1use crate::agent::{AgentConfig, AgentLoop};
17use crate::llm::LlmClient;
18use crate::permissions::{PermissionDecision, PermissionPolicy, PermissionRule};
19use crate::skills::{Skill, SkillRegistry};
20use crate::tools::{Tool, ToolContext, ToolExecutor, ToolOutput};
21use anyhow::{anyhow, Result};
22use async_trait::async_trait;
23use serde::{Deserialize, Serialize};
24use serde_json::Value;
25use std::sync::Arc;
26
27#[derive(Debug, Serialize, Deserialize)]
29pub struct SkillArgs {
30 pub skill_name: String,
32 #[serde(default)]
34 pub prompt: Option<String>,
35}
36
37impl SkillArgs {
38 fn from_tool_args(args: &Value) -> Result<Self> {
39 fn parse_from_value(value: &Value) -> Option<SkillArgs> {
40 match value {
41 Value::String(skill_name) => Some(SkillArgs {
42 skill_name: skill_name.clone(),
43 prompt: None,
44 }),
45 Value::Object(map) => {
46 if let Some(skill_name) = map
47 .get("skill_name")
48 .or_else(|| map.get("skillName"))
49 .or_else(|| map.get("name"))
50 .and_then(|v| v.as_str())
51 {
52 let prompt = map
53 .get("prompt")
54 .or_else(|| map.get("query"))
55 .and_then(|v| v.as_str())
56 .map(ToOwned::to_owned);
57 return Some(SkillArgs {
58 skill_name: skill_name.to_string(),
59 prompt,
60 });
61 }
62
63 if let Some(nested) = map.get("input").or_else(|| map.get("arguments")) {
64 if let Some(parsed) = parse_from_value(nested) {
65 return Some(parsed);
66 }
67 }
68
69 None
70 }
71 _ => None,
72 }
73 }
74
75 parse_from_value(args).ok_or_else(|| anyhow!("missing field 'skill_name'"))
76 }
77}
78
79#[derive(Debug, Serialize, Deserialize)]
81pub struct SearchSkillsArgs {
82 pub query: String,
84 #[serde(default)]
86 pub limit: Option<usize>,
87}
88
89impl SearchSkillsArgs {
90 fn from_tool_args(args: &Value) -> Result<Self> {
91 match args {
92 Value::String(query) => Ok(Self {
93 query: query.clone(),
94 limit: None,
95 }),
96 Value::Object(map) => {
97 let query = map
98 .get("query")
99 .or_else(|| map.get("q"))
100 .and_then(|v| v.as_str())
101 .ok_or_else(|| anyhow!("missing field 'query'"))?
102 .to_string();
103 let limit = map
104 .get("limit")
105 .and_then(|v| v.as_u64())
106 .map(|v| v as usize);
107 Ok(Self { query, limit })
108 }
109 _ => Err(anyhow!(
110 "search_skills expects an object with a 'query' field"
111 )),
112 }
113 }
114}
115
116pub struct SearchSkillsTool {
118 skill_registry: Arc<SkillRegistry>,
119}
120
121impl SearchSkillsTool {
122 pub fn new(skill_registry: Arc<SkillRegistry>) -> Self {
123 Self { skill_registry }
124 }
125}
126
127#[async_trait]
128impl Tool for SearchSkillsTool {
129 fn name(&self) -> &str {
130 "search_skills"
131 }
132
133 fn description(&self) -> &str {
134 "Search available skills by name, tag, description, or content. \
135Use this before invoking Skill when specialized instructions may help."
136 }
137
138 fn parameters(&self) -> Value {
139 serde_json::json!({
140 "type": "object",
141 "additionalProperties": false,
142 "properties": {
143 "query": {
144 "type": "string",
145 "description": "Short search query for the skill you need."
146 },
147 "limit": {
148 "type": "integer",
149 "minimum": 1,
150 "maximum": 20,
151 "description": "Maximum number of skills to return. Defaults to 5."
