PyPI - ripperdoc - Versions diffs - 0.2.6__py3-none-any.whl - Mend

ripperdoc 0.2.6__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (107) hide show

ripperdoc/__init__.py +3 -0
ripperdoc/__main__.py +20 -0
ripperdoc/cli/__init__.py +1 -0
ripperdoc/cli/cli.py +405 -0
ripperdoc/cli/commands/__init__.py +82 -0
ripperdoc/cli/commands/agents_cmd.py +263 -0
ripperdoc/cli/commands/base.py +19 -0
ripperdoc/cli/commands/clear_cmd.py +18 -0
ripperdoc/cli/commands/compact_cmd.py +23 -0
ripperdoc/cli/commands/config_cmd.py +31 -0
ripperdoc/cli/commands/context_cmd.py +144 -0
ripperdoc/cli/commands/cost_cmd.py +82 -0
ripperdoc/cli/commands/doctor_cmd.py +221 -0
ripperdoc/cli/commands/exit_cmd.py +19 -0
ripperdoc/cli/commands/help_cmd.py +20 -0
ripperdoc/cli/commands/mcp_cmd.py +70 -0
ripperdoc/cli/commands/memory_cmd.py +202 -0
ripperdoc/cli/commands/models_cmd.py +413 -0
ripperdoc/cli/commands/permissions_cmd.py +302 -0
ripperdoc/cli/commands/resume_cmd.py +98 -0
ripperdoc/cli/commands/status_cmd.py +167 -0
ripperdoc/cli/commands/tasks_cmd.py +278 -0
ripperdoc/cli/commands/todos_cmd.py +69 -0
ripperdoc/cli/commands/tools_cmd.py +19 -0
ripperdoc/cli/ui/__init__.py +1 -0
ripperdoc/cli/ui/context_display.py +298 -0
ripperdoc/cli/ui/helpers.py +22 -0
ripperdoc/cli/ui/rich_ui.py +1557 -0
ripperdoc/cli/ui/spinner.py +49 -0
ripperdoc/cli/ui/thinking_spinner.py +128 -0
ripperdoc/cli/ui/tool_renderers.py +298 -0
ripperdoc/core/__init__.py +1 -0
ripperdoc/core/agents.py +486 -0
ripperdoc/core/commands.py +33 -0
ripperdoc/core/config.py +559 -0
ripperdoc/core/default_tools.py +88 -0
ripperdoc/core/permissions.py +252 -0
ripperdoc/core/providers/__init__.py +47 -0
ripperdoc/core/providers/anthropic.py +250 -0
ripperdoc/core/providers/base.py +265 -0
ripperdoc/core/providers/gemini.py +615 -0
ripperdoc/core/providers/openai.py +487 -0
ripperdoc/core/query.py +1058 -0
ripperdoc/core/query_utils.py +622 -0
ripperdoc/core/skills.py +295 -0
ripperdoc/core/system_prompt.py +431 -0
ripperdoc/core/tool.py +240 -0
ripperdoc/sdk/__init__.py +9 -0
ripperdoc/sdk/client.py +333 -0
ripperdoc/tools/__init__.py +1 -0
ripperdoc/tools/ask_user_question_tool.py +431 -0
ripperdoc/tools/background_shell.py +389 -0
ripperdoc/tools/bash_output_tool.py +98 -0
ripperdoc/tools/bash_tool.py +1016 -0
ripperdoc/tools/dynamic_mcp_tool.py +428 -0
ripperdoc/tools/enter_plan_mode_tool.py +226 -0
ripperdoc/tools/exit_plan_mode_tool.py +153 -0
ripperdoc/tools/file_edit_tool.py +346 -0
ripperdoc/tools/file_read_tool.py +203 -0
ripperdoc/tools/file_write_tool.py +205 -0
ripperdoc/tools/glob_tool.py +179 -0
ripperdoc/tools/grep_tool.py +370 -0
ripperdoc/tools/kill_bash_tool.py +136 -0
ripperdoc/tools/ls_tool.py +471 -0
ripperdoc/tools/mcp_tools.py +591 -0
ripperdoc/tools/multi_edit_tool.py +456 -0
ripperdoc/tools/notebook_edit_tool.py +386 -0
ripperdoc/tools/skill_tool.py +205 -0
ripperdoc/tools/task_tool.py +379 -0
ripperdoc/tools/todo_tool.py +494 -0
ripperdoc/tools/tool_search_tool.py +380 -0
ripperdoc/utils/__init__.py +1 -0
ripperdoc/utils/bash_constants.py +51 -0
ripperdoc/utils/bash_output_utils.py +43 -0
ripperdoc/utils/coerce.py +34 -0
ripperdoc/utils/context_length_errors.py +252 -0
ripperdoc/utils/exit_code_handlers.py +241 -0
ripperdoc/utils/file_watch.py +135 -0
ripperdoc/utils/git_utils.py +274 -0
ripperdoc/utils/json_utils.py +27 -0
ripperdoc/utils/log.py +176 -0
ripperdoc/utils/mcp.py +560 -0
ripperdoc/utils/memory.py +253 -0
ripperdoc/utils/message_compaction.py +676 -0
ripperdoc/utils/messages.py +519 -0
ripperdoc/utils/output_utils.py +258 -0
ripperdoc/utils/path_ignore.py +677 -0
ripperdoc/utils/path_utils.py +46 -0
ripperdoc/utils/permissions/__init__.py +27 -0
ripperdoc/utils/permissions/path_validation_utils.py +174 -0
ripperdoc/utils/permissions/shell_command_validation.py +552 -0
ripperdoc/utils/permissions/tool_permission_utils.py +279 -0
ripperdoc/utils/prompt.py +17 -0
ripperdoc/utils/safe_get_cwd.py +31 -0
ripperdoc/utils/sandbox_utils.py +38 -0
ripperdoc/utils/session_history.py +260 -0
ripperdoc/utils/session_usage.py +117 -0
ripperdoc/utils/shell_token_utils.py +95 -0
ripperdoc/utils/shell_utils.py +159 -0
ripperdoc/utils/todo.py +203 -0
ripperdoc/utils/token_estimation.py +34 -0
ripperdoc-0.2.6.dist-info/METADATA +193 -0
ripperdoc-0.2.6.dist-info/RECORD +107 -0
ripperdoc-0.2.6.dist-info/WHEEL +5 -0
ripperdoc-0.2.6.dist-info/entry_points.txt +3 -0
ripperdoc-0.2.6.dist-info/licenses/LICENSE +53 -0
ripperdoc-0.2.6.dist-info/top_level.txt +1 -0

