tunacode-cli 0.1.21__py3-none-any.whl

tunacode/tools/authorization/requests.py

@@ -0,0 +1,119 @@
+from __future__ import annotations
+
+import difflib
+import os
+
+from tunacode.constants import MAX_CALLBACK_CONTENT, MAX_PANEL_LINE_WIDTH
+from tunacode.tools.utils.text_match import replace
+from tunacode.types import ToolArgs, ToolConfirmationRequest, ToolName
+
+MAX_PREVIEW_LINES = 100
+TRUNCATION_NOTICE = "... [truncated for safety]"
+
+
+def _preview_lines(text: str) -> tuple[list[str], bool]:
+    """Return bounded preview lines for UI confirmation panels.
+
+    This must be safe for extremely large or single-line payloads (e.g., minified files)
+    so the TUI doesn't hang while rendering Rich Syntax blocks.
+    """
+    if not text:
+        return [], False
+
+    truncated = False
+    preview = text
+    if len(preview) > MAX_CALLBACK_CONTENT:
+        preview = preview[:MAX_CALLBACK_CONTENT]
+        truncated = True
+
+    lines: list[str] = []
+    offset = 0
+
+    while len(lines) < MAX_PREVIEW_LINES and offset < len(preview):
+        newline_index = preview.find("\n", offset)
+        if newline_index == -1:
+            lines.append(preview[offset:])
+            offset = len(preview)
+            break
+
+        lines.append(preview[offset:newline_index])
+        offset = newline_index + 1
+
+    if offset < len(preview):
+        truncated = True
+
+    bounded_lines: list[str] = []
+    for line in lines:
+        if len(line) <= MAX_PANEL_LINE_WIDTH:
+            bounded_lines.append(line)
+            continue
+
+        bounded_lines.append(line[:MAX_PANEL_LINE_WIDTH] + "...")
+        truncated = True
+
+    return bounded_lines, truncated
+
+
+def _generate_creation_diff(filepath: str, content: str) -> str:
+    """Generate a unified diff for new file creation."""
+    lines, truncated = _preview_lines(content)
+
+    diff_parts = [
+        "--- /dev/null\n",
+        f"+++ b/{filepath}\n",
+        f"@@ -0,0 +1,{len(lines)} @@\n",
+    ]
+
+    for line in lines:
+        diff_parts.append(f"+{line}\n")
+
+    if truncated:
+        diff_parts.append(f"\n{TRUNCATION_NOTICE}\n")
+
+    return "".join(diff_parts)
+
+
+class ConfirmationRequestFactory:
+    """Create structured confirmation requests for UI surfaces."""
+
+    def create(self, tool_name: ToolName, args: ToolArgs) -> ToolConfirmationRequest:
+        filepath = args.get("filepath")
+        diff_content: str | None = None
+
+        if tool_name == "update_file" and filepath and os.path.exists(filepath):
+            old_text = args.get("old_text")
+            new_text = args.get("new_text")
+            if old_text and new_text:
+                try:
+                    with open(filepath, encoding="utf-8") as f:
+                        original = f.read()
+
+                    # Attempt to generate what the new content will look like
+                    new_content = replace(original, old_text, new_text, replace_all=False)
+
+                    diff_lines = list(
+                        difflib.unified_diff(
+                            original.splitlines(keepends=True),
+                            new_content.splitlines(keepends=True),
+                            fromfile=f"a/{filepath}",
+                            tofile=f"b/{filepath}",
+                        )
+                    )
+                    if diff_lines:
+                        raw_diff = "".join(diff_lines)
+                        diff_preview_lines, truncated = _preview_lines(raw_diff)
+                        diff_content = "\n".join(diff_preview_lines)
+                        if truncated:
+                            diff_content = f"{diff_content}\n{TRUNCATION_NOTICE}"
+                except Exception:
+                    # If anything fails (file read, fuzzy match, etc), we just don't show the diff
+                    pass
+
+        elif tool_name == "write_file" and filepath:
+            content = args.get("content", "")
+            if content:
+                diff_content = _generate_creation_diff(filepath, content)
+
+        return ToolConfirmationRequest(
+            tool_name=tool_name, args=args, filepath=filepath, diff_content=diff_content
+        )

tunacode/tools/authorization/rules.py

@@ -0,0 +1,72 @@
+from __future__ import annotations
+
+from typing import Protocol
+
+from tunacode.constants import READ_ONLY_TOOLS
+from tunacode.types import ToolName
+
+from .context import AuthContext
+
+READ_ONLY_TOOL_NAMES: set[str] = {tool.value for tool in READ_ONLY_TOOLS}
+
+
+class AuthorizationRule(Protocol):
+    """Protocol for authorization rules."""
