rubyn 0.1.5 → 0.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 36a16de7cb6802b6a29f1a5ac6f4b6688cd5761c5ac9d3cf90986842885f3e26
-  data.tar.gz: de2d885c2cd2ba5828817b4242de06b5c05296aa264546e017d3fdf06c9e9bac
+  metadata.gz: 0f569a00574395ca84d1262fe5e1b1e43ae3a9f45cbad8bcd635b5f77bc8f964
+  data.tar.gz: b649ccb9d369f8d043c7894a2e203aa2de135b5696f0ba3385d58d9cf104595d
 SHA512:
-  metadata.gz: 0cdc367ce9ff58c530f3c6fcb5ddacddcc0e7af44763258e62c4226f5531fe5b8d5b8608fa305800be01a2397241c9191e83c31f75114589a3d814da68337c3d
-  data.tar.gz: 504ae8345f735d6476576f40b16d84cb5959e3732f29c7a145a06f0c5ae7b665abd3a25bd6d13c3513c8eec31d9caad3272510b155b7508ca23be6b530b02019
+  metadata.gz: fba7fe70671bbd022cee098572ce9afa1fe5e936983321a7ab04dde76ef088014ac5adad49baa5d9cdb3ea3ee0aa107a36ce5f44c91113dfdc8643fac799c3d6
+  data.tar.gz: d64d44658a121a84810c8c659ecf94b71310b6a5f5d88a6954b5301869f2422a2b968001b1fd8612b664b892426fa8b6d769a5eeb15e61610f4724d7ac63f887

data/lib/rubyn/client/api_client.rb

@@ -3,6 +3,7 @@
 require "faraday"
 require "faraday/multipart"
 require "json"
+require "securerandom"
 
 module Rubyn
   module Client
@@ -19,7 +20,7 @@ module Rubyn
       end
 
       def refactor(file_path:, code:, context_files:, project_token:)
-        post("/api/v1/ai/refactor", {
+        post_with_recovery("/api/v1/ai/refactor", {
                file_path: file_path,
                code: code,
                context_files: context_files,
@@ -28,7 +29,7 @@ module Rubyn
       end
 
       def generate_spec(file_path:, code:, context_files:, project_token:)
-        post("/api/v1/ai/spec", {
+        post_with_recovery("/api/v1/ai/spec", {
                file_path: file_path,
                code: code,
                context_files: context_files,
@@ -37,7 +38,7 @@ module Rubyn
       end
 
       def review(files:, context_files:, project_token:)
-        post("/api/v1/ai/review", {
+        post_with_recovery("/api/v1/ai/review", {
                files: files,
                context_files: context_files,
                project_token: project_token
@@ -45,7 +46,7 @@ module Rubyn
       end
 
       def agent_message(conversation_id:, message:, file_context:, project_token:)
-        post("/api/v1/ai/agent", {
+        post_with_recovery("/api/v1/ai/agent", {
                conversation_id: conversation_id,
                message: message,
                file_context: file_context,
@@ -99,6 +100,10 @@ module Rubyn
         get("/api/v1/usage/history", page: page)
       end
 
+      def fetch_interaction(request_uuid:)
+        get("/api/v1/ai/interactions/#{request_uuid}")
+      end
+
       def submit_feedback(interaction_id:, rating:, feedback: nil)
         post("/api/v1/feedback", {
                interaction_id: interaction_id,
@@ -128,17 +133,69 @@ module Rubyn
       def get(path, params = {})
         response = connection.get(path, params)
         parse_response(response)
+      rescue Faraday::ConnectionFailed, Faraday::TimeoutError => e
+        raise APIError, "Could not connect to #{@base_url} — #{e.message}"
       end
 
       def post(path, body = {})
         response = connection.post(path, body)
         parse_response(response)
+      rescue Faraday::ConnectionFailed, Faraday::TimeoutError => e
+        raise APIError, "Could not connect to #{@base_url} — #{e.message}"
+      end
+
+      def post_with_recovery(path, body = {})
+        request_uuid = SecureRandom.uuid
+        body[:request_uuid] = request_uuid
+
+        response = connection.post(path, body)
+        parse_response(response)
+      rescue Faraday::TimeoutError
+        recover_response(request_uuid)
+      rescue Faraday::ConnectionFailed => e
+        raise APIError, "Could not connect to #{@base_url} — #{e.message}"
+      end
+
+      RECOVERY_MESSAGES = [
+        "Still polishing those gems...",
+        "Matz would want us to be patient...",
+        "DHH didn't build Rails in a day...",
+        "Optimizing for developer happiness...",
+        "Almost there, just one more .each...",
+        "Your code is worth the wait..."
+      ].freeze
+
+      def recover_response(request_uuid)
+        Rubyn::Output::Formatter.newline
+        Rubyn::Output::Formatter.warning("Hang tight! Your response is still cooking...")
+
+        RECOVERY_MESSAGES.each do |message|
+          sleep 5
+          begin
+            result = fetch_interaction(request_uuid: request_uuid)
+            if result && result["response"].to_s.length > 0
+              Rubyn::Output::Formatter.success("Got it!")
+              Rubyn::Output::Formatter.newline
+              return result
+            end
+          rescue APIError => e
+            break if e.message.include?("not found")
+          end
+          Rubyn::Output::Formatter.info(message)
+        end
+
+        raise APIError, "Request timed out and the response could not be recovered. Your credits were not charged."
       end
 
