code-puppy 0.0.169__py3-none-any.whl → 0.0.366__py3-none-any.whl

code_puppy/plugins/shell_safety/command_cache.py

@@ -0,0 +1,156 @@
+"""Caching layer for shell command safety assessments.
+
+This module provides an LRU cache for recently assessed commands to avoid redundant API calls.
+
+The approach is simple and secure: let the LLM assess ALL commands and cache
+those assessments. This eliminates the security risks of pre-defined whitelists
+while providing the performance benefits of caching.
+"""
+
+from collections import OrderedDict
+from dataclasses import dataclass
+from typing import Optional, Tuple
+
+# Maximum number of cached assessments (LRU eviction after this)
+MAX_CACHE_SIZE = 200
+
+
+@dataclass
+class CachedAssessment:
+    """A cached safety assessment result."""
+
+    risk: str
+    reasoning: str
+
+
+class CommandSafetyCache:
+    """LRU cache for shell command safety assessments.
+
+    This cache stores previous LLM assessments to avoid redundant API calls.
+    It uses an OrderedDict for O(1) LRU eviction.
+    """
+
+    def __init__(self, max_size: int = MAX_CACHE_SIZE):
+        self._cache: OrderedDict[Tuple[str, Optional[str]], CachedAssessment] = (
+            OrderedDict()
+        )
+        self._max_size = max_size
+        self._hits = 0
+        self._misses = 0
+
+    def _make_key(self, command: str, cwd: Optional[str]) -> Tuple[str, Optional[str]]:
+        """Create a cache key from command and cwd."""
+        # Normalize command (strip whitespace)
+        return (command.strip(), cwd)
+
+    def get(
+        self, command: str, cwd: Optional[str] = None
+    ) -> Optional[CachedAssessment]:
+        """Get a cached assessment if it exists.
+
+        Args:
+            command: The shell command
+            cwd: Optional working directory
+
+        Returns:
+            CachedAssessment if found, None otherwise
+        """
+        key = self._make_key(command, cwd)
+        if key in self._cache:
+            # Move to end (most recently used)
+            self._cache.move_to_end(key)
+            self._hits += 1
+            return self._cache[key]
+        self._misses += 1
+        return None
+
+    def put(
+        self, command: str, cwd: Optional[str], assessment: CachedAssessment
+    ) -> None:
+        """Store an assessment in the cache.
+
+        Args:
+            command: The shell command
+            cwd: Optional working directory
+            assessment: The assessment result to cache
+        """
+        key = self._make_key(command, cwd)
+
+        # If already exists, update and move to end
+        if key in self._cache:
+            self._cache.move_to_end(key)
+            self._cache[key] = assessment
+            return
+
+        # Evict oldest if at capacity
+        while len(self._cache) >= self._max_size:
+            self._cache.popitem(last=False)
+
+        self._cache[key] = assessment
+
+    def clear(self) -> None:
+        """Clear all cached assessments."""
+        self._cache.clear()
+        self._hits = 0
+        self._misses = 0
+
+    @property
+    def stats(self) -> dict:
+        """Get cache statistics."""
+        total = self._hits + self._misses
+        hit_rate = (self._hits / total * 100) if total > 0 else 0
+        return {
+            "size": len(self._cache),
+            "max_size": self._max_size,
+            "hits": self._hits,
+            "misses": self._misses,
+            "hit_rate": f"{hit_rate:.1f}%",
+        }
+
+
+# Global cache instance (singleton for the session)
+_cache = CommandSafetyCache()
+
+
+def get_cache_stats() -> dict:
+    """Get statistics about the cache performance."""
+    return _cache.stats
+
+
+def get_cached_assessment(
+    command: str, cwd: Optional[str] = None
+) -> Optional[CachedAssessment]:
+    """Get a cached command safety assessment.
+
+    Cache-only approach: use the LLM cache for speed, but let the LLM
+    determine safety for all commands. No pre-defined whitelists.
+
+    Args:
+        command: The shell command to check
+        cwd: Optional working directory
+
+    Returns:
+        CachedAssessment if found in cache, None if needs LLM assessment
+    """
+    return _cache.get(command, cwd)
+
+
+def cache_assessment(
+    command: str, cwd: Optional[str], risk: str, reasoning: str
+) -> None:
+    """Cache an LLM assessment result.
+
+    Cache all LLM assessments since the same command should get
+    the same assessment, providing both security and performance.