152 }
153 },
154 "required": ["query"]
155 })
156 }
157
158 async fn execute(&self, args: &Value, _ctx: &ToolContext) -> Result<ToolOutput> {
159 let args = SearchSkillsArgs::from_tool_args(args)?;
160 let limit = args.limit.unwrap_or(5).clamp(1, 20);
161 let matches = self.skill_registry.search(&args.query, limit);
162
163 if matches.is_empty() {
164 return Ok(ToolOutput::success(
165 "No matching skills found. Continue with the core tools.".to_string(),
166 ));
167 }
168
169 let mut lines = vec![format!(
170 "Found {} matching skill(s). Invoke one with Skill using its skill_name.",
171 matches.len()
172 )];
173 let metadata: Vec<_> = matches
174 .iter()
175 .map(|skill| {
176 let kind = format!("{:?}", skill.kind).to_lowercase();
177 let allowed_tools = skill.allowed_tools.as_deref().unwrap_or("not specified");
178 lines.push(format!(
179 "- {} ({kind}): {} Allowed tools: {}.",
180 skill.name, skill.description, allowed_tools
181 ));
182 serde_json::json!({
183 "name": skill.name,
184 "description": skill.description,
185 "kind": kind,
186 "tags": skill.tags,
187 "allowed_tools": skill.allowed_tools,
188 })
189 })
190 .collect();
191
192 Ok(ToolOutput {
193 content: lines.join("\n"),
194 success: true,
195 metadata: Some(serde_json::json!({ "skills": metadata })),
196 images: Vec::new(),
197 error_kind: None,
198 })
199 }
200}
201
202pub struct SkillTool {
204 skill_registry: Arc<SkillRegistry>,
205 llm_client: Arc<dyn LlmClient>,
206 tool_executor: Arc<ToolExecutor>,
207 base_config: AgentConfig,
208}
209
210impl SkillTool {
211 pub(crate) fn new(
212 skill_registry: Arc<SkillRegistry>,
213 llm_client: Arc<dyn LlmClient>,
214 tool_executor: Arc<ToolExecutor>,
215 base_config: AgentConfig,
216 ) -> Self {
217 Self {
218 skill_registry,
219 llm_client,
220 tool_executor,
221 base_config,
222 }
223 }
224
225 fn create_skill_permission_policy(skill: &Skill) -> PermissionPolicy {
227 let permissions = skill.parse_allowed_tools();
228
229 if permissions.is_empty() {
230 tracing::warn!(
231 skill = %skill.name,
232 "Skill has no allowed-tools grants; Skill invocation remains fail-secure and will deny tool use"
233 );
234 return PermissionPolicy {
235 deny: Vec::new(),
236 allow: Vec::new(),
237 ask: Vec::new(),
238 default_decision: PermissionDecision::Deny,
239 enabled: true,
240 };
241 }
242
243 let mut allow_rules = Vec::new();
245 for perm in permissions {
246 let rule_str = if perm.pattern == "*" {
248 perm.tool.clone()
249 } else {
250 format!("{}({})", perm.tool, perm.pattern)
251 };
252 allow_rules.push(PermissionRule::new(&rule_str));
253 }
254
255 PermissionPolicy {
256 deny: Vec::new(),
257 allow: allow_rules,
258 ask: Vec::new(),
259 default_decision: PermissionDecision::Deny, enabled: true,
261 }
262 }
263}
264
265#[async_trait]
266impl Tool for SkillTool {
267 fn name(&self) -> &str {
268 "Skill"
269 }
270
271 fn description(&self) -> &str {
272 "Invoke a skill with temporary permission grants. \
273Use a JSON object with the canonical shape {\"skill_name\":\"<skill-name>\",\"prompt\":\"<optional prompt>\"}. \
274Always send the skill name in the 'skill_name' field. Do not use aliases such as 'name' or 'skillName', and do not wrap the payload in 'input' or 'arguments'. \
275The skill's allowed-tools are granted during execution and revoked after completion."
