1use std::collections::{hash_map::DefaultHasher, HashMap, HashSet};
2use std::hash::{Hash, Hasher};
3use std::path::{Path, PathBuf};
4use std::process::Stdio;
5use std::sync::atomic::{AtomicBool, AtomicU64, AtomicUsize, Ordering as AtomicOrdering};
6use std::sync::{Arc, Mutex};
7use std::time::Duration;
8
9use anyhow::anyhow;
10use async_trait::async_trait;
11use grep_matcher::LineTerminator;
12use grep_regex::{RegexMatcher, RegexMatcherBuilder};
13use grep_searcher::sinks::Lossy;
14use grep_searcher::{BinaryDetection, MmapChoice, SearcherBuilder};
15use ignore::{ParallelVisitor, ParallelVisitorBuilder, WalkBuilder, WalkState};
16use regex::Regex;
17use serde_json::{json, Value};
18use tandem_memory::embeddings::{get_embedding_service, EmbeddingService};
19use tandem_skills::SkillService;
20use tokio::fs;
21use tokio::process::Command;
22use tokio::sync::RwLock;
23use tokio_util::sync::CancellationToken;
24
25use futures_util::StreamExt;
26use tandem_agent_teams::compat::{
27 send_message_schema, task_create_schema, task_list_schema, task_schema, task_update_schema,
28 team_create_schema,
29};
30use tandem_agent_teams::{
31 AgentTeamPaths, SendMessageInput, SendMessageType, TaskCreateInput, TaskInput, TaskListInput,
32 TaskUpdateInput, TeamCreateInput,
33};
34use tandem_memory::types::{MemorySearchResult, MemoryTier};
35use tandem_memory::MemoryManager;
36use tandem_types::{SharedToolProgressSink, ToolProgressEvent, ToolResult, ToolSchema};
37
38#[async_trait]
39pub trait Tool: Send + Sync {
40 fn schema(&self) -> ToolSchema;
41 async fn execute(&self, args: Value) -> anyhow::Result<ToolResult>;
42 async fn execute_with_cancel(
43 &self,
44 args: Value,
45 _cancel: CancellationToken,
46 ) -> anyhow::Result<ToolResult> {
47 self.execute(args).await
48 }
49 async fn execute_with_progress(
50 &self,
51 args: Value,
52 cancel: CancellationToken,
53 progress: Option<SharedToolProgressSink>,
54 ) -> anyhow::Result<ToolResult> {
55 let _ = progress;
56 self.execute_with_cancel(args, cancel).await
57 }
58}
59
60#[derive(Clone)]
61pub struct ToolRegistry {
62 tools: Arc<RwLock<HashMap<String, Arc<dyn Tool>>>>,
63 tool_vectors: Arc<RwLock<HashMap<String, Vec<f32>>>>,
64}
65
66impl ToolRegistry {
67 pub fn new() -> Self {
68 let mut map: HashMap<String, Arc<dyn Tool>> = HashMap::new();
69 map.insert("bash".to_string(), Arc::new(BashTool));
70 map.insert("read".to_string(), Arc::new(ReadTool));
71 map.insert("write".to_string(), Arc::new(WriteTool));
72 map.insert("edit".to_string(), Arc::new(EditTool));
73 map.insert("glob".to_string(), Arc::new(GlobTool));
74 map.insert("grep".to_string(), Arc::new(GrepTool));
75 map.insert("webfetch".to_string(), Arc::new(WebFetchTool));
76 map.insert("webfetch_html".to_string(), Arc::new(WebFetchHtmlTool));
77 map.insert("mcp_debug".to_string(), Arc::new(McpDebugTool));
78 map.insert("websearch".to_string(), Arc::new(WebSearchTool));
81 map.insert("codesearch".to_string(), Arc::new(CodeSearchTool));
82 let todo_tool: Arc<dyn Tool> = Arc::new(TodoWriteTool);
83 map.insert("todo_write".to_string(), todo_tool.clone());
84 map.insert("todowrite".to_string(), todo_tool.clone());
85 map.insert("update_todo_list".to_string(), todo_tool);
86 map.insert("task".to_string(), Arc::new(TaskTool));
87 map.insert("question".to_string(), Arc::new(QuestionTool));
88 map.insert("spawn_agent".to_string(), Arc::new(SpawnAgentTool));
89 map.insert("skill".to_string(), Arc::new(SkillTool));
90 map.insert("memory_store".to_string(), Arc::new(MemoryStoreTool));
91 map.insert("memory_list".to_string(), Arc::new(MemoryListTool));
92 map.insert("memory_search".to_string(), Arc::new(MemorySearchTool));
93 map.insert("memory_delete".to_string(), Arc::new(MemoryDeleteTool));
94 map.insert("apply_patch".to_string(), Arc::new(ApplyPatchTool));
95 map.insert("batch".to_string(), Arc::new(BatchTool));
96 map.insert("lsp".to_string(), Arc::new(LspTool));
97 map.insert("teamcreate".to_string(), Arc::new(TeamCreateTool));
98 map.insert("taskcreate".to_string(), Arc::new(TaskCreateCompatTool));
99 map.insert("taskupdate".to_string(), Arc::new(TaskUpdateCompatTool));
100 map.insert("tasklist".to_string(), Arc::new(TaskListCompatTool));
101 map.insert("sendmessage".to_string(), Arc::new(SendMessageCompatTool));
102 Self {
103 tools: Arc::new(RwLock::new(map)),
104 tool_vectors: Arc::new(RwLock::new(HashMap::new())),
105 }
106 }
107
108 pub async fn list(&self) -> Vec<ToolSchema> {
