vibecore 0.3.0__py3-none-any.whl → 0.6.2__py3-none-any.whl

vibecore/tools/file/executor.py

@@ -2,13 +2,22 @@
 
 from typing import Any
 
-from .utils import PathValidationError, format_line_with_number, validate_file_path
+from agents import RunContextWrapper
 
+from vibecore.context import PathValidatorContext
+from vibecore.settings import settings
+from vibecore.tools.file.utils import PathValidationError
 
-async def read_file(file_path: str, offset: int | None = None, limit: int | None = None) -> str:
+from .utils import format_line_with_number
+
+
+async def read_file(
+    ctx: RunContextWrapper[PathValidatorContext], file_path: str, offset: int | None = None, limit: int | None = None
+) -> str:
     """Read a file and return its contents in cat -n format.
 
     Args:
+        ctx: The context wrapper containing the VibecoreContext
         file_path: The path to the file to read
         offset: The line number to start reading from (1-based)
         limit: The maximum number of lines to read
@@ -17,8 +26,14 @@ async def read_file(file_path: str, offset: int | None = None, limit: int | None
         The file contents with line numbers, or an error message
     """
     try:
-        # Validate the file path
-        validated_path = validate_file_path(file_path)
+        # Validate the file path using context if path confinement is enabled
+        if settings.path_confinement.enabled:
+            validated_path = ctx.context.path_validator.validate_path(file_path, operation="read")
+        else:
+            # Fall back to simple validation against CWD
+            from .utils import validate_file_path
+
+            validated_path = validate_file_path(file_path)
 
         # Check if file exists
         if not validated_path.exists():
@@ -84,10 +99,17 @@ async def read_file(file_path: str, offset: int | None = None, limit: int | None
         return f"Error: Unexpected error reading file: {e}"
 
 
-async def edit_file(file_path: str, old_string: str, new_string: str, replace_all: bool = False) -> str:
+async def edit_file(
+    ctx: RunContextWrapper[PathValidatorContext],
+    file_path: str,
+    old_string: str,
+    new_string: str,
+    replace_all: bool = False,
+) -> str:
     """Edit a file by replacing strings.
 
     Args:
+        ctx: The context wrapper containing the VibecoreContext
         file_path: The path to the file to edit
         old_string: The text to replace
         new_string: The text to replace it with
@@ -97,8 +119,14 @@ async def edit_file(file_path: str, old_string: str, new_string: str, replace_al
         Success message or error message
     """
     try:
-        # Validate the file path
-        validated_path = validate_file_path(file_path)
+        # Validate the file path using context if path confinement is enabled
+        if settings.path_confinement.enabled:
+            validated_path = ctx.context.path_validator.validate_path(file_path, operation="edit")
+        else:
+            # Fall back to simple validation against CWD
+            from .utils import validate_file_path
+
+            validated_path = validate_file_path(file_path)
 
         # Check if file exists
         if not validated_path.exists():
@@ -158,10 +186,15 @@ async def edit_file(file_path: str, old_string: str, new_string: str, replace_al
         return f"Error: Unexpected error editing file: {e}"
 
 
-async def multi_edit_file(file_path: str, edits: list[dict[str, Any]]) -> str:
+async def multi_edit_file(
+    ctx: RunContextWrapper[PathValidatorContext],
+    file_path: str,
+    edits: list[dict[str, Any]],
+) -> str:
     """Edit a file by applying multiple replacements sequentially.
 
     Args:
+        ctx: The context wrapper containing the VibecoreContext
         file_path: The path to the file to edit
         edits: List of edit operations, each containing old_string, new_string, and optional replace_all
 
@@ -169,8 +202,14 @@ async def multi_edit_file(file_path: str, edits: list[dict[str, Any]]) -> str:
         Success message or error message
     """
     try:
-        # Validate the file path
-        validated_path = validate_file_path(file_path)
+        # Validate the file path using context if path confinement is enabled
+        if settings.path_confinement.enabled:
+            validated_path = ctx.context.path_validator.validate_path(file_path, operation="multi_edit")
+        else:
+            # Fall back to simple validation against CWD
+            from .utils import validate_file_path
+
+            validated_path = validate_file_path(file_path)
 
         # Check if file exists
         if not validated_path.exists():
@@ -239,10 +278,11 @@ async def multi_edit_file(file_path: str, edits: list[dict[str, Any]]) -> str:
         return f"Error: Unexpected error editing file: {e}"
 
 
-async def write_file(file_path: str, content: str) -> str:
+async def write_file(ctx: RunContextWrapper[PathValidatorContext], file_path: str, content: str) -> str:
     """Write content to a file.
 