+
+    def should_allow_without_confirmation(
+        self, tool_name: ToolName, context: AuthContext
+    ) -> bool: ...
+
+    def priority(self) -> int: ...
+
+
+class ReadOnlyToolRule:
+    """Read-only tools are always safe to execute."""
+
+    def priority(self) -> int:
+        return 200
+
+    def should_allow_without_confirmation(self, tool_name: ToolName, _: AuthContext) -> bool:
+        return is_read_only_tool(tool_name)
+
+
+class TemplateAllowedToolsRule:
+    """Tools approved by the active template skip confirmation."""
+
+    def priority(self) -> int:
+        return 210
+
+    def should_allow_without_confirmation(self, tool_name: ToolName, context: AuthContext) -> bool:
+        if context.active_template is None:
+            return False
+
+        allowed_tools = context.active_template.allowed_tools
+        if allowed_tools is None:
+            return False
+
+        return tool_name in allowed_tools
+
+
+class YoloModeRule:
+    """YOLO mode bypasses confirmations entirely."""
+
+    def priority(self) -> int:
+        return 300
+
+    def should_allow_without_confirmation(self, _tool_name: ToolName, context: AuthContext) -> bool:
+        return context.yolo_mode
+
+
+class ToolIgnoreListRule:
+    """User ignore list bypasses confirmation for selected tools."""
+
+    def priority(self) -> int:
+        return 310
+
+    def should_allow_without_confirmation(self, tool_name: ToolName, context: AuthContext) -> bool:
+        return tool_name in context.tool_ignore_list
+
+
+def is_read_only_tool(tool_name: str) -> bool:
+    """Check if the tool is classified as read-only."""
+    return tool_name in READ_ONLY_TOOL_NAMES

tunacode/tools/bash.py

@@ -0,0 +1,222 @@
+"""Bash command execution tool for agent operations."""
+
+import asyncio
+import os
+import re
+import subprocess
+
+from pydantic_ai.exceptions import ModelRetry
+
+from tunacode.constants import (
+    CMD_OUTPUT_TRUNCATED,
+    COMMAND_OUTPUT_END_SIZE,
+    COMMAND_OUTPUT_START_INDEX,
+    COMMAND_OUTPUT_THRESHOLD,
+    MAX_COMMAND_OUTPUT,
+)
+from tunacode.tools.decorators import base_tool
+
+# Enhanced dangerous patterns from run_command.py
+DESTRUCTIVE_PATTERNS = ["rm -rf", "rm -r", "rm /", "dd if=", "mkfs", "fdisk"]
+
+# Comprehensive dangerous patterns from security module
+DANGEROUS_PATTERNS = [
+    r"rm\s+-rf\s+/",  # Dangerous rm commands
+    r"sudo\s+rm",  # Sudo rm commands
+    r">\s*/dev/sd[a-z]",  # Writing to disk devices
+    r"dd\s+.*of=/dev/",  # DD to devices
+    r"mkfs\.",  # Format filesystem
+    r"fdisk",  # Partition manipulation
+    r":\(\)\{.*\}\;",  # Fork bomb pattern
+]
+
+
+@base_tool
+async def bash(
+    command: str,
+    cwd: str | None = None,
+    env: dict[str, str] | None = None,
+    timeout: int | None = 30,
+    capture_output: bool = True,
+) -> str:
+    """Execute a bash command with enhanced features.
+
+    Args:
+        command: The bash command to execute.
+        cwd: Working directory for the command.
+        env: Additional environment variables to set.
+        timeout: Command timeout in seconds (1-300, default 30).
+        capture_output: Whether to capture stdout/stderr.
+
+    Returns:
+        Formatted output with exit code, stdout, and stderr.
