ltcai 3.4.0 → 3.5.0

package/static/v3/js/views/{my-computer.c3ef5283.js → my-computer.d9d9ae1c.js}

@@ -211,12 +211,15 @@ function buildAgent({ h, icon, c }, res) {
   const folders = d.folders || {};
 
   const online = !!agent.online;
+  const mode = d.mode || (online ? "online" : "offline");
 
   const rows = [
+    { k: "Mode", v: mode, icon: "activity" },
+    { k: "Version", v: d.version || "—", mono: true, icon: "tag" },
+    { k: "PID", v: d.pid != null ? String(d.pid) : "—", mono: true, icon: "hash" },
     { k: "Platform", v: agent.platform || "—", icon: "device-desktop" },
     { k: "Machine", v: agent.machine || "—", mono: true, icon: "cpu" },
     { k: "Python", v: agent.python || "—", mono: true, icon: "code" },
-    { k: "Kind", v: agent.kind || "on-device runtime", icon: "robot" },
   ];
 
   return h("div.lt3-stack-3",
@@ -231,8 +234,8 @@ function buildAgent({ h, icon, c }, res) {
             h("span.lt3-mono", agent.id)),
         ),
       ),
-      // online is reported by the live endpoint — never fabricated.
-      c.statePill(online ? "active" : "idle"),
+      // mode is probed by the live endpoint (online/degraded/error) — never faked.
+      c.statePill(mode),
     ),
 
     h("dl.lt3-keyval",
@@ -247,7 +250,7 @@ function buildAgent({ h, icon, c }, res) {
       h("div.lt3-row", { style: { "justify-content": "space-between", "align-items": "center" } },
         h("span.lt3-row-2", icon("plug-connected"),
           handshake.ok
-            ? `Handshake OK · ${handshake.transport || "local"}`
+            ? `Handshake OK · ${handshake.transport || "local"}${handshake.latency_ms != null ? " · " + handshake.latency_ms + "ms" : ""}`
             : "Handshake not established"),
         c.statePill(handshake.ok ? "active" : "idle"),
       ),

package/static/v3/js/views/my-computer.js

@@ -211,12 +211,15 @@ function buildAgent({ h, icon, c }, res) {
   const folders = d.folders || {};
 
   const online = !!agent.online;
+  const mode = d.mode || (online ? "online" : "offline");
 
   const rows = [
+    { k: "Mode", v: mode, icon: "activity" },
+    { k: "Version", v: d.version || "—", mono: true, icon: "tag" },
+    { k: "PID", v: d.pid != null ? String(d.pid) : "—", mono: true, icon: "hash" },
     { k: "Platform", v: agent.platform || "—", icon: "device-desktop" },
     { k: "Machine", v: agent.machine || "—", mono: true, icon: "cpu" },
     { k: "Python", v: agent.python || "—", mono: true, icon: "code" },
-    { k: "Kind", v: agent.kind || "on-device runtime", icon: "robot" },
   ];
 
   return h("div.lt3-stack-3",
@@ -231,8 +234,8 @@ function buildAgent({ h, icon, c }, res) {
             h("span.lt3-mono", agent.id)),
         ),
       ),
-      // online is reported by the live endpoint — never fabricated.
-      c.statePill(online ? "active" : "idle"),
+      // mode is probed by the live endpoint (online/degraded/error) — never faked.
+      c.statePill(mode),
     ),
 
     h("dl.lt3-keyval",
@@ -247,7 +250,7 @@ function buildAgent({ h, icon, c }, res) {
       h("div.lt3-row", { style: { "justify-content": "space-between", "align-items": "center" } },
         h("span.lt3-row-2", icon("plug-connected"),
           handshake.ok
-            ? `Handshake OK · ${handshake.transport || "local"}`
+            ? `Handshake OK · ${handshake.transport || "local"}${handshake.latency_ms != null ? " · " + handshake.latency_ms + "ms" : ""}`
             : "Handshake not established"),
         c.statePill(handshake.ok ? "active" : "idle"),
       ),

package/static/workspace.css

@@ -873,7 +873,7 @@ main {
   padding: 16px clamp(16px, 2vw, 28px);
   background: color-mix(in srgb, var(--surface-elevated) 94%, transparent);
   border-bottom: 1px solid var(--line);
-  backdrop-filter: blur(18px);
+  backdrop-filter: none; /* glass removed v3.5.0 */
 }
 
