60 Commits

Author SHA1 Message Date
Dark-Alex-17 2ec2aec4c0 style: updated the previous conversation marker a tad
CI / All (macos-latest) (push) Waiting to run
CI / All (windows-latest) (push) Waiting to run
CI / All (ubuntu-latest) (push) Failing after 26s
2026-07-02 16:49:38 -06:00
Dark-Alex-17 c2cb4ac433 feat: Session-specific, file-backed history in the REPL
CI / All (macos-latest) (push) Waiting to run
CI / All (windows-latest) (push) Waiting to run
CI / All (ubuntu-latest) (push) Failing after 25s
2026-07-02 16:44:55 -06:00
Dark-Alex-17 605a9170b0 feat: Replay session output when a user re-enters a session so all output can be seen again 2026-07-02 16:35:10 -06:00
Dark-Alex-17 385bd3eda2 fix: Overrode the default JSON content-type for MCP OAuth so its properly application/x-www-form-urlencoded
CI / All (macos-latest) (push) Waiting to run
CI / All (windows-latest) (push) Waiting to run
CI / All (ubuntu-latest) (push) Failing after 26s
2026-07-02 15:53:29 -06:00
Dark-Alex-17 6c3d96ac83 feat: Added confirmation message after MCP Oauth succeeds when invoked from --auth-mcp
CI / All (macos-latest) (push) Waiting to run
CI / All (windows-latest) (push) Waiting to run
CI / All (ubuntu-latest) (push) Failing after 26s
2026-07-02 15:22:22 -06:00
Dark-Alex-17 aa1fe7f7aa fmt: applied formatting 2026-07-02 15:22:00 -06:00
Dark-Alex-17 5e50828108 fix: typo in mcp file name 2026-07-02 15:20:57 -06:00
Dark-Alex-17 693e2d9672 feat: Created the --auth-mcp CLI flag to let users auth with remote MCP servers without needing to be in the REPL
CI / All (macos-latest) (push) Waiting to run
CI / All (windows-latest) (push) Waiting to run
CI / All (ubuntu-latest) (push) Failing after 26s
2026-07-02 14:51:52 -06:00
Dark-Alex-17 16f324cefc feat: add OAuth authentication support for remote MCP servers 2026-07-02 14:43:24 -06:00
Dark-Alex-17 cc50d39ab4 fix: Added uvx wrapper for macos-based sandboxes
CI / All (macos-latest) (push) Waiting to run
CI / All (windows-latest) (push) Waiting to run
CI / All (ubuntu-latest) (push) Failing after 28s
2026-07-02 12:57:12 -06:00
Dark-Alex-17 fc23b532d9 feat: Added mixin for sisyphus so the ddg MCP server can search arbitrary domains 2026-07-02 12:56:18 -06:00
Dark-Alex-17 c2d4240138 perf: updated the memory injection warning so it only logs once, rather than after each keystroke
CI / All (macos-latest) (push) Waiting to run
CI / All (windows-latest) (push) Waiting to run
CI / All (ubuntu-latest) (push) Failing after 27s
2026-07-02 12:47:57 -06:00
Dark-Alex-17 cd1b043b1e feat: added improved error messaging on MCP server initialization
CI / All (macos-latest) (push) Waiting to run
CI / All (windows-latest) (push) Waiting to run
CI / All (ubuntu-latest) (push) Failing after 26s
2026-07-02 11:42:12 -06:00
Dark-Alex-17 81b4f6a76e feat: prefer musl versions for linux when running --update/.update
CI / All (macos-latest) (push) Waiting to run
CI / All (windows-latest) (push) Waiting to run
CI / All (ubuntu-latest) (push) Failing after 27s
2026-07-02 11:31:34 -06:00
github-actions[bot] d48b11dcfa chore: bump Cargo.toml to 0.7.4
CI / All (ubuntu-latest) (push) Failing after 24s
CI / All (macos-latest) (push) Has been cancelled
CI / All (windows-latest) (push) Has been cancelled
2026-07-02 01:06:00 +00:00
github-actions[bot] 86dd922d2c bump: version 0.7.3 → 0.7.4 [skip ci] 2026-07-02 01:05:42 +00:00
Dark-Alex-17 9ec20d74a4 chore: updated models.yaml
CI / All (ubuntu-latest) (push) Failing after 24s
CI / All (macos-latest) (push) Has been cancelled
CI / All (windows-latest) (push) Has been cancelled
2026-07-01 19:04:55 -06:00
Dark-Alex-17 c78cdef5ae fix: Added back in --kit specification for the running of the sbx
CI / All (ubuntu-latest) (push) Failing after 24s
CI / All (macos-latest) (push) Has been cancelled
CI / All (windows-latest) (push) Has been cancelled
2026-07-01 18:52:34 -06:00
Dark-Alex-17 3df590f276 fix: sbx isn't copying base files in their respective directories
CI / All (ubuntu-latest) (push) Failing after 25s
CI / All (macos-latest) (push) Has been cancelled
CI / All (windows-latest) (push) Has been cancelled
2026-07-01 18:44:07 -06:00
Dark-Alex-17 91300c16fe fix: Update deprecated sbx kit config 2026-07-01 17:52:04 -06:00
Dark-Alex-17 52356ead6c fix: Properly chown the coyote config recursively and password file in the sbx
CI / All (ubuntu-latest) (push) Failing after 25s
CI / All (macos-latest) (push) Has been cancelled
CI / All (windows-latest) (push) Has been cancelled
2026-07-01 17:12:42 -06:00
Dark-Alex-17 ad9fc524d4 feat: Pin specific usql version to sbx kit 2026-07-01 17:11:27 -06:00
Dark-Alex-17 af50909a89 feat: recursively take ownership over the copied in coyote config for the sbx 2026-07-01 16:54:57 -06:00
Dark-Alex-17 318d9ba1cd feat: explicitly specify the COYOTE_CONFIG_DIR in the sbx kit 2026-07-01 16:54:42 -06:00
Dark-Alex-17 45d709f28e Merge branch 'main' of github.com:Dark-Alex-17/coyote
CI / All (ubuntu-latest) (push) Failing after 25s
CI / All (macos-latest) (push) Has been cancelled
CI / All (windows-latest) (push) Has been cancelled
2026-06-30 14:55:08 -06:00
Dark-Alex-17 9cd074cb9b build: fixed coyote install scripts 2026-06-30 14:54:59 -06:00
Dark-Alex-17 93eec45473 docs: fixed coyote install script URLs 2026-06-30 14:43:00 -06:00
Dark-Alex-17 e585e0b049 feat: --tail-logs can track log rollovers and incoporates a sleep timer to minimize idle CPU cycles
CI / All (ubuntu-latest) (push) Failing after 25s
CI / All (macos-latest) (push) Has been cancelled
CI / All (windows-latest) (push) Has been cancelled
2026-06-25 14:01:38 -06:00
Dark-Alex-17 13bfaf9aca feat: Added support for log rolling so log files don't just blow up over time 2026-06-25 13:57:15 -06:00
github-actions[bot] 040dad05d2 chore: bump Cargo.toml to 0.7.3
CI / All (ubuntu-latest) (push) Failing after 24s
CI / All (macos-latest) (push) Has been cancelled
CI / All (windows-latest) (push) Has been cancelled
2026-06-24 18:20:20 +00:00
github-actions[bot] 1ba38860f2 bump: version 0.7.2 → 0.7.3 [skip ci] 2026-06-24 18:20:16 +00:00
Dark-Alex-17 84ec5fe7b8 fix: apply bootstrapping of functions at startup to fix edge case
CI / All (ubuntu-latest) (push) Failing after 24s
CI / All (macos-latest) (push) Has been cancelled
CI / All (windows-latest) (push) Has been cancelled
2026-06-24 12:13:55 -06:00
github-actions[bot] 1684788fe6 bump: version 0.7.1 → 0.7.2 [skip ci] 2026-06-19 18:51:49 +00:00
Dark-Alex-17 4b7e242998 fix: usql version upgrade
CI / All (ubuntu-latest) (push) Failing after 24s
CI / All (macos-latest) (push) Has been cancelled
CI / All (windows-latest) (push) Has been cancelled
2026-06-19 12:45:41 -06:00
github-actions[bot] f69aba2dd8 chore: bump Cargo.toml to 0.7.1
CI / All (ubuntu-latest) (push) Failing after 25s
CI / All (macos-latest) (push) Has been cancelled
CI / All (windows-latest) (push) Has been cancelled
2026-06-19 18:04:58 +00:00
github-actions[bot] c3487ecd0e bump: version 0.7.0 → 0.7.1 [skip ci] 2026-06-19 18:04:56 +00:00
Dark-Alex-17 db75391fb6 Merge branch 'main' of github.com:Dark-Alex-17/coyote
CI / All (ubuntu-latest) (push) Failing after 24s
CI / All (macos-latest) (push) Has been cancelled
CI / All (windows-latest) (push) Has been cancelled
2026-06-19 11:44:28 -06:00
Dark-Alex-17 e3815af69b fix: sbx mixins must be passed in directories, not as files and the files must be named spec.yaml per new sbx version
CI / All (ubuntu-latest) (push) Failing after 25s
CI / All (macos-latest) (push) Has been cancelled
CI / All (windows-latest) (push) Has been cancelled
2026-06-19 11:44:16 -06:00
github-actions[bot] 66a485f924 chore: bump Cargo.toml to 0.7.0 2026-06-18 22:40:24 +00:00
github-actions[bot] 49d7204f89 bump: version 0.6.0 → 0.7.0 [skip ci] 2026-06-18 22:40:19 +00:00
Dark-Alex-17 bbcae1fc2b feat: added configurable cache path via the COYOTE_CACHE_PATH environment variable
CI / All (ubuntu-latest) (push) Failing after 24s
CI / All (macos-latest) (push) Has been cancelled
CI / All (windows-latest) (push) Has been cancelled
2026-06-18 16:30:24 -06:00
Dark-Alex-17 3ff27a7935 feat: added a memory option to .set tab completions
CI / All (ubuntu-latest) (push) Failing after 24s
CI / All (macos-latest) (push) Has been cancelled
CI / All (windows-latest) (push) Has been cancelled
2026-06-18 15:50:23 -06:00
Dark-Alex-17 373d80121a lint: Fixed linter complaints in paths module
CI / All (ubuntu-latest) (push) Failing after 25s
CI / All (macos-latest) (push) Has been cancelled
CI / All (windows-latest) (push) Has been cancelled
2026-06-18 14:32:07 -06:00
Dark-Alex-17 3299a4699e refactor: Migrated the .skills command completion to use StateFlags and updated the help messages 2026-06-18 14:30:55 -06:00
Dark-Alex-17 d4dbda1e89 fix: rebuild the tool scope after dynamically updating the skills_enabled value in the REPL 2026-06-18 13:01:38 -06:00
Dark-Alex-17 e77fa6ef42 feat: Added a diagnostic .info tools subcommand to make it easier to see what tools are enabled in all contexts 2026-06-18 13:01:11 -06:00
Dark-Alex-17 241dda24f0 feat: Added additional info outputs for enabled skills and sbx directories 2026-06-18 11:58:29 -06:00
Dark-Alex-17 e5668e4495 docs: Added sandboxes to the README 2026-06-18 11:57:58 -06:00
Dark-Alex-17 4a01e9a66c fmt: applied formatting 2026-06-18 11:29:03 -06:00
Dark-Alex-17 530000bc2f fix: properly resolve Windows-based local vault password file locations and bootstrap them into the sandbox when possible 2026-06-18 11:28:54 -06:00
Dark-Alex-17 f2e8f3ab59 fix: auto-translation of user-prefixed Mac and Linux paths for the vault password file when running inside a sandbox 2026-06-18 10:53:38 -06:00
Dark-Alex-17 2f33b6631e feat: directly execute shell commands from within the REPL 2026-06-18 08:19:01 -06:00
Dark-Alex-17 8c288195a0 feat: created mixin kit for built-in functions and MCP servers 2026-06-17 15:10:40 -06:00
Dark-Alex-17 e6a5e67a8e feat: Added sbx mixins for the secrets providers so users can also bootstrap those as well. 2026-06-17 14:57:35 -06:00
Dark-Alex-17 6ae474c79e feat: added support for loading sbx mixins that are dynamically discovered in the users workspace and config directory 2026-06-17 14:39:32 -06:00
Dark-Alex-17 8e0b07c9fb docs: Updated the --fresh command help message 2026-06-17 14:20:38 -06:00
Dark-Alex-17 69589bd5e5 feat: Added a --fresh flag to let users create a truly bare bones sandbox without bootstrapping their config 2026-06-17 14:20:17 -06:00
Dark-Alex-17 587df087ed feat: initial built-in sandboxing support powered by Docker sbx 2026-06-17 14:11:04 -06:00
Dark-Alex-17 ee100eef96 fix: don't attempt to auto complete .vault list in the REPL; that's the end of the command 2026-06-17 12:50:04 -06:00
Dark-Alex-17 14969e35fa fix: buffer tool stdout as well as stderr so that any tools that error to stdout are captured and included in the response to the model, enabling the model to see what went wrong and to reason about how to fix it.
CI / All (ubuntu-latest) (push) Failing after 25s
CI / All (macos-latest) (push) Has been cancelled
CI / All (windows-latest) (push) Has been cancelled
2026-06-16 15:07:55 -06:00
35 changed files with 4084 additions and 427 deletions
+79
View File
@@ -1,3 +1,82 @@
## v0.7.4 (2026-07-02)
### Feat
- Pin specific usql version to sbx kit
- recursively take ownership over the copied in coyote config for the sbx
- explicitly specify the COYOTE_CONFIG_DIR in the sbx kit
- --tail-logs can track log rollovers and incoporates a sleep timer to minimize idle CPU cycles
- Added support for log rolling so log files don't just blow up over time
### Fix
- Added back in --kit specification for the running of the sbx
- sbx isn't copying base files in their respective directories
- Update deprecated sbx kit config
- Properly chown the coyote config recursively and password file in the sbx
## v0.7.3 (2026-06-24)
### Fix
- apply bootstrapping of functions at startup to fix edge case
## v0.7.2 (2026-06-19)
### Fix
- usql version upgrade
## v0.7.1 (2026-06-19)
### Fix
- sbx mixins must be passed in directories, not as files and the files must be named spec.yaml per new sbx version
## v0.7.0 (2026-06-18)
### Feat
- added configurable cache path via the COYOTE_CACHE_PATH environment variable
- added a memory option to .set tab completions
- Added a diagnostic .info tools subcommand to make it easier to see what tools are enabled in all contexts
- Added additional info outputs for enabled skills and sbx directories
- directly execute shell commands from within the REPL
- created mixin kit for built-in functions and MCP servers
- Added sbx mixins for the secrets providers so users can also bootstrap those as well.
- added support for loading sbx mixins that are dynamically discovered in the users workspace and config directory
- Added a --fresh flag to let users create a truly bare bones sandbox without bootstrapping their config
- initial built-in sandboxing support powered by Docker sbx
- Added the ability to auto-bootstrap workspace memory when in git repos
- Added explicit guardrail handling for pending agents
- auto-append memory to memory index and don't necessarily require the LLM to remember to do it after a write
- Added an --init-memory [global|workspace] flag to easily and quickly enable memory
- added memory global configuration settings to the output of --info and .info
- added .set memory REPL commands to control memory injection and applied formatting
- Create the built-in memory management tools
- Append the memory system prompts (readonly or r/w) to the system prompt when applicable
- Created the --no-memory CLI flag to disable memory for this invocation
- Added the memory configuration properties and storage to the main app config, roles, sessions, and agents.
- initial scaffolding of a memory system
### Fix
- rebuild the tool scope after dynamically updating the skills_enabled value in the REPL
- properly resolve Windows-based local vault password file locations and bootstrap them into the sandbox when possible
- auto-translation of user-prefixed Mac and Linux paths for the vault password file when running inside a sandbox
- don't attempt to auto complete .vault list in the REPL; that's the end of the command
- buffer tool stdout as well as stderr so that any tools that error to stdout are captured and included in the response to the model, enabling the model to see what went wrong and to reason about how to fix it.
- auto-bootstrapped memory was accidentally putting the MEMORY.md directly in the repo root rather than .coyote/memory/MEMORY.md
- improved the fs_patch script description and added improved error handling to it.
- added in forgotten require_max_tokens to the fable model
- append memory functions to non-graph based agents on init
- when auto_continue is disabled via the .set auto_continue false command, it should strip the todo functions from the list of functions
- use rawPredict for non-streaming Claude requests
### Refactor
- Migrated the .skills command completion to use StateFlags and updated the help messages
## v0.6.0 (2026-06-05)
### Feat
Generated
+188 -300
View File
File diff suppressed because it is too large Load Diff
+2 -2
View File
@@ -1,6 +1,6 @@
[package]
name = "coyote-ai"
version = "0.6.0"
version = "0.7.4"
edition = "2024"
authors = ["Alex Clarke <alex.j.tusa@gmail.com>"]
description = "An all-in-one, batteries included LLM CLI Tool"
@@ -49,7 +49,7 @@ textwrap = "0.16.0"
ansi_colours = "1.2.2"
eventsource-stream = "0.2.3"
log = "0.4.28"
log4rs = { version = "1.4.0", features = ["file_appender"] }
log4rs = { version = "1.4.0", features = ["file_appender", "rolling_file_appender", "compound_policy", "fixed_window_roller", "size_trigger"] }
shell-words = "1.1.0"
sha2 = "0.10.8"
unicode-width = "0.2.0"
+3 -2
View File
@@ -25,6 +25,7 @@ Coming from [AIChat](https://github.com/sigoden/aichat)? Follow the [migration g
* [REPL](https://github.com/Dark-Alex-17/coyote/wiki/REPL): Interactive Read-Eval-Print Loop for conversational interactions with LLMs and Coyote.
* [Custom REPL Prompt](https://github.com/Dark-Alex-17/coyote/wiki/REPL-Prompt): Customize the REPL prompt to provide useful contextual information.
* [Vault](https://github.com/Dark-Alex-17/coyote/wiki/Vault): Securely store and manage sensitive information such as API keys and credentials.
* [Sandboxes](https://github.com/Dark-Alex-17/coyote/wiki/Sandboxes): Launch Coyote inside an isolated [Docker Sandbox](https://docs.docker.com/ai/sandboxes/) with one command. Host config and vault credentials are projected in automatically; everything else is delegated to the `sbx` CLI.
* [Shell Integrations](https://github.com/Dark-Alex-17/coyote/wiki/Shell-Integrations): Seamlessly integrate Coyote with your shell environment for enhanced command-line assistance.
* [Function Calling](https://github.com/Dark-Alex-17/coyote/wiki/Tools): Leverage function calling capabilities to extend Coyote's functionality with custom tools
* [Creating Custom Tools](https://github.com/Dark-Alex-17/coyote/wiki/Custom-Tools): You can create your own custom tools to enhance Coyote's capabilities.
