spurline-deploy 0.3.0

data/lib/spurline/dsl/hooks.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module Spurline
+  module DSL
+    # DSL for registering lifecycle event hooks.
+    # Registers configuration at class load time — never executes behavior.
+    module Hooks
+      HOOK_TYPES = %i[
+        on_start
+        on_turn_start
+        on_tool_call
+        on_turn_end
+        on_suspend
+        on_resume
+        on_finish
+        on_error
+        on_child_spawn
+        on_child_complete
+        on_child_error
+      ].freeze
+
+      def self.included(base)
+        base.extend(ClassMethods)
+      end
+
+      module ClassMethods
+        HOOK_TYPES.each do |hook_type|
+          define_method(hook_type) do |&block|
+            @hooks ||= {}
+            @hooks[hook_type] ||= []
+            @hooks[hook_type] << block
+          end
+        end
+
+        def hooks_config
+          own = @hooks || {}
+          if superclass.respond_to?(:hooks_config)
+            inherited = superclass.hooks_config
+            merged = inherited.dup
+            own.each do |type, blocks|
+              merged[type] = (merged[type] || []) + blocks
+            end
+            merged
+          else
+            own
+          end
+        end
+      end
+    end
+  end
+end

data/lib/spurline/dsl/memory.rb

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+module Spurline
+  module DSL
+    # DSL for configuring agent memory stores.
+    # Registers configuration at class load time — never executes behavior.
+    module Memory
+      def self.included(base)
+        base.extend(ClassMethods)
+      end
+
+      module ClassMethods
+        def memory(type, **options)
+          @memory_config ||= {}
+          @memory_config[type.to_sym] = options
+        end
+
+        # Shorthand for toggling episodic memory recording.
+        #
+        #   episodic false
+        #   episodic true
+        #
+        def episodic(enabled = true)
+          @memory_config ||= {}
+          @memory_config[:episodic] = { enabled: !!enabled }
+        end
+
+        def memory_config
+          own = @memory_config || {}
+          if superclass.respond_to?(:memory_config)
+            superclass.memory_config.merge(own)
+          else
+            own
+          end
+        end
+      end
+    end
+  end
+end

data/lib/spurline/dsl/model.rb

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+module Spurline
+  module DSL
+    # DSL for configuring which LLM model an agent uses.
+    # Registers configuration at class load time — never executes behavior.
+    module Model
+      def self.included(base)
+        base.extend(ClassMethods)
+      end
+
+      module ClassMethods
+        def use_model(name, **options)
+          @model_config = { name: name.to_sym, **options }
+        end
+
+        def model_config
+          @model_config || (superclass.respond_to?(:model_config) ? superclass.model_config : nil)
+        end
+      end
+    end
+  end
+end

data/lib/spurline/dsl/persona.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module Spurline
+  module DSL
+    # DSL for defining agent personas (system prompts).
+    # Registers configuration at class load time — never executes behavior.
+    module Persona
+      def self.included(base)
+        base.extend(ClassMethods)
+      end
+
+      module ClassMethods
+        def persona(name = :default, &block)
+          @persona_configs ||= {}
+          config = PersonaConfig.new
+          config.instance_eval(&block)
+          @persona_configs[name.to_sym] = config
+        end
+
+        def persona_configs
+          own = @persona_configs || {}
+          inherited = if superclass.respond_to?(:persona_configs)
+            superclass.persona_configs
+          else
+            {}
+          end
+          inherited.merge(own)
+        end
+      end
+
+      # Internal config object for persona DSL blocks.
+      class PersonaConfig
+        attr_reader :system_prompt_text
+
+        def initialize
+          @system_prompt_text = ""
+          @_inject_date = false
+          @_inject_user_context = false
+          @_inject_agent_context = false
+        end
+
+        def system_prompt(text)
+          @system_prompt_text = text
+        end
+
+        # DSL setters (used inside persona blocks)
+        def inject_date(val = true)
+          @_inject_date = val
+        end
+
+        def inject_user_context(val = true)
+          @_inject_user_context = val
+        end
+
+        def inject_agent_context(val = true)
+          @_inject_agent_context = val
+        end
+
+        # Predicate readers (used when compiling persona config)
+        def date_injected?
+          @_inject_date
+        end
+
+        def user_context_injected?
+          @_inject_user_context
+        end
+
+        def agent_context_injected?
+          @_inject_agent_context
+        end
+      end
+    end
+  end
+end

