enya-agent 0.1.0

package/crates/enact-skills/src/lib.rs

@@ -0,0 +1,506 @@
+use anyhow::Result;
+use directories::UserDirs;
+use serde::{Deserialize, Serialize};
+use std::collections::HashMap;
+use std::path::{Path, PathBuf};
+use std::process::Command;
+use std::time::{Duration, SystemTime};
+
+const OPEN_SKILLS_REPO_URL: &str = "https://github.com/besoeasy/open-skills";
+const OPEN_SKILLS_SYNC_MARKER: &str = ".enact-open-skills-sync";
+const OPEN_SKILLS_SYNC_INTERVAL_SECS: u64 = 60 * 60 * 24 * 7;
+
+/// A skill is a user-defined or community-built capability.
+/// Skills live in `~/.enact/skills/<name>/SKILL.toml`
+/// and can include tool definitions, prompts, and automation scripts.
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct Skill {
+    pub name: String,
+    pub description: String,
+    pub version: String,
+    #[serde(default)]
+    pub author: Option<String>,
+    #[serde(default)]
+    pub tags: Vec<String>,
+    #[serde(default)]
+    pub tools: Vec<SkillTool>,
+    #[serde(default)]
+    pub prompts: Vec<String>,
+    #[serde(skip)]
+    pub location: Option<PathBuf>,
+}
+
+/// A tool defined by a skill (shell command, HTTP call, etc.)
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct SkillTool {
+    pub name: String,
+    pub description: String,
+    /// "shell", "http", "script"
+    pub kind: String,
+    /// The command/URL/script to execute
+    pub command: String,
+    #[serde(default)]
+    pub args: HashMap<String, String>,
+}
+
+/// Skill manifest parsed from SKILL.toml
+#[derive(Debug, Clone, Serialize, Deserialize)]
+struct SkillManifest {
+    skill: SkillMeta,
+    #[serde(default)]
+    tools: Vec<SkillTool>,
+    #[serde(default)]
+    prompts: Vec<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+struct SkillMeta {
+    name: String,
+    description: String,
+    #[serde(default = "default_version")]
+    version: String,
+    #[serde(default)]
+    author: Option<String>,
+    #[serde(default)]
+    tags: Vec<String>,
+}
+
+fn default_version() -> String {
+    "0.1.0".to_string()
+}
+
+/// Load all skills from the workspace skills directory
+pub fn load_skills(workspace_dir: &Path) -> Vec<Skill> {
+    let mut skills = Vec::new();
+
+    if let Some(open_skills_dir) = ensure_open_skills_repo() {
+        skills.extend(load_open_skills(&open_skills_dir));
+    }
+
+    skills.extend(load_workspace_skills(workspace_dir));
+    skills
+}
+
+fn load_workspace_skills(workspace_dir: &Path) -> Vec<Skill> {
+    let skills_dir = workspace_dir.join("skills");
+    load_skills_from_directory(&skills_dir)
+}
+
+fn load_skills_from_directory(skills_dir: &Path) -> Vec<Skill> {
+    if !skills_dir.exists() {
+        return Vec::new();
+    }
+
+    let mut skills = Vec::new();
+
+    let Ok(entries) = std::fs::read_dir(skills_dir) else {
+        return skills;
+    };
+
+    for entry in entries.flatten() {
+        let path = entry.path();
+        if !path.is_dir() {
+            continue;
+        }
+
+        // Try SKILL.toml first, then SKILL.md
+        let manifest_path = path.join("SKILL.toml");
+        let md_path = path.join("SKILL.md");
+
+        if manifest_path.exists() {
+            if let Ok(skill) = load_skill_toml(&manifest_path) {
+                skills.push(skill);
+            }
+        } else if md_path.exists() {
+            if let Ok(skill) = load_skill_md(&md_path, &path) {
+                skills.push(skill);
+            }
+        }
+    }
+
+    skills
+}
+
+fn load_open_skills(repo_dir: &Path) -> Vec<Skill> {
+    let mut skills = Vec::new();
+
+    let Ok(entries) = std::fs::read_dir(repo_dir) else {
+        return skills;
+    };
+
+    for entry in entries.flatten() {
+        let path = entry.path();
+        if !path.is_file() {
+            continue;
+        }
+
+        let is_markdown = path
+            .extension()
+            .and_then(|ext| ext.to_str())
+            .is_some_and(|ext| ext.eq_ignore_ascii_case("md"));
+        if !is_markdown {
+            continue;
+        }
+
+        let is_readme = path
+            .file_name()
+            .and_then(|name| name.to_str())
+            .is_some_and(|name| name.eq_ignore_ascii_case("README.md"));
+        if is_readme {
+            continue;
+        }
+
+        if let Ok(skill) = load_open_skill_md(&path) {
+            skills.push(skill);
+        }
+    }
+
+    skills
+}
+
+fn open_skills_enabled() -> bool {
+    if let Ok(raw) = std::env::var("ENACT_OPEN_SKILLS_ENABLED") {
+        let value = raw.trim().to_ascii_lowercase();
+        return !matches!(value.as_str(), "0" | "false" | "off" | "no");
+    }
+
+    // Keep tests deterministic and network-free by default.