@@ -97,7 +98,7 @@ You can use the following command to run a bash script that downloads and instal
OS (Linux/MacOS) and architecture (x86_64/arm64):
```shell
curl -fsSL https://raw.githubusercontent.com/Dark-Alex-17/coyote/main/install_coyote.sh | bash
curl -fsSL https://raw.githubusercontent.com/Dark-Alex-17/coyote/refs/heads/main/scripts/install_coyote.sh | bash
```
#### Windows/Linux/MacOS (`PowerShell`)
@@ -105,7 +106,7 @@ You can use the following command to run a PowerShell script that downloads and
for your OS (Windows/Linux/MacOS) and architecture (x86_64/arm64):
```powershell
powershell -NoProfile -ExecutionPolicy Bypass -Command "iwr -useb https://raw.githubusercontent.com/Dark-Alex-17/coyote/main/scripts/install_coyote.ps1 | iex"
powershell -NoProfile -ExecutionPolicy Bypass -Command "iwr -useb https://raw.githubusercontent.com/Dark-Alex-17/coyote/refs/heads/main/scripts/install_coyote.ps1 | iex"
```
### Manual
+11
View File
@@ -0,0 +1,11 @@
schemaVersion: '1'
kind: mixin
name: sisyphus-ddg
description: >
Allows Sisyphus to hit all domains since it utilizes the DuckDuckGo
MCP server. This allows the MCP server to actually perform web searches
on arbitrary domains and retrieve info for the agent.
network:
allowedDomains:
- '*'
+44
View File
@@ -0,0 +1,44 @@
schemaVersion: "1"
kind: mixin
name: built-in-tools
description: >
Installs binaries and allows network domains required by Coyote's built-in
global tools and the default MCP server set. Auto-applied by Coyote's sbx
mixin discovery when running `coyote --sandbox`.
network:
allowedDomains:
# fetch_url_via_jina + jina reader fallback
- "r.jina.ai:443"
# get_current_weather (.sh, .py, .ts)
- "wttr.in:443"
# search_arxiv (the .sh tool still uses http://, so :80 is required until fixed)
- "export.arxiv.org:443"
- "export.arxiv.org:80"
# search_arxiv + search_wikipedia may follow DOI redirects
- "doi.org:443"
# search_wikipedia
- "en.wikipedia.org:443"
# search_wolframalpha
- "api.wolframalpha.com:443"
# web_search_perplexity
- "api.perplexity.ai:443"
# web_search_tavily
- "api.tavily.com:443"
# send_twilio
- "api.twilio.com:443"
# MCP: github (built-in mcp.json: api.githubcopilot.com)
- "api.githubcopilot.com:443"
# MCP: atlassian (built-in mcp.json: mcp-remote -> mcp.atlassian.com)
- "mcp.atlassian.com:443"
# MCP: ddg-search (built-in mcp.json: uvx duckduckgo-mcp-server)
- "duckduckgo.com:443"
- "html.duckduckgo.com:443"
- "lite.duckduckgo.com:443"
# MCP: npx-based servers (mcp-remote) pull from npm
- "registry.npmjs.org:443"
# MCP: docker server may pull images from common registries
- "ghcr.io:443"
- "registry-1.docker.io:443"
- "auth.docker.io:443"
- "production.cloudflare.docker.com:443"
+336
View File
@@ -0,0 +1,336 @@
# Docker sbx agent kit for Coyote
#
# Setup (paths use $HOME so commands work in bash/zsh/PowerShell/Git Bash):
# sbx create --kit ./sbx-kit/ coyote --name testing .
# sbx cp $HOME/.config/coyote/ testing:/home/agent/.config/
# sbx cp $HOME/.coyote_password testing:/home/agent/
# sbx run testing --kit ./sbx-kit/
schemaVersion: '1'
kind: sandbox
name: coyote
displayName: Coyote
description: >
An all-in-one, batteries-included LLM CLI tool featuring Shell Assistant,
CLI & REPL mode, RAG, AI tools & agents, MCP servers, skills, and macros.
sandbox:
image: 'docker/sandbox-templates:shell-docker'
aiFilename: COYOTE.md
entrypoint:
run: ['bash', '-lc', 'exec /home/agent/.cargo/bin/coyote']
network:
# Proxy-managed LLM providers: the proxy substitutes `proxy-managed` for
# the env var inside the sandbox and rewrites the auth header per
# serviceAuth at request time. Multiple domains may map to one service
# (e.g. jina) so they share a single credential.
serviceDomains:
api.openai.com: openai
api.anthropic.com: anthropic
generativelanguage.googleapis.com: gemini
api.cohere.ai: cohere
api.groq.com: groq
openrouter.ai: openrouter
api.ai21.com: ai21
api.cloudflare.com: cloudflare
api.deepinfra.com: deepinfra
api.deepseek.com: deepseek
api.mistral.ai: mistral
api.perplexity.ai: perplexity
api.voyageai.com: voyageai
api.x.ai: xai
api.jina.ai: jina
r.jina.ai: jina
qianfan.baidubce.com: ernie
api.hunyuan.cloud.tencent.com: hunyuan
api.minimax.chat: minimax
api.moonshot.cn: moonshot
dashscope.aliyuncs.com: qianwen
open.bigmodel.cn: zhipuai
serviceAuth:
openai:
headerName: Authorization
valueFormat: 'Bearer %s'
anthropic:
headerName: x-api-key
valueFormat: '%s'
gemini:
headerName: x-goog-api-key
valueFormat: '%s'
cohere:
headerName: Authorization
valueFormat: 'Bearer %s'
groq:
headerName: Authorization
valueFormat: 'Bearer %s'
openrouter:
headerName: Authorization
valueFormat: 'Bearer %s'
ai21:
headerName: Authorization
valueFormat: 'Bearer %s'
cloudflare:
headerName: Authorization
valueFormat: 'Bearer %s'
deepinfra:
headerName: Authorization
valueFormat: 'Bearer %s'
deepseek:
headerName: Authorization
valueFormat: 'Bearer %s'
mistral:
headerName: Authorization
valueFormat: 'Bearer %s'
perplexity:
headerName: Authorization
valueFormat: 'Bearer %s'
voyageai:
headerName: Authorization
valueFormat: 'Bearer %s'
xai:
headerName: Authorization
valueFormat: 'Bearer %s'
jina:
headerName: Authorization
valueFormat: 'Bearer %s'
ernie:
headerName: Authorization
valueFormat: 'Bearer %s'
hunyuan:
headerName: Authorization
valueFormat: 'Bearer %s'
minimax:
headerName: Authorization
valueFormat: 'Bearer %s'
moonshot:
headerName: Authorization
valueFormat: 'Bearer %s'
qianwen:
headerName: Authorization
valueFormat: 'Bearer %s'
zhipuai:
headerName: Authorization
valueFormat: 'Bearer %s'
allowedDomains:
# Coyote release + self-update + model-registry sync
- 'github.com:443'
- 'api.github.com:443'
- 'raw.githubusercontent.com:443'
- 'objects.githubusercontent.com:443'
- '*.githubusercontent.com:443'
# Coyote install paths (cargo install + uv + rustup + Python tool deps at runtime)
- 'crates.io:443'
- 'static.crates.io:443'
- 'pypi.org:443'
- 'files.pythonhosted.org:443'
- 'astral.sh:443'
- 'sh.rustup.rs:443'
- 'static.rust-lang.org:443'
# LLM model OAuth + API endpoints
- 'claude.ai:443'
- 'console.anthropic.com:443'
- 'accounts.google.com:443'
# *.googleapis.com covers oauth2 + userinfo + VertexAI regional endpoints
# (*-aiplatform.googleapis.com). Do not narrow without re-checking VertexAI.
- '*.googleapis.com:443'
# Bedrock and GitHub Models use signed / GitHub-PAT auth that the proxy
# cannot rewrite. Domains are allow-listed; credentials must be injected
# separately (see README "Extending").
- '*.amazonaws.com:443'
- 'models.inference.ai.azure.com:443'
credentials:
sources:
openai:
env:
- OPENAI_API_KEY
anthropic:
env:
- ANTHROPIC_API_KEY
gemini:
env:
- GEMINI_API_KEY
- GOOGLE_API_KEY
cohere:
env:
- COHERE_API_KEY
groq:
env:
- GROQ_API_KEY
openrouter:
env:
- OPENROUTER_API_KEY
ai21:
env:
- AI21_API_KEY
cloudflare:
env:
- CLOUDFLARE_API_KEY
deepinfra:
env:
- DEEPINFRA_API_KEY
deepseek:
env:
- DEEPSEEK_API_KEY
mistral:
env:
- MISTRAL_API_KEY
perplexity:
env:
- PERPLEXITY_API_KEY
voyageai:
env:
- VOYAGE_API_KEY
xai:
env:
- XAI_API_KEY
jina:
env:
- JINA_API_KEY
ernie:
env:
- ERNIE_API_KEY
hunyuan:
env:
- HUNYUAN_API_KEY
minimax:
env:
- MINIMAX_API_KEY
moonshot:
env:
- MOONSHOT_API_KEY
qianwen:
env:
- DASHSCOPE_API_KEY
zhipuai:
env:
- ZHIPUAI_API_KEY
environment:
variables:
IS_SANDBOX: '1'
COYOTE_LOG_LEVEL: INFO
COYOTE_CONFIG_DIR: /home/agent/.config/coyote
proxyManaged:
- OPENAI_API_KEY
- ANTHROPIC_API_KEY
- GEMINI_API_KEY
- GOOGLE_API_KEY
- COHERE_API_KEY
- GROQ_API_KEY
- OPENROUTER_API_KEY
- AI21_API_KEY
- CLOUDFLARE_API_KEY
- DEEPINFRA_API_KEY
- DEEPSEEK_API_KEY
- MISTRAL_API_KEY
- PERPLEXITY_API_KEY
- VOYAGE_API_KEY
- XAI_API_KEY
- JINA_API_KEY
- ERNIE_API_KEY
- HUNYUAN_API_KEY
- MINIMAX_API_KEY
- MOONSHOT_API_KEY
- DASHSCOPE_API_KEY
- ZHIPUAI_API_KEY
commands:
install:
- command: |
sudo apt-get update &&
sudo apt-get install -y \
jq curl git \
build-essential pkg-config \
cmake \
clang libclang-dev \
musl-tools \
libssl-dev \
pandoc \
bzip2
user: '1000'
description: Install system prerequisites (including pandoc for fetch_url_via_curl)
- command: |
curl -LsSf https://astral.sh/uv/install.sh | sh
if [ -f "$HOME/.local/bin/uv" ]; then
printf '#!/bin/sh\nexec uv tool run "$@"\n' > "$HOME/.local/bin/uvx"
chmod +x "$HOME/.local/bin/uvx"
fi
user: '1000'
description: Install uv and write a uvx shell wrapper (the installer may place a macOS binary at this path on Docker-for-Mac hosts, which the Linux container cannot execute)
- command: |
set -euo pipefail
USQL_VERSION=0.21.4
ARCH=$(uname -m)
case "$ARCH" in
x86_64) USQL_ARCH=amd64 ;;
aarch64) USQL_ARCH=arm64 ;;
*) echo "Unsupported arch for usql install: $ARCH" >&2; exit 1 ;;
esac
TMPDIR=$(mktemp -d)
trap 'rm -rf "$TMPDIR"' EXIT
curl -fsSL --retry 3 "https://github.com/xo/usql/releases/download/v${USQL_VERSION}/usql_static-${USQL_VERSION}-linux-${USQL_ARCH}.tar.bz2" -o "$TMPDIR/usql.tar.bz2"
tar -xjf "$TMPDIR/usql.tar.bz2" -C "$TMPDIR"
sudo install -m 0755 "$TMPDIR/usql_static" /usr/local/bin/usql
user: '1000'
description: Install the usql universal SQL CLI (used by the built-in sql agent and execute_sql_code tool)
- command: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | \
sh -s -- -y \
--default-toolchain stable \
--profile minimal \
--target x86_64-unknown-linux-musl
. "$HOME/.cargo/env"
cargo install --locked coyote-ai
user: '1000'
description: Install Coyote AI CLI via Rust's Cargo
startup:
- command:
[
'sh',
'-c',
'test -f "$HOME/.config/coyote/config.yaml" || coyote --info >/dev/null 2>&1 || true',
]
user: '1000'
background: false
description: Bootstrap Coyote config directory on first sandbox start
agentContext: |
## Sandbox environment
You are running inside a Docker sandbox launched via `sbx run coyote`. The
user's project workspace is mounted at its absolute host path and is the
current working directory. `sudo` is passwordless; use it for system
package installs.
Coyote's configuration lives at `~/.config/coyote/` and logs at
`~/.cache/coyote/coyote.log`. Persistence is enabled, so config, sessions,
vault state, OAuth tokens, and installed tools survive sandbox restarts.
LLM provider credentials are forwarded by the sandbox HTTP proxy. The
following provider env vars are recognized - export the ones you use on
the host before running `sbx run coyote`:
OPENAI_API_KEY, ANTHROPIC_API_KEY, GEMINI_API_KEY / GOOGLE_API_KEY,
COHERE_API_KEY, GROQ_API_KEY, OPENROUTER_API_KEY, AI21_API_KEY,
CLOUDFLARE_API_KEY, DEEPINFRA_API_KEY, DEEPSEEK_API_KEY,
MISTRAL_API_KEY, PERPLEXITY_API_KEY, VOYAGE_API_KEY, XAI_API_KEY,
JINA_API_KEY, ERNIE_API_KEY, HUNYUAN_API_KEY, MINIMAX_API_KEY,
MOONSHOT_API_KEY, DASHSCOPE_API_KEY (Qwen), ZHIPUAI_API_KEY
Inside the sandbox these appear as the placeholder string `proxy-managed`;
the proxy substitutes the real value at request time. OAuth flows for
Claude Pro/Max and Gemini are also allow-listed.
Bedrock (AWS) and VertexAI (Google Cloud) use signed/OAuth-token requests
that the proxy cannot rewrite. Their domains are allow-listed but you must
inject credentials yourself via `sbx run --env AWS_ACCESS_KEY_ID=...` or
a mixin kit that mounts a service-account JSON.
Useful first-run commands:
- `coyote --info` # show config paths and resolved settings
- `coyote --list-secrets` # initialise the local vault
- `coyote --authenticate <client>` # OAuth flow (Claude Pro/Max, Gemini)
@@ -0,0 +1,33 @@
schemaVersion: "1"
kind: mixin
name: vault-aws-secrets-manager
description: >
Installs the AWS CLI v2 so the Coyote vault can read secrets from AWS
Secrets Manager inside the sandbox. The AWS Rust SDK does not strictly
require the CLI, but most users authenticate via `aws sso login` or
`aws configure`, which need the CLI to be installed. After install, run
the appropriate auth command in the sandbox; cached credentials persist
for the lifetime of the sandbox.
network:
allowedDomains:
- "awscli.amazonaws.com:443"
- "sts.amazonaws.com:443"
- "*.sts.amazonaws.com:443"
- "*.secretsmanager.amazonaws.com:443"
- "*.amazonaws.com:443"
- "*.awsapps.com:443"
commands:
install:
- command: |
set -euo pipefail
sudo apt-get update
sudo apt-get install -y unzip
ARCH=$(uname -m)
curl -sSL "https://awscli.amazonaws.com/awscli-exe-linux-${ARCH}.zip" -o /tmp/awscliv2.zip
unzip -q /tmp/awscliv2.zip -d /tmp
sudo /tmp/aws/install
rm -rf /tmp/awscliv2.zip /tmp/aws
user: "1000"
description: Install AWS CLI v2 from the official installer
@@ -0,0 +1,24 @@
schemaVersion: "1"
kind: mixin
name: vault-azure-key-vault
description: >
Installs the Azure CLI (`az`) so the Coyote vault can read secrets from
Azure Key Vault inside the sandbox. After install, run `az login` in the
sandbox to authenticate; the session token persists for the lifetime of
the sandbox.
network:
allowedDomains:
- "aka.ms:443"
- "packages.microsoft.com:443"
- "azurecliprod.blob.core.windows.net:443"
- "login.microsoftonline.com:443"
- "graph.microsoft.com:443"
- "management.azure.com:443"
- "*.vault.azure.net:443"
commands:
install:
- command: "curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash"
user: "1000"
description: Install Azure CLI via Microsoft's official install script
@@ -0,0 +1,34 @@
schemaVersion: "1"
kind: mixin
name: vault-gcp-secret-manager
description: >
Installs the Google Cloud CLI (`gcloud`) so the Coyote vault can read
secrets from GCP Secret Manager inside the sandbox. The GCP Rust SDK does
not strictly require the CLI, but most users authenticate via
`gcloud auth application-default login`, which needs the CLI to be
installed. After install, run that command in the sandbox; the ADC file
persists for the lifetime of the sandbox.
network:
allowedDomains:
- "packages.cloud.google.com:443"
- "accounts.google.com:443"
- "oauth2.googleapis.com:443"
- "secretmanager.googleapis.com:443"
- "cloudresourcemanager.googleapis.com:443"
- "*.googleapis.com:443"
commands:
install:
- command: |
set -euo pipefail
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates gnupg
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" \
| sudo tee /etc/apt/sources.list.d/google-cloud-sdk.list >/dev/null
curl -sSL https://packages.cloud.google.com/apt/doc/apt-key.gpg \
| sudo gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg
sudo apt-get update
sudo apt-get install -y google-cloud-cli
user: "1000"
description: Install gcloud CLI from Google's official apt repository
+30
View File
@@ -0,0 +1,30 @@
schemaVersion: "1"
kind: mixin
name: vault-gopass
description: >
Installs `gopass` and `gpg` so the Coyote vault can read secrets from a
gopass store inside the sandbox. The store must be cloned manually
(gopass walks a user-specific git remote, so v1 only allowlists github.com
and gitlab.com; add other hosts via a user mixin if needed). After install,
run `gopass setup` or `gopass clone <remote>` in the sandbox.
network:
allowedDomains:
- "github.com:443"
- "api.github.com:443"
- "objects.githubusercontent.com:443"
- "gitlab.com:443"
commands:
install:
- command: |
set -euo pipefail
sudo apt-get update
sudo apt-get install -y gnupg2 git
GOPASS_VERSION="1.15.13"
ARCH=$(dpkg --print-architecture)
curl -sSL "https://github.com/gopasspw/gopass/releases/download/v${GOPASS_VERSION}/gopass_${GOPASS_VERSION}_linux_${ARCH}.deb" -o /tmp/gopass.deb
sudo dpkg -i /tmp/gopass.deb
rm -f /tmp/gopass.deb
user: "1000"
description: Install gnupg2, git, and gopass from the official .deb release
@@ -0,0 +1,31 @@
schemaVersion: "1"
kind: mixin
name: vault-one-password
description: >
Installs the 1Password CLI (`op`) so the Coyote vault can decrypt secrets
inside the sandbox. After install, run `op signin` in the sandbox to
authenticate; credentials persist for the lifetime of the sandbox.