+
+    Args:
+        command: The shell command
+        cwd: Optional working directory
+        risk: The assessed risk level
+        reasoning: The assessment reasoning
+    """
+    assessment = CachedAssessment(
+        risk=risk,
+        reasoning=reasoning,
+    )
+    _cache.put(command, cwd, assessment)

code_puppy/plugins/shell_safety/register_callbacks.py

@@ -0,0 +1,202 @@
+"""Callback registration for shell command safety checking.
+
+This module registers a callback that intercepts shell commands in yolo_mode
+and assesses their safety risk before execution.
+"""
+
+from typing import Any, Dict, Optional
+
+from code_puppy.callbacks import register_callback
+from code_puppy.config import (
+    get_global_model_name,
+    get_safety_permission_level,
+    get_yolo_mode,
+)
+from code_puppy.messaging import emit_info
+from code_puppy.plugins.shell_safety.command_cache import (
+    cache_assessment,
+    get_cached_assessment,
+)
+from code_puppy.tools.command_runner import ShellSafetyAssessment
+
+# OAuth model prefixes - these models have their own safety mechanisms
+OAUTH_MODEL_PREFIXES = (
+    "claude-code-",  # Anthropic OAuth
+    "chatgpt-",  # OpenAI OAuth
+    "gemini-oauth",  # Google OAuth
+)
+
+
+def is_oauth_model(model_name: str | None) -> bool:
+    """Check if the model is an OAuth model that should skip safety checks.
+
+    OAuth models have their own built-in safety mechanisms, so we skip
+    the shell safety callback to avoid redundant checks and potential bugs.
+
+    Args:
+        model_name: The name of the current model
+
+    Returns:
+        True if the model is an OAuth model, False otherwise
+    """
+    if not model_name:
+        return False
+    return model_name.startswith(OAUTH_MODEL_PREFIXES)
+
+
+# Risk level hierarchy for numeric comparison
+# Lower numbers = safer commands, higher numbers = more dangerous
+# This mapping allows us to compare risk levels as integers
+RISK_LEVELS: Dict[str, int] = {
+    "none": 0,
+    "low": 1,
+    "medium": 2,
+    "high": 3,
+    "critical": 4,
+}
+
+
+def compare_risk_levels(assessed_risk: Optional[str], threshold: str) -> bool:
+    """Compare assessed risk against threshold.
+
+    Args:
+        assessed_risk: The risk level from the agent (can be None)
+        threshold: The configured risk threshold
+
+    Returns:
+        True if the command should be blocked (risk exceeds threshold)
+        False if the command is acceptable
+    """
+    # If assessment failed (None), treat as high risk (fail-safe behavior)
+    if assessed_risk is None:
+        assessed_risk = "high"
+
+    # Convert risk levels to numeric values for comparison
+    assessed_level = RISK_LEVELS.get(assessed_risk, 4)  # Default to critical if unknown
+    threshold_level = RISK_LEVELS.get(threshold, 2)  # Default to medium if unknown
+
+    # Block if assessed risk is GREATER than threshold
+    # Note: Commands AT the threshold level are allowed (>, not >=)
+    return assessed_level > threshold_level
+
+
+async def shell_safety_callback(
+    context: Any, command: str, cwd: Optional[str] = None, timeout: int = 60
+) -> Optional[Dict[str, Any]]:
+    """Callback to assess shell command safety before execution.
+
+    This callback is only active when yolo_mode is True. When yolo_mode is False,
+    the user manually reviews every command, so we don't need the agent.
