woods 1.2.0 → 1.4.0

data/lib/woods/unblocked/sync_manifest.rb

@@ -0,0 +1,135 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'fileutils'
+
+module Woods
+  module Unblocked
+    # Tracks what was last pushed to an Unblocked collection so a sync can
+    # skip unchanged documents, re-push changed ones, and delete orphans.
+    #
+    # The manifest is the local source of truth for change detection: each
+    # entry records the content hash of the document we last pushed for a URI
+    # plus the remote +document_id+ (needed for deletes). Persisted as JSON
+    # alongside the extraction output and restored across CI runs via the CI
+    # provider's cache. A missing or corrupt file degrades to "everything is
+    # new" — a correct (if expensive) full sync that rebuilds the manifest.
+    #
+    # Modeled on the embedding indexer's checkpoint (load JSON → compare
+    # per-key hash → save JSON).
+    #
+    # @example
+    #   manifest = SyncManifest.new(path: "tmp/woods/unblocked_sync_manifest.json",
+    #                               collection_id: "col-uuid")
+    #   manifest.unchanged?(uri, hash)  # => false on first run
+    #   manifest.record(uri:, hash:, document_id:)
+    #   manifest.save
+    #
+    class SyncManifest
+      VERSION = 1
+
+      # @param path [String] JSON file path for the manifest
+      # @param collection_id [String] Target collection UUID — a stored manifest
+      #   for a *different* collection is discarded (cache-key reuse guard).
+      def initialize(path:, collection_id:)
+        @path = path
+        @collection_id = collection_id
+        @documents = load
+      end
+
+      # @return [Boolean] true when no documents are recorded
+      def empty?
+        @documents.empty?
+      end
+
+      # @param uri [String] Document URI
+      # @param hash [String] Content hash of the document we would push now
+      # @return [Boolean] true when the recorded hash matches (safe to skip)
+      def unchanged?(uri, hash)
+        entry = @documents[uri]
+        !entry.nil? && entry['hash'] == hash
+      end
+
+      # Record (or update) what we pushed for a URI.
+      #
+      # @param uri [String] Document URI
+      # @param hash [String, nil] Content hash pushed (nil forces a future re-push)
+      # @param document_id [String, nil] Remote document UUID (for later deletes)
+      def record(uri:, hash:, document_id:)
+        @documents[uri] = { 'hash' => hash, 'document_id' => document_id }
+      end
+
+      # @param uri [String] Document URI
+      # @return [String, nil] Stored remote document_id, if known
+      def document_id_for(uri)
+        @documents.dig(uri, 'document_id')
+      end
+
+      # URIs we have a record of that are absent from the current run's set.
+      #
+      # @param current_uris [Array<String>, Set] URIs that still exist this run
+      # @return [Array<String>] recorded URIs no longer present (deletion candidates)
+      def stale_uris(current_uris)
+        present = current_uris.to_a
+        @documents.keys - present
+      end
+
+      # @return [Integer] number of recorded documents
+      def size
+        @documents.size
+      end
+
+      # Drop a URI from the manifest (after a successful remote delete).
+      #
+      # @param uri [String] Document URI
+      def forget(uri)
+        @documents.delete(uri)
+      end
+
+      # Persist the manifest atomically (temp file + rename) so an interrupted
+      # write never leaves a torn file in the CI cache.
+      def save
+        FileUtils.mkdir_p(File.dirname(@path))
+        payload = JSON.generate(
+          'version' => VERSION,
+          'collection_id' => @collection_id,
+          'documents' => @documents
+        )
+        tmp = "#{@path}.tmp"
+        File.write(tmp, payload)
+        File.rename(tmp, @path)
+      end
+
+      private
+
+      # Load the persisted documents, discarding data from a different
+      # collection, a different schema version, or an unparseable file.
+      # Every discard warns to stderr — the consequence (a full re-push) is
+      # expensive enough that operators need to know why it happened.
+      #
+      # @return [Hash{String=>Hash}] uri => { 'hash' =>, 'document_id' => }
+      def load
+        return {} unless File.exist?(@path)
+
+        parsed = JSON.parse(File.read(@path))
+        return discard('not a JSON object') unless parsed.is_a?(Hash)
+        return discard("schema version #{parsed['version'].inspect}, expected #{VERSION}") unless
+          parsed['version'] == VERSION
+        return discard("written for collection #{parsed['collection_id'].inspect}, expected #{@collection_id}") unless
+          parsed['collection_id'] == @collection_id
+
+        documents = parsed['documents']
+        documents.is_a?(Hash) ? documents : {}
+      rescue JSON::ParserError
+        discard('unparseable JSON')
+      end
+
+      # @param reason [String] Why the persisted manifest is unusable
+      # @return [Hash] empty documents hash (degrades to a full re-push)
+      def discard(reason)
+        warn "WARNING: discarding sync manifest at #{@path} (#{reason}) — next sync re-pushes all documents"
+        {}
+      end
+    end
+  end
+end

