grok-cli-acp 0.1.2

package/src/acp/protocol.rs

@@ -0,0 +1,323 @@
+use serde::{Deserialize, Serialize, Serializer};
+use serde_json::Value;
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Hash)]
+pub struct SessionId(pub String);
+
+impl SessionId {
+    pub fn new(id: impl Into<String>) -> Self {
+        Self(id.into())
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct AgentCapabilities {
+    #[serde(default, rename = "sessionCapabilities")]
+    pub session_capabilities: SessionCapabilities,
+}
+
+impl Default for AgentCapabilities {
+    fn default() -> Self {
+        Self::new()
+    }
+}
+
+impl AgentCapabilities {
+    pub fn new() -> Self {
+        Self {
+            session_capabilities: SessionCapabilities::new(),
+        }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, Default)]
+pub struct SessionCapabilities {}
+
+impl SessionCapabilities {
+    pub fn new() -> Self {
+        Self {}
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct InitializeRequest {
+    #[serde(
+        default = "default_protocol_version",
+        deserialize_with = "deserialize_protocol_version",
+        alias = "protocolVersion"
+    )]
+    pub protocol_version: String,
+    #[serde(default, alias = "clientCapabilities")]
+    pub capabilities: Value,
+    #[serde(default, alias = "clientInfo")]
+    pub client_info: Value,
+}
+
+fn default_protocol_version() -> String {
+    "1".to_string()
+}
+
+fn deserialize_protocol_version<'de, D>(deserializer: D) -> Result<String, D::Error>
+where
+    D: serde::Deserializer<'de>,
+{
+    use serde::de::Error;
+    let value = Value::deserialize(deserializer)?;
+
+    match value {
+        Value::Number(n) => {
+            if let Some(i) = n.as_i64() {
+                Ok(i.to_string())
+            } else if let Some(f) = n.as_f64() {
+                Ok(f.to_string())
+            } else {
+                Ok("1".to_string())
+            }
+        }
+        Value::String(s) => Ok(s),
+        _ => Err(D::Error::custom(
+            "protocol_version must be a number or string",
+        )),
+    }
+}
+
+fn serialize_protocol_version<S>(version: &str, serializer: S) -> Result<S::Ok, S::Error>
+where
+    S: Serializer,
+{
+    // Try to parse as integer, if successful serialize as number, otherwise as string
+    if let Ok(num) = version.parse::<i64>() {
+        serializer.serialize_i64(num)
+    } else {
+        serializer.serialize_str(version)
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct InitializeResponse {
+    #[serde(
+        rename = "protocolVersion",
+        serialize_with = "serialize_protocol_version"
+    )]
+    pub protocol_version: String,
+    #[serde(rename = "agentCapabilities")]
+    pub agent_capabilities: AgentCapabilities,
+    #[serde(rename = "agentInfo")]
+    pub agent_info: Implementation,
+}
+
+impl InitializeResponse {
+    pub fn new(version: impl Into<String>) -> Self {
+        Self {
+            protocol_version: version.into(),
+            agent_capabilities: AgentCapabilities::new(),
+            agent_info: Implementation {
+                name: "grok-cli".to_string(),
+                version: env!("CARGO_PKG_VERSION").to_string(),
+            },
+        }
+    }
+
+    pub fn agent_capabilities(mut self, caps: AgentCapabilities) -> Self {
+        self.agent_capabilities = caps;
+        self
+    }
+
+    pub fn agent_info(mut self, info: Implementation) -> Self {
+        self.agent_info = info;
+        self
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct Implementation {
+    pub name: String,
+    pub version: String,
+}
+
+impl Implementation {
+    pub fn new(name: impl Into<String>, version: impl Into<String>) -> Self {
+        Self {
+            name: name.into(),
+            version: version.into(),
+        }
+    }
+}
+
+#[derive(Debug, Serialize, Deserialize)]
+pub struct NewSessionRequest {
+    #[serde(default, alias = "sessionCapabilities")]
+    pub capabilities: Value,
+    #[serde(default, alias = "workspaceRoot")]
+    pub workspace_root: Option<String>,
+    #[serde(default, alias = "workingDirectory")]
+    pub working_directory: Option<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct NewSessionResponse {
+    #[serde(rename = "sessionId")]
+    pub session_id: SessionId,
+}
+
+impl NewSessionResponse {
+    pub fn new(session_id: SessionId) -> Self {
+        Self { session_id }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct PromptRequest {
+    #[serde(alias = "sessionId")]
+    pub session_id: SessionId,
