ripperdoc 0.2.5__tar.gz → 0.2.6__tar.gz

{ripperdoc-0.2.5 → ripperdoc-0.2.6}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ripperdoc
-Version: 0.2.5
+Version: 0.2.6
 Summary: AI-powered terminal assistant for coding tasks
 Author: Ripperdoc Team
 License: Apache-2.0

{ripperdoc-0.2.5 → ripperdoc-0.2.6}/ripperdoc/__init__.py

@@ -1,3 +1,3 @@
 """Ripperdoc - AI-powered coding agent."""
 
-__version__ = "0.2.5"
+__version__ = "0.2.6"

{ripperdoc-0.2.5 → ripperdoc-0.2.6}/ripperdoc/cli/ui/rich_ui.py

@@ -4,6 +4,7 @@ This module provides a clean, minimal terminal UI using Rich for the Ripperdoc a
 """
 
 import asyncio
+import contextlib
 import json
 import sys
 import uuid
@@ -22,6 +23,7 @@ from prompt_toolkit import PromptSession
 from prompt_toolkit.completion import Completer, Completion
 from prompt_toolkit.shortcuts.prompt import CompleteStyle
 from prompt_toolkit.history import InMemoryHistory
+from prompt_toolkit.key_binding import KeyBindings
 
 from ripperdoc import __version__
 from ripperdoc.core.config import get_global_config, provider_protocol
@@ -83,7 +85,6 @@ THINKING_WORDS: list[str] = [
     "Cerebrating",
     "Channelling",
     "Churning",
-    "Clauding",
     "Coalescing",
     "Cogitating",
     "Computing",
@@ -226,6 +227,12 @@ class RichUI:
         self.query_context: Optional[QueryContext] = None
         self._current_tool: Optional[str] = None
         self._should_exit: bool = False
+        self._query_interrupted: bool = False  # Track if query was interrupted by ESC
+        self._esc_listener_active: bool = False  # Track if ESC listener is active
+        self._esc_listener_paused: bool = False  # Pause ESC listener during blocking prompts
+        self._stdin_fd: Optional[int] = None  # Track stdin for raw mode restoration
+        self._stdin_old_settings: Optional[list] = None  # Original terminal settings
+        self._stdin_in_raw_mode: bool = False  # Whether we currently own raw mode
         self.command_list = list_slash_commands()
         self._command_completions = slash_command_completions()
         self._prompt_session: Optional[PromptSession] = None
@@ -940,6 +947,7 @@ class RichUI:
 
             async def permission_checker(tool: Any, parsed_input: Any) -> bool:
                 spinner.stop()
+                was_paused = self._pause_interrupt_listener()
                 try:
                     if base_permission_checker is not None:
                         result = await base_permission_checker(tool, parsed_input)
@@ -955,6 +963,7 @@ class RichUI:
                         return allowed
                     return True
                 finally:
+                    self._resume_interrupt_listener(was_paused)
                     # Wrap spinner restart in try-except to prevent exceptions
                     # from discarding the permission result
                     try:
@@ -1037,6 +1046,138 @@ class RichUI:
             )
             self.display_message("System", f"Error: {str(exc)}", is_tool=True)
 
