orch-code 0.1.1

package/internal/tools/command_test.go

@@ -0,0 +1,56 @@
+package tools
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestRunCommandBlocksRiskyCommandWithoutApproval(t *testing.T) {
+	tool := NewRunCommandTool(t.TempDir())
+
+	result, err := tool.Execute(map[string]string{"command": "rm -rf /tmp/orch-test"})
+	if err != nil {
+		t.Fatalf("unexpected execute error: %v", err)
+	}
+	if result.Success {
+		t.Fatalf("expected risky command to be blocked")
+	}
+	if result.ErrorCode != ErrCodePolicyBlocked {
+		t.Fatalf("unexpected error code: %s", result.ErrorCode)
+	}
+}
+
+func TestRunCommandTimesOut(t *testing.T) {
+	tool := NewRunCommandTool(t.TempDir())
+
+	result, err := tool.Execute(map[string]string{
+		"command":         "sleep 2",
+		"timeout_seconds": "1",
+	})
+	if err != nil {
+		t.Fatalf("unexpected execute error: %v", err)
+	}
+	if result.Success {
+		t.Fatalf("expected timeout failure")
+	}
+	if result.ErrorCode != ErrCodeTimeout {
+		t.Fatalf("unexpected timeout code: %s", result.ErrorCode)
+	}
+}
+
+func TestRunCommandTruncatesLargeOutputToFile(t *testing.T) {
+	tool := NewRunCommandTool(t.TempDir())
+
+	result, err := tool.Execute(map[string]string{
+		"command": "seq 1 25000",
+	})
+	if err != nil {
+		t.Fatalf("unexpected execute error: %v", err)
+	}
+	if !result.Success {
+		t.Fatalf("expected command success, got error: %s", result.Error)
+	}
+	if result.Metadata == nil || strings.TrimSpace(result.Metadata["output_file"]) == "" {
+		t.Fatalf("expected truncated output metadata with output_file")
+	}
+}

package/internal/tools/file.go

@@ -0,0 +1,111 @@
+package tools
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/furkanbeydemir/orch/internal/models"
+)
+
+type ReadFileTool struct {
+	repoRoot string
+}
+
+func NewReadFileTool(repoRoot string) *ReadFileTool {
+	return &ReadFileTool{repoRoot: repoRoot}
+}
+
+func (t *ReadFileTool) Name() string { return "read_file" }
+
+func (t *ReadFileTool) Description() string { return "Reads contents of the specified file" }
+
+func (t *ReadFileTool) Execute(params map[string]string) (*models.ToolResult, error) {
+	path, ok := params["path"]
+	if !ok {
+		return Failure("read_file", ErrCodeInvalidParams, "read_file: 'path' parameter is required", ""), nil
+	}
+
+	fullPath := filepath.Join(t.repoRoot, path)
+	data, err := os.ReadFile(fullPath)
+	if err != nil {
+		return Failure("read_file", ErrCodeExecution, err.Error(), ""), nil
+	}
+
+	return Success("read_file", string(data)), nil
+}
+
+type WriteFileTool struct {
+	repoRoot string
+}
+
+func NewWriteFileTool(repoRoot string) *WriteFileTool {
+	return &WriteFileTool{repoRoot: repoRoot}
+}
+
+func (t *WriteFileTool) Name() string { return "write_file" }
+
+func (t *WriteFileTool) Description() string { return "Writes content to the specified file" }
+
+func (t *WriteFileTool) Execute(params map[string]string) (*models.ToolResult, error) {
+	path, ok := params["path"]
+	if !ok {
+		return Failure("write_file", ErrCodeInvalidParams, "write_file: 'path' parameter is required", ""), nil
+	}
+
+	content, ok := params["content"]
+	if !ok {
+		return Failure("write_file", ErrCodeInvalidParams, "write_file: 'content' parameter is required", ""), nil
+	}
+
+	fullPath := filepath.Join(t.repoRoot, path)
+
+	dir := filepath.Dir(fullPath)
+	if err := os.MkdirAll(dir, 0o755); err != nil {
+		return Failure("write_file", ErrCodeExecution, err.Error(), ""), nil
+	}
+
+	if err := os.WriteFile(fullPath, []byte(content), 0o644); err != nil {
+		return Failure("write_file", ErrCodeExecution, err.Error(), ""), nil
+	}
+
+	return Success("write_file", fmt.Sprintf("File written: %s", path)), nil
+}
+
+type ListFilesTool struct {
+	repoRoot string
+}
+
+func NewListFilesTool(repoRoot string) *ListFilesTool {
+	return &ListFilesTool{repoRoot: repoRoot}
+}
+
+func (t *ListFilesTool) Name() string { return "list_files" }
+
+func (t *ListFilesTool) Description() string { return "Lists files in the specified directory" }
+
+// Params: "path" optional directory path (default: ".").
+func (t *ListFilesTool) Execute(params map[string]string) (*models.ToolResult, error) {
+	path := params["path"]
+	if path == "" {
+		path = "."
+	}
+
+	fullPath := filepath.Join(t.repoRoot, path)
+	entries, err := os.ReadDir(fullPath)
+	if err != nil {
+		return Failure("list_files", ErrCodeExecution, err.Error(), ""), nil
+	}
+
+	var files []string
+	for _, entry := range entries {
+		prefix := "F"
+		if entry.IsDir() {
+			prefix = "D"
+		}
+		files = append(files, fmt.Sprintf("[%s] %s", prefix, entry.Name()))
+	}
+
+	return Success("list_files", strings.Join(files, "\n")), nil
+}