109 let mut dedup: HashMap<String, ToolSchema> = HashMap::new();
110 for schema in self.tools.read().await.values().map(|t| t.schema()) {
111 dedup.entry(schema.name.clone()).or_insert(schema);
112 }
113 let mut schemas = dedup.into_values().collect::<Vec<_>>();
114 schemas.sort_by(|a, b| a.name.cmp(&b.name));
115 schemas
116 }
117
118 pub async fn register_tool(&self, name: String, tool: Arc<dyn Tool>) {
119 let schema = tool.schema();
120 self.tools.write().await.insert(name.clone(), tool);
121 self.index_tool_schema(&schema).await;
122 if name != schema.name {
123 self.index_tool_name(&name, &schema).await;
124 }
125 }
126
127 pub async fn unregister_tool(&self, name: &str) -> bool {
128 let removed = self.tools.write().await.remove(name);
129 self.tool_vectors.write().await.remove(name);
130 if let Some(tool) = removed {
131 let schema_name = tool.schema().name;
132 self.tool_vectors.write().await.remove(&schema_name);
133 return true;
134 }
135 false
136 }
137
138 pub async fn unregister_by_prefix(&self, prefix: &str) -> usize {
139 let mut tools = self.tools.write().await;
140 let keys = tools
141 .keys()
142 .filter(|name| name.starts_with(prefix))
143 .cloned()
144 .collect::<Vec<_>>();
145 let removed = keys.len();
146 let mut removed_schema_names = Vec::new();
147 for key in keys {
148 if let Some(tool) = tools.remove(&key) {
149 removed_schema_names.push(tool.schema().name);
150 }
151 }
152 drop(tools);
153 let mut vectors = self.tool_vectors.write().await;
154 vectors.retain(|name, _| {
155 !name.starts_with(prefix) && !removed_schema_names.iter().any(|schema| schema == name)
156 });
157 removed
158 }
159
160 pub async fn index_all(&self) {
161 let schemas = self.list().await;
162 if schemas.is_empty() {
163 self.tool_vectors.write().await.clear();
164 return;
165 }
166 let texts = schemas
167 .iter()
168 .map(|schema| format!("{}: {}", schema.name, schema.description))
169 .collect::<Vec<_>>();
170 let service = get_embedding_service().await;
171 let service = service.lock().await;
172 if !service.is_available() {
173 return;
174 }
175 let Ok(vectors) = service.embed_batch(&texts).await else {
176 return;
177 };
178 drop(service);
179 let mut indexed = HashMap::new();
180 for (schema, vector) in schemas.into_iter().zip(vectors) {
181 indexed.insert(schema.name, vector);
182 }
183 *self.tool_vectors.write().await = indexed;
184 }
185
186 async fn index_tool_schema(&self, schema: &ToolSchema) {
187 self.index_tool_name(&schema.name, schema).await;
188 }
189
190 async fn index_tool_name(&self, name: &str, schema: &ToolSchema) {
191 let text = format!("{}: {}", schema.name, schema.description);
192 let service = get_embedding_service().await;
193 let service = service.lock().await;
194 if !service.is_available() {
195 return;
196 }
197 let Ok(vector) = service.embed(&text).await else {
198 return;
199 };
200 drop(service);
201 self.tool_vectors
202 .write()
203 .await
204 .insert(name.to_string(), vector);
205 }
206
207 pub async fn retrieve(&self, query: &str, k: usize) -> Vec<ToolSchema> {
208 if k == 0 {
209 return Vec::new();
210 }
211 let service = get_embedding_service().await;
212 let service = service.lock().await;
213 if !service.is_available() {
214 drop(service);
215 return self.list().await;
216 }
217 let Ok(query_vec) = service.embed(query).await else {
218 drop(service);
219 return self.list().await;
220 };
221 drop(service);
222
223 let vectors = self.tool_vectors.read().await;
224 if vectors.is_empty() {
225 drop(vectors);
226 return self.list().await;
227 }
228 let tools = self.tools.read().await;
229 let mut scored = vectors
230 .iter()
231 .map(|(name, vector)| {
232 (
233 EmbeddingService::cosine_similarity(&query_vec, vector),
234 name.clone(),
235 )
236 })
237 .collect::<Vec<_>>();
238 scored.sort_by(|a, b| {
239 b.0.partial_cmp(&a.0)
240 .unwrap_or(std::cmp::Ordering::Equal)
241 .then_with(|| a.1.cmp(&b.1))
242 });
243 let mut out = Vec::new();
244 let mut seen = HashSet::new();
245 for (_, name) in scored.into_iter().take(k) {
246 let Some(tool) = tools.get(&name) else {
247 continue;
248 };
249 let schema = tool.schema();
250 if seen.insert(schema.name.clone()) {
251 out.push(schema);
252 }
253 }
254 if out.is_empty() {
255 self.list().await
256 } else {
257 out
258 }
259 }
260
261 pub async fn mcp_server_names(&self) -> Vec<String> {
262 let mut names = HashSet::new();
263 for schema in self.list().await {