data/lib/spurline/dsl/suspend_until.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require_relative "../lifecycle/suspension_boundary"
+
+module Spurline
+  module DSL
+    module SuspendUntil
+      def self.included(base)
+        base.extend(ClassMethods)
+      end
+
+      module ClassMethods
+        # Declares a suspension condition for this agent class.
+        #
+        # Usage:
+        #   suspend_until :tool_calls, count: 3
+        #   suspend_until :custom, &block
+        def suspend_until(type = nil, **options, &block)
+          @suspension_config = { type: type, options: options, block: block }
+        end
+
+        def suspension_config
+          @suspension_config || superclass_suspension_config
+        end
+
+        # Builds a SuspensionCheck from the declarative config.
+        def build_suspension_check
+          config = suspension_config
+          return Lifecycle::SuspensionCheck.none unless config
+
+          case config[:type]
+          when :tool_calls
+            Lifecycle::SuspensionCheck.after_tool_calls(config[:options][:count])
+          when :custom
+            Lifecycle::SuspensionCheck.new(&config[:block])
+          else
+            Lifecycle::SuspensionCheck.none
+          end
+        end
+
+        private
+
+        def superclass_suspension_config
+          if superclass.respond_to?(:suspension_config)
+            superclass.suspension_config
+          else
+            nil
+          end
+        end
+      end
+    end
+  end
+end

