tunacode-cli 0.1.21__py3-none-any.whl

tunacode/utils/parsing/retry.py

@@ -0,0 +1,146 @@
+"""Retry utilities for handling transient failures."""
+
+import asyncio
+import functools
+import json
+import time
+from collections.abc import Callable
+from typing import Any
+
+
+def retry_on_json_error(
+    max_retries: int = 10,
+    base_delay: float = 0.1,
+    max_delay: float = 5.0,
+) -> Callable:
+    """Decorator to retry function calls that fail with JSON parsing errors.
+
+    Implements exponential backoff with configurable parameters.
+
+    Args:
+        max_retries: Maximum number of retry attempts (default: 10)
+        base_delay: Initial delay between retries in seconds (default: 0.1)
+        max_delay: Maximum delay between retries in seconds (default: 5.0)
+
+    Returns:
+        Decorated function that retries on JSONDecodeError
+    """
+
+    def decorator(func: Callable) -> Callable:
+        @functools.wraps(func)
+        async def async_wrapper(*args, **kwargs) -> Any:
+            last_exception = None
+
+            for attempt in range(max_retries + 1):
+                try:
+                    return await func(*args, **kwargs)
+                except json.JSONDecodeError as e:
+                    last_exception = e
+
+                    if attempt == max_retries:
+                        # Final attempt failed
+                        raise
+
+                    # Calculate delay with exponential backoff
+                    delay = min(base_delay * (2**attempt), max_delay)
+
+                    await asyncio.sleep(delay)
+
+            # Should never reach here, but just in case
+            if last_exception:
+                raise last_exception
+
+        @functools.wraps(func)
+        def sync_wrapper(*args, **kwargs) -> Any:
+            last_exception = None
+
+            for attempt in range(max_retries + 1):
+                try:
+                    return func(*args, **kwargs)
+                except json.JSONDecodeError as e:
+                    last_exception = e
+
+                    if attempt == max_retries:
+                        # Final attempt failed
+                        raise
+
+                    # Calculate delay with exponential backoff
+                    delay = min(base_delay * (2**attempt), max_delay)
+
+                    time.sleep(delay)
+
+            # Should never reach here, but just in case
+            if last_exception:
+                raise last_exception
+
+        # Return appropriate wrapper based on function type
+        if asyncio.iscoroutinefunction(func):
+            return async_wrapper
+        else:
+            return sync_wrapper
+
+    return decorator
+
+
+def retry_json_parse(
+    json_string: str,
+    max_retries: int = 10,
+    base_delay: float = 0.1,
+    max_delay: float = 5.0,
+) -> Any:
+    """Parse JSON with automatic retry on failure.
+
+    Args:
+        json_string: JSON string to parse
+        max_retries: Maximum number of retry attempts
+        base_delay: Initial delay between retries in seconds
+        max_delay: Maximum delay between retries in seconds
+
+    Returns:
+        Parsed JSON object
+
+    Raises:
+        json.JSONDecodeError: If parsing fails after all retries
+    """
+
+    @retry_on_json_error(
+        max_retries=max_retries,
+        base_delay=base_delay,
+        max_delay=max_delay,
+    )
+    def _parse():
+        return json.loads(json_string)
+
+    return _parse()
+
+
+async def retry_json_parse_async(
+    json_string: str,
+    max_retries: int = 10,
+    base_delay: float = 0.1,
+    max_delay: float = 5.0,
+) -> Any:
+    """Asynchronously parse JSON with automatic retry on failure.
+
+    Args:
+        json_string: JSON string to parse
+        max_retries: Maximum number of retry attempts
+        base_delay: Initial delay between retries in seconds
+        max_delay: Maximum delay between retries in seconds
+
+    Returns:
+        Parsed JSON object
+
+    Raises:
+        json.JSONDecodeError: If parsing fails after all retries
+    """
+
+    @retry_on_json_error(
+        max_retries=max_retries,
+        base_delay=base_delay,
+        max_delay=max_delay,
+    )
+    async def _parse():
+        return json.loads(json_string)
+
+    return await _parse()

