kairo-code 0.1.0__py3-none-any.whl

kairo_code/router.py

@@ -0,0 +1,217 @@
+"""Intent router using small LLM for classification with few-shot examples"""
+
+from dataclasses import dataclass
+from enum import Enum
+import re
+
+from .llm import LLM
+
+
+class Intent(Enum):
+    SEARCH = "search"
+    CODE = "code"
+    FILE_READ = "file_read"
+    FILE_WRITE = "file_write"
+    FILE_LIST = "file_list"
+    EXPLORE = "explore"
+    PLAN = "plan"
+    CHAT = "chat"
+
+
+@dataclass
+class RoutedIntent:
+    intent: Intent
+    confidence: str  # "high", "medium", "low"
+    extracted_params: dict
+
+
+# Few-shot examples for the router
+ROUTER_EXAMPLES = """
+## Examples
+
+Input: "What's the weather like today?"
+Output: search
+
+Input: "Write a Python function to sort a list"
+Output: code
+
+Input: "Show me what's in config.py"
+Output: file_read
+
+Input: "Create a new file called utils.py with a helper function"
+Output: file_write
+
+Input: "What files are in the src directory?"
+Output: file_list
+
+Input: "Analyze this codebase for improvements"
+Output: explore
+
+Input: "How should I implement user authentication?"
+Output: plan
+
+Input: "What's the capital of France?"
+Output: chat
+
+Input: "Search for the latest Python 3.12 features"
+Output: search
+
+Input: "Fix the bug in main.py line 42"
+Output: code
+
+Input: "Read the README file"
+Output: file_read
+
+Input: "Save this code to server.py"
+Output: file_write
+
+Input: "Find all Python files in this project"
+Output: file_list
+
+Input: "Explore how the API endpoints work"
+Output: explore
+
+Input: "Plan out how to refactor the database layer"
+Output: plan
+
+Input: "Hello, how are you?"
+Output: chat
+
+Input: "Create a tool with a UI that pulls data from an API"
+Output: code
+
+Input: "Build me an app that tracks my tasks"
+Output: code
+"""
+
+ROUTER_SYSTEM_PROMPT = f"""You are a classifier. Classify the user's intent into exactly ONE category.
+
+Categories:
+- search: User wants current/real-time information from the web
+- code: User wants to write, modify, fix, or generate code
+- file_read: User wants to see contents of a specific file
+- file_write: User wants to create or save a file
+- file_list: User wants to list or find files
+- explore: User wants to analyze or understand a codebase
+- plan: User wants to plan a complex task before implementing
+- chat: General conversation, questions, or explanations
+
+{ROUTER_EXAMPLES}
+
+Respond with ONLY the category name, nothing else.
+"""
+
+
+class Router:
+    """Routes user input to the appropriate handler using few-shot classification."""
+
+    INTENT_CATEGORIES = [i.value for i in Intent]
+
+    def __init__(self, llm: LLM):
+        self.llm = llm
+
+    def route(self, user_input: str) -> RoutedIntent:
+        """
+        Classify user input and extract relevant parameters.
+        Uses few-shot examples for better accuracy with small models.
+        """
+        # First try rule-based classification for common patterns
+        rule_based = self._rule_based_classify(user_input)
+        if rule_based:
+            return rule_based
+
+        # Fall back to LLM classification
+        from .config import Config
+        config = Config()
+        system = config.router_prompt + "\n" + ROUTER_EXAMPLES + "\nRespond with ONLY the category name, nothing else."
+        response = self.llm.generate(
+            prompt=f"Input: {user_input}\nOutput:",
+            model=self.llm.select_model("router"),
+            system=system,
+            stream=False,
+        )
+
+        # Parse the response
+        intent_str = response.strip().lower()
+
+        # Find matching intent
+        intent = Intent.CHAT  # Default
+        for cat in self.INTENT_CATEGORIES:
+            if cat in intent_str:
+                try:
+                    intent = Intent(cat)
+                except ValueError:
+                    pass
+                break
+
+        # Extract params based on intent
+        params = self._extract_params(user_input, intent)
+
+        return RoutedIntent(
+            intent=intent,
+            confidence="high" if intent_str in self.INTENT_CATEGORIES else "medium",
+            extracted_params=params,
+        )
+
+    def _rule_based_classify(self, user_input: str) -> RoutedIntent | None:
+        """Fast rule-based classification for common patterns."""