       def parse_response(response)
-        return response.body if response.status.between?(200, 299)
+        json_body = response.body.is_a?(Hash) || response.body.is_a?(Array)
+
+        if response.status.between?(200, 299)
+          raise APIError, "Unexpected response from server (status #{response.status}). Expected JSON but got #{response.headers["content-type"] || "unknown content type"}." unless json_body
+          return response.body
+        end
 
-        message = extract_error_message(response)
+        message = json_body ? extract_error_message(response) : nil
 
         case response.status
         when 400

data/lib/rubyn/commands/init.rb

@@ -114,9 +114,43 @@ module Rubyn
                                              "project_token" => project.fetch("project_token"),
                                              "project_id" => project.fetch("id")
                                            })
+        write_default_security_config
         ensure_gitignore
       end
 
+      def write_default_security_config
+        path = File.join(Dir.pwd, ".rubyn", "security.yml")
+        return if File.exist?(path)
+
+        content = <<~YAML
+          # Rubyn Security Configuration
+          #
+          # blocked_files: Files the agent can NEVER read or write.
+          #   These are hard-blocked — no confirmation prompt, just denied.
+          #
+          # sensitive_files: Files the agent can read ONLY with your approval.
+          #   You'll be prompted before the agent can access these.
+          #
+          # Patterns support exact paths and directory prefixes:
+          #   - config/master.key        (exact file)
+          #   - config/credentials       (entire directory)
+          #   - .env.*                   (glob pattern)
+
+          blocked_files:
+            - config/master.key
+            - config/credentials.yml.enc
+            - config/credentials
+
+          sensitive_files:
+            - .env
+            - .env.*
+            - config/database.yml
+            - config/secrets.yml
+        YAML
+
+        File.write(path, content)
+      end
+
       def ensure_gitignore
         gitignore_path = File.join(Dir.pwd, ".gitignore")
         return unless File.exist?(gitignore_path)

data/lib/rubyn/context/response_parser.rb

@@ -3,9 +3,11 @@
 module Rubyn
   module Context
     class ResponseParser
-      BOLD_HEADER = /\*\*(New|Updated|Modified)\s*(?:file)?:\s*([a-zA-Z0-9_\/\.\-]+\.rb)\*\*/i
-      BACKTICK_PATH = /`([a-zA-Z0-9_\/\.\-]+\.rb)`\s*\z/
-      INLINE_COMMENT = /^#\s*([a-zA-Z0-9_\/\.\-]+\.rb)/
+      FILE_EXT = /[a-zA-Z0-9_\/\.\-]+\.[a-zA-Z0-9\.]+/
+      BOLD_HEADER = /\*\*(New|Updated|Modified)\s*(?:file)?:\s*(#{FILE_EXT})\*\*/i
+      BACKTICK_PATH = /`(#{FILE_EXT})`\s*\z/
+      INLINE_COMMENT = /^(?:#|<%#)\s*(#{FILE_EXT})/
+      CODE_FENCE = /```\w+\n.*?```/m
 
       def self.extract_file_blocks(response)
         new(response).extract
@@ -17,12 +19,12 @@ module Rubyn
 
       def extract
         blocks = []
-        parts = @response.split(/(```ruby\n.*?```)/m)
+        parts = @response.split(/(#{CODE_FENCE})/m)
 
         parts.each_with_index do |part, i|
-          next unless part.start_with?("```ruby\n")
+          next unless part.match?(/\A```\w+\n/)
 
-          code = part.sub(/\A```ruby\n/, "").sub(/```\z/, "")
+          code = part.sub(/\A```\w+\n/, "").sub(/```\z/, "")
           preceding = i > 0 ? parts[i - 1] : ""
           result = detect_path(preceding, code)
 

data/lib/rubyn/tools/base_tool.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "yaml"
+
 module Rubyn
   module Tools
     class BaseTool
@@ -38,6 +40,18 @@ module Rubyn
       EXCLUDED_DIRS = %w[.git node_modules vendor/bundle vendor tmp].freeze
       DEFAULT_MAX_OUTPUT_LENGTH = 10_000
 