     Args:
+        ctx: The context wrapper containing the VibecoreContext
         file_path: The path to the file to write
         content: The content to write to the file
 
@@ -250,8 +290,14 @@ async def write_file(file_path: str, content: str) -> str:
         Success message or error message
     """
     try:
-        # Validate the file path
-        validated_path = validate_file_path(file_path)
+        # Validate the file path using context if path confinement is enabled
+        if settings.path_confinement.enabled:
+            validated_path = ctx.context.path_validator.validate_path(file_path, operation="write")
+        else:
+            # Fall back to simple validation against CWD
+            from .utils import validate_file_path
+
+            validated_path = validate_file_path(file_path)
 
         # Check if it's a directory
         if validated_path.exists() and validated_path.is_dir():

vibecore/tools/file/tools.py

@@ -3,7 +3,7 @@
 from agents import RunContextWrapper, function_tool
 from pydantic import BaseModel
 
-from vibecore.context import VibecoreContext
+from vibecore.context import PathValidatorContext
 
 from .executor import edit_file, multi_edit_file, read_file, write_file
 
@@ -18,7 +18,7 @@ class EditOperation(BaseModel):
 
 @function_tool
 async def read(
-    ctx: RunContextWrapper[VibecoreContext],
+    ctx: RunContextWrapper[PathValidatorContext],
     file_path: str,
     offset: int | None = None,
     limit: int | None = None,
@@ -49,12 +49,12 @@ async def read(
     Returns:
         The file contents with line numbers in cat -n format, or an error message
     """
-    return await read_file(file_path, offset, limit)
+    return await read_file(ctx, file_path, offset, limit)
 
 
 @function_tool
 async def edit(
-    ctx: RunContextWrapper[VibecoreContext],
+    ctx: RunContextWrapper[PathValidatorContext],
     file_path: str,
     old_string: str,
     new_string: str,
@@ -86,12 +86,12 @@ async def edit(
     Returns:
         Success message or error message
     """
-    return await edit_file(file_path, old_string, new_string, replace_all)
+    return await edit_file(ctx, file_path, old_string, new_string, replace_all)
 
 
 @function_tool
 async def multi_edit(
-    ctx: RunContextWrapper[VibecoreContext],
+    ctx: RunContextWrapper[PathValidatorContext],
     file_path: str,
     edits: list[EditOperation],
 ) -> str:
@@ -153,12 +153,12 @@ async def multi_edit(
     """
     # Convert EditOperation objects to dictionaries
     edit_dicts = [edit.model_dump() for edit in edits]
-    return await multi_edit_file(file_path, edit_dicts)
+    return await multi_edit_file(ctx, file_path, edit_dicts)
 
 
 @function_tool
 async def write(
-    ctx: RunContextWrapper[VibecoreContext],
+    ctx: RunContextWrapper[PathValidatorContext],
     file_path: str,
     content: str,
 ) -> str:
@@ -181,4 +181,4 @@ async def write(
     Returns:
         Success message or error message
     """
-    return await write_file(file_path, content)
+    return await write_file(ctx, file_path, content)