ripperdoc/utils/permissions/tool_permission_utils.py ADDED Viewed

@@ -0,0 +1,279 @@
+"""Permission evaluation helpers."""
+from __future__ import annotations
+from dataclasses import dataclass
+from typing import Callable, Iterable, List, Optional, Set
+from ripperdoc.utils.permissions.path_validation_utils import validate_shell_command_paths
+from ripperdoc.utils.permissions.shell_command_validation import validate_shell_command
+from ripperdoc.utils.safe_get_cwd import safe_get_cwd
+from ripperdoc.utils.shell_token_utils import parse_and_clean_shell_tokens, parse_shell_tokens
+@dataclass
+class ToolRule:
+    tool_name: str
+    rule_content: str
+    behavior: str = "allow"
+@dataclass
+class PermissionDecision:
+    behavior: str  # 'allow' | 'deny' | 'ask' | 'passthrough'
+    message: Optional[str] = None
+    updated_input: Optional[object] = None
+    decision_reason: Optional[dict] = None
+    rule_suggestions: Optional[List[ToolRule] | List[str]] = None
+def create_wildcard_rule(rule_name: str) -> str:
+    """Create a wildcard/prefix rule string."""
+    return f"{rule_name}:*"
+def create_tool_rule(rule_content: str) -> List[ToolRule]:
+    return [ToolRule(tool_name="Bash", rule_content=rule_content)]
+def create_wildcard_tool_rule(rule_name: str) -> List[ToolRule]:
+    return [ToolRule(tool_name="Bash", rule_content=create_wildcard_rule(rule_name))]
+def extract_rule_prefix(rule_string: str) -> Optional[str]:
+    return rule_string[:-2] if rule_string.endswith(":*") else None
+def match_rule(command: str, rule: str) -> bool:
+    """Return True if a command matches a rule (exact or wildcard)."""
+    command = command.strip()
+    if not command:
+        return False
+    prefix = extract_rule_prefix(rule)
+    if prefix is not None:
+        return command.startswith(prefix)
+    return command == rule
+def _merge_rules(*rules: Iterable[str]) -> Set[str]:
+    merged: Set[str] = set()
+    for collection in rules:
+        merged.update(collection)
+    return merged
+def _is_command_read_only(
+    command: str,
+    injection_check: Callable[[str], bool],
+) -> bool:
+    """Heuristic read-only detector mirroring the reference intent."""
+    validation = validate_shell_command(command)
+    if validation.behavior != "passthrough":
+        return False
+    cleaned_tokens = parse_and_clean_shell_tokens(command)
+    if not cleaned_tokens:
+        return True
+    # Treat pipelines/compound commands as read-only only if every segment is safe.
+    tokens = parse_shell_tokens(command)
+    if "|" in tokens:
+        parts: list[str] = []
+        current: list[str] = []
+        for token in tokens:
+            if token == "|":
+                if current:
+                    parts.append(" ".join(current))
+                current = []
+            else:
+                current.append(token)
+        if current:
+            parts.append(" ".join(current))
+        return all(_is_command_read_only(part, injection_check) for part in parts)
+    dangerous_prefixes = {
+        "rm",
+        "mv",
+        "chmod",
+        "chown",
+        "sudo",
+        "dd",
+        "tee",
+        "truncate",
+        "kill",
+        "pkill",
+        "systemctl",
+        "service",
+    }
+    first = cleaned_tokens[0]
+    if first in dangerous_prefixes:
+        return False
+    if first == "git":
+        if len(cleaned_tokens) < 2:
+            return False
+        allowed_git = {
+            "status",
+            "diff",
+            "show",
+            "log",
+            "rev-parse",
+            "ls-files",
+            "remote",
+            "branch",
+            "tag",
+            "blame",
+            "reflog",
+        }
+        return cleaned_tokens[1] in allowed_git
+    # If no injection was detected and the command is free of mutations, treat as read-only.
+    return not injection_check(command)
+def _collect_rule_suggestions(command: str) -> List[ToolRule]:
+    suggestions: list[ToolRule] = [ToolRule(tool_name="Bash", rule_content=command)]
+    tokens = parse_and_clean_shell_tokens(command)
+    if tokens:
+        suggestions.append(ToolRule(tool_name="Bash", rule_content=create_wildcard_rule(tokens[0])))
+    return suggestions
+def evaluate_shell_command_permissions(
+    tool_request: object,
+    allowed_rules: Iterable[str],
+    denied_rules: Iterable[str],
+    allowed_working_dirs: Set[str] | None = None,
+    *,
+    command_injection_detected: bool = False,
+    injection_detector: Callable[[str], bool] | None = None,
+    read_only_detector: Callable[[str, Callable[[str], bool]], bool] | None = None,
+) -> PermissionDecision:
+    """Evaluate whether a bash command should be allowed."""
