Compare commits
31 Commits
b927e2a200
...
v0.7.3
| Author | SHA1 | Date | |
|---|---|---|---|
| 040dad05d2 | |||
| 1ba38860f2 | |||
|
84ec5fe7b8
|
|||
| 1684788fe6 | |||
|
4b7e242998
|
|||
| f69aba2dd8 | |||
| c3487ecd0e | |||
|
db75391fb6
|
|||
|
e3815af69b
|
|||
| 66a485f924 | |||
| 49d7204f89 | |||
|
bbcae1fc2b
|
|||
|
3ff27a7935
|
|||
|
373d80121a
|
|||
|
3299a4699e
|
|||
|
d4dbda1e89
|
|||
|
e77fa6ef42
|
|||
|
241dda24f0
|
|||
|
e5668e4495
|
|||
|
4a01e9a66c
|
|||
|
530000bc2f
|
|||
|
f2e8f3ab59
|
|||
|
2f33b6631e
|
|||
|
8c288195a0
|
|||
|
e6a5e67a8e
|
|||
|
6ae474c79e
|
|||
|
8e0b07c9fb
|
|||
|
69589bd5e5
|
|||
|
587df087ed
|
|||
|
ee100eef96
|
|||
|
14969e35fa
|
@@ -1,3 +1,65 @@
|
||||
## v0.7.3 (2026-06-24)
|
||||
|
||||
### Fix
|
||||
|
||||
- apply bootstrapping of functions at startup to fix edge case
|
||||
|
||||
## v0.7.2 (2026-06-19)
|
||||
|
||||
### Fix
|
||||
|
||||
- usql version upgrade
|
||||
|
||||
## v0.7.1 (2026-06-19)
|
||||
|
||||
### Fix
|
||||
|
||||
- sbx mixins must be passed in directories, not as files and the files must be named spec.yaml per new sbx version
|
||||
|
||||
## v0.7.0 (2026-06-18)
|
||||
|
||||
### Feat
|
||||
|
||||
- added configurable cache path via the COYOTE_CACHE_PATH environment variable
|
||||
- added a memory option to .set tab completions
|
||||
- Added a diagnostic .info tools subcommand to make it easier to see what tools are enabled in all contexts
|
||||
- Added additional info outputs for enabled skills and sbx directories
|
||||
- directly execute shell commands from within the REPL
|
||||
- created mixin kit for built-in functions and MCP servers
|
||||
- Added sbx mixins for the secrets providers so users can also bootstrap those as well.
|
||||
- added support for loading sbx mixins that are dynamically discovered in the users workspace and config directory
|
||||
- Added a --fresh flag to let users create a truly bare bones sandbox without bootstrapping their config
|
||||
- initial built-in sandboxing support powered by Docker sbx
|
||||
- Added the ability to auto-bootstrap workspace memory when in git repos
|
||||
- Added explicit guardrail handling for pending agents
|
||||
- auto-append memory to memory index and don't necessarily require the LLM to remember to do it after a write
|
||||
- Added an --init-memory [global|workspace] flag to easily and quickly enable memory
|
||||
- added memory global configuration settings to the output of --info and .info
|
||||
- added .set memory REPL commands to control memory injection and applied formatting
|
||||
- Create the built-in memory management tools
|
||||
- Append the memory system prompts (readonly or r/w) to the system prompt when applicable
|
||||
- Created the --no-memory CLI flag to disable memory for this invocation
|
||||
- Added the memory configuration properties and storage to the main app config, roles, sessions, and agents.
|
||||
- initial scaffolding of a memory system
|
||||
|
||||
### Fix
|
||||
|
||||
- rebuild the tool scope after dynamically updating the skills_enabled value in the REPL
|
||||
- properly resolve Windows-based local vault password file locations and bootstrap them into the sandbox when possible
|
||||
- auto-translation of user-prefixed Mac and Linux paths for the vault password file when running inside a sandbox
|
||||
- don't attempt to auto complete .vault list in the REPL; that's the end of the command
|
||||
- buffer tool stdout as well as stderr so that any tools that error to stdout are captured and included in the response to the model, enabling the model to see what went wrong and to reason about how to fix it.
|
||||
- auto-bootstrapped memory was accidentally putting the MEMORY.md directly in the repo root rather than .coyote/memory/MEMORY.md
|
||||
- improved the fs_patch script description and added improved error handling to it.
|
||||
- added in forgotten require_max_tokens to the fable model
|
||||
- append memory functions to non-graph based agents on init
|
||||
- when auto_continue is disabled via the .set auto_continue false command, it should strip the todo functions from the list of functions
|
||||
- use rawPredict for non-streaming Claude requests
|
||||
|
||||
### Refactor
|
||||
|
||||
- Migrated the .skills command completion to use StateFlags and updated the help messages
|
||||
|
||||
## v0.6.0 (2026-06-05)
|
||||
|
||||
### Feat
|
||||
|
||||
Generated
+155
-261
@@ -555,7 +555,7 @@ dependencies = [
|
||||
"aws-smithy-runtime-api",
|
||||
"aws-smithy-types",
|
||||
"h2 0.3.27",
|
||||
"h2 0.4.14",
|
||||
"h2 0.4.15",
|
||||
"http 0.2.12",
|
||||
"http 1.4.2",
|
||||
"http-body 0.4.6",
|
||||
@@ -566,7 +566,7 @@ dependencies = [
|
||||
"hyper-util",
|
||||
"pin-project-lite",
|
||||
"rustls 0.21.12",
|
||||
"rustls 0.23.40",
|
||||
"rustls 0.23.41",
|
||||
"rustls-native-certs",
|
||||
"rustls-pki-types",
|
||||
"tokio",
|
||||
@@ -893,7 +893,7 @@ version = "0.72.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "993776b509cfb49c750f11b8f07a46fa23e0a1386ffc01fb1e7d343efc387895"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"cexpr",
|
||||
"clang-sys",
|
||||
"itertools 0.13.0",
|
||||
@@ -922,6 +922,12 @@ version = "0.8.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "5e764a1d40d510daf35e07be9eb06e75770908c27d411ee6c92109c9840eaaf7"
|
||||
|
||||
[[package]]
|
||||
name = "bitflags"
|
||||
version = "1.3.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
|
||||
|
||||
[[package]]
|
||||
name = "bitflags"
|
||||
version = "2.13.0"
|
||||
@@ -1011,9 +1017,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
|
||||
|
||||
[[package]]
|
||||
name = "bytes"
|
||||
version = "1.11.1"
|
||||
version = "1.12.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33"
|
||||
checksum = "8ae3f5d315924270530207e2a68396c3cc547f6dca3fbdca317cfb1a51edb593"
|
||||
|
||||
[[package]]
|
||||
name = "bytes-utils"
|
||||
@@ -1060,9 +1066,9 @@ checksum = "ade8366b8bd5ba243f0a58f036cc0ca8a2f069cff1a2351ef1cac6b083e16fc0"
|
||||
|
||||
[[package]]
|
||||
name = "cc"
|
||||
version = "1.2.64"
|
||||
version = "1.2.65"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "dad887fd958be91b5098c0248def011f4523ab786cd411be668777e55063501f"
|
||||
checksum = "e228eec9be7c17ccb640b59b36a5cd805ea2a564a4c5e162c2f659fea30d3b96"
|
||||
dependencies = [
|
||||
"find-msvc-tools",
|
||||
"jobserver",
|
||||
@@ -1104,9 +1110,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "chacha20"
|
||||
version = "0.10.0"
|
||||
version = "0.10.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "6f8d983286843e49675a4b7a2d174efe136dc93a18d69130dd18198a6c167601"
|
||||
checksum = "d524456ba66e72eb8b115ff89e01e497f8e6d11d78b70b1aa13c0fbd97540a81"
|
||||
dependencies = [
|
||||
"cfg-if",
|
||||
"cpufeatures 0.3.0",
|
||||
@@ -1402,7 +1408,7 @@ checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"
|
||||
|
||||
[[package]]
|
||||
name = "coyote-ai"
|
||||
version = "0.6.0"
|
||||
version = "0.7.3"
|
||||
dependencies = [
|
||||
"ansi_colours",
|
||||
"anyhow",
|
||||
@@ -1414,7 +1420,7 @@ dependencies = [
|
||||
"aws-smithy-types",
|
||||
"base64",
|
||||
"bincode 2.0.1",
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"bm25",
|
||||
"bytes",
|
||||
"chrono",
|
||||
@@ -1556,7 +1562,7 @@ version = "0.29.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d8b9f2e4c67f833b660cdb0a3523065869fb35570177239812ed4c905aeff87b"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"crossterm_winapi",
|
||||
"derive_more 2.1.1",
|
||||
"document-features",
|
||||
@@ -1727,6 +1733,38 @@ dependencies = [
|
||||
"syn",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "defmt"
|
||||
version = "1.1.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a6e524506490a1953d237cb87b1cfc1e46f88c18f10a22dfe0f507dc6bfc7f7f"
|
||||
dependencies = [
|
||||
"bitflags 1.3.2",
|
||||
"defmt-macros",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "defmt-macros"
|
||||
version = "1.1.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f0a27770e9c8f719a79d8b638281f4d828f77d8fd61e0bd94451b9b85e576a0b"
|
||||
dependencies = [
|
||||
"defmt-parser",
|
||||
"proc-macro-error2",
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"syn",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "defmt-parser"
|
||||
version = "1.0.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "10d60334b3b2e7c9d91ef8150abfb6fa4c1c39ebbcf4a81c2e346aad939fee3e"
|
||||
dependencies = [
|
||||
"thiserror 2.0.18",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "der"
|
||||
version = "0.7.10"
|
||||
@@ -1872,7 +1910,7 @@ version = "0.3.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "1e0e367e4e7da84520dedcac1901e4da967309406d1e51017ae1abfb97adbd38"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"objc2",
|
||||
]
|
||||
|
||||
@@ -2406,16 +2444,14 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "getrandom"
|
||||
version = "0.4.2"
|
||||
version = "0.4.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "0de51e6874e94e7bf76d726fc5d13ba782deca734ff60d5bb2fb2607c7406555"
|
||||
checksum = "300e883d756b2e4ec94e02791f39b04b522276138852cfc41d9fb7e904106099"
|
||||
dependencies = [
|
||||
"cfg-if",
|
||||
"libc",
|
||||
"r-efi 6.0.0",
|
||||
"rand_core 0.10.1",
|
||||
"wasip2",
|
||||
"wasip3",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@@ -2500,9 +2536,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "h2"
|
||||
version = "0.4.14"
|
||||
version = "0.4.15"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "171fefbc92fe4a4de27e0698d6a5b392d6a0e333506bc49133760b3bcf948733"
|
||||
checksum = "6cb093c84e8bd9b188d4c4a8cb6579fc016968d14c99882163cd3ff402a4f155"
|
||||
dependencies = [
|
||||
"atomic-waker",
|
||||
"bytes",
|
||||
@@ -2780,7 +2816,7 @@ dependencies = [
|
||||
"bytes",
|
||||
"futures-channel",
|
||||
"futures-core",
|
||||
"h2 0.4.14",
|
||||
"h2 0.4.15",
|
||||
"http 1.4.2",
|
||||
"http-body 1.0.1",
|
||||
"httparse",
|
||||
@@ -2816,7 +2852,7 @@ dependencies = [
|
||||
"http 1.4.2",
|
||||
"hyper 1.10.1",
|
||||
"hyper-util",
|
||||
"rustls 0.23.40",
|
||||
"rustls 0.23.41",
|
||||
"rustls-native-certs",
|
||||
"tokio",
|
||||
"tokio-rustls 0.26.4",
|
||||
@@ -2981,12 +3017,6 @@ dependencies = [
|
||||
"zerovec",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "id-arena"
|
||||
version = "2.3.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "3d3067d79b975e8844ca9eb072e16b31c3c1c36928edf9c6789548c524d0d954"
|
||||
|
||||
[[package]]
|
||||
name = "ident_case"
|
||||
version = "1.0.1"
|
||||
@@ -3074,7 +3104,7 @@ version = "0.9.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "6654738b8024300cf062d04a1c13c10c8e2cea598ec1c47dc9b6641159429756"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"crossterm",
|
||||
"dyn-clone",
|
||||
"fuzzy-matcher",
|
||||
@@ -3120,11 +3150,11 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "is_executable"
|
||||
version = "1.0.5"
|
||||
version = "1.0.6"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "baabb8b4867b26294d818bf3f651a454b6901431711abb96e296245888d6e8c4"
|
||||
checksum = "82cb6a9f675da968c63b6208c641b9dca58fc0133ae53375736b1767b0cab8bd"
|
||||
dependencies = [
|
||||
"windows-sys 0.60.2",
|
||||
"windows-sys 0.61.2",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@@ -3159,10 +3189,11 @@ checksum = "8f42a60cbdf9a97f5d2305f08a87dc4e09308d1276d28c869c684d7777685682"
|
||||
|
||||
[[package]]
|
||||
name = "jiff"
|
||||
version = "0.2.28"
|
||||
version = "0.2.29"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "4603d3033e49e2b0e31229fcab20a5d40089c607d975cd9c80551dc69eed9102"
|
||||
checksum = "34f877a98676d2fb664698d74cc6a51ce6c484ce8c770f05d0108ec9090aeb46"
|
||||
dependencies = [
|
||||
"defmt",
|
||||
"jiff-static",
|
||||
"log",
|
||||
"portable-atomic",
|
||||
@@ -3172,9 +3203,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "jiff-static"
|
||||
version = "0.2.28"
|
||||
version = "0.2.29"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "782d32378dddf207193ac91cefb848ad41abb58195c95168e1291227a0832b47"
|
||||
checksum = "0666b5ab5ecaca213fc2a85b8c0083d9004e84ee2d5f9a7e0017aaf50986f25f"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
@@ -3242,9 +3273,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "js-sys"
|
||||
version = "0.3.100"
|
||||
version = "0.3.102"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f2025f20d7a4fa7785846e7b63d10a76d3f1cee98ee5cb79ea59703f95e42162"
|
||||
checksum = "03d04c30968dffe80775bd4d7fb676131cd04a1fb46d2686dbffbaec2d9dfd31"
|
||||
dependencies = [
|
||||
"cfg-if",
|
||||
"futures-util",
|
||||
@@ -3296,12 +3327,6 @@ version = "1.5.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
|
||||
|
||||
[[package]]
|
||||
name = "leb128fmt"
|
||||
version = "0.1.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2"
|
||||
|
||||
[[package]]
|
||||
name = "libc"
|
||||
version = "0.2.186"
|
||||
@@ -3356,9 +3381,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "log"
|
||||
version = "0.4.32"
|
||||
version = "0.4.33"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "953f07c43838f8e6f9758cab68bf5bed85465e7587ebe0b823f1bcd81978ad3a"
|
||||
checksum = "0ceec5bc11778974d1bcb055b18002eba7f4b3518b6a0081b3af5f21666da9ad"
|
||||
dependencies = [
|
||||
"serde_core",
|
||||
]
|
||||
@@ -3532,7 +3557,7 @@ version = "0.7.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "4ecce9d566cb9234ae3db9e249c8b55665feaaf32b0859ff1e27e310d2beb3d8"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"combine",
|
||||
"libc",
|
||||
"mach2",
|
||||
@@ -3584,7 +3609,7 @@ version = "0.30.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "74523f3a35e05aba87a1d978330aef40f67b0304ac79c1c00b294c9830543db6"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"cfg-if",
|
||||
"cfg_aliases",
|
||||
"libc",
|
||||
@@ -3596,7 +3621,7 @@ version = "0.31.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "cf20d2fde8ff38632c426f1165ed7436270b44f199fc55284c38276f9db47c3d"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"cfg-if",
|
||||
"cfg_aliases",
|
||||
"libc",
|
||||
@@ -3698,7 +3723,7 @@ version = "0.3.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d49e936b501e5c5bf01fda3a9452ff86dc3ea98ad5f283e1455153142d97518c"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"objc2",
|
||||
"objc2-core-graphics",
|
||||
"objc2-foundation",
|
||||
@@ -3710,7 +3735,7 @@ version = "0.3.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "73ad74d880bb43877038da939b7427bba67e9dd42004a18b809ba7d87cee241c"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"objc2",
|
||||
"objc2-foundation",
|
||||
]
|
||||
@@ -3731,7 +3756,7 @@ version = "0.3.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "2a180dd8642fa45cdb7dd721cd4c11b1cadd4929ce112ebd8b9f5803cc79d536"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"dispatch2",
|
||||
"objc2",
|
||||
]
|
||||
@@ -3742,7 +3767,7 @@ version = "0.3.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "e022c9d066895efa1345f8e33e584b9f958da2fd4cd116792e15e07e4720a807"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"dispatch2",
|
||||
"objc2",
|
||||
"objc2-core-foundation",
|
||||
@@ -3775,7 +3800,7 @@ version = "0.3.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "0cde0dfb48d25d2b4862161a4d5fcc0e3c24367869ad306b0c9ec0073bfed92d"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"objc2",
|
||||
"objc2-core-foundation",
|
||||
"objc2-core-graphics",
|
||||
@@ -3793,7 +3818,7 @@ version = "0.3.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "e3e0adef53c21f888deb4fa59fc59f7eb17404926ee8a6f59f5df0fd7f9f3272"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"block2",
|
||||
"libc",
|
||||
"objc2",
|
||||
@@ -3816,7 +3841,7 @@ version = "0.3.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "180788110936d59bab6bd83b6060ffdfffb3b922ba1396b312ae795e1de9d81d"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"objc2",
|
||||
"objc2-core-foundation",
|
||||
]
|
||||
@@ -3827,7 +3852,7 @@ version = "0.3.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "96c1358452b371bf9f104e21ec536d37a650eb10f7ee379fff67d2e08d537f1f"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"objc2",
|
||||
"objc2-core-foundation",
|
||||
"objc2-foundation",
|
||||
@@ -3839,7 +3864,7 @@ version = "0.3.2"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d87d638e33c06f577498cbcc50491496a3ed4246998a7fbba7ccb98b1e7eab22"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"block2",
|
||||
"objc2",
|
||||
"objc2-cloud-kit",
|
||||
@@ -3891,7 +3916,7 @@ version = "6.5.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "0cc3cbf698f9438986c11a880c90a6d04b9de27575afd28bbf45b154b6c709e2"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"libc",
|
||||
"once_cell",
|
||||
"onig_sys",
|
||||
@@ -3926,11 +3951,11 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "openssl"
|
||||
version = "0.10.80"
|
||||
version = "0.10.81"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a45fa2aa886c42762255da344f0a0d313e254066c46aad76f300c3d3da62d967"
|
||||
checksum = "77823a27f0babb03091cb9ed9ef80af3b39dbc82f97e8fa530374b7dafd87a45"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"cfg-if",
|
||||
"foreign-types",
|
||||
"libc",
|
||||
@@ -3966,9 +3991,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "openssl-sys"
|
||||
version = "0.9.116"
|
||||
version = "0.9.117"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f28a22dc7140cda5f096e5e7724a6962ca81a7f8bfd2979f9b18c11af56318c4"
|
||||
checksum = "b47e7e6bb2c38cd930d25a23b40fa52e068c10e85f3e03a7f5ba5aaca5713695"
|
||||
dependencies = [
|
||||
"cc",
|
||||
"libc",
|
||||
@@ -4406,9 +4431,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "quinn"
|
||||
version = "0.11.9"
|
||||
version = "0.11.11"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b9e20a958963c291dc322d98411f541009df2ced7b5a4f2bd52337638cfccf20"
|
||||
checksum = "0c1a41e437b6bbd489372cd4971de128e85c855f56c57f283d20ff016cf7c0a8"
|
||||
dependencies = [
|
||||
"bytes",
|
||||
"cfg_aliases",
|
||||
@@ -4416,7 +4441,7 @@ dependencies = [
|
||||
"quinn-proto",
|
||||
"quinn-udp",
|
||||
"rustc-hash",
|
||||
"rustls 0.23.40",
|
||||
"rustls 0.23.41",
|
||||
"socket2 0.6.4",
|
||||
"thiserror 2.0.18",
|
||||
"tokio",
|
||||
@@ -4426,9 +4451,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "quinn-proto"
|
||||
version = "0.11.14"
|
||||
version = "0.11.15"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "434b42fec591c96ef50e21e886936e66d3cc3f737104fdb9b737c40ffb94c098"
|
||||
checksum = "4fcb935c5bec503c2f0e306bdd3e58bb9029dcb14fa8d9ac76e3a5256ac0763e"
|
||||
dependencies = [
|
||||
"aws-lc-rs",
|
||||
"bytes",
|
||||
@@ -4437,7 +4462,7 @@ dependencies = [
|
||||
"rand 0.9.4",
|
||||
"ring",
|
||||
"rustc-hash",
|
||||
"rustls 0.23.40",
|
||||
"rustls 0.23.41",