276 }
277
278 fn parameters(&self) -> Value {
279 serde_json::json!({
280 "type": "object",
281 "additionalProperties": false,
282 "properties": {
283 "skill_name": {
284 "type": "string",
285 "description": "Required. Canonical skill identifier to invoke. Always provide this exact field name: 'skill_name'."
286 },
287 "prompt": {
288 "type": "string",
289 "description": "Optional prompt or query to pass to the skill after it is loaded."
290 }
291 },
292 "required": ["skill_name"],
293 "examples": [
294 {
295 "skill_name": "code-review"
296 },
297 {
298 "skill_name": "code-review",
299 "prompt": "Review this patch for correctness and regressions."
300 }
301 ]
302 })
303 }
304
305 async fn execute(&self, args: &Value, ctx: &ToolContext) -> Result<ToolOutput> {
306 let args = SkillArgs::from_tool_args(args)?;
307
308 let skill = self
310 .skill_registry
311 .get(&args.skill_name)
312 .ok_or_else(|| anyhow!("Skill '{}' not found", args.skill_name))?;
313
314 let skill_permission_policy = Self::create_skill_permission_policy(&skill);
316
317 let mut skill_config = self.base_config.clone();
319
320 skill_config.permission_checker = Some(Arc::new(skill_permission_policy));
322 skill_config.enforce_active_skill_tool_restrictions = true;
323
324 let temp_registry = Arc::new(SkillRegistry::new());
326 temp_registry.register(skill.clone())?;
327 skill_config.skill_registry = Some(temp_registry);
328
329 skill_config.prompt_slots.role = Some(format!(
331 "You are executing the '{}' skill.\n\n{}\n\n{}",
332 skill.name, skill.description, skill.content
333 ));
334
335 let agent_loop = AgentLoop::new(
337 self.llm_client.clone(),
338 self.tool_executor.clone(),
339 ctx.clone(),
340 skill_config,
341 );
342
343 let prompt = args
345 .prompt
346 .unwrap_or_else(|| format!("Execute the '{}' skill", skill.name));
347
348 let result = agent_loop.execute(&[], &prompt, None).await?;
350
351 Ok(ToolOutput {
353 content: result.text,
354 success: true,
355 metadata: Some(serde_json::json!({
356 "skill_name": skill.name,
357 "tool_calls": result.tool_calls_count,
358 "usage": result.usage,
359 })),
360 images: Vec::new(),
361 error_kind: None,
362 })
363 }
364}
365
366#[cfg(test)]
367mod tests {
368 use super::*;
369 use crate::llm::{
370 ContentBlock, LlmClient, LlmResponse, Message, StreamEvent, TokenUsage, ToolDefinition,
371 };
372 use crate::skills::SkillKind;
373 use crate::tools::ToolContext;
374 use anyhow::Result;
375 use async_trait::async_trait;
376 use std::path::PathBuf;
377 use std::sync::Mutex;
378 use tokio::sync::mpsc;
379
380 struct MockLlmClient {
381 responses: Mutex<Vec<LlmResponse>>,
382 }
383
384 impl MockLlmClient {
385 fn new(responses: Vec<LlmResponse>) -> Self {
386 Self {
387 responses: Mutex::new(responses),
388 }
389 }
390
391 fn text_response(text: &str) -> LlmResponse {
392 LlmResponse {
393 message: Message {
394 role: "assistant".to_string(),
395 content: vec![ContentBlock::Text {
396 text: text.to_string(),
397 }],
398 reasoning_content: None,
399 },
400 usage: TokenUsage {
401 prompt_tokens: 10,
402 completion_tokens: 5,
403 total_tokens: 15,
404 cache_read_tokens: None,
405 cache_write_tokens: None,
406 },
407 stop_reason: Some("end_turn".to_string()),
408 meta: None,
409 }
410 }
411 }
412
413 #[async_trait]
414 impl LlmClient for MockLlmClient {
415 async fn complete(
416 &self,
417 _messages: &[Message],
418 _system: Option<&str>,
419 _tools: &[ToolDefinition],