+    """
+    _validate_inputs(command, cwd, timeout)
+    _validate_command_security(command)
+
+    exec_env = os.environ.copy()
+    if env:
+        for key, value in env.items():
+            if isinstance(key, str) and isinstance(value, str):
+                exec_env[key] = value
+
+    exec_cwd = cwd or os.getcwd()
+
+    process = None
+    try:
+        process = await asyncio.create_subprocess_shell(
+            command,
+            stdout=subprocess.PIPE if capture_output else None,
+            stderr=subprocess.PIPE if capture_output else None,
+            cwd=exec_cwd,
+            env=exec_env,
+        )
+
+        try:
+            stdout, stderr = await asyncio.wait_for(process.communicate(), timeout=timeout)
+        except TimeoutError as err:
+            process.kill()
+            await process.wait()
+            raise ModelRetry(
+                f"Command timed out after {timeout} seconds: {command}\n"
+                "Consider using a longer timeout or breaking the command into smaller parts."
+            ) from err
+
+        stdout_text = stdout.decode("utf-8", errors="replace").strip() if stdout else ""
+        stderr_text = stderr.decode("utf-8", errors="replace").strip() if stderr else ""
+
+        return_code = process.returncode
+        assert return_code is not None
+
+        _check_common_errors(command, return_code, stderr_text)
+
+        return _format_output(command, return_code, stdout_text, stderr_text, exec_cwd)
+
+    except FileNotFoundError as err:
+        raise ModelRetry(
+            f"Shell not found. Cannot execute command: {command}\n"
+            "This typically indicates a system configuration issue."
+        ) from err
+    finally:
+        await _cleanup_process(process)
+
+
+def _validate_command_security(command: str) -> None:
+    """
+    Validate command security using comprehensive validation from run_command.py.
+
+    Args:
+        command: The command string to validate
+
+    Raises:
+        ModelRetry: If the command fails security validation
+    """
+    if not command or not command.strip():
+        raise ModelRetry("Empty command not allowed")
+
+    # Always check for the most dangerous patterns regardless of shell features
+    for pattern in DANGEROUS_PATTERNS:
+        if re.search(pattern, command, re.IGNORECASE):
+            raise ModelRetry(f"Command contains dangerous pattern and is blocked: {pattern}")
+
+    # Check for dangerous injection patterns (more selective, before character checks)
+    strict_patterns = [
+        r";\s*rm\s+",  # Command chaining to rm
+        r"&&\s*rm\s+",  # Command chaining to rm
+        r"`[^`]*rm[^`]*`",  # Command substitution with rm
+        r"\$\([^)]*rm[^)]*\)",  # Command substitution with rm
+        r":\(\)\{.*\}\;",  # Fork bomb
+    ]
+
+    for pattern in strict_patterns:
+        if re.search(pattern, command):
+            raise ModelRetry(f"Potentially unsafe pattern detected in command: {pattern}")
+
+    # Check for restricted characters (but allow safe environment variable usage)
+    # Allow $ when used for legitimate environment variables or shell variables
+    if re.search(r"\$[^({a-zA-Z_]", command):
+        # $ followed by something that's not a valid variable start
+        raise ModelRetry("Potentially unsafe character '$' in command")
+
+    # Check other restricted characters but allow { } when part of valid variable expansion
+    if "{" in command or "}" in command:  # noqa: SIM102
+        # Only block braces if they're not part of valid variable expansion
+        if not re.search(r"\$\{?\w+\}?", command):
+            for char in ["{", "}"]:
+                if char in command:
+                    raise ModelRetry(f"Potentially unsafe character '{char}' in command")
+
+    # Check remaining restricted characters
+    for char in [";", "&", "`"]:
+        if char in command:
+            raise ModelRetry(f"Potentially unsafe character '{char}' in command")
+
+
+def _validate_inputs(command: str, cwd: str | None, timeout: int | None) -> None:
+    """Validate command inputs."""
+    if timeout and (timeout < 1 or timeout > 300):
+        raise ModelRetry(
+            "Timeout must be between 1 and 300 seconds. "
+            "Use shorter timeouts for quick commands, longer for builds/tests."
+        )
+
+    if cwd and not os.path.isdir(cwd):
+        raise ModelRetry(
+            f"Working directory '{cwd}' does not exist. "
+            "Please verify the path or create the directory first."
+        )
+
+    if any(pattern in command for pattern in DESTRUCTIVE_PATTERNS):
+        raise ModelRetry(
+            f"Command contains potentially destructive operations: {command}\n"
+            "Please confirm this is intentional and safe for your system."
+        )
+
+
+def _check_common_errors(command: str, returncode: int, stderr: str) -> None:
+    """Check for common error patterns and provide guidance."""
+    if returncode == 0 or not stderr:
+        return
+
+
+async def _cleanup_process(process) -> None:
+    """Ensure process cleanup."""
