agent-air-runtime 0.7.0

Core runtime for agent-air - LLM orchestration, tools, and permissions (no TUI dependencies)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370

//! Tool-to-permission mapping for the grant system.
//!
//! This module defines how tools map to permission requests in the new
//! grant-based permission system. It provides a clear interface for tools
//! to create properly typed permission requests.

use std::path::Path;

use super::{GrantTarget, PermissionLevel, PermissionRequest};

/// Tool categories for permission mapping.
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum ToolCategory {
    /// File reading tools: read_file, glob, grep, ls
    FileRead,
    /// File writing tools: write_file, edit_file, multi_edit
    FileWrite,
    /// Command execution: bash
    CommandExec,
    /// Network access: web_search, web_fetch
    Network,
    /// User interaction: ask_user_questions
    UserInteraction,
    /// Permission management: ask_for_permissions
    PermissionManagement,
}

impl ToolCategory {
    /// Returns the default permission level for this tool category.
    pub fn default_level(&self) -> PermissionLevel {
        match self {
            ToolCategory::FileRead => PermissionLevel::Read,
            ToolCategory::FileWrite => PermissionLevel::Write,
            ToolCategory::CommandExec => PermissionLevel::Execute,
            ToolCategory::Network => PermissionLevel::Read,
            ToolCategory::UserInteraction => PermissionLevel::None,
            ToolCategory::PermissionManagement => PermissionLevel::None,
        }
    }

    /// Returns whether this category requires permission checks.
    pub fn requires_permission(&self) -> bool {
        match self {
            ToolCategory::FileRead => true,
            ToolCategory::FileWrite => true,
            ToolCategory::CommandExec => true,
            ToolCategory::Network => true,
            ToolCategory::UserInteraction => false,
            ToolCategory::PermissionManagement => false,
        }
    }
}

/// Helper functions for creating tool-specific permission requests.
pub struct ToolPermissions;

impl ToolPermissions {
    /// Creates a permission request for reading a file.
    pub fn file_read(tool_use_id: &str, path: impl AsRef<Path>) -> PermissionRequest {
        let path = path.as_ref();
        PermissionRequest::new(
            tool_use_id,
            GrantTarget::path(path, false),
            PermissionLevel::Read,
            format!("Read file: {}", path.display()),
        )
        .with_tool("read_file")
    }

    /// Creates a permission request for writing a file.
    pub fn file_write(
        tool_use_id: &str,
        path: impl AsRef<Path>,
        is_create: bool,
    ) -> PermissionRequest {
        let path = path.as_ref();
        let action = if is_create { "Create" } else { "Write" };
        PermissionRequest::new(
            tool_use_id,
            GrantTarget::path(path, false),
            PermissionLevel::Write,
            format!("{} file: {}", action, path.display()),
        )
        .with_tool("write_file")
    }

    /// Creates a permission request for editing a file.
    pub fn file_edit(tool_use_id: &str, path: impl AsRef<Path>) -> PermissionRequest {
        let path = path.as_ref();
        PermissionRequest::new(
            tool_use_id,
            GrantTarget::path(path, false),
            PermissionLevel::Write,
            format!("Edit file: {}", path.display()),
        )
        .with_tool("edit_file")
    }

    /// Creates a permission request for multi-edit operations.
    pub fn multi_edit(tool_use_id: &str, paths: &[impl AsRef<Path>]) -> Vec<PermissionRequest> {
        paths
            .iter()
            .enumerate()
            .map(|(i, path)| {
                let path = path.as_ref();
                PermissionRequest::new(
                    format!("{}-{}", tool_use_id, i),
                    GrantTarget::path(path, false),
                    PermissionLevel::Write,
                    format!("Edit file: {}", path.display()),
                )
                .with_tool("multi_edit")
            })
            .collect()
    }

