salmon-loop 0.3.2 → 0.5.0

package/dist/core/tools/permissions/permission-rules.js

@@ -1,7 +1,9 @@
 import { text } from '../../../locales/index.js';
+import { getLogger } from '../../observability/logger.js';
 import { normalizeDiff, validateDiff } from '../../patch/diff.js';
 import { ArtifactStore } from '../../sub-agent/artifacts/store.js';
 import { normalizeRepoRelativePath } from '../../utils/path.js';
+import { isRecord } from '../../utils/serialize.js';
 const DEFAULT_TOOL_ALIASES = {
     bash: 'Bash',
     read: 'Read',
@@ -218,57 +220,66 @@ function compilePathMatcher(specifier) {
         matches: (repoRelativePath) => re.test(normalizeRepoRelativePath(repoRelativePath)),
     };
 }
+const TOOL_CATEGORY = {
+    Bash: 'bash',
+    bash: 'bash',
+    'shell.exec': 'bash',
+    'test.run': 'bash',
+    Edit: 'edit',
+    edit: 'edit',
+    'proposal.apply': 'edit',
+    Read: 'path',
+    read: 'path',
+    LS: 'path',
+    ls: 'path',
+    'fs.read': 'path',
+    'code.read': 'path',
+    'git.cat': 'path',
+    'fs.list': 'path',
+    'fs.list_directory': 'path',
+    'fs.list_files': 'path',
+    'artifact.read': 'path',
+};
+function resolveToolCategory(tool) {
+    if (TOOL_CATEGORY[tool])
+        return TOOL_CATEGORY[tool];
+    if (isAliasToolName(tool)) {
+        const alias = DEFAULT_TOOL_ALIASES[tool.toLowerCase()];
+        return TOOL_CATEGORY[alias];
+    }
+    return undefined;
+}
 function compileRule(effect, parsed) {
-    const tool = parsed.tool;
-    const specifier = parsed.specifier;
-    const asAlias = typeof tool === 'string' && isAliasToolName(tool) ? tool : null;
-    const shouldTreatAsBash = tool === 'Bash' ||
-        tool === 'bash' ||
-        tool === 'shell.exec' ||
-        tool === 'test.run' ||
-        asAlias === 'Bash';
-    const shouldTreatAsEdit = tool === 'Edit' || tool === 'edit' || tool === 'proposal.apply' || asAlias === 'Edit';
-    const shouldTreatAsPath = tool === 'Read' ||
-        tool === 'read' ||
-        tool === 'LS' ||
-        tool === 'ls' ||
-        tool === 'fs.read' ||
-        tool === 'code.read' ||
-        tool === 'git.cat' ||
-        tool === 'fs.list' ||
-        tool === 'fs.list_directory' ||
-        tool === 'fs.list_files' ||
-        tool === 'artifact.read' ||
-        asAlias === 'Read' ||
-        asAlias === 'LS';
-    if (shouldTreatAsBash) {
+    const { tool, raw, specifier } = parsed;
+    const category = resolveToolCategory(tool);
+    if (category === 'bash') {
         return {
             effect,
             tool,
-            raw: parsed.raw,
+            raw,
             specifier,
             compiled: { kind: 'bash', matcher: compileBashMatcher(specifier) },
         };
     }
-    if (shouldTreatAsEdit) {
+    if (category === 'edit') {
         return {
             effect,
             tool,
-            raw: parsed.raw,
+            raw,
             specifier,
             compiled: { kind: 'edit', matcher: compilePathMatcher(specifier) },
         };
     }
-    if (shouldTreatAsPath) {
+    if (category === 'path') {
         return {
             effect,
             tool,
-            raw: parsed.raw,
+            raw,
             specifier,
             compiled: { kind: 'path', matcher: compilePathMatcher(specifier) },
         };
     }
-    return { effect, tool, raw: parsed.raw, specifier, compiled: { kind: 'tool_any' } };
+    return { effect, tool, raw, specifier, compiled: { kind: 'tool_any' } };
 }
 function buildVisibleToolNamesFromAllow(allowRules) {
     const visible = new Set();
@@ -353,85 +364,42 @@ async function loadProposalChangedFiles(handle) {