data/lib/spurline/dsl/tools.rb

@@ -0,0 +1,176 @@
+# frozen_string_literal: true
+require "pathname"
+
+module Spurline
+  module DSL
+    # DSL for declaring which tools an agent can use.
+    # Registers configuration at class load time — never executes behavior.
+    #
+    # Supports per-tool config overrides:
+    #   tools :web_search, file_delete: { requires_confirmation: true, timeout: 30 }
+    module Tools
+      def self.included(base)
+        base.extend(ClassMethods)
+      end
+
+      module ClassMethods
+        IDEMPOTENCY_OPTION_KEYS = %i[
+          idempotent
+          idempotency_key
+          idempotency_ttl
+          idempotency_key_fn
+        ].freeze
+
+        def tools(*tool_names, **tool_configs)
+          @tool_config ||= { names: [], configs: {} }
+          tool_names.each { |name| @tool_config[:names] << name.to_sym }
+          tool_configs.each do |name, config|
+            @tool_config[:names] << name.to_sym
+            existing = @tool_config[:configs][name.to_sym]
+            @tool_config[:configs][name.to_sym] = existing ? existing.merge(config) : config
+          end
+        end
+
+        # Include one or more toolkits by name. Toolkit expansion is deferred
+        # until tool_config is accessed, so toolkits can be registered after
+        # agent classes are defined (supports any boot order).
+        #
+        #   toolkits :git, :linear
+        #   toolkits :provisioning, provisioning: { scoped: true }
+        #
+        def toolkits(*toolkit_names, **overrides)
+          @pending_toolkits ||= []
+          @pending_toolkits << { names: toolkit_names.map(&:to_sym), overrides: overrides }
+        end
+
+        def tool_config
+          expand_pending_toolkits!
+          own = @tool_config || { names: [], configs: {} }
+          if superclass.respond_to?(:tool_config)
+            inherited = superclass.tool_config
+            {
+              names: (inherited[:names] + own[:names]).uniq,
+              configs: inherited[:configs].merge(own[:configs]),
+            }
+          else
+            own
+          end
+        end
+
+        # Returns per-tool configuration for a specific tool.
+        def tool_config_for(tool_name)
+          tool_config[:configs][tool_name.to_sym] || {}
+        end
+
+        # Effective per-tool idempotency options from DSL config.
+        def idempotency_config
+          tool_config[:configs].each_with_object({}) do |(tool_name, config), result|
+            next unless config.is_a?(Hash)
+
+            options = symbolize_hash(config).slice(*IDEMPOTENCY_OPTION_KEYS)
+            next if options.empty?
+
+            result[tool_name.to_sym] = options
+          end
+        end
+
+        # Effective permissions applied by Tools::Runner.
+        # Merge order: spur defaults -> agent inline config -> YAML overrides.
+        def permissions_config
+          merged = {}
+          deep_merge_permissions!(merged, spur_default_permissions)
+          deep_merge_permissions!(merged, inline_tool_permissions)
+          deep_merge_permissions!(merged, yaml_permissions)
+          merged
+        end
+
+        private
+
+        def expand_pending_toolkits!
+          return unless instance_variable_defined?(:@pending_toolkits) && @pending_toolkits&.any?
+
+          pending = @pending_toolkits
+          @pending_toolkits = nil
+
+          pending.each do |ref|
+            ref[:names].each do |tk_name|
+              toolkit = self.toolkit_registry.fetch(tk_name)
+
+              # Toolkits own their tools — register them into the agent's tool registry.
+              toolkit.tool_classes.each do |tool_name, tool_class|
+                self.tool_registry.register(tool_name, tool_class) unless self.tool_registry.registered?(tool_name)
+              end
+
+              tool_names = toolkit.tools
+              shared = toolkit.shared_config
+
+              if shared.empty? && ref[:overrides].empty?
+                tools(*tool_names)
+              else
+                tool_configs = {}
+                tool_names.each do |tool_name|
+                  merged = shared.dup
+                  merged.merge!(ref[:overrides][tk_name] || {})
+                  tool_configs[tool_name] = merged unless merged.empty?
+                end
+                tools(*tool_names, **tool_configs)
+              end
+            end
+          end
+        end
+
+        def spur_default_permissions
+          return {} unless defined?(Spurline::Spur)
+
+          Spurline::Spur.registry.each_with_object({}) do |(_name, info), result|
+            next unless info.is_a?(Hash)
+
+            defaults = symbolize_hash(info[:permissions] || info["permissions"])
+            next if defaults.empty?
+
+            tools = info[:tools] || info["tools"] || []
+            tools.each do |tool_name|
+              result[tool_name.to_sym] ||= {}
+              result[tool_name.to_sym].merge!(defaults)
+            end
+          end
+        end
+
+        def inline_tool_permissions
+          tool_config[:configs].each_with_object({}) do |(tool_name, config), result|
+            result[tool_name.to_sym] = symbolize_hash(config)
+          end
+        end
+
+        def yaml_permissions
+          path = resolve_permissions_path
+          Spurline::Tools::Permissions.load_file(path)
+        end
+
+        def resolve_permissions_path
+          configured = Spurline.config.permissions_file
+          return nil if configured.nil? || configured.to_s.strip.empty?
+          return configured if Pathname.new(configured).absolute?
+
+          File.expand_path(configured.to_s, Dir.pwd)
+        end
+
+        def deep_merge_permissions!(base, incoming)
+          incoming.each do |tool_name, tool_config_hash|
+            key = tool_name.to_sym
+            base[key] ||= {}
+            base[key].merge!(symbolize_hash(tool_config_hash))
+          end
+        end
+
+        def symbolize_hash(value)
+          return {} unless value.is_a?(Hash)
+
+          value.each_with_object({}) do |(k, v), result|
+            result[k.to_sym] = v
+          end
+        end
+      end
+    end
+  end
+end