264 let mut parts = schema.name.split('.');
265 if parts.next() == Some("mcp") {
266 if let Some(server) = parts.next() {
267 if !server.trim().is_empty() {
268 names.insert(server.to_string());
269 }
270 }
271 }
272 }
273 let mut sorted = names.into_iter().collect::<Vec<_>>();
274 sorted.sort();
275 sorted
276 }
277
278 pub async fn execute(&self, name: &str, args: Value) -> anyhow::Result<ToolResult> {
279 let tool = {
280 let tools = self.tools.read().await;
281 resolve_registered_tool(&tools, name)
282 };
283 let Some(tool) = tool else {
284 return Ok(ToolResult {
285 output: format!("Unknown tool: {name}"),
286 metadata: json!({}),
287 });
288 };
289 tool.execute(args).await
290 }
291
292 pub async fn execute_with_cancel(
293 &self,
294 name: &str,
295 args: Value,
296 cancel: CancellationToken,
297 ) -> anyhow::Result<ToolResult> {
298 self.execute_with_cancel_and_progress(name, args, cancel, None)
299 .await
300 }
301
302 pub async fn execute_with_cancel_and_progress(
303 &self,
304 name: &str,
305 args: Value,
306 cancel: CancellationToken,
307 progress: Option<SharedToolProgressSink>,
308 ) -> anyhow::Result<ToolResult> {
309 let tool = {
310 let tools = self.tools.read().await;
311 resolve_registered_tool(&tools, name)
312 };
313 let Some(tool) = tool else {
314 return Ok(ToolResult {
315 output: format!("Unknown tool: {name}"),
316 metadata: json!({}),
317 });
318 };
319 tool.execute_with_progress(args, cancel, progress).await
320 }
321}
322
323#[derive(Clone, Debug, PartialEq, Eq)]
324enum SearchBackendKind {
325 Disabled,
326 Auto,
327 Tandem,
328 Searxng,
329 Exa,
330 Brave,
331}
332
333#[derive(Clone, Debug)]
334enum SearchBackend {
335 Disabled {
336 reason: String,
337 },
338 Auto {
339 backends: Vec<SearchBackend>,
340 },
341 Tandem {
342 base_url: String,
343 timeout_ms: u64,
344 },
345 Searxng {
346 base_url: String,
347 engines: Option<String>,
348 timeout_ms: u64,
349 },
350 Exa {
351 api_key: String,
352 timeout_ms: u64,
353 },
354 Brave {
355 api_key: String,
356 timeout_ms: u64,
357 },
358}
359
360impl SearchBackend {
361 fn from_env() -> Self {
362 let managed_env = load_managed_search_env();
363 let explicit = search_setting_value(&managed_env, &["TANDEM_SEARCH_BACKEND"])
364 .map(|value| value.trim().to_ascii_lowercase())
365 .filter(|value| !value.is_empty());
366 let timeout_ms = search_backend_timeout_ms(&managed_env);
367
368 match explicit.as_deref() {
369 Some("none") | Some("disabled") => {
370 return Self::Disabled {
371 reason: "TANDEM_SEARCH_BACKEND explicitly disabled websearch".to_string(),
372 };
373 }
374 Some("auto") => {
375 return search_backend_from_auto_env(&managed_env, timeout_ms);
376 }
377 Some("tandem") => {
378 return search_backend_from_tandem_env(&managed_env, timeout_ms, true);
379 }
380 Some("searxng") => {
381 return search_backend_from_searxng_env(&managed_env, timeout_ms).unwrap_or_else(
382 || Self::Disabled {
383 reason: "TANDEM_SEARCH_BACKEND=searxng but TANDEM_SEARXNG_URL is missing"
384 .to_string(),
385 },
386 );
387 }
388 Some("exa") => {
389 return search_backend_from_exa_env(&managed_env, timeout_ms).unwrap_or_else(|| {
390 Self::Disabled {
391 reason:
392 "TANDEM_SEARCH_BACKEND=exa but EXA_API_KEY/TANDEM_EXA_API_KEY is missing"
393 .to_string(),
394 }
395 });
396 }
397 Some("brave") => {
398 return search_backend_from_brave_env(&managed_env, timeout_ms).unwrap_or_else(|| {
399 Self::Disabled {
400 reason:
401 "TANDEM_SEARCH_BACKEND=brave but BRAVE_SEARCH_API_KEY/TANDEM_BRAVE_SEARCH_API_KEY is missing"
402 .to_string(),
403 }
404 });
405 }
406 Some(other) => {
407 return Self::Disabled {
408 reason: format!(
409 "TANDEM_SEARCH_BACKEND `{other}` is unsupported; expected auto, tandem, searxng, exa, brave, or none"
410 ),
411 };
412 }
413 None => {}
414 }
415 search_backend_from_auto_env(&managed_env, timeout_ms)
416 }
417
418 fn kind(&self) -> SearchBackendKind {
419 match self {
420 Self::Disabled { .. } => SearchBackendKind::Disabled,
421 Self::Auto { .. } => SearchBackendKind::Auto,
422 Self::Tandem { .. } => SearchBackendKind::Tandem,
423 Self::Searxng { .. } => SearchBackendKind::Searxng,
424 Self::Exa { .. } => SearchBackendKind::Exa,
425 Self::Brave { .. } => SearchBackendKind::Brave,
426 }
427 }
428
429 fn name(&self) -> &'static str {
430 match self.kind() {
431 SearchBackendKind::Disabled => "disabled",
432 SearchBackendKind::Auto => "auto",
433 SearchBackendKind::Tandem => "tandem",