vibecore/tools/path_validator.py

@@ -0,0 +1,251 @@
+"""Path validation module for vibecore tools.
+
+This module provides path validation functionality to confine file and shell
+operations to a configurable list of allowed directories.
+"""
+
+import shlex
+from contextlib import suppress
+from pathlib import Path
+
+from textual import log
+
+from vibecore.tools.file.utils import PathValidationError
+
+
+class PathValidator:
+    """Validates paths against a list of allowed directories."""
+
+    def __init__(self, allowed_directories: list[Path]):
+        """Initialize with list of allowed directories.
+
+        Args:
+            allowed_directories: List of directories to allow access to.
+                               Defaults to [CWD] if empty.
+        """
+        self.allowed_directories = (
+            [d.resolve() for d in allowed_directories] if allowed_directories else [Path.cwd().resolve()]
+        )
+
+    def validate_path(self, path: str | Path, operation: str = "access") -> Path:
+        """Validate a path against allowed directories.
+
+        Args:
+            path: The path to validate
+            operation: Description of the operation (for error messages)
+
+        Returns:
+            The validated absolute Path object
+
+        Raises:
+            PathValidationError: If path is outside allowed directories
+        """
+        # Convert to Path object
+        path_obj = Path(path) if isinstance(path, str) else path
+
+        # Resolve to absolute path (follows symlinks)
+        try:
+            absolute_path = path_obj.resolve()
+        except (OSError, RuntimeError) as e:
+            # Handle cases where path resolution fails
+            raise PathValidationError(f"Cannot resolve path '{path}': {e}") from e
+
+        # Check if path is under any allowed directory
+        if not self.is_path_allowed(absolute_path):
+            allowed_dirs_str = ", ".join(f"'{d}'" for d in self.allowed_directories)
+            raise PathValidationError(
+                f"Path '{absolute_path}' is outside the allowed directories. "
+                f"Access is restricted to {allowed_dirs_str} and their subdirectories."
+            )
+
+        return absolute_path
+
+    def validate_command_paths(self, command: str) -> None:
+        """Validate paths referenced in a shell command.
+
+        Args:
+            command: The shell command to validate
+
+        Raises:
+            PathValidationError: If command references paths outside allowed directories
+        """
+        # Parse the command to extract potential file paths
+        try:
+            # First, replace shell operators with spaces around them to ensure proper splitting
+            # This handles cases like "cd /path;ls" which shlex doesn't split properly
+            for op in [";", "&&", "||", "|", "&"]:
+                command = command.replace(op, f" {op} ")
+
+            # Use shlex to properly parse the command
+            tokens = shlex.split(command)
+        except ValueError as e:
+            # If shlex fails, the command might be malformed
+            raise PathValidationError(f"Cannot parse command: {e}") from e
+
+        # Commands that take path arguments
+        path_commands = {
+            "cat",
+            "ls",
+            "cd",
+            "cp",
+            "mv",
+            "rm",
+            "mkdir",
+            "rmdir",
+            "touch",
+            "chmod",
+            "chown",
+            "head",
+            "tail",
+            "less",
+            "more",
+            "grep",
+            "find",
+            "sed",
+            "awk",
+            "wc",
+            "du",
+            "df",
+            "tar",
+            "zip",
+            "unzip",
+            "vim",
+            "vi",
+            "nano",
+            "emacs",
+            "code",
+            "open",
+        }
+
+        # Check each token that might be a path
+        current_command = None
+        piped_command = False  # Track if command comes after a pipe
+        for i, token in enumerate(tokens):
+            # Skip shell operators
+            if token in ["&&", "||", ";", "|", "&", ">", ">>", "<", "2>", "&>"]:
+                if token == "|":
+                    piped_command = True
+                elif token in ["&&", "||", ";"]:
+                    piped_command = False
+                continue
+
+            # Skip flags and options
+            if token.startswith("-"):
+                continue
+
+            # Check if this is a command
+            if i == 0 or tokens[i - 1] in ["&&", "||", ";", "|"]:
+                current_command = token.split("/")[-1]  # Get base command name
+                # Don't validate grep/awk/sed arguments after pipes - they're patterns not paths
+                if piped_command and current_command in ["grep", "awk", "sed", "sort", "uniq", "wc"]:
+                    current_command = None
+                if tokens[i - 1] in ["&&", "||", ";"]:
+                    piped_command = False
+                continue
+
+            # Check for redirections
+            if i > 0 and tokens[i - 1] in [">", ">>", "<", "2>", "&>"]:
+                # This is a file path for redirection
+                self._validate_path_token(token, f"redirect to/from '{token}'")
+                continue
+
+            # Check if current command takes path arguments
+            if current_command in path_commands:
+                # Skip if it looks like an option value
+                if i > 0 and tokens[i - 1].startswith("-"):
+                    continue
+                # This might be a path argument
+                self._validate_path_token(token, f"access '{token}'")
+
+            # Check for paths in other contexts (if they look like paths)
+            elif "/" in token or token in [".", "..", "~"]:
+                # This looks like a path, validate it
+                with suppress(PathValidationError):
+                    # It might not be a path, just a string with slash
+                    # We'll be lenient here if it fails
+                    self._validate_path_token(token, f"access '{token}'")
+
+    def _validate_path_token(self, token: str, operation: str) -> None:
+        """Validate a single path token from a command.
+
+        Args:
+            token: The token that might be a path
+            operation: Description of the operation
+
+        Raises:
+            PathValidationError: If the path is not allowed
+        """
+        # Expand user home directory
+        if token.startswith("~"):
+            token = str(Path(token).expanduser())
+
+        # Skip URLs and remote paths
+        if (
+            token.startswith("http://")
+            or token.startswith("https://")
+            or token.startswith("ftp://")
+            or token.startswith("ssh://")
+            or token.startswith("git@")
+            or ":" in token.split("/")[0]
+        ):  # user@host:path
+            return
+
+        # Try to validate as a path
+        try:
+            path = Path(token)
+            # If it's a relative path, resolve it from CWD
+            if not path.is_absolute():
+                path = Path.cwd() / path
+            self.validate_path(path, operation)
+        except (ValueError, OSError):
+            # Not a valid path, skip validation
+            pass
+
+    def is_path_allowed(self, path: Path) -> bool:
+        """Check if a path is within allowed directories.
+
+        Args:
+            path: The path to check (should be absolute)
+
+        Returns:
+            True if path is allowed, False otherwise
+        """
+        # Ensure path is absolute
+        path = path.resolve()
+        log(f"Validating path: {path}")
+
+        # Check if path is under any allowed directory
+        for allowed_dir in self.allowed_directories:
+            try:
+                # Check if path is relative to allowed_dir
+                path.relative_to(allowed_dir)
+                return True
+            except ValueError:
+                # path is not relative to this allowed_dir
+                continue
+
+        return False
+
+    def _is_parent_of(self, parent: Path, child: Path) -> bool:
+        """Check if parent is a parent directory of child.
+
+        Args:
+            parent: Potential parent path
+            child: Potential child path
+
+        Returns:
+            True if parent is a parent of child
+        """
+        try:
+            child.relative_to(parent)
+            return True
+        except ValueError:
+            return False
+
+    def get_allowed_directories(self) -> list[Path]:
+        """Get the list of allowed directories.
+
+        Returns:
+            List of allowed directory paths
+        """
+        return self.allowed_directories.copy()

