RubyGems - woods - Versions diffs - 1.1.0 → 1.3.0 - Mend

woods 1.1.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (108) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +186 -0
data/README.md +20 -8
data/exe/woods-console +51 -6
data/exe/woods-console-mcp +24 -4
data/exe/woods-mcp +30 -7
data/exe/woods-mcp-http +47 -6
data/lib/generators/woods/install_generator.rb +13 -4
data/lib/generators/woods/templates/woods.rb.tt +155 -0
data/lib/tasks/woods.rake +69 -50
data/lib/woods/builder.rb +174 -9
data/lib/woods/cache/cache_middleware.rb +360 -31
data/lib/woods/chunking/semantic_chunker.rb +334 -7
data/lib/woods/console/adapters/job_adapter.rb +10 -4
data/lib/woods/console/audit_logger.rb +76 -4
data/lib/woods/console/bridge.rb +48 -15
data/lib/woods/console/bridge_protocol.rb +44 -0
data/lib/woods/console/confirmation.rb +3 -4
data/lib/woods/console/console_response_renderer.rb +56 -18
data/lib/woods/console/credential_index.rb +201 -0
data/lib/woods/console/credential_scanner.rb +302 -0
data/lib/woods/console/dispatch_pipeline.rb +138 -0
data/lib/woods/console/embedded_executor.rb +682 -35
data/lib/woods/console/eval_guard.rb +319 -0
data/lib/woods/console/model_validator.rb +1 -3
data/lib/woods/console/rack_middleware.rb +185 -29
data/lib/woods/console/redactor.rb +161 -0
data/lib/woods/console/response_context.rb +127 -0
data/lib/woods/console/safe_context.rb +220 -23
data/lib/woods/console/scope_predicate_parser.rb +131 -0
data/lib/woods/console/server.rb +417 -486
data/lib/woods/console/sql_noise_stripper.rb +87 -0
data/lib/woods/console/sql_table_scanner.rb +213 -0
data/lib/woods/console/sql_validator.rb +81 -31
data/lib/woods/console/table_gate.rb +93 -0
data/lib/woods/console/tool_specs.rb +552 -0
data/lib/woods/console/tools/tier1.rb +3 -3
data/lib/woods/console/tools/tier4.rb +7 -1
data/lib/woods/dependency_graph.rb +66 -7
data/lib/woods/embedding/indexer.rb +190 -6
data/lib/woods/embedding/openai.rb +40 -4
data/lib/woods/embedding/provider.rb +104 -8
data/lib/woods/embedding/text_preparer.rb +23 -3
data/lib/woods/embedding/token_counter.rb +133 -0
data/lib/woods/evaluation/baseline_runner.rb +20 -2
data/lib/woods/evaluation/metrics.rb +4 -1
data/lib/woods/extracted_unit.rb +1 -0
data/lib/woods/extractor.rb +7 -1
data/lib/woods/extractors/controller_extractor.rb +6 -0
data/lib/woods/extractors/mailer_extractor.rb +16 -2
data/lib/woods/extractors/model_extractor.rb +6 -1
data/lib/woods/extractors/phlex_extractor.rb +13 -4
data/lib/woods/extractors/rails_source_extractor.rb +2 -0
data/lib/woods/extractors/route_helper_resolver.rb +130 -0
data/lib/woods/extractors/shared_dependency_scanner.rb +130 -2
data/lib/woods/extractors/view_component_extractor.rb +12 -1
data/lib/woods/extractors/view_engines/base.rb +141 -0
data/lib/woods/extractors/view_engines/erb.rb +145 -0
data/lib/woods/extractors/view_template_extractor.rb +92 -133
data/lib/woods/flow_assembler.rb +23 -15
data/lib/woods/flow_precomputer.rb +21 -2
data/lib/woods/graph_analyzer.rb +210 -0
data/lib/woods/index_artifact.rb +173 -0
data/lib/woods/mcp/bearer_auth.rb +45 -0
data/lib/woods/mcp/bootstrap_state.rb +94 -0