434 SearchBackendKind::Searxng => "searxng",
435 SearchBackendKind::Exa => "exa",
436 SearchBackendKind::Brave => "brave",
437 }
438 }
439
440 fn schema_description(&self) -> String {
441 match self {
442 Self::Auto { .. } => {
443 "Search web results using the configured search backends with automatic failover"
444 .to_string()
445 }
446 Self::Tandem { .. } => {
447 "Search web results using Tandem's hosted search backend".to_string()
448 }
449 Self::Searxng { .. } => {
450 "Search web results using the configured SearxNG backend".to_string()
451 }
452 Self::Exa { .. } => "Search web results using the configured Exa backend".to_string(),
453 Self::Brave { .. } => {
454 "Search web results using the configured Brave Search backend".to_string()
455 }
456 Self::Disabled { .. } => {
457 "Search web results using the configured search backend".to_string()
458 }
459 }
460 }
461}
462
463const DEFAULT_MANAGED_SEARCH_SETTINGS_PATH: &str = "/etc/tandem/engine.env";
464
465fn managed_search_settings_path() -> PathBuf {
466 std::env::var("TANDEM_SEARCH_SETTINGS_FILE")
467 .ok()
468 .map(|value| value.trim().to_string())
469 .filter(|value| !value.is_empty())
470 .map(PathBuf::from)
471 .unwrap_or_else(|| PathBuf::from(DEFAULT_MANAGED_SEARCH_SETTINGS_PATH))
472}
473
474fn load_managed_search_env() -> HashMap<String, String> {
475 let path = managed_search_settings_path();
476 let Ok(raw) = std::fs::read_to_string(path) else {
477 return HashMap::new();
478 };
479
480 let mut env = HashMap::new();
481 for line in raw.lines() {
482 let line = line.trim();
483 if line.is_empty() || line.starts_with('#') {
484 continue;
485 }
486 let Some((key, value)) = line.split_once('=') else {
487 continue;
488 };
489 let key = key.trim();
490 if key.is_empty() {
491 continue;
492 }
493 let mut value = value.trim().to_string();
494 if ((value.starts_with('"') && value.ends_with('"'))
495 || (value.starts_with('\'') && value.ends_with('\'')))
496 && value.len() >= 2
497 {
498 value = value[1..value.len() - 1].to_string();
499 }
500 env.insert(key.to_string(), value);
501 }
502 env
503}
504
505fn search_setting_value(file_env: &HashMap<String, String>, keys: &[&str]) -> Option<String> {
506 for key in keys {
507 if let Some(value) = file_env.get(*key) {
508 let trimmed = value.trim();
509 if !trimmed.is_empty() {
510 return Some(trimmed.to_string());
511 }
512 }
513 }
514 for key in keys {
515 if let Ok(value) = std::env::var(key) {
516 let trimmed = value.trim();
517 if !trimmed.is_empty() {
518 return Some(trimmed.to_string());
519 }
520 }
521 }
522 None
523}
524
525fn has_nonempty_search_setting(file_env: &HashMap<String, String>, name: &str) -> bool {
526 search_setting_value(file_env, &[name]).is_some()
527}
528
529fn search_backend_timeout_ms(file_env: &HashMap<String, String>) -> u64 {
530 search_setting_value(file_env, &["TANDEM_SEARCH_TIMEOUT_MS"])
531 .and_then(|value| value.parse::<u64>().ok())
532 .unwrap_or(10_000)
533 .clamp(1_000, 120_000)
534}
535
536fn search_backend_from_tandem_env(
537 file_env: &HashMap<String, String>,
538 timeout_ms: u64,
539 allow_default_url: bool,
540) -> SearchBackend {
541 const DEFAULT_TANDEM_SEARCH_URL: &str = "https://search.tandem.ac";
542 let base_url = search_setting_value(file_env, &["TANDEM_SEARCH_URL"])
543 .map(|value| value.trim().trim_end_matches('/').to_string())
544 .or_else(|| allow_default_url.then(|| DEFAULT_TANDEM_SEARCH_URL.to_string()));
545 match base_url {
546 Some(base_url) => SearchBackend::Tandem {
547 base_url,
548 timeout_ms,
549 },
550 None => SearchBackend::Disabled {
551 reason: "TANDEM_SEARCH_BACKEND=tandem but TANDEM_SEARCH_URL is missing".to_string(),
552 },
553 }
554}
555
556fn search_backend_from_searxng_env(
557 file_env: &HashMap<String, String>,
558 timeout_ms: u64,
559) -> Option<SearchBackend> {
560 let base_url = search_setting_value(file_env, &["TANDEM_SEARXNG_URL"])?;
561 let base_url = base_url.trim().trim_end_matches('/').to_string();
562 if base_url.is_empty() {
563 return None;
564 }
565 let engines = search_setting_value(file_env, &["TANDEM_SEARXNG_ENGINES"])
566 .map(|value| value.trim().to_string())
567 .filter(|value| !value.is_empty());
568 Some(SearchBackend::Searxng {
569 base_url,
570 engines,
571 timeout_ms,
572 })
573}
574
575fn search_backend_from_exa_env(
576 file_env: &HashMap<String, String>,
577 timeout_ms: u64,
578) -> Option<SearchBackend> {
579 let api_key = search_setting_value(
580 file_env,
581 &[
