Skip to main content

harn_hostlib/tools/
mod.rs

1//! Deterministic tools capability.
2//!
3//! Provides search (ripgrep via `grep-searcher` + `ignore`), file I/O,
4//! listing, file outline, git inspection, and
5//! process lifecycle (`run_command`, `wait_command`, `run_test`,
6//! `run_build_command`, `inspect_test_results`, `manage_packages`,
7//! `cancel_handle`).
8//!
9//! Implementation status:
10//!
11//! | Method                  | Status                          |
12//! |-------------------------|---------------------------------|
13//! | `search`                | implemented                     |
14//! | `read_file`             | implemented                     |
15//! | `write_file`            | implemented                     |
16//! | `delete_file`           | implemented                     |
17//! | `list_directory`        | implemented                     |
18//! | `get_file_outline`      | implemented (regex extractor)   |
19//! | `git`                   | implemented (system git CLI)    |
20//! | `run_command`           | implemented                     |
21//! | `wait_command`          | implemented                     |
22//! | `run_test`              | implemented                     |
23//! | `run_build_command`     | implemented                     |
24//! | `inspect_test_results`  | implemented                     |
25//! | `manage_packages`       | implemented                     |
26//! | `cancel_handle`         | implemented                     |
27//!
28//! ### Per-session opt-in
29//!
30//! All deterministic tools are gated by a per-thread feature flag.
31//! Pipelines must call `hostlib_enable("tools:deterministic")` (registered
32//! by [`ToolsCapability::register_builtins`]) before any of the tool
33//! methods will execute. Until then, calls return
34//! [`HostlibError::Backend`] with an explanatory message. The per-session
35//! opt-in model keeps the deterministic-tool surface sandbox-friendly.
36
37use harn_vm::VmDictExt;
38
39use harn_vm::VmValue;
40
41use crate::error::HostlibError;
42use crate::registry::{BuiltinRegistry, HostlibCapability};
43
44pub(crate) mod args;
45mod cancel_handle;
46mod diagnostics;
47mod file_io;
48mod git;
49mod inspect_test_results;
50mod lang;
51pub mod long_running;
52mod manage_packages;
53mod outline;
54mod payload;
55pub mod permissions;
56mod proc;
57mod read_command_output;
58mod response;
59mod run_build_command;
60mod run_command;
61mod run_test;
62mod search;
63mod test_parsers;
64mod wait_command;
65
66pub use permissions::FEATURE_TOOLS_DETERMINISTIC;
67
68/// Tools capability handle.
69#[derive(Default)]
70pub struct ToolsCapability;
71
72impl HostlibCapability for ToolsCapability {
73    fn module_name(&self) -> &'static str {
74        "tools"
75    }
76
77    fn register_builtins(&self, registry: &mut BuiltinRegistry) {
78        // Register the session-cleanup hook once per process so long-running
79        // tool handles are killed when the agent-loop session ends.
80        long_running::register_cleanup_hook();
81
82        registry.register_gated_fn("tools", "hostlib_tools_search", "search", search::run);
83        registry.register_gated_fn(
84            "tools",
85            "hostlib_tools_read_file",
86            "read_file",
87            file_io::read_file,
88        );
89        registry.register_gated_fn(
90            "tools",
91            "hostlib_tools_write_file",
92            "write_file",
93            file_io::write_file,
94        );
95        registry.register_gated_fn(
96            "tools",
97            "hostlib_tools_delete_file",
98            "delete_file",
99            file_io::delete_file,
100        );
101        registry.register_gated_fn(
102            "tools",
103            "hostlib_tools_list_directory",
104            "list_directory",
105            file_io::list_directory,
106        );
107        registry.register_gated_fn(
108            "tools",
109            "hostlib_tools_get_file_outline",
110            "get_file_outline",
111            outline::run,
112        );
113        registry.register_gated_fn("tools", "hostlib_tools_git", "git", git::run);
114
115        registry.register_gated_fn(
116            "tools",
117            "hostlib_tools_run_command",
118            "run_command",
119            run_command::handle,
120        );
121        registry.register_gated_fn(
122            "tools",
123            read_command_output::NAME,
124            "read_command_output",
125            read_command_output::handle,
126        );
127        registry.register_gated_fn(
128            "tools",
129            wait_command::NAME,
130            "wait_command",
131            wait_command::handle,
132        );
133        registry.register_gated_fn(
134            "tools",
135            "hostlib_tools_run_test",
136            "run_test",
137            run_test::handle,
138        );
139        registry.register_gated_fn(
140            "tools",
141            "hostlib_tools_run_build_command",
142            "run_build_command",
143            run_build_command::handle,
144        );
145        registry.register_gated_fn(
146            "tools",
147            "hostlib_tools_inspect_test_results",
148            "inspect_test_results",
149            inspect_test_results::handle,
150        );
151        registry.register_gated_fn(
152            "tools",
153            "hostlib_tools_manage_packages",
154            "manage_packages",
155            manage_packages::handle,
156        );
157        registry.register_gated_fn(
158            "tools",
159            cancel_handle::NAME,
160            "cancel_handle",
161            cancel_handle::handle,
162        );
163
164        // The opt-in builtin lives in the `tools` module so embedders that
165        // don't compose `ToolsCapability` don't accidentally expose it.
166        registry.register_fn("tools", "hostlib_enable", "enable", handle_enable);
167    }
168}
169
170/// Implementation of the `hostlib_enable` builtin. Accepts either a bare
171/// string (`hostlib_enable("tools:deterministic")`) or a dict carrying a
172/// `feature` key (`hostlib_enable({feature: "..."})`) so callers can
173/// supply structured payloads in the future without breaking back-compat.
174fn handle_enable(args: &[VmValue]) -> Result<VmValue, HostlibError> {
175    let feature = match args.first() {
176        Some(VmValue::String(s)) => s.to_string(),
177        Some(VmValue::Dict(dict)) => match dict.get("feature") {
178            Some(VmValue::String(s)) => s.to_string(),
179            _ => {
180                return Err(HostlibError::MissingParameter {
181                    builtin: "hostlib_enable",
182                    param: "feature",
183                });
184            }
185        },
186        _ => {
187            return Err(HostlibError::MissingParameter {
188                builtin: "hostlib_enable",
189                param: "feature",
190            });
191        }
192    };
193
194    match feature.as_str() {
195        permissions::FEATURE_TOOLS_DETERMINISTIC => {
196            let newly_enabled = permissions::enable(&feature);
197            let mut map: harn_vm::value::DictMap = harn_vm::value::DictMap::new();
198            map.put_str("feature", feature);
199            map.insert(harn_vm::value::intern_key("enabled"), VmValue::Bool(true));
200            map.insert(
201                harn_vm::value::intern_key("newly_enabled"),
202                VmValue::Bool(newly_enabled),
203            );
204            Ok(VmValue::dict(map))
205        }
206        other => Err(HostlibError::InvalidParameter {
207            builtin: "hostlib_enable",
208            param: "feature",
209            message: format!("unknown feature `{other}`; supported: [`tools:deterministic`]"),
210        }),
211    }
212}