+
+    Args:
+        context: The execution context
+        command: The shell command to execute
+        cwd: Optional working directory
+        timeout: Command timeout (unused here)
+
+    Returns:
+        None if command is safe to proceed
+        Dict with rejection info if command should be blocked
+    """
+    # Skip safety checks for OAuth models - they have their own safety mechanisms
+    current_model = get_global_model_name()
+    if is_oauth_model(current_model):
+        return None
+
+    # Only check safety in yolo_mode - otherwise user is reviewing manually
+    yolo_mode = get_yolo_mode()
+    if not yolo_mode:
+        return None
+
+    # Get configured risk threshold
+    threshold = get_safety_permission_level()
+
+    try:
+        # Check cache first (fast path - no LLM call)
+        cached = get_cached_assessment(command, cwd)
+
+        if cached:
+            # Got a cached result - check against threshold
+            if compare_risk_levels(cached.risk, threshold):
+                # Cached result says it's too risky
+                risk_display = cached.risk or "unknown"
+                concise_reason = cached.reasoning or "No reasoning provided"
+                error_msg = (
+                    f"🛑 Command blocked (risk {risk_display.upper()} > permission {threshold.upper()}).\n"
+                    f"Reason: {concise_reason}\n"
+                    f"Override: /set yolo_mode true or /set safety_permission_level {risk_display}"
+                )
+                emit_info(error_msg)
+                return {
+                    "blocked": True,
+                    "risk": cached.risk,
+                    "reasoning": cached.reasoning,
+                    "error_message": error_msg,
+                }
+            # Cached result is within threshold - allow silently
+            return None
+
+        # Cache miss - need LLM assessment
+        # Import here to avoid circular imports
+        from code_puppy.plugins.shell_safety.agent_shell_safety import ShellSafetyAgent
+
+        # Create agent and assess command
+        agent = ShellSafetyAgent()
+
+        # Build the assessment prompt with optional cwd context
+        prompt = f"Assess this shell command:\n\nCommand: {command}"
+        if cwd:
+            prompt += f"\nWorking directory: {cwd}"
+
+        # Run async assessment with structured output type
+        result = await agent.run_with_mcp(prompt, output_type=ShellSafetyAssessment)
+        assessment = result.output
+
+        # Cache the result for future use, but only if it's not a fallback assessment
+        if not getattr(assessment, "is_fallback", False):
+            cache_assessment(command, cwd, assessment.risk, assessment.reasoning)
+
+        # Check if risk exceeds threshold (commands at threshold are allowed)
+        if compare_risk_levels(assessment.risk, threshold):
+            risk_display = assessment.risk or "unknown"
+            concise_reason = assessment.reasoning or "No reasoning provided"
+            error_msg = (
+                f"🛑 Command blocked (risk {risk_display.upper()} > permission {threshold.upper()}).\n"
+                f"Reason: {concise_reason}\n"
+                f"Override: /set yolo_mode true or /set safety_permission_level {risk_display}"
+            )
+            emit_info(error_msg)
+
+            # Return rejection info for the command runner
+            return {
+                "blocked": True,
+                "risk": assessment.risk,
+                "reasoning": assessment.reasoning,
+                "error_message": error_msg,
+            }
+
+        # Command is within acceptable risk threshold - remain silent
+        return None  # Allow command to proceed
+
+    except Exception as e:
+        # On any error, fail safe by blocking the command
+        error_msg = (
+            f"🛑 Command blocked (risk HIGH > permission {threshold.upper()}).\n"
+            f"Reason: Safety assessment error: {str(e)}\n"
+            f"Override: /set yolo_mode true or /set safety_permission_level high"
+        )
+        return {
+            "blocked": True,
+            "risk": "high",
+            "reasoning": f"Safety assessment error: {str(e)}",
+            "error_message": error_msg,
+        }
+
+
+def register():
+    """Register the shell safety callback."""
+    register_callback("run_shell_command", shell_safety_callback)
+
+
+# Auto-register the callback when this module is imported
+register()

code_puppy/prompts/antigravity_system_prompt.md

@@ -0,0 +1 @@
+<identity>\nYou are Antigravity, a powerful agentic AI coding assistant designed by the Google Deepmind team working on Advanced Agentic Coding.\nYou are pair programming with a USER to solve their coding task. The task may require creating a new codebase, modifying or debugging an existing codebase, or simply answering a question.\nThe USER will send you requests, which you must always prioritize addressing. Along with each USER request, we will attach additional metadata about their current state, such as what files they have open and where their cursor is.\nThis information may or may not be relevant to the coding task, it is up for you to decide.\n</identity>\n\n<tool_calling>\nCall tools as you normally would. The following list provides additional guidance to help you avoid errors:\n  - **Absolute paths only**. When using tools that accept file path arguments, ALWAYS use the absolute file path.\n</tool_calling>\n\n<web_application_development>\n## Technology Stack,\nYour web applications should be built using the following technologies:,\n1. **Core**: Use HTML for structure and Javascript for logic.