network:
allowedDomains:
- "downloads.1password.com:443"
- "cache.agilebits.com:443"
- "my.1password.com:443"
- "my.1password.eu:443"
- "my.1password.ca:443"
- "events.1password.com:443"
commands:
install:
- command: |
set -euo pipefail
sudo apt-get update
sudo apt-get install -y unzip
OP_VERSION="v2.30.3"
ARCH=$(dpkg --print-architecture)
curl -sSL "https://cache.agilebits.com/dist/1P/op2/pkg/${OP_VERSION}/op_linux_${ARCH}_${OP_VERSION}.zip" -o /tmp/op.zip
sudo unzip -od /usr/local/bin /tmp/op.zip op
sudo chmod +x /usr/local/bin/op
rm -f /tmp/op.zip
user: "1000"
description: Install 1Password CLI from the official archive
+32
View File
@@ -377,6 +377,14 @@
thinking:
type: enabled
budget_tokens: 16000
- name: claude-sonnet-5
max_input_tokens: 1000000
max_output_tokens: 128000
require_max_tokens: true
input_price: 3
output_price: 15
supports_vision: true
supports_function_calling: true
- name: claude-sonnet-4-6
max_input_tokens: 200000
max_output_tokens: 8192
@@ -922,6 +930,14 @@
thinking:
type: enabled
budget_tokens: 16000
- name: claude-sonnet-5
max_input_tokens: 1000000
max_output_tokens: 128000
require_max_tokens: true
input_price: 3
output_price: 15
supports_vision: true
supports_function_calling: true
- name: claude-sonnet-4-6
max_input_tokens: 200000
max_output_tokens: 8192
@@ -1103,6 +1119,14 @@
thinking:
type: enabled
budget_tokens: 16000
- name: us.anthropic.claude-sonnet-5
max_input_tokens: 1000000
max_output_tokens: 128000
require_max_tokens: true
input_price: 3
output_price: 15
supports_vision: true
supports_function_calling: true
- name: us.anthropic.claude-sonnet-4-6
max_input_tokens: 200000
max_output_tokens: 8192
@@ -1785,6 +1809,14 @@
output_price: 25
supports_vision: true
supports_function_calling: true
- name: anthropic/claude-sonnet-5
max_input_tokens: 1000000
max_output_tokens: 128000
require_max_tokens: true
input_price: 3
output_price: 15
supports_vision: true
supports_function_calling: true
- name: anthropic/claude-sonnet-4.6
max_input_tokens: 200000
max_output_tokens: 8192
+3 -3
View File
@@ -39,7 +39,7 @@ switch ([System.Runtime.InteropServices.RuntimeInformation]::OSArchitecture) {
if (-not $BinDir) {
if ($isWin) { $BinDir = Join-Path $env:LOCALAPPDATA 'coyote\bin' }
else { $home = $env:HOME; if (-not $home) { $home = (Get-Item -Path ~).FullName }; $BinDir = Join-Path $home '.local/bin' }
else { $userHome = $env:HOME; if (-not $userHome) { $userHome = (Get-Item -Path ~).FullName }; $BinDir = Join-Path $userHome '.local/bin' }
}
New-Item -ItemType Directory -Force -Path $BinDir | Out-Null
@@ -95,13 +95,13 @@ if ($asset.name -match '\.zip$') {
[System.IO.Compression.ZipFile]::ExtractToDirectory($archive, $extractDir)
} elseif ($asset.name -match '\.tar\.gz$' -or $asset.name -match '\.tgz$') {
$tar = Get-Command tar -ErrorAction SilentlyContinue
if ($tar) { & $tar.FullName -xzf $archive -C $extractDir }
if ($tar) { & $tar.Source -xzf $archive -C $extractDir }
else { Fail "Asset is tar archive but 'tar' is not available." }
} else {
try { Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory($archive, $extractDir) }
catch {
$tar = Get-Command tar -ErrorAction SilentlyContinue
if ($tar) { & $tar.FullName -xf $archive -C $extractDir } else { Fail "Unknown archive format; neither zip nor tar workable." }
if ($tar) { & $tar.Source -xf $archive -C $extractDir } else { Fail "Unknown archive format; neither zip nor tar workable." }
}
}
Regular → Executable
+13 -22
View File
@@ -133,30 +133,21 @@ else
echo "Error: unsupported OS for this installer: $OS" >&2; exit 1
fi
DL_URLS=$(grep -oE '"browser_download_url":[[:space:]]*"[^"]+"' "$JSON" \
| sed -E 's/.*"browser_download_url":[[:space:]]*"//; s/"$//' \
|| true)
ASSET_NAME=""; ASSET_URL=""
for candidate in "${ASSET_CANDIDATES[@]}"; do
NAME=$(grep -oE '"name":\s*"[^"]+"' "$JSON" | sed 's/"name":\s*"//; s/"$//' | grep -Fx "$candidate" || true)
if [[ -n "$NAME" ]]; then
ASSET_NAME="$NAME"
ASSET_URL=$(awk -v pat="$NAME" '
BEGIN{ FS=":"; want=0 }
/"name"/ {
line=$0;
gsub(/^\s+|\s+$/,"",line);
gsub(/"name"\s*:\s*"|"/ ,"", line);
want = (line==pat) ? 1 : 0;
next
}
want==1 && /"browser_download_url"/ {
u=$0;
gsub(/^\s+|\s+$/,"",u);
gsub(/.*"browser_download_url"\s*:\s*"|".*/ ,"", u);
print u;
exit
}
' "$JSON")
if [[ -n "$ASSET_URL" ]]; then break; fi
fi
while IFS= read -r url; do
[[ -z "$url" ]] && continue
if [[ "$url" == */"$candidate" ]]; then
ASSET_NAME="$candidate"
ASSET_URL="$url"
break
fi
done <<< "$DL_URLS"
[[ -n "$ASSET_URL" ]] && break
done
if [[ -z "$ASSET_URL" ]]; then
+29 -1
View File
@@ -5,9 +5,9 @@ use crate::utils::list_file_names;
use crate::vault::Vault;
use clap_complete::{CompletionCandidate, Shell, generate};
use clap_complete_nushell::Nushell;
use std::env;
use std::ffi::OsStr;
use std::io;
use std::{env, fs};
const COYOTE_CLI_NAME: &str = "coyote";
@@ -134,6 +134,34 @@ pub(super) fn session_completer(current: &OsStr) -> Vec<CompletionCandidate> {
.collect()
}
pub(super) fn mcp_server_completer(current: &OsStr) -> Vec<CompletionCandidate> {
let cur = current.to_string_lossy();
let content = match fs::read_to_string(paths::mcp_config_file()) {
Ok(c) => c,
Err(_) => return vec![],
};
let json: serde_json::Value = match serde_json::from_str(&content) {
Ok(v) => v,
Err(_) => return vec![],
};
let servers = match json.get("mcpServers").and_then(|v| v.as_object()) {
Some(s) => s,
None => return vec![],
};
servers
.iter()
.filter(|(_, v)| {
v.get("type")
.and_then(|t| t.as_str())
.map(|t| t == "http" || t == "sse")
.unwrap_or(false)
})
.filter(|(k, _)| k.starts_with(&*cur))
.map(|(k, _)| CompletionCandidate::new(k))
.collect()
}
pub(super) fn secrets_completer(current: &OsStr) -> Vec<CompletionCandidate> {
let cur = current.to_string_lossy();
match load_app_config_for_completion() {
+84 -4
View File
@@ -1,12 +1,12 @@
mod completer;
use crate::cli::completer::{
ShellCompletion, agent_completer, macro_completer, model_completer, rag_completer,
role_completer, secrets_completer, session_completer,
ShellCompletion, agent_completer, macro_completer, mcp_server_completer, model_completer,
rag_completer, role_completer, secrets_completer, session_completer,
};
use crate::config::{AssetCategory, InstallFilter, MemoryScope};
use anyhow::{Context, Result};
use clap::ValueHint;
use clap::{ArgGroup, ValueHint};
use clap::{Parser, crate_authors, crate_description, crate_version};
use clap_complete::ArgValueCompleter;
use is_terminal::IsTerminal;
@@ -27,7 +27,20 @@ use std::io::{Read, stdin};
{usage-heading} {usage}
{all-args}{after-help}
"
",
group(
ArgGroup::new("sbx-mode")
.args(["sandbox", "fresh", "no_mixins"])
.multiple(true)
.conflicts_with_all([
"model", "prompt", "role", "session", "agent", "rag", "rebuild_rag",
"macro_name", "execute", "code", "file", "no_stream", "no_memory",
"init_memory", "dry_run", "info", "build_tools", "install",
"install_from", "sync_models", "list_models", "list_roles",
"list_sessions", "list_agents", "list_rags", "list_macros",
"list_skills", "skill", "tail_logs", "completions", "update",
])
),
)]
pub struct Cli {
/// Select a LLM model
@@ -158,6 +171,9 @@ pub struct Cli {
/// Authenticate with an LLM provider using OAuth (e.g., --authenticate client_name)
#[arg(long, exclusive = true, value_name = "CLIENT_NAME")]
pub authenticate: Option<Option<String>>,
/// Authenticate with an OAuth-protected remote MCP server (e.g., --auth-mcp server_name)
#[arg(long, exclusive = true, value_name = "SERVER_NAME", add = ArgValueCompleter::new(mcp_server_completer))]
pub auth_mcp: Option<String>,
/// Generate static shell completion scripts
#[arg(long, value_name = "SHELL", value_enum)]
pub completions: Option<ShellCompletion>,
@@ -167,6 +183,15 @@ pub struct Cli {
/// With --update, update even if Coyote was installed via a package manager
#[arg(long, requires = "update")]
pub force: bool,
/// Launch Coyote inside a Docker sandbox (via `sbx`); name defaults to current directory basename
#[arg(long, value_name = "NAME")]
pub sandbox: Option<Option<String>>,
/// Create the sandbox without bootstrapping the host config or vault password file
#[arg(long, requires = "sandbox")]
pub fresh: bool,
/// Skip discovery and application of all sbx mixins (user and built-in)
#[arg(long, requires = "sandbox")]
pub no_mixins: bool,
}
impl Cli {
@@ -495,4 +520,59 @@ mod tests {
fn parse_force_without_update_fails() {
assert!(Cli::try_parse_from(["coyote", "--force"]).is_err());
}
#[test]
fn parse_sandbox_flag_no_value() {
let cli = parse(&["--sandbox"]);
assert_eq!(cli.sandbox, Some(None));
}
#[test]
fn parse_sandbox_flag_with_name() {
let cli = parse(&["--sandbox", "my-box"]);
assert_eq!(cli.sandbox, Some(Some("my-box".to_string())));
}
#[test]
fn parse_sandbox_is_exclusive() {
assert!(Cli::try_parse_from(["coyote", "--sandbox", "--agent", "foo"]).is_err());
}
#[test]
fn parse_fresh_flag_requires_sandbox() {
assert!(Cli::try_parse_from(["coyote", "--fresh"]).is_err());
}
#[test]
fn parse_fresh_flag_with_sandbox() {
let cli = parse(&["--sandbox", "--fresh"]);
assert_eq!(cli.sandbox, Some(None));
assert!(cli.fresh);
}
#[test]
fn parse_fresh_flag_with_named_sandbox() {
let cli = parse(&["--sandbox", "foo", "--fresh"]);
assert_eq!(cli.sandbox, Some(Some("foo".to_string())));
assert!(cli.fresh);
}
#[test]
fn parse_no_mixins_requires_sandbox() {
assert!(Cli::try_parse_from(["coyote", "--no-mixins"]).is_err());
}
#[test]
fn parse_no_mixins_with_sandbox() {
let cli = parse(&["--sandbox", "--no-mixins"]);
assert!(cli.no_mixins);
}
#[test]
fn parse_sandbox_with_fresh_and_no_mixins() {
let cli = parse(&["--sandbox", "foo", "--fresh", "--no-mixins"]);
assert_eq!(cli.sandbox, Some(Some("foo".to_string())));
assert!(cli.fresh);
assert!(cli.no_mixins);
}
}
+7
View File
@@ -133,6 +133,13 @@ impl MessageContent {
}
}
pub fn as_text(&self) -> Option<&str> {
match self {
MessageContent::Text(text) => Some(text),
_ => None,
}
}
pub fn merge_prompt(&mut self, replace_fn: impl Fn(&str) -> String) {
match self {
MessageContent::Text(text) => *text = replace_fn(text),
+10 -4
View File
@@ -53,6 +53,10 @@ pub trait OAuthProvider: Send + Sync {
fn extra_request_headers(&self) -> Vec<(&str, &str)> {
vec![]
}
fn fixed_redirect_uri(&self) -> Option<String> {
None
}
}
#[derive(Debug, Clone, Serialize, Deserialize)]
@@ -72,14 +76,16 @@ pub async fn run_oauth_flow(provider: &dyn OAuthProvider, client_name: &str) ->
let state = Uuid::new_v4().to_string();
let redirect_uri = if provider.uses_localhost_redirect() {
let (redirect_uri, use_callback_listener) = if let Some(fixed) = provider.fixed_redirect_uri() {
(fixed, true)
} else if provider.uses_localhost_redirect() {
let listener = TcpListener::bind("127.0.0.1:0")?;
let port = listener.local_addr()?.port();
let uri = format!("http://127.0.0.1:{port}/callback");
drop(listener);
uri
(uri, true)
} else {
provider.redirect_uri().to_string()
(provider.redirect_uri().to_string(), false)
};
let encoded_scopes = urlencoding::encode(provider.scopes());
@@ -112,7 +118,7 @@ pub async fn run_oauth_flow(provider: &dyn OAuthProvider, client_name: &str) ->
let _ = open::that(&authorize_url);
let (code, returned_state) = if provider.uses_localhost_redirect() {
let (code, returned_state) = if use_callback_listener {
listen_for_oauth_callback(&redirect_uri)?
} else {
let input = Text::new("Paste the authorization code:").prompt()?;
+19 -4
View File
@@ -274,10 +274,25 @@ impl AppConfig {
pub fn vault_password_file(&self) -> PathBuf {
match &self.vault_password_file {
Some(path) => match path.exists() {
true => path.clone(),
false => gman::config::Config::local_provider_password_file(),
},
Some(path) => {
if path.exists() {
return path.clone();
}
if let Some(translated) = paths::translate_sandboxed_home_path(path)
&& translated.exists()
{
info!(
"vault_password_file '{}' not found; resolved to sandboxed path '{}'",
path.display(),
translated.display()
);
return translated;
}
gman::config::Config::local_provider_password_file()
}
None => gman::config::Config::local_provider_password_file(),
}
}
+11 -2
View File
@@ -1,4 +1,6 @@
use crate::mcp::{ConnectedServer, JsonField, McpServer, McpTransportType, spawn_mcp_server};
use crate::mcp::{
ConnectedServer, JsonField, McpServer, McpTransportType, oauth, spawn_mcp_server,
};
use anyhow::Result;
use parking_lot::Mutex;
@@ -99,7 +101,12 @@ impl McpFactory {
return Ok(existing);
}
let handle = spawn_mcp_server(spec, log_path).await?;
let bearer_token = if spec.is_remote() {
oauth::load_valid_mcp_token(name)
} else {
None
};
let handle = spawn_mcp_server(spec, log_path, bearer_token).await?;
self.insert_active(key, &handle);
Ok(handle)
}
@@ -125,6 +132,7 @@ mod tests {
cwd: None,
url: None,
headers: None,
oauth_client_id: None,
}
}
@@ -141,6 +149,7 @@ mod tests {
cwd: None,
url: Some(url.to_string()),
headers,
oauth_client_id: None,
}
}
+9
View File
@@ -135,6 +135,7 @@ const RAGS_DIR_NAME: &str = "rags";
const FUNCTIONS_DIR_NAME: &str = "functions";
const FUNCTIONS_BIN_DIR_NAME: &str = "bin";
const AGENTS_DIR_NAME: &str = "agents";
const REPL_HISTORY_DIR_NAME: &str = "repl-history";
const GLOBAL_TOOLS_DIR_NAME: &str = "tools";
const GLOBAL_TOOLS_UTILS_DIR_NAME: &str = "utils";
const BASH_PROMPT_UTILS_FILE_NAME: &str = "prompt-utils.sh";
@@ -143,6 +144,11 @@ const MEMORY_DIR_NAME: &str = "memory";
const MEMORY_INDEX_FILE_NAME: &str = "MEMORY.md";
const WORKSPACE_MEMORY_FILE_NAME: &str = "COYOTE.md";
const WORKSPACE_MEMORY_DIR_NAME: &str = ".coyote";
const SBX_KIT_DIR_NAME: &str = "sbx-kit";
const SBX_KIT_HASH_FILE: &str = "kit.sha256";
const SBX_MIXIN_FILE_NAME: &str = "sbx-mixin.yaml";
const SBX_VAULT_MIXINS_DIR_NAME: &str = "sbx-vault-mixins";
const SBX_MIXIN_KITS_DIR_NAME: &str = "sbx-mixin-kits";
const GIT_DIR_NAME: &str = ".git";
const GITIGNORE_FILE_NAME: &str = ".gitignore";
const DEFAULT_VISIBLE_TOOLS: [&str; 18] = [
@@ -667,6 +673,9 @@ bitflags::bitflags! {
const SESSION = 1 << 2;
const RAG = 1 << 3;
const AGENT = 1 << 4;
const FUNCTION_CALLING = 1 << 5;
const AUTO_CONTINUE = 1 << 6;
const SKILLS_ENABLED = 1 << 7;
}
}
+321 -4
View File
@@ -3,10 +3,13 @@ use super::{
AGENT_GRAPH_FILE_NAME, AGENTS_DIR_NAME, BASH_PROMPT_UTILS_FILE_NAME, CONFIG_FILE_NAME,
ENV_FILE_NAME, FUNCTIONS_BIN_DIR_NAME, FUNCTIONS_DIR_NAME, GLOBAL_TOOLS_DIR_NAME,
GLOBAL_TOOLS_UTILS_DIR_NAME, MACROS_DIR_NAME, MCP_FILE_NAME, MEMORY_DIR_NAME,
MEMORY_INDEX_FILE_NAME, ModelsOverride, RAGS_DIR_NAME, ROLES_DIR_NAME, SKILLS_DIR_NAME,
WORKSPACE_MEMORY_DIR_NAME,
MEMORY_INDEX_FILE_NAME, ModelsOverride, RAGS_DIR_NAME, ROLES_DIR_NAME, SBX_KIT_DIR_NAME,
SBX_KIT_HASH_FILE, SBX_MIXIN_FILE_NAME, SBX_MIXIN_KITS_DIR_NAME, SBX_VAULT_MIXINS_DIR_NAME,
SKILLS_DIR_NAME, WORKSPACE_MEMORY_DIR_NAME,
};
use crate::client::ProviderModels;
use crate::config::REPL_HISTORY_DIR_NAME;
use crate::config::session::Session;
use crate::utils::{get_env_name, list_file_names, normalize_env_name};
use anyhow::{Context, Result, anyhow, bail};
@@ -32,8 +35,97 @@ pub fn local_path(name: &str) -> PathBuf {
}
pub fn cache_path() -> PathBuf {
let base_dir = dirs::cache_dir().unwrap_or_else(env::temp_dir);
base_dir.join(env!("CARGO_CRATE_NAME"))
if let Ok(v) = env::var(get_env_name("cache_dir")) {
PathBuf::from(v)
} else if let Ok(v) = env::var("XDG_CACHE_HOME") {
PathBuf::from(v).join(env!("CARGO_CRATE_NAME"))
} else {
let base_dir = dirs::cache_dir().unwrap_or_else(env::temp_dir);
base_dir.join(env!("CARGO_CRATE_NAME"))
}
}
pub fn sandbox_kit_override() -> Option<PathBuf> {
env::var_os(get_env_name("sandbox_kit")).map(PathBuf::from)
}
pub fn translate_sandboxed_home_path(path: &Path) -> Option<PathBuf> {
env::var_os("IS_SANDBOX")?;
let s = path.to_str()?;
if let Some(translated) = translate_unix_home_style(s, "/home/") {
return Some(translated);
}
if let Some(translated) = translate_unix_home_style(s, "/Users/") {
return Some(translated);
}
translate_windows_users_path(s)
}
fn translate_unix_home_style(s: &str, prefix: &str) -> Option<PathBuf> {
let rest = s.strip_prefix(prefix)?;
let (user, tail) = match rest.split_once('/') {
Some((u, t)) => (u, t),
None => (rest, ""),
};
if user.is_empty() || user == "agent" {
return None;
}
Some(if tail.is_empty() {
PathBuf::from("/home/agent")
} else {
PathBuf::from(format!("/home/agent/{tail}"))
})
}
fn translate_windows_users_path(s: &str) -> Option<PathBuf> {
let bytes = s.as_bytes();
if bytes.len() < 4 || !bytes[0].is_ascii_alphabetic() || bytes[1] != b':' || bytes[2] != b'\\' {
return None;
}
let after_drive = &s[3..];
let rest = after_drive.strip_prefix("Users\\")?;
let (user, tail) = match rest.split_once('\\') {
Some((u, t)) => (u, t.replace('\\', "/")),
None => (rest, String::new()),
};
if user.is_empty() || user == "agent" {
return None;
}
Some(if tail.is_empty() {
PathBuf::from("/home/agent")
} else {
PathBuf::from(format!("/home/agent/{tail}"))
})
}
pub fn sbx_mixin_file() -> PathBuf {
config_dir().join(SBX_MIXIN_FILE_NAME)
}
pub fn global_tools_sbx_mixin_file() -> PathBuf {
functions_dir().join(SBX_MIXIN_FILE_NAME)
}
pub fn find_workspace_sbx_mixin(start: &Path) -> Option<PathBuf> {
for dir in start.ancestors() {
let candidate = dir
.join(WORKSPACE_MEMORY_DIR_NAME)
.join(SBX_MIXIN_FILE_NAME);
if candidate.exists() {
return Some(candidate);
}
}
None
}
pub fn oauth_tokens_path() -> PathBuf {
@@ -48,6 +140,26 @@ pub fn log_path() -> PathBuf {
cache_path().join(format!("{}.log", env!("CARGO_CRATE_NAME")))
}
pub fn sbx_kit_dir() -> PathBuf {
cache_path().join(SBX_KIT_DIR_NAME)
}
pub fn sbx_kit_hash_file() -> PathBuf {
sbx_kit_dir().join(SBX_KIT_HASH_FILE)
}
pub fn sbx_vault_mixins_dir() -> PathBuf {
cache_path().join(SBX_VAULT_MIXINS_DIR_NAME)
}
pub fn sbx_vault_mixins_hash_file() -> PathBuf {
sbx_vault_mixins_dir().join(SBX_KIT_HASH_FILE)
}
pub fn sbx_mixin_kits_dir() -> PathBuf {
cache_path().join(SBX_MIXIN_KITS_DIR_NAME)
}
pub fn config_file() -> PathBuf {
match env::var(get_env_name("config_file")) {
Ok(value) => PathBuf::from(value),
@@ -210,6 +322,20 @@ pub fn workspace_memory_dir_for(workspace_root: &Path) -> PathBuf {
.join(MEMORY_DIR_NAME)
}
pub fn repl_history_dir() -> PathBuf {
cache_path().join(REPL_HISTORY_DIR_NAME)
}
pub fn repl_history_file(session: &Option<Session>) -> PathBuf {
let history_key = if let Some(session) = &session {
format!("session_{}", session.name().replace('/', "_"))
} else {
"default".to_string()
};
repl_history_dir().join(history_key)
}
pub fn log_config() -> Result<(LevelFilter, Option<PathBuf>)> {
let log_level = env::var(get_env_name("log_level"))
.ok()
@@ -365,6 +491,197 @@ mod tests {
}
}
mod sandbox_home_translation {
use super::*;
use serial_test::serial;
fn with_sandbox<F: FnOnce()>(f: F) {
let prev = env::var_os("IS_SANDBOX");
unsafe {
env::set_var("IS_SANDBOX", "1");
}
f();
unsafe {
match prev {
Some(v) => env::set_var("IS_SANDBOX", v),
None => env::remove_var("IS_SANDBOX"),
}
}
}
fn without_sandbox<F: FnOnce()>(f: F) {
let prev = env::var_os("IS_SANDBOX");
unsafe {
env::remove_var("IS_SANDBOX");
}
f();
unsafe {
if let Some(v) = prev {
env::set_var("IS_SANDBOX", v);
}
}
}
#[test]
#[serial]
fn returns_none_when_not_in_sandbox() {
without_sandbox(|| {
let p = Path::new("/home/atusa/.coyote_password");
assert_eq!(translate_sandboxed_home_path(p), None);
});
}
#[test]
#[serial]
fn translates_host_home_to_agent_home() {
with_sandbox(|| {
let p = Path::new("/home/atusa/.coyote_password");
assert_eq!(
translate_sandboxed_home_path(p),
Some(PathBuf::from("/home/agent/.coyote_password"))
);
});
}
#[test]
#[serial]
fn translates_nested_host_home_path() {
with_sandbox(|| {
let p = Path::new("/home/atusa/.config/coyote/.password");
assert_eq!(
translate_sandboxed_home_path(p),
Some(PathBuf::from("/home/agent/.config/coyote/.password"))
);
});
}
#[test]
#[serial]
fn returns_none_when_path_already_targets_agent_home() {
with_sandbox(|| {
let p = Path::new("/home/agent/.coyote_password");
assert_eq!(translate_sandboxed_home_path(p), None);
});
}
#[test]
#[serial]
fn returns_none_when_path_is_outside_home() {
with_sandbox(|| {
let p = Path::new("/etc/coyote/.coyote_password");
assert_eq!(translate_sandboxed_home_path(p), None);
});
}
#[test]
#[serial]
fn returns_none_for_relative_path() {
with_sandbox(|| {
let p = Path::new(".coyote_password");
assert_eq!(translate_sandboxed_home_path(p), None);
});
}
#[test]
#[serial]
fn returns_none_for_first_segment_not_home() {
with_sandbox(|| {
let p = Path::new("/opt/atusa/.coyote_password");
assert_eq!(translate_sandboxed_home_path(p), None);
});
}
#[test]
#[serial]
fn translates_macos_users_path() {
with_sandbox(|| {
let p = Path::new("/Users/atusa/.coyote_password");
assert_eq!(
translate_sandboxed_home_path(p),
Some(PathBuf::from("/home/agent/.coyote_password"))
);
});
}
#[test]
#[serial]
fn translates_macos_nested_path() {
with_sandbox(|| {
let p = Path::new("/Users/atusa/.config/coyote/.password");
assert_eq!(
translate_sandboxed_home_path(p),
Some(PathBuf::from("/home/agent/.config/coyote/.password"))
);
});
}
#[test]
#[serial]
fn returns_none_when_macos_path_already_targets_agent() {
with_sandbox(|| {
let p = Path::new("/Users/agent/.coyote_password");
assert_eq!(translate_sandboxed_home_path(p), None);
});
}
#[test]
#[serial]
fn translates_windows_drive_letter_path() {
with_sandbox(|| {
let p = Path::new("C:\\Users\\atusa\\.coyote_password");
assert_eq!(
translate_sandboxed_home_path(p),
Some(PathBuf::from("/home/agent/.coyote_password"))
);
});
}
#[test]
#[serial]
fn translates_windows_nested_path() {
with_sandbox(|| {
let p = Path::new("D:\\Users\\atusa\\.config\\coyote\\.password");
assert_eq!(
translate_sandboxed_home_path(p),
Some(PathBuf::from("/home/agent/.config/coyote/.password"))
);
});
}
#[test]
#[serial]
fn returns_none_when_windows_path_already_targets_agent() {
with_sandbox(|| {
let p = Path::new("C:\\Users\\agent\\.coyote_password");
assert_eq!(translate_sandboxed_home_path(p), None);
});
}
}
#[test]
fn sandbox_kit_override_reflects_env_var_state() {
let env_name = get_env_name("sandbox_kit");
let prev = env::var_os(&env_name);
unsafe {
env::remove_var(&env_name);
}
assert_eq!(sandbox_kit_override(), None);
let probe = PathBuf::from("/tmp/coyote-sandbox-kit-probe");
unsafe {
env::set_var(&env_name, &probe);
}
assert_eq!(sandbox_kit_override(), Some(probe));
unsafe {
match prev {
Some(v) => env::set_var(&env_name, v),
None => env::remove_var(&env_name),
}
}
}
#[test]
fn list_skills_skips_invalid_directory_names() {
let unique = time::SystemTime::now()
+375 -36
View File
@@ -371,9 +371,32 @@ impl RequestContext {
if self.rag.is_some() {
flags |= StateFlags::RAG;
}
if self.app.config.function_calling_support {
flags |= StateFlags::FUNCTION_CALLING;
}
if self.auto_continue_config().enabled {
flags |= StateFlags::AUTO_CONTINUE;
}
if self.resolved_skills_enabled() {
flags |= StateFlags::SKILLS_ENABLED;
}
flags
}
pub fn resolved_skills_enabled(&self) -> bool {
if let Some(agent) = &self.agent
&& let Some(value) = agent.skills_enabled()
{
return value;
}
let app = &self.app.config;
self.session
.as_ref()
.and_then(|s| s.skills_enabled())
.or_else(|| self.role.as_ref().and_then(|r| r.skills_enabled()))
.unwrap_or(app.skills_enabled)
}
pub fn messages_file(&self) -> PathBuf {
match &self.agent {
None => match env::var(get_env_name("messages_file")) {
@@ -450,6 +473,50 @@ impl RequestContext {
}
}
pub fn todo_info(&self) -> Result<String> {
if !self.auto_continue_config().enabled {
bail!(
"Auto-continuation is disabled. Enable it by setting `auto_continue: true` in your config or running `.set auto_continue true`."