data/lib/woods/util/host_guard.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+module Woods
+  module Util
+    # Shared host-header / URL-host canonicalization used by {MCP::OriginGuard}
+    # and the {Storage::VectorStore::Qdrant} URL validator.
+    #
+    # Both components need to reject numeric IPv4 notations that `URI` and
+    # `getaddrinfo` accept but `IPAddr` does not — hex (`0x7f000001`),
+    # bare integer (`2130706433`), octal (`017700000001` or
+    # `0177.0.0.1`), short-form (`127.1`), mixed-radix (`0x7f.0.0.1`).
+    # Keeping the logic in one place prevents drift between the two
+    # defenses (which previously had slightly different regex lists).
+    module HostGuard
+      # Non-canonical numeric IPv4 forms that legitimate clients never
+      # emit but `getaddrinfo` will happily resolve — rejecting the form
+      # is safer than trying to intuit the intended IPv4.
+      NUMERIC_HOST_BYPASS = Regexp.union(
+        /\A0x[0-9a-f]+\z/,           # hex: `0x7f000001`
+        /\A\d+\z/,                   # bare integer: `2130706433`
+        /\A0[0-7]+\z/,               # bare octal: `017700000001`
+        /\A\d+\.\d+\z/,              # short-form two-part: `127.1`
+        /\A\d+\.\d+\.\d+\z/          # short-form three-part: `127.0.1`
+      ).freeze
+
+      # Octets inside a four-part dotted form that tag the form as
+      # non-canonical: leading zero (octal interpretation), or `0x`
+      # prefix (hex interpretation).
+      SUSPICIOUS_OCTET = Regexp.union(
+        /\A0\d+\z/,                  # leading-zero octal: `0177`
+        /\A0x[0-9a-f]+\z/            # hex octet: `0x7f`
+      ).freeze
+
+      module_function
+
+      # Canonicalize a host string: downcase, strip port, strip the
+      # FQDN trailing dot, drop IPv6 brackets. Returns a plain host.
+      #
+      # @param host [String, nil]
+      # @return [String] canonical host, lowercase, without port/brackets.
+      def canonicalize(host)
+        host.to_s.downcase.sub(/:\d+\z/, '').sub(/\.\z/, '').delete('[]')
+      end
+
+      # Does this canonicalized host smuggle a private IP via a notation
+      # that `IPAddr.new` won't parse? Callers should reject any match
+      # rather than try to resolve it.
+      #
+      # @param canonical [String] Output of {.canonicalize}.
+      # @return [Boolean]
+      def suspicious_numeric_host?(canonical)
+        return true if canonical.match?(NUMERIC_HOST_BYPASS)
+
+        four_octet = canonical.match(/\A(\w+)\.(\w+)\.(\w+)\.(\w+)\z/)
+        return false unless four_octet
+
+        four_octet.captures.any? { |octet| octet.match?(SUSPICIOUS_OCTET) }
+      end
+    end
+  end
+end

data/lib/woods/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Woods
-  VERSION = '1.2.0'
+  VERSION = '1.4.0'
 end