+    !cfg!(test)
+}
+
+fn resolve_open_skills_dir() -> Option<PathBuf> {
+    if let Ok(path) = std::env::var("ENACT_OPEN_SKILLS_DIR") {
+        let trimmed = path.trim();
+        if !trimmed.is_empty() {
+            return Some(PathBuf::from(trimmed));
+        }
+    }
+
+    UserDirs::new().map(|dirs| dirs.home_dir().join("open-skills"))
+}
+
+fn ensure_open_skills_repo() -> Option<PathBuf> {
+    if !open_skills_enabled() {
+        return None;
+    }
+
+    let repo_dir = resolve_open_skills_dir()?;
+
+    if !repo_dir.exists() {
+        if !clone_open_skills_repo(&repo_dir) {
+            return None;
+        }
+        let _ = mark_open_skills_synced(&repo_dir);
+        return Some(repo_dir);
+    }
+
+    if should_sync_open_skills(&repo_dir) {
+        if pull_open_skills_repo(&repo_dir) {
+            let _ = mark_open_skills_synced(&repo_dir);
+        } else {
+            tracing::warn!(
+                "open-skills update failed; using local copy from {}",
+                repo_dir.display()
+            );
+        }
+    }
+
+    Some(repo_dir)
+}
+
+fn clone_open_skills_repo(repo_dir: &Path) -> bool {
+    if let Some(parent) = repo_dir.parent() {
+        if let Err(err) = std::fs::create_dir_all(parent) {
+            tracing::warn!(
+                "failed to create open-skills parent directory {}: {err}",
+                parent.display()
+            );
+            return false;
+        }
+    }
+
+    let output = Command::new("git")
+        .args(["clone", "--depth", "1", OPEN_SKILLS_REPO_URL])
+        .arg(repo_dir)
+        .output();
+
+    match output {
+        Ok(result) if result.status.success() => {
+            tracing::info!("initialized open-skills at {}", repo_dir.display());
+            true
+        }
+        Ok(result) => {
+            let stderr = String::from_utf8_lossy(&result.stderr);
+            tracing::warn!("failed to clone open-skills: {stderr}");
+            false
+        }
+        Err(err) => {
+            tracing::warn!("failed to run git clone for open-skills: {err}");
+            false
+        }
+    }
+}
+
+fn pull_open_skills_repo(repo_dir: &Path) -> bool {
+    // If user points to a non-git directory via env var, keep using it without pulling.