    /// Creates a permission request for glob/search in a directory.
    pub fn glob_search(tool_use_id: &str, directory: impl AsRef<Path>) -> PermissionRequest {
        let directory = directory.as_ref();
        PermissionRequest::new(
            tool_use_id,
            GrantTarget::path(directory, true),
            PermissionLevel::Read,
            format!("Search in: {}", directory.display()),
        )
        .with_tool("glob")
    }

    /// Creates a permission request for grep/search in a directory.
    pub fn grep_search(tool_use_id: &str, directory: impl AsRef<Path>) -> PermissionRequest {
        let directory = directory.as_ref();
        PermissionRequest::new(
            tool_use_id,
            GrantTarget::path(directory, true),
            PermissionLevel::Read,
            format!("Search content in: {}", directory.display()),
        )
        .with_tool("grep")
    }

    /// Creates a permission request for listing a directory.
    pub fn list_directory(tool_use_id: &str, directory: impl AsRef<Path>) -> PermissionRequest {
        let directory = directory.as_ref();
        PermissionRequest::new(
            tool_use_id,
            GrantTarget::path(directory, false),
            PermissionLevel::Read,
            format!("List directory: {}", directory.display()),
        )
        .with_tool("ls")
    }

    /// Creates a permission request for bash command execution.
    ///
    /// The permission level is determined by the command:
    /// - Read-only commands (ls, cat, git status) -> Execute
    /// - Modifying commands (git commit, cargo build) -> Execute
    /// - Dangerous commands (rm -rf, sudo) -> Admin
    pub fn bash_command(tool_use_id: &str, command: &str) -> PermissionRequest {
        let level = classify_bash_command(command);
        PermissionRequest::new(
            tool_use_id,
            GrantTarget::command(command),
            level,
            format!("Execute: {}", truncate_command(command, 60)),
        )
        .with_tool("bash")
    }

    /// Creates a permission request for network access.
    pub fn network_access(tool_use_id: &str, domain: &str, method: &str) -> PermissionRequest {
        let level = match method.to_uppercase().as_str() {
            "GET" | "HEAD" | "OPTIONS" => PermissionLevel::Read,
            "POST" | "PUT" | "PATCH" => PermissionLevel::Write,
            "DELETE" => PermissionLevel::Execute,
            _ => PermissionLevel::Execute,
        };
        PermissionRequest::new(
            tool_use_id,
            GrantTarget::domain(domain),
            level,
            format!("{} {}", method.to_uppercase(), domain),
        )
        .with_tool("web_fetch")
    }

    /// Creates a permission request for web search.
    pub fn web_search(tool_use_id: &str, query: &str) -> PermissionRequest {
        PermissionRequest::new(
            tool_use_id,
            GrantTarget::domain("*"),
            PermissionLevel::Read,
            format!("Web search: {}", truncate_command(query, 40)),
        )
        .with_tool("web_search")
    }
}

/// Classifies a bash command to determine required permission level.
fn classify_bash_command(command: &str) -> PermissionLevel {
    let command_lower = command.to_lowercase();
    let first_word = command_lower.split_whitespace().next().unwrap_or("");

    // Dangerous commands requiring Admin
    let dangerous_patterns = [
        "rm -rf",
        "rm -fr",
        "sudo",
        "chmod -R",
        "chown -R",
        "mkfs",
        "dd if=",
        ":(){ :|:& };:",
        "> /dev/",
        "shutdown",
        "reboot",
        "init ",
        "systemctl",
    ];

    for pattern in dangerous_patterns {
        if command_lower.contains(pattern) {
            return PermissionLevel::Admin;
        }
    }

    // Commands that delete files
    if first_word == "rm" || command_lower.contains("--delete") {
        return PermissionLevel::Admin;
    }

    // Read-only commands
    let readonly_commands = [
        "ls",
        "cat",
        "head",
        "tail",
        "less",
        "more",
        "pwd",
        "whoami",
        "echo",
        "printf",
        "date",
        "which",
        "whereis",
        "file",
        "stat",
        "wc",
        "grep",
        "find",
        "locate",
        "tree",
        "df",
        "du",
        "git status",
        "git log",
        "git diff",
        "git show",
        "git branch",
    ];

    for readonly in readonly_commands {
        if command_lower.starts_with(readonly) {
            return PermissionLevel::Read;
        }
    }