 .topbar-subtitle {

package/tools/__init__.py

@@ -0,0 +1,276 @@
+"""Safe local tools for Lattice AI agent mode.
+
+All filesystem operations are confined to LATTICEAI_AGENT_ROOT, defaulting to
+./agent_workspace. Command execution runs without a shell and from inside that
+workspace.
+
+v3.5.0 splits the historical flat ``tools.py`` into focused submodules
+(computer, filesystem, documents, local_files, knowledge, network, commands)
+while keeping the exact import surface: this package re-exports every public name
+and ``execute_tool``/``DEFAULT_TOOL_REGISTRY``, so ``import tools`` and
+``from tools import X`` behave identically to before. ``AGENT_ROOT`` and the path
+helpers live here as the single source of truth (tests monkeypatch
+``tools.AGENT_ROOT``); submodules read it dynamically.
+"""
+
+import base64
+import json
+import os
+import platform
+import re
+import shlex
+import socket
+import subprocess
+import tempfile
+from html.parser import HTMLParser
+from pathlib import Path
+from typing import Any, Callable, Dict, List, Optional
+
+from latticeai.core.tool_registry import ToolRegistry
+from p_reinforce import BRAIN_DIR, STRUCTURE
+
+_PLATFORM = platform.system()  # "Darwin" | "Windows" | "Linux"
+
+
+# ── base: agent-root sandbox, shared constants, path helpers ──────────────────
+AGENT_ROOT = Path(os.getenv("LATTICEAI_AGENT_ROOT") or "agent_workspace").resolve()
+MAX_FILE_BYTES = 512_000
+MAX_COMMAND_SECONDS = 30
+MAX_BUILD_SECONDS = 180
+MAX_DEPLOY_SECONDS = 300
+MAX_COMMAND_OUTPUT = 12_000
+
+BLOCKED_COMMANDS = {
+    "rm",
+    "rmdir",
+    "sudo",
+    "su",
+    "chmod",
+    "chown",
+    "curl",
+    "wget",
+    "ssh",
+    "scp",
+    "rsync",
+    "dd",
+    "mkfs",
+    "diskutil",
+    "launchctl",
+}
+
+ALLOWED_COMMANDS = {
+    "pwd",
+    "ls",
+    "find",
+    "cat",
+    "sed",
+    "head",
+    "tail",
+    "wc",
+    "rg",
+    "python",
+    "python3",
+    "node",
+    "npm",
+    "npx",
+    "git",
+}
+
+BUILD_SCRIPT_NAMES = {"build", "compile", "typecheck", "test"}
+DEPLOY_SCRIPT_NAMES = {
+    "deploy",
+    "preview",
+    "release",
+    "package",
+    "dist",
+    "make",
+    "build:installer",
+    "build:pkg",
+    "build:exe",
+    "package:mac",
+    "package:win",
+}
+
+ALLOWED_GIT_SUBCOMMANDS = {"status", "diff", "log", "show"}
+
+TEXT_EXTENSIONS = {
+    ".css",
+    ".csv",
+    ".html",
+    ".js",
+    ".json",
+    ".jsx",
+    ".md",
+    ".py",
+    ".ts",
+    ".tsx",
+    ".txt",
+    ".xml",
+    ".yaml",
+    ".yml",
+}
+
+DOCUMENT_OUTPUT_DIR = "generated_documents"
+PRESENTATION_OUTPUT_DIR = "generated_presentations"
+SPREADSHEET_OUTPUT_DIR = "generated_spreadsheets"
+
+
+class ToolError(ValueError):
+    pass
+
+
+def ensure_agent_root() -> Path:
+    AGENT_ROOT.mkdir(parents=True, exist_ok=True)
+    return AGENT_ROOT
+
+
+def _resolve_path(path: str = "") -> Path:
+    ensure_agent_root()
+    if not path:
+        return AGENT_ROOT
+    candidate = (AGENT_ROOT / path).resolve()
+    if candidate != AGENT_ROOT and AGENT_ROOT not in candidate.parents:
+        raise ToolError("Path escapes the agent workspace.")
+    return candidate
+
+
+def _relative(path: Path) -> str:
+    return str(path.relative_to(AGENT_ROOT))
+
+
+# ── document / local / read constants (shared by submodules) ──────────────────
+PDF_OUTPUT_DIR = "generated_pdfs"
+LOCAL_MAX_FILE_BYTES = 2_000_000  # 2 MB cap for local reads
+
+
+# CJK-capable fonts (Korean + Chinese + Japanese)
+_CJK_FONT_CANDIDATES = [
+    "/System/Library/Fonts/AppleSDGothicNeo.ttc",   # Korean (macOS)
+    "/System/Library/Fonts/STHeiti Light.ttc",       # Chinese (macOS)
+    "/System/Library/Fonts/PingFang.ttc",            # Chinese (macOS)