+    pub prompt: Vec<ContentBlock>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(tag = "type")]
+pub enum ContentBlock {
+    #[serde(rename = "text")]
+    Text(TextContent),
+    #[serde(rename = "resource")]
+    Resource(ResourceContent),
+    #[serde(rename = "resource_link")]
+    ResourceLink(ResourceLinkContent),
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct TextContent {
+    pub text: String,
+}
+
+impl TextContent {
+    pub fn new(text: impl Into<String>) -> Self {
+        Self { text: text.into() }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct ResourceContent {
+    pub resource: EmbeddedResourceResource,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(untagged)]
+pub enum EmbeddedResourceResource {
+    TextResourceContents(TextResourceContents),
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct TextResourceContents {
+    pub uri: String,
+    pub text: String,
+    #[serde(rename = "mimeType", skip_serializing_if = "Option::is_none")]
+    pub mime_type: Option<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct ResourceLinkContent {
+    pub uri: String,
+    pub name: String,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct PromptResponse {
+    #[serde(rename = "stopReason")]
+    pub stop_reason: StopReason,
+}
+
+impl PromptResponse {
+    pub fn new(stop_reason: StopReason) -> Self {
+        Self { stop_reason }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "snake_case")]
+pub enum StopReason {
+    EndTurn,
+    MaxTokens,
+    StopSequence,
+    ToolUse,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct SessionNotification {
+    #[serde(rename = "sessionId")]
+    pub session_id: SessionId,
+    pub update: SessionUpdate,
+}
+
+impl SessionNotification {
+    pub fn new(session_id: SessionId, update: SessionUpdate) -> Self {
+        Self { session_id, update }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(tag = "sessionUpdate")]
+pub enum SessionUpdate {
+    #[serde(rename = "agent_message_chunk")]
+    AgentMessageChunk(ContentChunk),
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct ContentChunk {
+    pub content: ContentBlock,
+}
+
+impl ContentChunk {
+    pub fn new(content: ContentBlock) -> Self {
+        Self { content }
+    }
+}
+
+pub struct ProtocolVersion;
+
+impl ProtocolVersion {
+    pub const LATEST: &'static str = "1";
+    pub const V1: &'static str = "1";
+    pub const DATE_FORMAT: &'static str = "2024-04-15";
+}
+
+pub struct MethodNames {
+    pub initialize: &'static str,
+    pub session_new: &'static str,
+    pub session_prompt: &'static str,
+}
+
+pub const AGENT_METHOD_NAMES: MethodNames = MethodNames {
+    initialize: "initialize",
+    session_new: "session/new",
+    session_prompt: "session/prompt",
+};
+
+#[cfg(test)]
+mod serialization_tests {
+    use super::*;
+    use serde_json::json;
+
+    #[test]
+    fn test_session_notification_serialization() {
+        let text = "Hello world";
+        let content = ContentBlock::Text(TextContent::new(text));
+        let update = SessionUpdate::AgentMessageChunk(ContentChunk::new(content));
+        let notification = SessionNotification::new(SessionId::new("session-123"), update);
+
+        let json = serde_json::to_string_pretty(&notification).unwrap();
+        println!("Serialized Notification: {}", json);
+
+        let expected = json!({
+            "sessionId": "session-123",
+            "update": {
+                "sessionUpdate": "agent_message_chunk",
+                "content": {
+                    "type": "text",
+                    "text": "Hello world"
+                }
+            }
+        });
+
+        assert_eq!(serde_json::to_value(&notification).unwrap(), expected);
+    }
+}

package/src/acp/security.rs

@@ -0,0 +1,298 @@
+use anyhow::{Result, anyhow};
+use std::path::{Path, PathBuf};
+use std::sync::{Arc, Mutex};
+
+#[derive(Debug, Clone)]
+pub struct SecurityPolicy {
+    trusted_directories: Vec<PathBuf>,
+    working_directory: PathBuf,
+}
+
+impl SecurityPolicy {
+    pub fn new() -> Self {
+        let working_directory = std::env::current_dir().unwrap_or_else(|_| PathBuf::from("."));
+        Self {
+            trusted_directories: Vec::new(),
+            working_directory,
+        }
+    }
+
+    pub fn with_working_directory(working_directory: PathBuf) -> Self {
+        Self {
+            trusted_directories: Vec::new(),
+            working_directory,
+        }
+    }
+
+    pub fn add_trusted_directory<P: AsRef<Path>>(&mut self, path: P) {
+        let path = path.as_ref();
+        // Canonicalize the path to resolve symlinks and make it absolute