tunacode/utils/parsing/tool_parser.py

@@ -0,0 +1,267 @@
+"""
+Module: tunacode.utils.parsing.tool_parser
+
+Multi-strategy fallback parser for extracting tool calls from text responses.
+Handles non-standard tool calling formats from models like Qwen2.5-Coder.
+
+Supported formats:
+- Qwen2-style XML: <tool_call>{"name": "...", "arguments": {...}}</tool_call>
+- Hermes-style: <function=name>{...}</function>
+- Code fences: ```json {"name": "...", ...} ```
+- Raw JSON: {"name": "...", "arguments": {...}}
+"""
+
+import json
+import re
+import uuid
+from dataclasses import dataclass
+from typing import Any
+
+from tunacode.utils.parsing.json_utils import split_concatenated_json
+
+
+@dataclass(frozen=True, slots=True)
+class ParsedToolCall:
+    """Immutable representation of a parsed tool call.
+
+    Attributes:
+        tool_name: Name of the tool to call
+        args: Arguments dictionary for the tool
+        tool_call_id: Unique identifier for this tool call
+    """
+
+    tool_name: str
+    args: dict[str, Any]
+    tool_call_id: str
+
+
+def _generate_tool_call_id() -> str:
+    """Generate a unique tool call ID consistent with pydantic_ai format."""
+    return str(uuid.uuid4())
+
+
+QWEN2_PATTERN = re.compile(r"<tool_call>\s*(\{.*?\})\s*</tool_call>", re.DOTALL)
+
+
+def parse_qwen2_xml(text: str) -> list[ParsedToolCall] | None:
+    """Parse Qwen2-style XML tool calls.
+
+    Format: <tool_call>{"name": "read_file", "arguments": {"filepath": "..."}}</tool_call>
+
+    Args:
+        text: Raw text potentially containing tool calls
+
+    Returns:
+        List of ParsedToolCall if matches found, None otherwise
+    """
+    matches = QWEN2_PATTERN.findall(text)
+    if not matches:
+        return None
+
+    results: list[ParsedToolCall] = []
+    for json_str in matches:
+        parsed = _parse_tool_json(json_str)
+        if parsed:
+            results.append(parsed)
+
+    return results if results else None
+
+
+HERMES_PATTERN = re.compile(r"<function=(\w+)>\s*(\{.*?\})\s*</function>", re.DOTALL)
+
+
+def parse_hermes_style(text: str) -> list[ParsedToolCall] | None:
+    """Parse Hermes-style function call format.
+
+    Format: <function=read_file>{"filepath": "/path/to/file"}</function>
+
+    Args:
+        text: Raw text potentially containing tool calls
+
+    Returns:
+        List of ParsedToolCall if matches found, None otherwise
+    """
+    matches = HERMES_PATTERN.findall(text)
+    if not matches:
+        return None
+
+    results: list[ParsedToolCall] = []
+    for tool_name, args_json in matches:
+        try:
+            args = json.loads(args_json)
+            if isinstance(args, dict):
+                results.append(
+                    ParsedToolCall(
+                        tool_name=tool_name,
+                        args=args,
+                        tool_call_id=_generate_tool_call_id(),
+                    )
+                )
+        except json.JSONDecodeError:
+            continue
+
+    return results if results else None
+
+
+CODE_FENCE_PATTERN = re.compile(r"```(?:json)?\s*(\{.*?\})\s*```", re.DOTALL)
+
+
+def parse_code_fence(text: str) -> list[ParsedToolCall] | None:
+    """Parse JSON tool calls inside code fences.
+
+    Format: ```json {"name": "read_file", "arguments": {...}} ```
+
+    Args:
+        text: Raw text potentially containing tool calls
+
+    Returns:
+        List of ParsedToolCall if matches found, None otherwise
+    """
+    matches = CODE_FENCE_PATTERN.findall(text)
+    if not matches:
+        return None
+
+    results: list[ParsedToolCall] = []
+    for json_str in matches:
+        parsed = _parse_tool_json(json_str)
+        if parsed:
+            results.append(parsed)
+
+    return results if results else None
+
+