data/lib/spurline/errors.rb

@@ -0,0 +1,109 @@
+# frozen_string_literal: true
+
+# Eagerly loaded by lib/spurline.rb and ignored by Zeitwerk.
+# This is the one file that breaks the autoloading convention, because
+# error classes must be available before any framework code runs and
+# they define multiple constants directly under Spurline.
+
+module Spurline
+  # Base error for all Spurline errors. Rescue this to catch any framework error.
+  class AgentError < StandardError; end
+
+  # Raised when tainted content (trust: :external or :untrusted) is converted
+  # to a string via #to_s. Use Content#render instead, which applies data fencing.
+  class TaintedContentError < AgentError; end
+
+  # Raised when the injection scanner detects a prompt injection pattern
+  # in content flowing through the context pipeline.
+  class InjectionAttemptError < AgentError; end
+
+  # Raised when the PII filter in :block mode detects personally identifiable
+  # information in content. Switch to :redact mode to allow content through
+  # with PII replaced, or :off to disable filtering.
+  class PIIDetectedError < AgentError; end
+
+  # Raised when a tool execution is denied by the permission system.
+  # Check config/permissions.yml for the tool's permission requirements.
+  class PermissionDeniedError < AgentError; end
+
+  # Raised when code attempts to modify a compiled persona at runtime.
+  # Personas are frozen on class load — define a new persona instead.
+  class PersonaFrozenError < AgentError; end
+
+  # Raised when an agent attempts an invalid lifecycle state transition.
+  # Check Spurline::Lifecycle::States for valid transitions.
+  class InvalidStateError < AgentError; end
+
+  # Raised when a tool call references a tool name not in the registry.
+  # Ensure the tool's spur gem is installed and required.
+  class ToolNotFoundError < AgentError; end
+
+  # Raised when the per-turn tool call limit (guardrails.max_tool_calls) is exceeded.
+  # Increase the limit in the agent's guardrails block or restructure the task.
+  class MaxToolCallsError < AgentError; end
+
+  # Raised when a tool attempts to invoke another tool. Tools are leaf nodes (ADR-003).
+  # Use a Spurline::Skill if you need to compose multiple tools.
+  class NestedToolCallError < AgentError; end
+
+  # Raised when an adapter symbol cannot be resolved in the adapter registry.
+  # Ensure the adapter is registered before referencing it in use_model.
+  class AdapterNotFoundError < AgentError; end
+
+  # Raised when the sqlite3 gem is unavailable but the SQLite session store is used.
+  # Add gem "sqlite3" to the application bundle when configuring :sqlite session storage.
+  class SQLiteUnavailableError < AgentError; end
+
+  # Raised when the pg gem is unavailable but the Postgres session store is used.
+  # Add gem "pg" to the application bundle when configuring :postgres session storage.
+  class PostgresUnavailableError < AgentError; end
+
+  # Raised when persisted session payloads cannot be decoded into Session/Turn objects.
+  # This indicates corrupted or incompatible serialized session data.
+  class SessionDeserializationError < AgentError; end
+
+  # Raised when Spurline.configure or a DSL method receives invalid configuration.
+  # This always fires at class load time, never at runtime.
+  class ConfigurationError < AgentError; end
+
+  # Raised when encrypted credentials exist but no master key can be resolved.
+  class CredentialsMissingKeyError < AgentError; end
+
+  # Raised when encrypted credentials cannot be decrypted (bad key or tampered file).
+  class CredentialsDecryptionError < AgentError; end
+
+  # Raised when a required tool secret cannot be resolved from any configured source.
+  class SecretNotFoundError < AgentError; end
+
+  # Raised when an embedding provider or model fails to produce a valid vector.
+  class EmbedderError < AgentError; end
+
+  # Raised when long-term memory persistence or retrieval fails.
+  class LongTermMemoryError < AgentError; end
+
+  # Raised when a session cannot be suspended from its current state.
+  class SuspensionError < AgentError; end
+
+  # Raised when a resume is attempted for a non-suspended session.
+  class InvalidResumeError < AgentError; end
+
+  # Raised when Cartographer cannot access the target repository path.
+  class CartographerAccessError < AgentError; end
+
+  # Raised when an individual analyzer fails to produce valid output.
+  class AnalyzerError < AgentError; end
+  class ScopeViolationError < AgentError; end
+  class IdempotencyKeyConflictError < AgentError; end
+  class PrivilegeEscalationError < AgentError; end
+  class LedgerError < AgentError; end
+  class TaskEnvelopeError < AgentError; end
+  class MergeConflictError < AgentError; end
+
+  # Raised when a spawned child agent fails during execution.
+  # The message includes parent/child session IDs for audit correlation.
+  class SpawnError < AgentError; end
+
+  # Raised when a toolkit name cannot be resolved in the toolkit registry.
+  # Ensure the toolkit class is defined and loaded before referencing it.
+  class ToolkitNotFoundError < AgentError; end
+end