magi-rs 0.1.2

Magi Agent: a terminal AI assistant in Rust with sandboxed tool execution, OAuth login, and encrypted local memory (Argon2 + AES-256-GCM-SIV + Reed-Solomon FEC).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157

//! This module implements the FileWriteTool, which allows the agent to create and modify files.
//! It includes security sandboxing via PathGuard.

use crate::system::fs::FileSystem;
use crate::system::path_guard::PathGuard;
use crate::tools::{Tool, ToolError, ToolResult};
use async_trait::async_trait;
use serde::Deserialize;
use serde_json::Value;
use std::path::{Path, PathBuf};
use std::sync::Arc;

/// Arguments for the `FileWriteTool`.
#[derive(Debug, Deserialize)]
struct WriteArgs {
    /// The relative path of the file.
    file_path: String,
    /// Content to write.
    content: String,
}

/// A tool that writes file contents.
pub struct FileWriteTool {
    fs: Arc<dyn FileSystem>,
    workspace_root: PathBuf,
}

impl FileWriteTool {
    /// Creates a new `FileWriteTool` anchored to the workspace root.
    pub fn new(fs: Arc<dyn FileSystem>, workspace_root: PathBuf) -> anyhow::Result<Self> {
        let root = workspace_root
            .canonicalize()
            .map_err(|e| anyhow::anyhow!("Invalid workspace root: {}", e))?;
        Ok(Self {
            fs,
            workspace_root: root,
        })
    }
}

#[async_trait]
impl Tool for FileWriteTool {
    fn name(&self) -> &str {
        "edit"
    }

    fn description(&self) -> &str {
        "Create or overwrite a file with the provided content."
    }

    fn input_schema(&self) -> Value {
        serde_json::json!({
            "type": "object",
            "properties": {
                "file_path": {
                    "type": "string",
                    "description": "Relative path of the file."
                },
                "content": {
                    "type": "string",
                    "description": "Content to write to the file."
                }
            },
            "required": ["file_path", "content"]
        })
    }

    async fn execute(&self, args: Value) -> ToolResult<Value> {
        let args: WriteArgs =
            serde_json::from_value(args).map_err(|e| ToolError::InvalidArguments(e.to_string()))?;

        let guard = PathGuard::new(self.workspace_root.clone())
            .map_err(|e| ToolError::ExecutionError(format!("Sandbox init failed: {}", e)))?;
        let target_path = guard
            .validate(Path::new(&args.file_path))
            .map_err(|e| ToolError::ExecutionError(format!("Security Violation: {}", e)))?;

        self.fs
            .write_file(&target_path, &args.content)
            .await
            .map_err(|e| ToolError::ExecutionError(e.to_string()))?;

        Ok(serde_json::json!({ "status": "success" }))
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::system::fs::MockFileSystem;

    #[tokio::test]
    async fn test_file_write_tool_execution() {
        let mut mock_fs = MockFileSystem::new();
        let dir = tempfile::tempdir().unwrap();
        let root = dir.path().canonicalize().unwrap();

        mock_fs
            .expect_write_file()
            .times(1)
            .returning(|_, _| Box::pin(async move { Ok(()) }));

        let tool = FileWriteTool::new(Arc::new(mock_fs), root.clone()).unwrap();
        let args = serde_json::json!({
            "file_path": "new.txt",
            "content": "hello"
        });

        let result = tool.execute(args).await;
        assert!(result.is_ok());
    }

    #[tokio::test]
    async fn test_write_rejects_absolute_path_outside_workspace() {
        let mut mock_fs = MockFileSystem::new();
        mock_fs.expect_write_file().never();

        let dir = tempfile::tempdir().unwrap();
        let root = dir.path().canonicalize().unwrap();
        let tool = FileWriteTool::new(Arc::new(mock_fs), root.clone()).unwrap();

        #[cfg(target_os = "windows")]
        let evil = r"C:\Windows\System32\evil.dll";
        #[cfg(not(target_os = "windows"))]
        let evil = "/etc/evil.dll";

        let args = serde_json::json!({ "file_path": evil, "content": "payload" });

        let result = tool.execute(args).await;
        assert!(
            result.is_err(),
            "absolute path outside workspace must be rejected, got: {:?}",
            result
        );
        let msg = result.unwrap_err().to_string();
        assert!(
            msg.contains("sandbox") || msg.contains("Security"),
            "error should signal a sandbox violation, got: {}",
            msg
        );
    }

    #[tokio::test]
    async fn test_write_rejects_parent_dir_traversal() {
        let mut mock_fs = MockFileSystem::new();
        mock_fs.expect_write_file().never();

        let dir = tempfile::tempdir().unwrap();
        let root = dir.path().canonicalize().unwrap();
        let tool = FileWriteTool::new(Arc::new(mock_fs), root).unwrap();

        let args = serde_json::json!({ "file_path": "sub/../../escape.txt", "content": "payload" });

        let result = tool.execute(args).await;
        assert!(result.is_err(), "parent-dir traversal must be rejected");
    }
}