+    # ─────────────────────────────────────────────────────────────────────────────
+    # ESC Key Interrupt Support
+    # ─────────────────────────────────────────────────────────────────────────────
+
+    # Keys that trigger interrupt
+    _INTERRUPT_KEYS = {'\x1b', '\x03'}  # ESC, Ctrl+C
+
+    def _pause_interrupt_listener(self) -> bool:
+        """Pause ESC listener and restore cooked terminal mode if we own raw mode."""
+        prev = self._esc_listener_paused
+        self._esc_listener_paused = True
+        try:
+            import termios
+        except ImportError:
+            return prev
+
+        if (
+            self._stdin_fd is not None
+            and self._stdin_old_settings is not None
+            and self._stdin_in_raw_mode
+        ):
+            with contextlib.suppress(OSError, termios.error, ValueError):
+                termios.tcsetattr(self._stdin_fd, termios.TCSADRAIN, self._stdin_old_settings)
+            self._stdin_in_raw_mode = False
+        return prev
+
+    def _resume_interrupt_listener(self, previous_state: bool) -> None:
+        """Restore paused state to what it was before a blocking prompt."""
+        self._esc_listener_paused = previous_state
+
+    async def _listen_for_interrupt_key(self) -> bool:
+        """Listen for interrupt keys (ESC/Ctrl+C) during query execution.
+
+        Uses raw terminal mode for immediate key detection without waiting
+        for escape sequences to complete.
+        """
+        import sys
+        import select
+        import termios
+        import tty
+
+        try:
+            fd = sys.stdin.fileno()
+            old_settings = termios.tcgetattr(fd)
+        except (OSError, termios.error, ValueError):
+            return False
+
+        self._stdin_fd = fd
+        self._stdin_old_settings = old_settings
+        raw_enabled = False
+        try:
+            while self._esc_listener_active:
+                if self._esc_listener_paused:
+                    if raw_enabled:
+                        with contextlib.suppress(OSError, termios.error, ValueError):
+                            termios.tcsetattr(fd, termios.TCSADRAIN, old_settings)
+                        raw_enabled = False
+                        self._stdin_in_raw_mode = False
+                    await asyncio.sleep(0.05)
+                    continue
+
+                if not raw_enabled:
+                    tty.setraw(fd)
+                    raw_enabled = True
+                    self._stdin_in_raw_mode = True
+
+                await asyncio.sleep(0.02)
+                if select.select([sys.stdin], [], [], 0)[0]:
+                    if sys.stdin.read(1) in self._INTERRUPT_KEYS:
+                        return True
+        except (OSError, ValueError):
+            pass
+        finally:
+            self._stdin_in_raw_mode = False
+            with contextlib.suppress(OSError, termios.error, ValueError):
+                if raw_enabled:
+                    termios.tcsetattr(fd, termios.TCSADRAIN, old_settings)
+            self._stdin_fd = None
+            self._stdin_old_settings = None
+
+        return False
+
+    async def _cancel_task(self, task: asyncio.Task) -> None:
+        """Cancel a task and wait for it to finish."""
+        if not task.done():
+            task.cancel()
+            with contextlib.suppress(asyncio.CancelledError):
+                await task
+
+    def _trigger_abort(self) -> None:
+        """Signal the query to abort."""
+        if self.query_context and hasattr(self.query_context, "abort_controller"):
+            self.query_context.abort_controller.set()
+
+    async def _run_query_with_esc_interrupt(self, query_coro: Any) -> bool:
+        """Run a query with ESC key interrupt support.
+
+        Returns True if interrupted, False if completed normally.
+        """
+        self._query_interrupted = False
+        self._esc_listener_active = True
+
+        query_task = asyncio.create_task(query_coro)
+        interrupt_task = asyncio.create_task(self._listen_for_interrupt_key())
+
+        try:
+            done, _ = await asyncio.wait(
+                {query_task, interrupt_task},
+                return_when=asyncio.FIRST_COMPLETED
+            )
+
+            # Check if interrupted
+            if interrupt_task in done and interrupt_task.result():
+                self._query_interrupted = True
+                self._trigger_abort()
+                await self._cancel_task(query_task)
+                return True
+
+            # Query completed normally
+            if query_task in done:
+                await self._cancel_task(interrupt_task)
+                with contextlib.suppress(Exception):
+                    query_task.result()
+                return False
+
+            return False
+
+        finally:
+            self._esc_listener_active = False
+            await self._cancel_task(query_task)
+            await self._cancel_task(interrupt_task)
+
     def _run_async(self, coro: Any) -> Any:
         """Run a coroutine on the persistent event loop."""
         if self._loop.is_closed():
@@ -1044,6 +1185,16 @@ class RichUI:
             asyncio.set_event_loop(self._loop)
         return self._loop.run_until_complete(coro)
 