         const meta = validateDiff(normalized);
         return meta.changedFiles ?? [];
     }
-    catch {
+    catch (error) {
+        getLogger().warn(`[PermissionRules] Failed to load proposal changed files: ${error instanceof Error ? error.message : String(error)}`);
         return null;
     }
 }
-function matchAllowRule(rule, toolName, args) {
+function matchRule(rule, toolName, args) {
     if (!toolMatchesRuleTool(toolName, rule.tool))
         return false;
-    if (rule.compiled.kind === 'tool_any')
-        return true;
-    if (rule.compiled.kind === 'bash') {
-        const cmd = extractCommandArg(toolName, args);
-        if (!cmd)
-            return false;
-        return rule.compiled.matcher.matches(cmd);
-    }
-    if (rule.compiled.kind === 'path') {
-        const p = extractPrimaryPathArg(toolName, args);
-        if (!p)
-            return false;
-        return rule.compiled.matcher.matches(p);
-    }
-    if (rule.compiled.kind === 'edit') {
-        // Edit allow rules are handled by an async path-aware matcher.
-        return toolName === 'proposal.apply';
+    switch (rule.compiled.kind) {
+        case 'tool_any':
+            return true;
+        case 'bash': {
+            const cmd = extractCommandArg(toolName, args);
+            return cmd ? rule.compiled.matcher.matches(cmd) : false;
+        }
+        case 'path': {
+            const p = extractPrimaryPathArg(toolName, args);
+            return p ? rule.compiled.matcher.matches(p) : false;
+        }
+        case 'edit':
+            // Edit rules require async file-level matching; sync check is a gate.
+            return toolName === 'proposal.apply';
     }
-    return false;
 }
-async function matchAllowEditRule(rule, args) {
+async function matchEditRule(rule, args, filePredicate) {
     if (rule.compiled.kind !== 'edit')
         return false;
-    const matcher = rule.compiled.matcher;
-    if (!args || typeof args !== 'object' || Array.isArray(args))
+    if (!isRecord(args))
         return false;
     const handle = args.handle;
     if (typeof handle !== 'string' || !handle.trim())
         return false;
     const changedFiles = await loadProposalChangedFiles(handle);
-    if (!changedFiles)
-        return false;
-    if (changedFiles.length === 0)
+    if (!changedFiles || changedFiles.length === 0)
         return false;
-    return changedFiles.every((p) => matcher.matches(p));
-}
-async function matchDenyEditRule(rule, args) {
-    if (rule.compiled.kind !== 'edit')
-        return false;
-    const matcher = rule.compiled.matcher;
-    if (!args || typeof args !== 'object' || Array.isArray(args))
-        return false;
-    const handle = args.handle;
-    if (typeof handle !== 'string' || !handle.trim())
-        return false;
-    const changedFiles = await loadProposalChangedFiles(handle);
-    if (!changedFiles)
-        return false;
-    return changedFiles.some((p) => matcher.matches(p));
-}
-function matchDenyRule(rule, toolName, args) {
-    if (!toolMatchesRuleTool(toolName, rule.tool))
-        return false;
-    if (rule.compiled.kind === 'tool_any')
-        return true;
-    if (rule.compiled.kind === 'bash') {
-        const cmd = extractCommandArg(toolName, args);
-        if (!cmd)
-            return false;
-        return rule.compiled.matcher.matches(cmd);
-    }
-    if (rule.compiled.kind === 'path') {
-        const p = extractPrimaryPathArg(toolName, args);
-        if (!p)
-            return false;
-        return rule.compiled.matcher.matches(p);
-    }
-    if (rule.compiled.kind === 'edit') {
-        // Deny edit rules are handled by an async path-aware matcher.
