@tpsdev-ai/agent 0.1.0 → 0.4.1

package/src/tools/edit.ts

@@ -0,0 +1,59 @@
+import { readFileSync, writeFileSync, existsSync } from "node:fs";
+import { BoundaryManager } from "../governance/boundary.js";
+import type { Tool } from "./registry.js";
+import type { ToolResult } from "../runtime/types.js";
+
+interface EditArgs {
+  path: string;
+  old_string: string;
+  new_string: string;
+}
+
+export function makeEditTool(boundary: BoundaryManager): Tool {
+  return {
+    name: "edit",
+    description: "Search-and-replace in one file. Replaces exactly one occurrence.\nInput: {\"path\": string, \"old_string\": string, \"new_string\": string}",
+    input_schema: {
+      path: { type: "string", description: "Path in workspace" },
+      old_string: { type: "string", description: "Text to replace" },
+      new_string: { type: "string", description: "Replacement text" },
+    },
+    async execute(args: Record<string, unknown>): Promise<ToolResult> {
+      const payload = (args as unknown) as EditArgs;
+      if (
+        typeof payload.path !== "string" ||
+        typeof payload.old_string !== "string" ||
+        typeof payload.new_string !== "string"
+      ) {
+        return { content: "edit tool requires path, old_string, new_string", isError: true };
+      }
+
+      const workspacePath = boundary.resolveWorkspacePath(payload.path);
+      if (!existsSync(workspacePath) || !BoundaryManager.canFollowSymlink(workspacePath)) {
+        if (existsSync(workspacePath)) {
+          return { content: `Refusing to follow symlink: ${payload.path}`, isError: true };
+        }
+        return { content: `edit failed: file not found ${payload.path}`, isError: true };
+      }
+
+      try {
+        const current = readFileSync(workspacePath, "utf-8");
+        const first = current.indexOf(payload.old_string);
+        const last = current.lastIndexOf(payload.old_string);
+
+        if (first === -1) {
+          return { content: `No occurrence of old_string found in ${payload.path}`, isError: true };
+        }
+        if (first !== last) {
+          return { content: `old_string matches multiple locations in ${payload.path} — provide narrower context`, isError: true };
+        }
+
+        const next = current.replace(payload.old_string, payload.new_string);
+        writeFileSync(workspacePath, next, "utf-8");
+        return { content: `Edited ${payload.path}`, isError: false };
+      } catch (err: any) {
+        return { content: `edit failed: ${err?.message ?? String(err)}`, isError: true };
+      }
+    },
+  };
+}