+    if !repo_dir.join(".git").exists() {
+        return true;
+    }
+
+    let output = Command::new("git")
+        .arg("-C")
+        .arg(repo_dir)
+        .args(["pull", "--ff-only"])
+        .output();
+
+    match output {
+        Ok(result) if result.status.success() => true,
+        Ok(result) => {
+            let stderr = String::from_utf8_lossy(&result.stderr);
+            tracing::warn!("failed to pull open-skills updates: {stderr}");
+            false
+        }
+        Err(err) => {
+            tracing::warn!("failed to run git pull for open-skills: {err}");
+            false
+        }
+    }
+}
+
+fn should_sync_open_skills(repo_dir: &Path) -> bool {
+    let marker = repo_dir.join(OPEN_SKILLS_SYNC_MARKER);
+    let Ok(metadata) = std::fs::metadata(marker) else {
+        return true;
+    };
+    let Ok(modified_at) = metadata.modified() else {
+        return true;
+    };
+    let Ok(age) = SystemTime::now().duration_since(modified_at) else {
+        return true;
+    };
+
+    age >= Duration::from_secs(OPEN_SKILLS_SYNC_INTERVAL_SECS)
+}
+
+fn mark_open_skills_synced(repo_dir: &Path) -> Result<()> {
+    std::fs::write(repo_dir.join(OPEN_SKILLS_SYNC_MARKER), b"synced")?;
+    Ok(())
+}
+
+/// Load a skill from a SKILL.toml manifest
+fn load_skill_toml(path: &Path) -> Result<Skill> {
+    let content = std::fs::read_to_string(path)?;
+    let manifest: SkillManifest = toml::from_str(&content)?;
+
+    Ok(Skill {
+        name: manifest.skill.name,
+        description: manifest.skill.description,
+        version: manifest.skill.version,
+        author: manifest.skill.author,
+        tags: manifest.skill.tags,
+        tools: manifest.tools,
+        prompts: manifest.prompts,
+        location: Some(path.to_path_buf()),
+    })
+}
+
+/// Load a skill from a SKILL.md file (simpler format)
+fn load_skill_md(path: &Path, dir: &Path) -> Result<Skill> {
+    let content = std::fs::read_to_string(path)?;
+    let name = dir
+        .file_name()
+        .and_then(|n| n.to_str())
+        .unwrap_or("unknown")
+        .to_string();
+
+    Ok(Skill {
+        name,
+        description: extract_description(&content),
+        version: "0.1.0".to_string(),
+        author: None,
+        tags: Vec::new(),
+        tools: Vec::new(),
+        prompts: vec![content],
+        location: Some(path.to_path_buf()),
+    })
+}
+
+fn load_open_skill_md(path: &Path) -> Result<Skill> {
+    let content = std::fs::read_to_string(path)?;
+    let name = path
+        .file_stem()
+        .and_then(|n| n.to_str())
+        .unwrap_or("open-skill")
+        .to_string();
+
+    Ok(Skill {
+        name,
+        description: extract_description(&content),
+        version: "open-skills".to_string(),
+        author: Some("besoeasy/open-skills".to_string()),
+        tags: vec!["open-skills".to_string()],
+        tools: Vec::new(),
+        prompts: vec![content],
+        location: Some(path.to_path_buf()),
+    })
+}
+
+fn extract_description(content: &str) -> String {
+    content
+        .lines()
+        .find(|line| !line.starts_with('#') && !line.trim().is_empty())
+        .unwrap_or("No description")
+        .trim()
+        .to_string()
+}
+
+/// Build a system prompt addition from all loaded skills
+pub fn skills_to_prompt(skills: &[Skill]) -> String {
+    use std::fmt::Write;
+
+    if skills.is_empty() {
+        return String::new();
+    }
+
+    let mut prompt = String::from("\n## Active Skills\n\n");
+
+    for skill in skills {
+        let _ = writeln!(prompt, "### {} (v{})", skill.name, skill.version);
+        let _ = writeln!(prompt, "{}", skill.description);
+
+        if !skill.tools.is_empty() {
+            prompt.push_str("Tools:\n");
+            for tool in &skill.tools {
+                let _ = writeln!(
+                    prompt,
+                    "- **{}**: {} ({})",
+                    tool.name, tool.description, tool.kind
+                );
+            }
+        }
+
+        for p in &skill.prompts {
+            prompt.push_str(p);
+            prompt.push('\n');
+        }
+
+        prompt.push('\n');
+    }
+
+    prompt
+}
+
+/// Get the skills directory path
+pub fn skills_dir(workspace_dir: &Path) -> PathBuf {
+    workspace_dir.join("skills")
+}
+
+/// Initialize the skills directory with a README
+pub fn init_skills_dir(workspace_dir: &Path) -> Result<()> {
+    let dir = skills_dir(workspace_dir);
+    std::fs::create_dir_all(&dir)?;
+