|
||||
"rustls-pki-types",
|
||||
"slab",
|
||||
"thiserror 2.0.18",
|
||||
@@ -4462,9 +4487,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "quote"
|
||||
version = "1.0.45"
|
||||
version = "1.0.46"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924"
|
||||
checksum = "dfbc457d0c7a0759a614551b11a6409e5951f6c7537be1f1b7682b9ae9230368"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
]
|
||||
@@ -4506,8 +4531,8 @@ version = "0.10.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d2e8e8bcc7961af1fdac401278c6a831614941f6164ee3bf4ce61b7edb162207"
|
||||
dependencies = [
|
||||
"chacha20 0.10.0",
|
||||
"getrandom 0.4.2",
|
||||
"chacha20 0.10.1",
|
||||
"getrandom 0.4.3",
|
||||
"rand_core 0.10.1",
|
||||
]
|
||||
|
||||
@@ -4571,7 +4596,7 @@ version = "0.5.18"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ed2bf2547551a7053d6fdfafda3f938979645c44812fbfcda098faae3f1a362d"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
@@ -4683,7 +4708,7 @@ dependencies = [
|
||||
"native-tls",
|
||||
"percent-encoding",
|
||||
"pin-project-lite",
|
||||
"rustls 0.23.40",
|
||||
"rustls 0.23.41",
|
||||
"rustls-native-certs",
|
||||
"rustls-pki-types",
|
||||
"serde",
|
||||
@@ -4715,7 +4740,7 @@ dependencies = [
|
||||
"futures-channel",
|
||||
"futures-core",
|
||||
"futures-util",
|
||||
"h2 0.4.14",
|
||||
"h2 0.4.15",
|
||||
"http 1.4.2",
|
||||
"http-body 1.0.1",
|
||||
"http-body-util",
|
||||
@@ -4730,7 +4755,7 @@ dependencies = [
|
||||
"percent-encoding",
|
||||
"pin-project-lite",
|
||||
"quinn",
|
||||
"rustls 0.23.40",
|
||||
"rustls 0.23.41",
|
||||
"rustls-pki-types",
|
||||
"rustls-platform-verifier",
|
||||
"serde",
|
||||
@@ -4776,9 +4801,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "rmcp"
|
||||
version = "1.7.0"
|
||||
version = "1.8.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "0810a9f717d9828f475fe1f629f4c305c8464b7f496c3a854b58d29e65f4058e"
|
||||
checksum = "1d1f571c72940a19d9532fe52dbea8bc9912bf1d766c2970bb824056b86f3f59"
|
||||
dependencies = [
|
||||
"async-trait",
|
||||
"base64",
|
||||
@@ -4803,9 +4828,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "rmcp-macros"
|
||||
version = "1.7.0"
|
||||
version = "1.8.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "6aefac48c364756e97f04c0401ba3231e8607882c7c1d92da0437dc16307904d"
|
||||
checksum = "1aad0035b69380782d78ea95b508327e6deaa2235909053e596eea8f27b5e1d5"
|
||||
dependencies = [
|
||||
"darling 0.23.0",
|
||||
"proc-macro2",
|
||||
@@ -4912,7 +4937,7 @@ version = "1.1.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b6fe4565b9518b83ef4f91bb47ce29620ca828bd32cb7e408f0062e9930ba190"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"errno",
|
||||
"libc",
|
||||
"linux-raw-sys",
|
||||
@@ -4933,9 +4958,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "rustls"
|
||||
version = "0.23.40"
|
||||
version = "0.23.41"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ef86cd5876211988985292b91c96a8f2d298df24e75989a43a3c73f2d4d8168b"
|
||||
checksum = "6b92b125634d9b795e7beca796cc790df15a7fb38323bf3196fda83292d06b1f"
|
||||
dependencies = [
|
||||
"aws-lc-rs",
|
||||
"log",
|
||||
@@ -4980,7 +5005,7 @@ dependencies = [
|
||||
"jni",
|
||||
"log",
|
||||
"once_cell",
|
||||
"rustls 0.23.40",
|
||||
"rustls 0.23.41",
|
||||
"rustls-native-certs",
|
||||
"rustls-platform-verifier-android",
|
||||
"rustls-webpki 0.103.13",
|
||||
@@ -5143,7 +5168,7 @@ version = "3.7.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b7f4bc775c73d9a02cde8bf7b2ec4c9d12743edf609006c7facc23998404cd1d"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"core-foundation",
|
||||
"core-foundation-sys",
|
||||
"libc",
|
||||
@@ -5166,7 +5191,7 @@ version = "0.26.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "fd568a4c9bb598e291a08244a5c1f5a8a6650bee243b5b0f8dbb3d9cc1d87fe8"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"cssparser",
|
||||
"derive_more 0.99.20",
|
||||
"fxhash",
|
||||
@@ -5561,9 +5586,9 @@ checksum = "8ed6a63f02c8539c91a8685a86f4099661ba3da017932f6ebbea6de3f0fa7c90"
|
||||
|
||||
[[package]]
|
||||
name = "smawk"
|
||||
version = "0.3.2"
|
||||
version = "0.3.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b7c388c1b5e93756d0c740965c41e8822f866621d41acbdf6336a6a168f8840c"
|
||||
checksum = "e8e2fb0f499abb4d162f2bedad68f5ef91a1682b5a03596ddb67efd37768d100"
|
||||
|
||||
[[package]]
|
||||
name = "socket2"
|
||||
@@ -5709,9 +5734,9 @@ checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
|
||||
|
||||
[[package]]
|
||||
name = "syn"
|
||||
version = "2.0.117"
|
||||
version = "2.0.118"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99"
|
||||
checksum = "1b9ae57f904213ebb649ce6895b8a66c66f0203b9319718f69a5612a065b1422"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
@@ -5773,7 +5798,7 @@ version = "0.6.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "01198a2debb237c62b6826ec7081082d951f46dbb64b0e8c7649a452230d1dfc"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"byteorder",
|
||||
"enum-as-inner",
|
||||
"libc",
|
||||
@@ -5813,7 +5838,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "32497e9a4c7b38532efcdebeef879707aa9f794296a4f0244f6f69e9bc8574bd"
|
||||
dependencies = [
|
||||
"fastrand",
|
||||
"getrandom 0.4.2",
|
||||
"getrandom 0.4.3",
|
||||
"once_cell",
|
||||
"rustix",
|
||||
"windows-sys 0.61.2",
|
||||
@@ -6056,7 +6081,7 @@ version = "0.26.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "1729aa945f29d91ba541258c8df89027d5792d85a8841fb65e8bf0f4ede4ef61"
|
||||
dependencies = [
|
||||
"rustls 0.23.40",
|
||||
"rustls 0.23.41",
|
||||
"tokio",
|
||||
]
|
||||
|
||||
@@ -6121,7 +6146,7 @@ dependencies = [
|
||||
"axum",
|
||||
"base64",
|
||||
"bytes",
|
||||
"h2 0.4.14",
|
||||
"h2 0.4.15",
|
||||
"http 1.4.2",
|
||||
"http-body 1.0.1",
|
||||
"http-body-util",
|
||||
@@ -6179,7 +6204,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "4cfcf7e2740e6fc6d4d688b4ef00650406bb94adf4731e43c096c3a19fe40840"
|
||||
dependencies = [
|
||||
"async-compression",
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"bytes",
|
||||
"futures-core",
|
||||
"futures-util",
|
||||
@@ -6452,7 +6477,7 @@ dependencies = [
|
||||
"flate2",
|
||||
"log",
|
||||
"percent-encoding",
|
||||
"rustls 0.23.40",
|
||||
"rustls 0.23.41",
|
||||
"rustls-pki-types",
|
||||
"serde",
|
||||
"serde_json",
|
||||
@@ -6522,7 +6547,7 @@ version = "1.23.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "144d6b123cef80b301b8f72a9e2ca4370ddec21950d0a103dd22c437006d2db7"
|
||||
dependencies = [
|
||||
"getrandom 0.4.2",
|
||||
"getrandom 0.4.3",
|
||||
"js-sys",
|
||||
"wasm-bindgen",
|
||||
]
|
||||
@@ -6611,27 +6636,18 @@ checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b"
|
||||
|
||||
[[package]]
|
||||
name = "wasip2"
|
||||
version = "1.0.3+wasi-0.2.9"
|
||||
version = "1.0.4+wasi-0.2.12"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "20064672db26d7cdc89c7798c48a0fdfac8213434a1186e5ef29fd560ae223d6"
|
||||
checksum = "b67efb37e106e55ce722a510d6b5f9c17f083e5fc79afc2badeb12cc313d9487"
|
||||
dependencies = [
|
||||
"wit-bindgen 0.57.1",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wasip3"
|
||||
version = "0.4.0+wasi-0.3.0-rc-2026-01-06"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "5428f8bf88ea5ddc08faddef2ac4a67e390b88186c703ce6dbd955e1c145aca5"
|
||||
dependencies = [
|
||||
"wit-bindgen 0.51.0",
|
||||
"wit-bindgen",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wasm-bindgen"
|
||||
version = "0.2.123"
|
||||
version = "0.2.125"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a254a4b10c19a76f09a27640e7ffbf9bc30bf67e16a3bf28aaefa4920fe81563"
|
||||
checksum = "8ddb3f79143bced6de84270411622a2699cee572fc0875aeaf1e7867cf9fca1a"
|
||||
dependencies = [
|
||||
"cfg-if",
|
||||
"once_cell",
|
||||
@@ -6642,9 +6658,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "wasm-bindgen-futures"
|
||||
version = "0.4.73"
|
||||
version = "0.4.75"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "54568702fabf5d4849ce2b90fadfa64168a097eaf4b351ce9df8b687a0086aaf"
|
||||
checksum = "503b14d284f2c8dac03b819967e155ea753f573586193b2b2c95990cb5d69280"
|
||||
dependencies = [
|
||||
"js-sys",
|
||||
"wasm-bindgen",
|
||||
@@ -6652,9 +6668,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "wasm-bindgen-macro"
|
||||
version = "0.2.123"
|
||||
version = "0.2.125"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "24a40fc75b0ec6f3746ceb10d36f53a93dcd68a93b11b6445983945d79eba0dc"
|
||||
checksum = "4e21a184b13fb19e157296e2c46056aec9092264fab83e4ba59e68c61b323c3d"
|
||||
dependencies = [
|
||||
"quote",
|
||||
"wasm-bindgen-macro-support",
|
||||
@@ -6662,9 +6678,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "wasm-bindgen-macro-support"
|
||||
version = "0.2.123"
|
||||
version = "0.2.125"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "908f34bd9b9ce3d4caf07b72dfab63d61504d156856c6bd3cd87fa350cf3985b"
|
||||
checksum = "fecefd9c35bd935a20fc3fc344b5f29138961e4f47fb03297d88f2587afb5ebd"
|
||||
dependencies = [
|
||||
"bumpalo",
|
||||
"proc-macro2",
|
||||
@@ -6675,35 +6691,13 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "wasm-bindgen-shared"
|
||||
version = "0.2.123"
|
||||
version = "0.2.125"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "7acbf7616c27b194bbb550bf77ed0c2c3e5b7fd1260a93082b95fb7f47959b92"
|
||||
checksum = "23939e44bb9a5d7576fa2b563dc2e136628f1224e88a8deed09e04858b77871f"
|
||||
dependencies = [
|
||||
"unicode-ident",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wasm-encoder"
|
||||
version = "0.244.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "990065f2fe63003fe337b932cfb5e3b80e0b4d0f5ff650e6985b1048f62c8319"
|
||||
dependencies = [
|
||||
"leb128fmt",
|
||||
"wasmparser",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wasm-metadata"
|
||||
version = "0.244.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "bb0e353e6a2fbdc176932bbaab493762eb1255a7900fe0fea1a2f96c296cc909"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"indexmap 2.14.0",
|
||||
"wasm-encoder",
|
||||
"wasmparser",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wasm-streams"
|
||||
version = "0.4.2"
|
||||
@@ -6730,18 +6724,6 @@ dependencies = [
|
||||
"web-sys",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wasmparser"
|
||||
version = "0.244.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"hashbrown 0.15.5",
|
||||
"indexmap 2.14.0",
|
||||
"semver",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wayland-backend"
|
||||
version = "0.3.15"
|
||||
@@ -6761,7 +6743,7 @@ version = "0.31.14"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "645c7c96bb74690c3189b5c9cb4ca1627062bb23693a4fad9d8c3de958260144"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"rustix",
|
||||
"wayland-backend",
|
||||
"wayland-scanner",
|
||||
@@ -6769,11 +6751,11 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "wayland-protocols"
|
||||
version = "0.32.12"
|
||||
version = "0.32.13"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "563a85523cade2429938e790815fd7319062103b9f4a2dc806e9b53b95982d8f"
|
||||
checksum = "23d0c813de3daa2ed6520af85a3bd49b0e722a3078506899aa9686fea58dc4b6"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"wayland-backend",
|
||||
"wayland-client",
|
||||
"wayland-scanner",
|
||||
@@ -6785,7 +6767,7 @@ version = "0.3.12"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "eb04e52f7836d7c7976c78ca0250d61e33873c34156a2a1fc9474828ec268234"
|
||||
dependencies = [
|
||||
"bitflags",
|
||||
"bitflags 2.13.0",
|
||||
"wayland-backend",
|
||||
"wayland-client",
|
||||
"wayland-protocols",
|
||||
@@ -6814,9 +6796,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "web-sys"
|
||||
version = "0.3.100"
|
||||
version = "0.3.102"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "6e0871acf327f283dc6da28a1696cdc64fb355ba9f935d052021fa77f35cce69"
|
||||
checksum = "a6430a72df5eb332242960fe84b3002a241163998241eb596d4f739b9757061d"
|
||||
dependencies = [
|
||||
"js-sys",
|
||||
"wasm-bindgen",
|
||||
@@ -6834,27 +6816,27 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "webpki-root-certs"
|
||||
version = "1.0.7"
|
||||
version = "1.0.8"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "f31141ce3fc3e300ae89b78c0dd67f9708061d1d2eda54b8209346fd6be9a92c"
|
||||
checksum = "0d46a5a140e6f7afeccd8eae97eff335163939eac8b929834875168b29b3d267"
|
||||
dependencies = [
|
||||
"rustls-pki-types",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "webpki-roots"
|
||||
version = "1.0.7"
|
||||
version = "1.0.8"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "52f5ee44c96cf55f1b349600768e3ece3a8f26010c05265ab73f945bb1a2eb9d"
|
||||
checksum = "bf85cb06032201fa7c6f829d7db5a7e5aa45bcc0655327713065f6f0576731bf"
|
||||
dependencies = [
|
||||
"rustls-pki-types",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "which"
|
||||
version = "8.0.3"
|
||||
version = "8.0.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "c789537cf2f7f55be8e6192f92e464174ee55f91af622777f7f1ceb0dbccd03e"
|
||||
checksum = "48d7cd18d4acb58fb3cdfe9ea54e6cd96a4e7d4cc45c56338b236e82dad47248"
|
||||
dependencies = [
|
||||
"libc",
|
||||
]
|
||||
@@ -7237,100 +7219,12 @@ version = "0.53.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d6bbff5f0aada427a1e5a6da5f1f98158182f26556f345ac9e04d36d0ebed650"
|
||||
|
||||
[[package]]
|
||||
name = "wit-bindgen"
|
||||
version = "0.51.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5"
|
||||
dependencies = [
|
||||
"wit-bindgen-rust-macro",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wit-bindgen"
|
||||
version = "0.57.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "1ebf944e87a7c253233ad6766e082e3cd714b5d03812acc24c318f549614536e"
|
||||
|
||||
[[package]]
|
||||
name = "wit-bindgen-core"
|
||||
version = "0.51.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ea61de684c3ea68cb082b7a88508a8b27fcc8b797d738bfc99a82facf1d752dc"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"heck",
|
||||
"wit-parser",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wit-bindgen-rust"
|
||||
version = "0.51.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b7c566e0f4b284dd6561c786d9cb0142da491f46a9fbed79ea69cdad5db17f21"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"heck",
|
||||
"indexmap 2.14.0",
|
||||
"prettyplease",
|
||||
"syn",
|
||||
"wasm-metadata",
|
||||
"wit-bindgen-core",
|
||||
"wit-component",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wit-bindgen-rust-macro"
|
||||
version = "0.51.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "0c0f9bfd77e6a48eccf51359e3ae77140a7f50b1e2ebfe62422d8afdaffab17a"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"prettyplease",
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
"syn",
|
||||
"wit-bindgen-core",
|
||||
"wit-bindgen-rust",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wit-component"
|
||||
version = "0.244.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"bitflags",
|
||||
"indexmap 2.14.0",
|
||||
"log",
|
||||
"serde",
|
||||
"serde_derive",
|
||||
"serde_json",
|
||||
"wasm-encoder",
|
||||
"wasm-metadata",
|
||||
"wasmparser",
|
||||
"wit-parser",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wit-parser"
|
||||
version = "0.244.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ecc8ac4bc1dc3381b7f59c34f00b67e18f910c2c0f50015669dde7def656a736"
|
||||
dependencies = [
|
||||
"anyhow",
|
||||
"id-arena",
|
||||
"indexmap 2.14.0",
|
||||
"log",
|
||||
"semver",
|
||||
"serde",
|
||||
"serde_derive",
|
||||
"serde_json",
|
||||
"unicode-xid",
|
||||
"wasmparser",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "wl-clipboard-rs"
|
||||
version = "0.9.3"
|
||||
@@ -7477,18 +7371,18 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "zeroize"
|
||||
version = "1.8.2"
|
||||
version = "1.9.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0"
|
||||
checksum = "e13c156562582aa81c60cb29407084cdb54c4164760106ab78e6c5b0858cf64e"
|
||||
dependencies = [
|
||||
"zeroize_derive",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "zeroize_derive"
|
||||
version = "1.4.3"
|
||||
version = "1.5.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "85a5b4158499876c763cb03bc4e49185d3cccbabb15b33c627f7884f43db852e"
|
||||
checksum = "3c50655cbb0fe3fc43170059e702f1ce5e19b84cec58dc87b037a09935c2f328"
|
||||
dependencies = [
|
||||
"proc-macro2",
|
||||
"quote",
|
||||
@@ -7556,9 +7450,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "zlib-rs"
|
||||
version = "0.6.3"
|
||||
version = "0.6.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "3be3d40e40a133f9c916ee3f9f4fa2d9d63435b5fbe1bfc6d9dae0aa0ada1513"
|
||||
checksum = "977347db8caa080403f6b6b7c1cda9479a8e869316f7e13a59b19076a40f94e3"
|
||||
|
||||
[[package]]
|
||||
name = "zmij"
|
||||
|
||||
+1
-1
@@ -1,6 +1,6 @@
|
||||
[package]
|
||||
name = "coyote-ai"
|
||||
version = "0.6.0"
|
||||
version = "0.7.3"
|
||||
edition = "2024"
|
||||
authors = ["Alex Clarke <alex.j.tusa@gmail.com>"]
|
||||
description = "An all-in-one, batteries included LLM CLI Tool"
|
||||
|
||||
@@ -25,6 +25,7 @@ Coming from [AIChat](https://github.com/sigoden/aichat)? Follow the [migration g
|
||||
* [REPL](https://github.com/Dark-Alex-17/coyote/wiki/REPL): Interactive Read-Eval-Print Loop for conversational interactions with LLMs and Coyote.
|
||||
* [Custom REPL Prompt](https://github.com/Dark-Alex-17/coyote/wiki/REPL-Prompt): Customize the REPL prompt to provide useful contextual information.
|
||||
* [Vault](https://github.com/Dark-Alex-17/coyote/wiki/Vault): Securely store and manage sensitive information such as API keys and credentials.
|
||||
* [Sandboxes](https://github.com/Dark-Alex-17/coyote/wiki/Sandboxes): Launch Coyote inside an isolated [Docker Sandbox](https://docs.docker.com/ai/sandboxes/) with one command. Host config and vault credentials are projected in automatically; everything else is delegated to the `sbx` CLI.
|
||||
* [Shell Integrations](https://github.com/Dark-Alex-17/coyote/wiki/Shell-Integrations): Seamlessly integrate Coyote with your shell environment for enhanced command-line assistance.
|
||||
* [Function Calling](https://github.com/Dark-Alex-17/coyote/wiki/Tools): Leverage function calling capabilities to extend Coyote's functionality with custom tools
|
||||
* [Creating Custom Tools](https://github.com/Dark-Alex-17/coyote/wiki/Custom-Tools): You can create your own custom tools to enhance Coyote's capabilities.
|
||||
|
||||
@@ -0,0 +1,44 @@
|
||||
schemaVersion: "1"
|
||||
kind: mixin
|
||||
name: built-in-tools
|
||||
description: >
|
||||
Installs binaries and allows network domains required by Coyote's built-in
|
||||
global tools and the default MCP server set. Auto-applied by Coyote's sbx
|
||||
mixin discovery when running `coyote --sandbox`.