package/src/tools/exec.ts

@@ -0,0 +1,92 @@
+import { spawn } from "node:child_process";
+import { BoundaryManager } from "../governance/boundary.js";
+import type { Tool } from "./registry.js";
+import type { ToolResult } from "../runtime/types.js";
+
+interface ExecArgs {
+  command: string;
+  args?: string[];
+  cwd?: string;
+}
+
+function sanitizeOutput(data: unknown): string {
+  if (!data) return "";
+  return String(data);
+}
+
+export function makeExecTool(boundary: BoundaryManager, allowlist: string[] = []): Tool {
+  const safeAllow = allowlist.map((c) => c.toLowerCase());
+
+  return {
+    name: "exec",
+    description: "Execute a command.\nInput: {\"command\": string, \"args\": string[] (optional)",
+    input_schema: {
+      command: { type: "string", description: "Executable name" },
+      args: { type: "array", description: "Arguments to pass" },
+      cwd: { type: "string", description: "Optional cwd relative to workspace" },
+    },
+    async execute(args: Record<string, unknown>): Promise<ToolResult> {
+      const payload = (args as unknown) as unknown as ExecArgs;
+      if (typeof payload.command !== "string") {
+        return { content: "exec tool requires command string", isError: true };
+      }
+
+      const command = payload.command;
+      const cmdArgs = Array.isArray(payload.args)
+        ? payload.args.map((entry) => String(entry))
+        : [];
+
+      const normalized = command.toLowerCase();
+      if (safeAllow.length > 0 && !safeAllow.includes(normalized)) {
+        return { content: `Command not allowed: ${command}`, isError: true };
+      }
+
+      try {
+        boundary.validateCommand(normalized, cmdArgs);
+      } catch (err: any) {
+        return { content: `exec blocked: ${err?.message ?? String(err)}`, isError: true };
+      }
+
+      const cwd = payload.cwd ? boundary.resolveWorkspacePath(payload.cwd) : undefined;
+      const env = boundary.scrubEnvironment(["ANTHROPIC_API_KEY", "GOOGLE_API_KEY", "OPENAI_API_KEY", "OLLAMA_HOST", "OLLAMA_API_KEY"]);
+
+      return new Promise<ToolResult>((resolve) => {
+        const child = spawn(normalized, cmdArgs, {
+          cwd,
+          env,
+          shell: false,
+          stdio: ["ignore", "pipe", "pipe"],
+        });
+
+        let stdout = "";
+        let stderr = "";
+
+        child.stdout?.on("data", (chunk) => {
+          stdout += sanitizeOutput(chunk);
+        });
+
+        child.stderr?.on("data", (chunk) => {
+          stderr += sanitizeOutput(chunk);
+        });
+
+        child.on("error", (err) => {
+          resolve({
+            content: `exec failed: ${sanitizeOutput(err?.message)}`,
+            isError: true,
+          });
+        });
+
+        child.on("close", (code) => {
+          if (code === 0) {
+            resolve({ content: stdout || "(no output)", isError: false });
+          } else {
+            resolve({
+              content: `exit=${code}\nstdout:\n${stdout}\nstderr:\n${stderr}`,
+              isError: true,
+            });
+          }
+        });
+      });
+    },
+  };
+}

package/src/tools/index.ts

@@ -0,0 +1,30 @@
+import { BoundaryManager } from "../governance/boundary.js";
+import { MailClient } from "../io/mail.js";
+import { ToolRegistry } from "./registry.js";
+import { makeReadTool } from "./read.js";
+import { makeWriteTool } from "./write.js";
+import { makeEditTool } from "./edit.js";
+import { makeExecTool } from "./exec.js";
+import { makeMailTool } from "./mail.js";
+
+export { makeReadTool, makeWriteTool, makeEditTool, makeExecTool, makeMailTool };
+
+export interface ToolSetOptions {
+  boundary: BoundaryManager;
+  mail: MailClient;
+  tools?: Array<"read" | "write" | "edit" | "exec" | "mail">;
+  execAllowlist?: string[];
+}
+
+export function createDefaultToolset({ boundary, mail, tools, execAllowlist }: ToolSetOptions): ToolRegistry {
+  const registry = new ToolRegistry();
+  const names: Array<"read" | "write" | "edit" | "exec" | "mail"> = tools ?? ["read", "write", "edit", "exec", "mail"];
+
+  if (names.includes("read")) registry.register(makeReadTool(boundary));
+  if (names.includes("write")) registry.register(makeWriteTool(boundary));
+  if (names.includes("edit")) registry.register(makeEditTool(boundary));
+  if (names.includes("exec")) registry.register(makeExecTool(boundary, execAllowlist));
+  if (names.includes("mail")) registry.register(makeMailTool(mail));
+
+  return registry;
+}

package/src/tools/mail.ts

@@ -0,0 +1,28 @@
+import type { Tool } from "./registry.js";
+import type { MailClient } from "../io/mail.js";
+import type { ToolResult } from "../runtime/types.js";
+
+interface MailArgs {
+  to: string;
+  body: string;
+}
+
+export function makeMailTool(mail: MailClient): Tool {
+  return {
+    name: "mail",
+    description: "Send mail to another agent or manager.\nInput: {\"to\": string, \"body\": string}",
+    input_schema: {
+      to: { type: "string", description: "Recipient" },
+      body: { type: "string", description: "Message body" },
+    },
+    async execute(args: Record<string, unknown>): Promise<ToolResult> {
+      const payload = (args as unknown) as unknown as MailArgs;
+      if (typeof payload.to !== "string" || typeof payload.body !== "string") {
+        return { content: "mail tool requires to and body", isError: true };
+      }
+
+      await mail.sendMail(payload.to, payload.body);
+      return { content: `Sent mail to ${payload.to}`, isError: false };
+    },
+  };
+}

