gobby 0.2.6__py3-none-any.whl → 0.2.8__py3-none-any.whl

gobby/workflows/artifact_actions.py

@@ -4,6 +4,7 @@ Extracted from actions.py as part of strangler fig decomposition.
 These functions handle file artifact capture and reading.
 """
 
+import asyncio
 import glob
 import logging
 import os
@@ -101,3 +102,33 @@ def read_artifact(
     except Exception as e:
         logger.error(f"read_artifact: Failed to read {filepath}: {e}")
         return None
+
+
+# --- ActionHandler-compatible wrappers ---
+# These match the ActionHandler protocol: (context: ActionContext, **kwargs) -> dict | None
+
+if __name__ != "__main__":
+    from typing import TYPE_CHECKING
+
+    if TYPE_CHECKING:
+        from gobby.workflows.actions import ActionContext
+
+
+async def handle_capture_artifact(context: "ActionContext", **kwargs: Any) -> dict[str, Any] | None:
+    """ActionHandler wrapper for capture_artifact."""
+    return await asyncio.to_thread(
+        capture_artifact,
+        state=context.state,
+        pattern=kwargs.get("pattern"),
+        save_as=kwargs.get("as"),
+    )
+
+
+async def handle_read_artifact(context: "ActionContext", **kwargs: Any) -> dict[str, Any] | None:
+    """ActionHandler wrapper for read_artifact."""
+    return await asyncio.to_thread(
+        read_artifact,
+        state=context.state,
+        pattern=kwargs.get("pattern"),
+        variable_name=kwargs.get("as"),
+    )

gobby/workflows/autonomous_actions.py

@@ -284,3 +284,14 @@ def get_progress_summary(
         "last_event_at": (summary.last_event_at.isoformat() if summary.last_event_at else None),
         "events_by_type": {k.value: v for k, v in summary.events_by_type.items()},
     }
+
+
+# --- ActionHandler-compatible wrappers ---
+# These match the ActionHandler protocol: (context: ActionContext, **kwargs) -> dict | None
+# Note: These handlers require executor access for progress_tracker and stuck_detector,
+# so they are created as closures inside ActionExecutor._register_defaults().
+
+# No wrapper functions are defined in this file. The actual handler implementations
+# are closures created in ActionExecutor._register_defaults() which capture the
+# executor's self.progress_tracker and self.stuck_detector references. See that
+# method for the actual implementations and where these components are hooked up.

gobby/workflows/context_actions.py

@@ -6,10 +6,14 @@ These functions handle context injection, message injection, and handoff extract
 
 from __future__ import annotations
 
+import asyncio
 import json
 import logging
 from pathlib import Path
-from typing import Any
+from typing import TYPE_CHECKING, Any
+
+if TYPE_CHECKING:
+    from gobby.workflows.actions import ActionContext
 
 from gobby.workflows.git_utils import get_git_status, get_recent_git_commits
 
@@ -435,3 +439,48 @@ def format_handoff_as_markdown(ctx: Any, prompt_template: str | None = None) ->
         sections.append("\n".join(lines))
 
     return "\n\n".join(sections)
+
+
+# --- ActionHandler-compatible wrappers ---
+# These match the ActionHandler protocol: (context: ActionContext, **kwargs) -> dict | None
+
+
+async def handle_inject_context(context: ActionContext, **kwargs: Any) -> dict[str, Any] | None:
+    """ActionHandler wrapper for inject_context."""
+    return await asyncio.to_thread(
+        inject_context,
+        session_manager=context.session_manager,
+        session_id=context.session_id,
+        state=context.state,
+        template_engine=context.template_engine,
+        source=kwargs.get("source"),
+        template=kwargs.get("template"),
+        require=kwargs.get("require", False),
+    )
+
+
+async def handle_inject_message(context: ActionContext, **kwargs: Any) -> dict[str, Any] | None:
+    """ActionHandler wrapper for inject_message."""
+    return await asyncio.to_thread(
+        inject_message,
+        session_manager=context.session_manager,
+        session_id=context.session_id,
+        state=context.state,
+        template_engine=context.template_engine,
+        content=kwargs.get("content"),
+        **{k: v for k, v in kwargs.items() if k != "content"},
+    )
+
+
+async def handle_extract_handoff_context(
+    context: ActionContext, **kwargs: Any
+) -> dict[str, Any] | None:
+    """ActionHandler wrapper for extract_handoff_context."""
+    return await asyncio.to_thread(
+        extract_handoff_context,
+        session_manager=context.session_manager,
+        session_id=context.session_id,
+        config=context.config,
+        db=context.db,
+        worktree_manager=kwargs.get("worktree_manager"),
+    )

