tool name
+        # @return [String] sanitized name
+        def sanitize_name(name)
+          name.to_s.gsub(/[^a-zA-Z0-9_]/, '_').gsub(/_+/, '_').downcase
         end
 
         private
@@ -119,14 +129,6 @@ module RubynCode
         def map_json_type(json_type)
           JSON_TYPE_MAP.fetch(json_type, :string)
         end
-
-        # Sanitizes a tool name for use as a Ruby-friendly identifier.
-        #
-        # @param name [String] the original tool name
-        # @return [String] sanitized name
-        def sanitize_name(name)
-          name.to_s.gsub(/[^a-zA-Z0-9_]/, '_').gsub(/_+/, '_').downcase
-        end
       end
     end
   end

data/lib/rubyn_code/megaplan/ci_recovery.rb

@@ -1,4 +1,4 @@
-  # frozen_string_literal: true
+# frozen_string_literal: true
 
 module RubynCode
   module Megaplan
@@ -17,7 +17,7 @@ module RubynCode
     class CiRecovery
       class RecoveryError < RubynCode::Error; end
 
-      SYSTEM_PROMPT = <<~PROMPT.freeze
+      SYSTEM_PROMPT = <<~PROMPT
         You are Rubyn doing CI auto-recovery on a megaplan PR.
 
         Read the failing job log, identify the root cause, push a fix
@@ -93,7 +93,7 @@ module RubynCode
         end
       end
 
-      def default_agent_invoker(prompt, _context)
+      def default_agent_invoker(_prompt, _context)
         # Stub for now — real wiring happens in RecoverCiHandler which has
         # an Agent::Loop on hand. The handler injects its own invoker via
         # the constructor.

data/lib/rubyn_code/megaplan/interview_session.rb

@@ -1,4 +1,4 @@
-  # frozen_string_literal: true
+# frozen_string_literal: true
 
 require 'json'
 require 'securerandom'
@@ -65,7 +65,7 @@ module RubynCode
       # The skill teaches *what* a megaplan is and *how* to interview; this
       # contract teaches the LLM the wire format the gem expects on every
       # turn AND that its tool palette is read-only.
-      JSON_OUTPUT_CONTRACT = <<~CONTRACT.freeze
+      JSON_OUTPUT_CONTRACT = <<~CONTRACT
         # Output contract (overrides any other formatting instinct)
 
         You are an interviewer, not a coding agent. You have a READ-ONLY
@@ -192,13 +192,18 @@ module RubynCode
           result = if INTERVIEW_TOOLS.include?(call.name.to_s)
                      @executor.execute(call.name, stringify_keys(call.input))
                    else
-                     "Tool '#{call.name}' is not available in interview mode (read-only palette: #{INTERVIEW_TOOLS.join(', ')})."
+                     unavailable_tool_message(call.name)
                    end
           { type: 'tool_result', tool_use_id: call.id, content: result.to_s }
         end
         { role: 'user', content: content }
       end
 
+      def unavailable_tool_message(name)
+        "Tool '#{name}' is not available in interview mode " \
+          "(read-only palette: #{INTERVIEW_TOOLS.join(', ')})."
+      end
+
       def stringify_keys(input)
         return input unless input.is_a?(Hash)
 

data/lib/rubyn_code/megaplan/plan_proposer.rb

@@ -1,4 +1,4 @@
-  # frozen_string_literal: true
+# frozen_string_literal: true
 
 require 'json'
 require 'securerandom'
@@ -18,7 +18,7 @@ module RubynCode
       class InvalidProposalError < RubynCode::Error; end
 
       MAX_PHASES = 12
-      DEFAULT_SYSTEM_PROMPT = <<~PROMPT.freeze
+      DEFAULT_SYSTEM_PROMPT = <<~PROMPT
         You are a senior Ruby/Rails architect breaking a feature request into a megaplan.
 
         A megaplan is a multi-phase development plan where each phase is a
@@ -127,7 +127,7 @@ module RubynCode
         slug = slugify(feature) if slug.empty?
         phases = payload['phases'].each_with_index.map do |phase, idx|
           {
-            'number' => phase['number'] || idx + 1,
+            'number' => phase['number'] || (idx + 1),
             'slug' => (phase['slug'].to_s.strip.empty? ? slugify(phase['name']) : phase['slug']),
             'name' => phase['name'],
             'summary' => phase['summary'],

data/lib/rubyn_code/memory/search.rb

@@ -6,9 +6,10 @@ require_relative 'models'
 module RubynCode
   module Memory
     # Searches memories using SQLite FTS5 full-text search and standard
-    # queries. Every search method automatically increments access_count
-    # and updates last_accessed_at on returned records, reinforcing
-    # frequently-accessed memories against decay.
+    # queries. Search methods automatically increment access_count and
+    # update last_accessed_at on returned records, reinforcing
+    # frequently-accessed memories against decay; #recent accepts
+    # touch: false to opt out for passive reads.
     class Search
       # @param db [DB::Connection] database connection
       # @param project_path [String] scoping path for searches
@@ -60,8 +61,11 @@ module RubynCode
       # Returns the most recently created memories.
       #
       # @param limit [Integer] maximum results (default 10)
+      # @param touch [Boolean] whether to record an access on returned
+      #   records; pass false for passive reads (e.g. prompt assembly)
+      #   that shouldn't reinforce memories or issue a write
       # @return [Array<MemoryRecord>]
-      def recent(limit: 10)
+      def recent(limit: 10, touch: true)
         rows = @db.query(<<~SQL, [@project_path, limit]).to_a
           SELECT id, project_path, tier, category, content,
                  relevance_score, access_count, last_accessed_at,
@@ -73,7 +77,7 @@ module RubynCode
         SQL
 
         records = rows.map { |row| build_record(row) }
-        touch_accessed(records)
+        touch_accessed(records) if touch
         records
       end