|
||||
|
||||
network:
|
||||
allowedDomains:
|
||||
# fetch_url_via_jina + jina reader fallback
|
||||
- "r.jina.ai:443"
|
||||
# get_current_weather (.sh, .py, .ts)
|
||||
- "wttr.in:443"
|
||||
# search_arxiv (the .sh tool still uses http://, so :80 is required until fixed)
|
||||
- "export.arxiv.org:443"
|
||||
- "export.arxiv.org:80"
|
||||
# search_arxiv + search_wikipedia may follow DOI redirects
|
||||
- "doi.org:443"
|
||||
# search_wikipedia
|
||||
- "en.wikipedia.org:443"
|
||||
# search_wolframalpha
|
||||
- "api.wolframalpha.com:443"
|
||||
# web_search_perplexity
|
||||
- "api.perplexity.ai:443"
|
||||
# web_search_tavily
|
||||
- "api.tavily.com:443"
|
||||
# send_twilio
|
||||
- "api.twilio.com:443"
|
||||
# MCP: github (built-in mcp.json: api.githubcopilot.com)
|
||||
- "api.githubcopilot.com:443"
|
||||
# MCP: atlassian (built-in mcp.json: mcp-remote -> mcp.atlassian.com)
|
||||
- "mcp.atlassian.com:443"
|
||||
# MCP: ddg-search (built-in mcp.json: uvx duckduckgo-mcp-server)
|
||||
- "duckduckgo.com:443"
|
||||
- "html.duckduckgo.com:443"
|
||||
- "lite.duckduckgo.com:443"
|
||||
# MCP: npx-based servers (mcp-remote) pull from npm
|
||||
- "registry.npmjs.org:443"
|
||||
# MCP: docker server may pull images from common registries
|
||||
- "ghcr.io:443"
|
||||
- "registry-1.docker.io:443"
|
||||
- "auth.docker.io:443"
|
||||
- "production.cloudflare.docker.com:443"
|
||||
@@ -0,0 +1,326 @@
|
||||
# Docker sbx agent kit for Coyote
|
||||
#
|
||||
# Setup (paths use $HOME so commands work in bash/zsh/PowerShell/Git Bash):
|
||||
# sbx create --kit ./sbx-kit/ coyote --name testing .
|
||||
# sbx cp $HOME/.config/coyote/ testing:/home/agent/.config/
|
||||
# sbx cp $HOME/.coyote_password testing:/home/agent/
|
||||
# sbx run testing --kit ./sbx-kit/
|
||||
schemaVersion: "1"
|
||||
kind: agent
|
||||
name: coyote
|
||||
displayName: Coyote
|
||||
description: >
|
||||
An all-in-one, batteries-included LLM CLI tool featuring Shell Assistant,
|
||||
CLI & REPL mode, RAG, AI tools & agents, MCP servers, skills, and macros.
|
||||
|
||||
agent:
|
||||
image: "docker/sandbox-templates:shell-docker"
|
||||
aiFilename: COYOTE.md
|
||||
# persistence: persistent
|
||||
entrypoint:
|
||||
run: ["bash", "-lc", "exec /home/agent/.cargo/bin/coyote"]
|
||||
|
||||
network:
|
||||
# Proxy-managed LLM providers: the proxy substitutes `proxy-managed` for
|
||||
# the env var inside the sandbox and rewrites the auth header per
|
||||
# serviceAuth at request time. Multiple domains may map to one service
|
||||
# (e.g. jina) so they share a single credential.
|
||||
serviceDomains:
|
||||
api.openai.com: openai
|
||||
api.anthropic.com: anthropic
|
||||
generativelanguage.googleapis.com: gemini
|
||||
api.cohere.ai: cohere
|
||||
api.groq.com: groq
|
||||
openrouter.ai: openrouter
|
||||
api.ai21.com: ai21
|
||||
api.cloudflare.com: cloudflare
|
||||
api.deepinfra.com: deepinfra
|
||||
api.deepseek.com: deepseek
|
||||
api.mistral.ai: mistral
|
||||
api.perplexity.ai: perplexity
|
||||
api.voyageai.com: voyageai
|
||||
api.x.ai: xai
|
||||
api.jina.ai: jina
|
||||
r.jina.ai: jina
|
||||
qianfan.baidubce.com: ernie
|
||||
api.hunyuan.cloud.tencent.com: hunyuan
|
||||
api.minimax.chat: minimax
|
||||
api.moonshot.cn: moonshot
|
||||
dashscope.aliyuncs.com: qianwen
|
||||
open.bigmodel.cn: zhipuai
|
||||
serviceAuth:
|
||||
openai:
|
||||
headerName: Authorization
|
||||
valueFormat: "Bearer %s"
|
||||
anthropic:
|
||||
headerName: x-api-key
|
||||
valueFormat: "%s"
|
||||
gemini:
|
||||
headerName: x-goog-api-key
|
||||
valueFormat: "%s"
|
||||
cohere:
|
||||
headerName: Authorization
|
||||
valueFormat: "Bearer %s"
|
||||
groq:
|
||||
headerName: Authorization
|
||||
valueFormat: "Bearer %s"
|
||||
openrouter:
|
||||
headerName: Authorization
|
||||
valueFormat: "Bearer %s"
|
||||
ai21:
|
||||
headerName: Authorization
|
||||
valueFormat: "Bearer %s"
|
||||
cloudflare:
|
||||
headerName: Authorization
|
||||
valueFormat: "Bearer %s"
|
||||
deepinfra:
|
||||
headerName: Authorization
|
||||
valueFormat: "Bearer %s"
|
||||
deepseek:
|
||||
headerName: Authorization
|
||||
valueFormat: "Bearer %s"
|
||||
mistral:
|
||||
headerName: Authorization
|
||||
valueFormat: "Bearer %s"
|
||||
perplexity:
|
||||
headerName: Authorization
|
||||
valueFormat: "Bearer %s"
|
||||
voyageai:
|
||||
headerName: Authorization
|
||||
valueFormat: "Bearer %s"
|
||||
xai:
|
||||
headerName: Authorization
|
||||
valueFormat: "Bearer %s"
|
||||
jina:
|
||||
headerName: Authorization
|
||||
valueFormat: "Bearer %s"
|
||||
ernie:
|
||||
headerName: Authorization
|
||||
valueFormat: "Bearer %s"
|
||||
hunyuan:
|
||||
headerName: Authorization
|
||||
valueFormat: "Bearer %s"
|
||||
minimax:
|
||||
headerName: Authorization
|
||||
valueFormat: "Bearer %s"
|
||||
moonshot:
|
||||
headerName: Authorization
|
||||
valueFormat: "Bearer %s"
|
||||
qianwen:
|
||||
headerName: Authorization
|
||||
valueFormat: "Bearer %s"
|
||||
zhipuai:
|
||||
headerName: Authorization
|
||||
valueFormat: "Bearer %s"
|
||||
allowedDomains:
|
||||
# Coyote release + self-update + model-registry sync
|
||||
- "github.com:443"
|
||||
- "api.github.com:443"
|
||||
- "raw.githubusercontent.com:443"
|
||||
- "objects.githubusercontent.com:443"
|
||||
- "*.githubusercontent.com:443"
|
||||
# Coyote install paths (cargo install + uv + rustup + Python tool deps at runtime)
|
||||
- "crates.io:443"
|
||||
- "static.crates.io:443"
|
||||
- "pypi.org:443"
|
||||
- "files.pythonhosted.org:443"
|
||||
- "astral.sh:443"
|
||||
- "sh.rustup.rs:443"
|
||||
- "static.rust-lang.org:443"
|
||||
|
||||
# LLM model OAuth + API endpoints
|
||||
- "claude.ai:443"
|
||||
- "console.anthropic.com:443"
|
||||
- "accounts.google.com:443"
|
||||
# *.googleapis.com covers oauth2 + userinfo + VertexAI regional endpoints
|
||||
# (*-aiplatform.googleapis.com). Do not narrow without re-checking VertexAI.
|
||||
- "*.googleapis.com:443"
|
||||
|
||||
# Bedrock and GitHub Models use signed / GitHub-PAT auth that the proxy
|
||||
# cannot rewrite. Domains are allow-listed; credentials must be injected
|
||||
# separately (see README "Extending").
|
||||
- "*.amazonaws.com:443"
|
||||
- "models.inference.ai.azure.com:443"
|
||||
|
||||
credentials:
|
||||
sources:
|
||||
openai:
|
||||
env:
|
||||
- OPENAI_API_KEY
|
||||
anthropic:
|
||||
env:
|
||||
- ANTHROPIC_API_KEY
|
||||
gemini:
|
||||
env:
|
||||
- GEMINI_API_KEY
|
||||
- GOOGLE_API_KEY
|
||||
cohere:
|
||||
env:
|
||||
- COHERE_API_KEY
|
||||
groq:
|
||||
env:
|
||||
- GROQ_API_KEY
|
||||
openrouter:
|
||||
env:
|
||||
- OPENROUTER_API_KEY
|
||||
ai21:
|
||||
env:
|
||||
- AI21_API_KEY
|
||||
cloudflare:
|
||||
env:
|
||||
- CLOUDFLARE_API_KEY
|
||||
deepinfra:
|
||||
env:
|
||||
- DEEPINFRA_API_KEY
|
||||
deepseek:
|
||||
env:
|
||||
- DEEPSEEK_API_KEY
|
||||
mistral:
|
||||
env:
|
||||
- MISTRAL_API_KEY
|
||||
perplexity:
|
||||
env:
|
||||
- PERPLEXITY_API_KEY
|
||||
voyageai:
|
||||
env:
|
||||
- VOYAGE_API_KEY
|
||||
xai:
|
||||
env:
|
||||
- XAI_API_KEY
|
||||
jina:
|
||||
env:
|
||||
- JINA_API_KEY
|
||||
ernie:
|
||||
env:
|
||||
- ERNIE_API_KEY
|
||||
hunyuan:
|
||||
env:
|
||||
- HUNYUAN_API_KEY
|
||||
minimax:
|
||||
env:
|
||||
- MINIMAX_API_KEY
|
||||
moonshot:
|
||||
env:
|
||||
- MOONSHOT_API_KEY
|
||||
qianwen:
|
||||
env:
|
||||
- DASHSCOPE_API_KEY
|
||||
zhipuai:
|
||||
env:
|
||||
- ZHIPUAI_API_KEY
|
||||
|
||||
environment:
|
||||
variables:
|
||||
IS_SANDBOX: "1"
|
||||
COYOTE_LOG_LEVEL: INFO
|
||||
proxyManaged:
|
||||
- OPENAI_API_KEY
|
||||
- ANTHROPIC_API_KEY
|
||||
- GEMINI_API_KEY
|
||||
- GOOGLE_API_KEY
|
||||
- COHERE_API_KEY
|
||||
- GROQ_API_KEY
|
||||
- OPENROUTER_API_KEY
|
||||
- AI21_API_KEY
|
||||
- CLOUDFLARE_API_KEY
|
||||
- DEEPINFRA_API_KEY
|
||||
- DEEPSEEK_API_KEY
|
||||
- MISTRAL_API_KEY
|
||||
- PERPLEXITY_API_KEY
|
||||
- VOYAGE_API_KEY
|
||||
- XAI_API_KEY
|
||||
- JINA_API_KEY
|
||||
- ERNIE_API_KEY
|
||||
- HUNYUAN_API_KEY
|
||||
- MINIMAX_API_KEY
|
||||
- MOONSHOT_API_KEY
|
||||
- DASHSCOPE_API_KEY
|
||||
- ZHIPUAI_API_KEY
|
||||
|
||||
commands:
|
||||
install:
|
||||
- command: |
|
||||
sudo apt-get update &&
|
||||
sudo apt-get install -y \
|
||||
jq curl git \
|
||||
build-essential pkg-config \
|
||||
cmake \
|
||||
clang libclang-dev \
|
||||
musl-tools \
|
||||
libssl-dev \
|
||||
pandoc \
|
||||
bzip2
|
||||
user: "1000"
|
||||
description: Install system prerequisites (including pandoc for fetch_url_via_curl)
|
||||
- command: "curl -LsSf https://astral.sh/uv/install.sh | sh"
|
||||
user: "1000"
|
||||
description: Install uv (required for Python-based custom tools)
|
||||
- command: |
|
||||
set -euo pipefail
|
||||
USQL_VERSION=$(curl -sSL https://api.github.com/repos/xo/usql/releases/latest | jq -r .tag_name | sed 's/^v//')
|
||||
ARCH=$(uname -m)
|
||||
case "$ARCH" in
|
||||
x86_64) USQL_ARCH=amd64 ;;
|
||||
aarch64) USQL_ARCH=arm64 ;;
|
||||
*) echo "Unsupported arch for usql install: $ARCH" >&2; exit 1 ;;
|
||||
esac
|
||||
TMPDIR=$(mktemp -d)
|
||||
trap 'rm -rf "$TMPDIR"' EXIT
|
||||
curl -sSL "https://github.com/xo/usql/releases/download/v${USQL_VERSION}/usql_static-${USQL_VERSION}-linux-${USQL_ARCH}.tar.bz2" -o "$TMPDIR/usql.tar.bz2"
|
||||
tar -xjf "$TMPDIR/usql.tar.bz2" -C "$TMPDIR"
|
||||
sudo install -m 0755 "$TMPDIR/usql_static" /usr/local/bin/usql
|
||||
user: "1000"
|
||||
description: Install the usql universal SQL CLI (used by the built-in sql agent and execute_sql_code tool)
|
||||
- command: |
|
||||
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | \
|
||||
sh -s -- -y \
|
||||
--default-toolchain stable \
|
||||
--profile minimal \
|
||||
--target x86_64-unknown-linux-musl
|
||||
. "$HOME/.cargo/env"
|
||||
cargo install --locked coyote-ai
|
||||
user: "1000"
|
||||
description: Install Coyote AI CLI via Rust's Cargo
|
||||
|
||||
startup:
|
||||
- command: ["sh", "-c", "test -f \"$HOME/.config/coyote/config.yaml\" || coyote --info >/dev/null 2>&1 || true"]
|
||||
user: "1000"
|
||||
background: false
|
||||
description: Bootstrap Coyote config directory on first sandbox start
|
||||
|
||||
memory: |
|
||||
## Sandbox environment
|
||||
|
||||
You are running inside a Docker sandbox launched via `sbx run coyote`. The
|
||||
user's project workspace is mounted at its absolute host path and is the
|
||||
current working directory. `sudo` is passwordless; use it for system
|
||||
package installs.
|
||||
|
||||
Coyote's configuration lives at `~/.config/coyote/` and logs at
|
||||
`~/.cache/coyote/coyote.log`. Persistence is enabled, so config, sessions,
|
||||
vault state, OAuth tokens, and installed tools survive sandbox restarts.
|
||||
|
||||
LLM provider credentials are forwarded by the sandbox HTTP proxy. The
|
||||
following provider env vars are recognized - export the ones you use on
|
||||
the host before running `sbx run coyote`:
|
||||
|
||||
OPENAI_API_KEY, ANTHROPIC_API_KEY, GEMINI_API_KEY / GOOGLE_API_KEY,
|
||||
COHERE_API_KEY, GROQ_API_KEY, OPENROUTER_API_KEY, AI21_API_KEY,
|
||||
CLOUDFLARE_API_KEY, DEEPINFRA_API_KEY, DEEPSEEK_API_KEY,
|
||||
MISTRAL_API_KEY, PERPLEXITY_API_KEY, VOYAGE_API_KEY, XAI_API_KEY,
|
||||
JINA_API_KEY, ERNIE_API_KEY, HUNYUAN_API_KEY, MINIMAX_API_KEY,
|
||||
MOONSHOT_API_KEY, DASHSCOPE_API_KEY (Qwen), ZHIPUAI_API_KEY
|
||||
|
||||
Inside the sandbox these appear as the placeholder string `proxy-managed`;
|
||||
the proxy substitutes the real value at request time. OAuth flows for
|
||||
Claude Pro/Max and Gemini are also allow-listed.
|
||||
|
||||
Bedrock (AWS) and VertexAI (Google Cloud) use signed/OAuth-token requests
|
||||
that the proxy cannot rewrite. Their domains are allow-listed but you must
|
||||
inject credentials yourself via `sbx run --env AWS_ACCESS_KEY_ID=...` or
|
||||
a mixin kit that mounts a service-account JSON.
|
||||
|
||||
Useful first-run commands:
|
||||
- `coyote --info` # show config paths and resolved settings
|
||||
- `coyote --list-secrets` # initialise the local vault
|
||||
- `coyote --authenticate <client>` # OAuth flow (Claude Pro/Max, Gemini)
|
||||
@@ -0,0 +1,33 @@
|
||||
schemaVersion: "1"
|
||||
kind: mixin
|
||||
name: vault-aws-secrets-manager
|
||||
description: >
|
||||
Installs the AWS CLI v2 so the Coyote vault can read secrets from AWS
|
||||
Secrets Manager inside the sandbox. The AWS Rust SDK does not strictly
|
||||
require the CLI, but most users authenticate via `aws sso login` or
|
||||
`aws configure`, which need the CLI to be installed. After install, run
|
||||
the appropriate auth command in the sandbox; cached credentials persist
|
||||
for the lifetime of the sandbox.
|
||||
|
||||
network:
|
||||
allowedDomains:
|
||||
- "awscli.amazonaws.com:443"
|
||||
- "sts.amazonaws.com:443"
|
||||
- "*.sts.amazonaws.com:443"
|
||||
- "*.secretsmanager.amazonaws.com:443"
|
||||
- "*.amazonaws.com:443"
|
||||
- "*.awsapps.com:443"
|
||||
|
||||
commands:
|
||||
install:
|
||||
- command: |
|
||||
set -euo pipefail
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y unzip
|
||||
ARCH=$(uname -m)
|
||||
curl -sSL "https://awscli.amazonaws.com/awscli-exe-linux-${ARCH}.zip" -o /tmp/awscliv2.zip
|
||||
unzip -q /tmp/awscliv2.zip -d /tmp
|
||||
sudo /tmp/aws/install
|
||||
rm -rf /tmp/awscliv2.zip /tmp/aws
|
||||
user: "1000"
|
||||
description: Install AWS CLI v2 from the official installer
|
||||
@@ -0,0 +1,24 @@
|
||||
schemaVersion: "1"
|
||||
kind: mixin
|
||||
name: vault-azure-key-vault
|
||||
description: >
|
||||
Installs the Azure CLI (`az`) so the Coyote vault can read secrets from
|
||||
Azure Key Vault inside the sandbox. After install, run `az login` in the
|
||||
sandbox to authenticate; the session token persists for the lifetime of
|
||||
the sandbox.
|
||||
|
||||
network:
|
||||
allowedDomains:
|
||||
- "aka.ms:443"
|
||||
- "packages.microsoft.com:443"
|
||||
- "azurecliprod.blob.core.windows.net:443"
|
||||
- "login.microsoftonline.com:443"
|
||||
- "graph.microsoft.com:443"
|
||||
- "management.azure.com:443"
|
||||
- "*.vault.azure.net:443"
|
||||
|
||||
commands:
|
||||
install:
|
||||
- command: "curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash"
|
||||
user: "1000"
|
||||
description: Install Azure CLI via Microsoft's official install script
|
||||
@@ -0,0 +1,34 @@
|
||||
schemaVersion: "1"
|
||||
kind: mixin
|
||||
name: vault-gcp-secret-manager
|
||||
description: >
|
||||
Installs the Google Cloud CLI (`gcloud`) so the Coyote vault can read
|
||||
secrets from GCP Secret Manager inside the sandbox. The GCP Rust SDK does
|
||||
not strictly require the CLI, but most users authenticate via
|
||||
`gcloud auth application-default login`, which needs the CLI to be
|
||||
installed. After install, run that command in the sandbox; the ADC file
|
||||
persists for the lifetime of the sandbox.
|
||||
|
||||
network:
|
||||
allowedDomains:
|
||||
- "packages.cloud.google.com:443"
|
||||
- "accounts.google.com:443"
|
||||
- "oauth2.googleapis.com:443"
|
||||
- "secretmanager.googleapis.com:443"
|
||||
- "cloudresourcemanager.googleapis.com:443"
|
||||
- "*.googleapis.com:443"
|
||||
|
||||
commands:
|
||||
install:
|
||||
- command: |
|
||||
set -euo pipefail
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y apt-transport-https ca-certificates gnupg
|
||||
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" \
|
||||
| sudo tee /etc/apt/sources.list.d/google-cloud-sdk.list >/dev/null
|
||||
curl -sSL https://packages.cloud.google.com/apt/doc/apt-key.gpg \
|
||||
| sudo gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y google-cloud-cli
|
||||
user: "1000"
|
||||
description: Install gcloud CLI from Google's official apt repository
|
||||
@@ -0,0 +1,30 @@
|
||||
schemaVersion: "1"
|
||||
kind: mixin
|
||||
name: vault-gopass
|
||||
description: >
|
||||
Installs `gopass` and `gpg` so the Coyote vault can read secrets from a
|
||||
gopass store inside the sandbox. The store must be cloned manually
|
||||
(gopass walks a user-specific git remote, so v1 only allowlists github.com
|
||||
and gitlab.com; add other hosts via a user mixin if needed). After install,
|
||||
run `gopass setup` or `gopass clone <remote>` in the sandbox.
