1use crate::agent::{AgentConfig, AgentLoop};
17use crate::llm::LlmClient;
18use crate::permissions::{PermissionDecision, PermissionPolicy, PermissionRule};
19use crate::skills::{Skill, SkillRegistry};
20use crate::tools::{Tool, ToolContext, ToolExecutor, ToolOutput};
21use anyhow::{anyhow, Result};
22use async_trait::async_trait;
23use serde::{Deserialize, Serialize};
24use serde_json::Value;
25use std::sync::Arc;
26
27#[derive(Debug, Serialize, Deserialize)]
29pub struct SkillArgs {
30 pub skill_name: String,
32 #[serde(default)]
34 pub prompt: Option<String>,
35}
36
37impl SkillArgs {
38 fn from_tool_args(args: &Value) -> Result<Self> {
39 fn parse_from_value(value: &Value) -> Option<SkillArgs> {
40 match value {
41 Value::String(skill_name) => Some(SkillArgs {
42 skill_name: skill_name.clone(),
43 prompt: None,
44 }),
45 Value::Object(map) => {
46 if let Some(skill_name) = map
47 .get("skill_name")
48 .or_else(|| map.get("skillName"))
49 .or_else(|| map.get("name"))
50 .and_then(|v| v.as_str())
51 {
52 let prompt = map
53 .get("prompt")
54 .or_else(|| map.get("query"))
55 .and_then(|v| v.as_str())
56 .map(ToOwned::to_owned);
57 return Some(SkillArgs {
58 skill_name: skill_name.to_string(),
59 prompt,
60 });
61 }
62
63 if let Some(nested) = map.get("input").or_else(|| map.get("arguments")) {
64 if let Some(parsed) = parse_from_value(nested) {
65 return Some(parsed);
66 }
67 }
68
69 None
70 }
71 _ => None,
72 }
73 }
74
75 parse_from_value(args).ok_or_else(|| anyhow!("missing field 'skill_name'"))
76 }
77}
78
79#[derive(Debug, Serialize, Deserialize)]
81pub struct SearchSkillsArgs {
82 pub query: String,
84 #[serde(default)]
86 pub limit: Option<usize>,
87}
88
89impl SearchSkillsArgs {
90 fn from_tool_args(args: &Value) -> Result<Self> {
91 match args {
92 Value::String(query) => Ok(Self {
93 query: query.clone(),
94 limit: None,
95 }),
96 Value::Object(map) => {
97 let query = map
98 .get("query")
99 .or_else(|| map.get("q"))
100 .and_then(|v| v.as_str())
101 .ok_or_else(|| anyhow!("missing field 'query'"))?
102 .to_string();
103 let limit = map
104 .get("limit")
105 .and_then(|v| v.as_u64())
106 .map(|v| v as usize);
107 Ok(Self { query, limit })
108 }
109 _ => Err(anyhow!(
110 "search_skills expects an object with a 'query' field"
111 )),
112 }
113 }
114}
115
116pub struct SearchSkillsTool {
118 skill_registry: Arc<SkillRegistry>,
119}
120
121impl SearchSkillsTool {
122 pub fn new(skill_registry: Arc<SkillRegistry>) -> Self {
123 Self { skill_registry }
124 }
125}
126
127#[async_trait]
128impl Tool for SearchSkillsTool {
129 fn name(&self) -> &str {
130 "search_skills"
131 }
132
133 fn description(&self) -> &str {
134 "Search available skills by name, tag, description, or content. \
135Use this before invoking Skill when specialized instructions may help."
136 }
137
138 fn parameters(&self) -> Value {
139 serde_json::json!({
140 "type": "object",
141 "additionalProperties": false,
142 "properties": {
143 "query": {
144 "type": "string",
145 "description": "Short search query for the skill you need."
146 },
147 "limit": {
148 "type": "integer",
149 "minimum": 1,
150 "maximum": 20,
151 "description": "Maximum number of skills to return. Defaults to 5."