package/internal/tools/git.go

@@ -0,0 +1,77 @@
+// - ApplyPatch: patch application
+package tools
+
+import (
+	"os/exec"
+	"strings"
+
+	"github.com/furkanbeydemir/orch/internal/models"
+)
+
+type GitDiffTool struct {
+	repoRoot string
+}
+
+func NewGitDiffTool(repoRoot string) *GitDiffTool {
+	return &GitDiffTool{repoRoot: repoRoot}
+}
+
+func (t *GitDiffTool) Name() string { return "git_diff" }
+
+func (t *GitDiffTool) Description() string { return "Produces git diff output" }
+
+func (t *GitDiffTool) Execute(params map[string]string) (*models.ToolResult, error) {
+	args := []string{"diff"}
+	if path, ok := params["path"]; ok && path != "" {
+		args = append(args, "--", path)
+	}
+
+	cmd := exec.Command("git", args...)
+	cmd.Dir = t.repoRoot
+
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		return Failure("git_diff", ErrCodeExecution, err.Error(), string(output)), nil
+	}
+
+	return Success("git_diff", string(output)), nil
+}
+
+type ApplyPatchTool struct {
+	repoRoot string
+}
+
+func NewApplyPatchTool(repoRoot string) *ApplyPatchTool {
+	return &ApplyPatchTool{repoRoot: repoRoot}
+}
+
+func (t *ApplyPatchTool) Name() string { return "apply_patch" }
+
+func (t *ApplyPatchTool) Description() string { return "Applies a patch with git" }
+
+// Execute applies a patch using git apply.
+func (t *ApplyPatchTool) Execute(params map[string]string) (*models.ToolResult, error) {
+	patchContent, ok := params["patch"]
+	if !ok {
+		return Failure("apply_patch", ErrCodeInvalidParams, "apply_patch: 'patch' parameter is required", ""), nil
+	}
+
+	args := []string{"apply"}
+
+	if dryRun, exists := params["dry_run"]; exists && dryRun == "true" {
+		args = append(args, "--check")
+	}
+
+	args = append(args, "-")
+
+	cmd := exec.Command("git", args...)
+	cmd.Dir = t.repoRoot
+	cmd.Stdin = strings.NewReader(patchContent)
+
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		return Failure("apply_patch", ErrCodeExecution, err.Error(), string(output)), nil
+	}
+
+	return Success("apply_patch", "Patch applied successfully"), nil
+}

package/internal/tools/invalid_params_test.go

@@ -0,0 +1,36 @@
+package tools
+
+import "testing"
+
+func TestToolsReturnInvalidParamsContract(t *testing.T) {
+	repoRoot := t.TempDir()
+
+	tests := []struct {
+		name string
+		tool Tool
+	}{
+		{name: "read_file", tool: NewReadFileTool(repoRoot)},
+		{name: "write_file", tool: NewWriteFileTool(repoRoot)},
+		{name: "search_code", tool: NewSearchCodeTool(repoRoot)},
+		{name: "run_command", tool: NewRunCommandTool(repoRoot)},
+		{name: "apply_patch", tool: NewApplyPatchTool(repoRoot)},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			result, err := tc.tool.Execute(map[string]string{})
+			if err != nil {
+				t.Fatalf("unexpected execute error: %v", err)
+			}
+			if result == nil {
+				t.Fatalf("expected tool result")
+			}
+			if result.Success {
+				t.Fatalf("expected failure result for invalid params")
+			}
+			if result.ErrorCode != ErrCodeInvalidParams {
+				t.Fatalf("unexpected error code: %s", result.ErrorCode)
+			}
+		})
+	}
+}