-        return toolName === 'proposal.apply';
-    }
-    return false;
+    return filePredicate(changedFiles, rule.compiled.matcher);
 }
 export async function decidePermissionForToolCall(options) {
     const rules = options.rules;
@@ -442,17 +410,10 @@ export async function decidePermissionForToolCall(options) {
     }
     // Deny rules win.
     for (const rule of rules.deny) {
-        if (rule.compiled.kind === 'edit') {
-            if (options.toolName === 'proposal.apply' && (await matchDenyEditRule(rule, options.args))) {
-                return {
-                    kind: 'deny',
-                    reason: text.tools.permissionRuleDenied(rule.raw),
-                    rule: { effect: 'deny', raw: rule.raw, tool: rule.tool },
-                };
-            }
-            continue;
-        }
-        if (matchDenyRule(rule, options.toolName, options.args)) {
+        const isDeny = rule.compiled.kind === 'edit'
+            ? await matchEditRule(rule, options.args, (files, matcher) => files.some((p) => matcher.matches(p)))
+            : matchRule(rule, options.toolName, options.args);
+        if (isDeny) {
             return {
                 kind: 'deny',
                 reason: text.tools.permissionRuleDenied(rule.raw),
@@ -461,17 +422,10 @@ export async function decidePermissionForToolCall(options) {
         }
     }
     for (const rule of rules.allow) {
-        if (rule.compiled.kind === 'edit') {
-            if (options.toolName === 'proposal.apply' && (await matchAllowEditRule(rule, options.args))) {
-                return {
-                    kind: 'allow',
-                    reason: rule.raw,
-                    rule: { effect: 'allow', raw: rule.raw, tool: rule.tool },
-                };
-            }
-            continue;
-        }
-        if (matchAllowRule(rule, options.toolName, options.args)) {
+        const isAllow = rule.compiled.kind === 'edit'
+            ? await matchEditRule(rule, options.args, (files, matcher) => files.every((p) => matcher.matches(p)))
+            : matchRule(rule, options.toolName, options.args);
+        if (isAllow) {
             return {
                 kind: 'allow',
                 reason: rule.raw,

package/dist/core/tools/plugins/loader.js

@@ -3,6 +3,7 @@ import { pathToFileURL } from 'node:url';
 import { syncFs as fs } from '../../adapters/fs/node-fs.js';
 import { getLogger } from '../../observability/logger.js';
 import { Phase } from '../../types/runtime.js';
+import { errorMessage } from '../../utils/error.js';
 const FORBIDDEN_PHASES = new Set([
     Phase.PLAN,
     Phase.PATCH,
@@ -25,7 +26,7 @@ export async function registerPluginTools(registry, plugins) {
             }
         }
         catch (error) {
-            getLogger().warn(`Plugin ${plugin.id} path ${entryPoint} is not accessible: ${error instanceof Error ? error.message : String(error)}`);
+            getLogger().warn(`Plugin ${plugin.id} path ${entryPoint} is not accessible: ${errorMessage(error)}`);
             continue;
         }
         const moduleUrl = pathToFileURL(entryPoint).href;
@@ -35,7 +36,7 @@ export async function registerPluginTools(registry, plugins) {
             manifest = (mod.default ?? mod);
         }
         catch (error) {
-            getLogger().error(`Failed to import plugin ${plugin.id} from ${entryPoint}: ${error instanceof Error ? error.message : String(error)}`);
+            getLogger().error(`Failed to import plugin ${plugin.id} from ${entryPoint}: ${errorMessage(error)}`);
             continue;
         }
         const registerFn = manifest?.register;
@@ -52,7 +53,7 @@ export async function registerPluginTools(registry, plugins) {
             tools = await registerFn();
         }
         catch (error) {
-            getLogger().error(`Plugin ${pluginId} register() failed: ${error instanceof Error ? error.message : String(error)}`);
+            getLogger().error(`Plugin ${pluginId} register() failed: ${errorMessage(error)}`);
             continue;
         }
         if (!Array.isArray(tools)) {

package/dist/core/tools/router.js

@@ -1,7 +1,12 @@
 import * as crypto from 'crypto';