152 }
153 },
154 "required": ["query"]
155 })
156 }
157
158 async fn execute(&self, args: &Value, _ctx: &ToolContext) -> Result<ToolOutput> {
159 let args = SearchSkillsArgs::from_tool_args(args)?;
160 let limit = args.limit.unwrap_or(5).clamp(1, 20);
161 let matches = self.skill_registry.search(&args.query, limit);
162
163 if matches.is_empty() {
164 return Ok(ToolOutput::success(
165 "No matching skills found. Continue with the core tools.".to_string(),
166 ));
167 }
168
169 let mut lines = vec![format!(
170 "Found {} matching skill(s). Invoke one with Skill using its skill_name.",
171 matches.len()
172 )];
173 let metadata: Vec<_> = matches
174 .iter()
175 .map(|skill| {
176 let kind = format!("{:?}", skill.kind).to_lowercase();
177 let allowed_tools = skill.allowed_tools.as_deref().unwrap_or("not specified");
178 lines.push(format!(
179 "- {} ({kind}): {} Allowed tools: {}.",
180 skill.name, skill.description, allowed_tools
181 ));
182 serde_json::json!({
183 "name": skill.name,
184 "description": skill.description,
185 "kind": kind,
186 "tags": skill.tags,
187 "allowed_tools": skill.allowed_tools,
188 })
189 })
190 .collect();
191
192 Ok(ToolOutput {
193 content: lines.join("\n"),
194 success: true,
195 metadata: Some(serde_json::json!({ "skills": metadata })),
196 images: Vec::new(),
197 error_kind: None,
198 })
199 }
200}
201
202pub struct SkillTool {
204 skill_registry: Arc<SkillRegistry>,
205 llm_client: Arc<dyn LlmClient>,
206 tool_executor: Arc<ToolExecutor>,
207 base_config: AgentConfig,
208}
209
210impl SkillTool {
211 pub(crate) fn new(
212 skill_registry: Arc<SkillRegistry>,
213 llm_client: Arc<dyn LlmClient>,
214 tool_executor: Arc<ToolExecutor>,
215 base_config: AgentConfig,
216 ) -> Self {
217 Self {
218 skill_registry,
219 llm_client,
220 tool_executor,
221 base_config,
222 }
223 }
224
225 fn create_skill_permission_policy(skill: &Skill) -> PermissionPolicy {
227 let permissions = skill.parse_allowed_tools();
228
229 if permissions.is_empty() {
230 tracing::warn!(
231 skill = %skill.name,
232 "Skill has no allowed-tools grants; Skill invocation remains fail-secure and will deny tool use"
233 );
234 return PermissionPolicy {
235 deny: Vec::new(),
236 allow: Vec::new(),
237 ask: Vec::new(),
238 default_decision: PermissionDecision::Deny,
239 enabled: true,
240 };
241 }
242
243 let mut allow_rules = Vec::new();
245 for perm in permissions {
246 let rule_str = if perm.pattern == "*" {
248 perm.tool.clone()
249 } else {
250 format!("{}({})", perm.tool, perm.pattern)
251 };
252 allow_rules.push(PermissionRule::new(&rule_str));
253 }
254
255 PermissionPolicy {
256 deny: Vec::new(),
257 allow: allow_rules,
258 ask: Vec::new(),
259 default_decision: PermissionDecision::Deny, enabled: true,
261 }
262 }
263}
264
265#[async_trait]
266impl Tool for SkillTool {
267 fn name(&self) -> &str {
268 "Skill"
269 }
270
271 fn description(&self) -> &str {
272 "Invoke a skill with temporary permission grants. \
273Use a JSON object with the canonical shape {\"skill_name\":\"<skill-name>\",\"prompt\":\"<optional prompt>\"}. \
274Always send the skill name in the 'skill_name' field. Do not use aliases such as 'name' or 'skillName', and do not wrap the payload in 'input' or 'arguments'. \
275The skill's allowed-tools are granted during execution and revoked after completion."
276 }
277
278 fn parameters(&self) -> Value {
279 serde_json::json!({
280 "type": "object",
281 "additionalProperties": false,
282 "properties": {
283 "skill_name": {
284 "type": "string",
285 "description": "Required. Canonical skill identifier to invoke. Always provide this exact field name: 'skill_name'."
286 },
287 "prompt": {
288 "type": "string",
289 "description": "Optional prompt or query to pass to the skill after it is loaded."
290 }
291 },
292 "required": ["skill_name"],
293 "examples": [
294 {
295 "skill_name": "code-review"
296 },
297 {
298 "skill_name": "code-review",
299 "prompt": "Review this patch for correctness and regressions."