+    "/Library/Fonts/NanumGothic.ttf",               # Korean
+    "/usr/share/fonts/truetype/nanum/NanumGothic.ttf",
+]
+
+_SUPPORTED_READ_EXTENSIONS = {".pdf", ".docx", ".xlsx", ".pptx", ".txt", ".md", ".csv"}
+DOCUMENT_MAX_READ_BYTES = 10_000_000  # 10 MB
+
+
+# ── focused tool submodules (re-exported flat for import compatibility) ───────
+from tools.computer import *  # noqa: E402,F401,F403
+from tools.filesystem import *  # noqa: E402,F401,F403
+from tools.documents import *  # noqa: E402,F401,F403
+from tools.local_files import *  # noqa: E402,F401,F403
+from tools.knowledge import *  # noqa: E402,F401,F403
+from tools.network import *  # noqa: E402,F401,F403
+from tools.commands import *  # noqa: E402,F401,F403
+
+
+# ── tool registry: the single name → invocation source of truth ───────────────
+def _h_create_xlsx(args: Dict[str, Any]) -> Dict[str, Any]:
+    rows = args.get("rows", [])
+    if isinstance(rows, str):
+        rows = json.loads(rows)
+    return create_xlsx(rows, args.get("filename", "spreadsheet.xlsx"), args.get("sheet_name", "Sheet1"))
+
+
+def _h_create_pptx(args: Dict[str, Any]) -> Dict[str, Any]:
+    slides = args.get("slides", [])
+    if isinstance(slides, str):
+        slides = json.loads(slides)
+    return create_pptx(args.get("title", ""), slides, args.get("filename", "presentation.pptx"))
+
+
+# ── Tool registry: the single source of truth for name → invocation ───────────
+# Each entry binds the args dict to a tool function. ``execute_tool`` is a
+# lookup over this table — adding a tool means adding one entry here, not
+# editing an if/elif chain. server.py's governance map and catalog brief are
+# checked against ``registered_tools()`` so the three never silently drift.
+TOOL_HANDLERS: Dict[str, Callable[[Dict[str, Any]], Dict[str, Any]]] = {
+    # filesystem
+    "list_dir":          lambda a: list_dir(a.get("path", ".")),
+    "workspace_tree":    lambda a: workspace_tree(a.get("path", "."), a.get("max_depth", 3)),
+    "read_file":         lambda a: read_file(a["path"], offset=a.get("offset", 0), limit=a.get("limit", 0), line_numbers=a.get("line_numbers", True)),
+    "write_file":        lambda a: write_file(a["path"], a.get("content", "")),
+    "edit_file":         lambda a: edit_file(a["path"], a["old_string"], a["new_string"], replace_all=bool(a.get("replace_all", False))),
+    "grep":              lambda a: grep(a["pattern"], path=a.get("path", "."), glob=a.get("glob"), max_results=a.get("max_results", 50), case_insensitive=bool(a.get("case_insensitive", False)), context_lines=a.get("context_lines", 0)),
+    "search_files":      lambda a: search_files(a["query"], a.get("path", "."), a.get("max_results", 20)),
+    "inspect_html":      lambda a: inspect_html(a["path"]),
+    "preview_url":       lambda a: preview_url(a.get("path", "index.html")),
+    # planning
+    "todo_read":         lambda a: todo_read(),
+    "todo_write":        lambda a: todo_write(a.get("todos") or []),
+    # documents
+    "create_docx":       lambda a: create_docx(a.get("title", ""), a.get("body", ""), a.get("filename", "document.docx")),
+    "create_xlsx":       _h_create_xlsx,
+    "create_pptx":       _h_create_pptx,
+    "create_pdf":        lambda a: create_pdf(a.get("title", ""), a.get("body", ""), a.get("filename", "document.pdf")),
+    "create_web_project": lambda a: create_web_project(a.get("path", ""), a.get("framework", "react"), a.get("template", "vite")),
+    # local filesystem
+    "local_list":        lambda a: local_list(a["path"]),
+    "local_read":        lambda a: local_read(a["path"]),
+    "local_write":       lambda a: local_write(a["path"], a.get("content", "")),