\n2. **Styling (CSS)**: Use Vanilla CSS for maximum flexibility and control. Avoid using TailwindCSS unless the USER explicitly requests it; in this case, first confirm which TailwindCSS version to use.\n3. **Web App**: If the USER specifies that they want a more complex web app, use a framework like Next.js or Vite. Only do this if the USER explicitly requests a web app.\n4. **New Project Creation**: If you need to use a framework for a new app, use `npx` with the appropriate script, but there are some rules to follow:,\n   - Use `npx -y` to automatically install the script and its dependencies\n   - You MUST run the command with `--help` flag to see all available options first, \n   - Initialize the app in the current directory with `./` (example: `npx -y create-vite-app@latest ./`),\n   - You should run in non-interactive mode so that the user doesn't need to input anything,\n5. **Running Locally**: When running locally, use `npm run dev` or equivalent dev server. Only build the production bundle if the USER explicitly requests it or you are validating the code for correctness.\n\n# Design Aesthetics,\n1. **Use Rich Aesthetics**: The USER should be wowed at first glance by the design. Use best practices in modern web design (e.g. vibrant colors, dark modes, glassmorphism, and dynamic animations) to create a stunning first impression. Failure to do this is UNACCEPTABLE.\n2. **Prioritize Visual Excellence**: Implement designs that will WOW the user and feel extremely premium:\n\t\t- Avoid generic colors (plain red, blue, green). Use curated, harmonious color palettes (e.g., HSL tailored colors, sleek dark modes).\n   - Using modern typography (e.g., from Google Fonts like Inter, Roboto, or Outfit) instead of browser defaults.\n\t\t- Use smooth gradients,\n\t\t- Add subtle micro-animations for enhanced user experience,\n3. **Use a Dynamic Design**: An interface that feels responsive and alive encourages interaction. Achieve this with hover effects and interactive elements. Micro-animations, in particular, are highly effective for improving user engagement.\n4. **Premium Designs**. Make a design that feels premium and state of the art. Avoid creating simple minimum viable products.\n4. **Don't use placeholders**. If you need an image, use your generate_image tool to create a working demonstration.,\n\n## Implementation Workflow,\nFollow this systematic approach when building web applications:,\n1. **Plan and Understand**:,\n\t\t- Fully understand the user's requirements,\n\t\t- Draw inspiration from modern, beautiful, and dynamic web designs,\n\t\t- Outline the features needed for the initial version,\n2. **Build the Foundation**:,\n\t\t- Start by creating/modifying `index.css`,\n\t\t- Implement the core design system with all tokens and utilities,\n3. **Create Components**:,\n\t\t- Build necessary components using your design system,\n\t\t- Ensure all components use predefined styles, not ad-hoc utilities,\n\t\t- Keep components focused and reusable,\n4. **Assemble Pages**:,\n\t\t- Update the main application to incorporate your design and components,\n\t\t- Ensure proper routing and navigation,\n\t\t- Implement responsive layouts,\n5. **Polish and Optimize**:,\n\t\t- Review the overall user experience,\n\t\t- Ensure smooth interactions and transitions,\n\t\t- Optimize performance where needed,\n\n## SEO Best Practices,\nAutomatically implement SEO best practices on every page:,\n- **Title Tags**: Include proper, descriptive title tags for each page,\n- **Meta Descriptions**: Add compelling meta descriptions that accurately summarize page content,\n- **Heading Structure**: Use a single `<h1>` per page with proper heading hierarchy,\n- **Semantic HTML**: Use appropriate HTML5 semantic elements,\n- **Unique IDs**: Ensure all interactive elements have unique, descriptive IDs for browser testing,\n- **Performance**: Ensure fast page load times through optimization,\nCRITICAL REMINDER: AESTHETICS ARE VERY IMPORTANT. If your web app looks simple and basic then you have FAILED!\n</web_application_development>\n<ephemeral_message>\nThere will be an <EPHEMERAL_MESSAGE> appearing in the conversation at times. This is not coming from the user, but instead injected by the system as important information to pay attention to. \nDo not respond to nor acknowledge those messages, but do follow them strictly.\n</ephemeral_message>\n\n\n<communication_style>\n- **Formatting**. Format your responses in github-style markdown to make your responses easier for the USER to parse. For example, use headers to organize your responses and bolded or italicized text to highlight important keywords. Use backticks to format file, directory, function, and class names. If providing a URL to the user, format this in markdown as well, for example `[label](example.com)`.\n- **Proactiveness**. As an agent, you are allowed to be proactive, but only in the course of completing the user's task. For example, if the user asks you to add a new component, you can edit the code, verify build and test statuses, and take any other obvious follow-up actions, such as performing additional research. However, avoid surprising the user. For example, if the user asks HOW to approach something, you should answer their question and instead of jumping into editing a file.\n- **Helpfulness**. Respond like a helpful software engineer who is explaining your work to a friendly collaborator on the project. Acknowledge mistakes or any backtracking you do as a result of new information.\n- **Ask for clarification**. If you are unsure about the USER's intent, always ask for clarification rather than making assumptions.\n</communication_style>