+import path from 'path';
 import { z } from 'zod';
+import { readFile } from '../adapters/fs/node-fs.js';
+import { AstParser } from '../ast/parser.js';
 import { LIMITS } from '../config/limits.js';
 import { getLogger } from '../observability/logger.js';
+import { isRecord } from '../utils/serialize.js';
+import { unwrapZodSchema } from '../utils/zod.js';
 import { decidePermissionForToolCall } from './permissions/permission-rules.js';
 export class ToolRouter {
     registry;
@@ -14,32 +19,7 @@ export class ToolRouter {
     authorizationMode;
     permissionRules;
     unwrapForHint(schema) {
-        let current = schema;
-        for (let depth = 0; depth < 20; depth++) {
-            const ZodEffects = z.ZodEffects;
-            if (typeof ZodEffects === 'function' && current instanceof ZodEffects) {
-                current = current._def.schema;
-                continue;
-            }
-            if (current instanceof z.ZodPipe) {
-                current = current._def.out;
-                continue;
-            }
-            if (current instanceof z.ZodOptional) {
-                current = current._def.innerType;
-                continue;
-            }
-            if (current instanceof z.ZodNullable) {
-                current = current._def.innerType;
-                continue;
-            }
-            if (current instanceof z.ZodDefault) {
-                current = current._def.innerType;
-                continue;
-            }
-            break;
-        }
-        return current;
+        return unwrapZodSchema(schema);
     }
     buildInputHint(spec) {
         if (!spec.inputSchema)
@@ -115,7 +95,7 @@ export class ToolRouter {
                 const message = hint
                     ? `${inputCheck.message} (${hint})`
                     : inputCheck.message || 'Invalid input';
-                throw { code: 'INVALID_INPUT', message };
+                throw Object.assign(new Error(message), { code: 'INVALID_INPUT' });
             }
             const normalizedArgs = inputCheck.value ?? envelope.args;
             const normalizedEnvelope = normalizedArgs === envelope.args ? envelope : { ...envelope, args: normalizedArgs };
@@ -133,7 +113,7 @@ export class ToolRouter {
                 ctx: normalizedEnvelope.ctx,
             });
             if (permissionDecision.kind === 'deny') {
-                const result = this.createErrorResult(normalizedEnvelope, startedAt, 'denied', 'PERMISSION_RULE_DENY', permissionDecision.reason, {
+                const result = this.createErrorResult(normalizedEnvelope, startedAt, 'denied', 'PERMISSION_RULE_DENY', permissionDecision.reason ?? 'Permission denied', {
                     authorization: {
                         outcome: 'deny',
                         reason: permissionDecision.reason,
@@ -178,7 +158,9 @@ export class ToolRouter {
                         },
                     });
                     // Provide a stable token for challenge-response UIs.
-                    result.error.confirmToken = auth.challenge;
+                    if (isRecord(result.error)) {
+                        result.error.confirmToken = auth.challenge;
+                    }
                     this.audit.onEnd(result);
                     return result;
                 }
@@ -199,7 +181,7 @@ export class ToolRouter {
             // 5. Output Validation & Sanitize: Result validation and sensitive summary
             const sanitized = this.sanitizer.sanitizeOutput(spec, rawOutput);
             if (!sanitized.ok) {
-                throw { code: 'INVALID_OUTPUT', message: sanitized.message };
+                throw Object.assign(new Error(sanitized.message), { code: 'INVALID_OUTPUT' });
             }
             // 6. Return Standard Result (ok)
             const durationMs = Date.now() - startedAt;
@@ -213,6 +195,12 @@ export class ToolRouter {
                 outputSummary: sanitized.summary,
                 durationMs,
             };
+            // Per-edit syntax guard: check for syntax errors after file writes
+            const syntaxWarnings = await checkPostEditSyntax(spec, normalizedEnvelope.args, rawOutput, normalizedEnvelope.ctx);