package/internal/tools/policy.go

@@ -0,0 +1,98 @@
+package tools
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/furkanbeydemir/orch/internal/models"
+)
+
+const (
+	ModeRun  = "run"
+	ModePlan = "plan"
+)
+
+type Policy struct {
+	Mode                       string
+	RequireDestructiveApproval bool
+}
+
+type policyDecision struct {
+	allowed bool
+	reason  string
+}
+
+func (p Policy) Decide(toolName string, params map[string]string) policyDecision {
+	if p.Mode == "" {
+		p.Mode = ModeRun
+	}
+
+	if p.Mode == ModePlan {
+		switch toolName {
+		case "write_file", "apply_patch", "run_command":
+			return policyDecision{
+				allowed: false,
+				reason:  fmt.Sprintf("%s blocked in plan mode (read-only)", toolName),
+			}
+		}
+	}
+
+	if p.RequireDestructiveApproval && isDestructiveTool(toolName) {
+		if strings.TrimSpace(params["approved"]) != "true" {
+			return policyDecision{
+				allowed: false,
+				reason:  fmt.Sprintf("%s requires explicit approval (set approved=true)", toolName),
+			}
+		}
+	}
+
+	return policyDecision{allowed: true}
+}
+
+func isDestructiveTool(toolName string) bool {
+	switch toolName {
+	case "write_file", "apply_patch", "run_command":
+		return true
+	default:
+		return false
+	}
+}
+
+type guardedTool struct {
+	inner  Tool
+	policy Policy
+	logf   func(string)
+}
+
+func (t *guardedTool) Name() string {
+	return t.inner.Name()
+}
+
+func (t *guardedTool) Description() string {
+	return t.inner.Description()
+}
+
+func (t *guardedTool) Execute(params map[string]string) (*models.ToolResult, error) {
+	decision := t.policy.Decide(t.inner.Name(), params)
+	t.logDecision(t.inner.Name(), decision)
+	if !decision.allowed {
+		return Failure(t.inner.Name(), ErrCodePolicyBlocked, decision.reason, ""), nil
+	}
+
+	return t.inner.Execute(params)
+}
+
+func (t *guardedTool) logDecision(toolName string, decision policyDecision) {
+	if t.logf == nil {
+		return
+	}
+	result := "allow"
+	if !decision.allowed {
+		result = "deny"
+	}
+	message := fmt.Sprintf("policy decision tool=%s mode=%s result=%s", toolName, t.policy.Mode, result)
+	if decision.reason != "" {
+		message = fmt.Sprintf("%s reason=%s", message, decision.reason)
+	}
+	t.logf(message)
+}

package/internal/tools/policy_test.go

@@ -0,0 +1,36 @@
+package tools
+
+import "testing"
+
+func TestPolicyPlanModeBlocksDestructiveTools(t *testing.T) {
+	policy := Policy{Mode: ModePlan}
+
+	decision := policy.Decide("write_file", map[string]string{"path": "a.txt"})
+	if decision.allowed {
+		t.Fatalf("expected write_file to be blocked in plan mode")
+	}
+
+	decision = policy.Decide("apply_patch", map[string]string{"patch": "diff --git a/a b/a"})
+	if decision.allowed {
+		t.Fatalf("expected apply_patch to be blocked in plan mode")
+	}
+
+	decision = policy.Decide("run_command", map[string]string{"command": "rm -rf /tmp/x"})
+	if decision.allowed {
+		t.Fatalf("expected run_command to be blocked in plan mode")
+	}
+}
+
+func TestPolicyRequiresApprovalForDestructiveTools(t *testing.T) {
+	policy := Policy{Mode: ModeRun, RequireDestructiveApproval: true}
+
+	decision := policy.Decide("write_file", map[string]string{"path": "a.txt"})
+	if decision.allowed {
+		t.Fatalf("expected write_file to require approval")
+	}
+
+	decision = policy.Decide("write_file", map[string]string{"path": "a.txt", "approved": "true"})
+	if !decision.allowed {
+		t.Fatalf("expected write_file to be allowed with approval")
+	}
+}