+        lower = user_input.lower().strip()
+
+        # Search patterns
+        search_keywords = ["weather", "latest", "current", "today's", "news", "price of"]
+        if any(kw in lower for kw in search_keywords):
+            return RoutedIntent(Intent.SEARCH, "high", {})
+
+        # File read patterns
+        if re.match(r"^(show|read|cat|display|what'?s in|open)\s+.+\.(py|js|ts|json|yaml|yml|md|txt)", lower):
+            # Extract filename
+            match = re.search(r'[\w./\\-]+\.\w+', user_input)
+            path = match.group(0) if match else ""
+            return RoutedIntent(Intent.FILE_READ, "high", {"path": path})
+
+        # File list patterns
+        if re.match(r"^(list|find|show|what)\s+(files?|all)", lower):
+            return RoutedIntent(Intent.FILE_LIST, "high", {})
+
+        # Explore patterns
+        if any(phrase in lower for phrase in ["explore", "analyze", "understand", "how does", "explain the code"]):
+            return RoutedIntent(Intent.EXPLORE, "high", {})
+
+        # Plan patterns
+        if any(phrase in lower for phrase in ["plan", "how should i", "how to implement", "design"]):
+            return RoutedIntent(Intent.PLAN, "high", {})
+
+        # Code patterns
+        code_keywords = ["write", "create", "fix", "modify", "add", "implement", "refactor", "update", "change", "build", "make"]
+        code_context = ["function", "class", "method", "code", "script", "bug", "error", "tool", "app", "application", "program", "ui", "gui", "api"]
+        if any(kw in lower for kw in code_keywords) and any(ctx in lower for ctx in code_context):
+            return RoutedIntent(Intent.CODE, "high", {})
+
+        # Greeting patterns
+        greetings = ["hello", "hi", "hey", "good morning", "good afternoon"]
+        if any(lower.startswith(g) for g in greetings):
+            return RoutedIntent(Intent.CHAT, "high", {})
+
+        return None  # Fall back to LLM
+
+    def _extract_params(self, user_input: str, intent: Intent) -> dict:
+        """Extract relevant parameters from user input based on intent."""
+        params = {}
+
+        if intent in (Intent.FILE_READ, Intent.FILE_WRITE):
+            # Extract file path
+            path_match = re.search(r'[\w./\\-]+\.\w+', user_input)
+            if path_match:
+                params["path"] = path_match.group(0)
+
+        if intent == Intent.FILE_LIST:
+            # Extract glob pattern if present
+            pattern_match = re.search(r'\*+\.?\w*', user_input)
+            if pattern_match:
+                params["pattern"] = pattern_match.group(0)
+
+        if intent == Intent.SEARCH:
+            # The whole input is basically the search query
+            params["query"] = user_input
+
+        return params

kairo_code/sandbox.py

@@ -0,0 +1,248 @@
+"""Sandbox and safety controls for Kairo Code - prevents unauthorized file access"""
+
+import os
+from pathlib import Path
+from typing import Optional
+from dataclasses import dataclass
+
+
+@dataclass
+class SandboxConfig:
+    """Configuration for the sandbox."""
+    # Root directory for all file operations (usually project dir)
+    root_dir: Path
+    # Allow operations outside root (dangerous!)
+    allow_escape: bool = False
+    # Paths that are always blocked (even with allow_escape)
+    blocked_paths: tuple = (
+        "/etc", "/usr", "/bin", "/sbin", "/boot", "/root",
+        "/sys", "/proc", "/dev", "/var/log",
+        "~/.ssh", "~/.gnupg", "~/.aws", "~/.config",
+    )
+    # File extensions that require extra confirmation
+    sensitive_extensions: tuple = (
+        ".env", ".pem", ".key", ".crt", ".p12",
+        ".password", ".secret", ".credentials",
+    )
+    # Max file size to write (prevents filling disk)
+    max_file_size: int = 10 * 1024 * 1024  # 10MB
+
+
+class Sandbox:
+    """
+    Sandbox for safe file operations.
+
+    Restricts file access to a root directory and blocks sensitive paths.
+    Similar to Claude Code's sandboxing.
+    """
+
+    def __init__(self, config: Optional[SandboxConfig] = None):
+        if config is None:
+            # Default: use current working directory as root
+            config = SandboxConfig(root_dir=Path.cwd())
+
+        self.config = config
+        self.root = config.root_dir.resolve()
+
+        # Expand blocked paths
+        self._blocked = set()
+        for p in config.blocked_paths:
+            expanded = Path(p).expanduser()
+            self._blocked.add(str(expanded.resolve()))
+
+    def validate_path(self, path: str, operation: str = "access") -> tuple[bool, str, Path]:
+        """
+        Validate a path for safety.