|
||||
|
||||
network:
|
||||
allowedDomains:
|
||||
- "github.com:443"
|
||||
- "api.github.com:443"
|
||||
- "objects.githubusercontent.com:443"
|
||||
- "gitlab.com:443"
|
||||
|
||||
commands:
|
||||
install:
|
||||
- command: |
|
||||
set -euo pipefail
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y gnupg2 git
|
||||
GOPASS_VERSION="1.15.13"
|
||||
ARCH=$(dpkg --print-architecture)
|
||||
curl -sSL "https://github.com/gopasspw/gopass/releases/download/v${GOPASS_VERSION}/gopass_${GOPASS_VERSION}_linux_${ARCH}.deb" -o /tmp/gopass.deb
|
||||
sudo dpkg -i /tmp/gopass.deb
|
||||
rm -f /tmp/gopass.deb
|
||||
user: "1000"
|
||||
description: Install gnupg2, git, and gopass from the official .deb release
|
||||
@@ -0,0 +1,31 @@
|
||||
schemaVersion: "1"
|
||||
kind: mixin
|
||||
name: vault-one-password
|
||||
description: >
|
||||
Installs the 1Password CLI (`op`) so the Coyote vault can decrypt secrets
|
||||
inside the sandbox. After install, run `op signin` in the sandbox to
|
||||
authenticate; credentials persist for the lifetime of the sandbox.
|
||||
|
||||
network:
|
||||
allowedDomains:
|
||||
- "downloads.1password.com:443"
|
||||
- "cache.agilebits.com:443"
|
||||
- "my.1password.com:443"
|
||||
- "my.1password.eu:443"
|
||||
- "my.1password.ca:443"
|
||||
- "events.1password.com:443"
|
||||
|
||||
commands:
|
||||
install:
|
||||
- command: |
|
||||
set -euo pipefail
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y unzip
|
||||
OP_VERSION="v2.30.3"
|
||||
ARCH=$(dpkg --print-architecture)
|
||||
curl -sSL "https://cache.agilebits.com/dist/1P/op2/pkg/${OP_VERSION}/op_linux_${ARCH}_${OP_VERSION}.zip" -o /tmp/op.zip
|
||||
sudo unzip -od /usr/local/bin /tmp/op.zip op
|
||||
sudo chmod +x /usr/local/bin/op
|
||||
rm -f /tmp/op.zip
|
||||
user: "1000"
|
||||
description: Install 1Password CLI from the official archive
|
||||
+79
-2
@@ -6,7 +6,7 @@ use crate::cli::completer::{
|
||||
};
|
||||
use crate::config::{AssetCategory, InstallFilter, MemoryScope};
|
||||
use anyhow::{Context, Result};
|
||||
use clap::ValueHint;
|
||||
use clap::{ArgGroup, ValueHint};
|
||||
use clap::{Parser, crate_authors, crate_description, crate_version};
|
||||
use clap_complete::ArgValueCompleter;
|
||||
use is_terminal::IsTerminal;
|
||||
@@ -27,7 +27,20 @@ use std::io::{Read, stdin};
|
||||
{usage-heading} {usage}
|
||||
|
||||
{all-args}{after-help}
|
||||
"
|
||||
",
|
||||
group(
|
||||
ArgGroup::new("sbx-mode")
|
||||
.args(["sandbox", "fresh", "no_mixins"])
|
||||
.multiple(true)
|
||||
.conflicts_with_all([
|
||||
"model", "prompt", "role", "session", "agent", "rag", "rebuild_rag",
|
||||
"macro_name", "execute", "code", "file", "no_stream", "no_memory",
|
||||
"init_memory", "dry_run", "info", "build_tools", "install",
|
||||
"install_from", "sync_models", "list_models", "list_roles",
|
||||
"list_sessions", "list_agents", "list_rags", "list_macros",
|
||||
"list_skills", "skill", "tail_logs", "completions", "update",
|
||||
])
|
||||
),
|
||||
)]
|
||||
pub struct Cli {
|
||||
/// Select a LLM model
|
||||
@@ -167,6 +180,15 @@ pub struct Cli {
|
||||
/// With --update, update even if Coyote was installed via a package manager
|
||||
#[arg(long, requires = "update")]
|
||||
pub force: bool,
|
||||
/// Launch Coyote inside a Docker sandbox (via `sbx`); name defaults to current directory basename
|
||||
#[arg(long, value_name = "NAME")]
|
||||
pub sandbox: Option<Option<String>>,
|
||||
/// Create the sandbox without bootstrapping the host config or vault password file
|
||||
#[arg(long, requires = "sandbox")]
|
||||
pub fresh: bool,
|
||||
/// Skip discovery and application of all sbx mixins (user and built-in)
|
||||
#[arg(long, requires = "sandbox")]
|
||||
pub no_mixins: bool,
|
||||
}
|
||||
|
||||
impl Cli {
|
||||
@@ -495,4 +517,59 @@ mod tests {
|
||||
fn parse_force_without_update_fails() {
|
||||
assert!(Cli::try_parse_from(["coyote", "--force"]).is_err());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn parse_sandbox_flag_no_value() {
|
||||
let cli = parse(&["--sandbox"]);
|
||||
assert_eq!(cli.sandbox, Some(None));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn parse_sandbox_flag_with_name() {
|
||||
let cli = parse(&["--sandbox", "my-box"]);
|
||||
assert_eq!(cli.sandbox, Some(Some("my-box".to_string())));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn parse_sandbox_is_exclusive() {
|
||||
assert!(Cli::try_parse_from(["coyote", "--sandbox", "--agent", "foo"]).is_err());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn parse_fresh_flag_requires_sandbox() {
|
||||
assert!(Cli::try_parse_from(["coyote", "--fresh"]).is_err());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn parse_fresh_flag_with_sandbox() {
|
||||
let cli = parse(&["--sandbox", "--fresh"]);
|
||||
assert_eq!(cli.sandbox, Some(None));
|
||||
assert!(cli.fresh);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn parse_fresh_flag_with_named_sandbox() {
|
||||
let cli = parse(&["--sandbox", "foo", "--fresh"]);
|
||||
assert_eq!(cli.sandbox, Some(Some("foo".to_string())));
|
||||
assert!(cli.fresh);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn parse_no_mixins_requires_sandbox() {
|
||||
assert!(Cli::try_parse_from(["coyote", "--no-mixins"]).is_err());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn parse_no_mixins_with_sandbox() {
|
||||
let cli = parse(&["--sandbox", "--no-mixins"]);
|
||||
assert!(cli.no_mixins);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn parse_sandbox_with_fresh_and_no_mixins() {
|
||||
let cli = parse(&["--sandbox", "foo", "--fresh", "--no-mixins"]);
|
||||
assert_eq!(cli.sandbox, Some(Some("foo".to_string())));
|
||||
assert!(cli.fresh);
|
||||
assert!(cli.no_mixins);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -274,10 +274,25 @@ impl AppConfig {
|
||||
|
||||
pub fn vault_password_file(&self) -> PathBuf {
|
||||
match &self.vault_password_file {
|
||||
Some(path) => match path.exists() {
|
||||
true => path.clone(),
|
||||
false => gman::config::Config::local_provider_password_file(),
|
||||
},
|
||||
Some(path) => {
|
||||
if path.exists() {
|
||||
return path.clone();
|
||||
}
|
||||
|
||||
if let Some(translated) = paths::translate_sandboxed_home_path(path)
|
||||
&& translated.exists()
|
||||
{
|
||||
info!(
|
||||
"vault_password_file '{}' not found; resolved to sandboxed path '{}'",
|
||||
path.display(),
|
||||
translated.display()
|
||||
);
|
||||
|
||||
return translated;
|
||||
}
|
||||
|
||||
gman::config::Config::local_provider_password_file()
|
||||
}
|
||||
None => gman::config::Config::local_provider_password_file(),
|
||||
}
|
||||
}
|
||||
|
||||
@@ -143,6 +143,11 @@ const MEMORY_DIR_NAME: &str = "memory";
|
||||
const MEMORY_INDEX_FILE_NAME: &str = "MEMORY.md";
|
||||
const WORKSPACE_MEMORY_FILE_NAME: &str = "COYOTE.md";
|
||||
const WORKSPACE_MEMORY_DIR_NAME: &str = ".coyote";
|
||||
const SBX_KIT_DIR_NAME: &str = "sbx-kit";
|
||||
const SBX_KIT_HASH_FILE: &str = "kit.sha256";
|
||||
const SBX_MIXIN_FILE_NAME: &str = "sbx-mixin.yaml";
|
||||
const SBX_VAULT_MIXINS_DIR_NAME: &str = "sbx-vault-mixins";
|
||||
const SBX_MIXIN_KITS_DIR_NAME: &str = "sbx-mixin-kits";
|
||||
const GIT_DIR_NAME: &str = ".git";
|
||||
const GITIGNORE_FILE_NAME: &str = ".gitignore";
|
||||
const DEFAULT_VISIBLE_TOOLS: [&str; 18] = [
|
||||
@@ -667,6 +672,9 @@ bitflags::bitflags! {
|
||||
const SESSION = 1 << 2;
|
||||
const RAG = 1 << 3;
|
||||
const AGENT = 1 << 4;
|
||||
const FUNCTION_CALLING = 1 << 5;
|
||||
const AUTO_CONTINUE = 1 << 6;
|
||||
const SKILLS_ENABLED = 1 << 7;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
+305
-4
@@ -3,8 +3,9 @@ use super::{
|
||||
AGENT_GRAPH_FILE_NAME, AGENTS_DIR_NAME, BASH_PROMPT_UTILS_FILE_NAME, CONFIG_FILE_NAME,
|
||||
ENV_FILE_NAME, FUNCTIONS_BIN_DIR_NAME, FUNCTIONS_DIR_NAME, GLOBAL_TOOLS_DIR_NAME,
|
||||
GLOBAL_TOOLS_UTILS_DIR_NAME, MACROS_DIR_NAME, MCP_FILE_NAME, MEMORY_DIR_NAME,
|
||||
MEMORY_INDEX_FILE_NAME, ModelsOverride, RAGS_DIR_NAME, ROLES_DIR_NAME, SKILLS_DIR_NAME,
|
||||
WORKSPACE_MEMORY_DIR_NAME,
|
||||
MEMORY_INDEX_FILE_NAME, ModelsOverride, RAGS_DIR_NAME, ROLES_DIR_NAME, SBX_KIT_DIR_NAME,
|
||||
SBX_KIT_HASH_FILE, SBX_MIXIN_FILE_NAME, SBX_MIXIN_KITS_DIR_NAME, SBX_VAULT_MIXINS_DIR_NAME,
|
||||
SKILLS_DIR_NAME, WORKSPACE_MEMORY_DIR_NAME,
|
||||
};
|
||||
use crate::client::ProviderModels;
|
||||
use crate::utils::{get_env_name, list_file_names, normalize_env_name};
|
||||
@@ -32,8 +33,97 @@ pub fn local_path(name: &str) -> PathBuf {
|
||||
}
|
||||
|
||||
pub fn cache_path() -> PathBuf {
|
||||
let base_dir = dirs::cache_dir().unwrap_or_else(env::temp_dir);
|
||||
base_dir.join(env!("CARGO_CRATE_NAME"))
|
||||
if let Ok(v) = env::var(get_env_name("cache_dir")) {
|
||||
PathBuf::from(v)
|
||||
} else if let Ok(v) = env::var("XDG_CACHE_HOME") {
|
||||
PathBuf::from(v).join(env!("CARGO_CRATE_NAME"))
|
||||
} else {
|
||||
let base_dir = dirs::cache_dir().unwrap_or_else(env::temp_dir);
|
||||
base_dir.join(env!("CARGO_CRATE_NAME"))
|
||||
}
|
||||
}
|
||||
|
||||
pub fn sandbox_kit_override() -> Option<PathBuf> {
|
||||
env::var_os(get_env_name("sandbox_kit")).map(PathBuf::from)
|
||||
}
|
||||
|
||||
pub fn translate_sandboxed_home_path(path: &Path) -> Option<PathBuf> {
|
||||
env::var_os("IS_SANDBOX")?;
|
||||
|
||||
let s = path.to_str()?;
|
||||
|
||||
if let Some(translated) = translate_unix_home_style(s, "/home/") {
|
||||
return Some(translated);
|
||||
}
|
||||
|
||||
if let Some(translated) = translate_unix_home_style(s, "/Users/") {
|
||||
return Some(translated);
|
||||
}
|
||||
|
||||
translate_windows_users_path(s)
|
||||
}
|
||||
|
||||
fn translate_unix_home_style(s: &str, prefix: &str) -> Option<PathBuf> {
|
||||
let rest = s.strip_prefix(prefix)?;
|
||||
let (user, tail) = match rest.split_once('/') {
|
||||
Some((u, t)) => (u, t),
|
||||
None => (rest, ""),
|
||||
};
|
||||
|
||||
if user.is_empty() || user == "agent" {
|
||||
return None;
|
||||
}
|
||||
|
||||
Some(if tail.is_empty() {
|
||||
PathBuf::from("/home/agent")
|
||||
} else {
|
||||
PathBuf::from(format!("/home/agent/{tail}"))
|
||||
})
|
||||
}
|
||||
|
||||
fn translate_windows_users_path(s: &str) -> Option<PathBuf> {
|
||||
let bytes = s.as_bytes();
|
||||
if bytes.len() < 4 || !bytes[0].is_ascii_alphabetic() || bytes[1] != b':' || bytes[2] != b'\\' {
|
||||
return None;
|
||||
}
|
||||
|
||||
let after_drive = &s[3..];
|
||||
let rest = after_drive.strip_prefix("Users\\")?;
|
||||
let (user, tail) = match rest.split_once('\\') {
|
||||
Some((u, t)) => (u, t.replace('\\', "/")),
|
||||
None => (rest, String::new()),
|
||||
};
|
||||
|
||||
if user.is_empty() || user == "agent" {
|
||||
return None;
|
||||
}
|
||||
|
||||
Some(if tail.is_empty() {
|
||||
PathBuf::from("/home/agent")
|
||||
} else {
|
||||
PathBuf::from(format!("/home/agent/{tail}"))
|
||||
})
|
||||
}
|
||||
|
||||
pub fn sbx_mixin_file() -> PathBuf {
|
||||
config_dir().join(SBX_MIXIN_FILE_NAME)
|
||||
}
|
||||
|
||||
pub fn global_tools_sbx_mixin_file() -> PathBuf {
|
||||
functions_dir().join(SBX_MIXIN_FILE_NAME)
|
||||
}
|
||||
|
||||
pub fn find_workspace_sbx_mixin(start: &Path) -> Option<PathBuf> {
|
||||
for dir in start.ancestors() {
|
||||
let candidate = dir
|
||||
.join(WORKSPACE_MEMORY_DIR_NAME)
|
||||
.join(SBX_MIXIN_FILE_NAME);
|
||||
if candidate.exists() {
|
||||
return Some(candidate);
|
||||
}
|
||||
}
|
||||
|
||||
None
|
||||
}
|
||||
|
||||
pub fn oauth_tokens_path() -> PathBuf {
|
||||
@@ -48,6 +138,26 @@ pub fn log_path() -> PathBuf {
|
||||
cache_path().join(format!("{}.log", env!("CARGO_CRATE_NAME")))
|
||||
}
|
||||
|
||||
pub fn sbx_kit_dir() -> PathBuf {
|
||||
cache_path().join(SBX_KIT_DIR_NAME)
|
||||
}
|
||||
|
||||
pub fn sbx_kit_hash_file() -> PathBuf {
|
||||
sbx_kit_dir().join(SBX_KIT_HASH_FILE)
|
||||
}
|
||||
|
||||
pub fn sbx_vault_mixins_dir() -> PathBuf {
|
||||
cache_path().join(SBX_VAULT_MIXINS_DIR_NAME)
|
||||
}
|
||||
|
||||
pub fn sbx_vault_mixins_hash_file() -> PathBuf {
|
||||
sbx_vault_mixins_dir().join(SBX_KIT_HASH_FILE)
|
||||
}
|
||||
|
||||
pub fn sbx_mixin_kits_dir() -> PathBuf {
|
||||
cache_path().join(SBX_MIXIN_KITS_DIR_NAME)
|
||||
}
|
||||
|
||||
pub fn config_file() -> PathBuf {
|
||||
match env::var(get_env_name("config_file")) {
|
||||
Ok(value) => PathBuf::from(value),
|
||||
@@ -365,6 +475,197 @@ mod tests {
|
||||
}
|
||||
}
|
||||
|
||||
mod sandbox_home_translation {
|
||||
use super::*;
|
||||
use serial_test::serial;
|
||||
|
||||
fn with_sandbox<F: FnOnce()>(f: F) {
|
||||
let prev = env::var_os("IS_SANDBOX");
|
||||
unsafe {
|
||||
env::set_var("IS_SANDBOX", "1");
|
||||
}
|
||||
f();
|
||||
unsafe {
|
||||
match prev {
|
||||
Some(v) => env::set_var("IS_SANDBOX", v),
|
||||
None => env::remove_var("IS_SANDBOX"),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
fn without_sandbox<F: FnOnce()>(f: F) {
|
||||
let prev = env::var_os("IS_SANDBOX");
|
||||
unsafe {
|
||||
env::remove_var("IS_SANDBOX");
|
||||
}
|
||||
f();
|
||||
unsafe {
|
||||
if let Some(v) = prev {
|
||||
env::set_var("IS_SANDBOX", v);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn returns_none_when_not_in_sandbox() {
|
||||
without_sandbox(|| {
|
||||
let p = Path::new("/home/atusa/.coyote_password");
|
||||
assert_eq!(translate_sandboxed_home_path(p), None);
|
||||
});
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn translates_host_home_to_agent_home() {
|
||||
with_sandbox(|| {
|
||||
let p = Path::new("/home/atusa/.coyote_password");
|
||||
assert_eq!(
|
||||
translate_sandboxed_home_path(p),
|
||||
Some(PathBuf::from("/home/agent/.coyote_password"))
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn translates_nested_host_home_path() {
|
||||
with_sandbox(|| {
|
||||
let p = Path::new("/home/atusa/.config/coyote/.password");
|
||||
assert_eq!(
|
||||
translate_sandboxed_home_path(p),
|
||||
Some(PathBuf::from("/home/agent/.config/coyote/.password"))
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn returns_none_when_path_already_targets_agent_home() {
|
||||
with_sandbox(|| {
|
||||
let p = Path::new("/home/agent/.coyote_password");
|
||||
assert_eq!(translate_sandboxed_home_path(p), None);
|
||||
});
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn returns_none_when_path_is_outside_home() {
|
||||
with_sandbox(|| {
|
||||
let p = Path::new("/etc/coyote/.coyote_password");
|
||||
assert_eq!(translate_sandboxed_home_path(p), None);
|
||||
});
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn returns_none_for_relative_path() {
|
||||
with_sandbox(|| {
|
||||
let p = Path::new(".coyote_password");
|
||||
assert_eq!(translate_sandboxed_home_path(p), None);
|
||||
});
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn returns_none_for_first_segment_not_home() {
|
||||
with_sandbox(|| {
|
||||
let p = Path::new("/opt/atusa/.coyote_password");
|
||||
assert_eq!(translate_sandboxed_home_path(p), None);
|
||||
});
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn translates_macos_users_path() {
|
||||
with_sandbox(|| {
|
||||
let p = Path::new("/Users/atusa/.coyote_password");
|
||||
assert_eq!(
|
||||
translate_sandboxed_home_path(p),
|
||||
Some(PathBuf::from("/home/agent/.coyote_password"))
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn translates_macos_nested_path() {
|
||||
with_sandbox(|| {
|
||||
let p = Path::new("/Users/atusa/.config/coyote/.password");
|
||||
assert_eq!(
|
||||
translate_sandboxed_home_path(p),
|
||||
Some(PathBuf::from("/home/agent/.config/coyote/.password"))
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn returns_none_when_macos_path_already_targets_agent() {
|
||||
with_sandbox(|| {
|
||||
let p = Path::new("/Users/agent/.coyote_password");
|
||||
assert_eq!(translate_sandboxed_home_path(p), None);
|
||||
});
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn translates_windows_drive_letter_path() {
|
||||
with_sandbox(|| {
|
||||
let p = Path::new("C:\\Users\\atusa\\.coyote_password");
|
||||
assert_eq!(
|
||||
translate_sandboxed_home_path(p),
|
||||
Some(PathBuf::from("/home/agent/.coyote_password"))
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn translates_windows_nested_path() {
|
||||
with_sandbox(|| {
|
||||
let p = Path::new("D:\\Users\\atusa\\.config\\coyote\\.password");
|
||||
assert_eq!(
|
||||
translate_sandboxed_home_path(p),
|
||||
Some(PathBuf::from("/home/agent/.config/coyote/.password"))
|
||||
);
|
||||
});
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn returns_none_when_windows_path_already_targets_agent() {
|
||||
with_sandbox(|| {
|
||||
let p = Path::new("C:\\Users\\agent\\.coyote_password");
|
||||
assert_eq!(translate_sandboxed_home_path(p), None);
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn sandbox_kit_override_reflects_env_var_state() {
|
||||
let env_name = get_env_name("sandbox_kit");
|
||||
let prev = env::var_os(&env_name);
|
||||
|
||||
unsafe {
|
||||
env::remove_var(&env_name);
|
||||
}
|
||||
assert_eq!(sandbox_kit_override(), None);
|
||||
|
||||
let probe = PathBuf::from("/tmp/coyote-sandbox-kit-probe");
|
||||
unsafe {
|
||||
env::set_var(&env_name, &probe);
|
||||
}
|
||||
assert_eq!(sandbox_kit_override(), Some(probe));
|
||||
|
||||
unsafe {
|
||||
match prev {
|
||||
Some(v) => env::set_var(&env_name, v),
|
||||
None => env::remove_var(&env_name),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn list_skills_skips_invalid_directory_names() {
|
||||
let unique = time::SystemTime::now()
|
||||
|
||||
@@ -371,9 +371,32 @@ impl RequestContext {
|
||||
if self.rag.is_some() {
|
||||
flags |= StateFlags::RAG;
|
||||
}
|
||||
if self.app.config.function_calling_support {
|
||||
flags |= StateFlags::FUNCTION_CALLING;
|
||||
}
|
||||
if self.auto_continue_config().enabled {
|
||||
flags |= StateFlags::AUTO_CONTINUE;
|
||||
}
|
||||
if self.resolved_skills_enabled() {
|
||||
flags |= StateFlags::SKILLS_ENABLED;
|
||||
}
|
||||
flags
|
||||
}
|
||||
|
||||
pub fn resolved_skills_enabled(&self) -> bool {
|
||||
if let Some(agent) = &self.agent
|
||||
&& let Some(value) = agent.skills_enabled()
|
||||
{
|
||||
return value;
|
||||
}
|
||||
let app = &self.app.config;
|
||||
self.session
|
||||
.as_ref()
|
||||
.and_then(|s| s.skills_enabled())
|
||||
.or_else(|| self.role.as_ref().and_then(|r| r.skills_enabled()))
|
||||
.unwrap_or(app.skills_enabled)
|
||||
}
|
||||
|
||||
pub fn messages_file(&self) -> PathBuf {
|
||||
match &self.agent {
|
||||
None => match env::var(get_env_name("messages_file")) {
|
||||
@@ -450,6 +473,50 @@ impl RequestContext {
|
||||
}
|
||||
}
|
||||
|
||||
pub fn todo_info(&self) -> Result<String> {
|
||||
if !self.auto_continue_config().enabled {
|
||||
bail!(
|
||||
"Auto-continuation is disabled. Enable it by setting `auto_continue: true` in your config or running `.set auto_continue true`."