420 ) -> Result<LlmResponse> {
421 let mut responses = self.responses.lock().unwrap();
422 if responses.is_empty() {
423 anyhow::bail!("No more mock responses available");
424 }
425 Ok(responses.remove(0))
426 }
427
428 async fn complete_streaming(
429 &self,
430 _messages: &[Message],
431 _system: Option<&str>,
432 _tools: &[ToolDefinition],
433 _cancel_token: tokio_util::sync::CancellationToken,
434 ) -> Result<mpsc::Receiver<StreamEvent>> {
435 anyhow::bail!("streaming not used in SkillTool tests")
436 }
437 }
438
439 #[test]
440 fn test_skill_permission_policy() {
441 let skill = Skill {
442 name: "test-skill".to_string(),
443 description: "Test".to_string(),
444 allowed_tools: Some("read(*), grep(*)".to_string()),
445 disable_model_invocation: false,
446 kind: SkillKind::Instruction,
447 content: String::new(),
448 tags: Vec::new(),
449 version: None,
450 };
451
452 let policy = SkillTool::create_skill_permission_policy(&skill);
453
454 assert_eq!(
456 policy.check("read", &serde_json::json!({})),
457 PermissionDecision::Allow
458 );
459 assert_eq!(
460 policy.check("grep", &serde_json::json!({})),
461 PermissionDecision::Allow
462 );
463
464 assert_eq!(
466 policy.check("write", &serde_json::json!({})),
467 PermissionDecision::Deny
468 );
469 }
470
471 #[test]
472 fn test_skill_permission_policy_denies_when_unspecified() {
473 let skill = Skill {
474 name: "test-skill".to_string(),
475 description: "Test".to_string(),
476 allowed_tools: None,
477 disable_model_invocation: false,
478 kind: SkillKind::Instruction,
479 content: String::new(),
480 tags: Vec::new(),
481 version: None,
482 };
483
484 let policy = SkillTool::create_skill_permission_policy(&skill);
485
486 assert_eq!(
487 policy.check("bash", &serde_json::json!({"command": "python --version"})),
488 PermissionDecision::Deny
489 );
490 assert_eq!(
491 policy.check("read", &serde_json::json!({"file_path": "SKILL.md"})),
492 PermissionDecision::Deny
493 );
494 }
495
496 #[test]
497 fn test_skill_permission_policy_accepts_legacy_allowed_tools() {
498 let skill = Skill {
499 name: "test-skill".to_string(),
500 description: "Test".to_string(),
501 allowed_tools: Some("Read Write Edit Bash".to_string()),
502 disable_model_invocation: false,
503 kind: SkillKind::Instruction,
504 content: String::new(),
505 tags: Vec::new(),
506 version: None,
507 };
508
509 let policy = SkillTool::create_skill_permission_policy(&skill);
510
511 assert_eq!(
512 policy.check("bash", &serde_json::json!({"command": "python --version"})),
513 PermissionDecision::Allow
514 );
515 assert_eq!(
516 policy.check("grep", &serde_json::json!({"pattern": "x"})),
517 PermissionDecision::Deny
518 );
519 }
520
521 #[test]
522 fn test_skill_permission_policy_accepts_wildcard_allowed_tools() {
523 let skill = Skill {
524 name: "test-skill".to_string(),
525 description: "Test".to_string(),
526 allowed_tools: Some("*".to_string()),
527 disable_model_invocation: false,
528 kind: SkillKind::Instruction,
529 content: String::new(),
530 tags: Vec::new(),
531 version: None,
532 };
533
534 let policy = SkillTool::create_skill_permission_policy(&skill);
535
536 assert_eq!(
537 policy.check("bash", &serde_json::json!({"command": "python --version"})),
538 PermissionDecision::Allow
539 );
540 assert_eq!(
541 policy.check("parallel_task", &serde_json::json!({"tasks": []})),
542 PermissionDecision::Allow
543 );
544 }
545
546 #[test]
547 fn test_skill_args_accepts_documented_shape() {