+    "read_document":     lambda a: read_document(a["path"]),
+    "network_status":    lambda a: network_status(),
+    # computer use
+    "computer_screenshot": lambda a: computer_screenshot(),
+    "computer_open_app": lambda a: computer_open_app(a.get("app", "Google Chrome")),
+    "computer_open_url": lambda a: computer_open_url(a["url"], a.get("app", "Google Chrome")),
+    "computer_click":    lambda a: computer_click(a.get("x", 0), a.get("y", 0), a.get("button", "left"), a.get("double", False)),
+    "computer_type":     lambda a: computer_type(a["text"], a.get("interval", 0.04)),
+    "computer_key":      lambda a: computer_key(a["key"]),
+    "computer_scroll":   lambda a: computer_scroll(a.get("x", 0), a.get("y", 0), a.get("direction", "down"), a.get("clicks", 3)),
+    "computer_move":     lambda a: computer_move(a.get("x", 0), a.get("y", 0)),
+    "computer_drag":     lambda a: computer_drag(a.get("x1", 0), a.get("y1", 0), a.get("x2", 0), a.get("y2", 0)),
+    "computer_status":   lambda a: computer_status(),
+    "chrome_status":     lambda a: desktop_bridge_status(),
+    "computer_use_status": lambda a: desktop_bridge_status(),
+    # knowledge / obsidian
+    "knowledge_save":    lambda a: knowledge_save(a["content"], a.get("folder", "00_Raw"), a.get("title")),
+    "knowledge_search":  lambda a: knowledge_search(a["query"], a.get("max_results", 5)),
+    "knowledge_tree":    lambda a: knowledge_tree(),
+    "obsidian_save":     lambda a: obsidian_save(a["content"], a.get("folder", "00_Raw"), a.get("title")),
+    "obsidian_search":   lambda a: obsidian_search(a["query"], a.get("max_results", 5)),
+    "obsidian_tree":     lambda a: obsidian_tree(),
+    # git (read-only)
+    "git_status":        lambda a: git_status(a.get("cwd")),
+    "git_diff":          lambda a: git_diff(a.get("path"), a.get("cwd")),
+    "git_log":           lambda a: git_log(a.get("max_count", 5), a.get("cwd")),
+    "git_show":          lambda a: git_show(a.get("revision", "HEAD"), a.get("cwd")),
+    # exec
+    "run_command":       lambda a: run_command(a["command"], a.get("cwd")),
+    "build_project":     lambda a: build_project(a.get("cwd"), a.get("script", "build")),
+    "deploy_project":    lambda a: deploy_project(a.get("cwd"), a.get("script", "deploy")),
+}
+
+
+DEFAULT_TOOL_REGISTRY = ToolRegistry(TOOL_HANDLERS)
+
+
+def registered_tools() -> frozenset:
+    """Names dispatchable through ``execute_tool`` — the seam other modules verify against."""
+    return DEFAULT_TOOL_REGISTRY.registered_tools()
+
+
+def execute_tool(action: str, args: Dict[str, Any]) -> Dict[str, Any]:
+    return DEFAULT_TOOL_REGISTRY.execute(action, args, error_cls=ToolError)
+
+
+__all__ = [
+    "AGENT_ROOT", "ToolError", "ensure_agent_root",
+    "list_dir", "workspace_tree", "read_file", "write_file", "edit_file", "grep",
+    "search_files", "inspect_html", "preview_url", "create_web_project",
+    "todo_read", "todo_write",
+    "create_docx", "create_xlsx", "create_pptx", "create_pdf", "read_document",
+    "local_list", "local_read", "local_write", "desktop_bridge_status",
+    "knowledge_save", "knowledge_search", "knowledge_tree",
+    "obsidian_save", "obsidian_search", "obsidian_tree",
+    "network_status",
+    "computer_screenshot", "computer_open_app", "computer_open_url",
+    "computer_click", "computer_type", "computer_key", "computer_scroll",
+    "computer_move", "computer_drag", "computer_status",
+    "run_command", "build_project", "deploy_project",
+    "git_status", "git_diff", "git_log", "git_show",
+    "TOOL_HANDLERS", "DEFAULT_TOOL_REGISTRY", "registered_tools", "execute_tool",
+    "BRAIN_DIR", "STRUCTURE",
+]