vibecore/tools/python/helpers.py

@@ -5,7 +5,7 @@ from io import BytesIO
 
 from agents import RunContextWrapper
 
-from vibecore.context import VibecoreContext
+from vibecore.context import PythonToolContext
 
 try:
     from PIL import Image  # type: ignore[import-not-found]
@@ -16,7 +16,7 @@ except ImportError:
     TERM_IMAGE_AVAILABLE = False
 
 
-async def execute_python_helper(ctx: RunContextWrapper[VibecoreContext], code: str) -> str:
+async def execute_python_helper(ctx: RunContextWrapper[PythonToolContext], code: str) -> str:
     """Helper function to execute Python code.
 
     This is the actual implementation extracted from the tool decorator.

vibecore/tools/python/tools.py

@@ -2,13 +2,13 @@
 
 from agents import RunContextWrapper, function_tool
 
-from vibecore.context import VibecoreContext
+from vibecore.context import PythonToolContext
 
 from .helpers import execute_python_helper
 
 
 @function_tool
-async def execute_python(ctx: RunContextWrapper[VibecoreContext], code: str) -> str:
+async def execute_python(ctx: RunContextWrapper[PythonToolContext], code: str) -> str:
     """Execute Python code with persistent context across the session.
 
     The execution environment maintains state between calls, allowing you to:

vibecore/tools/shell/executor.py

@@ -6,13 +6,20 @@ import re
 import subprocess
 from pathlib import Path
 
+from agents import RunContextWrapper
+
+from vibecore.context import PathValidatorContext
+from vibecore.settings import settings
 from vibecore.tools.file.utils import PathValidationError, validate_file_path
 
 
-async def bash_executor(command: str, timeout: int | None = None) -> tuple[str, int]:
+async def bash_executor(
+    ctx: RunContextWrapper[PathValidatorContext], command: str, timeout: int | None = None
+) -> tuple[str, int]:
     """Execute a bash command asynchronously.
 