+        let canonical = path.canonicalize().unwrap_or_else(|_| path.to_path_buf());
+        self.trusted_directories.push(canonical);
+    }
+
+    /// Get the working directory
+    pub fn working_directory(&self) -> &Path {
+        &self.working_directory
+    }
+
+    /// Resolve a path to its canonical absolute form
+    pub fn resolve_path<P: AsRef<Path>>(&self, path: P) -> Result<PathBuf> {
+        let path = path.as_ref();
+
+        // Convert to absolute path relative to working directory
+        let absolute = if path.is_absolute() {
+            path.to_path_buf()
+        } else {
+            self.working_directory.join(path)
+        };
+
+        // Canonicalize to resolve symlinks and .. components
+        // If the file doesn't exist yet, try to canonicalize the parent
+        absolute.canonicalize().or_else(|_| {
+            if let Some(parent) = absolute.parent() {
+                let canonical_parent = parent.canonicalize()?;
+                if let Some(file_name) = absolute.file_name() {
+                    Ok(canonical_parent.join(file_name))
+                } else {
+                    Ok(canonical_parent)
+                }
+            } else {
+                Ok(absolute)
+            }
+        })
+    }
+
+    pub fn is_path_trusted<P: AsRef<Path>>(&self, path: P) -> bool {
+        // Resolve the path first
+        let resolved = match self.resolve_path(path) {
+            Ok(p) => p,
+            Err(_) => return false,
+        };
+
+        // If no trusted directories are set, everything is untrusted (deny by default)
+        if self.trusted_directories.is_empty() {
+            return false;
+        }
+
+        self.trusted_directories
+            .iter()
+            .any(|trusted| resolved.starts_with(trusted))
+    }
+
+    pub fn validate_shell_command(&self, command: &str) -> Result<()> {
+        // Basic blacklist for really dangerous things if needed,
+        // but mostly we rely on user confirmation + trusted scope.
+        // For now, allow all if confirmed.
+        if command.trim().is_empty() {
+            return Err(anyhow!("Command cannot be empty"));
+        }
+        Ok(())
+    }
+}
+
+pub struct SecurityManager {
+    policy: Arc<Mutex<SecurityPolicy>>,
+}
+
+impl SecurityManager {
+    pub fn new() -> Self {
+        Self {
+            policy: Arc::new(Mutex::new(SecurityPolicy::new())),
+        }
+    }
+
+    pub fn get_policy(&self) -> SecurityPolicy {
+        self.policy
+            .lock()
+            .expect("SecurityManager mutex poisoned - this is a bug")
+            .clone()
+    }
+
+    pub fn add_trusted_directory<P: AsRef<Path>>(&self, path: P) {
+        self.policy
+            .lock()
+            .expect("SecurityManager mutex poisoned - this is a bug")
+            .add_trusted_directory(path);
+    }
+
+    pub fn check_path_access<P: AsRef<Path>>(&self, path: P) -> Result<()> {
+        if self.get_policy().is_path_trusted(path) {
+            Ok(())
+        } else {
+            Err(anyhow!("Access denied: Path is not in a trusted directory"))
+        }
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use std::fs;
+    use tempfile::TempDir;
+
+    #[test]
+    fn test_absolute_path_trusted() {
+        let temp_dir = TempDir::new().unwrap();
+        let temp_path = temp_dir.path().canonicalize().unwrap();
+
+        let mut policy = SecurityPolicy::with_working_directory(temp_path.clone());
+        policy.add_trusted_directory(&temp_path);
+
+        // Create a test file
+        let file_path = temp_path.join("test.txt");
+        fs::write(&file_path, "test").unwrap();
+
+        // Absolute path should be trusted
+        assert!(policy.is_path_trusted(&file_path));
+    }
+
+    #[test]
+    fn test_relative_path_resolution() {
+        let temp_dir = TempDir::new().unwrap();
+        let temp_path = temp_dir.path().canonicalize().unwrap();
+
+        let mut policy = SecurityPolicy::with_working_directory(temp_path.clone());
+        policy.add_trusted_directory(&temp_path);
+
+        // Create a test file
+        let file_path = temp_path.join("test.txt");
+        fs::write(&file_path, "test").unwrap();
+
+        // Relative path should be resolved and trusted
+        assert!(policy.is_path_trusted("test.txt"));
+        assert!(policy.is_path_trusted("./test.txt"));
+    }
+
+    #[test]
+    fn test_parent_directory_access() {
+        let temp_dir = TempDir::new().unwrap();
+        let temp_path = temp_dir.path().canonicalize().unwrap();
+
+        // Create subdirectory