+    def _run_async_with_esc_interrupt(self, coro: Any) -> bool:
+        """Run a coroutine with ESC key interrupt support.
+
+        Returns True if interrupted by ESC, False if completed normally.
+        """
+        if self._loop.is_closed():
+            self._loop = asyncio.new_event_loop()
+            asyncio.set_event_loop(self._loop)
+        return self._loop.run_until_complete(self._run_query_with_esc_interrupt(coro))
+
     def run_async(self, coro: Any) -> Any:
         """Public wrapper for running coroutines on the UI event loop."""
         return self._run_async(coro)
@@ -1111,7 +1262,7 @@ class RichUI:
         # Display status
         console.print(create_status_bar())
         console.print()
-        console.print("[dim]Tip: type '/' then press Tab to see available commands.[/dim]\n")
+        console.print("[dim]Tip: type '/' then press Tab to see available commands. Press ESC to interrupt a running query.[/dim]\n")
 
         session = self.get_prompt_session()
         logger.info(
@@ -1155,7 +1306,14 @@ class RichUI:
                             "prompt_preview": user_input[:200],
                         },
                     )
-                    self._run_async(self.process_query(user_input))
+                    interrupted = self._run_async_with_esc_interrupt(self.process_query(user_input))
+
+                    if interrupted:
+                        console.print("\n[red]■ Conversation interrupted[/red] · [dim]Tell the model what to do differently.[/dim]")
+                        logger.info(
+                            "[ui] Query interrupted by ESC key",
+                            extra={"session_id": self.session_id},
+                        )
 
                     console.print()  # Add spacing between interactions
 

{ripperdoc-0.2.5 → ripperdoc-0.2.6}/ripperdoc/core/query.py

@@ -774,9 +774,20 @@ async def _run_query_iteration(
             progress = progress_queue.get_nowait()
         except asyncio.QueueEmpty:
             waiter = asyncio.create_task(progress_queue.get())
+            # Use timeout to periodically check abort_controller during LLM request
             done, pending = await asyncio.wait(
-                {assistant_task, waiter}, return_when=asyncio.FIRST_COMPLETED
+                {assistant_task, waiter},
+                return_when=asyncio.FIRST_COMPLETED,
+                timeout=0.1  # Check abort_controller every 100ms
             )
+            if not done:
+                # Timeout - cancel waiter and continue loop to check abort_controller
+                waiter.cancel()
+                try:
+                    await waiter
+                except asyncio.CancelledError:
+                    pass
+                continue
             if assistant_task in done:
                 for task in pending:
                     task.cancel()

{ripperdoc-0.2.5 → ripperdoc-0.2.6}/ripperdoc/core/tool.py

@@ -6,8 +6,8 @@ Tools are the primary way that the AI agent interacts with the environment.
 
 import json
 from abc import ABC, abstractmethod
-from typing import Any, AsyncGenerator, Dict, List, Optional, TypeVar, Generic, Union
-from pydantic import BaseModel, ConfigDict, Field
+from typing import Annotated, Any, AsyncGenerator, Dict, List, Optional, TypeVar, Generic, Union
+from pydantic import BaseModel, ConfigDict, Field, SkipValidation
 from ripperdoc.utils.file_watch import FileSnapshot
 from ripperdoc.utils.log import get_logger
 
@@ -41,7 +41,9 @@ class ToolUseContext(BaseModel):
     verbose: bool = False
     permission_checker: Optional[Any] = None
     read_file_timestamps: Dict[str, float] = Field(default_factory=dict)
-    file_state_cache: Dict[str, "FileSnapshot"] = Field(default_factory=dict)
+    # SkipValidation prevents Pydantic from copying the dict during validation,
+    # ensuring View/Read and Edit tools share the same cache instance
+    file_state_cache: Annotated[Dict[str, FileSnapshot], SkipValidation] = Field(default_factory=dict)
     tool_registry: Optional[Any] = None
     abort_signal: Optional[Any] = None
     # UI control callbacks for tools that need user interaction

{ripperdoc-0.2.5 → ripperdoc-0.2.6}/ripperdoc/tools/bash_tool.py

@@ -318,6 +318,24 @@ build projects, run tests, and interact with the file system."""
         deny_rules = permission_context.get("denied_rules") or set()
         allowed_dirs = permission_context.get("allowed_working_directories") or {safe_get_cwd()}
 
+        # Check for sensitive directory access with read-only commands (cd, find).
+        # These should ask for user confirmation rather than being blocked outright.
+        cwd = safe_get_cwd()
+        path_validation = validate_shell_command_paths(
+            input_data.command,
+            cwd,
+            allowed_dirs,
+        )
+        if path_validation.behavior == "ask":
+            # For read-only directory operations, ask user for confirmation
+            return PermissionDecision(
+                behavior="ask",
+                message=path_validation.message,
+                updated_input=input_data,
+                decision_reason={"type": "sensitive_directory_access"},
+                rule_suggestions=path_validation.rule_suggestions,
+            )
+
         decision = evaluate_shell_command_permissions(
             input_data,
             allow_rules,
@@ -366,14 +384,8 @@ build projects, run tests, and interact with the file system."""
                 result=False, message="Sandbox mode requested but not available."
             )
 