+    command = tool_request.command if hasattr(tool_request, "command") else str(tool_request)
+    trimmed_command = command.strip()
+    allowed_working_dirs = allowed_working_dirs or {safe_get_cwd()}
+    injection_detector = injection_detector or (
+        lambda cmd: validate_shell_command(cmd).behavior != "passthrough"
+    )
+    read_only_detector = read_only_detector or _is_command_read_only
+    merged_denied = _merge_rules(denied_rules)
+    merged_allowed = _merge_rules(allowed_rules)
+    if any(match_rule(trimmed_command, rule) for rule in merged_denied):
+        return PermissionDecision(
+            behavior="deny",
+            message=f"Permission to run '{trimmed_command}' has been denied.",
+            decision_reason={"type": "rule"},
+            rule_suggestions=None,
+        )
+    if any(match_rule(trimmed_command, rule) for rule in merged_allowed):
+        return PermissionDecision(
+            behavior="allow",
+            updated_input=tool_request,
+            decision_reason={"type": "rule"},
+            message="Command approved by configured rule.",
+        )
+    path_result = validate_shell_command_paths(
+        trimmed_command, safe_get_cwd(), allowed_working_dirs
+    )
+    if path_result.behavior != "passthrough":
+        return PermissionDecision(
+            behavior="ask",
+            message=path_result.message,
+            decision_reason={"type": "path_validation"},
+            rule_suggestions=None,
+        )
+    validation_result = validate_shell_command(trimmed_command)
+    if validation_result.behavior != "passthrough":
+        return PermissionDecision(
+            behavior="ask",
+            message=validation_result.message,
+            decision_reason={"type": "validation"},
+            rule_suggestions=None,
+        )
+    tokens = parse_shell_tokens(trimmed_command)
+    if "|" in tokens:
+        left_tokens = []
+        right_tokens = []
+        pipe_seen = False
+        for token in tokens:
+            if token == "|":
+                pipe_seen = True
+                continue
+            if pipe_seen:
+                right_tokens.append(token)
+            else:
+                left_tokens.append(token)
+        left_command = " ".join(left_tokens).strip()
+        right_command = " ".join(right_tokens).strip()
+        left_result = evaluate_shell_command_permissions(
+            type("Cmd", (), {"command": left_command}),
+            merged_allowed,
+            merged_denied,
+            allowed_working_dirs,
+            command_injection_detected=command_injection_detected,
+            injection_detector=injection_detector,
+            read_only_detector=read_only_detector,
+        )
+        right_read_only = read_only_detector(right_command, injection_detector)
+        if left_result.behavior == "deny":
+            return left_result
+        if not right_read_only:
+            return PermissionDecision(
+                behavior="ask",
+                message="Pipe right-hand command is not read-only.",
+                decision_reason={"type": "subcommand"},
+                rule_suggestions=_collect_rule_suggestions(right_command),
+            )
+        if left_result.behavior == "allow":
+            return PermissionDecision(
+                behavior="allow",
+                updated_input=tool_request,
+                decision_reason={"type": "subcommand"},
+            )
+        return PermissionDecision(
+            behavior="ask",
+            message="Permission required for piped command.",
+            decision_reason={"type": "subcommand"},
+            rule_suggestions=_collect_rule_suggestions(trimmed_command),
+        )
+    if read_only_detector(trimmed_command, injection_detector) and not command_injection_detected:
+        return PermissionDecision(
+            behavior="allow",
+            updated_input=tool_request,
+            decision_reason={"type": "other", "reason": "Read-only command"},
+        )
+    return PermissionDecision(
+        behavior="passthrough",
+        message="Command requires permission",
+        decision_reason={"type": "default"},
+        rule_suggestions=_collect_rule_suggestions(trimmed_command),
+    )
+def is_command_read_only(command: str) -> bool:
+    """Public wrapper to test if a command is read-only using reference heuristics."""
+    return _is_command_read_only(
+        command, lambda cmd: validate_shell_command(cmd).behavior != "passthrough"
+    )
+__all__ = [
+    "PermissionDecision",
+    "ToolRule",
+    "create_tool_rule",
+    "create_wildcard_tool_rule",
+    "evaluate_shell_command_permissions",
+    "extract_rule_prefix",
+    "match_rule",
+    "is_command_read_only",
+]