data/lib/woods.rb

@@ -31,20 +31,113 @@ module Woods
 
   CONFIG_MUTEX = Mutex.new
 
+  # Console MCP secure defaults — Layer 3 column-name redaction.
+  #
+  # Columns named here are replaced with `[REDACTED]` in every MCP tool
+  # response. This list targets credential columns that appear with the
+  # same names across Devise, Doorkeeper, Rodauth, has_secure_password,
+  # devise-two-factor, OAuth integrations, and hand-rolled auth code.
+  #
+  # Intentionally omitted because they cause over-redaction in apps that
+  # use them for non-secret purposes:
+  #   - `key` — ActiveStorage blob keys, EAV key columns, translation keys
+  #   - `name` — universal non-secret identifier
+  #   - PII columns (`ssn`, `tax_id`, `dob`) — org-specific compliance concern
+  #
+  # Host apps extend this by reassigning `console_redacted_columns` to
+  # `Woods::DEFAULT_CONSOLE_REDACTED_COLUMNS + %w[extra_column]`, or
+  # override entirely to remove a default.
+  DEFAULT_CONSOLE_REDACTED_COLUMNS = %w[
+    password
+    password_digest
+    password_salt
+    encrypted_password
+    crypted_password
+    salt
+    otp_secret
+    encrypted_otp_secret
+    two_factor_secret
+    backup_codes
+    consumed_timestep
+    reset_password_token
+    confirmation_token
+    unlock_token
+    remember_token
+    invitation_token
+    access_token
+    refresh_token
+    auth_token
+    api_token
+    api_key
+    bearer_token
+    client_secret
+    webhook_secret
+    signing_secret
+    session_secret
+    private_key
+    encrypted_private_key
+    key_hash
+    token
+    secret
+  ].freeze
+
+  # Console MCP secure defaults — Layer 1 table-level blocking.
+  #
+  # Tables named here are rejected outright before any SQL reaches the
+  # database. This list targets authentication and credential storage
+  # tables that carry secrets or session state across all major auth
+  # stacks (Devise, Doorkeeper, Rodauth, has_secure_password, Sorcery,
+  # OmniAuth, and hand-rolled token systems).
+  #
+  # Intentionally omitted to avoid over-blocking benign apps:
+  #   - `users` / `accounts` — many apps expose safe columns from these
+  #     tables and operators should decide explicitly.
+  #   - PII-heavy but auth-unrelated tables (`payments`, `addresses`) —
+  #     org-specific compliance concern, not a universal default.
+  #
+  # To keep the defaults and add more tables:
+  #   Woods.configure { |c| c.console_blocked_tables =
+  #     Woods::DEFAULT_CONSOLE_BLOCKED_TABLES + %w[extra_table] }
+  #
+  # To replace the defaults entirely (including removing entries):
+  #   Woods.configure { |c| c.console_blocked_tables = %w[only_this] }
+  #
+  # To disable Layer 1 (gate becomes inactive; other layers still apply):
+  #   Woods.configure { |c| c.console_blocked_tables = [] }
+  DEFAULT_CONSOLE_BLOCKED_TABLES = %w[
+    sessions
+    api_keys
+    credentials
+    oauth_applications
+    oauth_access_tokens
+    oauth_refresh_tokens
+    identities
+    active_storage_blobs
+  ].freeze
+
   # ════════════════════════════════════════════════════════════════════════
   # Configuration
   # ════════════════════════════════════════════════════════════════════════
 
-  class Configuration
+  class Configuration # rubocop:disable Metrics/ClassLength
     attr_accessor :embedding_model, :include_framework_sources, :gem_configs,
                   :vector_store, :metadata_store, :graph_store, :embedding_provider, :log_level,
                   :vector_store_options, :metadata_store_options, :embedding_options,
-                  :concurrent_extraction, :precompute_flows, :enable_snapshots,
-                  :session_tracer_enabled, :session_store, :session_id_proc, :session_exclude_paths,
-                  :console_mcp_enabled, :console_mcp_path, :console_redacted_columns,
+                  :concurrent_extraction, :precompute_flows, :extract_navigation_edges, :enable_snapshots,
+                  :session_tracer_enabled, :session_tracer_allow_production,
+                  :session_store, :session_id_proc, :session_exclude_paths,
+                  :console_mcp_enabled, :console_mcp_path, :console_mcp_token,
+                  :console_mcp_allowed_origins,
+                  :console_redacted_columns,
+                  :console_redacted_key_values, :console_embedded_read_tools,
+                  :console_blocked_tables, :console_disabled_scanner_patterns,
+                  :console_credential_defense_enabled,
+                  :console_credential_rotation_warning, :console_unsafe_eval_enabled,
+                  :console_unsafe_eval_confirmation, :console_unsafe_eval_audit_log_path,
                   :notion_api_token, :notion_database_ids,
                   :unblocked_api_token, :unblocked_collection_id, :unblocked_repo_url,
-                  :cache_store, :cache_options
+                  :cache_store, :cache_options,
+                  :dump_retention_count
     attr_reader :max_context_tokens, :similarity_threshold, :extractors, :pretty_json, :context_format,
                 :cache_enabled
 