300 }
301 ]
302 })
303 }
304
305 async fn execute(&self, args: &Value, ctx: &ToolContext) -> Result<ToolOutput> {
306 let args = SkillArgs::from_tool_args(args)?;
307
308 let skill = self
310 .skill_registry
311 .get(&args.skill_name)
312 .ok_or_else(|| anyhow!("Skill '{}' not found", args.skill_name))?;
313
314 let skill_permission_policy = Self::create_skill_permission_policy(&skill);
316
317 let mut skill_config = self.base_config.clone();
319
320 skill_config.permission_checker = Some(Arc::new(skill_permission_policy));
322
323 let temp_registry = Arc::new(SkillRegistry::new());
325 temp_registry.register(skill.clone())?;
326 skill_config.skill_registry = Some(temp_registry);
327
328 skill_config.prompt_slots.role = Some(format!(
330 "You are executing the '{}' skill.\n\n{}\n\n{}",
331 skill.name, skill.description, skill.content
332 ));
333
334 let agent_loop = AgentLoop::new(
336 self.llm_client.clone(),
337 self.tool_executor.clone(),
338 ctx.clone(),
339 skill_config,
340 );
341
342 let prompt = args
344 .prompt
345 .unwrap_or_else(|| format!("Execute the '{}' skill", skill.name));
346
347 let result = agent_loop.execute(&[], &prompt, None).await?;
349
350 Ok(ToolOutput {
352 content: result.text,
353 success: true,
354 metadata: Some(serde_json::json!({
355 "skill_name": skill.name,
356 "tool_calls": result.tool_calls_count,
357 "usage": result.usage,
358 })),
359 images: Vec::new(),
360 error_kind: None,
361 })
362 }
363}
364
365#[cfg(test)]
366mod tests {
367 use super::*;
368 use crate::llm::{
369 ContentBlock, LlmClient, LlmResponse, Message, StreamEvent, TokenUsage, ToolDefinition,
370 };
371 use crate::skills::SkillKind;
372 use crate::tools::ToolContext;
373 use anyhow::Result;
374 use async_trait::async_trait;
375 use std::path::PathBuf;
376 use std::sync::Mutex;
377 use tokio::sync::mpsc;
378
379 struct MockLlmClient {
380 responses: Mutex<Vec<LlmResponse>>,
381 }
382
383 impl MockLlmClient {
384 fn new(responses: Vec<LlmResponse>) -> Self {
385 Self {
386 responses: Mutex::new(responses),
387 }
388 }
389
390 fn text_response(text: &str) -> LlmResponse {
391 LlmResponse {
392 message: Message {
393 role: "assistant".to_string(),
394 content: vec![ContentBlock::Text {
395 text: text.to_string(),
396 }],
397 reasoning_content: None,
398 },
399 usage: TokenUsage {
400 prompt_tokens: 10,
401 completion_tokens: 5,
402 total_tokens: 15,
403 cache_read_tokens: None,
404 cache_write_tokens: None,
405 },
406 stop_reason: Some("end_turn".to_string()),
407 meta: None,
408 }
409 }
410 }
411
412 #[async_trait]
413 impl LlmClient for MockLlmClient {
414 async fn complete(
415 &self,
416 _messages: &[Message],
417 _system: Option<&str>,
418 _tools: &[ToolDefinition],
419 ) -> Result<LlmResponse> {
420 let mut responses = self.responses.lock().unwrap();
421 if responses.is_empty() {
422 anyhow::bail!("No more mock responses available");
423 }
424 Ok(responses.remove(0))
425 }
426
427 async fn complete_streaming(
428 &self,
429 _messages: &[Message],
430 _system: Option<&str>,
431 _tools: &[ToolDefinition],
432 _cancel_token: tokio_util::sync::CancellationToken,
433 ) -> Result<mpsc::Receiver<StreamEvent>> {
434 anyhow::bail!("streaming not used in SkillTool tests")
435 }
436 }
437
438 #[test]
439 fn test_skill_permission_policy() {
440 let skill = Skill {
441 name: "test-skill".to_string(),
442 description: "Test".to_string(),
443 allowed_tools: Some("read(*), grep(*)".to_string()),
444 disable_model_invocation: false,
445 kind: SkillKind::Instruction,
446 content: String::new(),
447 tags: Vec::new(),
448 version: None,
449 };
450
451 let policy = SkillTool::create_skill_permission_policy(&skill);
452
453 assert_eq!(
455 policy.check("read", &serde_json::json!({})),
456 PermissionDecision::Allow
457 );
458 assert_eq!(
459 policy.check("grep", &serde_json::json!({})),
460 PermissionDecision::Allow
461 );
462
463 assert_eq!(
465 policy.check("write", &serde_json::json!({})),
466 PermissionDecision::Deny
467 );
468 }
469
470 #[test]
471 fn test_skill_permission_policy_denies_when_unspecified() {
472 let skill = Skill {
473 name: "test-skill".to_string(),