+def parse_raw_json(text: str) -> list[ParsedToolCall] | None:
+    """Parse raw JSON tool calls embedded in text.
+
+    Formats supported:
+    - {"name": "tool_name", "arguments": {...}}
+    - {"tool": "tool_name", "args": {...}}
+
+    Args:
+        text: Raw text potentially containing tool calls
+
+    Returns:
+        List of ParsedToolCall if matches found, None otherwise
+    """
+    try:
+        objects = split_concatenated_json(text)
+    except (json.JSONDecodeError, ValueError):
+        return None
+
+    results: list[ParsedToolCall] = []
+    for obj in objects:
+        parsed = _normalize_tool_object(obj)
+        if parsed:
+            results.append(parsed)
+
+    return results if results else None
+
+
+def _parse_tool_json(json_str: str) -> ParsedToolCall | None:
+    """Parse a JSON string into a ParsedToolCall.
+
+    Handles both {"name": ..., "arguments": ...} and {"tool": ..., "args": ...} formats.
+    """
+    try:
+        obj = json.loads(json_str)
+    except json.JSONDecodeError:
+        return None
+
+    return _normalize_tool_object(obj)
+
+
+def _normalize_tool_object(obj: Any) -> ParsedToolCall | None:
+    """Normalize various tool call object formats into ParsedToolCall.
+
+    Supported formats:
+    - {"name": "...", "arguments": {...}}
+    - {"tool": "...", "args": {...}}
+    - {"function": "...", "parameters": {...}}
+    """
+    if not isinstance(obj, dict):
+        return None
+
+    # Extract tool name
+    tool_name = obj.get("name") or obj.get("tool") or obj.get("function")
+    if not tool_name or not isinstance(tool_name, str):
+        return None
+
+    # Extract arguments
+    args = obj.get("arguments") or obj.get("args") or obj.get("parameters") or {}
+    if not isinstance(args, dict):
+        # Try to parse if string
+        if isinstance(args, str):
+            try:
+                args = json.loads(args)
+            except json.JSONDecodeError:
+                args = {}
+        else:
+            args = {}
+
+    return ParsedToolCall(
+        tool_name=tool_name,
+        args=args,
+        tool_call_id=_generate_tool_call_id(),
+    )
+
+
+PARSING_STRATEGIES: list[tuple[str, callable]] = [
+    ("qwen2_xml", parse_qwen2_xml),
+    ("hermes_style", parse_hermes_style),
+    ("code_fence", parse_code_fence),
+    ("raw_json", parse_raw_json),
+]
+
+
+def parse_tool_calls_from_text(text: str) -> list[ParsedToolCall]:
+    """Parse tool calls from text using multi-strategy fallback.
+
+    Tries each parsing strategy in order until one succeeds.
+    Strategies are ordered from most specific to most general.
+
+    Args:
+        text: Raw text potentially containing embedded tool calls
+
+    Returns:
+        List of ParsedToolCall objects. Empty list if no tool calls found.
+
+    Note:
+        Does NOT raise on failure - returns empty list per fail-fast-but-graceful design.
+        The caller should decide how to handle empty results.
+    """
+    if not text or not text.strip():
+        return []
+
+    for _strategy_name, strategy_func in PARSING_STRATEGIES:
+        result = strategy_func(text)
+        if result:
+            return result
+
+    return []
+
+
+def has_potential_tool_call(text: str) -> bool:
+    """Quick check if text might contain a tool call.
+
+    This is a fast pre-filter before expensive parsing.
+
+    Args:
+        text: Text to check
+
+    Returns:
+        True if text appears to contain tool call patterns
+    """
+    if not text:
+        return False
+
+    # Quick pattern indicators
+    indicators = [
+        "<tool_call>",
+        "<function=",
+        '"name":',
+        '"tool":',
+        "```json",
+    ]
+
+    text_lower = text.lower()
+    return any(ind.lower() in text_lower for ind in indicators)