+
+        Args:
+            path: The path to validate
+            operation: The operation being performed (read, write, delete)
+
+        Returns:
+            (is_valid, error_message, resolved_path)
+        """
+        try:
+            # Resolve the path
+            target = Path(path).expanduser()
+
+            # Make absolute if relative
+            if not target.is_absolute():
+                target = self.root / target
+
+            resolved = target.resolve()
+
+            # Check if path escapes sandbox
+            if not self.config.allow_escape:
+                try:
+                    resolved.relative_to(self.root)
+                except ValueError:
+                    return (
+                        False,
+                        f"Path '{path}' is outside project directory. "
+                        f"Only paths within '{self.root}' are allowed.",
+                        resolved
+                    )
+
+            # Check blocked paths
+            resolved_str = str(resolved)
+            for blocked in self._blocked:
+                if resolved_str.startswith(blocked):
+                    return (
+                        False,
+                        f"Access to '{path}' is blocked for security reasons.",
+                        resolved
+                    )
+
+            # Check for path traversal attempts
+            if ".." in path:
+                # Re-verify after resolution
+                try:
+                    resolved.relative_to(self.root)
+                except ValueError:
+                    return (
+                        False,
+                        f"Path traversal detected in '{path}'.",
+                        resolved
+                    )
+
+            # Check sensitive extensions for write operations
+            if operation == "write" and resolved.suffix in self.config.sensitive_extensions:
+                return (
+                    False,
+                    f"Writing to sensitive file type '{resolved.suffix}' requires manual confirmation.",
+                    resolved
+                )
+
+            return (True, "", resolved)
+
+        except Exception as e:
+            return (False, f"Invalid path: {e}", Path(path))
+
+    def validate_content(self, content: str, path: str) -> tuple[bool, str]:
+        """
+        Validate content being written.
+
+        Args:
+            content: The content to write
+            path: The target path
+
+        Returns:
+            (is_valid, error_message)
+        """
+        # Check size
+        size = len(content.encode('utf-8'))
+        if size > self.config.max_file_size:
+            return (
+                False,
+                f"Content too large ({size / 1024 / 1024:.1f}MB). "
+                f"Max allowed: {self.config.max_file_size / 1024 / 1024:.0f}MB"
+            )
+
+        # Check for suspicious content patterns
+        suspicious_patterns = [
+            ("#!/", "Script with shebang"),
+            ("rm -rf", "Destructive command"),
+            ("sudo ", "Sudo command"),
+            ("eval(", "Eval statement"),
+            ("exec(", "Exec statement"),
+            ("__import__", "Dynamic import"),
+        ]
+
+        warnings = []
+        for pattern, description in suspicious_patterns:
+            if pattern in content:
+                warnings.append(description)
+
+        if warnings:
+            # Don't block, just warn
+            return (True, f"Warning: Content contains: {', '.join(warnings)}")
+
+        return (True, "")
+
+    def safe_read(self, path: str) -> str:
+        """Safely read a file with validation."""
+        valid, error, resolved = self.validate_path(path, "read")
+        if not valid:
+            raise PermissionError(error)
+
+        if not resolved.exists():
+            raise FileNotFoundError(f"File not found: {path}")
+
+        if not resolved.is_file():
+            raise IsADirectoryError(f"Not a file: {path}")
+
+        return resolved.read_text()
+
+    def safe_write(self, path: str, content: str) -> str:
+        """Safely write a file with validation."""
+        valid, error, resolved = self.validate_path(path, "write")
+        if not valid:
+            raise PermissionError(error)
+
+        valid, warning = self.validate_content(content, path)
+        if not valid:
+            raise ValueError(warning)
+
+        # Create parent directories if needed
+        resolved.parent.mkdir(parents=True, exist_ok=True)
+
+        # Write the file
+        resolved.write_text(content)
+
+        line_count = content.count('\n') + 1
+        result = f"File written: {resolved.relative_to(self.root)} ({line_count} lines)"
+
+        if warning:
+            result += f"\n{warning}"
+
+        return result
+
+    def safe_delete(self, path: str) -> str:
+        """Safely delete a file with validation."""
+        valid, error, resolved = self.validate_path(path, "delete")
+        if not valid:
+            raise PermissionError(error)
+
+        if not resolved.exists():
+            raise FileNotFoundError(f"File not found: {path}")
+
+        if resolved.is_dir():
+            raise IsADirectoryError(f"Cannot delete directory: {path}. Use bash for that.")
+
+        resolved.unlink()
+        return f"Deleted: {resolved.relative_to(self.root)}"
+
+    def list_allowed_paths(self) -> list[str]:
+        """List paths that are allowed for access."""
+        return [str(self.root)]
+
+    def get_relative_path(self, path: str) -> str:
+        """Get path relative to sandbox root."""