ripperdoc/utils/prompt.py ADDED Viewed

@@ -0,0 +1,17 @@
+"""Prompt helpers for interactive input."""
+from getpass import getpass
+def prompt_secret(prompt_text: str, prompt_suffix: str = ": ") -> str:
+    """Prompt for sensitive input, masking characters when possible.
+    Falls back to getpass (no echo) if prompt_toolkit is unavailable.
+    """
+    full_prompt = f"{prompt_text}{prompt_suffix}"
+    try:
+        from prompt_toolkit import prompt as pt_prompt
+        return pt_prompt(full_prompt, is_password=True)
+    except (ImportError, OSError, RuntimeError, EOFError):
+        return getpass(full_prompt)

ripperdoc/utils/safe_get_cwd.py ADDED Viewed

@@ -0,0 +1,31 @@
+"""Safe helpers for tracking and restoring the working directory."""
+from __future__ import annotations
+import os
+from pathlib import Path
+from ripperdoc.utils.log import get_logger
+logger = get_logger()
+_ORIGINAL_CWD = Path(os.getcwd()).resolve()
+def get_original_cwd() -> str:
+    """Return the process's initial working directory."""
+    return str(_ORIGINAL_CWD)
+def safe_get_cwd() -> str:
+    """Return the current working directory, falling back to the original on error."""
+    try:
+        return str(Path(os.getcwd()).resolve())
+    except (OSError, RuntimeError, ValueError) as exc:
+        logger.warning(
+            "[safe_get_cwd] Failed to resolve cwd: %s: %s",
+            type(exc).__name__, exc,
+        )
+        return get_original_cwd()
+__all__ = ["get_original_cwd", "safe_get_cwd"]