data/lib/woods/mcp/bootstrapper.rb +337 -16
data/lib/woods/mcp/config_resolver.rb +288 -0
data/lib/woods/mcp/errors.rb +134 -0
data/lib/woods/mcp/index_reader.rb +265 -30
data/lib/woods/mcp/origin_guard.rb +132 -0
data/lib/woods/mcp/provider_probe.rb +166 -0
data/lib/woods/mcp/renderers/claude_renderer.rb +6 -0
data/lib/woods/mcp/renderers/markdown_renderer.rb +100 -3
data/lib/woods/mcp/renderers/plain_renderer.rb +16 -2
data/lib/woods/mcp/server.rb +771 -137
data/lib/woods/model_name_cache.rb +78 -2
data/lib/woods/notion/client.rb +25 -2
data/lib/woods/notion/mappers/model_mapper.rb +36 -2
data/lib/woods/railtie.rb +55 -15
data/lib/woods/resilience/circuit_breaker.rb +9 -2
data/lib/woods/resilience/retryable_provider.rb +40 -3
data/lib/woods/resolved_config.rb +299 -0
data/lib/woods/retrieval/context_assembler.rb +112 -5
data/lib/woods/retrieval/query_classifier.rb +1 -1
data/lib/woods/retrieval/ranker.rb +55 -6
data/lib/woods/retrieval/search_executor.rb +42 -13
data/lib/woods/retriever.rb +330 -24
data/lib/woods/session_tracer/middleware.rb +35 -1
data/lib/woods/storage/graph_store.rb +39 -0
data/lib/woods/storage/inapplicable_backend.rb +14 -0
data/lib/woods/storage/metadata_store.rb +129 -1
data/lib/woods/storage/pgvector.rb +70 -8
data/lib/woods/storage/qdrant.rb +196 -5
data/lib/woods/storage/snapshotter/metadata.rb +172 -0
data/lib/woods/storage/snapshotter/vector.rb +238 -0
data/lib/woods/storage/snapshotter.rb +24 -0
data/lib/woods/storage/vector_store.rb +184 -35
data/lib/woods/tasks.rb +85 -0
data/lib/woods/temporal/snapshot_store.rb +49 -1
data/lib/woods/token_utils.rb +44 -5
data/lib/woods/unblocked/client.rb +163 -0
data/lib/woods/unblocked/document_builder.rb +326 -0
data/lib/woods/unblocked/exporter.rb +201 -0
data/lib/woods/unblocked/rate_limiter.rb +94 -0
data/lib/woods/util/host_guard.rb +61 -0
data/lib/woods/version.rb +1 -1
data/lib/woods.rb +130 -6
metadata +73 -4

data/lib/woods/console/dispatch_pipeline.rb ADDED Viewed

@@ -0,0 +1,138 @@
+# frozen_string_literal: true
+require 'json'
+require_relative 'response_context'
+module Woods
+  module Console
+    # Per-tool dispatch flow for the Console MCP server.
+    #
+    # Encapsulates everything that happens between MCP's `define_tool` block
+    # firing and the `MCP::Tool::Response` returning to the client:
+    #
+    #   1. Coerce integer-typed args from strings. MCP clients sometimes send
+    #      `"10"` for an `integer` property — we normalize before dispatch.
+    #   2. Run the Layer 1 table gate ({ResponseContext#enforce!}).
+    #   3. Translate the tool args into a bridge/executor request via the
+    #      handler proc supplied in the {ToolSpec}.
+    #   4. Send the request through the connection manager / embedded executor.
+    #   5. Apply Layer 3 column + EAV redaction to the result
+    #      ({ResponseContext#redact}).
+    #   6. Apply Layer 2 credential scanning to the result and/or error text
+    #      ({ResponseContext#scan}), logging hit counts when any fire.
+    #   7. Render the result via the optional renderer or JSON, wrap in a
+    #      response object.