);
}
if self.todo_list.is_empty() {
return Ok("No todos in the running list.\n".to_string());
}
let mut out = self.todo_list.render_for_model();
out.push('\n');
Ok(out)
}
pub fn tools_info(&self) -> Result<String> {
if !self.app.config.function_calling_support {
bail!(
"Function calling is disabled. Enable it by setting `function_calling_support: true` in your config or running `.set function_calling_support true`."
);
}
let role = self.extract_role(&self.app.config)?;
match self.select_functions(&role) {
None => Ok("No tools enabled for the next request.\n".to_string()),
Some(functions) => {
let mut names: Vec<&str> = functions.iter().map(|f| f.name.as_str()).collect();
names.sort_unstable();
let mut out = format!(
"Tools enabled for the next request: {}\n\n",
functions.len()
);
for name in names {
out.push_str(" ");
out.push_str(name);
out.push('\n');
}
Ok(out)
}
}
}
pub fn list_sessions(&self) -> Vec<String> {
list_file_names(self.sessions_dir(), ".yaml")
}
@@ -642,6 +709,10 @@ impl RequestContext {
}
pub fn extract_role(&self, app: &AppConfig) -> Result<Role> {
self.extract_role_impl(app, true)
}
fn extract_role_impl(&self, app: &AppConfig, inject_memory: bool) -> Result<Role> {
let mut role = if let Some(session) = self.session.as_ref() {
session.to_role()
} else if let Some(agent) = self.agent.as_ref() {
@@ -690,34 +761,36 @@ impl RequestContext {
}
}
let memory_config = self.memory_config();
if memory_config.enabled {
let store = MemoryStore {
global_dir: paths::global_memory_dir(),
workspace: memory_config.workspace,
};
let with_tools = app.function_calling_support;
let cap = if with_tools {
app.memory_cap_with_tools
.unwrap_or(DEFAULT_MEMORY_CAP_WITH_TOOLS)
} else {
app.memory_cap_without_tools
.unwrap_or(DEFAULT_MEMORY_CAP_WITHOUT_TOOLS)
};
match memory::build_memory_section(&store, with_tools, cap) {
Ok(Some(section)) => {
let separator = if role.is_empty_prompt() { "" } else { "\n\n" };
role.append_to_prompt(separator);
role.append_to_prompt(&section);
role.append_to_prompt("\n\n");
role.append_to_prompt(if with_tools {
prompts::DEFAULT_MEMORY_INSTRUCTIONS
} else {
prompts::DEFAULT_MEMORY_INSTRUCTIONS_READONLY
});
if inject_memory {
let memory_config = self.memory_config();
if memory_config.enabled {
let store = MemoryStore {
global_dir: paths::global_memory_dir(),
workspace: memory_config.workspace,
};
let with_tools = app.function_calling_support;
let cap = if with_tools {
app.memory_cap_with_tools
.unwrap_or(DEFAULT_MEMORY_CAP_WITH_TOOLS)
} else {
app.memory_cap_without_tools
.unwrap_or(DEFAULT_MEMORY_CAP_WITHOUT_TOOLS)
};
match memory::build_memory_section(&store, with_tools, cap) {
Ok(Some(section)) => {
let separator = if role.is_empty_prompt() { "" } else { "\n\n" };
role.append_to_prompt(separator);
role.append_to_prompt(&section);
role.append_to_prompt("\n\n");
role.append_to_prompt(if with_tools {
prompts::DEFAULT_MEMORY_INSTRUCTIONS
} else {
prompts::DEFAULT_MEMORY_INSTRUCTIONS_READONLY
});
}
Ok(None) => {}
Err(e) => warn!("memory injection failed: {}", e),
}
Ok(None) => {}
Err(e) => warn!("memory injection failed: {}", e),
}
}
@@ -1036,6 +1109,10 @@ impl RequestContext {
"enabled_mcp_servers",
super::format_option_value(&role.enabled_mcp_servers().map(|v| v.join(","))),
),
(
"enabled_skills",
super::format_option_value(&role.enabled_skills().map(|v| v.join(","))),
),
(
"max_output_tokens",
role.model()
@@ -1071,6 +1148,7 @@ impl RequestContext {
app.function_calling_support.to_string(),
),
("mcp_server_support", app.mcp_server_support.to_string()),
("skills_enabled", app.skills_enabled.to_string()),
("auto_continue", app.auto_continue.to_string()),
("max_auto_continues", app.max_auto_continues.to_string()),
("stream", app.stream.to_string()),
@@ -1090,6 +1168,7 @@ impl RequestContext {
("rags_dir", display_path(&paths::rags_dir())),
("macros_dir", display_path(&paths::macros_dir())),
("functions_dir", display_path(&paths::functions_dir())),
("sbx_kit_dir", display_path(&paths::sbx_kit_dir())),
("messages_file", display_path(&self.messages_file())),
];
@@ -1203,7 +1282,7 @@ impl RequestContext {
pub fn generate_prompt_context(&self, app: &AppConfig) -> HashMap<&str, String> {
let mut output = HashMap::new();
let role = self.extract_role(app).unwrap_or_else(|err| {
let role = self.extract_role_impl(app, false).unwrap_or_else(|err| {
warn!("failed to compute effective role for prompt rendering: {err}");
Role::default()
});
@@ -1947,6 +2026,7 @@ impl RequestContext {
} else {
self.update_app_config(|app| app.skills_enabled = value.unwrap_or(true));
}
self.refresh_tool_scope(abort_signal.clone()).await?;
}
"enabled_mcp_servers" => {
let raw: Option<String> = super::parse_value(value)?;
@@ -2201,11 +2281,6 @@ impl RequestContext {
super::map_completion_values(values)
}
".macro" => super::map_completion_values(paths::list_macros()),
".skill" => super::map_completion_values(vec![
"loaded".to_string(),
"load".to_string(),
"unload".to_string(),
]),
".starter" => match &self.agent {
Some(agent) => agent
.conversation_starters()
@@ -2227,6 +2302,7 @@ impl RequestContext {
"inject_skill_instructions",
"skill_instructions",
"max_auto_continues",
"memory",
"save_session",
"compression_threshold",
"rag_reranker_model",
@@ -2264,6 +2340,17 @@ impl RequestContext {
}
_ => vec![],
};
} else if cmd == ".mcp" && args.first() == Some(&"auth") && args.len() == 2 {
if let Some(mcp_config) = &self.app.mcp_config {
values = super::map_completion_values(
mcp_config
.mcp_servers
.iter()
.filter(|(_, spec)| spec.is_remote())
.map(|(name, _)| name.clone())
.collect(),
);
}
} else if (cmd == ".edit" && args.first() == Some(&"skill") && args.len() == 2)
|| (cmd == ".skill" && args.first() == Some(&"load") && args.len() == 2)
{
@@ -2401,7 +2488,7 @@ impl RequestContext {
_ => vec![],
};
values = candidates.into_iter().map(|v| (v, None)).collect();
} else if cmd == ".vault" && args.len() == 2 {
} else if cmd == ".vault" && args.len() == 2 && args[0] != "list" {
values = self
.app
.vault
@@ -3611,6 +3698,7 @@ mod tests {
cwd: None,
url: None,
headers: None,
oauth_client_id: None,
},
);
}
@@ -3757,6 +3845,44 @@ mod tests {
);
}
#[test]
#[serial]
fn update_skills_enabled_false_removes_skill_meta_tools_from_scope() {
let _guard = TestConfigDirGuard::new();
let app_state = app_state_with_mcp_config(false, &[]);
let mut ctx = RequestContext::new(app_state, WorkingMode::Repl);
let app = ctx.app.config.clone();
let abort = utils::create_abort_signal();
run_async(ctx.rebuild_tool_scope(&app, None, abort.clone())).unwrap();
let names_before: Vec<String> = ctx
.tool_scope
.functions
.declarations()
.iter()
.map(|f| f.name.clone())
.collect();
assert!(
names_before.iter().any(|n| n.starts_with("skill__")),
"expected skill__* functions before toggle, got: {names_before:?}"
);
run_async(ctx.update("skills_enabled false", abort)).unwrap();
let names_after: Vec<String> = ctx
.tool_scope
.functions
.declarations()
.iter()
.map(|f| f.name.clone())
.collect();
assert!(
!names_after.iter().any(|n| n.starts_with("skill__")),
"expected skill__* functions to be removed after `.set skills_enabled false`, got: {names_after:?}"
);
}
#[test]
fn select_functions_returns_none_when_no_tools_enabled() {
let ctx = create_test_ctx();
@@ -4056,9 +4182,84 @@ mod tests {
}
#[test]
fn state_empty_context() {
fn state_empty_context_has_no_context_flags() {
let ctx = create_test_ctx();
assert_eq!(ctx.state(), StateFlags::empty());
let state = ctx.state();
assert!(!state.contains(StateFlags::ROLE));
assert!(!state.contains(StateFlags::SESSION));
assert!(!state.contains(StateFlags::SESSION_EMPTY));
assert!(!state.contains(StateFlags::AGENT));
assert!(!state.contains(StateFlags::RAG));
}
#[test]
fn state_includes_function_calling_when_app_enables_it() {
let ctx = create_test_ctx();
assert!(ctx.state().contains(StateFlags::FUNCTION_CALLING));
}
#[test]
fn state_includes_skills_enabled_when_app_enables_it() {
let ctx = create_test_ctx();
assert!(ctx.state().contains(StateFlags::SKILLS_ENABLED));
}
#[test]
fn state_omits_skills_enabled_when_app_disables_it() {
let mut ctx = create_test_ctx();
ctx.update_app_config(|app| app.skills_enabled = false);
assert!(!ctx.state().contains(StateFlags::SKILLS_ENABLED));
}
#[test]
fn state_skills_enabled_respects_session_override() {
let mut ctx = create_test_ctx();
let mut session = Session::default();
session.set_skills_enabled(Some(false));
ctx.session = Some(session);
assert!(!ctx.state().contains(StateFlags::SKILLS_ENABLED));
}
#[test]
fn state_skills_enabled_respects_role_override() {
let mut ctx = create_test_ctx();
let role = Role::new("r", "---\nskills_enabled: false\n---\nbody");
ctx.role = Some(role);
assert!(!ctx.state().contains(StateFlags::SKILLS_ENABLED));
}
#[test]
fn state_omits_function_calling_when_app_disables_it() {
let app_state = {
let config = AppConfig {
function_calling_support: false,
..AppConfig::default()
};
Arc::new(AppState {
config: Arc::new(config),
vault: Arc::new(Vault::default()),
mcp_factory: Arc::new(McpFactory::default()),
rag_cache: Arc::new(RagCache::default()),
mcp_config: None,
mcp_log_path: None,
mcp_registry: None,
functions: Functions::default(),
})
};
let ctx = RequestContext::new(app_state, WorkingMode::Cmd);
assert!(!ctx.state().contains(StateFlags::FUNCTION_CALLING));
}
#[test]
@@ -4086,6 +4287,144 @@ mod tests {
assert!(state.contains(StateFlags::SESSION_EMPTY));
}
#[test]
fn todo_info_errors_when_auto_continue_disabled() {
let ctx = create_test_ctx();
let err = ctx.todo_info().unwrap_err();
let msg = err.to_string();
assert!(
msg.contains("Auto-continuation is disabled"),
"expected error to mention auto-continuation, got: {msg}"
);
}
#[test]
fn todo_info_returns_empty_message_when_list_is_empty() {
let mut ctx = create_test_ctx();
ctx.update_app_config(|app| app.auto_continue = true);
let info = ctx.todo_info().unwrap();
assert!(
info.contains("No todos in the running list"),
"expected 'No todos' message, got: {info}"
);
}
#[test]
fn todo_info_renders_running_list() {
let mut ctx = create_test_ctx();
ctx.update_app_config(|app| app.auto_continue = true);
ctx.init_todo_list("Map Labs");
ctx.add_todo("Discover columns");
ctx.add_todo("Write report");
ctx.mark_todo_done(1);
let info = ctx.todo_info().unwrap();
assert!(
info.contains("Goal: Map Labs"),
"expected goal in output, got: {info}"
);
assert!(
info.contains("Progress: 1/2 completed"),
"expected progress line, got: {info}"
);
assert!(
info.contains("Discover columns"),
"expected first task, got: {info}"
);
assert!(
info.contains("Write report"),
"expected second task, got: {info}"
);
}
#[test]
fn tools_info_returns_message_when_no_tools_enabled() {
let ctx = create_test_ctx();
let info = ctx.tools_info().unwrap();
assert!(
info.contains("No tools enabled"),
"expected 'No tools enabled' message, got: {info}"
);
}
#[test]
fn tools_info_lists_enabled_tool_names_alphabetically() {
let mut ctx = create_test_ctx();
ctx.tool_scope.functions.append_todo_functions();
let mut role = Role::new("r", "p");
role.set_enabled_tools(Some(vec!["all".to_string()]));
ctx.role = Some(role);
let info = ctx.tools_info().unwrap();
assert!(
info.contains("Tools enabled for the next request:"),
"expected count line, got: {info}"
);
assert!(
info.contains("todo__init"),
"expected todo__init in output, got: {info}"
);
let positions: Vec<usize> = info
.lines()
.filter(|line| line.trim().starts_with("todo__"))
.enumerate()
.map(|(i, _)| i)
.collect();
assert!(
!positions.is_empty(),
"expected at least one todo__ entry, got: {info}"
);
let todo_lines: Vec<&str> = info
.lines()
.filter(|line| line.trim().starts_with("todo__"))
.collect();
let mut sorted = todo_lines.clone();
sorted.sort_unstable();
assert_eq!(
todo_lines, sorted,
"expected todo__ entries to be alphabetically sorted, got: {todo_lines:?}"
);
}
#[test]
fn tools_info_errors_when_function_calling_disabled() {
let app_state = {
let config = AppConfig {
function_calling_support: false,
..AppConfig::default()
};
Arc::new(AppState {
config: Arc::new(config),
vault: Arc::new(Vault::default()),
mcp_factory: Arc::new(McpFactory::default()),
rag_cache: Arc::new(RagCache::default()),
mcp_config: None,
mcp_log_path: None,
mcp_registry: None,
functions: Functions::default(),
})
};
let ctx = RequestContext::new(app_state, WorkingMode::Cmd);
let err = ctx.tools_info().unwrap_err();
let msg = err.to_string();
assert!(
msg.contains("Function calling is disabled"),
"expected error to mention function calling, got: {msg}"
);
}
#[test]
fn role_info_errors_when_no_role() {
let ctx = create_test_ctx();
+8
View File
@@ -163,6 +163,14 @@ impl Session {
self.messages.is_empty() && self.compressed_messages.is_empty()
}
pub fn messages(&self) -> &[Message] {
&self.messages
}
pub fn compressed_messages(&self) -> &[Message] {
&self.compressed_messages
}
pub fn name(&self) -> &str {
&self.name
}
+11
View File
@@ -68,6 +68,14 @@ fn normalize_version(requested: Option<String>) -> Option<String> {
}
}
fn preferred_update_target() -> Option<&'static str> {
match (env::consts::OS, env::consts::ARCH) {
("linux", "x86_64") => Some("x86_64-unknown-linux-musl"),
("linux", "aarch64") => Some("aarch64-unknown-linux-musl"),
_ => None,
}
}
fn is_dir_writable(dir: &Path) -> bool {
let probe = dir.join(format!(".coyote-update-write-test-{}", process::id()));
match OpenOptions::new().write(true).create_new(true).open(&probe) {
@@ -147,6 +155,9 @@ pub fn run_self_update(requested: Option<String>, force: bool) -> Result<()> {
if let Some(tag) = &target_tag {
builder.target_version_tag(tag.as_str());
}
if let Some(target) = preferred_update_target() {
builder.target(target);
}
let status = builder
.build()
.context("Failed to configure the self-update")?