-        cwd = safe_get_cwd()
-        path_validation = validate_shell_command_paths(
-            input_data.command,
-            cwd,
-            {cwd},
-        )
-        if path_validation.behavior == "ask":
-            return ValidationResult(result=False, message=path_validation.message)
+        # Note: Path validation for sensitive directories (cd/find to /usr, /etc, etc.)
+        # is now handled in check_permissions() to allow user confirmation for read-only ops.
 
         # Block backgrounding commands we explicitly ignore.
         if input_data.run_in_background:

{ripperdoc-0.2.5 → ripperdoc-0.2.6}/ripperdoc/tools/file_edit_tool.py

@@ -227,9 +227,11 @@ match exactly (including whitespace and indentation)."""
             with open(input_data.file_path, "w", encoding="utf-8") as f:
                 f.write(new_content)
 
+            # Use absolute path to ensure consistency with validation lookup
+            abs_file_path = os.path.abspath(input_data.file_path)
             try:
                 record_snapshot(
-                    input_data.file_path,
+                    abs_file_path,
                     new_content,
                     getattr(context, "file_state_cache", {}),
                 )
@@ -237,7 +239,7 @@ match exactly (including whitespace and indentation)."""
                 logger.warning(
                     "[file_edit_tool] Failed to record file snapshot: %s: %s",
                     type(exc).__name__, exc,
-                    extra={"file_path": input_data.file_path},
+                    extra={"file_path": abs_file_path},
                 )
 
             # Generate diff for display

{ripperdoc-0.2.5 → ripperdoc-0.2.6}/ripperdoc/tools/file_read_tool.py

@@ -153,9 +153,11 @@ and limit to read only a portion of the file."""
             content = "".join(selected_lines)
 
             # Remember what we read so we can detect user edits later.
+            # Use absolute path to ensure consistency with Edit tool's lookup
+            abs_file_path = os.path.abspath(input_data.file_path)
             try:
                 record_snapshot(
-                    input_data.file_path,
+                    abs_file_path,
                     content,
                     getattr(context, "file_state_cache", {}),
                     offset=offset,

{ripperdoc-0.2.5 → ripperdoc-0.2.6}/ripperdoc/tools/file_write_tool.py

@@ -160,9 +160,11 @@ NEVER write new files unless explicitly required by the user."""
 
             bytes_written = len(input_data.content.encode("utf-8"))
 
+            # Use absolute path to ensure consistency with validation lookup
+            abs_file_path = os.path.abspath(input_data.file_path)
             try:
                 record_snapshot(
-                    input_data.file_path,
+                    abs_file_path,
                     input_data.content,
                     getattr(context, "file_state_cache", {}),
                 )
@@ -170,7 +172,7 @@ NEVER write new files unless explicitly required by the user."""
                 logger.warning(
                     "[file_write_tool] Failed to record file snapshot: %s: %s",
                     type(exc).__name__, exc,
-                    extra={"file_path": input_data.file_path},
+                    extra={"file_path": abs_file_path},
                 )
 
             output = FileWriteToolOutput(

{ripperdoc-0.2.5 → ripperdoc-0.2.6}/ripperdoc/tools/notebook_edit_tool.py

@@ -314,9 +314,11 @@ class NotebookEditTool(Tool[NotebookEditInput, NotebookEditOutput]):
             )
 
             path.write_text(json.dumps(nb_json, indent=1), encoding="utf-8")
+            # Use resolved absolute path to ensure consistency with validation lookup
+            abs_notebook_path = str(path.resolve())
             try:
                 record_snapshot(
-                    input_data.notebook_path,
+                    abs_notebook_path,
                     json.dumps(nb_json, indent=1),
                     getattr(context, "file_state_cache", {}),
                 )
@@ -324,7 +326,7 @@ class NotebookEditTool(Tool[NotebookEditInput, NotebookEditOutput]):
                 logger.warning(
                     "[notebook_edit_tool] Failed to record file snapshot: %s: %s",
                     type(exc).__name__, exc,
-                    extra={"file_path": input_data.notebook_path},
+                    extra={"file_path": abs_notebook_path},
                 )
 
             output = NotebookEditOutput(

{ripperdoc-0.2.5 → ripperdoc-0.2.6}/ripperdoc/utils/permissions/path_validation_utils.py