@@ -60,15 +153,41 @@ module Woods
       @pretty_json = true
       @concurrent_extraction = false
       @precompute_flows = false
+      @extract_navigation_edges = true
       @enable_snapshots = false
       @context_format = :markdown
       @session_tracer_enabled = false
+      @session_tracer_allow_production = false
       @session_store = nil
       @session_id_proc = nil
       @session_exclude_paths = []
       @console_mcp_enabled = false
       @console_mcp_path = '/mcp/console'
-      @console_redacted_columns = []
+      # Accept token from config or env var. Nil by default — the railtie
+      # refuses to wire the middleware in production without a real token
+      # and only warns loudly in non-prod when unset.
+      @console_mcp_token = ENV.fetch('WOODS_CONSOLE_MCP_TOKEN', nil)
+      # Origins allowed to reach the embedded console MCP. Loopback only
+      # by default; override in host initializers for tunneled or internal
+      # dashboard access.
+      @console_mcp_allowed_origins = %w[
+        http://localhost
+        http://127.0.0.1
+        http://[::1]
+      ]
+      @console_redacted_columns = DEFAULT_CONSOLE_REDACTED_COLUMNS.dup
+      @console_redacted_key_values = []
+      @console_embedded_read_tools = false
+      @console_blocked_tables = DEFAULT_CONSOLE_BLOCKED_TABLES.dup
+      @console_disabled_scanner_patterns = []
+      @console_credential_defense_enabled = true
+      @console_credential_rotation_warning = true
+      @console_unsafe_eval_enabled = nil # nil = fall back to env WOODS_CONSOLE_UNSAFE_EVAL
+      # Required collaborators when the opt-in is on. Both default to nil;
+      # the server refuses to boot with the opt-in set unless the host has
+      # wired them (fail-closed — see Server.build_embedded).
+      @console_unsafe_eval_confirmation = nil
+      @console_unsafe_eval_audit_log_path = nil
       @notion_api_token = nil
       @notion_database_ids = {}
       @unblocked_api_token = nil
@@ -77,6 +196,7 @@ module Woods
       @cache_enabled = false
       @cache_store = nil      # :redis, :solid_cache, :memory, or a CacheStore instance
       @cache_options = {}     # { redis: client, cache: store, ttl: { embeddings: 86400, ... } }
+      @dump_retention_count = 3
     end
 