+8 -1
View File
@@ -1292,11 +1292,13 @@ pub fn run_llm_function(
let mut buffer = [0; 1024];
let mut reader = stdout;
let mut out = io::stdout();
let mut buf = Vec::new();
while let Ok(n) = reader.read(&mut buffer) {
if n == 0 {
break;
}
let chunk = &buffer[0..n];
buf.extend_from_slice(chunk);
let mut last_pos = 0;
for (i, &byte) in chunk.iter().enumerate() {
if byte == b'\n' {
@@ -1310,6 +1312,7 @@ pub fn run_llm_function(
}
let _ = out.flush();
}
buf
});
let stderr_thread = std::thread::spawn(move || {
@@ -1342,18 +1345,22 @@ pub fn run_llm_function(
let status = child
.wait()
.map_err(|err| anyhow!("Unable to run {command_name}, {err}"))?;
let _ = stdout_thread.join();
let stdout_bytes = stdout_thread.join().unwrap_or_default();
let stderr_bytes = stderr_thread.join().unwrap_or_default();
let exit_code = status.code().unwrap_or_default();
if exit_code != 0 {
let stderr = String::from_utf8_lossy(&stderr_bytes).trim().to_string();
let stdout = String::from_utf8_lossy(&stdout_bytes).trim().to_string();
let tool_error_message = format!("Tool call '{command_name}' exited with code {exit_code}");
eprintln!("{}", warning_text(&format!("⚠️ {tool_error_message} ⚠️")));
let mut error_json = json!({"tool_call_error": tool_error_message});
if !stderr.is_empty() {
error_json["stderr"] = json!(stderr);
}
if !stdout.is_empty() {
error_json["stdout"] = json!(stdout);
}
debug!("Tool call error: {error_json:?}");
return Ok(Some(error_json.to_string()));
}
+75 -6
View File
@@ -10,6 +10,7 @@ mod repl;
mod utils;
mod mcp;
mod parsers;
mod sandbox;
mod supervisor;
mod vault;
@@ -27,18 +28,22 @@ use crate::config::{
install_builtins, list_agents, load_env_file, macro_execute, sync_models,
};
use crate::function::supervisor::{GuardrailAction, check_pending_agents_guardrail};
use crate::mcp::McpServersConfig;
use crate::render::{prompt_theme, render_error};
use crate::repl::Repl;
use crate::utils::*;
use crate::vault::Vault;
use anyhow::{Result, anyhow, bail};
use crate::vault::{Vault, interpolate_secrets};
use anyhow::{Context, Result, anyhow, bail};
use clap::{CommandFactory, Parser};
use clap_complete::CompleteEnv;
use client::ClientConfig;
use inquire::{Select, Text, set_global_render_config};
use log::{LevelFilter, warn};
use log4rs::append::console::ConsoleAppender;
use log4rs::append::file::FileAppender;
use log4rs::append::rolling_file::RollingFileAppender;
use log4rs::append::rolling_file::policy::compound::CompoundPolicy;
use log4rs::append::rolling_file::policy::compound::roll::fixed_window::FixedWindowRoller;
use log4rs::append::rolling_file::policy::compound::trigger::size::SizeTrigger;
use log4rs::config::{Appender, Logger, Root};
use log4rs::encode::pattern::PatternEncoder;
use oauth::OAuthProvider;
@@ -56,6 +61,7 @@ async fn main() -> Result<()> {
shell.generate_completions(&mut cmd);
return Ok(());
}
if cli.tail_logs {
tail_logs(cli.disable_log_colors).await;
return Ok(());
@@ -92,6 +98,10 @@ async fn main() -> Result<()> {
.await?;
}
if let Some(name) = &cli.sandbox {
return sandbox::launch(name.clone(), cli.fresh, cli.no_mixins);
}
install_builtins()?;
if let Some(category) = cli.install {
@@ -111,6 +121,49 @@ async fn main() -> Result<()> {
return Ok(());
}
if let Some(server_name) = &cli.auth_mcp {
let cfg = Config::load_with_interpolation(true).await?;
let app_config = AppConfig::from_config(cfg)?;
let vault = Vault::init(&app_config)?;
let mcp_path = paths::mcp_config_file();
if !mcp_path.exists() {
bail!(
"No MCP configuration file found at '{}'",
mcp_path.display()
);
}
let raw = tokio::fs::read_to_string(&mcp_path)
.await
.with_context(|| format!("Failed to read MCP config at '{}'", mcp_path.display()))?;
let (content, missing) = interpolate_secrets(&raw, &vault)?;
if !missing.is_empty() {
bail!(
"MCP config references vault secrets that are missing: {:?}",
missing
);
}
let mcp_config: McpServersConfig =
serde_json::from_str(&content).context("Failed to parse MCP config file")?;
let spec = mcp_config
.mcp_servers
.get(server_name.as_str())
.ok_or_else(|| anyhow!("MCP server '{server_name}' not found in mcp.json"))?;
if !spec.is_remote() {
bail!(
"MCP server '{server_name}' is a stdio server; OAuth is only supported for http/sse servers"
);
}
let url = spec.url.as_deref().expect("validated: remote spec has url");
mcp::oauth::run_mcp_oauth_flow(server_name, url, spec.oauth_client_id.as_deref()).await?;
println!("Authentication saved. '{server_name}' is now available for use.");
return Ok(());
}
if vault_flags {
let cfg = Config::load_with_interpolation(true).await?;
let app_config = AppConfig::from_config(cfg)?;
@@ -131,7 +184,10 @@ async fn main() -> Result<()> {
)
.await?,
);
let ctx = RequestContext::bootstrap(app_state, working_mode, info_flag)?;
let mut ctx = RequestContext::bootstrap(app_state, working_mode, info_flag)?;
let app_config = Arc::clone(&ctx.app.config);
ctx.bootstrap_tools(&app_config, start_mcp_servers, abort_signal.clone())
.await?;
{
let app = &*ctx.app.config;
@@ -576,7 +632,20 @@ fn setup_logger() -> Result<Option<PathBuf>> {
}
Some(path) => {
ensure_parent_exists(&path)?;
let file_appender = FileAppender::builder().encoder(encoder.clone()).build(path);
let archive_pattern = path
.with_extension("archived.{}.log")
.to_string_lossy()
.into_owned();
let trigger = SizeTrigger::new(10 * 1024 * 1024);
let roller = FixedWindowRoller::builder()
.build(&archive_pattern, 5)
.unwrap();
let policy = CompoundPolicy::new(Box::new(trigger), Box::new(roller));
let file_appender = RollingFileAppender::builder()
.encoder(encoder.clone())
.build(path, Box::new(policy));
match file_appender {
Ok(appender) => {
@@ -599,7 +668,7 @@ fn setup_logger() -> Result<Option<PathBuf>> {
fn init_file_logger(
log_level: LevelFilter,
log_filter: Option<String>,
file_appender: FileAppender,
file_appender: RollingFileAppender,
) -> log4rs::Config {
let root_log_level = if log_filter.is_some() {
LevelFilter::Off
+172 -11
View File
@@ -1,3 +1,4 @@
pub(crate) mod oauth;
mod sse_transport;
use crate::config::AppConfig;
@@ -73,6 +74,8 @@ pub(crate) struct McpServer {
pub url: Option<String>,
#[serde(skip_serializing_if = "Option::is_none")]
pub headers: Option<IndexMap<String, String>>,
#[serde(skip_serializing_if = "Option::is_none")]
pub oauth_client_id: Option<String>,
}
impl McpServer {
@@ -107,10 +110,10 @@ impl McpServer {
"MCP server '{name}' is missing a \"command\" field (required for stdio transport)"
));
}
if self.url.is_some() || self.headers.is_some() {
if self.url.is_some() || self.headers.is_some() || self.oauth_client_id.is_some() {
return Err(anyhow!(
"MCP server '{name}' has type \"stdio\" but also specifies remote fields \
(url/headers). Remove the remote fields or change the type to \"http\" or \"sse\"."
(url/headers/oauth_client_id). Remove the remote fields or change the type to \"http\" or \"sse\"."
));
}
}
@@ -237,7 +240,7 @@ impl McpRegistry {
debug!("Starting selected MCP servers: {:?}", ids_to_start);
let results: Vec<(String, Arc<_>, ServerCatalog)> = stream::iter(
let results: Vec<Option<(String, Arc<ConnectedServer>, ServerCatalog)>> = stream::iter(
ids_to_start
.into_iter()
.map(|id| async { self.start_server(id).await }),
@@ -246,7 +249,7 @@ impl McpRegistry {
.try_collect()
.await?;
for (id, server, catalog) in results {
for (id, server, catalog) in results.into_iter().flatten() {
self.servers.insert(id.clone(), server);
self.catalogs.insert(id, catalog);
}
@@ -257,14 +260,30 @@ impl McpRegistry {
async fn start_server(
&self,
id: String,
) -> Result<(String, Arc<ConnectedServer>, ServerCatalog)> {
) -> Result<Option<(String, Arc<ConnectedServer>, ServerCatalog)>> {
let spec = self
.config
.as_ref()
.and_then(|c| c.mcp_servers.get(&id))
.with_context(|| format!("MCP server not found in config: {id}"))?;
let service = spawn_mcp_server(spec, self.log_path.as_deref()).await?;
let bearer_token = if spec.is_remote() {
oauth::load_valid_mcp_token(&id)
} else {
None
};
let service = match spawn_mcp_server(spec, self.log_path.as_deref(), bearer_token).await {
Ok(s) => s,
Err(e) if is_auth_required_error(&e) => {
warn!(
"MCP server '{id}' requires OAuth authentication. \
Run `.mcp auth {id}` in the REPL to authenticate, then restart Coyote."
);
return Ok(None);
}
Err(e) => return Err(e),
};
let tools = service.list_tools(None).await?;
debug!("Available tools for MCP server {id}: {tools:?}");
@@ -289,7 +308,7 @@ impl McpRegistry {
info!("Started MCP server: {id}");
Ok((id.to_string(), service, catalog))
Ok(Some((id.to_string(), service, catalog)))
}
fn resolve_server_ids(&self, enabled_mcp_servers: Option<Vec<String>>) -> Vec<String> {
@@ -337,15 +356,18 @@ impl McpRegistry {
pub(crate) async fn spawn_mcp_server(
spec: &McpServer,
log_path: Option<&Path>,
bearer_token: Option<String>,
) -> Result<Arc<ConnectedServer>> {
match spec.transport_type {
McpTransportType::Http => {
let url = spec.url.as_deref().expect("validated: http spec has url");
spawn_http_mcp_server(url, spec.headers.as_ref()).await
let headers = merge_bearer_token(spec.headers.as_ref(), bearer_token);
spawn_http_mcp_server(url, headers.as_ref()).await
}
McpTransportType::Sse => {
let url = spec.url.as_deref().expect("validated: sse spec has url");
spawn_sse_mcp_server(url, spec.headers.as_ref()).await
let headers = merge_bearer_token(spec.headers.as_ref(), bearer_token);
spawn_sse_mcp_server(url, headers.as_ref()).await
}
McpTransportType::Stdio => {
let command = spec
@@ -357,6 +379,30 @@ pub(crate) async fn spawn_mcp_server(
}
}
fn merge_bearer_token(
headers: Option<&IndexMap<String, String>>,
bearer_token: Option<String>,
) -> Option<IndexMap<String, String>> {
match (headers, bearer_token) {
(None, None) => None,
(Some(h), None) => Some(h.clone()),
(None, Some(token)) => {
let mut m = IndexMap::new();
m.insert("Authorization".to_string(), format!("Bearer {token}"));
Some(m)
}
(Some(h), Some(token)) => {
let mut m = h.clone();
m.insert("Authorization".to_string(), format!("Bearer {token}"));
Some(m)
}
}
}
fn is_auth_required_error(e: &anyhow::Error) -> bool {
e.to_string().contains("Auth required")
}
async fn spawn_http_mcp_server(
url: &str,
headers: Option<&IndexMap<String, String>>,
@@ -433,8 +479,12 @@ async fn spawn_stdio_mcp_server(
let log_file = OpenOptions::new()
.create(true)
.append(true)
.open(log_path)?;
let (transport, _) = TokioChildProcess::builder(cmd).stderr(log_file).spawn()?;
.open(log_path)
.with_context(|| format!("Failed to open MCP log file at '{}'", log_path.display()))?;
let (transport, _) = TokioChildProcess::builder(cmd)
.stderr(log_file)
.spawn()
.with_context(|| format!("Failed to spawn MCP server: {command}"))?;
transport
} else {
TokioChildProcess::new(cmd)?
@@ -461,6 +511,7 @@ mod tests {
cwd: None,
url: None,
headers: None,
oauth_client_id: None,
}
}
@@ -473,6 +524,7 @@ mod tests {
cwd: None,
url: Some(url.to_string()),
headers: None,
oauth_client_id: None,
}
}
@@ -485,6 +537,7 @@ mod tests {
cwd: None,
url: Some(url.to_string()),
headers: None,
oauth_client_id: None,
}
}
@@ -502,6 +555,7 @@ mod tests {
#[test]
fn validate_stdio_with_command_succeeds() {
let spec = stdio_server("npx");
assert!(spec.validate("test").is_ok());
}
@@ -515,8 +569,11 @@ mod tests {
cwd: None,
url: None,
headers: None,
oauth_client_id: None,
};
let err = spec.validate("test").unwrap_err();
assert!(err.to_string().contains("missing a \"command\" field"));
}
@@ -530,8 +587,11 @@ mod tests {
cwd: None,
url: Some("http://localhost".into()),
headers: None,
oauth_client_id: None,
};
let err = spec.validate("test").unwrap_err();
assert!(err.to_string().contains("remote fields"));
}
@@ -547,14 +607,18 @@ mod tests {
cwd: None,
url: None,
headers: Some(headers),
oauth_client_id: None,
};
let err = spec.validate("test").unwrap_err();
assert!(err.to_string().contains("remote fields"));
}
#[test]
fn validate_http_with_url_succeeds() {
let spec = http_server("http://localhost:8080");
assert!(spec.validate("test").is_ok());
}
@@ -568,8 +632,11 @@ mod tests {
cwd: None,
url: None,
headers: None,
oauth_client_id: None,
};
let err = spec.validate("test").unwrap_err();
assert!(err.to_string().contains("missing a \"url\" field"));
}
@@ -583,8 +650,11 @@ mod tests {
cwd: None,
url: Some("http://localhost".into()),
headers: None,
oauth_client_id: None,
};
let err = spec.validate("test").unwrap_err();
assert!(err.to_string().contains("stdio fields"));
}
@@ -598,8 +668,11 @@ mod tests {
cwd: None,
url: Some("http://localhost".into()),
headers: None,
oauth_client_id: None,
};
let err = spec.validate("test").unwrap_err();
assert!(err.to_string().contains("stdio fields"));
}
@@ -613,14 +686,18 @@ mod tests {
cwd: Some("/tmp".into()),
url: Some("http://localhost".into()),
headers: None,
oauth_client_id: None,
};
let err = spec.validate("test").unwrap_err();
assert!(err.to_string().contains("stdio fields"));
}
#[test]
fn validate_sse_with_url_succeeds() {
let spec = sse_server("http://sse.example.com");
assert!(spec.validate("test").is_ok());
}
@@ -634,8 +711,11 @@ mod tests {
cwd: None,
url: None,
headers: None,
oauth_client_id: None,
};
let err = spec.validate("test").unwrap_err();
assert!(err.to_string().contains("missing a \"url\" field"));
}
@@ -661,9 +741,13 @@ mod tests {
}
}
}"#;
let config: McpServersConfig = serde_json::from_str(json).unwrap();
assert!(config.mcp_servers.contains_key("my-server"));
let spec = &config.mcp_servers["my-server"];
assert_eq!(spec.transport_type, McpTransportType::Stdio);
assert_eq!(spec.command.as_deref(), Some("npx"));
assert_eq!(
@@ -684,7 +768,9 @@ mod tests {
}
}"#;
let config: McpServersConfig = serde_json::from_str(json).unwrap();
let spec = &config.mcp_servers["remote"];
assert_eq!(spec.transport_type, McpTransportType::Http);
assert_eq!(spec.url.as_deref(), Some("http://localhost:8080/mcp"));
assert_eq!(
@@ -709,7 +795,9 @@ mod tests {
}
}"#;
let config: McpServersConfig = serde_json::from_str(json).unwrap();
let env = config.mcp_servers["s"].env.as_ref().unwrap();
assert!(matches!(env["STR_VAR"], JsonField::Str(ref s) if s == "hello"));
assert!(matches!(env["BOOL_VAR"], JsonField::Bool(true)));
assert!(matches!(env["INT_VAR"], JsonField::Int(42)));
@@ -723,7 +811,9 @@ mod tests {
"remote-api": { "type": "http", "url": "http://api.example.com" }
}
}"#;
let config: McpServersConfig = serde_json::from_str(json).unwrap();
assert_eq!(config.mcp_servers.len(), 2);
assert!(config.mcp_servers.contains_key("github"));
assert!(config.mcp_servers.contains_key("remote-api"));
@@ -732,7 +822,9 @@ mod tests {
#[test]
fn deserialize_empty_servers_map() {
let json = r#"{ "mcpServers": {} }"#;
let config: McpServersConfig = serde_json::from_str(json).unwrap();
assert!(config.mcp_servers.is_empty());
}
@@ -747,77 +839,96 @@ mod tests {
}
}
}"#;
let config: McpServersConfig = serde_json::from_str(json).unwrap();
assert_eq!(config.mcp_servers["s"].cwd.as_deref(), Some("/tmp/work"));
}
#[test]
fn resolve_all_returns_all_configured_servers() {
let registry = make_registry_with_config(&["github", "slack", "jira"]);
let mut ids = registry.resolve_server_ids(Some(vec!["all".to_string()]));
ids.sort();
assert_eq!(ids, vec!["github", "jira", "slack"]);
}
#[test]
fn resolve_comma_separated_returns_matching_servers() {
let registry = make_registry_with_config(&["github", "slack", "jira"]);
let mut ids =
registry.resolve_server_ids(Some(vec!["github".to_string(), "jira".to_string()]));
ids.sort();
assert_eq!(ids, vec!["github", "jira"]);
}
#[test]
fn resolve_single_server_name() {
let registry = make_registry_with_config(&["github", "slack"]);
let ids = registry.resolve_server_ids(Some(vec!["slack".to_string()]));
assert_eq!(ids, vec!["slack"]);
}
#[test]
fn resolve_none_returns_empty() {
let registry = make_registry_with_config(&["github"]);
let ids = registry.resolve_server_ids(None);
assert!(ids.is_empty());
}
#[test]
fn resolve_no_config_returns_empty() {
let registry = McpRegistry::default();
let ids = registry.resolve_server_ids(Some(vec!["all".to_string()]));
assert!(ids.is_empty());
}
#[test]
fn resolve_nonexistent_server_filtered_out() {
let registry = make_registry_with_config(&["github"]);
let ids = registry
.resolve_server_ids(Some(vec!["github".to_string(), "nonexistent".to_string()]));
assert_eq!(ids, vec!["github"]);
}
#[test]
fn resolve_all_nonexistent_returns_empty() {
let registry = make_registry_with_config(&["github"]);
let ids = registry.resolve_server_ids(Some(vec!["foo".to_string(), "bar".to_string()]));
assert!(ids.is_empty());
}
#[test]
fn resolve_trims_whitespace() {
let registry = make_registry_with_config(&["github", "slack"]);
let mut ids = registry.resolve_server_ids(Some(vec![
" github ".to_string(),
" slack ".to_string(),
]));
ids.sort();
assert_eq!(ids, vec!["github", "slack"]);
}
#[test]
fn registry_default_is_empty() {
let registry = McpRegistry::default();
assert!(registry.is_empty());
assert!(registry.list_started_servers().is_empty());
assert!(registry.mcp_config().is_none());
@@ -827,6 +938,7 @@ mod tests {
#[test]
fn registry_with_config_reports_config() {
let registry = make_registry_with_config(&["github"]);
assert!(registry.mcp_config().is_some());
assert!(
registry
@@ -843,4 +955,53 @@ mod tests {
assert_eq!(MCP_SEARCH_META_FUNCTION_NAME_PREFIX, "mcp_search");
assert_eq!(MCP_DESCRIBE_META_FUNCTION_NAME_PREFIX, "mcp_describe");
}
#[test]
fn merge_bearer_token_both_none_returns_none() {
assert!(merge_bearer_token(None, None).is_none());
}
#[test]
fn merge_bearer_token_headers_only_passes_through() {
let mut h = IndexMap::new();
h.insert("X-Key".to_string(), "val".to_string());
let result = merge_bearer_token(Some(&h), None).unwrap();
assert_eq!(result["X-Key"], "val");
assert!(!result.contains_key("Authorization"));
}
#[test]
fn merge_bearer_token_token_only_injects_bearer() {
let result = merge_bearer_token(None, Some("tok123".to_string())).unwrap();
assert_eq!(result["Authorization"], "Bearer tok123");
}
#[test]
fn merge_bearer_token_both_merges_and_overrides_authorization() {
let mut h = IndexMap::new();
h.insert("Authorization".to_string(), "old".to_string());
h.insert("X-Custom".to_string(), "keep".to_string());
let result = merge_bearer_token(Some(&h), Some("newtoken".to_string())).unwrap();
assert_eq!(result["Authorization"], "Bearer newtoken");
assert_eq!(result["X-Custom"], "keep");
}
#[test]
fn is_auth_required_error_matches_rmcp_message() {
let e = anyhow!("Auth required, when send initialize request");
assert!(is_auth_required_error(&e));
}
#[test]
fn is_auth_required_error_does_not_match_unrelated() {
let e = anyhow!("Connection refused");
assert!(!is_auth_required_error(&e));
}
}
+329
View File
@@ -0,0 +1,329 @@
use crate::client::oauth::{OAuthProvider, TokenRequestFormat, load_oauth_tokens, run_oauth_flow};
use crate::config::paths;
use anyhow::{Context, Result, anyhow};
use chrono::Utc;
use inquire::Text;
use log::warn;
use reqwest::Client;
use serde::{Deserialize, Serialize};
use std::fs;
use std::net::TcpListener;
use url::Url;
#[derive(Debug, Deserialize)]
struct ProtectedResourceMetadata {
#[serde(default)]
authorization_servers: Vec<String>,
}
#[derive(Debug, Deserialize)]
struct OAuthServerMetadata {
authorization_endpoint: String,
token_endpoint: String,
#[serde(default)]
scopes_supported: Vec<String>,
registration_endpoint: Option<String>,
}
#[derive(Serialize, Deserialize)]
struct McpRegistration {
client_id: String,
}
struct McpOAuthProvider {
client_id: String,
authorize_url: String,
token_url: String,
scopes: String,
fixed_redirect: String,
}
impl OAuthProvider for McpOAuthProvider {
fn provider_name(&self) -> &str {
"MCP"
}
fn client_id(&self) -> &str {
&self.client_id
}
fn authorize_url(&self) -> &str {
&self.authorize_url
}
fn token_url(&self) -> &str {
&self.token_url
}
fn redirect_uri(&self) -> &str {
""
}
fn scopes(&self) -> &str {
&self.scopes
}
fn token_request_format(&self) -> TokenRequestFormat {
TokenRequestFormat::FormUrlEncoded
}
fn uses_localhost_redirect(&self) -> bool {
false
}
fn fixed_redirect_uri(&self) -> Option<String> {
Some(self.fixed_redirect.clone())
}
}
pub async fn run_mcp_oauth_flow(
server_name: &str,
server_url: &str,
configured_client_id: Option<&str>,
) -> Result<()> {
let metadata = discover_oauth_metadata(server_url).await?;
let listener = TcpListener::bind("127.0.0.1:0")?;
let port = listener.local_addr()?.port();
drop(listener);
let redirect_uri = format!("http://127.0.0.1:{port}/callback");
let client_id = if let Some(id) = configured_client_id {
id.to_string()
} else if let Some(cached) = load_registered_client_id(server_name) {
cached
} else if let Some(reg_endpoint) = &metadata.registration_endpoint {
match register_client(reg_endpoint, &redirect_uri).await {
Ok(id) => {
let _ = save_registered_client_id(server_name, &id);
id
}
Err(e) => {
warn!("Dynamic client registration failed: {e}. Falling back to manual entry.");
Text::new("Enter the OAuth client ID for this MCP server:")
.prompt()
.context("Failed to read client ID")?