+    #
+    # Previously this flow lived inline in `Server.register` with four
+    # `method(:...)` captures closing over module-level methods. Pulling it
+    # into a first-class object collapses that wiring, removes the need for
+    # the captures, and makes the pipeline directly testable without going
+    # through the full server build path.
+    class DispatchPipeline
+      # @param tool_name [String]
+      # @param handler [#call] Maps a Hash of tool args to a bridge request Hash.
+      # @param integer_keys [Array<Symbol>] Property keys declared as `integer`
+      #   in the tool schema.
+      # @param conn_mgr [#send_request] ConnectionManager or EmbeddedExecutor.
+      # @param ctx [ResponseContext] Bundles the three response-safety layers.
+      #   Defaults to the Null context so tests can stub minimally.
+      # @param renderer [#render_default, nil] Optional response renderer.
+      # @param logger [#warn, nil] Structured logger used for credential-scan
+      #   and table-gate telemetry. Failures are swallowed so observability
+      #   issues never break a tool response.
+      def initialize(tool_name:, handler:, integer_keys:, conn_mgr:, # rubocop:disable Metrics/ParameterLists
+                     ctx: NullResponseContext.instance, renderer: nil, logger: nil)
+        @tool_name = tool_name
+        @handler = handler
+        @integer_keys = integer_keys
+        @conn_mgr = conn_mgr
+        @ctx = ctx
+        @renderer = renderer
+        @logger = logger
+      end
+      # Run the full dispatch pipeline for a single tool call.
+      #
+      # @param args [Hash] Tool arguments (symbol keys from MCP).
+      # @return [MCP::Tool::Response]
+      def call(args)
+        coerce_integer_args!(args)
+        @ctx.enforce!(args)
+        request = @handler.call(args).transform_keys(&:to_s)
+        send_to_bridge(request)
+      rescue TableGateError => e
+        log_table_gate_rejection(args, e)
+        error_response(e.message)
+      rescue SqlValidationError, ForbiddenExpressionError => e
+        error_response(e.message)
+      end
+      private
+      def coerce_integer_args!(args)
+        @integer_keys.each { |k| args[k] = args[k].to_i if args[k].is_a?(String) }
+      end
+      def send_to_bridge(request)
+        response = @conn_mgr.send_request(request)
+        return error_from_response(response, request) unless response['ok']
+        result = @ctx.redact(response['result'])
+        result = scan_for_credentials(result, request)
+        text = @renderer ? @renderer.render_default(result) : JSON.pretty_generate(result)
+        success_response(text)
+      rescue ConnectionError => e
+        scanned = scan_for_credentials("Connection error: #{e.message}", request)
+        error_response(scanned)
+      end
+      def error_from_response(response, request)
+        error_text = "#{response['error_type']}: #{response['error']}"
+        error_text = scan_for_credentials(error_text, request)
+        error_response(error_text)
+      end
+      def scan_for_credentials(result, request)
+        scanned, counts = @ctx.scan(result)
+        log_credential_hits(request, counts) unless counts.empty?
+        scanned
+      end
+      def log_credential_hits(request, counts)
+        return unless @logger
+        @logger.warn(
+          'console.credential_scan.hits',
+          tool: request['tool'],
+          counts: counts.transform_keys(&:to_s),
+          total: counts.values.sum
+        )
+      rescue StandardError
+        nil
+      end
+      def log_table_gate_rejection(args, error)
+        return unless @logger
+        @logger.warn(
+          'console.table_gate.rejected',
+          tool: @tool_name,
+          model: args[:model],
+          table: args[:table],
+          has_sql: args[:sql] ? true : false,
+          message: error.message
+        )
+      rescue StandardError
+        nil
+      end
+      def success_response(text)
+        ::MCP::Tool::Response.new([{ type: 'text', text: text }])
+      end
+      def error_response(text)
+        ::MCP::Tool::Response.new([{ type: 'text', text: text }], error: true)
+      end
+    end
+  end
+end