package/src/tools/read.ts

@@ -0,0 +1,38 @@
+import { readFileSync, existsSync } from "node:fs";
+import { BoundaryManager } from "../governance/boundary.js";
+import type { Tool } from "./registry.js";
+import type { ToolResult } from "../runtime/types.js";
+
+interface ReadArgs {
+  path: string;
+}
+
+export function makeReadTool(boundary: BoundaryManager): Tool {
+  return {
+    name: "read",
+    description: "Read file contents from workspace.\nInput: {\"path\": string}",
+    input_schema: {
+      path: {
+        type: "string",
+        description: "Path to read, relative to workspace",
+      },
+    },
+    async execute(args: Record<string, unknown>): Promise<ToolResult> {
+      const { path: rawPath } = (args as unknown) as ReadArgs;
+      if (typeof rawPath !== "string") {
+        return { content: "read tool requires path string", isError: true };
+      }
+
+      const workspacePath = boundary.resolveWorkspacePath(rawPath);
+      if (existsSync(workspacePath) && !BoundaryManager.canFollowSymlink(workspacePath)) {
+        return { content: `Refusing to follow symlink: ${rawPath}`, isError: true };
+      }
+
+      try {
+        return { content: readFileSync(workspacePath, "utf-8"), isError: false };
+      } catch (err: any) {
+        return { content: `read failed: ${err?.message ?? String(err)}`, isError: true };
+      }
+    },
+  };
+}

package/src/tools/registry.ts

@@ -1,17 +1,23 @@
+import type { ToolResult } from "../runtime/types.js";
+
 export interface Tool {
   name: string;
   description: string;
-  parameters: Record<string, { type: string; description: string; required?: boolean }>;
-  execute(args: Record<string, unknown>): Promise<string>;
+  input_schema: {
+    [key: string]: {
+      type: string;
+      description?: string;
+    };
+    [key: number]: never;
+  };
+  execute(args: Record<string, unknown>): Promise<ToolResult>;
 }
 
 /**
  * Central registry for native TPS agent tools.
- * Only tools explicitly registered (and allowed by the nono profile)
- * are exposed to the LLM.
  */
 export class ToolRegistry {
-  private tools = new Map<string, Tool>();
+  private readonly tools = new Map<string, Tool>();
 
   register(tool: Tool): void {
     this.tools.set(tool.name, tool);
@@ -25,9 +31,12 @@ export class ToolRegistry {
     return Array.from(this.tools.values());
   }
 
-  async execute(name: string, args: Record<string, unknown>): Promise<string> {
+  async execute(name: string, args: Record<string, unknown>): Promise<ToolResult> {
     const tool = this.tools.get(name);
-    if (!tool) throw new Error(`Unknown tool: ${name}`);
+    if (!tool) {
+      throw new Error(`Unknown tool: ${name}`);
+    }
+
     return tool.execute(args);
   }
 }

package/src/tools/write.ts

@@ -0,0 +1,40 @@
+import { mkdirSync, writeFileSync, existsSync } from "node:fs";
+import { dirname } from "node:path";
+import { BoundaryManager } from "../governance/boundary.js";
+import type { Tool } from "./registry.js";
+import type { ToolResult } from "../runtime/types.js";
+
+interface WriteArgs {
+  path: string;
+  content: string;
+}
+
+export function makeWriteTool(boundary: BoundaryManager): Tool {
+  return {
+    name: "write",
+    description: "Create or overwrite a file.\nInput: {\"path\": string, \"content\": string}",
+    input_schema: {
+      path: { type: "string", description: "Path to write, relative to workspace" },
+      content: { type: "string", description: "File contents" },
+    },
+    async execute(args: Record<string, unknown>): Promise<ToolResult> {
+      const payload = (args as unknown) as WriteArgs;
+      if (typeof payload.path !== "string" || typeof payload.content !== "string") {
+        return { content: "write tool requires path and content strings", isError: true };
+      }
+
+      const workspacePath = boundary.resolveWorkspacePath(payload.path);
+      if (existsSync(workspacePath) && !BoundaryManager.canFollowSymlink(workspacePath)) {
+        return { content: `Refusing to follow symlink: ${payload.path}`, isError: true };
+      }
+
+      try {
+        mkdirSync(dirname(workspacePath), { recursive: true });
+        writeFileSync(workspacePath, payload.content, "utf-8");
+        return { content: `Wrote ${payload.path}`, isError: false };
+      } catch (err: any) {
+        return { content: `write failed: ${err?.message ?? String(err)}`, isError: true };
+      }
+    },
+  };
+}