+            if (syntaxWarnings.length > 0) {
+                result.warnings = syntaxWarnings;
+                result.meta = { ...result.meta, syntaxWarning: true };
+            }
             this.audit.onEnd(result);
             return result;
         }
@@ -222,28 +210,18 @@ export class ToolRouter {
             let errorMeta;
             if (e instanceof Error) {
                 errorMessage = e.message;
-                if ('code' in e && typeof e.code === 'string') {
-                    errorCode = e.code;
-                }
-                if ('interrupt' in e) {
-                    errorMeta = { ...(errorMeta ?? {}), interrupt: e.interrupt };
-                }
-                if ('inputRequired' in e) {
-                    errorMeta = { ...(errorMeta ?? {}), inputRequired: e.inputRequired };
-                }
             }
-            else if (e && typeof e === 'object') {
-                if ('message' in e && typeof e.message === 'string') {
-                    errorMessage = e.message;
+            const errObj = isRecord(e) ? e : null;
+            if (errObj) {
+                if (typeof errObj.message === 'string')
+                    errorMessage = errObj.message;
+                if (typeof errObj.code === 'string')
+                    errorCode = errObj.code;
+                if ('interrupt' in errObj) {
+                    errorMeta = { ...(errorMeta ?? {}), interrupt: errObj.interrupt };
                 }
-                if ('code' in e && typeof e.code === 'string') {
-                    errorCode = e.code;
-                }
-                if ('interrupt' in e) {
-                    errorMeta = { ...(errorMeta ?? {}), interrupt: e.interrupt };
-                }
-                if ('inputRequired' in e) {
-                    errorMeta = { ...(errorMeta ?? {}), inputRequired: e.inputRequired };
+                if ('inputRequired' in errObj) {
+                    errorMeta = { ...(errorMeta ?? {}), inputRequired: errObj.inputRequired };
                 }
             }
             const result = this.createErrorResult(envelope, startedAt, errorCode === 'TIMEOUT' ? 'timeout' : 'error', errorCode, errorMessage, errorMeta);
@@ -291,7 +269,7 @@ export class ToolRouter {
             ctx: normalizedEnvelope.ctx,
         });
         if (permissionDecision.kind === 'deny') {
-            const toolResult = this.createErrorResult(normalizedEnvelope, startedAt, 'denied', 'PERMISSION_RULE_DENY', permissionDecision.reason, {
+            const toolResult = this.createErrorResult(normalizedEnvelope, startedAt, 'denied', 'PERMISSION_RULE_DENY', permissionDecision.reason ?? 'Permission denied', {
                 authorization: {
                     outcome: 'deny',
                     reason: permissionDecision.reason,
@@ -315,7 +293,7 @@ export class ToolRouter {
             source: spec.source,
             phase: normalizedEnvelope.phase,
             riskLevel: spec.riskLevel,
-            sideEffects: (spec.sideEffects || []),
+            sideEffects: spec.sideEffects,
             argsSummary,
             argsHash,
             repoRoot: normalizedEnvelope.ctx.repoRoot,
@@ -333,7 +311,9 @@ export class ToolRouter {
                     source: 'user',
                 },
             });
-            toolResult.error.confirmToken = deferred.challenge;
+            if (isRecord(toolResult.error)) {
+                toolResult.error.confirmToken = deferred.challenge;
+            }
             return {
                 kind: 'pending',
                 message: deferred.message,
@@ -408,7 +388,8 @@ export class ToolRouter {
                 return raw;
             return `${raw.slice(0, maxLength)}...`;
         }
-        catch {
+        catch (error) {
+            getLogger().debug(`[ToolRouter] Failed to summarize args: ${error instanceof Error ? error.message : String(error)}`);
             return '[Unserializable]';
         }
     }
@@ -421,7 +402,8 @@ export class ToolRouter {
             // Truncation to 16 hex was insufficient collision resistance for security use.