     # @return [Pathname, String] Output directory, defaulting to Rails.root/tmp/woods

metadata

@@ -1,29 +1,63 @@
 --- !ruby/object:Gem::Specification
 name: woods
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.4.0
 platform: ruby
 authors:
 - Leah Armstrong
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2026-03-27 00:00:00.000000000 Z
+date: 2026-06-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mcp
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.9.2
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.9.2
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: msgpack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: prism
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: '1.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.6'
+        version: '1.4'
 - !ruby/object:Gem::Dependency
   name: railties
   requirement: !ruby/object:Gem::Requirement
@@ -69,6 +103,7 @@ files:
 - lib/generators/woods/pgvector_generator.rb
 - lib/generators/woods/templates/add_pgvector_to_woods.rb.erb
 - lib/generators/woods/templates/create_woods_tables.rb.erb
+- lib/generators/woods/templates/woods.rb.tt
 - lib/tasks/woods.rake
 - lib/tasks/woods_evaluation.rake
 - lib/woods.rb
@@ -91,15 +126,27 @@ files:
 - lib/woods/console/adapters/solid_queue_adapter.rb
 - lib/woods/console/audit_logger.rb
 - lib/woods/console/bridge.rb
+- lib/woods/console/bridge_protocol.rb
 - lib/woods/console/confirmation.rb
 - lib/woods/console/connection_manager.rb
 - lib/woods/console/console_response_renderer.rb
+- lib/woods/console/credential_index.rb
+- lib/woods/console/credential_scanner.rb
+- lib/woods/console/dispatch_pipeline.rb
 - lib/woods/console/embedded_executor.rb
+- lib/woods/console/eval_guard.rb
 - lib/woods/console/model_validator.rb
 - lib/woods/console/rack_middleware.rb
+- lib/woods/console/redactor.rb
+- lib/woods/console/response_context.rb
 - lib/woods/console/safe_context.rb
+- lib/woods/console/scope_predicate_parser.rb
 - lib/woods/console/server.rb
+- lib/woods/console/sql_noise_stripper.rb
+- lib/woods/console/sql_table_scanner.rb
 - lib/woods/console/sql_validator.rb
+- lib/woods/console/table_gate.rb
+- lib/woods/console/tool_specs.rb
 - lib/woods/console/tools/tier1.rb
 - lib/woods/console/tools/tier2.rb
 - lib/woods/console/tools/tier3.rb
@@ -123,6 +170,7 @@ files:
 - lib/woods/embedding/openai.rb
 - lib/woods/embedding/provider.rb
 - lib/woods/embedding/text_preparer.rb
+- lib/woods/embedding/token_counter.rb
 - lib/woods/evaluation/baseline_runner.rb
 - lib/woods/evaluation/evaluator.rb
 - lib/woods/evaluation/metrics.rb
@@ -159,6 +207,7 @@ files:
 - lib/woods/extractors/rails_source_extractor.rb
 - lib/woods/extractors/rake_task_extractor.rb
 - lib/woods/extractors/route_extractor.rb
+- lib/woods/extractors/route_helper_resolver.rb
 - lib/woods/extractors/scheduled_job_extractor.rb
 - lib/woods/extractors/serializer_extractor.rb
 - lib/woods/extractors/service_extractor.rb
@@ -168,6 +217,8 @@ files:
 - lib/woods/extractors/test_mapping_extractor.rb
 - lib/woods/extractors/validator_extractor.rb
 - lib/woods/extractors/view_component_extractor.rb
+- lib/woods/extractors/view_engines/base.rb
+- lib/woods/extractors/view_engines/erb.rb
 - lib/woods/extractors/view_template_extractor.rb
 - lib/woods/feedback/gap_detector.rb
 - lib/woods/feedback/store.rb
@@ -183,8 +234,15 @@ files:
 - lib/woods/formatting/gpt_adapter.rb
 - lib/woods/formatting/human_adapter.rb
 - lib/woods/graph_analyzer.rb
+- lib/woods/index_artifact.rb
+- lib/woods/mcp/bearer_auth.rb
+- lib/woods/mcp/bootstrap_state.rb
 - lib/woods/mcp/bootstrapper.rb
+- lib/woods/mcp/config_resolver.rb
+- lib/woods/mcp/errors.rb
 - lib/woods/mcp/index_reader.rb
+- lib/woods/mcp/origin_guard.rb
+- lib/woods/mcp/provider_probe.rb
 - lib/woods/mcp/renderers/claude_renderer.rb
 - lib/woods/mcp/renderers/json_renderer.rb
 - lib/woods/mcp/renderers/markdown_renderer.rb
@@ -210,6 +268,7 @@ files:
 - lib/woods/resilience/circuit_breaker.rb
 - lib/woods/resilience/index_validator.rb
 - lib/woods/resilience/retryable_provider.rb
+- lib/woods/resolved_config.rb
 - lib/woods/retrieval/context_assembler.rb
 - lib/woods/retrieval/query_classifier.rb
 - lib/woods/retrieval/ranker.rb
@@ -230,10 +289,15 @@ files:
 - lib/woods/session_tracer/solid_cache_store.rb
 - lib/woods/session_tracer/store.rb
 - lib/woods/storage/graph_store.rb
+- lib/woods/storage/inapplicable_backend.rb
 - lib/woods/storage/metadata_store.rb
 - lib/woods/storage/pgvector.rb
 - lib/woods/storage/qdrant.rb
+- lib/woods/storage/snapshotter.rb
+- lib/woods/storage/snapshotter/metadata.rb
+- lib/woods/storage/snapshotter/vector.rb
 - lib/woods/storage/vector_store.rb
+- lib/woods/tasks.rb
 - lib/woods/temporal/json_snapshot_store.rb
 - lib/woods/temporal/snapshot_store.rb
 - lib/woods/token_utils.rb
@@ -241,6 +305,8 @@ files:
 - lib/woods/unblocked/document_builder.rb
 - lib/woods/unblocked/exporter.rb
 - lib/woods/unblocked/rate_limiter.rb
+- lib/woods/unblocked/sync_manifest.rb
+- lib/woods/util/host_guard.rb
 - lib/woods/version.rb
 homepage: https://github.com/lost-in-the/woods
 licenses: