enya-agent 0.1.0

package/crates/enact-runner/tests/integration.rs

@@ -0,0 +1,278 @@
+//! Integration tests for enact-runner
+//!
+//! These tests demonstrate how to use `AgentRunner` with mock callables and tools,
+//! showing the full loop in action.
+
+use async_trait::async_trait;
+use enact_core::callable::Callable;
+use enact_core::tool::Tool;
+use enact_runner::{AgentRunner, DefaultAgentRunner, LoopOutcome, RunnerConfig};
+use serde_json::{json, Value};
+use std::sync::atomic::{AtomicUsize, Ordering};
+use std::sync::Arc;
+
+// =============================================================================
+// Mock Callable — simulates an LLM that uses tools
+// =============================================================================
+
+/// A mock LLM that returns tool calls for the first N iterations,
+/// then returns a final text response.
+struct MockLlm {
+    call_count: AtomicUsize,
+    tool_calls_before_done: usize,
+}
+
+impl MockLlm {
+    fn new(tool_calls_before_done: usize) -> Self {
+        Self {
+            call_count: AtomicUsize::new(0),
+            tool_calls_before_done,
+        }
+    }
+}
+
+#[async_trait]
+impl Callable for MockLlm {
+    fn name(&self) -> &str {
+        "mock-llm"
+    }
+
+    async fn run(&self, _input: &str) -> anyhow::Result<String> {
+        let count = self.call_count.fetch_add(1, Ordering::SeqCst);
+
+        if count < self.tool_calls_before_done {
+            // Return a JSON tool call
+            Ok(json!({
+                "tool_call": {
+                    "name": "search",
+                    "arguments": {"query": format!("iteration {}", count)}
+                }
+            })
+            .to_string())
+        } else {
+            // Final response — no tool call
+            Ok(format!(
+                "Done! Completed {} tool calls before finishing.",
+                count
+            ))
+        }
+    }
+}
+
+/// A mock LLM that returns XML-format tool calls.
+struct MockXmlLlm {
+    call_count: AtomicUsize,
+}
+
+impl MockXmlLlm {
+    fn new() -> Self {
+        Self {
+            call_count: AtomicUsize::new(0),
+        }
+    }
+}
+
+#[async_trait]
+impl Callable for MockXmlLlm {
+    fn name(&self) -> &str {
+        "mock-xml-llm"
+    }
+
+    async fn run(&self, _input: &str) -> anyhow::Result<String> {
+        let count = self.call_count.fetch_add(1, Ordering::SeqCst);
+
+        if count == 0 {
+            Ok(r#"Let me search for that.
+<tool_call><name>search</name><arguments>{"query": "rust async"}</arguments></tool_call>"#
+                .to_string())
+        } else {
+            Ok("Here are the results for your query about Rust async.".to_string())
+        }
+    }
+}
+
+/// A mock LLM that always fails (for retry testing).
+struct FailingLlm {
+    call_count: AtomicUsize,
+    fail_count: usize,
+}
+
+impl FailingLlm {
+    fn new(fail_count: usize) -> Self {
+        Self {
+            call_count: AtomicUsize::new(0),
+            fail_count,
+        }
+    }
+}
+
+#[async_trait]
+impl Callable for FailingLlm {
+    fn name(&self) -> &str {
+        "failing-llm"
+    }
+
+    async fn run(&self, _input: &str) -> anyhow::Result<String> {
+        let count = self.call_count.fetch_add(1, Ordering::SeqCst);
+
+        if count < self.fail_count {
+            anyhow::bail!("Rate limit exceeded, please retry after 1s")
+        } else {
+            Ok("Success after retries!".to_string())
+        }
+    }
+}
+
+// =============================================================================
+// Mock Tool
+// =============================================================================
+
+struct MockSearchTool;
+
+#[async_trait]
+impl Tool for MockSearchTool {
+    fn name(&self) -> &str {
+        "search"
+    }
+
+    fn description(&self) -> &str {
+        "Search for information"
+    }
+
+    fn parameters_schema(&self) -> Value {
+        json!({
+            "type": "object",
+            "properties": {
+                "query": {"type": "string"}
+            }
+        })
+    }
+
+    async fn execute(&self, args: Value) -> anyhow::Result<Value> {
+        let query = args
+            .get("query")
+            .and_then(|q| q.as_str())
+            .unwrap_or("unknown");
+        Ok(json!({
+            "results": [format!("Result for: {}", query)],
+            "count": 1
+        }))
+    }
+}
+
+// =============================================================================
+// Tests
+// =============================================================================
+
+#[tokio::test]
+async fn test_simple_no_tool_calls() {
+    // LLM returns final response immediately (0 tool calls before done)
+    let llm = MockLlm::new(0);
+    let mut runner = DefaultAgentRunner::default_new();
+
+    let outcome = runner.run(&llm, "Hello!").await.unwrap();
+
+    assert!(outcome.is_completed());
+    assert!(outcome.output().unwrap().contains("Done!"));
+}
+
+#[tokio::test]
+async fn test_tool_call_loop_json() {
+    // LLM makes 3 tool calls, then returns final response
+    let llm = MockLlm::new(3);
+    let mut runner = DefaultAgentRunner::default_new().add_tool(MockSearchTool);
+
+    let outcome = runner.run(&llm, "Search for Rust").await.unwrap();
+
+    assert!(outcome.is_completed());
+    let output = outcome.output().unwrap();
+    assert!(output.contains("3 tool calls"));
+}
+
+#[tokio::test]
+async fn test_tool_call_loop_xml() {
+    // LLM returns XML-format tool call, then final response
+    let llm = MockXmlLlm::new();
+    let mut runner = DefaultAgentRunner::default_new().add_tool(MockSearchTool);
+
+    let outcome = runner.run(&llm, "Search for Rust async").await.unwrap();
+
+    assert!(outcome.is_completed());
+    assert!(outcome.output().unwrap().contains("Rust async"));
+}
+
+#[tokio::test]
+async fn test_max_iterations_reached() {
+    // LLM always returns tool calls — loop should hit max_iterations
+    let llm = MockLlm::new(1000); // Will never finish
+    let config = RunnerConfig {
+        max_iterations: 3,
+        ..Default::default()
+    };
+    let mut runner = DefaultAgentRunner::with_config(config).add_tool(MockSearchTool);
+
+    let outcome = runner.run(&llm, "Loop forever").await.unwrap();
+
+    assert!(!outcome.is_completed());
+    match outcome {
+        LoopOutcome::MaxIterationsReached { iterations, .. } => {
+            assert_eq!(iterations, 3);
+        }
+        other => panic!("Expected MaxIterationsReached, got {:?}", other),
+    }
+}
+
+#[tokio::test]
+async fn test_retry_on_transient_error() {
+    // LLM fails twice with rate-limit error, then succeeds
+    let llm = FailingLlm::new(2);
+    let config = RunnerConfig {
+        retry: enact_runner::RetryConfig {
+            max_retries: 3,
+            initial_delay: std::time::Duration::from_millis(10), // Fast for tests
+            max_delay: std::time::Duration::from_millis(100),
+            backoff_multiplier: 2.0,
+        },
+        ..Default::default()
+    };
+    let mut runner = DefaultAgentRunner::with_config(config);
+
+    let outcome = runner.run(&llm, "Will fail then succeed").await.unwrap();
+
+    assert!(outcome.is_completed());
+    assert!(outcome.output().unwrap().contains("Success after retries"));
+}
+
+#[tokio::test]
+async fn test_missing_tool_handled_gracefully() {
+    // LLM calls a tool that doesn't exist — runner should report missing tool
+    let llm = MockLlm::new(1);
+    // No tools registered!
+    let config = RunnerConfig {
+        max_iterations: 3,
+        ..Default::default()
+    };
+    let mut runner = DefaultAgentRunner::with_config(config);
+
+    // Should NOT panic — the loop handles missing tools gracefully
+    let outcome = runner.run(&llm, "Call missing tool").await.unwrap();
+
+    // It should eventually complete (the "tool not found" message gets fed back)
+    assert!(outcome.output().is_some());
+}
+
+#[tokio::test]
+async fn test_cancellation() {
+    let llm = MockLlm::new(100);
+    let mut runner = DefaultAgentRunner::default_new().add_tool(MockSearchTool);
+
+    // Cancel immediately
+    runner.inner().cancel();
+
+    let outcome = runner.run(&llm, "Will be cancelled").await.unwrap();
+
+    match outcome {
+        LoopOutcome::Cancelled => {} // Expected
+        other => panic!("Expected Cancelled, got {:?}", other),
+    }
+}

package/crates/enact-security/Cargo.toml

@@ -0,0 +1,22 @@
+[package]
+name = "enact-security"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+description = "Security policy, audit logging, and sandboxing for Enact agents"
+repository.workspace = true
+homepage.workspace = true
+keywords = ["security", "sandbox", "audit", "policy"]
+categories.workspace = true
+
+[dependencies]
+anyhow.workspace = true
+chrono.workspace = true
+serde.workspace = true
+serde_json.workspace = true
+tracing.workspace = true
+uuid.workspace = true
+parking_lot = "0.12"
+
+[dev-dependencies]
+tempfile.workspace = true

package/crates/enact-security/src/audit.rs

@@ -0,0 +1,375 @@
+//! Audit logging for security events
+//!
+//! Provides structured logging of security-relevant events with rotation support.
+
+use anyhow::Result;
+use chrono::{DateTime, Utc};
+use parking_lot::Mutex;
+use serde::{Deserialize, Serialize};
+use std::fs::OpenOptions;
+use std::io::Write;
+use std::path::PathBuf;
+use uuid::Uuid;
+
+/// Audit event types
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "snake_case")]
+pub enum AuditEventType {
+    CommandExecution,
+    FileAccess,
+    ConfigChange,
+    AuthSuccess,
+    AuthFailure,
+    PolicyViolation,
+    SecurityEvent,
+    ToolInvocation,
+    AgentAction,
+}
+
+/// Actor information (who performed the action)
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct Actor {
+    pub channel: String,
+    pub user_id: Option<String>,
+    pub username: Option<String>,
+    pub session_id: Option<String>,
+}
+
+/// Action information (what was done)
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct Action {
+    pub command: Option<String>,
+    pub tool_name: Option<String>,
+    pub risk_level: Option<String>,
+    pub approved: bool,
+    pub allowed: bool,
+}
+
+/// Execution result
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct ExecutionResult {
+    pub success: bool,
+    pub exit_code: Option<i32>,
+    pub duration_ms: Option<u64>,
+    pub error: Option<String>,
+}
+
+/// Security context
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct SecurityContext {
+    pub policy_violation: bool,
+    pub rate_limit_remaining: Option<u32>,
+    pub autonomy_level: Option<String>,
+    pub sandbox_backend: Option<String>,
+}
+
+impl Default for SecurityContext {
+    fn default() -> Self {
+        Self {
+            policy_violation: false,
+            rate_limit_remaining: None,
+            autonomy_level: None,
+            sandbox_backend: None,
+        }
+    }
+}
+
+/// Complete audit event
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct AuditEvent {
+    pub timestamp: DateTime<Utc>,
+    pub event_id: String,
+    pub event_type: AuditEventType,
+    pub actor: Option<Actor>,
+    pub action: Option<Action>,
+    pub result: Option<ExecutionResult>,
+    pub security: SecurityContext,
+}
+
+impl AuditEvent {
+    /// Create a new audit event
+    pub fn new(event_type: AuditEventType) -> Self {
+        Self {
+            timestamp: Utc::now(),
+            event_id: Uuid::new_v4().to_string(),
+            event_type,
+            actor: None,
+            action: None,
+            result: None,
+            security: SecurityContext::default(),
+        }
+    }
+
+    /// Set the actor
+    pub fn with_actor(mut self, actor: Actor) -> Self {
+        self.actor = Some(actor);
+        self
+    }
+
+    /// Set the action
+    pub fn with_action(mut self, action: Action) -> Self {
+        self.action = Some(action);
+        self
+    }
+
+    /// Set the result
+    pub fn with_result(mut self, result: ExecutionResult) -> Self {
+        self.result = Some(result);
+        self
+    }
+
+    /// Set security context
+    pub fn with_security(mut self, security: SecurityContext) -> Self {
+        self.security = security;
+        self
+    }
+
+    /// Mark as policy violation
+    pub fn as_violation(mut self) -> Self {
+        self.security.policy_violation = true;
+        self
+    }
+}
+
+/// Audit logger configuration
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct AuditConfig {
+    pub enabled: bool,
+    pub log_path: String,
+    pub max_size_mb: u32,
+    pub retain_days: u32,
+}
+
+impl Default for AuditConfig {
+    fn default() -> Self {
+        Self {
+            enabled: true,
+            log_path: "audit.log".to_string(),
+            max_size_mb: 100,
+            retain_days: 90,
+        }
+    }
+}
+
+/// Audit logger with rotation support
+pub struct AuditLogger {
+    log_path: PathBuf,
+    config: AuditConfig,
+    buffer: Mutex<Vec<AuditEvent>>,
+}
+
+impl AuditLogger {
+    /// Create a new audit logger
+    pub fn new(config: AuditConfig, workspace_dir: PathBuf) -> Result<Self> {
+        let log_path = workspace_dir.join(&config.log_path);
+        Ok(Self {
+            log_path,
+            config,
+            buffer: Mutex::new(Vec::new()),
+        })
+    }
+
+    /// Log an event
+    pub fn log(&self, event: &AuditEvent) -> Result<()> {
+        if !self.config.enabled {
+            return Ok(());
+        }
+
+        self.rotate_if_needed()?;
+
+        let line = serde_json::to_string(event)?;
+        let mut file = OpenOptions::new()
+            .create(true)
+            .append(true)
+            .open(&self.log_path)?;
+
+        writeln!(file, "{}", line)?;
+        file.sync_all()?;
+
+        Ok(())
+    }
+
+    /// Log a command execution
+    pub fn log_command(
+        &self,
+        channel: &str,
+        command: &str,
+        risk_level: &str,
+        approved: bool,
+        allowed: bool,
+        success: bool,
+        duration_ms: u64,
+    ) -> Result<()> {
+        let event = AuditEvent::new(AuditEventType::CommandExecution)
+            .with_actor(Actor {
+                channel: channel.to_string(),
+                user_id: None,
+                username: None,
+                session_id: None,
+            })
+            .with_action(Action {
+                command: Some(command.to_string()),
+                tool_name: None,
+                risk_level: Some(risk_level.to_string()),
+                approved,
+                allowed,
+            })
+            .with_result(ExecutionResult {
+                success,
+                exit_code: None,
+                duration_ms: Some(duration_ms),
+                error: None,
+            });
+
+        self.log(&event)
+    }
+
+    /// Log a tool invocation
+    pub fn log_tool(
+        &self,
+        channel: &str,
+        tool_name: &str,
+        allowed: bool,
+        success: bool,
+        duration_ms: u64,
+        error: Option<&str>,
+    ) -> Result<()> {
+        let event = AuditEvent::new(AuditEventType::ToolInvocation)
+            .with_actor(Actor {
+                channel: channel.to_string(),
+                user_id: None,
+                username: None,
+                session_id: None,
+            })
+            .with_action(Action {
+                command: None,
+                tool_name: Some(tool_name.to_string()),
+                risk_level: None,
+                approved: true,
+                allowed,
+            })
+            .with_result(ExecutionResult {
+                success,
+                exit_code: None,
+                duration_ms: Some(duration_ms),
+                error: error.map(String::from),
+            });
+
+        self.log(&event)
+    }
+
+    /// Log a policy violation
+    pub fn log_violation(&self, channel: &str, description: &str) -> Result<()> {
+        let event = AuditEvent::new(AuditEventType::PolicyViolation)
+            .with_actor(Actor {
+                channel: channel.to_string(),
+                user_id: None,
+                username: None,
+                session_id: None,
+            })
+            .with_action(Action {
+                command: Some(description.to_string()),
+                tool_name: None,
+                risk_level: Some("high".to_string()),
+                approved: false,
+                allowed: false,
+            })
+            .as_violation();
+
+        self.log(&event)
+    }
+
+    /// Check if rotation is needed
+    fn rotate_if_needed(&self) -> Result<()> {
+        if let Ok(metadata) = std::fs::metadata(&self.log_path) {
+            let current_size_mb = metadata.len() / (1024 * 1024);
+            if current_size_mb >= u64::from(self.config.max_size_mb) {
+                self.rotate()?;
+            }
+        }
+        Ok(())
+    }
+
+    /// Rotate the log file
+    fn rotate(&self) -> Result<()> {
+        for i in (1..10).rev() {
+            let old_name = format!("{}.{}.log", self.log_path.display(), i);
+            let new_name = format!("{}.{}.log", self.log_path.display(), i + 1);
+            let _ = std::fs::rename(&old_name, &new_name);
+        }
+
+        let rotated = format!("{}.1.log", self.log_path.display());
+        std::fs::rename(&self.log_path, &rotated)?;
+        Ok(())
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use tempfile::TempDir;
+
+    #[test]
+    fn audit_event_new_creates_unique_id() {
+        let event1 = AuditEvent::new(AuditEventType::CommandExecution);
+        let event2 = AuditEvent::new(AuditEventType::CommandExecution);
+        assert_ne!(event1.event_id, event2.event_id);
+    }
+
+    #[test]
+    fn audit_event_serializes_to_json() {
+        let event = AuditEvent::new(AuditEventType::CommandExecution)
+            .with_actor(Actor {
+                channel: "telegram".to_string(),
+                user_id: None,
+                username: None,
+                session_id: None,
+            })
+            .with_action(Action {
+                command: Some("ls".to_string()),
+                tool_name: None,
+                risk_level: Some("low".to_string()),
+                approved: false,
+                allowed: true,
+            });
+
+        let json = serde_json::to_string(&event);
+        assert!(json.is_ok());
+    }
+
+    #[test]
+    fn audit_logger_disabled_does_not_create_file() -> Result<()> {
+        let tmp = TempDir::new()?;
+        let config = AuditConfig {
+            enabled: false,
+            ..Default::default()
+        };
+        let logger = AuditLogger::new(config, tmp.path().to_path_buf())?;
+        let event = AuditEvent::new(AuditEventType::CommandExecution);
+
+        logger.log(&event)?;
+
+        assert!(!tmp.path().join("audit.log").exists());
+        Ok(())
+    }
+
+    #[test]
+    fn audit_logger_writes_event_when_enabled() -> Result<()> {
+        let tmp = TempDir::new()?;
+        let config = AuditConfig {
+            enabled: true,
+            max_size_mb: 10,
+            ..Default::default()
+        };
+        let logger = AuditLogger::new(config, tmp.path().to_path_buf())?;
+
+        logger.log_command("cli", "ls", "low", false, true, true, 15)?;
+
+        let log_path = tmp.path().join("audit.log");
+        assert!(log_path.exists());
+
+        let content = std::fs::read_to_string(&log_path)?;
+        assert!(!content.is_empty());
+        Ok(())
+    }
+}

package/crates/enact-security/src/lib.rs

@@ -0,0 +1,37 @@
+//! Security policy, audit logging, and sandboxing for Enact agents
+//!
+//! This crate provides:
+//! - Security policy with autonomy levels
+//! - Rate limiting
+//! - Audit logging with rotation
+//! - Action validation
+
+pub mod audit;
+pub mod policy;
+
+pub use audit::{
+    Action, Actor, AuditConfig, AuditEvent, AuditEventType, AuditLogger, ExecutionResult,
+    SecurityContext,
+};
+pub use policy::{
+    ActionValidation, AutonomyLevel, PolicyConfig, RiskLevel, SecurityPolicy,
+};
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use std::path::PathBuf;
+
+    #[test]
+    fn policy_and_audit_integration() {
+        let policy = SecurityPolicy::default_for(PathBuf::from("/tmp/test"));
+        assert!(policy.can_act());
+        assert_eq!(policy.autonomy(), AutonomyLevel::Supervised);
+    }
+
+    #[test]
+    fn audit_event_types() {
+        let event = AuditEvent::new(AuditEventType::CommandExecution);
+        assert!(!event.event_id.is_empty());
+    }
+}