474 description: "Test".to_string(),
475 allowed_tools: None,
476 disable_model_invocation: false,
477 kind: SkillKind::Instruction,
478 content: String::new(),
479 tags: Vec::new(),
480 version: None,
481 };
482
483 let policy = SkillTool::create_skill_permission_policy(&skill);
484
485 assert_eq!(
486 policy.check("bash", &serde_json::json!({"command": "python --version"})),
487 PermissionDecision::Deny
488 );
489 assert_eq!(
490 policy.check("read", &serde_json::json!({"file_path": "SKILL.md"})),
491 PermissionDecision::Deny
492 );
493 }
494
495 #[test]
496 fn test_skill_permission_policy_accepts_legacy_allowed_tools() {
497 let skill = Skill {
498 name: "test-skill".to_string(),
499 description: "Test".to_string(),
500 allowed_tools: Some("Read Write Edit Bash".to_string()),
501 disable_model_invocation: false,
502 kind: SkillKind::Instruction,
503 content: String::new(),
504 tags: Vec::new(),
505 version: None,
506 };
507
508 let policy = SkillTool::create_skill_permission_policy(&skill);
509
510 assert_eq!(
511 policy.check("bash", &serde_json::json!({"command": "python --version"})),
512 PermissionDecision::Allow
513 );
514 assert_eq!(
515 policy.check("grep", &serde_json::json!({"pattern": "x"})),
516 PermissionDecision::Deny
517 );
518 }
519
520 #[test]
521 fn test_skill_args_accepts_documented_shape() {
522 let args =
523 SkillArgs::from_tool_args(&serde_json::json!({"skill_name": "code-review"})).unwrap();
524 assert_eq!(args.skill_name, "code-review");
525 assert_eq!(args.prompt, None);
526 }
527
528 #[test]
529 fn test_skill_args_accepts_common_aliases_and_wrappers() {
530 let camel =
531 SkillArgs::from_tool_args(&serde_json::json!({"skillName": "code-review"})).unwrap();
532 assert_eq!(camel.skill_name, "code-review");
533
534 let name = SkillArgs::from_tool_args(&serde_json::json!({
535 "name": "code-review",
536 "query": "review this patch"
537 }))
538 .unwrap();
539 assert_eq!(name.skill_name, "code-review");
540 assert_eq!(name.prompt.as_deref(), Some("review this patch"));
541
542 let nested = SkillArgs::from_tool_args(&serde_json::json!({
543 "input": {
544 "skill_name": "code-review",
545 "prompt": "review this patch"
546 }
547 }))
548 .unwrap();
549 assert_eq!(nested.skill_name, "code-review");
550 assert_eq!(nested.prompt.as_deref(), Some("review this patch"));
551
552 let direct = SkillArgs::from_tool_args(&serde_json::json!("code-review")).unwrap();
553 assert_eq!(direct.skill_name, "code-review");
554 }
555
556 #[test]
557 fn test_skill_args_missing_skill_name_errors() {
558 let err =
559 SkillArgs::from_tool_args(&serde_json::json!({"prompt": "do something"})).unwrap_err();
560 assert!(err.to_string().contains("missing field 'skill_name'"));
561 }
562
563 #[test]
564 fn test_search_skills_args_accepts_string_and_object() {
565 let direct = SearchSkillsArgs::from_tool_args(&serde_json::json!("review code")).unwrap();
566 assert_eq!(direct.query, "review code");
567 assert_eq!(direct.limit, None);
568
569 let object =
570 SearchSkillsArgs::from_tool_args(&serde_json::json!({"query": "review", "limit": 2}))
571 .unwrap();
572 assert_eq!(object.query, "review");
573 assert_eq!(object.limit, Some(2));
574 }
575
576 #[tokio::test]
577 async fn test_search_skills_tool_returns_matching_skills() {
578 let registry = Arc::new(SkillRegistry::new());
579 registry.register_unchecked(Arc::new(Skill {
580 name: "code-review".to_string(),
581 description: "Review code changes".to_string(),
582 allowed_tools: Some("read(*), grep(*)".to_string()),
583 disable_model_invocation: false,
584 kind: SkillKind::Instruction,
585 content: "Review instructions".to_string(),
586 tags: vec!["review".to_string()],
587 version: None,
588 }));
589
590 let tool = SearchSkillsTool::new(registry);
591 let result = tool
592 .execute(
593 &serde_json::json!({"query": "review"}),
594 &ToolContext::new(PathBuf::from("/tmp")),
595 )
596 .await
597 .unwrap();
598
599 assert!(result.success);
600 assert!(result.content.contains("code-review"));
601 assert_eq!(result.metadata.unwrap()["skills"][0]["name"], "code-review");
602 }
603
604 #[tokio::test]