package/tools/commands.py

@@ -0,0 +1,188 @@
+"""Command/build/deploy and read-only git tools (no shell, allow-listed)."""
+
+from __future__ import annotations
+
+import os
+import shlex
+import subprocess
+from pathlib import Path
+from typing import Any, Dict, Optional
+
+import tools
+from tools import (
+    ToolError,
+    ensure_agent_root,
+    _resolve_path,
+    _relative,
+    ALLOWED_COMMANDS,
+    BLOCKED_COMMANDS,
+    BUILD_SCRIPT_NAMES,
+    DEPLOY_SCRIPT_NAMES,
+    ALLOWED_GIT_SUBCOMMANDS,
+    MAX_COMMAND_SECONDS,
+    MAX_BUILD_SECONDS,
+    MAX_DEPLOY_SECONDS,
+    MAX_COMMAND_OUTPUT,
+)
+
+
+def run_command(command: str, cwd: Optional[str] = None) -> Dict[str, Any]:
+    ensure_agent_root()
+    parts = shlex.split(command)
+    if not parts:
+        raise ToolError("Command is empty.")
+
+    executable = Path(parts[0]).name
+    if executable in BLOCKED_COMMANDS or executable not in ALLOWED_COMMANDS:
+        raise ToolError(f"Command is not allowed: {executable}")
+    if executable == "git":
+        raise ToolError("Use the read-only git_status, git_diff, git_log, or git_show tools.")
+    if any(token in command for token in ["|", "&&", "||", ";", ">", "<", "$(", "`"]):
+        raise ToolError("Shell operators are not allowed.")
+    if executable == "find":
+        blocked = [f for f in parts[1:] if f in _BLOCKED_FIND_FLAGS]
+        if blocked:
+            raise ToolError(f"find flags are not allowed: {', '.join(blocked)}")
+    abs_args = [a for a in parts[1:] if a.startswith("/") and a not in ("/dev/null",)]
+    if abs_args:
+        raise ToolError(f"Absolute paths in command arguments are not allowed: {abs_args[0]}")
+
+    workdir = _resolve_path(cwd or ".")
+    if not workdir.exists() or not workdir.is_dir():
+        raise ToolError("Working directory does not exist.")
+
+    try:
+        completed = subprocess.run(
+            parts,
+            cwd=workdir,
+            capture_output=True,
+            text=True,
+            timeout=MAX_COMMAND_SECONDS,
+            check=False,
+        )
+    except subprocess.TimeoutExpired:
+        raise ToolError(f"Command timed out after {MAX_COMMAND_SECONDS} seconds.")
+
+    stdout = completed.stdout[-MAX_COMMAND_OUTPUT:]
+    stderr = completed.stderr[-MAX_COMMAND_OUTPUT:]
+    return {
+        "command": command,
+        "cwd": _relative(workdir) if workdir != tools.AGENT_ROOT else ".",
+        "returncode": completed.returncode,
+        "stdout": stdout,
+        "stderr": stderr,
+    }
+
+
+def _load_package_scripts(workdir: Path) -> Dict[str, str]:
+    package_json = workdir / "package.json"
+    if not package_json.exists():
+        return {}
+    try:
+        import json
+        data = json.loads(package_json.read_text(encoding="utf-8"))
+    except Exception as exc:
+        raise ToolError(f"Could not parse package.json: {exc}") from exc
+    scripts = data.get("scripts") or {}
+    if not isinstance(scripts, dict):
+        return {}
+    return {str(key): str(value) for key, value in scripts.items()}
+
+
+def _run_script(script: str, cwd: Optional[str], allowed: set[str], timeout: int) -> Dict[str, Any]:
+    ensure_agent_root()
+    if script not in allowed:
+        raise ToolError(f"Script is not allowed here: {script}")
+    workdir = _resolve_path(cwd or ".")
+    if not workdir.exists() or not workdir.is_dir():