package/src/types/js-tiktoken.d.ts

@@ -0,0 +1,7 @@
+declare module "js-tiktoken" {
+  export function encodingForModel(model: string): { encode: (text: string) => number[] };
+  export function encoding_for_model(model: string): { encode: (text: string) => number[] };
+  export function getEncoding(name: string): { encode: (text: string) => number[] };
+  const _default: any;
+  export default _default;
+}

package/test/governance.test.ts

@@ -1,40 +1,42 @@
 import { describe, test, expect, beforeEach, afterEach } from "bun:test";
-import { mkdtempSync, rmSync } from "node:fs";
+import { mkdtempSync, rmSync, writeFileSync } from "node:fs";
 import { join } from "node:path";
 import { tmpdir } from "node:os";
+
 import { BoundaryManager } from "../src/governance/boundary.js";
 import { ReviewGate } from "../src/governance/review-gate.js";
 import { MailClient } from "../src/io/mail.js";
 import { ToolRegistry } from "../src/tools/registry.js";
+import { makeReadTool, makeWriteTool, makeEditTool } from "../src/tools/index.js";
 
 describe("BoundaryManager", () => {
-  test("allows registered network host", () => {
-    const mgr = new BoundaryManager();
-    mgr.addNetworkHost("api.anthropic.com");
-    expect(mgr.isNetworkAllowed("api.anthropic.com")).toBe(true);
-    expect(mgr.isNetworkAllowed("evil.com")).toBe(false);
+  let workspace: string;
+  let boundary: BoundaryManager;
+
+  beforeEach(() => {
+    workspace = mkdtempSync(join(tmpdir(), "tps-boundary-"));
+    boundary = new BoundaryManager(workspace);
+  });
+
+  afterEach(() => {
+    rmSync(workspace, { recursive: true, force: true });
   });
 
-  test("wildcard allows any host", () => {
-    const mgr = new BoundaryManager();
-    mgr.addNetworkHost("*");
-    expect(mgr.isNetworkAllowed("api.anthropic.com")).toBe(true);
+  test("allows registered network host", () => {
+    boundary.addNetworkHost("api.openai.com");
+    expect(boundary.isNetworkAllowed("api.openai.com")).toBe(true);
+    expect(boundary.isNetworkAllowed("evil.com")).toBe(false);
   });
 
-  test("allows registered path prefix", () => {
-    const mgr = new BoundaryManager();
-    mgr.addPath("/workspace");
-    expect(mgr.isPathAllowed("/workspace/src")).toBe(true);
-    expect(mgr.isPathAllowed("/etc/passwd")).toBe(false);
+  test("blocks path traversal", () => {
+    expect(() => boundary.resolveWorkspacePath("../secret.txt")).toThrow();
   });
 
   test("describeCapabilities returns readable string", () => {
-    const mgr = new BoundaryManager();
-    mgr.addNetworkHost("api.anthropic.com");
-    mgr.addPath("/workspace");
-    const desc = mgr.describeCapabilities();
+    boundary.addNetworkHost("api.anthropic.com");
+    const desc = boundary.describeCapabilities();
     expect(desc).toContain("api.anthropic.com");
-    expect(desc).toContain("/workspace");
+    expect(desc).toContain(workspace);
   });
 });
 