gobby/workflows/detection_helpers.py

@@ -7,7 +7,7 @@ and update workflow state variables accordingly.
 """
 
 import logging
-from typing import TYPE_CHECKING
+from typing import TYPE_CHECKING, Any
 
 if TYPE_CHECKING:
     from gobby.hooks.events import HookEvent
@@ -44,30 +44,24 @@ def detect_task_claim(
     if not event.data:
         return
 
-    tool_name = event.data.get("tool_name", "")
     tool_input = event.data.get("tool_input", {}) or {}
-    # Claude Code sends "tool_result", but we also check "tool_output" for compatibility
-    tool_output = event.data.get("tool_result") or event.data.get("tool_output") or {}
-
-    # Check if this is a gobby-tasks call via MCP proxy
-    # Tool name could be "call_tool" (from legacy) or "mcp__gobby__call_tool" (direct)
-    if tool_name not in ("call_tool", "mcp__gobby__call_tool"):
-        return
+    # Use normalized tool_output (adapters normalize tool_result/tool_response)
+    tool_output = event.data.get("tool_output") or {}
 
-    # Check server is gobby-tasks
-    server_name = tool_input.get("server_name", "")
+    # Use normalized MCP fields from adapter layer
+    # Adapters extract these from CLI-specific formats
+    server_name = event.data.get("mcp_server", "")
     if server_name != "gobby-tasks":
         return
 
-    # Check inner tool name
-    inner_tool_name = tool_input.get("tool_name", "")
+    inner_tool_name = event.data.get("mcp_tool", "")
 
     # Handle close_task - clears task_claimed when task is closed
     # Note: Claude Code doesn't include tool_result in post-tool-use hooks, so for CC
     # the workflow state is updated directly in the MCP proxy's close_task function.
     # This detection provides a fallback for CLIs that do report tool results (Gemini/Codex).
     if inner_tool_name == "close_task":
-        tool_output = event.data.get("tool_result") or event.data.get("tool_output") or {}
+        # tool_output already normalized at top of function
 
         # If no tool output, skip - can't verify success
         # The MCP proxy's close_task handles state clearing for successful closes
@@ -254,6 +248,11 @@ def detect_mcp_call(event: "HookEvent", state: "WorkflowState") -> None:
     This enables workflow conditions like:
         when: "mcp_called('gobby-memory', 'recall')"
 
+    Uses normalized fields from adapters:
+    - mcp_server: The MCP server name (normalized from both Claude and Gemini formats)
+    - mcp_tool: The tool name on the server (normalized from both formats)
+    - tool_output: The tool result (normalized from tool_result/tool_response)
+
     Args:
         event: The AFTER_TOOL hook event
         state: Current workflow state (modified in place)
@@ -261,21 +260,36 @@ def detect_mcp_call(event: "HookEvent", state: "WorkflowState") -> None:
     if not event.data:
         return
 
-    tool_name = event.data.get("tool_name", "")
-    tool_input = event.data.get("tool_input", {}) or {}
-    # Claude Code sends "tool_result", but we also check "tool_output" for compatibility
-    tool_output = event.data.get("tool_result") or event.data.get("tool_output") or {}
+    # Use normalized fields from adapter layer
+    # Adapters extract these from CLI-specific formats:
+    # - Claude: tool_input.server_name/tool_name → mcp_server/mcp_tool
+    # - Gemini: mcp_context.server_name/tool_name → mcp_server/mcp_tool
+    server_name = event.data.get("mcp_server", "")
+    inner_tool = event.data.get("mcp_tool", "")
 
-    # Check for MCP proxy call
-    if tool_name not in ("call_tool", "mcp__gobby__call_tool"):
+    if not server_name or not inner_tool:
         return
 
-    server_name = tool_input.get("server_name", "")
-    inner_tool = tool_input.get("tool_name", "")
+    # Use normalized tool_output (adapters normalize tool_result/tool_response)
+    tool_output = event.data.get("tool_output") or {}
 
-    if not server_name or not inner_tool:
-        return
+    _track_mcp_call(state, server_name, inner_tool, tool_output)
+
+
+def _track_mcp_call(
+    state: "WorkflowState",
+    server_name: str,
+    inner_tool: str,
+    tool_output: dict[str, Any] | Any,
+) -> None:
+    """Track a successful MCP call in workflow state.
 