+        try:
+            resolved = Path(path).resolve()
+            return str(resolved.relative_to(self.root))
+        except ValueError:
+            return path
+
+
+# Global sandbox instance (initialized when Kairo Code starts)
+_sandbox: Optional[Sandbox] = None
+
+
+def init_sandbox(root: Optional[Path] = None, allow_escape: bool = False) -> Sandbox:
+    """Initialize the global sandbox."""
+    global _sandbox
+    config = SandboxConfig(
+        root_dir=root or Path.cwd(),
+        allow_escape=allow_escape
+    )
+    _sandbox = Sandbox(config)
+    return _sandbox
+
+
+def get_sandbox() -> Sandbox:
+    """Get the global sandbox, initializing if needed."""
+    global _sandbox
+    if _sandbox is None:
+        _sandbox = Sandbox()
+    return _sandbox

kairo_code/settings.py

@@ -0,0 +1,183 @@
+"""User settings management with interactive prompts."""
+
+import os
+from pathlib import Path
+from typing import Any
+
+import yaml
+from rich.console import Console
+from rich.prompt import Confirm, Prompt
+
+console = Console()
+
+# User settings directory
+SETTINGS_DIR = Path.home() / ".kairo_code"
+SETTINGS_FILE = SETTINGS_DIR / "settings.yaml"
+
+DEFAULT_SETTINGS = {
+    "auto_approve": {
+        "enabled": False,
+        "write_file": False,
+        "bash": False,
+        "prompted": False,  # Whether we've asked the user yet
+    },
+    "verbose": False,
+}
+
+
+def load_user_settings() -> dict[str, Any]:
+    """Load user settings from ~/.kairo_code/settings.yaml"""
+    SETTINGS_DIR.mkdir(parents=True, exist_ok=True)
+
+    if not SETTINGS_FILE.exists():
+        return DEFAULT_SETTINGS.copy()
+
+    try:
+        with open(SETTINGS_FILE) as f:
+            settings = yaml.safe_load(f) or {}
+        # Merge with defaults for any missing keys
+        merged = DEFAULT_SETTINGS.copy()
+        _deep_merge(merged, settings)
+        return merged
+    except Exception:
+        return DEFAULT_SETTINGS.copy()
+
+
+def save_user_settings(settings: dict[str, Any]) -> None:
+    """Save user settings to ~/.kairo_code/settings.yaml"""
+    SETTINGS_DIR.mkdir(parents=True, exist_ok=True)
+
+    with open(SETTINGS_FILE, "w") as f:
+        yaml.dump(settings, f, default_flow_style=False)
+
+
+def _deep_merge(base: dict, override: dict) -> None:
+    """Recursively merge override into base."""
+    for key, value in override.items():
+        if key in base and isinstance(base[key], dict) and isinstance(value, dict):
+            _deep_merge(base[key], value)
+        else:
+            base[key] = value
+
+
+def prompt_auto_approve_settings(force: bool = False) -> dict[str, Any]:
+    """
+    Interactively prompt user for auto-approve settings.
+    Only prompts on first run unless force=True.
+    Returns the updated settings.
+    """
+    settings = load_user_settings()
+
+    # Skip if already prompted (unless forced)
+    if settings["auto_approve"].get("prompted") and not force:
+        return settings
+
+    console.print("\n[bold cyan]═══ Auto-Approve Settings ═══[/]\n")
+    console.print("[dim]Kairo Code can auto-approve certain actions to speed up your workflow.[/]")
+    console.print("[dim]You can change these settings anytime with /settings[/]\n")
+
+    # Ask about file writes
+    settings["auto_approve"]["write_file"] = Confirm.ask(
+        "[yellow]?[/] Auto-approve [bold]file writes[/] (create/modify files without asking)?",
+        default=False
+    )
+
+    # Ask about bash commands
+    console.print("\n[dim]⚠ Bash commands can modify your system. Auto-approve with caution.[/]")
+    settings["auto_approve"]["bash"] = Confirm.ask(
+        "[yellow]?[/] Auto-approve [bold]bash commands[/] (run shell commands without asking)?",
+        default=False
+    )
+
+    # Set enabled if any are true
+    settings["auto_approve"]["enabled"] = (
+        settings["auto_approve"]["write_file"] or
+        settings["auto_approve"]["bash"]
+    )
+
+    # Mark as prompted
+    settings["auto_approve"]["prompted"] = True
+
+    # Save settings
+    save_user_settings(settings)
+
+    # Show summary
+    console.print("\n[bold]Settings saved![/]")
+    _print_current_settings(settings)
+    console.print()
+
+    return settings
+
+
+def _print_current_settings(settings: dict[str, Any]) -> None:
+    """Print current auto-approve settings."""