548 let args =
549 SkillArgs::from_tool_args(&serde_json::json!({"skill_name": "code-review"})).unwrap();
550 assert_eq!(args.skill_name, "code-review");
551 assert_eq!(args.prompt, None);
552 }
553
554 #[test]
555 fn test_skill_args_accepts_common_aliases_and_wrappers() {
556 let camel =
557 SkillArgs::from_tool_args(&serde_json::json!({"skillName": "code-review"})).unwrap();
558 assert_eq!(camel.skill_name, "code-review");
559
560 let name = SkillArgs::from_tool_args(&serde_json::json!({
561 "name": "code-review",
562 "query": "review this patch"
563 }))
564 .unwrap();
565 assert_eq!(name.skill_name, "code-review");
566 assert_eq!(name.prompt.as_deref(), Some("review this patch"));
567
568 let nested = SkillArgs::from_tool_args(&serde_json::json!({
569 "input": {
570 "skill_name": "code-review",
571 "prompt": "review this patch"
572 }
573 }))
574 .unwrap();
575 assert_eq!(nested.skill_name, "code-review");
576 assert_eq!(nested.prompt.as_deref(), Some("review this patch"));
577
578 let direct = SkillArgs::from_tool_args(&serde_json::json!("code-review")).unwrap();
579 assert_eq!(direct.skill_name, "code-review");
580 }
581
582 #[test]
583 fn test_skill_args_missing_skill_name_errors() {
584 let err =
585 SkillArgs::from_tool_args(&serde_json::json!({"prompt": "do something"})).unwrap_err();
586 assert!(err.to_string().contains("missing field 'skill_name'"));
587 }
588
589 #[test]
590 fn test_search_skills_args_accepts_string_and_object() {
591 let direct = SearchSkillsArgs::from_tool_args(&serde_json::json!("review code")).unwrap();
592 assert_eq!(direct.query, "review code");
593 assert_eq!(direct.limit, None);
594
595 let object =
596 SearchSkillsArgs::from_tool_args(&serde_json::json!({"query": "review", "limit": 2}))
597 .unwrap();
598 assert_eq!(object.query, "review");
599 assert_eq!(object.limit, Some(2));
600 }
601
602 #[tokio::test]
603 async fn test_search_skills_tool_returns_matching_skills() {
604 let registry = Arc::new(SkillRegistry::new());
605 registry.register_unchecked(Arc::new(Skill {
606 name: "code-review".to_string(),
607 description: "Review code changes".to_string(),
608 allowed_tools: Some("read(*), grep(*)".to_string()),
609 disable_model_invocation: false,
610 kind: SkillKind::Instruction,
611 content: "Review instructions".to_string(),
612 tags: vec!["review".to_string()],
613 version: None,
614 }));
615
616 let tool = SearchSkillsTool::new(registry);
617 let result = tool
618 .execute(
619 &serde_json::json!({"query": "review"}),
620 &ToolContext::new(PathBuf::from("/tmp")),
621 )
622 .await
623 .unwrap();
624
625 assert!(result.success);
626 assert!(result.content.contains("code-review"));
627 assert_eq!(result.metadata.unwrap()["skills"][0]["name"], "code-review");
628 }
629
630 #[tokio::test]
631 async fn test_search_skills_tool_clamps_limit_and_excludes_personas() {
632 let registry = Arc::new(SkillRegistry::new());
633 for index in 0..25 {
634 registry.register_unchecked(Arc::new(Skill {
635 name: format!("review-{index:02}"),
636 description: "Review code changes".to_string(),
637 allowed_tools: Some("read(*)".to_string()),
638 disable_model_invocation: false,
639 kind: SkillKind::Instruction,
640 content: "Review instructions".to_string(),
641 tags: vec!["review".to_string()],
642 version: None,
643 }));
644 }
645 registry.register_unchecked(Arc::new(Skill {
646 name: "review-persona".to_string(),
647 description: "Review persona".to_string(),