+    let readme = dir.join("README.md");
+    if !readme.exists() {
+        std::fs::write(
+            &readme,
+            "# Enact Skills\n\n\
+             Each subdirectory is a skill. Create a `SKILL.toml` or `SKILL.md` file inside.\n\n\
+             ## SKILL.toml format\n\n\
+             ```toml\n\
+             [skill]\n\
+             name = \"my-skill\"\n\
+             description = \"What this skill does\"\n\
+             version = \"0.1.0\"\n\
+             author = \"your-name\"\n\
+             tags = [\"productivity\", \"automation\"]\n\n\
+             [[tools]]\n\
+             name = \"my_tool\"\n\
+             description = \"What this tool does\"\n\
+             kind = \"shell\"\n\
+             command = \"echo hello\"\n\
+             ```\n\n\
+             ## SKILL.md format (simpler)\n\n\
+             Just write a markdown file with instructions for the agent.\n\
+             The agent will read it and follow the instructions.\n",
+        )?;
+    }
+
+    Ok(())
+}
+
+#[cfg(test)]
+#[allow(clippy::similar_names)]
+mod tests {
+    use super::*;
+    use std::fs;
+
+    #[test]
+    fn load_empty_skills_dir() {
+        let dir = tempfile::tempdir().unwrap();
+        let skills = load_skills(dir.path());
+        assert!(skills.is_empty());
+    }
+
+    #[test]
+    fn load_skill_from_toml() {
+        let dir = tempfile::tempdir().unwrap();
+        let skills_dir = dir.path().join("skills");
+        let skill_dir = skills_dir.join("test-skill");
+        fs::create_dir_all(&skill_dir).unwrap();
+
+        fs::write(
+            skill_dir.join("SKILL.toml"),
+            r#"
+[skill]
+name = "test-skill"
+description = "A test skill"
+version = "1.0.0"
+tags = ["test"]
+
+[[tools]]
+name = "hello"
+description = "Says hello"
+kind = "shell"
+command = "echo hello"
+"#,
+        )
+        .unwrap();
+
+        let skills = load_skills(dir.path());
+        assert_eq!(skills.len(), 1);
+        assert_eq!(skills[0].name, "test-skill");
+        assert_eq!(skills[0].tools.len(), 1);
+        assert_eq!(skills[0].tools[0].name, "hello");
+    }
+
+    #[test]
+    fn skills_to_prompt_empty() {
+        let prompt = skills_to_prompt(&[]);
+        assert!(prompt.is_empty());
+    }
+
+    #[test]
+    fn skills_to_prompt_with_skills() {
+        let skills = vec![Skill {
+            name: "test".to_string(),
+            description: "A test".to_string(),
+            version: "1.0.0".to_string(),
+            author: None,
+            tags: vec![],
+            tools: vec![],
+            prompts: vec!["Do the thing.".to_string()],
+            location: None,
+        }];
+        let prompt = skills_to_prompt(&skills);
+        assert!(prompt.contains("test"));
+        assert!(prompt.contains("Do the thing"));
+    }
+
+    #[test]
+    fn init_skills_creates_readme() {
+        let dir = tempfile::tempdir().unwrap();
+        init_skills_dir(dir.path()).unwrap();
+        assert!(dir.path().join("skills").join("README.md").exists());
+    }
+}

package/crates/enact-tools/Cargo.toml

@@ -0,0 +1,22 @@
+[package]
+name = "enact-tools"
+version.workspace = true
+edition.workspace = true
+license.workspace = true
+description = "Built-in tools for Enact agents"
+repository.workspace = true
+homepage.workspace = true
+keywords = ["tools", "http", "browser", "utilities"]
+categories.workspace = true
+
+[dependencies]
+anyhow.workspace = true
+async-trait.workspace = true
+tokio.workspace = true
+serde.workspace = true
+serde_json.workspace = true
+tracing.workspace = true
+reqwest.workspace = true
+
+[dev-dependencies]
+tempfile.workspace = true

package/crates/enact-tools/src/file_read.rs

@@ -0,0 +1,166 @@
+//! File read tool with path sandboxing
+
+use crate::security::SecurityPolicy;
+use crate::traits::{Tool, ToolResult};
+use async_trait::async_trait;
+use serde_json::json;
+use std::sync::Arc;
+
+const MAX_FILE_SIZE_BYTES: u64 = 10 * 1024 * 1024;
+
+/// Read file contents with path sandboxing
+pub struct FileReadTool {
+    security: Arc<SecurityPolicy>,
+}
+
+impl FileReadTool {
+    pub fn new(security: Arc<SecurityPolicy>) -> Self {
+        Self { security }
+    }
+}
+
+#[async_trait]
+impl Tool for FileReadTool {
+    fn name(&self) -> &str {
+        "file_read"
+    }
+
+    fn description(&self) -> &str {
+        "Read the contents of a file in the workspace"
+    }
+
+    fn parameters_schema(&self) -> serde_json::Value {
+        json!({
+            "type": "object",
+            "properties": {