}
}
} else {
Text::new("Enter the OAuth client ID for this MCP server:")
.prompt()
.context("Failed to read client ID")?
};
let provider = McpOAuthProvider {
client_id,
authorize_url: metadata.authorization_endpoint,
token_url: metadata.token_endpoint,
scopes: metadata.scopes_supported.join(" "),
fixed_redirect: redirect_uri,
};
run_oauth_flow(&provider, &mcp_token_key(server_name)).await
}
pub fn load_valid_mcp_token(server_name: &str) -> Option<String> {
let tokens = load_oauth_tokens(&mcp_token_key(server_name))?;
if Utc::now().timestamp() < tokens.expires_at {
Some(tokens.access_token)
} else {
None
}
}
fn mcp_token_key(server_name: &str) -> String {
format!("mcp_{server_name}")
}
fn load_registered_client_id(server_name: &str) -> Option<String> {
let path = paths::oauth_tokens_path().join(format!("mcp_{server_name}_registration.json"));
let content = fs::read_to_string(path).ok()?;
let reg: McpRegistration = serde_json::from_str(&content).ok()?;
Some(reg.client_id)
}
fn save_registered_client_id(server_name: &str, client_id: &str) -> Result<()> {
let dir = paths::oauth_tokens_path();
fs::create_dir_all(&dir)?;
let path = dir.join(format!("mcp_{server_name}_registration.json"));
let reg = McpRegistration {
client_id: client_id.to_string(),
};
fs::write(path, serde_json::to_string_pretty(&reg)?)?;
Ok(())
}
async fn register_client(endpoint: &str, redirect_uri: &str) -> Result<String> {
let body = serde_json::json!({
"client_name": "Coyote",
"redirect_uris": [redirect_uri],
"grant_types": ["authorization_code", "refresh_token"],
"response_types": ["code"],
"token_endpoint_auth_method": "none"
});
let response: serde_json::Value = Client::new()
.post(endpoint)
.json(&body)
.send()
.await
.context("Failed to reach registration endpoint")?
.json()
.await
.context("Failed to parse registration response")?;
response["client_id"]
.as_str()
.ok_or_else(|| anyhow!("Missing client_id in registration response: {response}"))
.map(|s| s.to_string())
}
async fn discover_oauth_metadata(server_url: &str) -> Result<OAuthServerMetadata> {
let base = extract_base_url(server_url)?;
let client = Client::new();
// RFC 9728: try protected resource metadata first; it points to the auth server
let pr_url = format!("{base}/.well-known/oauth-protected-resource");
if let Ok(resp) = client.get(&pr_url).send().await
&& resp.status().is_success()
&& let Ok(pr) = resp.json::<ProtectedResourceMetadata>().await
&& let Some(auth_server) = pr.authorization_servers.first()
{
let as_url = format!("{auth_server}/.well-known/oauth-authorization-server");
if let Ok(resp) = client.get(&as_url).send().await
&& resp.status().is_success()
&& let Ok(meta) = resp.json::<OAuthServerMetadata>().await
{
return Ok(meta);
}
}
let as_url = format!("{base}/.well-known/oauth-authorization-server");
let resp = client
.get(&as_url)
.send()
.await
.with_context(|| format!("Failed to reach {as_url}"))?;
if resp.status().is_success() {
return resp
.json::<OAuthServerMetadata>()
.await
.with_context(|| format!("Failed to parse OAuth metadata from {as_url}"));
}
Err(anyhow!(
"Could not discover OAuth metadata for '{server_url}'.\n\
Tried:\n {pr_url}\n {as_url}\n\
Ensure the server supports MCP OAuth discovery, or consult its documentation."
))
}
fn extract_base_url(url: &str) -> Result<String> {
let parsed = Url::parse(url).with_context(|| format!("Invalid URL: {url}"))?;
let scheme = parsed.scheme();
let host = parsed
.host_str()
.ok_or_else(|| anyhow!("No host in URL: {url}"))?;
let port = parsed.port().map(|p| format!(":{p}")).unwrap_or_default();
Ok(format!("{scheme}://{host}{port}"))
}
#[cfg(test)]
mod tests {
use super::*;
use crate::utils::get_env_name;
use serial_test::serial;
use std::{
env, fs,
time::{self, SystemTime},
};
fn with_temp_cache<F: FnOnce()>(f: F) {
let unique = SystemTime::now()
.duration_since(time::UNIX_EPOCH)
.unwrap()
.as_nanos();
let root = env::temp_dir().join(format!("coyote-mcp-oauth-test-{unique}"));
fs::create_dir_all(&root).unwrap();
let env_key = get_env_name("cache_dir");
let prev = env::var_os(&env_key);
unsafe {
env::set_var(&env_key, &root);
}
f();
unsafe {
match prev {
Some(v) => env::set_var(&env_key, v),
None => env::remove_var(&env_key),
}
}
let _ = fs::remove_dir_all(&root);
}
#[test]
fn extract_base_url_strips_path_and_query() {
let result = extract_base_url("https://mcp.notion.com/mcp?foo=bar").unwrap();
assert_eq!(result, "https://mcp.notion.com");
}
#[test]
fn extract_base_url_preserves_explicit_port() {
let result = extract_base_url("http://localhost:8080/mcp").unwrap();
assert_eq!(result, "http://localhost:8080");
}
#[test]
fn extract_base_url_standard_port_omitted() {
let result = extract_base_url("https://example.com/mcp/v1").unwrap();
assert_eq!(result, "https://example.com");
}
#[test]
fn extract_base_url_rejects_invalid_url() {
assert!(extract_base_url("not-a-url").is_err());
}
#[test]
#[serial]
fn registered_client_id_roundtrip() {
with_temp_cache(|| {
save_registered_client_id("notion", "client-xyz-123").unwrap();
let loaded = load_registered_client_id("notion");
assert_eq!(loaded, Some("client-xyz-123".to_string()));
});
}
#[test]
#[serial]
fn load_registered_client_id_returns_none_for_missing() {
with_temp_cache(|| {
let loaded = load_registered_client_id("no-such-server");
assert!(loaded.is_none());
});
}
#[test]
#[serial]
fn registered_client_id_second_save_overwrites_first() {
with_temp_cache(|| {
save_registered_client_id("github", "first-id").unwrap();
save_registered_client_id("github", "second-id").unwrap();
let loaded = load_registered_client_id("github");
assert_eq!(loaded, Some("second-id".to_string()));
});
}
}
+287 -16
View File
@@ -6,7 +6,10 @@ use self::completer::ReplCompleter;
use self::highlighter::ReplHighlighter;
use self::prompt::ReplPrompt;
use crate::client::{call_chat_completions, call_chat_completions_streaming, init_client, oauth};
use crate::client::{
Message, MessageRole, call_chat_completions, call_chat_completions_streaming, init_client,
oauth,
};
use crate::config::{
AgentVariables, AppConfig, AssertState, Input, LastMessage, RequestContext, StateFlags,
macro_execute,
@@ -15,10 +18,12 @@ use crate::config::{AssetCategory, paths};
use crate::function::supervisor::{GuardrailAction, check_pending_agents_guardrail};
use crate::render::render_error;
use crate::utils::{
AbortSignal, abortable_run_with_spinner, create_abort_signal, dimmed_text, set_text, temp_file,
AbortSignal, SHELL, abortable_run_with_spinner, create_abort_signal, dimmed_text, run_command,
set_text, temp_file,
};
use crate::{config, graph, resolve_oauth_client};
use crate::sandbox::SANDBOX_ENV_FLAG;
use crate::{config, graph, mcp, resolve_oauth_client};
use anyhow::{Context, Result, bail};
use crossterm::cursor::SetCursorStyle;
use fancy_regex::Regex;
@@ -27,9 +32,9 @@ use log::warn;
use parking_lot::RwLock;
use reedline::CursorConfig;
use reedline::{
ColumnarMenu, EditCommand, EditMode, Emacs, KeyCode, KeyModifiers, Keybindings, Reedline,
ReedlineEvent, ReedlineMenu, ValidationResult, Validator, Vi, default_emacs_keybindings,
default_vi_insert_keybindings, default_vi_normal_keybindings,
ColumnarMenu, EditCommand, EditMode, Emacs, FileBackedHistory, KeyCode, KeyModifiers,
Keybindings, Reedline, ReedlineEvent, ReedlineMenu, ValidationResult, Validator, Vi,
default_emacs_keybindings, default_vi_insert_keybindings, default_vi_normal_keybindings,
};
use reedline::{MenuBuilder, Signal};
use std::sync::LazyLock;
@@ -47,15 +52,25 @@ pub const DEFAULT_CONTINUATION_PROMPT: &str = indoc! {"
4. Continue with the next pending item now. Call tools immediately."
};
static REPL_COMMANDS: LazyLock<[ReplCommand; 44]> = LazyLock::new(|| {
static REPL_COMMANDS: LazyLock<[ReplCommand; 50]> = LazyLock::new(|| {
[
ReplCommand::new(".help", "Show this help guide", AssertState::pass()),
ReplCommand::new(".info", "Show system info", AssertState::pass()),
ReplCommand::new(
".info tools",
"Show the list of enabled tools to be passed to the LLM",
AssertState::True(StateFlags::FUNCTION_CALLING),
),
ReplCommand::new(
".authenticate",
"Authenticate the current model client via OAuth (if configured)",
AssertState::pass(),
),
ReplCommand::new(
".mcp auth",
"Authenticate with an MCP server via OAuth",
AssertState::pass(),
),
ReplCommand::new(
".edit config",
"Modify configuration file",
@@ -161,6 +176,11 @@ static REPL_COMMANDS: LazyLock<[ReplCommand; 44]> = LazyLock::new(|| {
"Clear the todo list and stop auto-continuation",
AssertState::pass(),
),
ReplCommand::new(
".info todo",
"Show the current todo list driving auto-continuation",
AssertState::True(StateFlags::AUTO_CONTINUE),
),
ReplCommand::new(
".rag",
"Initialize or access RAG",
@@ -194,13 +214,28 @@ static REPL_COMMANDS: LazyLock<[ReplCommand; 44]> = LazyLock::new(|| {
ReplCommand::new(".macro", "Execute a macro", AssertState::pass()),
ReplCommand::new(
".skill",
"List, load, unload, or create skills",
AssertState::pass(),
"Create a new skill",
AssertState::True(StateFlags::SKILLS_ENABLED),
),
ReplCommand::new(
".skill load",
"Load a skill into the current context",
AssertState::True(StateFlags::SKILLS_ENABLED),
),
ReplCommand::new(
".skill loaded",
"List currently-loaded skills",
AssertState::True(StateFlags::SKILLS_ENABLED),
),
ReplCommand::new(
".skill unload",
"Unload a skill from the current context",
AssertState::True(StateFlags::SKILLS_ENABLED),
),
ReplCommand::new(
".edit skill",
"Modify an existing skill by name",
AssertState::pass(),
AssertState::True(StateFlags::SKILLS_ENABLED),
),
ReplCommand::new(
".file",
@@ -278,7 +313,64 @@ Type ".help" for additional help.
"#,
env!("CARGO_CRATE_NAME"),
env!("CARGO_PKG_VERSION"),
)
);
if env::var_os(SANDBOX_ENV_FLAG).is_some() {
eprintln!(
"Sandbox mode is enabled. All changes made to the Coyote config will not persist to the host machine."
);
}
}
{
let (messages_snapshot, compressed_count) = {
let ctx = self.ctx.read();
if let Some(session) = &ctx.session {
let msgs: Vec<Message> = session
.messages()
.iter()
.filter(|m| !m.role.is_system())
.cloned()
.collect();
let compressed = session.compressed_messages().len();
(msgs, compressed)
} else {
(vec![], 0)
}
};
if !messages_snapshot.is_empty() || compressed_count > 0 {
let app = Arc::clone(&self.ctx.read().app.config);
if compressed_count > 0 {
println!(
"{}",
dimmed_text(&format!(
"({compressed_count} earlier messages not shown; compressed for context)"
))
);
println!();
}
for message in &messages_snapshot {
match message.role {
MessageRole::User => {
if let Some(text) = message.content.as_text() {
println!("{}", dimmed_text("You:"));
println!("{text}");
println!();
}
}
MessageRole::Assistant => {
if let Some(text) = message.content.as_text() {
app.print_markdown(text)?;
println!();
}
}
_ => {}
}
}
println!("{}", dimmed_text("─── ↑ previous conversation ↑ ───"));
println!();
}
}
loop {
@@ -356,6 +448,14 @@ Type ".help" for additional help.
editor = editor.with_buffer_editor(command, temp_file);
}
if app.save_shell_history {
let ctx = ctx.read();
let history_path = paths::repl_history_file(&ctx.session);
if let Ok(history) = FileBackedHistory::with_file(1000, history_path) {
editor = editor.with_history(Box::new(history));
}
}
Ok(editor)
}
@@ -473,6 +573,14 @@ pub async fn run_repl_command(
let info = ctx.agent_info()?;
print!("{info}");
}
Some("tools") => {
let info = ctx.tools_info()?;
print!("{info}");
}
Some("todo") => {
let info = ctx.todo_info()?;
print!("{info}");
}
Some(_) => unknown_command()?,
None => {
let app = Arc::clone(&ctx.app.config);
@@ -501,6 +609,53 @@ pub async fn run_repl_command(
let (client_name, provider) = resolve_oauth_client(Some(client.name()), &clients)?;
oauth::run_oauth_flow(&*provider, &client_name).await?;
}
".mcp" => match args {
Some(args) => {
let mut parts = args.splitn(2, char::is_whitespace);
let sub = parts.next().unwrap_or("").trim();
let rest = parts.next().map(str::trim).unwrap_or("");
match sub {
"auth" => {
if rest.is_empty() {
println!("Usage: .mcp auth <server_name>");
} else {
let server_name = rest;
let server_spec = ctx
.app
.mcp_config
.as_ref()
.and_then(|c| c.mcp_servers.get(server_name))
.cloned();
match server_spec {
None => {
bail!("MCP server '{}' not found in mcp.json.", server_name)
}
Some(spec) if !spec.is_remote() => bail!(
"MCP server '{}' uses stdio transport; \
OAuth is only supported for http/sse servers.",
server_name
),
Some(spec) => {
let url = spec
.url
.as_deref()
.expect("validated: remote spec has url");
let client_id = spec.oauth_client_id.as_deref();
mcp::oauth::run_mcp_oauth_flow(server_name, url, client_id)
.await?;
println!(
"Authentication saved. \
Restart Coyote to connect to '{server_name}'."
);
}
}
}
}
_ => unknown_command()?,
}
}
None => println!("Usage: .mcp auth <server_name>"),
},
".prompt" => match args {
Some(text) => {
let app = Arc::clone(&ctx.app.config);
@@ -592,6 +747,46 @@ pub async fn run_repl_command(
session.set_autonaming(false);
}
}
if let Some(session) = &ctx.session {
let messages_snapshot: Vec<Message> = session
.messages()
.iter()
.filter(|m| !m.role.is_system())
.cloned()
.collect();
let compressed_count = session.compressed_messages().len();
if !messages_snapshot.is_empty() || compressed_count > 0 {
if compressed_count > 0 {
println!(
"{}",
dimmed_text(&format!(
"({compressed_count} earlier messages not shown — compressed for context)"
))
);
println!();
}
for message in &messages_snapshot {
match message.role {
MessageRole::User => {
if let Some(text) = message.content.as_text() {
println!("{}", dimmed_text("You:"));
println!("{text}");
println!();
}
}
MessageRole::Assistant => {
if let Some(text) = message.content.as_text() {
app.print_markdown(text)?;
println!();
}
}
_ => {}
}
}
println!("{}", dimmed_text("─── ↑ previous conversation ↑ ───"));
println!();
}
}
}
".install" => {
let trimmed = args.map(str::trim).unwrap_or("");
@@ -955,9 +1150,13 @@ pub async fn run_repl_command(
_ => unknown_command()?,
},
None => {
reset_continuation(ctx);
let input = Input::from_str(ctx, line, None)?;
ask(ctx, abort_signal.clone(), input, true).await?;
if let Some(cmd) = try_extract_shell_command(line) {
handle_shell_passthrough(cmd)?;
} else {
reset_continuation(ctx);
let input = Input::from_str(ctx, line, None)?;
ask(ctx, abort_signal.clone(), input, true).await?;
}
}
}
@@ -1173,10 +1372,12 @@ fn dump_repl_help() {
.join("\n");
println!(
r###"{head}
{:<24} Run an arbitrary shell command (stdout/stderr stream to your terminal; Ctrl+C interrupts)
Type ::: to start multi-line editing, type ::: to finish it.
Press Ctrl+O to open an editor for editing the input buffer.