             return crypto.createHash('sha256').update(raw).digest('hex');
         }
-        catch {
+        catch (error) {
+            getLogger().debug(`[ToolRouter] Failed to hash args: ${error instanceof Error ? error.message : String(error)}`);
             return undefined;
         }
     }
@@ -450,7 +432,7 @@ export class ToolRouter {
             source: spec.source,
             phase: envelope.phase,
             riskLevel: spec.riskLevel,
-            sideEffects: (spec.sideEffects || []),
+            sideEffects: (spec.sideEffects ?? []),
             argsSummary,
             argsHash,
             repoRoot: envelope.ctx.repoRoot,
@@ -511,7 +493,7 @@ export class ToolRouter {
     }
     async getAuthorizationArgsSummary(envelope, spec) {
         const fallback = this.summarizeArgs(envelope.args);
-        const summarize = spec?.summarizeArgsForAuthorization;
+        const summarize = spec.summarizeArgsForAuthorization;
         if (typeof summarize !== 'function')
             return fallback;
         // Best-effort only. Avoid hanging authorization prompts on slow IO.
@@ -524,9 +506,81 @@ export class ToolRouter {
             ]);
             return typeof result === 'string' && result.trim() ? result : fallback;
         }
-        catch {
+        catch (error) {
+            getLogger().debug(`[ToolRouter] Failed to get authorization args summary: ${error instanceof Error ? error.message : String(error)}`);
             return fallback;
         }
     }
 }
+/**
+ * Per-edit syntax guard: after a file write, parse the file with tree-sitter
+ * and return syntax error warnings. Non-blocking — returns empty array on
+ * any failure (missing grammar, parse error, etc.).
+ */
+async function checkPostEditSyntax(spec, args, rawOutput, ctx) {
+    if (spec.name !== 'fs.write_file' && spec.name !== 'fs.edit_file')
+        return [];
+    if (!isRecord(rawOutput) || typeof rawOutput.path !== 'string')
+        return [];
+    const filePath = rawOutput.path;
+    let content;
+    if (spec.name === 'fs.write_file') {
+        if (!isRecord(args) || typeof args.content !== 'string')
+            return [];
+        content = args.content;
+    }
+    else {
+        // fs.edit_file — read post-edit content from disk
+        try {
+            const absolutePath = path.resolve(ctx.repoRoot, filePath);
+            content = await readFile(absolutePath, 'utf-8');
+        }
+        catch (error) {
+            getLogger().debug(`[ToolRouter] Failed to read file for post-edit syntax check: ${error instanceof Error ? error.message : String(error)}`);
+            return [];
+        }
+    }
+    // Detect language from extension
+    const ext = path.extname(filePath).toLowerCase().replace('.', '');
+    if (!ext)
+        return [];
+    // Only check for languages that have tree-sitter support
+    const plugin = ctx.languagePlugins?.getByExtension(`.${ext}`);
+    if (!plugin)
+        return [];
+    try {
+        const tree = await AstParser.parse(content, plugin.meta.id);
+        if (!tree?.rootNode)
+            return [];
+        const errors = collectSyntaxErrors(tree.rootNode);
+        if (errors.length === 0)
+            return [];
+        return [
+            `Syntax warning in ${filePath}: ${errors.length} error(s) detected — ` +
+                errors
+                    .slice(0, 3)
+                    .map((e) => `line ${e.line}: ${e.text}`)
+                    .join('; '),
+        ];
+    }
+    catch (error) {
+        // Tree-sitter parse failed (no grammar, etc.) — silently skip
+        getLogger().debug(`[ToolRouter] Post-edit syntax check parse failed: ${error instanceof Error ? error.message : String(error)}`);
+        return [];
+    }
+}
+function collectSyntaxErrors(node, errors = [], depth = 0) {
+    if (depth > 50)
+        return errors; // prevent stack overflow
+    if (node.type === 'ERROR' || node.isMissing) {
+        errors.push({
+            line: (node.startPosition?.row ?? 0) + 1,
+            text: node.text?.slice(0, 80) ?? node.type,
+        });
+    }
+    for (const child of node.children ?? []) {
+        collectSyntaxErrors(child, errors, depth + 1);
+    }
+    return errors;
+}
 //# sourceMappingURL=router.js.map