582 "TANDEM_EXA_API_KEY",
583 "TANDEM_EXA_SEARCH_API_KEY",
584 "EXA_API_KEY",
585 ],
586 )?;
587 let api_key = api_key.trim().to_string();
588 if api_key.is_empty() {
589 return None;
590 }
591 Some(SearchBackend::Exa {
592 api_key,
593 timeout_ms,
594 })
595}
596
597fn search_backend_from_brave_env(
598 file_env: &HashMap<String, String>,
599 timeout_ms: u64,
600) -> Option<SearchBackend> {
601 let api_key = search_setting_value(
602 file_env,
603 &["TANDEM_BRAVE_SEARCH_API_KEY", "BRAVE_SEARCH_API_KEY"],
604 )?;
605 let api_key = api_key.trim().to_string();
606 if api_key.is_empty() {
607 return None;
608 }
609 Some(SearchBackend::Brave {
610 api_key,
611 timeout_ms,
612 })
613}
614
615fn search_backend_auto_candidates(
616 file_env: &HashMap<String, String>,
617 timeout_ms: u64,
618) -> Vec<SearchBackend> {
619 let mut backends = Vec::new();
620
621 if has_nonempty_search_setting(file_env, "TANDEM_SEARCH_URL") {
622 backends.push(search_backend_from_tandem_env(file_env, timeout_ms, false));
623 }
624 if let Some(config) = search_backend_from_searxng_env(file_env, timeout_ms) {
625 backends.push(config);
626 }
627 if let Some(config) = search_backend_from_brave_env(file_env, timeout_ms) {
628 backends.push(config);
629 }
630 if let Some(config) = search_backend_from_exa_env(file_env, timeout_ms) {
631 backends.push(config);
632 }
633 if backends.is_empty() {
634 backends.push(search_backend_from_tandem_env(file_env, timeout_ms, true));
635 }
636
637 backends
638 .into_iter()
639 .filter(|backend| !matches!(backend, SearchBackend::Disabled { .. }))
640 .collect()
641}
642
643fn search_backend_from_auto_env(
644 file_env: &HashMap<String, String>,
645 timeout_ms: u64,
646) -> SearchBackend {
647 let backends = search_backend_auto_candidates(file_env, timeout_ms);
648 match backends.len() {
649 0 => SearchBackend::Disabled {
650 reason:
651 "set TANDEM_SEARCH_URL or configure tandem, searxng, brave, or exa to enable websearch"
652 .to_string(),
653 },
654 1 => backends.into_iter().next().expect("single backend"),
655 _ => SearchBackend::Auto { backends },
656 }
657}
658
659#[derive(Clone, Debug, serde::Serialize)]
660struct SearchResultEntry {
661 title: String,
662 url: String,
663 snippet: String,
664 source: String,
665}
666
667fn canonical_tool_name(name: &str) -> String {
668 match name.trim().to_ascii_lowercase().replace('-', "_").as_str() {
669 "todowrite" | "update_todo_list" | "update_todos" => "todo_write".to_string(),
670 "run_command" | "shell" | "powershell" | "cmd" => "bash".to_string(),
671 other => other.to_string(),
672 }
673}
674
675fn strip_known_tool_namespace(name: &str) -> Option<String> {
676 const PREFIXES: [&str; 8] = [
677 "default_api:",
678 "default_api.",
679 "functions.",
680 "function.",
681 "tools.",
682 "tool.",
683 "builtin:",
684 "builtin.",
685 ];
686 for prefix in PREFIXES {
687 if let Some(rest) = name.strip_prefix(prefix) {
688 let trimmed = rest.trim();
689 if !trimmed.is_empty() {
690 return Some(trimmed.to_string());
691 }
692 }
693 }
694 None
695}
696
697fn resolve_registered_tool(
698 tools: &HashMap<String, Arc<dyn Tool>>,
699 requested_name: &str,
700) -> Option<Arc<dyn Tool>> {
701 let canonical = canonical_tool_name(requested_name);
702 if let Some(tool) = tools.get(&canonical) {
703 return Some(tool.clone());
704 }
705 if let Some(stripped) = strip_known_tool_namespace(&canonical) {
706 let stripped = canonical_tool_name(&stripped);
707 if let Some(tool) = tools.get(&stripped) {
708 return Some(tool.clone());
709 }
710 }
711 None
712}
713
714fn is_batch_wrapper_tool_name(name: &str) -> bool {
715 matches!(
716 canonical_tool_name(name).as_str(),
717 "default_api" | "default" | "api" | "function" | "functions" | "tool" | "tools"
718 )
719}
720
721fn non_empty_batch_str(value: Option<&Value>) -> Option<&str> {
722 trimmed_non_empty_str(value)
723}
724
725fn resolve_batch_call_tool_name(call: &Value) -> Option<String> {
726 let tool = non_empty_batch_str(call.get("tool"))
727 .or_else(|| {
728 call.get("tool")
729 .and_then(|v| v.as_object())
730 .and_then(|obj| non_empty_batch_str(obj.get("name")))
731 })
732 .or_else(|| {
733 call.get("function")
734 .and_then(|v| v.as_object())
735 .and_then(|obj| non_empty_batch_str(obj.get("tool")))
736 })
737 .or_else(|| {
738 call.get("function_call")
739 .and_then(|v| v.as_object())
740 .and_then(|obj| non_empty_batch_str(obj.get("tool")))
741 })
742 .or_else(|| {