Press Ctrl+C to cancel the response, Ctrl+D to exit the REPL."###,
"!<command>",
);
}
@@ -1192,6 +1393,25 @@ fn parse_command(line: &str) -> Option<(&str, Option<&str>)> {
}
}
fn try_extract_shell_command(line: &str) -> Option<&str> {
let rest = line.strip_prefix('!')?;
Some(rest.trim_start())
}
fn handle_shell_passthrough(cmd: &str) -> Result<()> {
if cmd.is_empty() {
eprintln!("Usage: !<command>");
return Ok(());
}
let status = run_command(&SHELL.cmd, &[&SHELL.arg, cmd], None)?;
if status != 0 {
eprintln!("[exit {status}]");
}
Ok(())
}
fn split_first_arg(args: Option<&str>) -> Option<(&str, Option<&str>)> {
args.map(|v| match v.split_once(' ') {
Some((subcmd, args)) => (subcmd, Some(args.trim())),
@@ -1350,8 +1570,8 @@ mod tests {
}
#[test]
fn repl_commands_has_44_entries() {
assert_eq!(REPL_COMMANDS.len(), 44);
fn repl_commands_has_50_entries() {
assert_eq!(REPL_COMMANDS.len(), 50);
}
#[test]
@@ -1526,6 +1746,57 @@ mod tests {
assert_eq!(parse_command("."), Some((".", None)));
}
#[test]
fn try_extract_shell_command_strips_bang() {
assert_eq!(try_extract_shell_command("!ls"), Some("ls"));
assert_eq!(try_extract_shell_command("!ls -la"), Some("ls -la"));
}
#[test]
fn try_extract_shell_command_trims_inner_whitespace() {
assert_eq!(try_extract_shell_command("! echo hi"), Some("echo hi"));
assert_eq!(try_extract_shell_command("! ls"), Some("ls"));
}
#[test]
fn try_extract_shell_command_only_bang_yields_empty() {
assert_eq!(try_extract_shell_command("!"), Some(""));
assert_eq!(try_extract_shell_command("! "), Some(""));
}
#[test]
fn try_extract_shell_command_rejects_leading_whitespace() {
assert!(try_extract_shell_command(" !ls").is_none());
assert!(try_extract_shell_command("\t!ls").is_none());
}
#[test]
fn try_extract_shell_command_rejects_inline_bang() {
assert!(try_extract_shell_command("echo !foo").is_none());
assert!(try_extract_shell_command("hello world").is_none());
}
#[test]
fn try_extract_shell_command_strips_one_leading_bang() {
assert_eq!(try_extract_shell_command("!!ls"), Some("!ls"));
}
#[test]
fn try_extract_shell_command_preserves_pipes_and_redirects() {
assert_eq!(
try_extract_shell_command("!ls -la | grep yaml"),
Some("ls -la | grep yaml")
);
assert_eq!(
try_extract_shell_command("!cat foo.txt > /tmp/out"),
Some("cat foo.txt > /tmp/out")
);
assert_eq!(
try_extract_shell_command(r#"!echo "$HOME""#),
Some(r#"echo "$HOME""#)
);
}
#[test]
fn split_first_arg_none_input() {
assert!(split_first_arg(None).is_none());
+442
View File
@@ -0,0 +1,442 @@
use std::env;
use std::fs;
use std::fs::{read_dir, read_to_string};
use std::path::{Path, PathBuf};
use anyhow::{Context, Result};
use serde_yaml::Value;
use sha2::{Digest, Sha256};
use crate::config::paths;
const SBX_MIXIN_FILE_NAME: &str = "sbx-mixin.yaml";
const KIT_SPEC_FILE_NAME: &str = "spec.yaml";
#[derive(Debug, Clone)]
pub struct DiscoveredMixin {
pub path: PathBuf,
pub label: String,
pub install_count: usize,
pub domain_count: usize,
}
impl DiscoveredMixin {
pub fn kit_path(&self) -> Result<PathBuf> {
if self.path.is_dir() {
return Ok(self.path.clone());
}
wrap_mixin_as_kit(&self.path)
}
}
pub fn wrap_mixin_as_kit(mixin_path: &Path) -> Result<PathBuf> {
let bytes = fs::read(mixin_path)
.with_context(|| format!("Failed to read sbx mixin {}", mixin_path.display()))?;
let mut hasher = Sha256::new();
hasher.update(&bytes);
let hash = format!("{:x}", hasher.finalize());
let kit_dir = paths::sbx_mixin_kits_dir().join(&hash);
let spec_path = kit_dir.join(KIT_SPEC_FILE_NAME);
if let Ok(existing) = fs::read(&spec_path)
&& existing == bytes
{
return Ok(kit_dir);
}
fs::create_dir_all(&kit_dir)
.with_context(|| format!("Failed to create mixin kit dir {}", kit_dir.display()))?;
fs::write(&spec_path, &bytes)
.with_context(|| format!("Failed to write {}", spec_path.display()))?;
debug!(
"Wrapped mixin {} as kit at {}",
mixin_path.display(),
kit_dir.display()
);
Ok(kit_dir)
}
pub fn discover() -> Result<Vec<DiscoveredMixin>> {
let mut out = Vec::new();
push_if_exists(&mut out, paths::sbx_mixin_file())?;
push_if_exists(&mut out, paths::global_tools_sbx_mixin_file())?;
for path in collect_subdir_mixins(&paths::functions_dir()) {
out.push(read_mixin(path)?);
}
for path in collect_subdir_mixins(&paths::agents_data_dir()) {
out.push(read_mixin(path)?);
}
if let Ok(cwd) = env::current_dir()
&& let Some(path) = paths::find_workspace_sbx_mixin(&cwd)
{
out.push(read_mixin(path)?);
}
Ok(out)
}
pub fn summarize(path: &Path) -> Result<(usize, usize)> {
let content = read_to_string(path)
.with_context(|| format!("Failed to read sbx mixin {}", path.display()))?;
let value: Value = serde_yaml::from_str(&content)
.with_context(|| format!("Failed to parse sbx mixin {}", path.display()))?;
let installs = value
.get("commands")
.and_then(|c| c.get("install"))
.and_then(|i| i.as_sequence())
.map(|s| s.len())
.unwrap_or(0);
let domains = value
.get("network")
.and_then(|n| n.get("allowedDomains"))
.and_then(|d| d.as_sequence())
.map(|s| s.len())
.unwrap_or(0);
Ok((installs, domains))
}
pub fn log_discovery(mixins: &[DiscoveredMixin], disabled: bool) {
if disabled {
info!("Mixin discovery disabled via --no-mixins.");
return;
}
if mixins.is_empty() {
info!("No sbx mixins discovered.");
return;
}
let header = format!("Applying {} sbx mixin(s):", mixins.len());
info!("{header}");
println!("{header}");
for m in mixins {
let line = format!(
" {} (adds: {} install{}, {} domain{})",
m.label,
m.install_count,
if m.install_count == 1 { "" } else { "s" },
m.domain_count,
if m.domain_count == 1 { "" } else { "s" },
);
info!("{line}");
println!("{line}");
}
}
fn push_if_exists(out: &mut Vec<DiscoveredMixin>, path: PathBuf) -> Result<()> {
if path.exists() {
out.push(read_mixin(path)?);
}
Ok(())
}
fn read_mixin(path: PathBuf) -> Result<DiscoveredMixin> {
let label = path.display().to_string();
let (install_count, domain_count) = summarize(&path)?;
Ok(DiscoveredMixin {
path,
label,
install_count,
domain_count,
})
}
fn collect_subdir_mixins(dir: &Path) -> Vec<PathBuf> {
let mut result = Vec::new();
let Ok(rd) = read_dir(dir) else { return result };
let mut entries: Vec<_> = rd
.flatten()
.filter(|e| e.file_type().map(|t| t.is_dir()).unwrap_or(false))
.collect();
entries.sort_by_key(|e| e.file_name());
for entry in entries {
let candidate = entry.path().join(SBX_MIXIN_FILE_NAME);
if candidate.exists() {
result.push(candidate);
}
}
result
}
#[cfg(test)]
mod tests {
use super::*;
use std::fs;
use std::time;
fn unique_root(prefix: &str) -> PathBuf {
let nanos = time::SystemTime::now()
.duration_since(time::UNIX_EPOCH)
.unwrap()
.as_nanos();
let root = env::temp_dir().join(format!("coyote-{prefix}-{nanos}"));
fs::create_dir_all(&root).unwrap();
root
}
#[test]
fn summarize_counts_installs_and_domains() {
let root = unique_root("sbx-mixin-counts");
let path = root.join("sbx-mixin.yaml");
fs::write(
&path,
r#"
schemaVersion: "1"
kind: mixin
commands:
install:
- command: "echo hi"
- command: "echo bye"
network:
allowedDomains:
- "a.example.com:443"
- "b.example.com:443"
- "c.example.com:443"
"#,
)
.unwrap();
assert_eq!(summarize(&path).unwrap(), (2, 3));
let _ = fs::remove_dir_all(&root);
}
#[test]
fn summarize_treats_missing_blocks_as_zero() {
let root = unique_root("sbx-mixin-empty");
let path = root.join("sbx-mixin.yaml");
fs::write(&path, "schemaVersion: \"1\"\nkind: mixin\n").unwrap();
assert_eq!(summarize(&path).unwrap(), (0, 0));
let _ = fs::remove_dir_all(&root);
}
#[test]
fn summarize_returns_err_on_malformed_yaml() {
let root = unique_root("sbx-mixin-bad");
let path = root.join("sbx-mixin.yaml");
fs::write(&path, "this: is: not: yaml: ::").unwrap();
let err = summarize(&path).unwrap_err();
let msg = format!("{err:#}");
assert!(
msg.contains(&path.display().to_string()),
"expected error to mention path; got: {msg}"
);
let _ = fs::remove_dir_all(&root);
}
#[test]
fn collect_subdir_mixins_sorts_and_skips_missing() {
let root = unique_root("sbx-mixin-subdirs");
for name in ["zebra", "apple", "no-mixin", "mango"] {
let dir = root.join(name);
fs::create_dir_all(&dir).unwrap();
if name != "no-mixin" {
fs::write(dir.join("sbx-mixin.yaml"), "kind: mixin\n").unwrap();
}
}
let found = collect_subdir_mixins(&root);
let names: Vec<String> = found
.iter()
.map(|p| {
p.parent()
.unwrap()
.file_name()
.unwrap()
.to_string_lossy()
.to_string()
})
.collect();
assert_eq!(names, vec!["apple", "mango", "zebra"]);
let _ = fs::remove_dir_all(&root);
}
#[test]
fn collect_subdir_mixins_returns_empty_for_missing_dir() {
let absent = env::temp_dir().join("coyote-definitely-not-here-xyz");
let found = collect_subdir_mixins(&absent);
assert!(found.is_empty());
}
mod wrap_as_kit {
use super::*;
use serial_test::serial;
use std::ffi::OsString;
struct TestCacheDirGuard {
key: String,
previous: Option<OsString>,
path: PathBuf,
}
impl TestCacheDirGuard {
fn new() -> Self {
let key = crate::utils::get_env_name("cache_dir");
let previous = env::var_os(&key);
let nanos = time::SystemTime::now()
.duration_since(time::UNIX_EPOCH)
.unwrap()
.as_nanos();
let path = env::temp_dir().join(format!("coyote-mixin-wrap-cache-{nanos}"));
fs::create_dir_all(&path).unwrap();
unsafe {
env::set_var(&key, &path);
}
Self {
key,
previous,
path,
}
}
}
impl Drop for TestCacheDirGuard {
fn drop(&mut self) {
unsafe {
match &self.previous {
Some(v) => env::set_var(&self.key, v),
None => env::remove_var(&self.key),
}
}
let _ = fs::remove_dir_all(&self.path);
}
}
fn write_mixin(name: &str, content: &str) -> PathBuf {
let root = unique_root(&format!("wrap-src-{name}"));
let path = root.join("sbx-mixin.yaml");
fs::write(&path, content).unwrap();
path
}
#[test]
#[serial]
fn wrap_mixin_as_kit_creates_spec_yaml_with_original_content() {
let _guard = TestCacheDirGuard::new();
let content = "schemaVersion: \"1\"\nkind: mixin\nname: probe\n";
let mixin = write_mixin("content", content);
let kit_dir = wrap_mixin_as_kit(&mixin).unwrap();
let spec = kit_dir.join("spec.yaml");
assert!(spec.exists(), "spec.yaml must exist in wrapped kit dir");
assert_eq!(fs::read_to_string(&spec).unwrap(), content);
}
#[test]
#[serial]
fn wrap_mixin_as_kit_is_deterministic_for_identical_content() {
let _guard = TestCacheDirGuard::new();
let content = "schemaVersion: \"1\"\nkind: mixin\nname: probe\n";
let mixin_one = write_mixin("dedup-1", content);
let mixin_two = write_mixin("dedup-2", content);
let kit_a = wrap_mixin_as_kit(&mixin_one).unwrap();
let kit_b = wrap_mixin_as_kit(&mixin_two).unwrap();
assert_eq!(
kit_a, kit_b,
"same content should share the same content-addressed kit dir"
);
}
#[test]
#[serial]
fn wrap_mixin_as_kit_different_content_yields_different_dirs() {
let _guard = TestCacheDirGuard::new();
let mixin_a = write_mixin("diff-a", "kind: mixin\nname: a\n");
let mixin_b = write_mixin("diff-b", "kind: mixin\nname: b\n");
let kit_a = wrap_mixin_as_kit(&mixin_a).unwrap();
let kit_b = wrap_mixin_as_kit(&mixin_b).unwrap();
assert_ne!(
kit_a, kit_b,
"different content must hash to different kit dirs"
);
}
#[test]
#[serial]
fn wrap_mixin_as_kit_is_idempotent_on_cache_hit() {
let _guard = TestCacheDirGuard::new();
let mixin = write_mixin("idempotent", "kind: mixin\nname: probe\n");
let kit_first = wrap_mixin_as_kit(&mixin).unwrap();
let spec = kit_first.join("spec.yaml");
let mtime_first = fs::metadata(&spec).unwrap().modified().unwrap();
std::thread::sleep(std::time::Duration::from_millis(10));
let kit_second = wrap_mixin_as_kit(&mixin).unwrap();
let mtime_second = fs::metadata(kit_second.join("spec.yaml"))
.unwrap()
.modified()
.unwrap();
assert_eq!(kit_first, kit_second);
assert_eq!(
mtime_first, mtime_second,
"cache hit must not rewrite spec.yaml"
);
}
#[test]
#[serial]
fn kit_path_passes_through_existing_directory() {
let _guard = TestCacheDirGuard::new();
let dir = unique_root("kit-path-dir-passthrough");
let m = DiscoveredMixin {
path: dir.clone(),
label: "vault".into(),
install_count: 1,
domain_count: 1,
};
assert_eq!(m.kit_path().unwrap(), dir);
}
#[test]
#[serial]
fn kit_path_wraps_file_into_kit_dir() {
let _guard = TestCacheDirGuard::new();
let mixin = write_mixin("kit-path-wrap", "kind: mixin\nname: probe\n");
let m = DiscoveredMixin {
path: mixin.clone(),
label: mixin.display().to_string(),
install_count: 0,
domain_count: 0,
};
let wrapped = m.kit_path().unwrap();
assert!(wrapped.is_dir(), "kit_path of a file should be a directory");
assert!(wrapped.join("spec.yaml").exists());
assert_ne!(
wrapped, mixin,
"kit_path should not return the original file path"
);
}
}
}
+964
View File
@@ -0,0 +1,964 @@
use anyhow::{Context, Result, anyhow, bail};
use rust_embed::RustEmbed;
use sha2::{Digest, Sha256};
use std::env;
use std::fs;
use std::path::{Path, PathBuf};
use std::process::{Command, Stdio};
use which::which;
mod mixins;
use gman::providers::SupportedProvider;
use crate::config::paths;
use crate::sandbox::mixins::DiscoveredMixin;
use crate::utils::run_command_with_output;
use crate::vault::Vault;
const SBX_BINARY: &str = "sbx";
pub(crate) const SANDBOX_ENV_FLAG: &str = "IS_SANDBOX";
const SANDBOX_AGENT: &str = "coyote";
#[derive(RustEmbed)]
#[folder = "assets/sbx-kit/"]
struct EmbeddedKit;
#[derive(RustEmbed)]
#[folder = "assets/sbx-vault-mixins/"]
struct EmbeddedVaultMixins;
pub fn launch(name: Option<String>, fresh: bool, no_mixins: bool) -> Result<()> {
ensure_sbx_installed()?;
bail_if_nested()?;
let name = resolve_name(name)?;
let kit_path = resolve_kit_path()?;
let discovered = if no_mixins {
Vec::new()
} else {
let mut all = mixins::discover()?;
if let Ok(vault) = Vault::init_bare()
&& let Some(vault_mixin) = extract_vault_mixin(&vault.provider)?
{
all.insert(0, vault_mixin);
}
all
};
if sandbox_exists(&name)? {
info!("Re-attaching to existing sandbox '{name}'");
if fresh {
debug!("--fresh ignored: re-attaching to existing sandbox '{name}'");
}
if no_mixins {
debug!("--no-mixins ignored: re-attaching to existing sandbox '{name}'");
}
} else {
mixins::log_discovery(&discovered, no_mixins);
if fresh {
let msg = format!("Creating fresh sandbox '{name}' (no host config will be copied)");
info!("{msg}");
println!("{msg}");
create_sandbox(&name, &kit_path, &discovered)?;
} else {
create_sandbox(&name, &kit_path, &discovered)?;
copy_host_files(&name)?;
}
}
exec_run(&name, &kit_path)
}
fn ensure_sbx_installed() -> Result<()> {
which(SBX_BINARY).map_err(|_| {
anyhow!(
"`sbx` binary not found in PATH.\n\n\
Install Docker Sandboxes:\n https://docs.docker.com/ai/sandboxes/get-started/"
)
})?;
Ok(())
}
fn bail_if_nested() -> Result<()> {
if env::var_os(SANDBOX_ENV_FLAG).is_some() {
bail!("Refusing to nest sandboxes: ${SANDBOX_ENV_FLAG} is set, already inside one");
}
Ok(())
}
fn resolve_name(name: Option<String>) -> Result<String> {
if let Some(n) = name {
let trimmed = n.trim();
if !trimmed.is_empty() {
let sanitized = sanitize_name(trimmed);
if sanitized.is_empty() {
bail!("Sandbox name '{trimmed}' sanitizes to an empty string");
}
return Ok(sanitized);
}
}
let cwd = env::current_dir().context("Failed to determine current directory")?;
let basename = cwd
.file_name()
.and_then(|s| s.to_str())
.ok_or_else(|| anyhow!("Could not derive sandbox name from current directory"))?;
let sanitized = sanitize_name(basename);
if sanitized.is_empty() {
bail!("Could not derive a valid sandbox name from '{basename}'; pass --sandbox <NAME>");
}
Ok(sanitized)
}
fn sanitize_name(input: &str) -> String {
let mut out = String::with_capacity(input.len());
let mut last_was_dash = false;
for ch in input.chars() {
let lower = ch.to_ascii_lowercase();
if lower.is_ascii_alphanumeric() {
out.push(lower);
last_was_dash = false;
} else if !last_was_dash {
out.push('-');
last_was_dash = true;
}
}
out.trim_matches('-').to_string()
}
fn resolve_kit_path() -> Result<PathBuf> {
if let Some(path) = paths::sandbox_kit_override() {
if !path.exists() {
bail!(
"$COYOTE_SANDBOX_KIT is set but path does not exist: {}",
path.display()
);
}
debug!(
"Using kit override from $COYOTE_SANDBOX_KIT: {}",
path.display()
);
return Ok(path);
}
extract_embedded_kit()
}
fn extract_embedded_kit() -> Result<PathBuf> {
let cache_root = paths::sbx_kit_dir();
let new_hash = compute_kit_hash()?;
let hash_file = paths::sbx_kit_hash_file();
if let Ok(existing) = fs::read_to_string(&hash_file)
&& existing == new_hash
{
return Ok(cache_root);
}
if cache_root.exists() {
fs::remove_dir_all(&cache_root)
.with_context(|| format!("Failed to clear stale kit at {}", cache_root.display()))?;
}
fs::create_dir_all(&cache_root)
.with_context(|| format!("Failed to create {}", cache_root.display()))?;
for entry in EmbeddedKit::iter() {
let file = EmbeddedKit::get(&entry)
.ok_or_else(|| anyhow!("Embedded kit file missing during extraction: {entry}"))?;
let dest = cache_root.join(entry.as_ref());
if let Some(parent) = dest.parent() {
fs::create_dir_all(parent)
.with_context(|| format!("Failed to create {}", parent.display()))?;
}
fs::write(&dest, &file.data)
.with_context(|| format!("Failed to write {}", dest.display()))?;
}
fs::write(&hash_file, &new_hash)
.with_context(|| format!("Failed to write {}", hash_file.display()))?;
debug!("Extracted embedded sbx-kit to {}", cache_root.display());
Ok(cache_root)
}
fn compute_kit_hash() -> Result<String> {
let mut hasher = Sha256::new();
let mut entries: Vec<_> = EmbeddedKit::iter().collect();
entries.sort();
for entry in &entries {
let file = EmbeddedKit::get(entry)
.ok_or_else(|| anyhow!("Embedded kit file missing during hash: {entry}"))?;
hasher.update(entry.as_bytes());
hasher.update(b"\0");
hasher.update(&file.data);
}
Ok(format!("{:x}", hasher.finalize()))
}
fn extract_vault_mixin(provider: &SupportedProvider) -> Result<Option<DiscoveredMixin>> {
let provider_dir = match provider {
SupportedProvider::Local { .. } => return Ok(None),
SupportedProvider::AwsSecretsManager { .. } => "aws_secrets_manager",
SupportedProvider::GcpSecretManager { .. } => "gcp_secret_manager",
SupportedProvider::AzureKeyVault { .. } => "azure_key_vault",
SupportedProvider::Gopass { .. } => "gopass",
SupportedProvider::OnePassword { .. } => "one_password",
};
let cache_root = extract_vault_mixins_cache()?;
let provider_root = cache_root.join(provider_dir);
let spec_path = provider_root.join("spec.yaml");
if !spec_path.exists() {
bail!(
"Embedded vault mixin for '{provider_dir}' is missing spec.yaml at {}",
spec_path.display()
);
}
let label = format!("<built-in: vault-{provider_dir}>");
let (install_count, domain_count) = mixins::summarize(&spec_path)?;
Ok(Some(DiscoveredMixin {
path: provider_root,
label,
install_count,
domain_count,
}))
}
fn extract_vault_mixins_cache() -> Result<PathBuf> {
let cache_root = paths::sbx_vault_mixins_dir();
let new_hash = compute_vault_mixins_hash()?;
let hash_file = paths::sbx_vault_mixins_hash_file();
if let Ok(existing) = fs::read_to_string(&hash_file)
&& existing == new_hash
{
return Ok(cache_root);
}
if cache_root.exists() {
fs::remove_dir_all(&cache_root).with_context(|| {
format!(
"Failed to clear stale vault mixins at {}",
cache_root.display()
)
})?;
}
fs::create_dir_all(&cache_root)
.with_context(|| format!("Failed to create {}", cache_root.display()))?;
for entry in EmbeddedVaultMixins::iter() {
let file = EmbeddedVaultMixins::get(&entry).ok_or_else(|| {
anyhow!("Embedded vault mixin file missing during extraction: {entry}")
})?;
let dest = cache_root.join(entry.as_ref());
if let Some(parent) = dest.parent() {
fs::create_dir_all(parent)
.with_context(|| format!("Failed to create {}", parent.display()))?;
}
fs::write(&dest, &file.data)
.with_context(|| format!("Failed to write {}", dest.display()))?;
}
fs::write(&hash_file, &new_hash)
.with_context(|| format!("Failed to write {}", hash_file.display()))?;
debug!(
"Extracted embedded sbx-vault-mixins to {}",
cache_root.display()
);
Ok(cache_root)
}
fn compute_vault_mixins_hash() -> Result<String> {
let mut hasher = Sha256::new();
let mut entries: Vec<_> = EmbeddedVaultMixins::iter().collect();
entries.sort();
for entry in &entries {
let file = EmbeddedVaultMixins::get(entry)
.ok_or_else(|| anyhow!("Embedded vault mixin file missing during hash: {entry}"))?;
hasher.update(entry.as_bytes());
hasher.update(b"\0");
hasher.update(&file.data);
}
Ok(format!("{:x}", hasher.finalize()))
}
fn sandbox_exists(name: &str) -> Result<bool> {
let (success, stdout, stderr) =
run_command_with_output(SBX_BINARY, &["ls"], None).context("Failed to run `sbx ls`")?;
if !success {
bail!("`sbx ls` failed: {stderr}");
}
Ok(stdout
.lines()
.skip(1)
.any(|line| line.split_whitespace().next() == Some(name)))
}
fn create_sandbox(name: &str, kit_path: &Path, mixins: &[DiscoveredMixin]) -> Result<()> {
info!("Creating sandbox '{name}'");
let args = build_create_args(name, kit_path, mixins)?;
debug!("sbx {}", args.join(" "));
let status = Command::new(SBX_BINARY)
.args(&args)
.stdin(Stdio::inherit())
.stdout(Stdio::inherit())
.stderr(Stdio::inherit())
.status()
.context("Failed to spawn `sbx create`")?;
if !status.success() {
bail!("`sbx create` exited with {status}");
}
Ok(())
}
fn build_create_args(
name: &str,
kit_path: &Path,
mixins: &[DiscoveredMixin],
) -> Result<Vec<String>> {
let kit_str = kit_path
.to_str()
.ok_or_else(|| anyhow!("Kit path is not valid UTF-8: {}", kit_path.display()))?;
let mut args = vec![
"create".to_string(),
"--name".to_string(),
name.to_string(),
"--kit".to_string(),
kit_str.to_string(),
];
for mixin in mixins {
let mixin_kit = mixin.kit_path()?;
let mixin_str = mixin_kit
.to_str()
.ok_or_else(|| anyhow!("Mixin kit path is not valid UTF-8: {}", mixin_kit.display()))?