|
||||
);
|
||||
}
|
||||
|
||||
if self.todo_list.is_empty() {
|
||||
return Ok("No todos in the running list.\n".to_string());
|
||||
}
|
||||
|
||||
let mut out = self.todo_list.render_for_model();
|
||||
out.push('\n');
|
||||
Ok(out)
|
||||
}
|
||||
|
||||
pub fn tools_info(&self) -> Result<String> {
|
||||
if !self.app.config.function_calling_support {
|
||||
bail!(
|
||||
"Function calling is disabled. Enable it by setting `function_calling_support: true` in your config or running `.set function_calling_support true`."
|
||||
);
|
||||
}
|
||||
let role = self.extract_role(&self.app.config)?;
|
||||
match self.select_functions(&role) {
|
||||
None => Ok("No tools enabled for the next request.\n".to_string()),
|
||||
Some(functions) => {
|
||||
let mut names: Vec<&str> = functions.iter().map(|f| f.name.as_str()).collect();
|
||||
names.sort_unstable();
|
||||
let mut out = format!(
|
||||
"Tools enabled for the next request: {}\n\n",
|
||||
functions.len()
|
||||
);
|
||||
|
||||
for name in names {
|
||||
out.push_str(" ");
|
||||
out.push_str(name);
|
||||
out.push('\n');
|
||||
}
|
||||
|
||||
Ok(out)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
pub fn list_sessions(&self) -> Vec<String> {
|
||||
list_file_names(self.sessions_dir(), ".yaml")
|
||||
}
|
||||
@@ -1036,6 +1103,10 @@ impl RequestContext {
|
||||
"enabled_mcp_servers",
|
||||
super::format_option_value(&role.enabled_mcp_servers().map(|v| v.join(","))),
|
||||
),
|
||||
(
|
||||
"enabled_skills",
|
||||
super::format_option_value(&role.enabled_skills().map(|v| v.join(","))),
|
||||
),
|
||||
(
|
||||
"max_output_tokens",
|
||||
role.model()
|
||||
@@ -1071,6 +1142,7 @@ impl RequestContext {
|
||||
app.function_calling_support.to_string(),
|
||||
),
|
||||
("mcp_server_support", app.mcp_server_support.to_string()),
|
||||
("skills_enabled", app.skills_enabled.to_string()),
|
||||
("auto_continue", app.auto_continue.to_string()),
|
||||
("max_auto_continues", app.max_auto_continues.to_string()),
|
||||
("stream", app.stream.to_string()),
|
||||
@@ -1090,6 +1162,7 @@ impl RequestContext {
|
||||
("rags_dir", display_path(&paths::rags_dir())),
|
||||
("macros_dir", display_path(&paths::macros_dir())),
|
||||
("functions_dir", display_path(&paths::functions_dir())),
|
||||
("sbx_kit_dir", display_path(&paths::sbx_kit_dir())),
|
||||
("messages_file", display_path(&self.messages_file())),
|
||||
];
|
||||
|
||||
@@ -1947,6 +2020,7 @@ impl RequestContext {
|
||||
} else {
|
||||
self.update_app_config(|app| app.skills_enabled = value.unwrap_or(true));
|
||||
}
|
||||
self.refresh_tool_scope(abort_signal.clone()).await?;
|
||||
}
|
||||
"enabled_mcp_servers" => {
|
||||
let raw: Option<String> = super::parse_value(value)?;
|
||||
@@ -2201,11 +2275,6 @@ impl RequestContext {
|
||||
super::map_completion_values(values)
|
||||
}
|
||||
".macro" => super::map_completion_values(paths::list_macros()),
|
||||
".skill" => super::map_completion_values(vec![
|
||||
"loaded".to_string(),
|
||||
"load".to_string(),
|
||||
"unload".to_string(),
|
||||
]),
|
||||
".starter" => match &self.agent {
|
||||
Some(agent) => agent
|
||||
.conversation_starters()
|
||||
@@ -2227,6 +2296,7 @@ impl RequestContext {
|
||||
"inject_skill_instructions",
|
||||
"skill_instructions",
|
||||
"max_auto_continues",
|
||||
"memory",
|
||||
"save_session",
|
||||
"compression_threshold",
|
||||
"rag_reranker_model",
|
||||
@@ -2401,7 +2471,7 @@ impl RequestContext {
|
||||
_ => vec![],
|
||||
};
|
||||
values = candidates.into_iter().map(|v| (v, None)).collect();
|
||||
} else if cmd == ".vault" && args.len() == 2 {
|
||||
} else if cmd == ".vault" && args.len() == 2 && args[0] != "list" {
|
||||
values = self
|
||||
.app
|
||||
.vault
|
||||
@@ -3757,6 +3827,44 @@ mod tests {
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn update_skills_enabled_false_removes_skill_meta_tools_from_scope() {
|
||||
let _guard = TestConfigDirGuard::new();
|
||||
let app_state = app_state_with_mcp_config(false, &[]);
|
||||
let mut ctx = RequestContext::new(app_state, WorkingMode::Repl);
|
||||
let app = ctx.app.config.clone();
|
||||
let abort = utils::create_abort_signal();
|
||||
|
||||
run_async(ctx.rebuild_tool_scope(&app, None, abort.clone())).unwrap();
|
||||
|
||||
let names_before: Vec<String> = ctx
|
||||
.tool_scope
|
||||
.functions
|
||||
.declarations()
|
||||
.iter()
|
||||
.map(|f| f.name.clone())
|
||||
.collect();
|
||||
assert!(
|
||||
names_before.iter().any(|n| n.starts_with("skill__")),
|
||||
"expected skill__* functions before toggle, got: {names_before:?}"
|
||||
);
|
||||
|
||||
run_async(ctx.update("skills_enabled false", abort)).unwrap();
|
||||
|
||||
let names_after: Vec<String> = ctx
|
||||
.tool_scope
|
||||
.functions
|
||||
.declarations()
|
||||
.iter()
|
||||
.map(|f| f.name.clone())
|
||||
.collect();
|
||||
assert!(
|
||||
!names_after.iter().any(|n| n.starts_with("skill__")),
|
||||
"expected skill__* functions to be removed after `.set skills_enabled false`, got: {names_after:?}"
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn select_functions_returns_none_when_no_tools_enabled() {
|
||||
let ctx = create_test_ctx();
|
||||
@@ -4056,9 +4164,84 @@ mod tests {
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn state_empty_context() {
|
||||
fn state_empty_context_has_no_context_flags() {
|
||||
let ctx = create_test_ctx();
|
||||
assert_eq!(ctx.state(), StateFlags::empty());
|
||||
|
||||
let state = ctx.state();
|
||||
|
||||
assert!(!state.contains(StateFlags::ROLE));
|
||||
assert!(!state.contains(StateFlags::SESSION));
|
||||
assert!(!state.contains(StateFlags::SESSION_EMPTY));
|
||||
assert!(!state.contains(StateFlags::AGENT));
|
||||
assert!(!state.contains(StateFlags::RAG));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn state_includes_function_calling_when_app_enables_it() {
|
||||
let ctx = create_test_ctx();
|
||||
|
||||
assert!(ctx.state().contains(StateFlags::FUNCTION_CALLING));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn state_includes_skills_enabled_when_app_enables_it() {
|
||||
let ctx = create_test_ctx();
|
||||
|
||||
assert!(ctx.state().contains(StateFlags::SKILLS_ENABLED));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn state_omits_skills_enabled_when_app_disables_it() {
|
||||
let mut ctx = create_test_ctx();
|
||||
|
||||
ctx.update_app_config(|app| app.skills_enabled = false);
|
||||
|
||||
assert!(!ctx.state().contains(StateFlags::SKILLS_ENABLED));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn state_skills_enabled_respects_session_override() {
|
||||
let mut ctx = create_test_ctx();
|
||||
let mut session = Session::default();
|
||||
session.set_skills_enabled(Some(false));
|
||||
|
||||
ctx.session = Some(session);
|
||||
|
||||
assert!(!ctx.state().contains(StateFlags::SKILLS_ENABLED));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn state_skills_enabled_respects_role_override() {
|
||||
let mut ctx = create_test_ctx();
|
||||
let role = Role::new("r", "---\nskills_enabled: false\n---\nbody");
|
||||
|
||||
ctx.role = Some(role);
|
||||
|
||||
assert!(!ctx.state().contains(StateFlags::SKILLS_ENABLED));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn state_omits_function_calling_when_app_disables_it() {
|
||||
let app_state = {
|
||||
let config = AppConfig {
|
||||
function_calling_support: false,
|
||||
..AppConfig::default()
|
||||
};
|
||||
Arc::new(AppState {
|
||||
config: Arc::new(config),
|
||||
vault: Arc::new(Vault::default()),
|
||||
mcp_factory: Arc::new(McpFactory::default()),
|
||||
rag_cache: Arc::new(RagCache::default()),
|
||||
mcp_config: None,
|
||||
mcp_log_path: None,
|
||||
mcp_registry: None,
|
||||
functions: Functions::default(),
|
||||
})
|
||||
};
|
||||
|
||||
let ctx = RequestContext::new(app_state, WorkingMode::Cmd);
|
||||
|
||||
assert!(!ctx.state().contains(StateFlags::FUNCTION_CALLING));
|
||||
}
|
||||
|
||||
#[test]
|
||||
@@ -4086,6 +4269,144 @@ mod tests {
|
||||
assert!(state.contains(StateFlags::SESSION_EMPTY));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn todo_info_errors_when_auto_continue_disabled() {
|
||||
let ctx = create_test_ctx();
|
||||
let err = ctx.todo_info().unwrap_err();
|
||||
|
||||
let msg = err.to_string();
|
||||
|
||||
assert!(
|
||||
msg.contains("Auto-continuation is disabled"),
|
||||
"expected error to mention auto-continuation, got: {msg}"
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn todo_info_returns_empty_message_when_list_is_empty() {
|
||||
let mut ctx = create_test_ctx();
|
||||
|
||||
ctx.update_app_config(|app| app.auto_continue = true);
|
||||
|
||||
let info = ctx.todo_info().unwrap();
|
||||
assert!(
|
||||
info.contains("No todos in the running list"),
|
||||
"expected 'No todos' message, got: {info}"
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn todo_info_renders_running_list() {
|
||||
let mut ctx = create_test_ctx();
|
||||
ctx.update_app_config(|app| app.auto_continue = true);
|
||||
ctx.init_todo_list("Map Labs");
|
||||
ctx.add_todo("Discover columns");
|
||||
ctx.add_todo("Write report");
|
||||
|
||||
ctx.mark_todo_done(1);
|
||||
|
||||
let info = ctx.todo_info().unwrap();
|
||||
assert!(
|
||||
info.contains("Goal: Map Labs"),
|
||||
"expected goal in output, got: {info}"
|
||||
);
|
||||
assert!(
|
||||
info.contains("Progress: 1/2 completed"),
|
||||
"expected progress line, got: {info}"
|
||||
);
|
||||
assert!(
|
||||
info.contains("Discover columns"),
|
||||
"expected first task, got: {info}"
|
||||
);
|
||||
assert!(
|
||||
info.contains("Write report"),
|
||||
"expected second task, got: {info}"
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn tools_info_returns_message_when_no_tools_enabled() {
|
||||
let ctx = create_test_ctx();
|
||||
|
||||
let info = ctx.tools_info().unwrap();
|
||||
|
||||
assert!(
|
||||
info.contains("No tools enabled"),
|
||||
"expected 'No tools enabled' message, got: {info}"
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn tools_info_lists_enabled_tool_names_alphabetically() {
|
||||
let mut ctx = create_test_ctx();
|
||||
ctx.tool_scope.functions.append_todo_functions();
|
||||
let mut role = Role::new("r", "p");
|
||||
role.set_enabled_tools(Some(vec!["all".to_string()]));
|
||||
ctx.role = Some(role);
|
||||
|
||||
let info = ctx.tools_info().unwrap();
|
||||
|
||||
assert!(
|
||||
info.contains("Tools enabled for the next request:"),
|
||||
"expected count line, got: {info}"
|
||||
);
|
||||
assert!(
|
||||
info.contains("todo__init"),
|
||||
"expected todo__init in output, got: {info}"
|
||||
);
|
||||
|
||||
let positions: Vec<usize> = info
|
||||
.lines()
|
||||
.filter(|line| line.trim().starts_with("todo__"))
|
||||
.enumerate()
|
||||
.map(|(i, _)| i)
|
||||
.collect();
|
||||
assert!(
|
||||
!positions.is_empty(),
|
||||
"expected at least one todo__ entry, got: {info}"
|
||||
);
|
||||
|
||||
let todo_lines: Vec<&str> = info
|
||||
.lines()
|
||||
.filter(|line| line.trim().starts_with("todo__"))
|
||||
.collect();
|
||||
let mut sorted = todo_lines.clone();
|
||||
sorted.sort_unstable();
|
||||
assert_eq!(
|
||||
todo_lines, sorted,
|
||||
"expected todo__ entries to be alphabetically sorted, got: {todo_lines:?}"
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn tools_info_errors_when_function_calling_disabled() {
|
||||
let app_state = {
|
||||
let config = AppConfig {
|
||||
function_calling_support: false,
|
||||
..AppConfig::default()
|
||||
};
|
||||
Arc::new(AppState {
|
||||
config: Arc::new(config),
|
||||
vault: Arc::new(Vault::default()),
|
||||
mcp_factory: Arc::new(McpFactory::default()),
|
||||
rag_cache: Arc::new(RagCache::default()),
|
||||
mcp_config: None,
|
||||
mcp_log_path: None,
|
||||
mcp_registry: None,
|
||||
functions: Functions::default(),
|
||||
})
|
||||
};
|
||||
let ctx = RequestContext::new(app_state, WorkingMode::Cmd);
|
||||
|
||||
let err = ctx.tools_info().unwrap_err();
|
||||
|
||||
let msg = err.to_string();
|
||||
assert!(
|
||||
msg.contains("Function calling is disabled"),
|
||||
"expected error to mention function calling, got: {msg}"
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn role_info_errors_when_no_role() {
|
||||
let ctx = create_test_ctx();
|
||||
|
||||
+8
-1
@@ -1292,11 +1292,13 @@ pub fn run_llm_function(
|
||||
let mut buffer = [0; 1024];
|
||||
let mut reader = stdout;
|
||||
let mut out = io::stdout();
|
||||
let mut buf = Vec::new();
|
||||
while let Ok(n) = reader.read(&mut buffer) {
|
||||
if n == 0 {
|
||||
break;
|
||||
}
|
||||
let chunk = &buffer[0..n];
|
||||
buf.extend_from_slice(chunk);
|
||||
let mut last_pos = 0;
|
||||
for (i, &byte) in chunk.iter().enumerate() {
|
||||
if byte == b'\n' {
|
||||
@@ -1310,6 +1312,7 @@ pub fn run_llm_function(
|
||||
}
|
||||
let _ = out.flush();
|
||||
}
|
||||
buf
|
||||
});
|
||||
|
||||
let stderr_thread = std::thread::spawn(move || {
|
||||
@@ -1342,18 +1345,22 @@ pub fn run_llm_function(
|
||||
let status = child
|
||||
.wait()
|
||||
.map_err(|err| anyhow!("Unable to run {command_name}, {err}"))?;
|
||||
let _ = stdout_thread.join();
|
||||
let stdout_bytes = stdout_thread.join().unwrap_or_default();
|
||||
let stderr_bytes = stderr_thread.join().unwrap_or_default();
|
||||
|
||||
let exit_code = status.code().unwrap_or_default();
|
||||
if exit_code != 0 {
|
||||
let stderr = String::from_utf8_lossy(&stderr_bytes).trim().to_string();
|
||||
let stdout = String::from_utf8_lossy(&stdout_bytes).trim().to_string();
|
||||
let tool_error_message = format!("Tool call '{command_name}' exited with code {exit_code}");
|
||||
eprintln!("{}", warning_text(&format!("⚠️ {tool_error_message} ⚠️")));
|
||||
let mut error_json = json!({"tool_call_error": tool_error_message});
|
||||
if !stderr.is_empty() {
|
||||
error_json["stderr"] = json!(stderr);
|
||||
}
|
||||
if !stdout.is_empty() {
|
||||
error_json["stdout"] = json!(stdout);
|
||||
}
|
||||
debug!("Tool call error: {error_json:?}");
|
||||
return Ok(Some(error_json.to_string()));
|
||||
}
|
||||
|
||||
+10
-1
@@ -10,6 +10,7 @@ mod repl;
|
||||
mod utils;
|
||||
mod mcp;
|
||||
mod parsers;
|
||||
mod sandbox;
|
||||
mod supervisor;
|
||||
mod vault;
|
||||
|
||||
@@ -56,6 +57,7 @@ async fn main() -> Result<()> {
|
||||
shell.generate_completions(&mut cmd);
|
||||
return Ok(());
|
||||
}
|
||||
|
||||
if cli.tail_logs {
|
||||
tail_logs(cli.disable_log_colors).await;
|
||||
return Ok(());
|
||||
@@ -92,6 +94,10 @@ async fn main() -> Result<()> {
|
||||
.await?;
|
||||
}
|
||||
|
||||
if let Some(name) = &cli.sandbox {
|
||||
return sandbox::launch(name.clone(), cli.fresh, cli.no_mixins);
|
||||
}
|
||||
|
||||
install_builtins()?;
|
||||
|
||||
if let Some(category) = cli.install {
|
||||
@@ -131,7 +137,10 @@ async fn main() -> Result<()> {
|
||||
)
|
||||
.await?,
|
||||
);
|
||||
let ctx = RequestContext::bootstrap(app_state, working_mode, info_flag)?;
|
||||
let mut ctx = RequestContext::bootstrap(app_state, working_mode, info_flag)?;
|
||||
let app_config = Arc::clone(&ctx.app.config);
|
||||
ctx.bootstrap_tools(&app_config, start_mcp_servers, abort_signal.clone())
|
||||
.await?;
|
||||
|
||||
{
|
||||
let app = &*ctx.app.config;
|
||||
|
||||
+127
-11
@@ -15,9 +15,11 @@ use crate::config::{AssetCategory, paths};
|
||||
use crate::function::supervisor::{GuardrailAction, check_pending_agents_guardrail};
|
||||
use crate::render::render_error;
|
||||
use crate::utils::{
|
||||
AbortSignal, abortable_run_with_spinner, create_abort_signal, dimmed_text, set_text, temp_file,
|
||||
AbortSignal, SHELL, abortable_run_with_spinner, create_abort_signal, dimmed_text, run_command,
|
||||
set_text, temp_file,
|
||||
};
|
||||
|
||||
use crate::sandbox::SANDBOX_ENV_FLAG;
|
||||
use crate::{config, graph, resolve_oauth_client};
|
||||
use anyhow::{Context, Result, bail};
|
||||
use crossterm::cursor::SetCursorStyle;
|
||||
@@ -47,10 +49,15 @@ pub const DEFAULT_CONTINUATION_PROMPT: &str = indoc! {"