+    if process is None or process.returncode is not None:
+        return
+
+    try:
+        try:
+            process.terminate()
+            await asyncio.wait_for(process.wait(), timeout=5.0)
+        except TimeoutError:
+            process.kill()
+            await asyncio.wait_for(process.wait(), timeout=1.0)
+    except Exception:
+        pass
+
+
+def _format_output(command: str, exit_code: int, stdout: str, stderr: str, cwd: str) -> str:
+    """Format command output."""
+    lines = [
+        f"Command: {command}",
+        f"Exit Code: {exit_code}",
+        f"Working Directory: {cwd}",
+        "",
+        "STDOUT:",
+        stdout or "(no output)",
+        "",
+        "STDERR:",
+        stderr or "(no errors)",
+    ]
+
+    result = "\n".join(lines)
+
+    if len(result) > MAX_COMMAND_OUTPUT:
+        start_part = result[:COMMAND_OUTPUT_START_INDEX]
+        if len(result) > COMMAND_OUTPUT_THRESHOLD:
+            end_part = result[-COMMAND_OUTPUT_END_SIZE:]
+        else:
+            end_part = result[COMMAND_OUTPUT_START_INDEX:]
+        result = start_part + CMD_OUTPUT_TRUNCATED + end_part
+
+    return result

tunacode/tools/decorators.py

@@ -0,0 +1,213 @@
+"""Tool decorators providing error handling.
+
+This module provides decorators that wrap tool functions with:
+- Consistent error handling (converts exceptions to ToolExecutionError)
+- Logging of tool invocations
+- File-specific error handling for file operations
+- LSP diagnostic integration for file modifications
+"""
+
+import asyncio
+import logging
+from collections.abc import Callable, Coroutine
+from functools import wraps
+from pathlib import Path
+from typing import Any, ParamSpec, TypeVar, overload
+
+from pydantic_ai.exceptions import ModelRetry
+
+from tunacode.configuration.defaults import DEFAULT_USER_CONFIG
+from tunacode.exceptions import FileOperationError, ToolExecutionError
+from tunacode.tools.xml_helper import load_prompt_from_xml
+from tunacode.utils.config.user_configuration import load_config
+
+P = ParamSpec("P")
+R = TypeVar("R")
+
+logger = logging.getLogger(__name__)
+
+LSP_ORCHESTRATION_OVERHEAD_SECONDS = 1.0
+LSP_DIAGNOSTICS_TIMEOUT_WARNING: str = "LSP diagnostics timed out for %s (no type errors shown)"
+
+DEFAULT_LSP_CONFIG: dict[str, Any] = {
+    "enabled": False,
+    "timeout": 5.0,
+    "max_diagnostics": 20,
+}
+
+
+def _merge_lsp_config(*configs: dict[str, Any]) -> dict[str, Any]:
+    merged: dict[str, Any] = {}
+    for config in configs:
+        merged.update(config)
+    return merged
+
+
+def _get_lsp_config() -> dict[str, Any]:
+    """Get LSP configuration from user config (merged with defaults)."""
+    default_settings = DEFAULT_USER_CONFIG.get("settings", {})
+    default_lsp_config = default_settings.get("lsp", {})
+
+    user_config = load_config() or {}
+    user_settings = user_config.get("settings", {})
+    user_lsp_config = user_settings.get("lsp", {})
+
+    return _merge_lsp_config(DEFAULT_LSP_CONFIG, default_lsp_config, user_lsp_config)
+
+
+async def _get_lsp_diagnostics(filepath: str) -> str:
+    """Get LSP diagnostics for a file if LSP is enabled.
+
+    Args:
+        filepath: Path to the file to check
+
+    Returns:
+        Formatted diagnostics string or empty string
+    """
+    config = _get_lsp_config()
+    if not config.get("enabled", False):
+        return ""
+
+    try:
+        from tunacode.lsp import format_diagnostics, get_diagnostics
+
+        timeout = config.get("timeout", 5.0)
+        diagnostics = await asyncio.wait_for(
+            get_diagnostics(Path(filepath), timeout=timeout),
+            timeout=timeout + LSP_ORCHESTRATION_OVERHEAD_SECONDS,
+        )
+        return format_diagnostics(diagnostics)
+    except TimeoutError:
+        logger.warning(LSP_DIAGNOSTICS_TIMEOUT_WARNING, filepath)
+        return ""
+    except Exception as e:
+        logger.debug("LSP diagnostics failed for %s: %s", filepath, e)
+        return ""
+
+
+def base_tool(
+    func: Callable[P, Coroutine[Any, Any, R]],
+) -> Callable[P, Coroutine[Any, Any, R]]:
+    """Wrap tool with error handling.