+    Args:
+        state: Current workflow state (modified in place)
+        server_name: MCP server name (e.g., "gobby-sessions")
+        inner_tool: Tool name on the server (e.g., "get_current_session")
+        tool_output: Tool output to check for errors
+    """
     # Check if call succeeded (skip tracking failed calls)
     if isinstance(tool_output, dict):
         if tool_output.get("error") or tool_output.get("status") == "error":

gobby/workflows/enforcement/__init__.py

@@ -0,0 +1,47 @@
+"""Task enforcement actions for workflow engine.
+
+This package provides actions that enforce task tracking before allowing
+certain tools, and enforce task completion before allowing agent to stop.
+"""
+
+from gobby.workflows.enforcement.blocking import block_tools
+from gobby.workflows.enforcement.commit_policy import (
+    capture_baseline_dirty_files,
+    require_commit_before_stop,
+    require_task_review_or_close_before_stop,
+)
+from gobby.workflows.enforcement.handlers import (
+    handle_block_tools,
+    handle_capture_baseline_dirty_files,
+    handle_require_active_task,
+    handle_require_commit_before_stop,
+    handle_require_task_complete,
+    handle_require_task_review_or_close_before_stop,
+    handle_validate_session_task_scope,
+)
+from gobby.workflows.enforcement.task_policy import (
+    require_active_task,
+    require_task_complete,
+    validate_session_task_scope,
+)
+
+__all__ = [
+    # Blocking
+    "block_tools",
+    # Commit policy
+    "capture_baseline_dirty_files",
+    "require_commit_before_stop",
+    "require_task_review_or_close_before_stop",
+    # Task policy
+    "require_active_task",
+    "require_task_complete",
+    "validate_session_task_scope",
+    # Handlers
+    "handle_block_tools",
+    "handle_capture_baseline_dirty_files",
+    "handle_require_active_task",
+    "handle_require_commit_before_stop",
+    "handle_require_task_complete",
+    "handle_require_task_review_or_close_before_stop",
+    "handle_validate_session_task_scope",
+]