     Args:
+        ctx: The context wrapper containing the VibecoreContext
         command: The bash command to execute
         timeout: Optional timeout in milliseconds (max 600000)
 
@@ -32,6 +39,13 @@ async def bash_executor(command: str, timeout: int | None = None) -> tuple[str,
     # Convert timeout to seconds
     timeout_seconds = timeout / 1000.0
 
+    # Validate command paths if path confinement is enabled
+    if settings.path_confinement.enabled:
+        try:
+            ctx.context.path_validator.validate_command_paths(command)
+        except PathValidationError as e:
+            return f"Error: {e}", 1
+
     process = None
     try:
         # Create subprocess
@@ -66,10 +80,11 @@ async def bash_executor(command: str, timeout: int | None = None) -> tuple[str,
         return f"Error executing command: {e}", 1
 
 
-async def glob_files(pattern: str, path: str | None = None) -> list[str]:
+async def glob_files(ctx: RunContextWrapper[PathValidatorContext], pattern: str, path: str | None = None) -> list[str]:
     """Find files matching a glob pattern.
 
     Args:
+        ctx: The context wrapper containing the VibecoreContext
         pattern: The glob pattern to match
         path: Optional directory to search in (defaults to CWD)
 
@@ -78,7 +93,23 @@ async def glob_files(pattern: str, path: str | None = None) -> list[str]:
     """
     try:
         # Validate and resolve the path
-        search_path = Path.cwd() if path is None else validate_file_path(path)
+        if path is None:
+            search_path = Path.cwd()
+            # Validate CWD is in allowed directories if path confinement is enabled
+            if settings.path_confinement.enabled:
+                try:
+                    ctx.context.path_validator.validate_path(search_path, operation="glob")
+                except PathValidationError as e:
+                    return [f"Error: {e}"]
+        else:
+            # Validate the provided path
+            if settings.path_confinement.enabled:
+                try:
+                    search_path = ctx.context.path_validator.validate_path(path, operation="glob")
+                except PathValidationError as e:
+                    return [f"Error: {e}"]
+            else:
+                search_path = validate_file_path(path)
 
         # Validate path is a directory
         if not search_path.is_dir():
@@ -110,10 +141,13 @@ async def glob_files(pattern: str, path: str | None = None) -> list[str]:
         return [f"Error: {e}"]
 
 
-async def grep_files(pattern: str, path: str | None = None, include: str | None = None) -> list[str]:
+async def grep_files(
+    ctx: RunContextWrapper[PathValidatorContext], pattern: str, path: str | None = None, include: str | None = None
+) -> list[str]:
     """Search file contents using regular expressions.
 
     Args:
+        ctx: The context wrapper containing the VibecoreContext
         pattern: The regex pattern to search for
         path: Directory to search in (defaults to CWD)
         include: File pattern to include (e.g. "*.js")
@@ -123,7 +157,23 @@ async def grep_files(pattern: str, path: str | None = None, include: str | None
     """
     try:
         # Validate and resolve the path
-        search_path = Path.cwd() if path is None else validate_file_path(path)
+        if path is None:
+            search_path = Path.cwd()
+            # Validate CWD is in allowed directories if path confinement is enabled
+            if settings.path_confinement.enabled:
+                try:
+                    ctx.context.path_validator.validate_path(search_path, operation="grep")
+                except PathValidationError as e:
+                    return [f"Error: {e}"]
+        else:
+            # Validate the provided path
+            if settings.path_confinement.enabled:
+                try:
+                    search_path = ctx.context.path_validator.validate_path(path, operation="grep")
+                except PathValidationError as e:
+                    return [f"Error: {e}"]
+            else:
+                search_path = validate_file_path(path)
 
         # Validate path is a directory
         if not search_path.is_dir():
@@ -175,10 +225,13 @@ async def grep_files(pattern: str, path: str | None = None, include: str | None
         return [f"Error: {e}"]
 
 
-async def list_directory(path: str, ignore: list[str] | None = None) -> list[str]:
+async def list_directory(
+    ctx: RunContextWrapper[PathValidatorContext], path: str, ignore: list[str] | None = None
+) -> list[str]:
     """List files and directories in a given path.
 
     Args:
+        ctx: The context wrapper containing the VibecoreContext
         path: The absolute path to list
         ignore: Optional list of glob patterns to ignore
 
@@ -187,7 +240,10 @@ async def list_directory(path: str, ignore: list[str] | None = None) -> list[str
     """
     try:
         # Validate and resolve the path
-        dir_path = validate_file_path(path)
+        if settings.path_confinement.enabled:
+            dir_path = ctx.context.path_validator.validate_path(path, operation="list")
+        else:
+            dir_path = validate_file_path(path)
 
         # Validate path is a directory
         if not dir_path.is_dir():