|
||||
4. Continue with the next pending item now. Call tools immediately."
|
||||
};
|
||||
|
||||
static REPL_COMMANDS: LazyLock<[ReplCommand; 44]> = LazyLock::new(|| {
|
||||
static REPL_COMMANDS: LazyLock<[ReplCommand; 49]> = LazyLock::new(|| {
|
||||
[
|
||||
ReplCommand::new(".help", "Show this help guide", AssertState::pass()),
|
||||
ReplCommand::new(".info", "Show system info", AssertState::pass()),
|
||||
ReplCommand::new(
|
||||
".info tools",
|
||||
"Show the list of enabled tools to be passed to the LLM",
|
||||
AssertState::True(StateFlags::FUNCTION_CALLING),
|
||||
),
|
||||
ReplCommand::new(
|
||||
".authenticate",
|
||||
"Authenticate the current model client via OAuth (if configured)",
|
||||
@@ -161,6 +168,11 @@ static REPL_COMMANDS: LazyLock<[ReplCommand; 44]> = LazyLock::new(|| {
|
||||
"Clear the todo list and stop auto-continuation",
|
||||
AssertState::pass(),
|
||||
),
|
||||
ReplCommand::new(
|
||||
".info todo",
|
||||
"Show the current todo list driving auto-continuation",
|
||||
AssertState::True(StateFlags::AUTO_CONTINUE),
|
||||
),
|
||||
ReplCommand::new(
|
||||
".rag",
|
||||
"Initialize or access RAG",
|
||||
@@ -194,13 +206,28 @@ static REPL_COMMANDS: LazyLock<[ReplCommand; 44]> = LazyLock::new(|| {
|
||||
ReplCommand::new(".macro", "Execute a macro", AssertState::pass()),
|
||||
ReplCommand::new(
|
||||
".skill",
|
||||
"List, load, unload, or create skills",
|
||||
AssertState::pass(),
|
||||
"Create a new skill",
|
||||
AssertState::True(StateFlags::SKILLS_ENABLED),
|
||||
),
|
||||
ReplCommand::new(
|
||||
".skill load",
|
||||
"Load a skill into the current context",
|
||||
AssertState::True(StateFlags::SKILLS_ENABLED),
|
||||
),
|
||||
ReplCommand::new(
|
||||
".skill loaded",
|
||||
"List currently-loaded skills",
|
||||
AssertState::True(StateFlags::SKILLS_ENABLED),
|
||||
),
|
||||
ReplCommand::new(
|
||||
".skill unload",
|
||||
"Unload a skill from the current context",
|
||||
AssertState::True(StateFlags::SKILLS_ENABLED),
|
||||
),
|
||||
ReplCommand::new(
|
||||
".edit skill",
|
||||
"Modify an existing skill by name",
|
||||
AssertState::pass(),
|
||||
AssertState::True(StateFlags::SKILLS_ENABLED),
|
||||
),
|
||||
ReplCommand::new(
|
||||
".file",
|
||||
@@ -278,7 +305,12 @@ Type ".help" for additional help.
|
||||
"#,
|
||||
env!("CARGO_CRATE_NAME"),
|
||||
env!("CARGO_PKG_VERSION"),
|
||||
)
|
||||
);
|
||||
if env::var_os(SANDBOX_ENV_FLAG).is_some() {
|
||||
eprintln!(
|
||||
"Sandbox mode is enabled. All changes made to the Coyote config will not persist to the host machine."
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
loop {
|
||||
@@ -473,6 +505,14 @@ pub async fn run_repl_command(
|
||||
let info = ctx.agent_info()?;
|
||||
print!("{info}");
|
||||
}
|
||||
Some("tools") => {
|
||||
let info = ctx.tools_info()?;
|
||||
print!("{info}");
|
||||
}
|
||||
Some("todo") => {
|
||||
let info = ctx.todo_info()?;
|
||||
print!("{info}");
|
||||
}
|
||||
Some(_) => unknown_command()?,
|
||||
None => {
|
||||
let app = Arc::clone(&ctx.app.config);
|
||||
@@ -955,9 +995,13 @@ pub async fn run_repl_command(
|
||||
_ => unknown_command()?,
|
||||
},
|
||||
None => {
|
||||
reset_continuation(ctx);
|
||||
let input = Input::from_str(ctx, line, None)?;
|
||||
ask(ctx, abort_signal.clone(), input, true).await?;
|
||||
if let Some(cmd) = try_extract_shell_command(line) {
|
||||
handle_shell_passthrough(cmd)?;
|
||||
} else {
|
||||
reset_continuation(ctx);
|
||||
let input = Input::from_str(ctx, line, None)?;
|
||||
ask(ctx, abort_signal.clone(), input, true).await?;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1173,10 +1217,12 @@ fn dump_repl_help() {
|
||||
.join("\n");
|
||||
println!(
|
||||
r###"{head}
|
||||
{:<24} Run an arbitrary shell command (stdout/stderr stream to your terminal; Ctrl+C interrupts)
|
||||
|
||||
Type ::: to start multi-line editing, type ::: to finish it.
|
||||
Press Ctrl+O to open an editor for editing the input buffer.
|
||||
Press Ctrl+C to cancel the response, Ctrl+D to exit the REPL."###,
|
||||
"!<command>",
|
||||
);
|
||||
}
|
||||
|
||||
@@ -1192,6 +1238,25 @@ fn parse_command(line: &str) -> Option<(&str, Option<&str>)> {
|
||||
}
|
||||
}
|
||||
|
||||
fn try_extract_shell_command(line: &str) -> Option<&str> {
|
||||
let rest = line.strip_prefix('!')?;
|
||||
Some(rest.trim_start())
|
||||
}
|
||||
|
||||
fn handle_shell_passthrough(cmd: &str) -> Result<()> {
|
||||
if cmd.is_empty() {
|
||||
eprintln!("Usage: !<command>");
|
||||
return Ok(());
|
||||
}
|
||||
|
||||
let status = run_command(&SHELL.cmd, &[&SHELL.arg, cmd], None)?;
|
||||
if status != 0 {
|
||||
eprintln!("[exit {status}]");
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn split_first_arg(args: Option<&str>) -> Option<(&str, Option<&str>)> {
|
||||
args.map(|v| match v.split_once(' ') {
|
||||
Some((subcmd, args)) => (subcmd, Some(args.trim())),
|
||||
@@ -1350,8 +1415,8 @@ mod tests {
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn repl_commands_has_44_entries() {
|
||||
assert_eq!(REPL_COMMANDS.len(), 44);
|
||||
fn repl_commands_has_49_entries() {
|
||||
assert_eq!(REPL_COMMANDS.len(), 49);
|
||||
}
|
||||
|
||||
#[test]
|
||||
@@ -1526,6 +1591,57 @@ mod tests {
|
||||
assert_eq!(parse_command("."), Some((".", None)));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn try_extract_shell_command_strips_bang() {
|
||||
assert_eq!(try_extract_shell_command("!ls"), Some("ls"));
|
||||
assert_eq!(try_extract_shell_command("!ls -la"), Some("ls -la"));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn try_extract_shell_command_trims_inner_whitespace() {
|
||||
assert_eq!(try_extract_shell_command("! echo hi"), Some("echo hi"));
|
||||
assert_eq!(try_extract_shell_command("! ls"), Some("ls"));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn try_extract_shell_command_only_bang_yields_empty() {
|
||||
assert_eq!(try_extract_shell_command("!"), Some(""));
|
||||
assert_eq!(try_extract_shell_command("! "), Some(""));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn try_extract_shell_command_rejects_leading_whitespace() {
|
||||
assert!(try_extract_shell_command(" !ls").is_none());
|
||||
assert!(try_extract_shell_command("\t!ls").is_none());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn try_extract_shell_command_rejects_inline_bang() {
|
||||
assert!(try_extract_shell_command("echo !foo").is_none());
|
||||
assert!(try_extract_shell_command("hello world").is_none());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn try_extract_shell_command_strips_one_leading_bang() {
|
||||
assert_eq!(try_extract_shell_command("!!ls"), Some("!ls"));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn try_extract_shell_command_preserves_pipes_and_redirects() {
|
||||
assert_eq!(
|
||||
try_extract_shell_command("!ls -la | grep yaml"),
|
||||
Some("ls -la | grep yaml")
|
||||
);
|
||||
assert_eq!(
|
||||
try_extract_shell_command("!cat foo.txt > /tmp/out"),
|
||||
Some("cat foo.txt > /tmp/out")
|
||||
);
|
||||
assert_eq!(
|
||||
try_extract_shell_command(r#"!echo "$HOME""#),
|
||||
Some(r#"echo "$HOME""#)
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn split_first_arg_none_input() {
|
||||
assert!(split_first_arg(None).is_none());
|
||||
|
||||
@@ -0,0 +1,442 @@
|
||||
use std::env;
|
||||
use std::fs;
|
||||
use std::fs::{read_dir, read_to_string};
|
||||
use std::path::{Path, PathBuf};
|
||||
|
||||
use anyhow::{Context, Result};
|
||||
use serde_yaml::Value;
|
||||
use sha2::{Digest, Sha256};
|
||||
|
||||
use crate::config::paths;
|
||||
|
||||
const SBX_MIXIN_FILE_NAME: &str = "sbx-mixin.yaml";
|
||||
const KIT_SPEC_FILE_NAME: &str = "spec.yaml";
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct DiscoveredMixin {
|
||||
pub path: PathBuf,
|
||||
pub label: String,
|
||||
pub install_count: usize,
|
||||
pub domain_count: usize,
|
||||
}
|
||||
|
||||
impl DiscoveredMixin {
|
||||
pub fn kit_path(&self) -> Result<PathBuf> {
|
||||
if self.path.is_dir() {
|
||||
return Ok(self.path.clone());
|
||||
}
|
||||
|
||||
wrap_mixin_as_kit(&self.path)
|
||||
}
|
||||
}
|
||||
|
||||
pub fn wrap_mixin_as_kit(mixin_path: &Path) -> Result<PathBuf> {
|
||||
let bytes = fs::read(mixin_path)
|
||||
.with_context(|| format!("Failed to read sbx mixin {}", mixin_path.display()))?;
|
||||
let mut hasher = Sha256::new();
|
||||
hasher.update(&bytes);
|
||||
let hash = format!("{:x}", hasher.finalize());
|
||||
|
||||
let kit_dir = paths::sbx_mixin_kits_dir().join(&hash);
|
||||
let spec_path = kit_dir.join(KIT_SPEC_FILE_NAME);
|
||||
|
||||
if let Ok(existing) = fs::read(&spec_path)
|
||||
&& existing == bytes
|
||||
{
|
||||
return Ok(kit_dir);
|
||||
}
|
||||
|
||||
fs::create_dir_all(&kit_dir)
|
||||
.with_context(|| format!("Failed to create mixin kit dir {}", kit_dir.display()))?;
|
||||
fs::write(&spec_path, &bytes)
|
||||
.with_context(|| format!("Failed to write {}", spec_path.display()))?;
|
||||
|
||||
debug!(
|
||||
"Wrapped mixin {} as kit at {}",
|
||||
mixin_path.display(),
|
||||
kit_dir.display()
|
||||
);
|
||||
|
||||
Ok(kit_dir)
|
||||
}
|
||||
|
||||
pub fn discover() -> Result<Vec<DiscoveredMixin>> {
|
||||
let mut out = Vec::new();
|
||||
|
||||
push_if_exists(&mut out, paths::sbx_mixin_file())?;
|
||||
push_if_exists(&mut out, paths::global_tools_sbx_mixin_file())?;
|
||||
|
||||
for path in collect_subdir_mixins(&paths::functions_dir()) {
|
||||
out.push(read_mixin(path)?);
|
||||
}
|
||||
for path in collect_subdir_mixins(&paths::agents_data_dir()) {
|
||||
out.push(read_mixin(path)?);
|
||||
}
|
||||
|
||||
if let Ok(cwd) = env::current_dir()
|
||||
&& let Some(path) = paths::find_workspace_sbx_mixin(&cwd)
|
||||
{
|
||||
out.push(read_mixin(path)?);
|
||||
}
|
||||
|
||||
Ok(out)
|
||||
}
|
||||
|
||||
pub fn summarize(path: &Path) -> Result<(usize, usize)> {
|
||||
let content = read_to_string(path)
|
||||
.with_context(|| format!("Failed to read sbx mixin {}", path.display()))?;
|
||||
let value: Value = serde_yaml::from_str(&content)
|
||||
.with_context(|| format!("Failed to parse sbx mixin {}", path.display()))?;
|
||||
|
||||
let installs = value
|
||||
.get("commands")
|
||||
.and_then(|c| c.get("install"))
|
||||
.and_then(|i| i.as_sequence())
|
||||
.map(|s| s.len())
|
||||
.unwrap_or(0);
|
||||
|
||||
let domains = value
|
||||
.get("network")
|
||||
.and_then(|n| n.get("allowedDomains"))
|
||||
.and_then(|d| d.as_sequence())
|
||||
.map(|s| s.len())
|
||||
.unwrap_or(0);
|
||||
|
||||
Ok((installs, domains))
|
||||
}
|
||||
|
||||
pub fn log_discovery(mixins: &[DiscoveredMixin], disabled: bool) {
|
||||
if disabled {
|
||||
info!("Mixin discovery disabled via --no-mixins.");
|
||||
return;
|
||||
}
|
||||
|
||||
if mixins.is_empty() {
|
||||
info!("No sbx mixins discovered.");
|
||||
return;
|
||||
}
|
||||
|
||||
let header = format!("Applying {} sbx mixin(s):", mixins.len());
|
||||
info!("{header}");
|
||||
println!("{header}");
|
||||
|
||||
for m in mixins {
|
||||
let line = format!(
|
||||
" {} (adds: {} install{}, {} domain{})",
|
||||
m.label,
|
||||
m.install_count,
|
||||
if m.install_count == 1 { "" } else { "s" },
|
||||
m.domain_count,
|
||||
if m.domain_count == 1 { "" } else { "s" },
|
||||
);
|
||||
info!("{line}");
|
||||
println!("{line}");
|
||||
}
|
||||
}
|
||||
|
||||
fn push_if_exists(out: &mut Vec<DiscoveredMixin>, path: PathBuf) -> Result<()> {
|
||||
if path.exists() {
|
||||
out.push(read_mixin(path)?);
|
||||
}
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn read_mixin(path: PathBuf) -> Result<DiscoveredMixin> {
|
||||
let label = path.display().to_string();
|
||||
let (install_count, domain_count) = summarize(&path)?;
|
||||
|
||||
Ok(DiscoveredMixin {
|
||||
path,
|
||||
label,
|
||||
install_count,
|
||||
domain_count,
|
||||
})
|
||||
}
|
||||
|
||||
fn collect_subdir_mixins(dir: &Path) -> Vec<PathBuf> {
|
||||
let mut result = Vec::new();
|
||||
let Ok(rd) = read_dir(dir) else { return result };
|
||||
|
||||
let mut entries: Vec<_> = rd
|
||||
.flatten()
|
||||
.filter(|e| e.file_type().map(|t| t.is_dir()).unwrap_or(false))
|
||||
.collect();
|
||||
entries.sort_by_key(|e| e.file_name());
|
||||
|
||||
for entry in entries {
|
||||
let candidate = entry.path().join(SBX_MIXIN_FILE_NAME);
|
||||
if candidate.exists() {
|
||||
result.push(candidate);
|
||||
}
|
||||
}
|
||||
|
||||
result
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::*;
|
||||
use std::fs;
|
||||
use std::time;
|
||||
|
||||
fn unique_root(prefix: &str) -> PathBuf {
|
||||
let nanos = time::SystemTime::now()
|
||||
.duration_since(time::UNIX_EPOCH)
|
||||
.unwrap()
|
||||
.as_nanos();
|
||||
let root = env::temp_dir().join(format!("coyote-{prefix}-{nanos}"));
|
||||
fs::create_dir_all(&root).unwrap();
|
||||
root
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn summarize_counts_installs_and_domains() {
|
||||
let root = unique_root("sbx-mixin-counts");
|
||||
let path = root.join("sbx-mixin.yaml");
|
||||
fs::write(
|
||||
&path,
|
||||
r#"
|
||||
schemaVersion: "1"
|
||||
kind: mixin
|
||||
commands:
|
||||
install:
|
||||
- command: "echo hi"
|
||||
- command: "echo bye"
|
||||
network:
|
||||
allowedDomains:
|
||||
- "a.example.com:443"
|
||||
- "b.example.com:443"
|
||||
- "c.example.com:443"
|
||||
"#,
|
||||
)
|
||||
.unwrap();
|
||||
|
||||
assert_eq!(summarize(&path).unwrap(), (2, 3));
|
||||
|
||||
let _ = fs::remove_dir_all(&root);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn summarize_treats_missing_blocks_as_zero() {
|
||||
let root = unique_root("sbx-mixin-empty");
|
||||
let path = root.join("sbx-mixin.yaml");
|
||||
fs::write(&path, "schemaVersion: \"1\"\nkind: mixin\n").unwrap();
|
||||
|
||||
assert_eq!(summarize(&path).unwrap(), (0, 0));
|
||||
|
||||
let _ = fs::remove_dir_all(&root);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn summarize_returns_err_on_malformed_yaml() {
|
||||
let root = unique_root("sbx-mixin-bad");
|
||||
let path = root.join("sbx-mixin.yaml");
|
||||
fs::write(&path, "this: is: not: yaml: ::").unwrap();
|
||||
|
||||
let err = summarize(&path).unwrap_err();
|
||||
let msg = format!("{err:#}");
|
||||
assert!(
|
||||
msg.contains(&path.display().to_string()),
|
||||
"expected error to mention path; got: {msg}"
|
||||
);
|
||||
|
||||
let _ = fs::remove_dir_all(&root);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn collect_subdir_mixins_sorts_and_skips_missing() {
|
||||
let root = unique_root("sbx-mixin-subdirs");
|
||||
for name in ["zebra", "apple", "no-mixin", "mango"] {
|
||||
let dir = root.join(name);
|
||||
fs::create_dir_all(&dir).unwrap();
|
||||
if name != "no-mixin" {
|
||||
fs::write(dir.join("sbx-mixin.yaml"), "kind: mixin\n").unwrap();
|
||||
}
|
||||
}
|
||||
|
||||
let found = collect_subdir_mixins(&root);
|
||||
let names: Vec<String> = found
|
||||
.iter()
|
||||
.map(|p| {
|
||||
p.parent()
|
||||
.unwrap()
|
||||
.file_name()
|
||||
.unwrap()
|
||||
.to_string_lossy()
|
||||
.to_string()
|
||||
})
|
||||
.collect();
|
||||
assert_eq!(names, vec!["apple", "mango", "zebra"]);
|
||||
|
||||
let _ = fs::remove_dir_all(&root);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn collect_subdir_mixins_returns_empty_for_missing_dir() {
|
||||
let absent = env::temp_dir().join("coyote-definitely-not-here-xyz");
|
||||
let found = collect_subdir_mixins(&absent);
|
||||
assert!(found.is_empty());
|
||||
}
|
||||
|
||||
mod wrap_as_kit {
|
||||
use super::*;
|
||||
use serial_test::serial;
|
||||
use std::ffi::OsString;
|
||||
|
||||
struct TestCacheDirGuard {
|
||||
key: String,
|
||||
previous: Option<OsString>,
|
||||
path: PathBuf,
|
||||
}
|
||||
|
||||
impl TestCacheDirGuard {
|
||||
fn new() -> Self {
|
||||
let key = crate::utils::get_env_name("cache_dir");
|
||||
let previous = env::var_os(&key);
|
||||
let nanos = time::SystemTime::now()
|
||||