gobby/workflows/enforcement/blocking.py

@@ -0,0 +1,281 @@
+"""Tool blocking enforcement for workflow engine.
+
+Provides configurable tool blocking based on workflow state and conditions.
+"""
+
+from __future__ import annotations
+
+import json
+import logging
+from collections.abc import Callable
+from typing import TYPE_CHECKING, Any
+
+from gobby.workflows.git_utils import get_dirty_files
+from gobby.workflows.safe_evaluator import LazyBool, SafeExpressionEvaluator
+
+if TYPE_CHECKING:
+    from gobby.storage.tasks import LocalTaskManager
+    from gobby.workflows.definitions import WorkflowState
+
+logger = logging.getLogger(__name__)
+
+
+def _is_plan_file(file_path: str, source: str | None = None) -> bool:
+    """Check if file path is a Claude Code plan file (platform-agnostic).
+
+    Only exempts plan files for Claude Code sessions to avoid accidental
+    exemptions for Gemini/Codex users.
+
+    The pattern `/.claude/plans/` matches paths like:
+    - Unix: /Users/xxx/.claude/plans/file.md  (the / comes from xxx/)
+    - Windows: C:/Users/xxx/.claude/plans/file.md  (after normalization)
+
+    Args:
+        file_path: The file path being edited
+        source: CLI source (e.g., "claude", "gemini", "codex")
+
+    Returns:
+        True if this is a CC plan file that should be exempt from task requirement
+    """
+    if not file_path:
+        return False
+    # Only exempt for Claude Code sessions
+    if source != "claude":
+        return False
+    # Normalize path separators (Windows backslash to forward slash)
+    normalized = file_path.replace("\\", "/")
+    return "/.claude/plans/" in normalized
+
+
+def _evaluate_block_condition(
+    condition: str | None,
+    workflow_state: WorkflowState | None,
+    event_data: dict[str, Any] | None = None,
+    tool_input: dict[str, Any] | None = None,
+    session_has_dirty_files: LazyBool | bool = False,
+    task_has_commits: LazyBool | bool = False,
+    source: str | None = None,
+) -> bool:
+    """
+    Evaluate a blocking rule condition against workflow state.
+
+    Supports simple Python expressions with access to:
+    - variables: workflow state variables dict
+    - task_claimed: shorthand for variables.get('task_claimed')
+    - plan_mode: shorthand for variables.get('plan_mode')
+    - tool_input: the tool's input arguments (for MCP tool checks)
+    - session_has_dirty_files: whether session has NEW dirty files (beyond baseline)
+    - task_has_commits: whether the current task has linked commits
+    - source: CLI source (e.g., "claude", "gemini", "codex")
+
+    Args:
+        condition: Python expression to evaluate
+        workflow_state: Current workflow state
+        event_data: Optional hook event data
+        tool_input: Tool input arguments (for MCP tools, this is the 'arguments' field)
+        session_has_dirty_files: Whether session has dirty files beyond baseline (lazy or bool)
+        task_has_commits: Whether claimed task has linked commits (lazy or bool)
+        source: CLI source identifier
+
+    Returns:
+        True if condition matches (tool should be blocked), False otherwise.
+    """
+    if not condition:
+        return True  # No condition means always match
+
+    # Build evaluation context
+    variables = workflow_state.variables if workflow_state else {}
+    context = {
+        "variables": variables,
+        "task_claimed": variables.get("task_claimed", False),
+        "plan_mode": variables.get("plan_mode", False),
+        "event": event_data or {},
+        "tool_input": tool_input or {},
+        "session_has_dirty_files": session_has_dirty_files,
+        "task_has_commits": task_has_commits,
+        "source": source or "",
+    }
+
+    # Allowed functions for safe evaluation
+    allowed_funcs: dict[str, Callable[..., Any]] = {
+        "is_plan_file": _is_plan_file,
+        "bool": bool,
+        "str": str,
+        "int": int,
+    }
+
+    try:
+        evaluator = SafeExpressionEvaluator(context, allowed_funcs)
+        return evaluator.evaluate(condition)
+    except Exception as e:
+        # Fail-closed: block the tool if condition evaluation fails to prevent bypass
+        logger.error(
+            f"block_tools condition evaluation failed (blocking tool): condition='{condition}', "
+            f"variables={variables}, error={e}",
+            exc_info=True,
+        )
+        return True
+
+
+async def block_tools(
+    rules: list[dict[str, Any]] | None = None,
+    event_data: dict[str, Any] | None = None,
+    workflow_state: WorkflowState | None = None,
+    project_path: str | None = None,
+    task_manager: LocalTaskManager | None = None,
+    source: str | None = None,
+    **kwargs: Any,
+) -> dict[str, Any] | None:
+    """
+    Unified tool blocking with multiple configurable rules.
+
+    Each rule can specify:
+      - tools: List of tool names to block (for native CC tools)
+      - mcp_tools: List of "server:tool" patterns to block (for MCP tools)
+      - when: Optional condition (evaluated against workflow state)
+      - reason: Block message to display
+
+    For MCP tools, the tool_name in event_data is "call_tool" or "mcp__gobby__call_tool",
+    and we look inside tool_input for server_name and tool_name.
+
+    Condition evaluation has access to:
+      - variables: workflow state variables
+      - task_claimed, plan_mode: shortcuts
+      - tool_input: the MCP tool's arguments (for checking commit_sha etc.)
+      - session_has_dirty_files: whether session has NEW dirty files beyond baseline
+      - task_has_commits: whether the claimed task has linked commits
