magi-rs 0.2.0

Magi Agent: a terminal AI assistant in Rust with sandboxed tool execution, OAuth login, and encrypted local memory (Argon2 + AES-256-GCM-SIV + Reed-Solomon FEC).
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147

//! This module implements the GrepTool, which allows the agent to search for patterns.

use crate::system::grep::Grep;
use crate::system::path_guard::PathGuard;
use crate::tools::{Tool, ToolError, ToolResult};
use async_trait::async_trait;
use serde::Deserialize;
use serde_json::Value;
use std::path::{Path, PathBuf};

/// Arguments for the `GrepTool`.
#[derive(Debug, Deserialize)]
struct GrepArgs {
    pattern: String,
    path: String,
}

/// A tool that searches for patterns.
pub struct GrepTool {
    grep: Box<dyn Grep>,
    workspace_root: PathBuf,
}

impl GrepTool {
    pub fn new(grep: Box<dyn Grep>, workspace_root: PathBuf) -> anyhow::Result<Self> {
        let root = workspace_root.canonicalize()?;
        Ok(Self {
            grep,
            workspace_root: root,
        })
    }
}

#[async_trait]
impl Tool for GrepTool {
    fn name(&self) -> &str {
        "grep"
    }

    fn description(&self) -> &str {
        "Search for a pattern in the workspace using RipGrep."
    }

    fn input_schema(&self) -> Value {
        serde_json::json!({
            "type": "object",
            "properties": {
                "pattern": {
                    "type": "string",
                    "description": "The regex pattern to search for."
                },
                "path": {
                    "type": "string",
                    "description": "Relative path to search within."
                }
            },
            "required": ["pattern", "path"]
        })
    }

    async fn execute(&self, args: Value) -> ToolResult<Value> {
        let args: GrepArgs =
            serde_json::from_value(args).map_err(|e| ToolError::InvalidArguments(e.to_string()))?;

        let guard = PathGuard::new(self.workspace_root.clone())
            .map_err(|e| ToolError::ExecutionError(format!("Sandbox init failed: {}", e)))?;
        let target_path = guard
            .validate(Path::new(&args.path))
            .map_err(|e| ToolError::ExecutionError(format!("Security Violation: {}", e)))?;

        let results = self
            .grep
            .search(&args.pattern, &target_path)
            .await
            .map_err(|e| ToolError::ExecutionError(e.to_string()))?;

        Ok(serde_json::json!({ "results": results }))
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use crate::system::grep::MockGrep;

    #[tokio::test]
    async fn test_grep_tool_execution() {
        let mut mock_grep = MockGrep::new();
        let dir = tempfile::tempdir().unwrap();
        let root = dir.path().canonicalize().unwrap();

        mock_grep
            .expect_search()
            .times(1)
            .returning(|_, _| Box::pin(async move { Ok(vec!["match".to_string()]) }));

        let tool = GrepTool::new(Box::new(mock_grep), root.clone()).unwrap();
        let args = serde_json::json!({
            "pattern": "test",
            "path": "."
        });

        let result = tool.execute(args).await;
        assert!(result.is_ok());
    }

    #[tokio::test]
    async fn test_grep_rejects_symlink_escaping_workspace() {
        let mut mock_grep = MockGrep::new();
        mock_grep.expect_search().never();

        let work = tempfile::tempdir().unwrap();
        let root = work.path().canonicalize().unwrap();
        let outside = tempfile::tempdir().unwrap();
        let outside_path = outside.path().canonicalize().unwrap();

        let link = root.join("link");

        #[cfg(unix)]
        {
            std::os::unix::fs::symlink(&outside_path, &link).unwrap();
        }
        #[cfg(windows)]
        {
            if std::os::windows::fs::symlink_dir(&outside_path, &link).is_err() {
                eprintln!("skipping: cannot create directory symlink without privilege");
                return;
            }
        }

        let tool = GrepTool::new(Box::new(mock_grep), root).unwrap();
        let args = serde_json::json!({ "pattern": "secret", "path": "link" });

        let result = tool.execute(args).await;
        assert!(
            result.is_err(),
            "symlink escaping the workspace must be rejected, got: {:?}",
            result
        );
        let msg = result.unwrap_err().to_string();
        assert!(
            msg.contains("Security") || msg.contains("sandbox") || msg.contains("traversal"),
            "error should signal a sandbox violation, got: {}",
            msg
        );
    }
}