.to_string();
args.push("--kit".to_string());
args.push(mixin_str);
}
args.push(SANDBOX_AGENT.to_string());
args.push(".".to_string());
Ok(args)
}
fn copy_host_files(name: &str) -> Result<()> {
let config_dir = paths::config_dir();
let home_dir = dirs::home_dir().context("Could not determine home directory")?;
if config_dir.exists() {
let sandbox_config_dir = "/home/agent/.config/coyote";
ensure_sandbox_dir(name, sandbox_config_dir)?;
let dest = format!("{name}:{sandbox_config_dir}/");
for entry in fs::read_dir(&config_dir)
.with_context(|| format!("Failed to read {}", config_dir.display()))?
{
let entry = entry?;
let path = entry.path();
sbx_cp(&path.display().to_string(), &dest)?;
}
chown_agent_recursive(name, sandbox_config_dir)?;
} else {
debug!(
"Skipping config copy: {} does not exist",
config_dir.display()
);
}
match resolve_vault_password_file() {
Some(password_file) if password_file.exists() => {
let dest_path = host_to_sandbox_path(&password_file, &home_dir, cfg!(windows))?;
if let Some(parent) = sandbox_path_parent(&dest_path)
&& !parent.is_empty()
{
ensure_sandbox_dir(name, parent)?;
}
let dest = format!("{name}:{dest_path}");
sbx_cp(&password_file.display().to_string(), &dest)?;
chown_agent_recursive(name, &dest_path)?;
}
Some(password_file) => {
debug!(
"Skipping vault password copy: {} does not exist",
password_file.display()
);
}
None => {
debug!("Skipping vault password copy: no local vault provider configured");
}
}
Ok(())
}
fn host_to_sandbox_path(
host_path: &Path,
home_dir: &Path,
is_windows_host: bool,
) -> Result<String> {
let host_str = host_path.to_str().context("Host path is not valid UTF-8")?;
let home_str = home_dir
.to_str()
.context("Home directory is not valid UTF-8")?;
if let Some(rel) = strip_host_home(host_str, home_str) {
let unixified = rel.replace('\\', "/");
return Ok(format!("/home/agent/{unixified}"));
}
if is_windows_host {
bail!(
"Path '{host_str}' is outside your Windows user profile ({home_str}). \
Sandbox mode cannot copy files from outside %USERPROFILE% into a Linux \
sandbox. Move the file under your user profile and update your config \
accordingly."
);
}
Ok(host_str.to_string())
}
fn strip_host_home(path: &str, home: &str) -> Option<String> {
let path_norm: String = path
.chars()
.map(|c| if c == '\\' { '/' } else { c })
.collect();
let home_norm: String = home
.chars()
.map(|c| if c == '\\' { '/' } else { c })
.collect();
let home_norm = home_norm.trim_end_matches('/');
if home_norm.is_empty() || path_norm.len() <= home_norm.len() {
return None;
}
let (head, tail) = path_norm.split_at(home_norm.len());
if head != home_norm || !tail.starts_with('/') {
return None;
}
Some(tail[1..].to_string())
}
fn sandbox_path_parent(linux_path: &str) -> Option<&str> {
linux_path.rsplit_once('/').map(|(parent, _)| parent)
}
fn ensure_sandbox_dir(sandbox: &str, dir: &str) -> Result<()> {
let dir_q = shell_words::quote(dir);
let cmd = format!("sudo mkdir -p {dir_q} && sudo chown agent:agent {dir_q}");
debug!("sbx exec {sandbox}: {cmd}");
let status = Command::new(SBX_BINARY)
.args(["exec", sandbox, "sh", "-c", &cmd])
.stdin(Stdio::inherit())
.stdout(Stdio::inherit())
.stderr(Stdio::inherit())
.status()
.context("Failed to spawn `sbx exec` to prepare destination directory")?;
if !status.success() {
bail!("Preparing sandbox directory '{dir}' failed: sbx exec exited with {status}");
}
Ok(())
}
fn resolve_vault_password_file() -> Option<PathBuf> {
Vault::init_bare().ok()?.local_password_file().ok()
}
fn sbx_cp(src: &str, dest: &str) -> Result<()> {
debug!("sbx cp {src} {dest}");
let status = Command::new(SBX_BINARY)
.args(["cp", src, dest])
.stdin(Stdio::inherit())
.stdout(Stdio::inherit())
.stderr(Stdio::inherit())
.status()
.context("Failed to spawn `sbx cp`")?;
if !status.success() {
bail!("`sbx cp {src} {dest}` exited with {status}");
}
Ok(())
}
fn exec_run(name: &str, kit_path: &Path) -> Result<()> {
let kit_str = kit_path
.to_str()
.ok_or_else(|| anyhow!("Kit path is not valid UTF-8: {}", kit_path.display()))?;
debug!("sbx run --name {name} --kit {kit_str}");
let status = Command::new(SBX_BINARY)
.args(["run", "--name", name, "--kit", kit_str])
.stdin(Stdio::inherit())
.stdout(Stdio::inherit())
.stderr(Stdio::inherit())
.status()
.context("Failed to spawn `sbx run`")?;
if !status.success() {
bail!("`sbx run` exited with {status}");
}
Ok(())
}
fn chown_agent_recursive(sandbox: &str, path: &str) -> Result<()> {
let path_q = shell_words::quote(path);
let cmd = format!("sudo chown -R agent:agent {path_q}");
debug!("sbx exec {sandbox}: {cmd}");
let status = Command::new(SBX_BINARY)
.args(["exec", sandbox, "sh", "-c", &cmd])
.stdin(Stdio::inherit())
.stdout(Stdio::inherit())
.stderr(Stdio::inherit())
.status()
.context("Failed to spawn `sbx exec` to chown copied files")?;
if !status.success() {
bail!("Chowning '{path}' in sandbox failed: sbx exec exited with {status}");
}
Ok(())
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn sanitize_name_lowercases() {
assert_eq!(sanitize_name("Foo"), "foo");
}
#[test]
fn sanitize_name_replaces_non_alphanumeric() {
assert_eq!(sanitize_name("hello world!"), "hello-world");
}
#[test]
fn sanitize_name_collapses_dash_runs() {
assert_eq!(sanitize_name("a___b"), "a-b");
}
#[test]
fn sanitize_name_trims_dashes() {
assert_eq!(sanitize_name("---hi---"), "hi");
}
#[test]
fn sanitize_name_handles_mixed_input() {
assert_eq!(sanitize_name("My Project (v2)"), "my-project-v2");
}
#[test]
fn sanitize_name_all_invalid_yields_empty() {
assert_eq!(sanitize_name("///"), "");
}
#[test]
fn resolve_name_uses_explicit_arg() {
let n = resolve_name(Some("explicit-name".to_string())).unwrap();
assert_eq!(n, "explicit-name");
}
#[test]
fn resolve_name_sanitizes_explicit_arg() {
let n = resolve_name(Some("My Sandbox!".to_string())).unwrap();
assert_eq!(n, "my-sandbox");
}
#[test]
fn resolve_name_rejects_empty_after_sanitize() {
let err = resolve_name(Some("///".to_string()));
assert!(err.is_err());
}
#[test]
fn resolve_name_falls_back_to_cwd_when_none() {
let n = resolve_name(None).unwrap();
assert!(!n.is_empty());
assert!(n.chars().all(|c| c.is_ascii_alphanumeric() || c == '-'));
}
#[test]
fn compute_kit_hash_is_deterministic() {
let h1 = compute_kit_hash().unwrap();
let h2 = compute_kit_hash().unwrap();
assert_eq!(h1, h2);
assert_eq!(h1.len(), 64);
}
#[test]
fn build_create_args_emits_base_kit_before_mixins() {
let kit = PathBuf::from("/cache/sbx-kit");
let unique = std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.unwrap()
.as_nanos();
let dir_a = env::temp_dir().join(format!("coyote-mixin-a-{unique}"));
let dir_b = env::temp_dir().join(format!("coyote-mixin-b-{unique}"));
fs::create_dir_all(&dir_a).unwrap();
fs::create_dir_all(&dir_b).unwrap();
let mixins = vec![
DiscoveredMixin {
path: dir_a.clone(),
label: "user".into(),
install_count: 0,
domain_count: 0,
},
DiscoveredMixin {
path: dir_b.clone(),
label: "sql".into(),
install_count: 0,
domain_count: 0,
},
];
let args = build_create_args("my-box", &kit, &mixins).unwrap();
assert_eq!(
args,
vec![
"create".to_string(),
"--name".to_string(),
"my-box".to_string(),
"--kit".to_string(),
"/cache/sbx-kit".to_string(),
"--kit".to_string(),
dir_a.display().to_string(),
"--kit".to_string(),
dir_b.display().to_string(),
"coyote".to_string(),
".".to_string(),
]
);
let _ = fs::remove_dir_all(&dir_a);
let _ = fs::remove_dir_all(&dir_b);
}
#[test]
fn build_create_args_with_no_mixins_omits_mixin_kits() {
let kit = PathBuf::from("/cache/sbx-kit");
let args = build_create_args("box", &kit, &[]).unwrap();
assert_eq!(
args,
vec![
"create".to_string(),
"--name".to_string(),
"box".to_string(),
"--kit".to_string(),
"/cache/sbx-kit".to_string(),
"coyote".to_string(),
".".to_string(),
]
);
}
mod vault_mixins {
use super::*;
use crate::utils::get_env_name;
use gman::providers::aws_secrets_manager::AwsSecretsManagerProvider;
use gman::providers::azure_key_vault::AzureKeyVaultProvider;
use gman::providers::gcp_secret_manager::GcpSecretManagerProvider;
use gman::providers::gopass::GopassProvider;
use gman::providers::local::LocalProvider;
use gman::providers::one_password::OnePasswordProvider;
use serial_test::serial;
use std::time::{SystemTime, UNIX_EPOCH};
struct TestCacheDirGuard {
key: String,
previous: Option<std::ffi::OsString>,
path: PathBuf,
}
impl TestCacheDirGuard {
fn new() -> Self {
let key = get_env_name("cache_dir");
let previous = env::var_os(&key);
let unique = SystemTime::now()
.duration_since(UNIX_EPOCH)
.unwrap()
.as_nanos();
let path = env::temp_dir().join(format!("coyote-sandbox-vault-tests-{unique}"));
fs::create_dir_all(&path).unwrap();
unsafe {
env::set_var(&key, &path);
}
Self {
key,
previous,
path,
}
}
}
impl Drop for TestCacheDirGuard {
fn drop(&mut self) {
unsafe {
match &self.previous {
Some(v) => env::set_var(&self.key, v),
None => env::remove_var(&self.key),
}
}
let _ = fs::remove_dir_all(&self.path);
}
}
#[test]
fn returns_none_for_local() {
let p = SupportedProvider::Local {
provider_def: LocalProvider::default(),
};
assert!(extract_vault_mixin(&p).unwrap().is_none());
}
#[test]
#[serial]
fn returns_some_for_aws() {
let _guard = TestCacheDirGuard::new();
let p = SupportedProvider::AwsSecretsManager {
provider_def: AwsSecretsManagerProvider {
aws_profile: None,
aws_region: None,
},
};
let m = extract_vault_mixin(&p)
.unwrap()
.expect("expected vault mixin");
assert!(m.path.join("spec.yaml").exists());
assert!(m.label.contains("aws_secrets_manager"));
}
#[test]
#[serial]
fn returns_some_for_gcp() {
let _guard = TestCacheDirGuard::new();
let p = SupportedProvider::GcpSecretManager {
provider_def: GcpSecretManagerProvider {
gcp_project_id: None,
},
};
let m = extract_vault_mixin(&p)
.unwrap()
.expect("expected vault mixin");
assert!(m.path.join("spec.yaml").exists());
assert!(m.label.contains("gcp_secret_manager"));
}
#[test]
#[serial]
fn returns_some_for_one_password() {
let _guard = TestCacheDirGuard::new();
let p = SupportedProvider::OnePassword {
provider_def: OnePasswordProvider {
vault: None,
account: None,
},
};
let m = extract_vault_mixin(&p)
.unwrap()
.expect("expected vault mixin");
assert!(m.path.join("spec.yaml").exists());
assert!(m.label.contains("one_password"));
}
#[test]
#[serial]
fn returns_some_for_azure() {
let _guard = TestCacheDirGuard::new();
let p = SupportedProvider::AzureKeyVault {
provider_def: AzureKeyVaultProvider { vault_name: None },
};
let m = extract_vault_mixin(&p)
.unwrap()
.expect("expected vault mixin");
assert!(m.path.join("spec.yaml").exists());
assert!(m.label.contains("azure_key_vault"));
}
#[test]
#[serial]
fn returns_some_for_gopass() {
let _guard = TestCacheDirGuard::new();
let p = SupportedProvider::Gopass {
provider_def: GopassProvider { store: None },
};
let m = extract_vault_mixin(&p)
.unwrap()
.expect("expected vault mixin");
assert!(m.path.join("spec.yaml").exists());
assert!(m.label.contains("gopass"));
}
#[test]
fn hash_is_deterministic() {
let h1 = compute_vault_mixins_hash().unwrap();
let h2 = compute_vault_mixins_hash().unwrap();
assert_eq!(h1, h2);
assert_eq!(h1.len(), 64);
}
}
mod host_to_sandbox_path_tests {
use super::*;
#[test]
fn linux_under_home() {
let dest = host_to_sandbox_path(
Path::new("/home/atusa/.coyote_password"),
Path::new("/home/atusa"),
false,
)
.unwrap();
assert_eq!(dest, "/home/agent/.coyote_password");
}
#[test]
fn linux_nested_under_home() {
let dest = host_to_sandbox_path(
Path::new("/home/atusa/.config/coyote/.password"),
Path::new("/home/atusa"),
false,
)
.unwrap();
assert_eq!(dest, "/home/agent/.config/coyote/.password");
}
#[test]
fn linux_outside_home_returns_verbatim() {
let dest = host_to_sandbox_path(
Path::new("/etc/coyote/.password"),
Path::new("/home/atusa"),
false,
)
.unwrap();
assert_eq!(dest, "/etc/coyote/.password");
}
#[test]
fn macos_under_home_with_spaces() {
let dest = host_to_sandbox_path(
Path::new("/Users/atusa/Library/Application Support/coyote/.password"),
Path::new("/Users/atusa"),
false,
)
.unwrap();
assert_eq!(
dest,
"/home/agent/Library/Application Support/coyote/.password"
);
}
#[test]
fn windows_under_home_converts_backslashes() {
let dest = host_to_sandbox_path(
Path::new(r"C:\Users\atusa\.coyote_password"),
Path::new(r"C:\Users\atusa"),
true,
)
.unwrap();
assert_eq!(dest, "/home/agent/.coyote_password");
}
#[test]
fn windows_nested_under_home() {
let dest = host_to_sandbox_path(
Path::new(r"C:\Users\atusa\Documents\my\vault.txt"),
Path::new(r"C:\Users\atusa"),
true,
)
.unwrap();
assert_eq!(dest, "/home/agent/Documents/my/vault.txt");
}
#[test]
fn windows_outside_home_bails_with_clear_error() {
let err = host_to_sandbox_path(
Path::new(r"C:\Program Files\Coyote\vault.txt"),
Path::new(r"C:\Users\atusa"),
true,
)
.unwrap_err();
let msg = err.to_string();
assert!(
msg.contains("Program Files"),
"error should name the offending path: {msg}"
);
assert!(
msg.contains("user profile"),
"error should explain the limitation: {msg}"
);
}
#[test]
fn windows_tolerates_trailing_slash_in_home() {
let dest = host_to_sandbox_path(
Path::new(r"C:\Users\atusa\foo"),
Path::new(r"C:\Users\atusa\"),
true,
)
.unwrap();
assert_eq!(dest, "/home/agent/foo");
}
#[test]
fn sandbox_path_parent_extracts_parent_for_nested() {
assert_eq!(
sandbox_path_parent("/home/agent/.coyote_password"),
Some("/home/agent")
);
assert_eq!(
sandbox_path_parent("/etc/coyote/.password"),
Some("/etc/coyote")
);
}
#[test]
fn sandbox_path_parent_handles_edge_cases() {
assert_eq!(sandbox_path_parent("/file"), Some(""));
assert_eq!(sandbox_path_parent("noparent"), None);
}
}
}
+33 -8
View File
@@ -1,9 +1,11 @@
use crate::config::paths;
use colored::Colorize;
use fancy_regex::Regex;
use std::fs::File;
use std::fs::{self, File};
use std::io::{BufRead, BufReader, Seek, SeekFrom};
use std::process;
use std::time::Duration;
use tokio::time::sleep;
pub async fn tail_logs(no_color: bool) {
let re = Regex::new(r"^(?P<timestamp>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\.\d{3})\s+<(?P<opid>[^\s>]+)>\s+\[(?P<level>[A-Z]+)\]\s+(?P<logger>[^:]+):(?P<line>\d+)\s+-\s+(?P<message>.*)$").unwrap();
@@ -16,20 +18,43 @@ pub async fn tail_logs(no_color: bool) {
process::exit(1);
};
let mut lines = reader.lines();
let mut line_buf = String::new();
loop {
if let Some(Ok(line)) = lines.next() {
if no_color {
println!("{line}");
} else {
let colored_line = colorize_log_line(&line, &re);
println!("{colored_line}");
match reader.read_line(&mut line_buf) {
Ok(0) => {
if file_was_rotated(&file_path, &mut reader) {
let file = File::open(&file_path).expect("Cannot open file");
reader = BufReader::new(file);
}
sleep(Duration::from_millis(100)).await;
}
Ok(_) => {
let line = line_buf.trim_end();
if no_color {
println!("{line}");
} else {
let colored_line = colorize_log_line(line, &re);
println!("{colored_line}");
}
line_buf.clear();
}
Err(_) => {
line_buf.clear();
sleep(Duration::from_millis(100)).await;
}
}
}
}
fn file_was_rotated(path: &std::path::Path, reader: &mut BufReader<File>) -> bool {
let current_pos = reader.stream_position().unwrap_or(0);
match fs::metadata(path) {
Ok(metadata) => metadata.len() < current_pos,
Err(_) => true,
}
}
fn colorize_log_line(line: &str, re: &Regex) -> String {
if let Some(caps) = re.captures(line).expect("Failed to capture log line") {
let level = &caps["level"];
+27 -1
View File
@@ -17,7 +17,7 @@ use gman::providers::SecretProvider;
use gman::providers::SupportedProvider;
use gman::providers::local::LocalProvider;
use inquire::{Password, PasswordDisplayMode, required};
use log::warn;
use log::{info, warn};
use serde_yaml::Value;
use std::sync::{Arc, LazyLock};
use tokio::runtime::Handle;
@@ -25,6 +25,31 @@ use uuid::Uuid;
pub static SECRET_RE: LazyLock<Regex> = LazyLock::new(|| Regex::new(r"\{\{([^{}]+)}}").unwrap());
fn apply_sandboxed_home_translation(provider_def: &mut LocalProvider) {
let Some(ref pf) = provider_def.password_file else {
return;
};
if pf.exists() {
return;
}
let Some(translated) = paths::translate_sandboxed_home_path(pf) else {
return;
};
if !translated.exists() {
return;
}
info!(
"vault password file '{}' not found; resolved to sandboxed path '{}'",
pf.display(),
translated.display()
);
provider_def.password_file = Some(translated);
}
#[derive(Debug, Default, Clone)]
pub struct Vault {
pub(crate) provider: SupportedProvider,
@@ -92,6 +117,7 @@ impl Vault {
};
if let SupportedProvider::Local { provider_def } = &mut provider {
apply_sandboxed_home_translation(provider_def);
ensure_password_file_initialized(provider_def)?;
}