+      - source: CLI source (e.g., "claude", "gemini", "codex")
+
+    Args:
+        rules: List of blocking rules
+        event_data: Hook event data with tool_name, tool_input
+        workflow_state: For evaluating conditions
+        project_path: Path to project for git status checks
+        task_manager: For checking task commit status
+        source: CLI source identifier (for is_plan_file checks)
+
+    Returns:
+        Dict with decision="block" and reason if blocked, None to allow.
+
+    Example rule (native tools):
+        {
+            "tools": ["TaskCreate", "TaskUpdate"],
+            "reason": "CC native task tools are disabled. Use gobby-tasks MCP tools."
+        }
+
+    Example rule with condition:
+        {
+            "tools": ["Edit", "Write", "NotebookEdit"],
+            "when": "not task_claimed and not plan_mode",
+            "reason": "Claim a task before using Edit, Write, or NotebookEdit tools."
+        }
+
+    Example rule (MCP tools):
+        {
+            "mcp_tools": ["gobby-tasks:close_task"],
+            "when": "not task_has_commits and not tool_input.get('commit_sha')",
+            "reason": "A commit is required before closing this task."
+        }
+    """
+    if not event_data or not rules:
+        return None
+
+    tool_name = event_data.get("tool_name")
+    if not tool_name:
+        return None
+
+    tool_input = event_data.get("tool_input", {}) or {}
+
+    # Create lazy thunks for expensive context values (git status, DB queries).
+    # These are only evaluated when actually referenced in a rule condition.
+
+    def _compute_session_has_dirty_files() -> bool:
+        """Lazy thunk: check for new dirty files beyond baseline."""
+        if not workflow_state:
+            return False
+        if project_path is None:
+            # Can't compute without project_path - avoid running git in wrong directory
+            logger.debug("_compute_session_has_dirty_files: project_path is None, returning False")
+            return False
+        baseline_dirty = set(workflow_state.variables.get("baseline_dirty_files", []))
+        current_dirty = get_dirty_files(project_path)
+        new_dirty = current_dirty - baseline_dirty
+        return len(new_dirty) > 0
+
+    def _compute_task_has_commits() -> bool:
+        """Lazy thunk: check if claimed task has linked commits."""
+        if not workflow_state or not task_manager:
+            return False
+        claimed_task_id = workflow_state.variables.get("claimed_task_id")
+        if not claimed_task_id:
+            return False
+        try:
+            task = task_manager.get_task(claimed_task_id)
+            return bool(task and task.commits)
+        except Exception:
+            return False  # nosec B110 - best-effort check
+
+    # Wrap in LazyBool so they're only computed when used in boolean context
+    session_has_dirty_files: LazyBool | bool = LazyBool(_compute_session_has_dirty_files)
+    task_has_commits: LazyBool | bool = LazyBool(_compute_task_has_commits)
+
+    for rule in rules:
+        # Determine if this rule matches the current tool
+        rule_matches = False
+        mcp_tool_args: dict[str, Any] = {}
+
+        # Check native CC tools (Edit, Write, etc.)
+        if "tools" in rule:
+            tools = rule.get("tools", [])
+            if tool_name in tools:
+                rule_matches = True
+
+        # Check MCP tools (server:tool format)
+        elif "mcp_tools" in rule:
+            # MCP calls come in as "call_tool" or "mcp__gobby__call_tool"
+            if tool_name in ("call_tool", "mcp__gobby__call_tool"):
+                mcp_server = tool_input.get("server_name", "")
+                mcp_tool = tool_input.get("tool_name", "")
+                mcp_key = f"{mcp_server}:{mcp_tool}"
+
+                mcp_tools = rule.get("mcp_tools", [])
+                if mcp_key in mcp_tools:
+                    rule_matches = True
+                    # For MCP tools, the actual arguments are in tool_input.arguments
+                    # Arguments may be a JSON string (Claude Code serialization) or dict
+                    raw_args = tool_input.get("arguments")
+                    if isinstance(raw_args, str):
+                        try:
+                            parsed = json.loads(raw_args)
+                            mcp_tool_args = parsed if isinstance(parsed, dict) else {}
+                        except (json.JSONDecodeError, TypeError):
+                            mcp_tool_args = {}
+                    elif isinstance(raw_args, dict):
+                        mcp_tool_args = raw_args
+                    else:
+                        mcp_tool_args = {}
+
+        if not rule_matches:
+            continue
+
+        # Check optional condition
+        condition = rule.get("when")
+        if condition:
+            # For MCP tools, use the nested arguments for condition evaluation
+            eval_tool_input = mcp_tool_args if mcp_tool_args else tool_input
+            if not _evaluate_block_condition(
+                condition,
+                workflow_state,
+                event_data,
+                tool_input=eval_tool_input,
+                session_has_dirty_files=session_has_dirty_files,
+                task_has_commits=task_has_commits,
+                source=source,
+            ):
+                continue
+
+        reason = rule.get("reason", f"Tool '{tool_name}' is blocked.")
+        logger.info(f"block_tools: Blocking '{tool_name}' - {reason[:100]}")
+        return {"decision": "block", "reason": reason}
+
+    return None