ripperdoc/utils/sandbox_utils.py ADDED Viewed

@@ -0,0 +1,38 @@
+"""Sandbox helpers.
+The reference uses macOS sandbox-exec profiles; in this environment we
+surface the same API surface but report unavailability by default.
+"""
+from __future__ import annotations
+from dataclasses import dataclass
+import shutil
+import shlex
+from typing import Callable
+@dataclass
+class SandboxWrapper:
+    """Represents a wrapped command plus a cleanup callback."""
+    final_command: str
+    cleanup: Callable[[], None]
+def is_sandbox_available() -> bool:
+    """Return whether sandboxed execution is available on this host."""
+    return shutil.which("srt") is not None
+def create_sandbox_wrapper(command: str) -> SandboxWrapper:
+    """Wrap a command for sandboxed execution or raise if unsupported."""
+    if not is_sandbox_available():
+        raise RuntimeError(
+            "Sandbox mode requested but not available (install @anthropic-ai/sandbox-runtime and ensure 'srt' is on PATH)"
+        )
+    quoted = shlex.quote(command)
+    return SandboxWrapper(final_command=f"srt {quoted}", cleanup=lambda: None)
+__all__ = ["SandboxWrapper", "is_sandbox_available", "create_sandbox_wrapper"]

ripperdoc/utils/session_history.py ADDED Viewed

@@ -0,0 +1,260 @@
+"""Session log storage and retrieval."""
+from __future__ import annotations
+import json
+from dataclasses import dataclass
+from datetime import datetime
+from pathlib import Path
+from typing import List, Optional
+from ripperdoc.utils.log import get_logger
+from ripperdoc.utils.messages import (
+    AssistantMessage,
+    ProgressMessage,
+    UserMessage,
+)
+from ripperdoc.utils.path_utils import project_storage_dir
+logger = get_logger()
+ConversationMessage = UserMessage | AssistantMessage | ProgressMessage
+@dataclass
+class SessionSummary:
+    session_id: str
+    path: Path
+    message_count: int
+    created_at: datetime
+    updated_at: datetime
+    first_prompt: str
+def _sessions_root() -> Path:
+    return Path.home() / ".ripperdoc" / "sessions"
+def _session_file(project_path: Path, session_id: str) -> Path:
+    directory = project_storage_dir(_sessions_root(), project_path, ensure=True)
+    return directory / f"{session_id}.jsonl"
+def _now_iso() -> str:
+    return datetime.utcnow().isoformat() + "Z"
+def _extract_prompt(payload: dict) -> str:
+    """Pull a short preview of the first user message."""
+    if payload.get("type") != "user":
+        return ""
+    message = payload.get("message") or {}
+    content = message.get("content")
+    preview = ""
+    if isinstance(content, str):
+        preview = content
+    elif isinstance(content, list):
+        for block in content:
+            if not isinstance(block, dict):
+                continue
+            if block.get("type") == "text" and block.get("text"):
+                preview = str(block["text"])
+                break
+    preview = (preview or "").replace("\n", " ").strip()
+    if len(preview) > 80:
+        preview = preview[:77] + "..."
+    return preview
+def _deserialize_message(payload: dict) -> Optional[ConversationMessage]:
+    """Rebuild a message model from a stored payload."""
+    msg_type = payload.get("type")
+    if msg_type == "user":
+        return UserMessage(**payload)
+    if msg_type == "assistant":
+        return AssistantMessage(**payload)
+    if msg_type == "progress":
+        return ProgressMessage(**payload)
+    return None
+class SessionHistory:
+    """Append-only session log for a single session id."""
+    def __init__(self, project_path: Path, session_id: str):
+        self.project_path = project_path
+        self.session_id = session_id
+        self.path = _session_file(project_path, session_id)
+        self._seen_ids: set[str] = set()
+        self._load_seen_ids()
+    def _load_seen_ids(self) -> None:
+        if not self.path.exists():
+            return
+        try:
+            with self.path.open("r", encoding="utf-8") as fh:
+                for line in fh:
+                    try:
+                        data = json.loads(line)
+                        payload = data.get("payload") or {}
+                        msg_uuid = payload.get("uuid")
+                        if isinstance(msg_uuid, str):
+                            self._seen_ids.add(msg_uuid)
+                    except (json.JSONDecodeError, KeyError, TypeError, ValueError) as exc:
+                        logger.debug(
+                            "[session_history] Failed to parse session history line: %s: %s",
+                            type(exc).__name__, exc,
+                        )
+                        continue
+        except (OSError, IOError) as exc:
+            logger.warning(
+                "Failed to load seen IDs from session: %s: %s",
+                type(exc).__name__, exc,
+                extra={"session_id": self.session_id, "path": str(self.path)},
+            )
+            return
+    def append(self, message: ConversationMessage) -> None:
+        """Persist a single message to the session log."""
+        # Skip progress noise
+        if getattr(message, "type", None) == "progress":
+            return