743 call.get("call")
744 .and_then(|v| v.as_object())
745 .and_then(|obj| non_empty_batch_str(obj.get("tool")))
746 });
747 let name = non_empty_batch_str(call.get("name"))
748 .or_else(|| {
749 call.get("function")
750 .and_then(|v| v.as_object())
751 .and_then(|obj| non_empty_batch_str(obj.get("name")))
752 })
753 .or_else(|| {
754 call.get("function_call")
755 .and_then(|v| v.as_object())
756 .and_then(|obj| non_empty_batch_str(obj.get("name")))
757 })
758 .or_else(|| {
759 call.get("call")
760 .and_then(|v| v.as_object())
761 .and_then(|obj| non_empty_batch_str(obj.get("name")))
762 })
763 .or_else(|| {
764 call.get("tool")
765 .and_then(|v| v.as_object())
766 .and_then(|obj| non_empty_batch_str(obj.get("name")))
767 });
768
769 match (tool, name) {
770 (Some(t), Some(n)) => {
771 if is_batch_wrapper_tool_name(t) {
772 Some(n.to_string())
773 } else if let Some(stripped) = strip_known_tool_namespace(t) {
774 Some(stripped)
775 } else {
776 Some(t.to_string())
777 }
778 }
779 (Some(t), None) => {
780 if is_batch_wrapper_tool_name(t) {
781 None
782 } else if let Some(stripped) = strip_known_tool_namespace(t) {
783 Some(stripped)
784 } else {
785 Some(t.to_string())
786 }
787 }
788 (None, Some(n)) => Some(n.to_string()),
789 (None, None) => None,
790 }
791}
792
793impl Default for ToolRegistry {
794 fn default() -> Self {
795 Self::new()
796 }
797}
798
799#[derive(Debug, Clone, PartialEq, Eq)]
800pub struct ToolSchemaValidationError {
801 pub tool_name: String,
802 pub path: String,
803 pub reason: String,
804}
805
806impl std::fmt::Display for ToolSchemaValidationError {
807 fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
808 write!(
809 f,
810 "invalid tool schema `{}` at `{}`: {}",
811 self.tool_name, self.path, self.reason
812 )
813 }
814}
815
816impl std::error::Error for ToolSchemaValidationError {}
817
818pub fn validate_tool_schemas(schemas: &[ToolSchema]) -> Result<(), ToolSchemaValidationError> {
819 for schema in schemas {
820 validate_schema_node(&schema.name, "$", &schema.input_schema)?;
821 }
822 Ok(())
823}
824
825fn validate_schema_node(
826 tool_name: &str,
827 path: &str,
828 value: &Value,
829) -> Result<(), ToolSchemaValidationError> {
830 let Some(obj) = value.as_object() else {
831 if let Some(arr) = value.as_array() {
832 for (idx, item) in arr.iter().enumerate() {
833 validate_schema_node(tool_name, &format!("{path}[{idx}]"), item)?;
834 }
835 }
836 return Ok(());
837 };
838
839 if obj.get("type").and_then(|t| t.as_str()) == Some("array") && !obj.contains_key("items") {
840 return Err(ToolSchemaValidationError {
841 tool_name: tool_name.to_string(),
842 path: path.to_string(),
843 reason: "array schema missing items".to_string(),
844 });
845 }
846
847 if let Some(items) = obj.get("items") {
848 validate_schema_node(tool_name, &format!("{path}.items"), items)?;
849 }
850 if let Some(props) = obj.get("properties").and_then(|v| v.as_object()) {
851 for (key, child) in props {
852 validate_schema_node(tool_name, &format!("{path}.properties.{key}"), child)?;
853 }
854 }
855 if let Some(additional_props) = obj.get("additionalProperties") {
856 validate_schema_node(
857 tool_name,
858 &format!("{path}.additionalProperties"),
859 additional_props,
860 )?;
861 }
862 if let Some(one_of) = obj.get("oneOf").and_then(|v| v.as_array()) {
863 for (idx, child) in one_of.iter().enumerate() {
864 validate_schema_node(tool_name, &format!("{path}.oneOf[{idx}]"), child)?;
865 }
866 }
867 if let Some(any_of) = obj.get("anyOf").and_then(|v| v.as_array()) {
868 for (idx, child) in any_of.iter().enumerate() {
869 validate_schema_node(tool_name, &format!("{path}.anyOf[{idx}]"), child)?;
870 }
871 }
872 if let Some(all_of) = obj.get("allOf").and_then(|v| v.as_array()) {
873 for (idx, child) in all_of.iter().enumerate() {
874 validate_schema_node(tool_name, &format!("{path}.allOf[{idx}]"), child)?;
875 }
876 }
877
878 Ok(())
879}
880
881fn workspace_root_from_args(args: &Value) -> Option<PathBuf> {
882 args.get("__workspace_root")
883 .and_then(|v| v.as_str())
884 .map(str::trim)
885 .filter(|s| !s.is_empty())
886 .map(PathBuf::from)
887}
888
889fn effective_cwd_from_args(args: &Value) -> PathBuf {
890 args.get("__effective_cwd")
891 .and_then(|v| v.as_str())
892 .map(str::trim)
893 .filter(|s| !s.is_empty())
894 .map(PathBuf::from)
895 .or_else(|| workspace_root_from_args(args))
896 .or_else(|| std::env::current_dir().ok())
897 .unwrap_or_else(|| PathBuf::from("."))