+                "path": {
+                    "type": "string",
+                    "description": "Relative path to the file within the workspace"
+                }
+            },
+            "required": ["path"]
+        })
+    }
+
+    async fn execute(&self, args: serde_json::Value) -> anyhow::Result<ToolResult> {
+        let path = args
+            .get("path")
+            .and_then(|v| v.as_str())
+            .ok_or_else(|| anyhow::anyhow!("Missing 'path' parameter"))?;
+
+        if self.security.is_rate_limited() {
+            return Ok(ToolResult::failure(
+                "Rate limit exceeded: too many actions in the last hour",
+            ));
+        }
+
+        // Security check: validate path is within workspace
+        if !self.security.is_path_allowed(path) {
+            return Ok(ToolResult::failure(format!(
+                "Path not allowed by security policy: {path}"
+            )));
+        }
+
+        // Record action BEFORE canonicalization
+        if !self.security.record_action() {
+            return Ok(ToolResult::failure(
+                "Rate limit exceeded: action budget exhausted",
+            ));
+        }
+
+        let full_path = self.security.workspace_dir.join(path);
+
+        // Resolve path before reading to block symlink escapes
+        let resolved_path = match tokio::fs::canonicalize(&full_path).await {
+            Ok(p) => p,
+            Err(e) => {
+                return Ok(ToolResult::failure(format!(
+                    "Failed to resolve file path: {e}"
+                )));
+            }
+        };
+
+        if !self.security.is_resolved_path_allowed(&resolved_path) {
+            return Ok(ToolResult::failure(format!(
+                "Resolved path escapes workspace: {}",
+                resolved_path.display()
+            )));
+        }
+
+        // Check file size
+        match tokio::fs::metadata(&resolved_path).await {
+            Ok(meta) => {
+                if meta.len() > MAX_FILE_SIZE_BYTES {
+                    return Ok(ToolResult::failure(format!(
+                        "File too large: {} bytes (limit: {MAX_FILE_SIZE_BYTES} bytes)",
+                        meta.len()
+                    )));
+                }
+            }
+            Err(e) => {
+                return Ok(ToolResult::failure(format!(
+                    "Failed to read file metadata: {e}"
+                )));
+            }
+        }
+
+        match tokio::fs::read_to_string(&resolved_path).await {
+            Ok(contents) => Ok(ToolResult::success(contents)),
+            Err(e) => Ok(ToolResult::failure(format!("Failed to read file: {e}"))),
+        }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use crate::security::AutonomyLevel;
+
+    fn test_security(workspace: std::path::PathBuf) -> Arc<SecurityPolicy> {
+        Arc::new(SecurityPolicy {
+            autonomy: AutonomyLevel::Supervised,
+            workspace_dir: workspace,
+            ..SecurityPolicy::default()
+        })
+    }
+
+    #[test]
+    fn file_read_name() {
+        let tool = FileReadTool::new(test_security(std::env::temp_dir()));
+        assert_eq!(tool.name(), "file_read");
+    }
+
+    #[tokio::test]
+    async fn file_read_blocks_path_traversal() {
+        let dir = std::env::temp_dir().join("enact_test_file_read_traversal");
+        let _ = tokio::fs::remove_dir_all(&dir).await;
+        tokio::fs::create_dir_all(&dir).await.unwrap();
+
+        let tool = FileReadTool::new(test_security(dir.clone()));
+        let result = tool
+            .execute(json!({"path": "../../../etc/passwd"}))
+            .await
+            .unwrap();
+        assert!(!result.success);
+        assert!(result.error.as_ref().unwrap().contains("not allowed"));
+
+        let _ = tokio::fs::remove_dir_all(&dir).await;
+    }
+
+    #[tokio::test]
+    async fn file_read_existing_file() {
+        let dir = std::env::temp_dir().join("enact_test_file_read");
+        let _ = tokio::fs::remove_dir_all(&dir).await;
+        tokio::fs::create_dir_all(&dir).await.unwrap();
+        tokio::fs::write(dir.join("test.txt"), "hello world")
+            .await
+            .unwrap();
+
+        let tool = FileReadTool::new(test_security(dir.clone()));
+        let result = tool.execute(json!({"path": "test.txt"})).await.unwrap();
+        assert!(result.success);
+        assert_eq!(result.output, "hello world");
+
+        let _ = tokio::fs::remove_dir_all(&dir).await;
+    }
+}