+      BLOCKED_FILES = %w[
+        config/master.key
+        config/credentials.yml.enc
+        config/credentials
+      ].freeze
+
+      SENSITIVE_FILES = %w[
+        .env
+      ].freeze
+
+      SECURITY_CONFIG_FILE = File.join(".rubyn", "security.yml").freeze
+
       private
 
       def excluded?(path)
@@ -55,9 +69,44 @@ module Rubyn
         expanded = File.expand_path(path, project_root)
         return error("Access denied: path is outside project root") unless expanded.start_with?(project_root)
 
+        rel = expanded.sub("#{project_root}/", "")
+        return error("Access denied: #{rel} is a protected file") if blocked_file?(rel)
+
         expanded
       end
 
+      def blocked_file?(relative_path)
+        all_blocked = BLOCKED_FILES + security_config("blocked_files")
+        matches_any?(relative_path, all_blocked)
+      end
+
+      def sensitive_file?(relative_path)
+        all_sensitive = SENSITIVE_FILES + security_config("sensitive_files")
+        matches_any?(relative_path, all_sensitive)
+      end
+
+      def matches_any?(relative_path, patterns)
+        patterns.any? do |pattern|
+          relative_path == pattern ||
+            relative_path.start_with?("#{pattern}/") ||
+            File.fnmatch?(pattern, relative_path, File::FNM_PATHNAME)
+        end
+      end
+
+      def security_config(key)
+        @security_config ||= load_security_config
+        @security_config.fetch(key, [])
+      end
+
+      def load_security_config
+        path = File.join(project_root, SECURITY_CONFIG_FILE)
+        return {} unless File.exist?(path)
+
+        YAML.safe_load_file(path) || {}
+      rescue Psych::SyntaxError
+        {}
+      end
+
       def relative_path(full_path)
         full_path.sub("#{project_root}/", "")
       end

data/lib/rubyn/tools/executor.rb

@@ -28,7 +28,20 @@ module Rubyn
           return { success: false, error: "denied_by_user" }
         end
 
-        tool.call(params)
+        result = tool.call(params)
+
+        if result.is_a?(Hash) && result[:error].to_s.start_with?("sensitive_file:")
+          file = result[:error].sub("sensitive_file:", "")
+          Rubyn::Output::Formatter.warning("Agent wants to read sensitive file: #{file}")
+          print "Allow? (y/n) "
+          if $stdin.gets&.strip&.downcase == "y"
+            tool.call(params.merge(skip_sensitive_check: true))
+          else
+            { success: false, error: "denied_by_user" }
+          end
+        else
+          result
+        end
       rescue StandardError => e
         { success: false, error: "#{e.class}: #{e.message}" }
       end

data/lib/rubyn/tools/find_files.rb

@@ -21,6 +21,7 @@ module Rubyn
         files = all_files
                 .reject { |f| excluded?(f) }
                 .select { |f| File.file?(f) }
+                .reject { |f| blocked_file?(relative_path(f)) }
                 .first(MAX_RESULTS)
                 .map { |f| relative_path(f) }
 

data/lib/rubyn/tools/find_references.rb

@@ -28,6 +28,7 @@ module Rubyn
         rb_files.each do |file|
           break if references.size >= MAX_RESULTS
           next if excluded?(file)
+          next if blocked_file?(relative_path(file))
 
           search_file_for_references(file, regex, references)
         end

data/lib/rubyn/tools/read_file.rb

@@ -19,9 +19,13 @@ module Rubyn
         return resolved if resolved.is_a?(Hash) && resolved[:error]
 
         return error("File not found: #{params[:path]}") unless File.exist?(resolved)
-
         return error("Not a file: #{params[:path]}") unless File.file?(resolved)
 
+        rel = relative_path(resolved)
+        if sensitive_file?(rel) && !params[:skip_sensitive_check]
+          return error("sensitive_file:#{params[:path]}")
+        end
+
         lines = File.readlines(resolved)
         total_lines = lines.length
 

data/lib/rubyn/tools/search_files.rb

@@ -39,6 +39,8 @@ module Rubyn
           break if matches.size >= MAX_MATCHES
           next unless File.file?(file)
           next if excluded?(file)
+          next if blocked_file?(relative_path(file))
+          next if sensitive_file?(relative_path(file))
           next if binary?(file)
 
           search_in_file(file, regex, matches)

data/lib/rubyn/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Rubyn
-  VERSION = "0.1.5"
+  VERSION = "0.1.6"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rubyn
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.1.6
 platform: ruby
 authors:
 - matthewsuttles