898}
899
900fn normalize_path_for_compare(path: &Path) -> PathBuf {
901 let mut normalized = PathBuf::new();
902 for component in path.components() {
903 match component {
904 std::path::Component::CurDir => {}
905 std::path::Component::ParentDir => {
906 let _ = normalized.pop();
907 }
908 other => normalized.push(other.as_os_str()),
909 }
910 }
911 normalized
912}
913
914fn normalize_existing_or_lexical(path: &Path) -> PathBuf {
915 path.canonicalize()
916 .unwrap_or_else(|_| normalize_path_for_compare(path))
917}
918
919fn is_within_workspace_root(path: &Path, workspace_root: &Path) -> bool {
920 let candidate_lexical = normalize_path_for_compare(path);
923 let root_lexical = normalize_path_for_compare(workspace_root);
924 if candidate_lexical.starts_with(&root_lexical) {
925 return true;
926 }
927
928 let candidate = normalize_existing_or_lexical(path);
931 let root = normalize_existing_or_lexical(workspace_root);
932 candidate.starts_with(root)
933}
934
935fn resolve_tool_path(path: &str, args: &Value) -> Option<PathBuf> {
936 let trimmed = path.trim();
937 if trimmed.is_empty() {
938 return None;
939 }
940 if trimmed == "." || trimmed == "./" || trimmed == ".\\" {
941 let cwd = effective_cwd_from_args(args);
942 if let Some(workspace_root) = workspace_root_from_args(args) {
943 if !is_within_workspace_root(&cwd, &workspace_root) {
944 return None;
945 }
946 }
947 return Some(cwd);
948 }
949 if is_root_only_path_token(trimmed) || is_malformed_tool_path_token(trimmed) {
950 return None;
951 }
952 let raw = Path::new(trimmed);
953 if !raw.is_absolute()
954 && raw
955 .components()
956 .any(|c| matches!(c, std::path::Component::ParentDir))
957 {
958 return None;
959 }
960
961 let resolved = if raw.is_absolute() {
962 raw.to_path_buf()
963 } else {
964 effective_cwd_from_args(args).join(raw)
965 };
966
967 if let Some(workspace_root) = workspace_root_from_args(args) {
968 if !is_within_workspace_root(&resolved, &workspace_root) {
969 return None;
970 }
971 } else if raw.is_absolute() {
972 return None;
973 }
974
975 Some(resolved)
976}
977
978fn resolve_walk_root(path: &str, args: &Value) -> Option<PathBuf> {
979 let trimmed = path.trim();
980 if trimmed.is_empty() {
981 return None;
982 }
983 if is_malformed_tool_path_token(trimmed) {
984 return None;
985 }
986 resolve_tool_path(path, args)
987}
988
989fn resolve_read_path_fallback(path: &str, args: &Value) -> Option<PathBuf> {
990 let token = path.trim();
991 if token.is_empty() {
992 return None;
993 }
994 let raw = Path::new(token);
995 if raw.is_absolute() || token.contains('\\') || token.contains('/') || raw.extension().is_none()
996 {
997 return None;
998 }
999
1000 let workspace_root = workspace_root_from_args(args);
1001 let effective_cwd = effective_cwd_from_args(args);
1002 let mut search_roots = vec![effective_cwd.clone()];
1003 if let Some(root) = workspace_root.as_ref() {
1004 if *root != effective_cwd {
1005 search_roots.push(root.clone());
1006 }
1007 }
1008
1009 let token_lower = token.to_lowercase();
1010 for root in search_roots {
1011 if let Some(workspace_root) = workspace_root.as_ref() {
1012 if !is_within_workspace_root(&root, workspace_root) {
1013 continue;
1014 }
1015 }
1016
1017 let mut matches = Vec::new();
1018 for entry in WalkBuilder::new(&root).build().flatten() {
1019 if !entry.file_type().map(|ft| ft.is_file()).unwrap_or(false) {
1020 continue;
1021 }
1022 let candidate = entry.path();
1023 if let Some(workspace_root) = workspace_root.as_ref() {
1024 if !is_within_workspace_root(candidate, workspace_root) {
1025 continue;
1026 }
1027 }
1028 let file_name = candidate
1029 .file_name()
1030 .and_then(|name| name.to_str())
1031 .unwrap_or_default()
1032 .to_lowercase();
1033 if file_name == token_lower || file_name.ends_with(&token_lower) {
1034 matches.push(candidate.to_path_buf());
1035 if matches.len() > 8 {
1036 break;
1037 }
1038 }
1039 }
1040
1041 if matches.len() == 1 {
1042 return matches.into_iter().next();
1043 }
1044 }
1045
1046 None
1047}
1048
1049fn sandbox_path_denied_result(path: &str, args: &Value) -> ToolResult {
1050 let requested = path.trim();
1051 let workspace_root = workspace_root_from_args(args);
1052 let effective_cwd = effective_cwd_from_args(args);
1053 let suggested_path = Path::new(requested)
1054 .file_name()
1055 .filter(|name| !name.is_empty())
1056 .map(PathBuf::from)
1057 .map(|name| {
1058 if let Some(root) = workspace_root.as_ref() {