+    auto = settings["auto_approve"]
+
+    write_status = "[green]✓ Yes[/]" if auto.get("write_file") else "[red]✗ No[/]"
+    bash_status = "[green]✓ Yes[/]" if auto.get("bash") else "[red]✗ No[/]"
+
+    console.print(f"  • Auto-approve file writes: {write_status}")
+    console.print(f"  • Auto-approve bash commands: {bash_status}")
+
+
+def show_settings_menu() -> dict[str, Any]:
+    """Show settings menu and allow user to change settings."""
+    settings = load_user_settings()
+
+    console.print("\n[bold cyan]═══ Kairo Code Settings ═══[/]\n")
+    console.print("[bold]Current settings:[/]")
+    _print_current_settings(settings)
+
+    console.print("\n[bold]Options:[/]")
+    console.print("  [cyan]1[/] - Toggle auto-approve file writes")
+    console.print("  [cyan]2[/] - Toggle auto-approve bash commands")
+    console.print("  [cyan]3[/] - Enable all auto-approve")
+    console.print("  [cyan]4[/] - Disable all auto-approve")
+    console.print("  [cyan]q[/] - Back to chat")
+
+    choice = Prompt.ask("\n[yellow]?[/] Select option", choices=["1", "2", "3", "4", "q"], default="q")
+
+    if choice == "1":
+        settings["auto_approve"]["write_file"] = not settings["auto_approve"]["write_file"]
+        console.print(f"[green]File writes auto-approve: {'enabled' if settings['auto_approve']['write_file'] else 'disabled'}[/]")
+    elif choice == "2":
+        settings["auto_approve"]["bash"] = not settings["auto_approve"]["bash"]
+        console.print(f"[green]Bash auto-approve: {'enabled' if settings['auto_approve']['bash'] else 'disabled'}[/]")
+    elif choice == "3":
+        settings["auto_approve"]["write_file"] = True
+        settings["auto_approve"]["bash"] = True
+        settings["auto_approve"]["enabled"] = True
+        console.print("[green]All auto-approve enabled[/]")
+    elif choice == "4":
+        settings["auto_approve"]["write_file"] = False
+        settings["auto_approve"]["bash"] = False
+        settings["auto_approve"]["enabled"] = False
+        console.print("[green]All auto-approve disabled[/]")
+
+    # Update enabled flag
+    settings["auto_approve"]["enabled"] = (
+        settings["auto_approve"]["write_file"] or
+        settings["auto_approve"]["bash"]
+    )
+
+    save_user_settings(settings)
+    return settings
+
+
+def should_auto_approve(tool_name: str, settings: dict[str, Any] | None = None) -> bool:
+    """Check if a tool should be auto-approved based on user settings."""
+    if settings is None:
+        settings = load_user_settings()
+
+    auto = settings.get("auto_approve", {})
+
+    if tool_name == "write_file":
+        return auto.get("write_file", False)
+    elif tool_name == "bash":
+        return auto.get("bash", False)
+
+    # Read-only tools are always auto-approved
+    if tool_name in ("read_file", "list_files", "tree", "search_files", "web_search"):
+        return True
+
+    return False

kairo_code/tools/__init__.py

@@ -0,0 +1,51 @@
+"""Kairo Code Tools - File operations, search, and code generation"""
+
+from .base import (
+    Tool,
+    ToolResult,
+    ToolRegistry,
+    FunctionTool,
+    parse_tool_calls,
+    format_tool_error,
+    ParsedToolCall,
+    ToolParseResult,
+)
+from .files import (
+    read_file,
+    write_file,
+    edit_file,
+    list_files,
+    search_files,
+    tree,
+)
+from .search import web_search, format_search_results
+from .code import extract_code_blocks, build_code_prompt, build_explain_prompt
+from .definitions import create_default_registry, create_readonly_registry
+
+__all__ = [
+    # Base classes
+    "Tool",
+    "ToolResult",
+    "ToolRegistry",
+    "FunctionTool",
+    "parse_tool_calls",
+    "format_tool_error",
+    "ParsedToolCall",
+    "ToolParseResult",
+    "create_default_registry",
+    "create_readonly_registry",
+    # File tools
+    "read_file",
+    "write_file",
+    "edit_file",
+    "list_files",
+    "search_files",
+    "tree",
+    # Search
+    "web_search",
+    "format_search_results",
+    # Code
+    "extract_code_blocks",
+    "build_code_prompt",
+    "build_explain_prompt",
+]