@@ -90,18 +90,20 @@ def _validate_path(raw_path: str, cwd: str, allowed_dirs: Set[str]) -> tuple[boo
     return _is_path_allowed(resolved, allowed_dirs), str(resolved)
 
 
-def _extract_paths_for_command(
+def _check_command_paths(
     command: str, args: List[str], cwd: str, allowed_dirs: Set[str]
 ) -> ValidationResponse:
     if command == "cd":
         target = args[0] if args else os.path.expanduser("~")
         allowed, resolved = _validate_path(target, cwd, allowed_dirs)
     elif command == "ls":
-        candidates = [arg for arg in args if not arg.startswith("-")] or ["."]
-        for candidate in candidates:
-            allowed, resolved = _validate_path(candidate, cwd, allowed_dirs)
-            if not allowed:
-                break
+        # ls is a read-only command, allow it to run on any path
+        # This enables viewing system directories like /usr, /etc, etc.
+        return ValidationResponse(
+            behavior="passthrough",
+            message="ls is a read-only command, no path restrictions applied",
+            rule_suggestions=None,
+        )
     elif command == "find":
         paths: list[str] = []
         for arg in args:
@@ -132,13 +134,12 @@ def _extract_paths_for_command(
 
     preview = _format_allowed_dirs_preview(sorted(allowed_dirs))
     action = {
-        "cd": "change directories to",
-        "ls": "list files in",
+        "cd": "change directory to",
         "find": "search files in",
     }.get(command, "access")
     return ValidationResponse(
         behavior="ask",
-        message=f"{command} in '{resolved}' was blocked. For security, this session may only {action} the allowed working directories: {preview}.",
+        message=f"Requesting permission to {action} '{resolved}' (outside allowed directories: {preview})",
         rule_suggestions=None,
     )
 
@@ -167,7 +168,7 @@ def validate_shell_command_paths(
             rule_suggestions=None,
         )
 
-    return _extract_paths_for_command(first, rest, cwd, allowed_dirs)
+    return _check_command_paths(first, rest, cwd, allowed_dirs)
 
 
 __all__ = ["ValidationResponse", "validate_shell_command_paths"]

{ripperdoc-0.2.5 → ripperdoc-0.2.6}/ripperdoc.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ripperdoc
-Version: 0.2.5
+Version: 0.2.6
 Summary: AI-powered terminal assistant for coding tasks
 Author: Ripperdoc Team
 License: Apache-2.0

{ripperdoc-0.2.5 → ripperdoc-0.2.6}/tests/test_shell_permissions.py

@@ -218,7 +218,7 @@ def test_path_validation_blocks_outside_allowed(tmp_path: Path):
     allowed = {str(tmp_path)}
     result = validate_shell_command_paths("cd /", str(tmp_path), allowed)
     assert result.behavior == "ask"
-    assert "blocked" in result.message.lower()
+    assert "permission" in result.message.lower() or "outside" in result.message.lower()
 
 
 def test_path_validation_allows_within_allowed(tmp_path: Path):
@@ -228,6 +228,23 @@ def test_path_validation_allows_within_allowed(tmp_path: Path):
     assert result.behavior == "passthrough"
 
 
+def test_ls_allows_any_path(tmp_path: Path):
+    """ls is a read-only command and should be allowed on any path."""
+    allowed = {str(tmp_path)}
+    # ls to /usr should be allowed even though it's outside allowed dirs
+    result = validate_shell_command_paths("ls /usr", str(tmp_path), allowed)
+    assert result.behavior == "passthrough"
+    assert "read-only" in result.message.lower()
+
+    # ls to /etc should also be allowed
+    result = validate_shell_command_paths("ls -la /etc", str(tmp_path), allowed)
+    assert result.behavior == "passthrough"
+
+    # ls to root should also be allowed
+    result = validate_shell_command_paths("ls /", str(tmp_path), allowed)
+    assert result.behavior == "passthrough"
+
+
 # =============================================================================
 # Permission Evaluation Tests
 # =============================================================================