@@ -51,13 +53,6 @@ describe("ReviewGate", () => {
     rmSync(tmpDir, { recursive: true, force: true });
   });
 
-  test("identifies high-risk tools", () => {
-    const gate = new ReviewGate(mail, "host@tps");
-    expect(gate.isHighRisk("git_push")).toBe(true);
-    expect(gate.isHighRisk("file_delete")).toBe(true);
-    expect(gate.isHighRisk("fs_read")).toBe(false);
-  });
-
   test("requestApproval sends mail to approver", async () => {
     const gate = new ReviewGate(mail, "host@tps");
     await gate.requestApproval("git_push", { branch: "main" });
@@ -73,14 +68,14 @@ describe("ToolRegistry", () => {
     registry.register({
       name: "echo",
       description: "Echo input",
-      parameters: { input: { type: "string", description: "text to echo" } },
+      input_schema: { input: { type: "string" } },
       async execute(args) {
-        return String(args.input);
+        return { content: String((args as any).input) };
       },
     });
 
     const result = await registry.execute("echo", { input: "hello" });
-    expect(result).toBe("hello");
+    expect(result.content).toBe("hello");
   });
 
   test("throws for unknown tool", async () => {
@@ -93,10 +88,44 @@ describe("ToolRegistry", () => {
     registry.register({
       name: "echo",
       description: "Echo input",
-      parameters: {},
-      async execute() { return ""; },
+      input_schema: { input: { type: "string" } },
+      async execute() {
+        return { content: "" };
+      },
     });
     expect(registry.list().length).toBe(1);
     expect(registry.list()[0]!.name).toBe("echo");
   });
 });
+
+describe("Read/Write/Edit tools", () => {
+  let tmpDir: string;
+  let boundary: BoundaryManager;
+
+  beforeEach(() => {
+    tmpDir = mkdtempSync(join(tmpdir(), "tps-tools-"));
+    boundary = new BoundaryManager(tmpDir);
+  });
+
+  afterEach(() => {
+    rmSync(tmpDir, { recursive: true, force: true });
+  });
+
+  test("edit fails if old_string appears more than once", async () => {
+    const tool = makeEditTool(boundary);
+    const file = join(tmpDir, "a.txt");
+    writeFileSync(file, "abc abc", "utf-8");
+    const out = await tool.execute({ path: file, old_string: "abc", new_string: "xyz" });
+    expect(out.isError).toBe(true);
+  });
+
+  test("write/read round trip", async () => {
+    const read = makeReadTool(boundary);
+    const write = makeWriteTool(boundary);
+
+    const result = await write.execute({ path: "foo.txt", content: "hello" });
+    expect(result.isError).toBe(false);
+    const readResult = await read.execute({ path: "foo.txt" });
+    expect(readResult.content).toContain("hello");
+  });
+});

package/test/io.test.ts

@@ -1,5 +1,5 @@
 import { describe, test, expect, beforeEach, afterEach } from "bun:test";
-import { mkdtempSync, rmSync, writeFileSync, join as pathJoin } from "node:fs";
+import { mkdtempSync, rmSync, writeFileSync } from "node:fs";
 import { join } from "node:path";
 import { tmpdir } from "node:os";
 import { MailClient } from "../src/io/mail.js";
@@ -39,7 +39,6 @@ describe("MailClient", () => {
     expect(msgs.length).toBe(1);
     expect(msgs[0]!.body).toBe("hello world");
 
-    // File should now be in cur
     const { existsSync } = await import("node:fs");
     expect(existsSync(join(tmpDir, "inbox", "new", "test-1.json"))).toBe(false);
     expect(existsSync(join(tmpDir, "inbox", "cur", "test-1.json"))).toBe(true);
@@ -74,7 +73,16 @@ describe("MemoryStore", () => {
     expect(all[0]!.data).toBe("hello");
   });
 