+        raise ToolError("Working directory does not exist.")
+
+    scripts = _load_package_scripts(workdir)
+    if script not in scripts:
+        raise ToolError(f"package.json does not define a '{script}' script.")
+
+    try:
+        completed = subprocess.run(
+            ["npm", "run", script],
+            cwd=workdir,
+            capture_output=True,
+            text=True,
+            timeout=timeout,
+            check=False,
+        )
+    except subprocess.TimeoutExpired:
+        raise ToolError(f"npm run {script} timed out after {timeout} seconds.")
+
+    return {
+        "command": f"npm run {script}",
+        "cwd": _relative(workdir) if workdir != tools.AGENT_ROOT else ".",
+        "script_body": scripts[script],
+        "returncode": completed.returncode,
+        "stdout": completed.stdout[-MAX_COMMAND_OUTPUT:],
+        "stderr": completed.stderr[-MAX_COMMAND_OUTPUT:],
+    }
+
+
+def build_project(cwd: Optional[str] = None, script: str = "build") -> Dict[str, Any]:
+    return _run_script(script, cwd, BUILD_SCRIPT_NAMES, MAX_BUILD_SECONDS)
+
+
+def deploy_project(cwd: Optional[str] = None, script: str = "deploy") -> Dict[str, Any]:
+    return _run_script(script, cwd, DEPLOY_SCRIPT_NAMES, MAX_DEPLOY_SECONDS)
+
+
+def _run_git(args: List[str], cwd: Optional[str] = None) -> Dict[str, Any]:
+    if not args:
+        raise ToolError("Git subcommand is required.")
+    subcommand = args[0]
+    if subcommand not in ALLOWED_GIT_SUBCOMMANDS:
+        raise ToolError(f"Git subcommand is not allowed: {subcommand}")
+    if any(arg.startswith(("git@", "http://", "https://", "ssh://")) for arg in args):
+        raise ToolError("Remote git targets are not allowed.")
+
+    workdir = _resolve_path(cwd or ".")
+    if not workdir.exists() or not workdir.is_dir():
+        raise ToolError("Working directory does not exist.")
+
+    try:
+        completed = subprocess.run(
+            ["git", *args],
+            cwd=workdir,
+            capture_output=True,
+            text=True,
+            timeout=MAX_COMMAND_SECONDS,
+            check=False,
+        )
+    except subprocess.TimeoutExpired:
+        raise ToolError(f"Git command timed out after {MAX_COMMAND_SECONDS} seconds.")
+
+    return {
+        "command": "git " + " ".join(args),
+        "cwd": _relative(workdir) if workdir != tools.AGENT_ROOT else ".",
+        "returncode": completed.returncode,
+        "stdout": completed.stdout[-MAX_COMMAND_OUTPUT:],
+        "stderr": completed.stderr[-MAX_COMMAND_OUTPUT:],
+    }
+
+
+def git_status(cwd: Optional[str] = None) -> Dict[str, Any]:
+    return _run_git(["status", "--short"], cwd)
+
+
+def git_diff(path: Optional[str] = None, cwd: Optional[str] = None) -> Dict[str, Any]:
+    args = ["diff", "--"]
+    if path:
+        target = _resolve_path(path)
+        args.append(_relative(target))
+    return _run_git(args, cwd)
+
+
+def git_log(max_count: int = 5, cwd: Optional[str] = None) -> Dict[str, Any]:
+    max_count = max(1, min(int(max_count), 20))
+    return _run_git(["log", f"--max-count={max_count}", "--oneline", "--decorate"], cwd)
+
+
+def git_show(revision: str = "HEAD", cwd: Optional[str] = None) -> Dict[str, Any]:
+    if revision.startswith("-") or any(token in revision for token in ["..", ":", "/", "\\"]):
+        raise ToolError("Revision is not allowed.")
+    return _run_git(["show", "--stat", "--oneline", "--decorate", revision], cwd)