tunacode/utils/security/__init__.py

@@ -0,0 +1,15 @@
+"""Security utilities: command validation and safe execution."""
+
+from tunacode.utils.security.command import (
+    CommandSecurityError,
+    safe_subprocess_popen,
+    sanitize_command_args,
+    validate_command_safety,
+)
+
+__all__ = [
+    "CommandSecurityError",
+    "safe_subprocess_popen",
+    "sanitize_command_args",
+    "validate_command_safety",
+]

tunacode/utils/security/command.py

@@ -0,0 +1,106 @@
+"""
+Security utilities for safe command execution and input validation.
+Provides defensive measures against command injection attacks.
+"""
+
+import re
+import shlex
+import subprocess
+
+
+class CommandSecurityError(Exception):
+    """Raised when a command fails security validation."""
+
+    pass
+
+
+def validate_command_safety(command: str, allow_shell_features: bool = False) -> None:
+    """
+    Validate that a command is safe to execute.
+
+    Args:
+        command: The command string to validate
+        allow_shell_features: If True, allows some shell features like pipes
+
+    Raises:
+        CommandSecurityError: If the command contains potentially dangerous patterns
+    """
+    if not command or not command.strip():
+        raise CommandSecurityError("Empty command not allowed")
+
+    # Always check for the most dangerous patterns regardless of shell features
+    dangerous_patterns = [
+        r"rm\s+-rf\s+/",  # Dangerous rm commands
+        r"sudo\s+rm",  # Sudo rm commands
+        r">\s*/dev/sd[a-z]",  # Writing to disk devices
+        r"dd\s+.*of=/dev/",  # DD to devices
+        r"mkfs\.",  # Format filesystem
+        r"fdisk",  # Partition manipulation
+        r":\(\)\{.*\}\;",  # Fork bomb pattern
+    ]
+
+    for pattern in dangerous_patterns:
+        if re.search(pattern, command, re.IGNORECASE):
+            raise CommandSecurityError("Command contains dangerous pattern and is blocked")
+
+    if not allow_shell_features:
+        # Check for dangerous characters (but allow some for CLI tools)
+        restricted_chars = [";", "&", "`", "$", "{", "}"]  # More permissive for CLI
+        for char in restricted_chars:
+            if char in command:
+                raise CommandSecurityError(f"Potentially unsafe character '{char}' in command")
+
+        # Check for injection patterns (more selective)
+        strict_patterns = [
+            r";\s*rm\s+",  # Command chaining to rm
+            r"&&\s*rm\s+",  # Command chaining to rm
+            r"`[^`]*rm[^`]*`",  # Command substitution with rm
+            r"\$\([^)]*rm[^)]*\)",  # Command substitution with rm
+        ]
+
+        for pattern in strict_patterns:
+            if re.search(pattern, command):
+                raise CommandSecurityError("Potentially unsafe pattern detected in command")
+
+
+def sanitize_command_args(args: list[str]) -> list[str]:
+    """
+    Sanitize command arguments by shell-quoting them.
+
+    Args:
+        args: List of command arguments
+
+    Returns:
+        List of sanitized arguments
+    """
+    return [shlex.quote(arg) for arg in args]
+
+
+def safe_subprocess_popen(
+    command: str, shell: bool = False, validate: bool = True, **kwargs
+) -> subprocess.Popen:
+    """
+    Safely create a subprocess.Popen with security validation.
+
+    Args:
+        command: Command to execute
+        shell: Whether to use shell execution (discouraged)
+        validate: Whether to validate command safety
+        **kwargs: Additional Popen arguments
+
+    Returns:
+        Popen process object
+
+    Raises:
+        CommandSecurityError: If command fails security validation
+    """
+    if validate and shell and isinstance(command, str):
+        validate_command_safety(command, allow_shell_features=shell)
+
+    if shell:
+        # When using shell=True, command should be a string
+        return subprocess.Popen(command, shell=True, **kwargs)
+    else:
+        # When shell=False, command should be a list
+        command_list = shlex.split(command) if isinstance(command, str) else command
+        return subprocess.Popen(command_list, shell=False, **kwargs)

tunacode/utils/system/__init__.py

@@ -0,0 +1,25 @@
+"""System utilities: paths, sessions, and file listing."""
+
+from tunacode.utils.system.gitignore import (
+    DEFAULT_IGNORE_PATTERNS,
+    list_cwd,
+)
+from tunacode.utils.system.paths import (
+    check_for_updates,
+    cleanup_session,
+    get_cwd,
+    get_device_id,
+    get_session_dir,
+    get_tunacode_home,
+)
+
+__all__ = [
+    "DEFAULT_IGNORE_PATTERNS",
+    "list_cwd",
+    "check_for_updates",
+    "cleanup_session",
+    "get_cwd",
+    "get_device_id",
+    "get_session_dir",
+    "get_tunacode_home",
+]