+        let sub_dir = temp_path.join("subdir");
+        fs::create_dir(&sub_dir).unwrap();
+
+        // Create file in parent
+        let file_path = temp_path.join("parent.txt");
+        fs::write(&file_path, "test").unwrap();
+
+        // Set working directory to subdirectory, but trust parent
+        let mut policy = SecurityPolicy::with_working_directory(sub_dir.clone());
+        policy.add_trusted_directory(&temp_path);
+
+        // Access file in parent using relative path
+        assert!(policy.is_path_trusted("../parent.txt"));
+    }
+
+    #[test]
+    fn test_path_outside_trusted_denied() {
+        let temp_dir = TempDir::new().unwrap();
+        let temp_path = temp_dir.path().canonicalize().unwrap();
+
+        let mut policy = SecurityPolicy::with_working_directory(temp_path.clone());
+        policy.add_trusted_directory(&temp_path);
+
+        // Path outside trusted directory should be denied
+        #[cfg(target_os = "windows")]
+        let outside_path = "C:\\Windows\\System32\\cmd.exe";
+        #[cfg(not(target_os = "windows"))]
+        let outside_path = "/etc/passwd";
+
+        assert!(!policy.is_path_trusted(outside_path));
+    }
+
+    #[test]
+    fn test_resolve_path_nonexistent() {
+        let temp_dir = TempDir::new().unwrap();
+        let temp_path = temp_dir.path().canonicalize().unwrap();
+
+        let policy = SecurityPolicy::with_working_directory(temp_path.clone());
+
+        // Should resolve path even if file doesn't exist yet
+        let result = policy.resolve_path("newfile.txt");
+        assert!(result.is_ok());
+        let resolved = result.unwrap();
+        assert_eq!(resolved, temp_path.join("newfile.txt"));
+    }
+
+    #[test]
+    fn test_symlink_resolution() {
+        let temp_dir = TempDir::new().unwrap();
+        let temp_path = temp_dir.path().canonicalize().unwrap();
+
+        // Create a file
+        let real_file = temp_path.join("real.txt");
+        fs::write(&real_file, "test").unwrap();
+
+        // Create a symlink (skip on Windows if not admin)
+        #[cfg(unix)]
+        {
+            let link_path = temp_path.join("link.txt");
+            std::os::unix::fs::symlink(&real_file, &link_path).unwrap();
+
+            let mut policy = SecurityPolicy::with_working_directory(temp_path.clone());
+            policy.add_trusted_directory(&temp_path);
+
+            // Symlink should resolve to real path and be trusted
+            assert!(policy.is_path_trusted("link.txt"));
+        }
+    }
+
+    #[test]
+    fn test_multiple_trusted_directories() {
+        let temp_dir1 = TempDir::new().unwrap();
+        let temp_dir2 = TempDir::new().unwrap();
+        let temp_path1 = temp_dir1.path().canonicalize().unwrap();
+        let temp_path2 = temp_dir2.path().canonicalize().unwrap();
+
+        let mut policy = SecurityPolicy::with_working_directory(temp_path1.clone());
+        policy.add_trusted_directory(&temp_path1);
+        policy.add_trusted_directory(&temp_path2);
+
+        // Create files in both directories
+        let file1 = temp_path1.join("file1.txt");
+        let file2 = temp_path2.join("file2.txt");
+        fs::write(&file1, "test1").unwrap();
+        fs::write(&file2, "test2").unwrap();
+
+        // Both should be trusted
+        assert!(policy.is_path_trusted(&file1));
+        assert!(policy.is_path_trusted(&file2));
+    }
+
+    #[test]
+    fn test_empty_trusted_directories() {
+        let temp_dir = TempDir::new().unwrap();
+        let temp_path = temp_dir.path().canonicalize().unwrap();
+
+        let policy = SecurityPolicy::with_working_directory(temp_path.clone());
+
+        // Without any trusted directories, nothing should be trusted
+        assert!(!policy.is_path_trusted("test.txt"));
+    }
+
+    #[test]
+    fn test_security_manager() {
+        let temp_dir = TempDir::new().unwrap();
+        let temp_path = temp_dir.path().canonicalize().unwrap();
+
+        let manager = SecurityManager::new();
+        manager.add_trusted_directory(&temp_path);
+
+        // Create a test file
+        let file_path = temp_path.join("test.txt");
+        fs::write(&file_path, "test").unwrap();
+
+        // Should be able to check access
+        assert!(manager.check_path_access(&file_path).is_ok());
+
+        // Path outside should be denied
+        #[cfg(target_os = "windows")]
+        let outside_path = "C:\\Windows\\System32\\cmd.exe";
+        #[cfg(not(target_os = "windows"))]
+        let outside_path = "/etc/passwd";
+
+        assert!(manager.check_path_access(outside_path).is_err());
+    }
+}