package/internal/tools/registry_test.go

@@ -0,0 +1,52 @@
+package tools
+
+import (
+	"errors"
+	"testing"
+
+	"github.com/furkanbeydemir/orch/internal/models"
+)
+
+func TestRegistryExecuteReturnsStructuredNotFound(t *testing.T) {
+	reg := NewRegistry()
+
+	result, err := reg.Execute("missing_tool", map[string]string{})
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if result == nil {
+		t.Fatalf("expected result")
+	}
+	if result.Success {
+		t.Fatalf("expected failure result")
+	}
+	if result.ErrorCode != ErrCodeToolNotFound {
+		t.Fatalf("unexpected error code: %s", result.ErrorCode)
+	}
+}
+
+func TestRegistryExecuteWrapsToolErrors(t *testing.T) {
+	reg := NewRegistry()
+	reg.Register(&failingTool{})
+
+	result, err := reg.Execute("failing_tool", map[string]string{})
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	if result.Success {
+		t.Fatalf("expected failure result")
+	}
+	if result.ErrorCode != ErrCodeExecution {
+		t.Fatalf("unexpected error code: %s", result.ErrorCode)
+	}
+}
+
+type failingTool struct{}
+
+func (f *failingTool) Name() string { return "failing_tool" }
+
+func (f *failingTool) Description() string { return "fails intentionally" }
+
+func (f *failingTool) Execute(params map[string]string) (*models.ToolResult, error) {
+	return nil, errors.New("boom")
+}

package/internal/tools/result.go

@@ -0,0 +1,30 @@
+package tools
+
+import "github.com/furkanbeydemir/orch/internal/models"
+
+const (
+	ErrCodeInvalidParams = "invalid_params"
+	ErrCodeExecution     = "execution_error"
+	ErrCodePolicyBlocked = "policy_blocked"
+	ErrCodeTimeout       = "timeout"
+	ErrCodeOutputTrunc   = "output_truncated"
+	ErrCodeToolNotFound  = "tool_not_found"
+)
+
+func Success(toolName, output string) *models.ToolResult {
+	return &models.ToolResult{
+		ToolName: toolName,
+		Success:  true,
+		Output:   output,
+	}
+}
+
+func Failure(toolName, code, message, output string) *models.ToolResult {
+	return &models.ToolResult{
+		ToolName:  toolName,
+		Success:   false,
+		Output:    output,
+		Error:     message,
+		ErrorCode: code,
+	}
+}

package/internal/tools/search.go

@@ -0,0 +1,86 @@
+package tools
+
+import (
+	"bufio"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/furkanbeydemir/orch/internal/models"
+)
+
+type SearchCodeTool struct {
+	repoRoot string
+}
+
+func NewSearchCodeTool(repoRoot string) *SearchCodeTool {
+	return &SearchCodeTool{repoRoot: repoRoot}
+}
+
+func (t *SearchCodeTool) Name() string { return "search_code" }
+
+func (t *SearchCodeTool) Description() string {
+	return "Searches text/patterns in repository"
+}
+
+// Execute searches text in repository files.
+// Params: "query" text to search, "path" optional search root.
+func (t *SearchCodeTool) Execute(params map[string]string) (*models.ToolResult, error) {
+	query, ok := params["query"]
+	if !ok {
+		return Failure("search_code", ErrCodeInvalidParams, "search_code: 'query' parameter is required", ""), nil
+	}
+
+	searchPath := params["path"]
+	if searchPath == "" {
+		searchPath = "."
+	}
+
+	fullPath := filepath.Join(t.repoRoot, searchPath)
+	var results []string
+
+	err := filepath.Walk(fullPath, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return nil
+		}
+
+		if info.IsDir() {
+			name := info.Name()
+			if strings.HasPrefix(name, ".") || name == "node_modules" || name == "vendor" {
+				return filepath.SkipDir
+			}
+			return nil
+		}
+
+		file, err := os.Open(path)
+		if err != nil {
+			return nil
+		}
+		defer file.Close()
+
+		relPath, _ := filepath.Rel(t.repoRoot, path)
+		ext := strings.ToLower(filepath.Ext(path))
+		if ext == ".png" || ext == ".jpg" || ext == ".jpeg" || ext == ".gif" || ext == ".pdf" || ext == ".zip" {
+			return nil
+		}
+		scanner := bufio.NewScanner(file)
+		lineNum := 0
+
+		for scanner.Scan() {
+			lineNum++
+			line := scanner.Text()
+			if strings.Contains(strings.ToLower(line), strings.ToLower(query)) {
+				results = append(results, fmt.Sprintf("%s:%d: %s", relPath, lineNum, strings.TrimSpace(line)))
+			}
+		}
+
+		return nil
+	})
+
+	if err != nil {
+		return Failure("search_code", ErrCodeExecution, err.Error(), ""), nil
+	}
+
+	return Success("search_code", strings.Join(results, "\n")), nil
+}