+        msg_uuid = getattr(message, "uuid", None)
+        if isinstance(msg_uuid, str) and msg_uuid in self._seen_ids:
+            return
+        payload = message.model_dump(mode="json")
+        entry = {
+            "logged_at": _now_iso(),
+            "project_path": str(self.project_path.resolve()),
+            "payload": payload,
+        }
+        try:
+            with self.path.open("a", encoding="utf-8") as fh:
+                json.dump(entry, fh)
+                fh.write("\n")
+            if isinstance(msg_uuid, str):
+                self._seen_ids.add(msg_uuid)
+        except (OSError, IOError) as exc:
+            # Avoid crashing the UI if logging fails
+            logger.warning(
+                "Failed to append message to session log: %s: %s",
+                type(exc).__name__, exc,
+                extra={"session_id": self.session_id, "path": str(self.path)},
+            )
+            return
+def list_session_summaries(project_path: Path) -> List[SessionSummary]:
+    """Return available sessions for the project ordered by last update desc."""
+    directory = project_storage_dir(_sessions_root(), project_path)
+    if not directory.exists():
+        return []
+    current_project = str(project_path.resolve())
+    summaries: List[SessionSummary] = []
+    for jsonl_path in directory.glob("*.jsonl"):
+        try:
+            with jsonl_path.open("r", encoding="utf-8") as fh:
+                messages = [json.loads(line) for line in fh if line.strip()]
+        except (OSError, IOError, json.JSONDecodeError) as exc:
+            logger.warning(
+                "Failed to load session summary: %s: %s",
+                type(exc).__name__, exc,
+                extra={"path": str(jsonl_path)},
+            )
+            continue
+        # Check if this session belongs to the current project
+        # If any message has a project_path field, use it to verify
+        session_project_path = None
+        for entry in messages:
+            entry_path = entry.get("project_path")
+            if entry_path:
+                session_project_path = entry_path
+                break
+        # Skip sessions that belong to a different project
+        if session_project_path and session_project_path != current_project:
+            continue
+        payloads = [entry.get("payload") or {} for entry in messages]
+        conversation_payloads = [
+            payload for payload in payloads if payload.get("type") in ("user", "assistant")
+        ]
+        if not conversation_payloads:
+            continue
+        created_raw = messages[0].get("logged_at")
+        updated_raw = messages[-1].get("logged_at")
+        created_at = (
+            datetime.fromisoformat(created_raw.replace("Z", "+00:00"))
+            if isinstance(created_raw, str)
+            else datetime.fromtimestamp(jsonl_path.stat().st_ctime)
+        )
+        updated_at = (
+            datetime.fromisoformat(updated_raw.replace("Z", "+00:00"))
+            if isinstance(updated_raw, str)
+            else datetime.fromtimestamp(jsonl_path.stat().st_mtime)
+        )
+        first_prompt = ""
+        for payload in conversation_payloads:
+            first_prompt = _extract_prompt(payload)
+            if first_prompt:
+                break
+        summaries.append(
+            SessionSummary(
+                session_id=jsonl_path.stem,
+                path=jsonl_path,
+                message_count=len(conversation_payloads),
+                created_at=created_at,
+                updated_at=updated_at,
+                first_prompt=first_prompt or "(no prompt)",
+            )
+        )
+    return sorted(summaries, key=lambda s: s.updated_at, reverse=True)
+def load_session_messages(project_path: Path, session_id: str) -> List[ConversationMessage]:
+    """Load messages for a stored session."""
+    path = _session_file(project_path, session_id)
+    if not path.exists():
+        return []
+    messages: List[ConversationMessage] = []
+    try:
+        with path.open("r", encoding="utf-8") as fh:
+            for line in fh:
+                if not line.strip():
+                    continue
+                try:
+                    data = json.loads(line)
+                    payload = data.get("payload") or {}
+                    msg = _deserialize_message(payload)
+                    if msg is not None and getattr(msg, "type", None) != "progress":
+                        messages.append(msg)
+                except (json.JSONDecodeError, KeyError, TypeError, ValueError) as exc:
+                    logger.debug(
+                        "[session_history] Failed to deserialize message in session %s: %s: %s",
+                        session_id, type(exc).__name__, exc,
+                    )
+                    continue
+    except (OSError, IOError) as exc:
+        logger.warning(
+            "Failed to load session messages: %s: %s",
+            type(exc).__name__, exc,
+            extra={"session_id": session_id, "path": str(path)},
+        )
+        return []
+    return messages
+__all__ = [
+    "SessionHistory",
+    "SessionSummary",
+    "list_session_summaries",
+    "load_session_messages",
+]