.duration_since(time::UNIX_EPOCH)
|
||||
.unwrap()
|
||||
.as_nanos();
|
||||
let path = env::temp_dir().join(format!("coyote-mixin-wrap-cache-{nanos}"));
|
||||
fs::create_dir_all(&path).unwrap();
|
||||
unsafe {
|
||||
env::set_var(&key, &path);
|
||||
}
|
||||
Self {
|
||||
key,
|
||||
previous,
|
||||
path,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl Drop for TestCacheDirGuard {
|
||||
fn drop(&mut self) {
|
||||
unsafe {
|
||||
match &self.previous {
|
||||
Some(v) => env::set_var(&self.key, v),
|
||||
None => env::remove_var(&self.key),
|
||||
}
|
||||
}
|
||||
let _ = fs::remove_dir_all(&self.path);
|
||||
}
|
||||
}
|
||||
|
||||
fn write_mixin(name: &str, content: &str) -> PathBuf {
|
||||
let root = unique_root(&format!("wrap-src-{name}"));
|
||||
let path = root.join("sbx-mixin.yaml");
|
||||
fs::write(&path, content).unwrap();
|
||||
path
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn wrap_mixin_as_kit_creates_spec_yaml_with_original_content() {
|
||||
let _guard = TestCacheDirGuard::new();
|
||||
let content = "schemaVersion: \"1\"\nkind: mixin\nname: probe\n";
|
||||
let mixin = write_mixin("content", content);
|
||||
|
||||
let kit_dir = wrap_mixin_as_kit(&mixin).unwrap();
|
||||
let spec = kit_dir.join("spec.yaml");
|
||||
|
||||
assert!(spec.exists(), "spec.yaml must exist in wrapped kit dir");
|
||||
assert_eq!(fs::read_to_string(&spec).unwrap(), content);
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn wrap_mixin_as_kit_is_deterministic_for_identical_content() {
|
||||
let _guard = TestCacheDirGuard::new();
|
||||
let content = "schemaVersion: \"1\"\nkind: mixin\nname: probe\n";
|
||||
let mixin_one = write_mixin("dedup-1", content);
|
||||
let mixin_two = write_mixin("dedup-2", content);
|
||||
|
||||
let kit_a = wrap_mixin_as_kit(&mixin_one).unwrap();
|
||||
let kit_b = wrap_mixin_as_kit(&mixin_two).unwrap();
|
||||
|
||||
assert_eq!(
|
||||
kit_a, kit_b,
|
||||
"same content should share the same content-addressed kit dir"
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn wrap_mixin_as_kit_different_content_yields_different_dirs() {
|
||||
let _guard = TestCacheDirGuard::new();
|
||||
let mixin_a = write_mixin("diff-a", "kind: mixin\nname: a\n");
|
||||
let mixin_b = write_mixin("diff-b", "kind: mixin\nname: b\n");
|
||||
|
||||
let kit_a = wrap_mixin_as_kit(&mixin_a).unwrap();
|
||||
let kit_b = wrap_mixin_as_kit(&mixin_b).unwrap();
|
||||
|
||||
assert_ne!(
|
||||
kit_a, kit_b,
|
||||
"different content must hash to different kit dirs"
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn wrap_mixin_as_kit_is_idempotent_on_cache_hit() {
|
||||
let _guard = TestCacheDirGuard::new();
|
||||
let mixin = write_mixin("idempotent", "kind: mixin\nname: probe\n");
|
||||
|
||||
let kit_first = wrap_mixin_as_kit(&mixin).unwrap();
|
||||
let spec = kit_first.join("spec.yaml");
|
||||
let mtime_first = fs::metadata(&spec).unwrap().modified().unwrap();
|
||||
|
||||
std::thread::sleep(std::time::Duration::from_millis(10));
|
||||
|
||||
let kit_second = wrap_mixin_as_kit(&mixin).unwrap();
|
||||
let mtime_second = fs::metadata(kit_second.join("spec.yaml"))
|
||||
.unwrap()
|
||||
.modified()
|
||||
.unwrap();
|
||||
|
||||
assert_eq!(kit_first, kit_second);
|
||||
assert_eq!(
|
||||
mtime_first, mtime_second,
|
||||
"cache hit must not rewrite spec.yaml"
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn kit_path_passes_through_existing_directory() {
|
||||
let _guard = TestCacheDirGuard::new();
|
||||
let dir = unique_root("kit-path-dir-passthrough");
|
||||
|
||||
let m = DiscoveredMixin {
|
||||
path: dir.clone(),
|
||||
label: "vault".into(),
|
||||
install_count: 1,
|
||||
domain_count: 1,
|
||||
};
|
||||
|
||||
assert_eq!(m.kit_path().unwrap(), dir);
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn kit_path_wraps_file_into_kit_dir() {
|
||||
let _guard = TestCacheDirGuard::new();
|
||||
let mixin = write_mixin("kit-path-wrap", "kind: mixin\nname: probe\n");
|
||||
|
||||
let m = DiscoveredMixin {
|
||||
path: mixin.clone(),
|
||||
label: mixin.display().to_string(),
|
||||
install_count: 0,
|
||||
domain_count: 0,
|
||||
};
|
||||
|
||||
let wrapped = m.kit_path().unwrap();
|
||||
assert!(wrapped.is_dir(), "kit_path of a file should be a directory");
|
||||
assert!(wrapped.join("spec.yaml").exists());
|
||||
assert_ne!(
|
||||
wrapped, mixin,
|
||||
"kit_path should not return the original file path"
|
||||
);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,933 @@
|
||||
use anyhow::{Context, Result, anyhow, bail};
|
||||
use rust_embed::RustEmbed;
|
||||
use sha2::{Digest, Sha256};
|
||||
use std::env;
|
||||
use std::fs;
|
||||
use std::path::{Path, PathBuf};
|
||||
use std::process::{Command, Stdio};
|
||||
use which::which;
|
||||
|
||||
mod mixins;
|
||||
|
||||
use gman::providers::SupportedProvider;
|
||||
|
||||
use crate::config::paths;
|
||||
use crate::sandbox::mixins::DiscoveredMixin;
|
||||
use crate::utils::run_command_with_output;
|
||||
use crate::vault::Vault;
|
||||
|
||||
const SBX_BINARY: &str = "sbx";
|
||||
pub(crate) const SANDBOX_ENV_FLAG: &str = "IS_SANDBOX";
|
||||
const SANDBOX_AGENT: &str = "coyote";
|
||||
|
||||
#[derive(RustEmbed)]
|
||||
#[folder = "assets/sbx-kit/"]
|
||||
struct EmbeddedKit;
|
||||
|
||||
#[derive(RustEmbed)]
|
||||
#[folder = "assets/sbx-vault-mixins/"]
|
||||
struct EmbeddedVaultMixins;
|
||||
|
||||
pub fn launch(name: Option<String>, fresh: bool, no_mixins: bool) -> Result<()> {
|
||||
ensure_sbx_installed()?;
|
||||
bail_if_nested()?;
|
||||
|
||||
let name = resolve_name(name)?;
|
||||
let kit_path = resolve_kit_path()?;
|
||||
|
||||
let discovered = if no_mixins {
|
||||
Vec::new()
|
||||
} else {
|
||||
let mut all = mixins::discover()?;
|
||||
if let Ok(vault) = Vault::init_bare()
|
||||
&& let Some(vault_mixin) = extract_vault_mixin(&vault.provider)?
|
||||
{
|
||||
all.insert(0, vault_mixin);
|
||||
}
|
||||
all
|
||||
};
|
||||
|
||||
if sandbox_exists(&name)? {
|
||||
info!("Re-attaching to existing sandbox '{name}'");
|
||||
if fresh {
|
||||
debug!("--fresh ignored: re-attaching to existing sandbox '{name}'");
|
||||
}
|
||||
if no_mixins {
|
||||
debug!("--no-mixins ignored: re-attaching to existing sandbox '{name}'");
|
||||
}
|
||||
} else {
|
||||
mixins::log_discovery(&discovered, no_mixins);
|
||||
|
||||
if fresh {
|
||||
let msg = format!("Creating fresh sandbox '{name}' (no host config will be copied)");
|
||||
info!("{msg}");
|
||||
println!("{msg}");
|
||||
create_sandbox(&name, &kit_path, &discovered)?;
|
||||
} else {
|
||||
create_sandbox(&name, &kit_path, &discovered)?;
|
||||
copy_host_files(&name)?;
|
||||
}
|
||||
}
|
||||
|
||||
exec_run(&name, &kit_path)
|
||||
}
|
||||
|
||||
fn ensure_sbx_installed() -> Result<()> {
|
||||
which(SBX_BINARY).map_err(|_| {
|
||||
anyhow!(
|
||||
"`sbx` binary not found in PATH.\n\n\
|
||||
Install Docker Sandboxes:\n https://docs.docker.com/ai/sandboxes/get-started/"
|
||||
)
|
||||
})?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn bail_if_nested() -> Result<()> {
|
||||
if env::var_os(SANDBOX_ENV_FLAG).is_some() {
|
||||
bail!("Refusing to nest sandboxes: ${SANDBOX_ENV_FLAG} is set, already inside one");
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn resolve_name(name: Option<String>) -> Result<String> {
|
||||
if let Some(n) = name {
|
||||
let trimmed = n.trim();
|
||||
if !trimmed.is_empty() {
|
||||
let sanitized = sanitize_name(trimmed);
|
||||
if sanitized.is_empty() {
|
||||
bail!("Sandbox name '{trimmed}' sanitizes to an empty string");
|
||||
}
|
||||
|
||||
return Ok(sanitized);
|
||||
}
|
||||
}
|
||||
|
||||
let cwd = env::current_dir().context("Failed to determine current directory")?;
|
||||
let basename = cwd
|
||||
.file_name()
|
||||
.and_then(|s| s.to_str())
|
||||
.ok_or_else(|| anyhow!("Could not derive sandbox name from current directory"))?;
|
||||
let sanitized = sanitize_name(basename);
|
||||
if sanitized.is_empty() {
|
||||
bail!("Could not derive a valid sandbox name from '{basename}'; pass --sandbox <NAME>");
|
||||
}
|
||||
|
||||
Ok(sanitized)
|
||||
}
|
||||
|
||||
fn sanitize_name(input: &str) -> String {
|
||||
let mut out = String::with_capacity(input.len());
|
||||
let mut last_was_dash = false;
|
||||
for ch in input.chars() {
|
||||
let lower = ch.to_ascii_lowercase();
|
||||
if lower.is_ascii_alphanumeric() {
|
||||
out.push(lower);
|
||||
last_was_dash = false;
|
||||
} else if !last_was_dash {
|
||||
out.push('-');
|
||||
last_was_dash = true;
|
||||
}
|
||||
}
|
||||
|
||||
out.trim_matches('-').to_string()
|
||||
}
|
||||
|
||||
fn resolve_kit_path() -> Result<PathBuf> {
|
||||
if let Some(path) = paths::sandbox_kit_override() {
|
||||
if !path.exists() {
|
||||
bail!(
|
||||
"$COYOTE_SANDBOX_KIT is set but path does not exist: {}",
|
||||
path.display()
|
||||
);
|
||||
}
|
||||
|
||||
debug!(
|
||||
"Using kit override from $COYOTE_SANDBOX_KIT: {}",
|
||||
path.display()
|
||||
);
|
||||
|
||||
return Ok(path);
|
||||
}
|
||||
|
||||
extract_embedded_kit()
|
||||
}
|
||||
|
||||
fn extract_embedded_kit() -> Result<PathBuf> {
|
||||
let cache_root = paths::sbx_kit_dir();
|
||||
let new_hash = compute_kit_hash()?;
|
||||
let hash_file = paths::sbx_kit_hash_file();
|
||||
if let Ok(existing) = fs::read_to_string(&hash_file)
|
||||
&& existing == new_hash
|
||||
{
|
||||
return Ok(cache_root);
|
||||
}
|
||||
|
||||
if cache_root.exists() {
|
||||
fs::remove_dir_all(&cache_root)
|
||||
.with_context(|| format!("Failed to clear stale kit at {}", cache_root.display()))?;
|
||||
}
|
||||
fs::create_dir_all(&cache_root)
|
||||
.with_context(|| format!("Failed to create {}", cache_root.display()))?;
|
||||
|
||||
for entry in EmbeddedKit::iter() {
|
||||
let file = EmbeddedKit::get(&entry)
|
||||
.ok_or_else(|| anyhow!("Embedded kit file missing during extraction: {entry}"))?;
|
||||
let dest = cache_root.join(entry.as_ref());
|
||||
if let Some(parent) = dest.parent() {
|
||||
fs::create_dir_all(parent)
|
||||
.with_context(|| format!("Failed to create {}", parent.display()))?;
|
||||
}
|
||||
|
||||
fs::write(&dest, &file.data)
|
||||
.with_context(|| format!("Failed to write {}", dest.display()))?;
|
||||
}
|
||||
|
||||
fs::write(&hash_file, &new_hash)
|
||||
.with_context(|| format!("Failed to write {}", hash_file.display()))?;
|
||||
debug!("Extracted embedded sbx-kit to {}", cache_root.display());
|
||||
|
||||
Ok(cache_root)
|
||||
}
|
||||
|
||||
fn compute_kit_hash() -> Result<String> {
|
||||
let mut hasher = Sha256::new();
|
||||
let mut entries: Vec<_> = EmbeddedKit::iter().collect();
|
||||
entries.sort();
|
||||
|
||||
for entry in &entries {
|
||||
let file = EmbeddedKit::get(entry)
|
||||
.ok_or_else(|| anyhow!("Embedded kit file missing during hash: {entry}"))?;
|
||||
hasher.update(entry.as_bytes());
|
||||
hasher.update(b"\0");
|
||||
hasher.update(&file.data);
|
||||
}
|
||||
|
||||
Ok(format!("{:x}", hasher.finalize()))
|
||||
}
|
||||
|
||||
fn extract_vault_mixin(provider: &SupportedProvider) -> Result<Option<DiscoveredMixin>> {
|
||||
let provider_dir = match provider {
|
||||
SupportedProvider::Local { .. } => return Ok(None),
|
||||
SupportedProvider::AwsSecretsManager { .. } => "aws_secrets_manager",
|
||||
SupportedProvider::GcpSecretManager { .. } => "gcp_secret_manager",
|
||||
SupportedProvider::AzureKeyVault { .. } => "azure_key_vault",
|
||||
SupportedProvider::Gopass { .. } => "gopass",
|
||||
SupportedProvider::OnePassword { .. } => "one_password",
|
||||
};
|
||||
|
||||
let cache_root = extract_vault_mixins_cache()?;
|
||||
let provider_root = cache_root.join(provider_dir);
|
||||
let spec_path = provider_root.join("spec.yaml");
|
||||
|
||||
if !spec_path.exists() {
|
||||
bail!(
|
||||
"Embedded vault mixin for '{provider_dir}' is missing spec.yaml at {}",
|
||||
spec_path.display()
|
||||
);
|
||||
}
|
||||
|
||||
let label = format!("<built-in: vault-{provider_dir}>");
|
||||
let (install_count, domain_count) = mixins::summarize(&spec_path)?;
|
||||
|
||||
Ok(Some(DiscoveredMixin {
|
||||
path: provider_root,
|
||||
label,
|
||||
install_count,
|
||||
domain_count,
|
||||
}))
|
||||
}
|
||||
|
||||
fn extract_vault_mixins_cache() -> Result<PathBuf> {
|
||||
let cache_root = paths::sbx_vault_mixins_dir();
|
||||
let new_hash = compute_vault_mixins_hash()?;
|
||||
let hash_file = paths::sbx_vault_mixins_hash_file();
|
||||
if let Ok(existing) = fs::read_to_string(&hash_file)
|
||||
&& existing == new_hash
|
||||
{
|
||||
return Ok(cache_root);
|
||||
}
|
||||
|
||||
if cache_root.exists() {
|
||||
fs::remove_dir_all(&cache_root).with_context(|| {
|
||||
format!(
|
||||
"Failed to clear stale vault mixins at {}",
|
||||
cache_root.display()
|
||||
)
|
||||
})?;
|
||||
}
|
||||
fs::create_dir_all(&cache_root)
|
||||
.with_context(|| format!("Failed to create {}", cache_root.display()))?;
|
||||
|
||||
for entry in EmbeddedVaultMixins::iter() {
|
||||
let file = EmbeddedVaultMixins::get(&entry).ok_or_else(|| {
|
||||
anyhow!("Embedded vault mixin file missing during extraction: {entry}")
|
||||
})?;
|
||||
let dest = cache_root.join(entry.as_ref());
|
||||
if let Some(parent) = dest.parent() {
|
||||
fs::create_dir_all(parent)
|
||||
.with_context(|| format!("Failed to create {}", parent.display()))?;
|
||||
}
|
||||
|
||||
fs::write(&dest, &file.data)
|
||||
.with_context(|| format!("Failed to write {}", dest.display()))?;
|
||||
}
|
||||
|
||||
fs::write(&hash_file, &new_hash)
|
||||
.with_context(|| format!("Failed to write {}", hash_file.display()))?;
|
||||
debug!(
|
||||
"Extracted embedded sbx-vault-mixins to {}",
|
||||
cache_root.display()
|
||||
);
|
||||
|
||||
Ok(cache_root)
|
||||
}
|
||||
|
||||
fn compute_vault_mixins_hash() -> Result<String> {
|
||||
let mut hasher = Sha256::new();
|
||||
let mut entries: Vec<_> = EmbeddedVaultMixins::iter().collect();
|
||||
entries.sort();
|
||||
|
||||
for entry in &entries {
|
||||
let file = EmbeddedVaultMixins::get(entry)
|
||||
.ok_or_else(|| anyhow!("Embedded vault mixin file missing during hash: {entry}"))?;
|
||||
hasher.update(entry.as_bytes());
|
||||
hasher.update(b"\0");
|
||||
hasher.update(&file.data);
|
||||
}
|
||||
|
||||
Ok(format!("{:x}", hasher.finalize()))
|
||||
}
|
||||
|
||||
fn sandbox_exists(name: &str) -> Result<bool> {
|
||||
let (success, stdout, stderr) =
|
||||
run_command_with_output(SBX_BINARY, &["ls"], None).context("Failed to run `sbx ls`")?;
|
||||
if !success {
|
||||
bail!("`sbx ls` failed: {stderr}");
|
||||
}
|
||||
|
||||
Ok(stdout
|
||||
.lines()
|
||||
.skip(1)
|
||||
.any(|line| line.split_whitespace().next() == Some(name)))
|
||||
}
|
||||
|
||||
fn create_sandbox(name: &str, kit_path: &Path, mixins: &[DiscoveredMixin]) -> Result<()> {
|
||||
info!("Creating sandbox '{name}'");
|
||||
let args = build_create_args(name, kit_path, mixins)?;
|
||||
let status = Command::new(SBX_BINARY)
|
||||
.args(&args)
|
||||
.stdin(Stdio::inherit())
|
||||
.stdout(Stdio::inherit())
|
||||
.stderr(Stdio::inherit())
|
||||
.status()
|
||||
.context("Failed to spawn `sbx create`")?;
|
||||
|
||||
if !status.success() {
|
||||
bail!("`sbx create` exited with {status}");
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn build_create_args(
|
||||
name: &str,
|
||||
kit_path: &Path,
|
||||
mixins: &[DiscoveredMixin],
|
||||
) -> Result<Vec<String>> {
|
||||
let kit_str = kit_path
|
||||
.to_str()
|
||||
.ok_or_else(|| anyhow!("Kit path is not valid UTF-8: {}", kit_path.display()))?;
|
||||
|
||||
let mut args = vec![
|
||||
"create".to_string(),
|
||||
"--kit".to_string(),
|
||||
kit_str.to_string(),
|
||||
];
|
||||
|
||||
for mixin in mixins {
|
||||
let mixin_kit = mixin.kit_path()?;
|
||||
let mixin_str = mixin_kit
|
||||
.to_str()
|
||||
.ok_or_else(|| anyhow!("Mixin kit path is not valid UTF-8: {}", mixin_kit.display()))?