package/internal/tools/tool.go

@@ -0,0 +1,94 @@
+// - ReadFile: file reading
+// - WriteFile: file writing
+// - ListFiles: file listing
+// - SearchCode: code search
+// - ApplyPatch: patch application
+package tools
+
+import (
+	"fmt"
+
+	"github.com/furkanbeydemir/orch/internal/models"
+)
+
+type Tool interface {
+	Name() string
+
+	Description() string
+
+	Execute(params map[string]string) (*models.ToolResult, error)
+}
+
+type Registry struct {
+	tools map[string]Tool
+}
+
+func NewRegistry() *Registry {
+	return &Registry{
+		tools: make(map[string]Tool),
+	}
+}
+
+func (r *Registry) Register(tool Tool) {
+	r.tools[tool.Name()] = tool
+}
+
+func (r *Registry) Get(name string) (Tool, error) {
+	tool, ok := r.tools[name]
+	if !ok {
+		return nil, fmt.Errorf("tool not found: %s", name)
+	}
+	return tool, nil
+}
+
+func (r *Registry) Execute(name string, params map[string]string) (*models.ToolResult, error) {
+	tool, ok := r.tools[name]
+	if !ok {
+		return Failure(name, ErrCodeToolNotFound, fmt.Sprintf("tool not found: %s", name), ""), nil
+	}
+
+	result, err := tool.Execute(params)
+	if err != nil {
+		return Failure(name, ErrCodeExecution, err.Error(), ""), nil
+	}
+
+	if result == nil {
+		return Failure(name, ErrCodeExecution, "tool returned nil result", ""), nil
+	}
+
+	return result, nil
+}
+
+func (r *Registry) List() []string {
+	names := make([]string, 0, len(r.tools))
+	for name := range r.tools {
+		names = append(names, name)
+	}
+	return names
+}
+
+func DefaultRegistry(repoRoot string) *Registry {
+	return DefaultRegistryWithPolicy(repoRoot, Policy{Mode: ModeRun}, nil)
+}
+
+func DefaultRegistryWithPolicy(repoRoot string, policy Policy, logf func(string)) *Registry {
+	reg := NewRegistry()
+
+	reg.Register(wrapWithPolicy(NewReadFileTool(repoRoot), policy, logf))
+	reg.Register(wrapWithPolicy(NewWriteFileTool(repoRoot), policy, logf))
+	reg.Register(wrapWithPolicy(NewListFilesTool(repoRoot), policy, logf))
+
+	reg.Register(wrapWithPolicy(NewSearchCodeTool(repoRoot), policy, logf))
+
+	reg.Register(wrapWithPolicy(NewRunCommandTool(repoRoot), policy, logf))
+	reg.Register(wrapWithPolicy(NewRunTestsTool(repoRoot), policy, logf))
+
+	reg.Register(wrapWithPolicy(NewGitDiffTool(repoRoot), policy, logf))
+	reg.Register(wrapWithPolicy(NewApplyPatchTool(repoRoot), policy, logf))
+
+	return reg
+}
+
+func wrapWithPolicy(tool Tool, policy Policy, logf func(string)) Tool {
+	return &guardedTool{inner: tool, policy: policy, logf: logf}
+}

package/main.go

@@ -0,0 +1,9 @@
+package main
+
+import (
+	"github.com/furkanbeydemir/orch/cmd"
+)
+
+func main() {
+	cmd.Execute()
+}