+
+    Converts uncaught exceptions to ToolExecutionError while preserving
+    ModelRetry and ToolExecutionError pass-through.
+
+    Args:
+        func: Async tool function to wrap
+
+    Returns:
+        Wrapped function with error handling
+    """
+
+    @wraps(func)
+    async def wrapper(*args: P.args, **kwargs: P.kwargs) -> R:
+        try:
+            return await func(*args, **kwargs)
+        except ModelRetry:
+            raise
+        except ToolExecutionError:
+            raise
+        except FileOperationError:
+            raise
+        except Exception as e:
+            raise ToolExecutionError(
+                tool_name=func.__name__, message=str(e), original_error=e
+            ) from e
+
+    xml_prompt = load_prompt_from_xml(func.__name__)
+    if xml_prompt:
+        wrapper.__doc__ = xml_prompt
+
+    return wrapper  # type: ignore[return-value]
+
+
+@overload
+def file_tool(
+    func: Callable[..., Coroutine[Any, Any, str]],
+) -> Callable[..., Coroutine[Any, Any, str]]: ...
+
+
+@overload
+def file_tool(
+    *,
+    writes: bool = False,
+) -> Callable[
+    [Callable[..., Coroutine[Any, Any, str]]],
+    Callable[..., Coroutine[Any, Any, str]],
+]: ...
+
+
+def file_tool(
+    func: Callable[..., Coroutine[Any, Any, str]] | None = None,
+    *,
+    writes: bool = False,
+) -> (
+    Callable[..., Coroutine[Any, Any, str]]
+    | Callable[
+        [Callable[..., Coroutine[Any, Any, str]]],
+        Callable[..., Coroutine[Any, Any, str]],
+    ]
+):
+    """Wrap file tool with path-specific error handling and optional LSP diagnostics.
+
+    Provides specialized handling for common file operation errors:
+    - FileNotFoundError -> ModelRetry (allows LLM to correct path)
+    - PermissionError -> FileOperationError
+    - UnicodeDecodeError -> FileOperationError
+    - IOError/OSError -> FileOperationError
+
+    When writes=True, also fetches LSP diagnostics after successful file modification.
+
+    Args:
+        func: Async file tool function to wrap. First argument must be filepath.
+        writes: If True, fetch LSP diagnostics after successful operation.
+
+    Returns:
+        Wrapped function with file-specific error handling
+
+    Usage:
+        @file_tool  # Read-only, no LSP
+        async def read_file(filepath: str) -> str: ...
+
+        @file_tool(writes=True)  # Write operation, LSP diagnostics enabled
+        async def update_file(filepath: str, ...) -> str: ...
+    """
+
+    def decorator(
+        fn: Callable[..., Coroutine[Any, Any, str]],
+    ) -> Callable[..., Coroutine[Any, Any, str]]:
+        @wraps(fn)
+        async def wrapper(filepath: str, *args: Any, **kwargs: Any) -> str:
+            try:
+                result = await fn(filepath, *args, **kwargs)
+
+                # Add LSP diagnostics for write operations
+                if writes:
+                    diagnostics_output = await _get_lsp_diagnostics(filepath)
+                    if diagnostics_output:
+                        diagnostics_first_result = f"{diagnostics_output}\n\n{result}"
+                        result = diagnostics_first_result
+
+                return result
+            except FileNotFoundError as err:
+                raise ModelRetry(f"File not found: {filepath}. Check the path.") from err
+            except PermissionError as e:
+                raise FileOperationError(
+                    operation="access", path=filepath, message=str(e), original_error=e
+                ) from e
+            except UnicodeDecodeError as e:
+                raise FileOperationError(
+                    operation="decode", path=filepath, message=str(e), original_error=e
+                ) from e
+            except OSError as e:
+                raise FileOperationError(
+                    operation="read/write", path=filepath, message=str(e), original_error=e
+                ) from e
+
+        return base_tool(wrapper)  # type: ignore[arg-type]
+
+    # Handle both @file_tool and @file_tool(writes=True)
+    if func is not None:
+        return decorator(func)
+    return decorator