648 allowed_tools: None,
649 disable_model_invocation: false,
650 kind: SkillKind::Persona,
651 content: "Persona instructions".to_string(),
652 tags: vec!["review".to_string()],
653 version: None,
654 }));
655
656 let tool = SearchSkillsTool::new(registry);
657 let result = tool
658 .execute(
659 &serde_json::json!({"query": "review", "limit": 100}),
660 &ToolContext::new(PathBuf::from("/tmp")),
661 )
662 .await
663 .unwrap();
664
665 let metadata = result.metadata.unwrap();
666 let skills = metadata["skills"].as_array().unwrap();
667 assert_eq!(skills.len(), 20);
668 assert!(skills.iter().all(|skill| skill["kind"] == "instruction"));
669 }
670
671 #[test]
672 fn test_skill_tool_schema_enforces_canonical_shape() {
673 let registry = Arc::new(SkillRegistry::new());
674 let llm = Arc::new(MockLlmClient::new(vec![]));
675 let executor = Arc::new(ToolExecutor::new("/tmp".to_string()));
676 let tool = SkillTool::new(registry, llm, executor, AgentConfig::default());
677
678 let params = tool.parameters();
679 assert_eq!(params["type"], "object");
680 assert_eq!(params["additionalProperties"], serde_json::json!(false));
681 assert_eq!(params["required"], serde_json::json!(["skill_name"]));
682
683 let examples = params["examples"].as_array().unwrap();
684 assert_eq!(examples[0]["skill_name"], "code-review");
685 assert!(examples[0].get("name").is_none());
686 assert!(examples[0].get("skillName").is_none());
687 }
688
689 #[tokio::test]
690 async fn test_skill_tool_execute_runs_skill_and_returns_metadata() {
691 use crate::prompts::PlanningMode;
692
693 let registry = Arc::new(SkillRegistry::new());
694 registry.register_unchecked(Arc::new(Skill {
695 name: "test-skill".to_string(),
696 description: "Run a focused skill".to_string(),
697 allowed_tools: None,
698 disable_model_invocation: false,
699 kind: SkillKind::Instruction,
700 content: "Reply with the skill result.".to_string(),
701 tags: vec!["focus".to_string()],
702 version: None,
703 }));
704
705 let llm = Arc::new(MockLlmClient::new(vec![MockLlmClient::text_response(
706 "skill completed",
707 )]));
708 let executor = Arc::new(ToolExecutor::new("/tmp".to_string()));
709 let config = AgentConfig {
711 planning_mode: PlanningMode::Disabled,
712 continuation_enabled: false,
713 ..Default::default()
714 };
715 let tool = SkillTool::new(registry, llm, executor, config);
716
717 let result = tool
718 .execute(
719 &serde_json::json!({
720 "skill_name": "test-skill",
721 "prompt": "verify the skill result"
722 }),
723 &ToolContext::new(PathBuf::from("/tmp")),
724 )
725 .await
726 .unwrap();
727
728 assert!(result.success);
729 assert_eq!(result.content, "skill completed");
730 let metadata = result.metadata.unwrap();
731 assert_eq!(metadata["skill_name"], "test-skill");
732 assert_eq!(metadata["tool_calls"], 0);
733 }
734
735 #[tokio::test]
736 async fn test_skill_tool_execute_errors_for_unknown_skill() {
737 let llm = Arc::new(MockLlmClient::new(vec![MockLlmClient::text_response(
738 "unused",
739 )]));
740 let executor = Arc::new(ToolExecutor::new("/tmp".to_string()));
741 let tool = SkillTool::new(
742 Arc::new(SkillRegistry::new()),
743 llm,
744 executor,
745 AgentConfig::default(),
746 );
747
748 let err = tool
749 .execute(
750 &serde_json::json!({"skill_name": "missing-skill"}),
751 &ToolContext::new(PathBuf::from("/tmp")),
752 )
753 .await
754 .unwrap_err();
755
756 assert!(err.to_string().contains("Skill 'missing-skill' not found"));
757 }
758}