    // Most commands need Execute
    PermissionLevel::Execute
}

/// Truncates a command for display purposes.
fn truncate_command(command: &str, max_len: usize) -> String {
    if command.len() <= max_len {
        command.to_string()
    } else {
        format!("{}...", &command[..max_len - 3])
    }
}

/// Gets the tool category from a tool name.
pub fn get_tool_category(tool_name: &str) -> ToolCategory {
    match tool_name {
        "read_file" | "glob" | "grep" | "ls" => ToolCategory::FileRead,
        "write_file" | "edit_file" | "multi_edit" => ToolCategory::FileWrite,
        "bash" => ToolCategory::CommandExec,
        "web_search" | "web_fetch" => ToolCategory::Network,
        "ask_user_questions" => ToolCategory::UserInteraction,
        "ask_for_permissions" => ToolCategory::PermissionManagement,
        _ => ToolCategory::FileRead, // Default to most restrictive
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_file_read_request() {
        let request = ToolPermissions::file_read("tool-1", "/project/src/main.rs");
        assert_eq!(request.required_level, PermissionLevel::Read);
        assert_eq!(request.tool_name, Some("read_file".to_string()));
    }

    #[test]
    fn test_file_write_request() {
        let request = ToolPermissions::file_write("tool-1", "/project/new_file.rs", true);
        assert_eq!(request.required_level, PermissionLevel::Write);
        assert!(request.description.contains("Create"));
    }

    #[test]
    fn test_bash_command_readonly() {
        let request = ToolPermissions::bash_command("tool-1", "ls -la");
        assert_eq!(request.required_level, PermissionLevel::Read);
    }

    #[test]
    fn test_bash_command_execute() {
        let request = ToolPermissions::bash_command("tool-1", "cargo build");
        assert_eq!(request.required_level, PermissionLevel::Execute);
    }

    #[test]
    fn test_bash_command_admin() {
        let request = ToolPermissions::bash_command("tool-1", "sudo apt install foo");
        assert_eq!(request.required_level, PermissionLevel::Admin);

        let request2 = ToolPermissions::bash_command("tool-1", "rm -rf /tmp/foo");
        assert_eq!(request2.required_level, PermissionLevel::Admin);
    }

    #[test]
    fn test_network_access() {
        let get_request = ToolPermissions::network_access("tool-1", "api.github.com", "GET");
        assert_eq!(get_request.required_level, PermissionLevel::Read);

        let post_request = ToolPermissions::network_access("tool-1", "api.github.com", "POST");
        assert_eq!(post_request.required_level, PermissionLevel::Write);

        let delete_request = ToolPermissions::network_access("tool-1", "api.github.com", "DELETE");
        assert_eq!(delete_request.required_level, PermissionLevel::Execute);
    }

    #[test]
    fn test_multi_edit() {
        let paths = vec!["/file1.rs", "/file2.rs"];
        let requests = ToolPermissions::multi_edit("tool-1", &paths);
        assert_eq!(requests.len(), 2);
        assert_eq!(requests[0].id, "tool-1-0");
        assert_eq!(requests[1].id, "tool-1-1");
    }

    #[test]
    fn test_tool_category() {
        assert_eq!(get_tool_category("read_file"), ToolCategory::FileRead);
        assert_eq!(get_tool_category("write_file"), ToolCategory::FileWrite);
        assert_eq!(get_tool_category("bash"), ToolCategory::CommandExec);
        assert_eq!(get_tool_category("web_search"), ToolCategory::Network);
    }

    #[test]
    fn test_category_requires_permission() {
        assert!(ToolCategory::FileRead.requires_permission());
        assert!(ToolCategory::FileWrite.requires_permission());
        assert!(ToolCategory::CommandExec.requires_permission());
        assert!(!ToolCategory::UserInteraction.requires_permission());
    }
}