-  test("readAll returns empty array for missing file", () => {
+  test("redacts leaked secrets in stored JSON", () => {
+    process.env.OPENAI_API_KEY = "secret-token";
+    const store = new MemoryStore(join(tmpDir, "memory.jsonl"));
+    store.append({ type: "provider", ts: "2025-01-01T00:00:00Z", data: { raw: "Authorization: secret-token" } });
+    const all = store.readAll();
+    expect(String(all[0]!.data)).not.toContain("secret-token");
+    delete process.env.OPENAI_API_KEY;
+  });
+
+  test("readAll returns empty for missing file", () => {
     const store = new MemoryStore(join(tmpDir, "missing.jsonl"));
     expect(store.readAll()).toEqual([]);
   });
@@ -91,15 +99,15 @@ describe("ContextManager", () => {
     rmSync(tmpDir, { recursive: true, force: true });
   });
 
-  test("getWindow returns empty for empty memory", () => {
+  test("getWindow returns empty for empty memory", async () => {
     const store = new MemoryStore(join(tmpDir, "mem.jsonl"));
     const ctx = new ContextManager(store, 1000);
-    expect(ctx.getWindow()).toEqual([]);
+    expect(await ctx.getWindow()).toEqual([]);
   });
 
-  test("needsCompaction is false for empty memory", () => {
+  test("needsCompaction is false for empty memory", async () => {
     const store = new MemoryStore(join(tmpDir, "mem.jsonl"));
     const ctx = new ContextManager(store, 1000);
-    expect(ctx.needsCompaction()).toBe(false);
+    expect(await ctx.needsCompaction()).toBe(false);
   });
 });

package/test/runtime.test.ts

@@ -1,9 +1,11 @@
 import { describe, test, expect, beforeEach, afterEach } from "bun:test";
-import { mkdtempSync, rmSync } from "node:fs";
+import { mkdtempSync, rmSync, writeFileSync } from "node:fs";
 import { join } from "node:path";
 import { tmpdir } from "node:os";
+
 import { AgentRuntime } from "../src/runtime/agent.js";
 import type { AgentConfig } from "../src/runtime/types.js";
+import { makeEditTool, makeExecTool } from "../src/tools/index.js";
 
 describe("AgentRuntime", () => {
   let tmpDir: string;
@@ -16,8 +18,9 @@ describe("AgentRuntime", () => {
       name: "Test Agent",
       mailDir: join(tmpDir, "mail"),
       memoryPath: join(tmpDir, "memory.jsonl"),
+      workspace: tmpDir,
       contextWindowTokens: 1000,
-      llm: { provider: "anthropic", model: "claude-3-haiku-20240307" },
+      llm: { provider: "openai", model: "gpt-4o-mini", apiKey: "x" },
     };
   });
 
@@ -35,11 +38,29 @@ describe("AgentRuntime", () => {
   test("start() returns when stop() is called", async () => {
     const runtime = new AgentRuntime(config);
 
-    // Start and stop after 50ms to avoid infinite loop
     const startPromise = runtime.start();
     setTimeout(() => runtime.stop(), 50);
     await startPromise;
-    // Just verify it completes without throwing
-    expect(true).toBe(true);
+    expect(runtime.getState()).toBe("stopped");
+  });
+
+  test("edit tool fails on ambiguous replacements", async () => {
+    const tool = makeEditTool({ resolveWorkspacePath: (p: string) => join(tmpDir, p) } as any);
+    const file = join(tmpDir, "sample.txt");
+    writeFileSync(file, "dup dup", "utf-8");
+    const out = await tool.execute({ path: "sample.txt", old_string: "dup", new_string: "x" } as any);
+    expect(out.isError).toBe(true);
+  });
+
+  test("exec tool preserves no shell injection via args array", async () => {
+    const tool = makeExecTool({
+      resolveWorkspacePath: (p: string) => join(tmpDir, p),
+      validateCommand: () => undefined,
+      scrubEnvironment: () => ({ PATH: process.env.PATH }),
+    } as any, ["git"]);
+
+    const result = await tool.execute({ command: "git", args: ["--version"] } as any);
+    expect(result.isError).toBe(false);
+    expect(result.content).toContain("git version");
   });
 });