|
||||
.to_string();
|
||||
args.push("--kit".to_string());
|
||||
args.push(mixin_str);
|
||||
}
|
||||
|
||||
args.push(SANDBOX_AGENT.to_string());
|
||||
args.push("--name".to_string());
|
||||
args.push(name.to_string());
|
||||
args.push(".".to_string());
|
||||
|
||||
Ok(args)
|
||||
}
|
||||
|
||||
fn copy_host_files(name: &str) -> Result<()> {
|
||||
let config_dir = paths::config_dir();
|
||||
let home_dir = dirs::home_dir().context("Could not determine home directory")?;
|
||||
|
||||
if config_dir.exists() {
|
||||
ensure_sandbox_dir(name, "/home/agent/.config")?;
|
||||
let src = format!("{}/", config_dir.display());
|
||||
let dest = format!("{name}:/home/agent/.config/");
|
||||
sbx_cp(&src, &dest)?;
|
||||
} else {
|
||||
debug!(
|
||||
"Skipping config copy: {} does not exist",
|
||||
config_dir.display()
|
||||
);
|
||||
}
|
||||
|
||||
match resolve_vault_password_file() {
|
||||
Some(password_file) if password_file.exists() => {
|
||||
let dest_path = host_to_sandbox_path(&password_file, &home_dir, cfg!(windows))?;
|
||||
if let Some(parent) = sandbox_path_parent(&dest_path)
|
||||
&& !parent.is_empty()
|
||||
{
|
||||
ensure_sandbox_dir(name, parent)?;
|
||||
}
|
||||
let dest = format!("{name}:{dest_path}");
|
||||
sbx_cp(&password_file.display().to_string(), &dest)?;
|
||||
}
|
||||
Some(password_file) => {
|
||||
debug!(
|
||||
"Skipping vault password copy: {} does not exist",
|
||||
password_file.display()
|
||||
);
|
||||
}
|
||||
None => {
|
||||
debug!("Skipping vault password copy: no local vault provider configured");
|
||||
}
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn host_to_sandbox_path(
|
||||
host_path: &Path,
|
||||
home_dir: &Path,
|
||||
is_windows_host: bool,
|
||||
) -> Result<String> {
|
||||
let host_str = host_path.to_str().context("Host path is not valid UTF-8")?;
|
||||
let home_str = home_dir
|
||||
.to_str()
|
||||
.context("Home directory is not valid UTF-8")?;
|
||||
|
||||
if let Some(rel) = strip_host_home(host_str, home_str) {
|
||||
let unixified = rel.replace('\\', "/");
|
||||
return Ok(format!("/home/agent/{unixified}"));
|
||||
}
|
||||
|
||||
if is_windows_host {
|
||||
bail!(
|
||||
"Path '{host_str}' is outside your Windows user profile ({home_str}). \
|
||||
Sandbox mode cannot copy files from outside %USERPROFILE% into a Linux \
|
||||
sandbox. Move the file under your user profile and update your config \
|
||||
accordingly."
|
||||
);
|
||||
}
|
||||
|
||||
Ok(host_str.to_string())
|
||||
}
|
||||
|
||||
fn strip_host_home(path: &str, home: &str) -> Option<String> {
|
||||
let path_norm: String = path
|
||||
.chars()
|
||||
.map(|c| if c == '\\' { '/' } else { c })
|
||||
.collect();
|
||||
let home_norm: String = home
|
||||
.chars()
|
||||
.map(|c| if c == '\\' { '/' } else { c })
|
||||
.collect();
|
||||
let home_norm = home_norm.trim_end_matches('/');
|
||||
|
||||
if home_norm.is_empty() || path_norm.len() <= home_norm.len() {
|
||||
return None;
|
||||
}
|
||||
|
||||
let (head, tail) = path_norm.split_at(home_norm.len());
|
||||
if head != home_norm || !tail.starts_with('/') {
|
||||
return None;
|
||||
}
|
||||
|
||||
Some(tail[1..].to_string())
|
||||
}
|
||||
|
||||
fn sandbox_path_parent(linux_path: &str) -> Option<&str> {
|
||||
linux_path.rsplit_once('/').map(|(parent, _)| parent)
|
||||
}
|
||||
|
||||
fn ensure_sandbox_dir(sandbox: &str, dir: &str) -> Result<()> {
|
||||
let dir_q = shell_words::quote(dir);
|
||||
let cmd = format!("sudo mkdir -p {dir_q} && sudo chown agent:agent {dir_q}");
|
||||
|
||||
debug!("sbx exec {sandbox}: {cmd}");
|
||||
|
||||
let status = Command::new(SBX_BINARY)
|
||||
.args(["exec", sandbox, "sh", "-c", &cmd])
|
||||
.stdin(Stdio::inherit())
|
||||
.stdout(Stdio::inherit())
|
||||
.stderr(Stdio::inherit())
|
||||
.status()
|
||||
.context("Failed to spawn `sbx exec` to prepare destination directory")?;
|
||||
|
||||
if !status.success() {
|
||||
bail!("Preparing sandbox directory '{dir}' failed: sbx exec exited with {status}");
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn resolve_vault_password_file() -> Option<PathBuf> {
|
||||
Vault::init_bare().ok()?.local_password_file().ok()
|
||||
}
|
||||
|
||||
fn sbx_cp(src: &str, dest: &str) -> Result<()> {
|
||||
debug!("sbx cp {src} {dest}");
|
||||
let status = Command::new(SBX_BINARY)
|
||||
.args(["cp", src, dest])
|
||||
.stdin(Stdio::inherit())
|
||||
.stdout(Stdio::inherit())
|
||||
.stderr(Stdio::inherit())
|
||||
.status()
|
||||
.context("Failed to spawn `sbx cp`")?;
|
||||
|
||||
if !status.success() {
|
||||
bail!("`sbx cp {src} {dest}` exited with {status}");
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn exec_run(name: &str, kit_path: &Path) -> Result<()> {
|
||||
let kit_str = kit_path
|
||||
.to_str()
|
||||
.ok_or_else(|| anyhow!("Kit path is not valid UTF-8: {}", kit_path.display()))?;
|
||||
let status = Command::new(SBX_BINARY)
|
||||
.args(["run", name, "--kit", kit_str])
|
||||
.stdin(Stdio::inherit())
|
||||
.stdout(Stdio::inherit())
|
||||
.stderr(Stdio::inherit())
|
||||
.status()
|
||||
.context("Failed to spawn `sbx run`")?;
|
||||
|
||||
if !status.success() {
|
||||
bail!("`sbx run` exited with {status}");
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use super::*;
|
||||
|
||||
#[test]
|
||||
fn sanitize_name_lowercases() {
|
||||
assert_eq!(sanitize_name("Foo"), "foo");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn sanitize_name_replaces_non_alphanumeric() {
|
||||
assert_eq!(sanitize_name("hello world!"), "hello-world");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn sanitize_name_collapses_dash_runs() {
|
||||
assert_eq!(sanitize_name("a___b"), "a-b");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn sanitize_name_trims_dashes() {
|
||||
assert_eq!(sanitize_name("---hi---"), "hi");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn sanitize_name_handles_mixed_input() {
|
||||
assert_eq!(sanitize_name("My Project (v2)"), "my-project-v2");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn sanitize_name_all_invalid_yields_empty() {
|
||||
assert_eq!(sanitize_name("///"), "");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn resolve_name_uses_explicit_arg() {
|
||||
let n = resolve_name(Some("explicit-name".to_string())).unwrap();
|
||||
assert_eq!(n, "explicit-name");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn resolve_name_sanitizes_explicit_arg() {
|
||||
let n = resolve_name(Some("My Sandbox!".to_string())).unwrap();
|
||||
assert_eq!(n, "my-sandbox");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn resolve_name_rejects_empty_after_sanitize() {
|
||||
let err = resolve_name(Some("///".to_string()));
|
||||
assert!(err.is_err());
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn resolve_name_falls_back_to_cwd_when_none() {
|
||||
let n = resolve_name(None).unwrap();
|
||||
assert!(!n.is_empty());
|
||||
assert!(n.chars().all(|c| c.is_ascii_alphanumeric() || c == '-'));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn compute_kit_hash_is_deterministic() {
|
||||
let h1 = compute_kit_hash().unwrap();
|
||||
let h2 = compute_kit_hash().unwrap();
|
||||
|
||||
assert_eq!(h1, h2);
|
||||
assert_eq!(h1.len(), 64);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn build_create_args_emits_base_kit_before_mixins() {
|
||||
let kit = PathBuf::from("/cache/sbx-kit");
|
||||
let unique = std::time::SystemTime::now()
|
||||
.duration_since(std::time::UNIX_EPOCH)
|
||||
.unwrap()
|
||||
.as_nanos();
|
||||
let dir_a = env::temp_dir().join(format!("coyote-mixin-a-{unique}"));
|
||||
let dir_b = env::temp_dir().join(format!("coyote-mixin-b-{unique}"));
|
||||
fs::create_dir_all(&dir_a).unwrap();
|
||||
fs::create_dir_all(&dir_b).unwrap();
|
||||
|
||||
let mixins = vec![
|
||||
DiscoveredMixin {
|
||||
path: dir_a.clone(),
|
||||
label: "user".into(),
|
||||
install_count: 0,
|
||||
domain_count: 0,
|
||||
},
|
||||
DiscoveredMixin {
|
||||
path: dir_b.clone(),
|
||||
label: "sql".into(),
|
||||
install_count: 0,
|
||||
domain_count: 0,
|
||||
},
|
||||
];
|
||||
|
||||
let args = build_create_args("my-box", &kit, &mixins).unwrap();
|
||||
|
||||
assert_eq!(
|
||||
args,
|
||||
vec![
|
||||
"create".to_string(),
|
||||
"--kit".to_string(),
|
||||
"/cache/sbx-kit".to_string(),
|
||||
"--kit".to_string(),
|
||||
dir_a.display().to_string(),
|
||||
"--kit".to_string(),
|
||||
dir_b.display().to_string(),
|
||||
"coyote".to_string(),
|
||||
"--name".to_string(),
|
||||
"my-box".to_string(),
|
||||
".".to_string(),
|
||||
]
|
||||
);
|
||||
|
||||
let _ = fs::remove_dir_all(&dir_a);
|
||||
let _ = fs::remove_dir_all(&dir_b);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn build_create_args_with_no_mixins_omits_mixin_kits() {
|
||||
let kit = PathBuf::from("/cache/sbx-kit");
|
||||
let args = build_create_args("box", &kit, &[]).unwrap();
|
||||
assert_eq!(
|
||||
args,
|
||||
vec![
|
||||
"create".to_string(),
|
||||
"--kit".to_string(),
|
||||
"/cache/sbx-kit".to_string(),
|
||||
"coyote".to_string(),
|
||||
"--name".to_string(),
|
||||
"box".to_string(),
|
||||
".".to_string(),
|
||||
]
|
||||
);
|
||||
}
|
||||
|
||||
mod vault_mixins {
|
||||
use super::*;
|
||||
use crate::utils::get_env_name;
|
||||
use gman::providers::aws_secrets_manager::AwsSecretsManagerProvider;
|
||||
use gman::providers::azure_key_vault::AzureKeyVaultProvider;
|
||||
use gman::providers::gcp_secret_manager::GcpSecretManagerProvider;
|
||||
use gman::providers::gopass::GopassProvider;
|
||||
use gman::providers::local::LocalProvider;
|
||||
use gman::providers::one_password::OnePasswordProvider;
|
||||
use serial_test::serial;
|
||||
use std::time::{SystemTime, UNIX_EPOCH};
|
||||
|
||||
struct TestCacheDirGuard {
|
||||
key: String,
|
||||
previous: Option<std::ffi::OsString>,
|
||||
path: PathBuf,
|
||||
}
|
||||
|
||||
impl TestCacheDirGuard {
|
||||
fn new() -> Self {
|
||||
let key = get_env_name("cache_dir");
|
||||
let previous = env::var_os(&key);
|
||||
let unique = SystemTime::now()
|
||||
.duration_since(UNIX_EPOCH)
|
||||
.unwrap()
|
||||
.as_nanos();
|
||||
let path = env::temp_dir().join(format!("coyote-sandbox-vault-tests-{unique}"));
|
||||
fs::create_dir_all(&path).unwrap();
|
||||
unsafe {
|
||||
env::set_var(&key, &path);
|
||||
}
|
||||
Self {
|
||||
key,
|
||||
previous,
|
||||
path,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl Drop for TestCacheDirGuard {
|
||||
fn drop(&mut self) {
|
||||
unsafe {
|
||||
match &self.previous {
|
||||
Some(v) => env::set_var(&self.key, v),
|
||||
None => env::remove_var(&self.key),
|
||||
}
|
||||
}
|
||||
let _ = fs::remove_dir_all(&self.path);
|
||||
}
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn returns_none_for_local() {
|
||||
let p = SupportedProvider::Local {
|
||||
provider_def: LocalProvider::default(),
|
||||
};
|
||||
assert!(extract_vault_mixin(&p).unwrap().is_none());
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn returns_some_for_aws() {
|
||||
let _guard = TestCacheDirGuard::new();
|
||||
let p = SupportedProvider::AwsSecretsManager {
|
||||
provider_def: AwsSecretsManagerProvider {
|
||||
aws_profile: None,
|
||||
aws_region: None,
|
||||
},
|
||||
};
|
||||
let m = extract_vault_mixin(&p)
|
||||
.unwrap()
|
||||
.expect("expected vault mixin");
|
||||
assert!(m.path.join("spec.yaml").exists());
|
||||
assert!(m.label.contains("aws_secrets_manager"));
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn returns_some_for_gcp() {
|
||||
let _guard = TestCacheDirGuard::new();
|
||||
let p = SupportedProvider::GcpSecretManager {
|
||||
provider_def: GcpSecretManagerProvider {
|
||||
gcp_project_id: None,
|
||||
},
|
||||
};
|
||||
let m = extract_vault_mixin(&p)
|
||||
.unwrap()
|
||||
.expect("expected vault mixin");
|
||||
assert!(m.path.join("spec.yaml").exists());
|
||||
assert!(m.label.contains("gcp_secret_manager"));
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn returns_some_for_one_password() {
|
||||
let _guard = TestCacheDirGuard::new();
|
||||
let p = SupportedProvider::OnePassword {
|
||||
provider_def: OnePasswordProvider {
|
||||
vault: None,
|
||||
account: None,
|
||||
},
|
||||
};
|
||||
let m = extract_vault_mixin(&p)
|
||||
.unwrap()
|
||||
.expect("expected vault mixin");
|
||||
assert!(m.path.join("spec.yaml").exists());
|
||||
assert!(m.label.contains("one_password"));
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn returns_some_for_azure() {
|
||||
let _guard = TestCacheDirGuard::new();
|
||||
let p = SupportedProvider::AzureKeyVault {
|
||||
provider_def: AzureKeyVaultProvider { vault_name: None },
|
||||
};
|
||||
let m = extract_vault_mixin(&p)
|
||||
.unwrap()
|
||||
.expect("expected vault mixin");
|
||||
assert!(m.path.join("spec.yaml").exists());
|
||||
assert!(m.label.contains("azure_key_vault"));
|
||||
}
|
||||
|
||||
#[test]
|
||||
#[serial]
|
||||
fn returns_some_for_gopass() {
|
||||
let _guard = TestCacheDirGuard::new();
|
||||
let p = SupportedProvider::Gopass {
|
||||
provider_def: GopassProvider { store: None },
|
||||
};
|
||||
let m = extract_vault_mixin(&p)
|
||||
.unwrap()
|
||||
.expect("expected vault mixin");
|
||||
assert!(m.path.join("spec.yaml").exists());
|
||||
assert!(m.label.contains("gopass"));
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn hash_is_deterministic() {
|
||||
let h1 = compute_vault_mixins_hash().unwrap();
|
||||
let h2 = compute_vault_mixins_hash().unwrap();
|
||||
assert_eq!(h1, h2);
|
||||
assert_eq!(h1.len(), 64);
|
||||
}
|
||||
}
|
||||
|
||||
mod host_to_sandbox_path_tests {
|
||||
use super::*;
|
||||
|
||||
#[test]
|
||||
fn linux_under_home() {
|
||||
let dest = host_to_sandbox_path(
|
||||
Path::new("/home/atusa/.coyote_password"),
|
||||
Path::new("/home/atusa"),
|
||||
false,
|
||||
)
|
||||
.unwrap();
|
||||
|
||||
assert_eq!(dest, "/home/agent/.coyote_password");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn linux_nested_under_home() {
|
||||
let dest = host_to_sandbox_path(
|
||||
Path::new("/home/atusa/.config/coyote/.password"),
|
||||
Path::new("/home/atusa"),
|
||||
false,
|
||||
)
|
||||
.unwrap();
|
||||
|
||||
assert_eq!(dest, "/home/agent/.config/coyote/.password");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn linux_outside_home_returns_verbatim() {
|
||||
let dest = host_to_sandbox_path(
|
||||
Path::new("/etc/coyote/.password"),
|
||||
Path::new("/home/atusa"),
|
||||
false,
|
||||
)
|
||||
.unwrap();
|
||||
|
||||
assert_eq!(dest, "/etc/coyote/.password");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn macos_under_home_with_spaces() {
|
||||
let dest = host_to_sandbox_path(
|
||||
Path::new("/Users/atusa/Library/Application Support/coyote/.password"),
|
||||
Path::new("/Users/atusa"),
|
||||
false,
|
||||
)
|
||||
.unwrap();
|
||||
|
||||
assert_eq!(
|
||||
dest,
|
||||
"/home/agent/Library/Application Support/coyote/.password"
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn windows_under_home_converts_backslashes() {
|
||||
let dest = host_to_sandbox_path(
|
||||
Path::new(r"C:\Users\atusa\.coyote_password"),
|
||||
Path::new(r"C:\Users\atusa"),
|
||||
true,
|
||||
)
|
||||
.unwrap();
|
||||
|
||||
assert_eq!(dest, "/home/agent/.coyote_password");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn windows_nested_under_home() {
|
||||
let dest = host_to_sandbox_path(
|
||||
Path::new(r"C:\Users\atusa\Documents\my\vault.txt"),
|
||||
Path::new(r"C:\Users\atusa"),
|
||||
true,
|
||||
)
|
||||
.unwrap();
|
||||
|
||||
assert_eq!(dest, "/home/agent/Documents/my/vault.txt");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn windows_outside_home_bails_with_clear_error() {
|
||||
let err = host_to_sandbox_path(
|
||||
Path::new(r"C:\Program Files\Coyote\vault.txt"),
|
||||
Path::new(r"C:\Users\atusa"),
|
||||
true,
|
||||
)
|
||||
.unwrap_err();
|
||||
|
||||
let msg = err.to_string();
|
||||
assert!(
|
||||
msg.contains("Program Files"),
|
||||
"error should name the offending path: {msg}"
|
||||
);
|
||||
assert!(
|
||||
msg.contains("user profile"),
|
||||
"error should explain the limitation: {msg}"
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn windows_tolerates_trailing_slash_in_home() {
|
||||
let dest = host_to_sandbox_path(
|
||||
Path::new(r"C:\Users\atusa\foo"),
|
||||
Path::new(r"C:\Users\atusa\"),
|
||||
true,
|
||||
)
|
||||
.unwrap();
|
||||
|
||||
assert_eq!(dest, "/home/agent/foo");
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn sandbox_path_parent_extracts_parent_for_nested() {
|
||||
assert_eq!(
|
||||
sandbox_path_parent("/home/agent/.coyote_password"),
|
||||
Some("/home/agent")
|
||||
);
|
||||
assert_eq!(
|
||||
sandbox_path_parent("/etc/coyote/.password"),
|
||||
Some("/etc/coyote")
|
||||
);
|
||||
}
|
||||
|
||||
#[test]
|
||||
fn sandbox_path_parent_handles_edge_cases() {
|
||||
assert_eq!(sandbox_path_parent("/file"), Some(""));
|
||||
assert_eq!(sandbox_path_parent("noparent"), None);
|
||||
}
|
||||
}
|
||||
}
|
||||
+27
-1
@@ -17,7 +17,7 @@ use gman::providers::SecretProvider;
|
||||
use gman::providers::SupportedProvider;
|
||||
use gman::providers::local::LocalProvider;
|
||||
use inquire::{Password, PasswordDisplayMode, required};
|
||||
use log::warn;
|
||||
use log::{info, warn};
|
||||
use serde_yaml::Value;
|
||||
use std::sync::{Arc, LazyLock};
|
||||
use tokio::runtime::Handle;
|
||||
@@ -25,6 +25,31 @@ use uuid::Uuid;
|
||||
|
||||
pub static SECRET_RE: LazyLock<Regex> = LazyLock::new(|| Regex::new(r"\{\{([^{}]+)}}").unwrap());
|
||||
|
||||
fn apply_sandboxed_home_translation(provider_def: &mut LocalProvider) {
|
||||
let Some(ref pf) = provider_def.password_file else {
|
||||
return;
|
||||
};
|
||||
|
||||
if pf.exists() {
|
||||
return;
|
||||
}
|
||||
|
||||
let Some(translated) = paths::translate_sandboxed_home_path(pf) else {
|
||||
return;
|
||||
};
|
||||
|
||||
if !translated.exists() {
|
||||
return;
|
||||
}
|
||||
|
||||
info!(
|
||||
"vault password file '{}' not found; resolved to sandboxed path '{}'",
|
||||
pf.display(),
|
||||
translated.display()
|
||||
);
|
||||
provider_def.password_file = Some(translated);
|
||||
}
|
||||
|
||||
#[derive(Debug, Default, Clone)]
|
||||
pub struct Vault {
|
||||
pub(crate) provider: SupportedProvider,
|
||||
@@ -92,6 +117,7 @@ impl Vault {
|
||||
};
|
||||
|
||||
if let SupportedProvider::Local { provider_def } = &mut provider {
|
||||
apply_sandboxed_home_translation(provider_def);
|
||||
ensure_password_file_initialized(provider_def)?;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user