605 async fn test_search_skills_tool_clamps_limit_and_excludes_personas() {
606 let registry = Arc::new(SkillRegistry::new());
607 for index in 0..25 {
608 registry.register_unchecked(Arc::new(Skill {
609 name: format!("review-{index:02}"),
610 description: "Review code changes".to_string(),
611 allowed_tools: Some("read(*)".to_string()),
612 disable_model_invocation: false,
613 kind: SkillKind::Instruction,
614 content: "Review instructions".to_string(),
615 tags: vec!["review".to_string()],
616 version: None,
617 }));
618 }
619 registry.register_unchecked(Arc::new(Skill {
620 name: "review-persona".to_string(),
621 description: "Review persona".to_string(),
622 allowed_tools: None,
623 disable_model_invocation: false,
624 kind: SkillKind::Persona,
625 content: "Persona instructions".to_string(),
626 tags: vec!["review".to_string()],
627 version: None,
628 }));
629
630 let tool = SearchSkillsTool::new(registry);
631 let result = tool
632 .execute(
633 &serde_json::json!({"query": "review", "limit": 100}),
634 &ToolContext::new(PathBuf::from("/tmp")),
635 )
636 .await
637 .unwrap();
638
639 let metadata = result.metadata.unwrap();
640 let skills = metadata["skills"].as_array().unwrap();
641 assert_eq!(skills.len(), 20);
642 assert!(skills.iter().all(|skill| skill["kind"] == "instruction"));
643 }
644
645 #[test]
646 fn test_skill_tool_schema_enforces_canonical_shape() {
647 let registry = Arc::new(SkillRegistry::new());
648 let llm = Arc::new(MockLlmClient::new(vec![]));
649 let executor = Arc::new(ToolExecutor::new("/tmp".to_string()));
650 let tool = SkillTool::new(registry, llm, executor, AgentConfig::default());
651
652 let params = tool.parameters();
653 assert_eq!(params["type"], "object");
654 assert_eq!(params["additionalProperties"], serde_json::json!(false));
655 assert_eq!(params["required"], serde_json::json!(["skill_name"]));
656
657 let examples = params["examples"].as_array().unwrap();
658 assert_eq!(examples[0]["skill_name"], "code-review");
659 assert!(examples[0].get("name").is_none());
660 assert!(examples[0].get("skillName").is_none());
661 }
662
663 #[tokio::test]
664 async fn test_skill_tool_execute_runs_skill_and_returns_metadata() {
665 use crate::prompts::PlanningMode;
666
667 let registry = Arc::new(SkillRegistry::new());
668 registry.register_unchecked(Arc::new(Skill {
669 name: "test-skill".to_string(),
670 description: "Run a focused skill".to_string(),
671 allowed_tools: None,
672 disable_model_invocation: false,
673 kind: SkillKind::Instruction,
674 content: "Reply with the skill result.".to_string(),
675 tags: vec!["focus".to_string()],
676 version: None,
677 }));
678
679 let llm = Arc::new(MockLlmClient::new(vec![MockLlmClient::text_response(
680 "skill completed",
681 )]));
682 let executor = Arc::new(ToolExecutor::new("/tmp".to_string()));
683 let config = AgentConfig {
685 planning_mode: PlanningMode::Disabled,
686 continuation_enabled: false,
687 ..Default::default()
688 };
689 let tool = SkillTool::new(registry, llm, executor, config);
690
691 let result = tool
692 .execute(
693 &serde_json::json!({
694 "skill_name": "test-skill",
695 "prompt": "verify the skill result"
696 }),
697 &ToolContext::new(PathBuf::from("/tmp")),
698 )
699 .await
700 .unwrap();
701
702 assert!(result.success);
703 assert_eq!(result.content, "skill completed");
704 let metadata = result.metadata.unwrap();
705 assert_eq!(metadata["skill_name"], "test-skill");
706 assert_eq!(metadata["tool_calls"], 0);
707 }
708
709 #[tokio::test]
710 async fn test_skill_tool_execute_errors_for_unknown_skill() {
711 let llm = Arc::new(MockLlmClient::new(vec![MockLlmClient::text_response(
712 "unused",
713 )]));
714 let executor = Arc::new(ToolExecutor::new("/tmp".to_string()));
715 let tool = SkillTool::new(
716 Arc::new(SkillRegistry::new()),
717 llm,
718 executor,
719 AgentConfig::default(),
720 );
721
722 let err = tool
723 .execute(
724 &serde_json::json!({"skill_name": "missing-skill"}),
725 &ToolContext::new(PathBuf::from("/tmp")),
726 )
727 .await
728 .unwrap_err();
729
730 assert!(err.to_string().contains("Skill 'missing-skill' not found"));
731 }
732}