1059 if is_within_workspace_root(&effective_cwd, root) {
1060 effective_cwd.join(name)
1061 } else {
1062 root.join(name)
1063 }
1064 } else {
1065 effective_cwd.join(name)
1066 }
1067 });
1068
1069 let mut output =
1070 "path denied by sandbox policy (outside workspace root, malformed path, or missing workspace context)"
1071 .to_string();
1072 if let Some(suggested) = suggested_path.as_ref() {
1073 output.push_str(&format!(
1074 "\nrequested: {}\ntry: {}",
1075 requested,
1076 suggested.to_string_lossy()
1077 ));
1078 }
1079 if let Some(root) = workspace_root.as_ref() {
1080 output.push_str(&format!("\nworkspace_root: {}", root.to_string_lossy()));
1081 }
1082
1083 ToolResult {
1084 output,
1085 metadata: json!({
1086 "path": path,
1087 "workspace_root": workspace_root.map(|p| p.to_string_lossy().to_string()),
1088 "effective_cwd": effective_cwd.to_string_lossy().to_string(),
1089 "suggested_path": suggested_path.map(|p| p.to_string_lossy().to_string())
1090 }),
1091 }
1092}
1093
1094fn is_root_only_path_token(path: &str) -> bool {
1095 if matches!(path, "/" | "\\" | "." | ".." | "~") {
1096 return true;
1097 }
1098 let bytes = path.as_bytes();
1099 if bytes.len() == 2 && bytes[1] == b':' && (bytes[0] as char).is_ascii_alphabetic() {
1100 return true;
1101 }
1102 if bytes.len() == 3
1103 && bytes[1] == b':'
1104 && (bytes[0] as char).is_ascii_alphabetic()
1105 && (bytes[2] == b'\\' || bytes[2] == b'/')
1106 {
1107 return true;
1108 }
1109 false
1110}
1111
1112fn is_malformed_tool_path_token(path: &str) -> bool {
1113 let lower = path.to_ascii_lowercase();
1114 if lower.contains("<tool_call")
1115 || lower.contains("</tool_call")
1116 || lower.contains("<function=")
1117 || lower.contains("<parameter=")
1118 || lower.contains("</function>")
1119 || lower.contains("</parameter>")
1120 {
1121 return true;
1122 }
1123 if path.contains('\n') || path.contains('\r') {
1124 return true;
1125 }
1126 if path.contains('*') {
1127 return true;
1128 }
1129 if path.contains('?') {
1132 let trimmed = path.trim();
1133 let is_windows_verbatim = trimmed.starts_with("\\\\?\\") || trimmed.starts_with("//?/");
1134 if !is_windows_verbatim {
1135 return true;
1136 }
1137 }
1138 false
1139}
1140
1141fn is_malformed_tool_pattern_token(pattern: &str) -> bool {
1142 let lower = pattern.to_ascii_lowercase();
1143 if lower.contains("<tool_call")
1144 || lower.contains("</tool_call")
1145 || lower.contains("<function=")
1146 || lower.contains("<parameter=")
1147 || lower.contains("</function>")
1148 || lower.contains("</parameter>")
1149 {
1150 return true;
1151 }
1152 if pattern.contains('\n') || pattern.contains('\r') {
1153 return true;
1154 }
1155 false
1156}
1157
1158struct WriteTool;
1161#[async_trait]
1162impl Tool for WriteTool {
1163 fn schema(&self) -> ToolSchema {
1164 tool_schema_with_capabilities(
1165 "write",
1166 "Write file contents",
1167 json!({
1168 "type":"object",
1169 "properties":{
1170 "path":{"type":"string"},
1171 "content":{"type":"string"},
1172 "allow_empty":{"type":"boolean"}
1173 },
1174 "required":["path", "content"]
1175 }),
1176 workspace_write_capabilities(),
1177 )
1178 }
1179 async fn execute(&self, args: Value) -> anyhow::Result<ToolResult> {
1180 let path = args["path"].as_str().unwrap_or("").trim();
1181 let content = args["content"].as_str();
1182 let allow_empty = args
1183 .get("allow_empty")
1184 .and_then(|v| v.as_bool())
1185 .unwrap_or(false);
1186 let Some(path_buf) = resolve_tool_path(path, &args) else {
1187 return Ok(sandbox_path_denied_result(path, &args));
1188 };
1189 let Some(content) = content else {
1190 return Ok(ToolResult {
1191 output: "write requires `content`".to_string(),
1192 metadata: json!({"ok": false, "reason": "missing_content", "path": path}),
1193 });
1194 };
1195 if content.is_empty() && !allow_empty {
1196 return Ok(ToolResult {
1197 output: "write requires non-empty `content` (or set allow_empty=true)".to_string(),
1198 metadata: json!({"ok": false, "reason": "empty_content", "path": path}),
1199 });
1200 }
1201 if let Some(parent) = path_buf.parent() {
1202 if !parent.as_os_str().is_empty() {
1203 fs::create_dir_all(parent).await?;
1204 }
1205 }
1206 fs::write(&path_buf, content).await?;
1207 Ok(ToolResult {
1208 output: "ok".to_string(),
1209 metadata: json!({"path": path_buf.to_string_lossy()}),
1210 })
1211 }
1212}
1213
1214struct EditTool;
1215#[async_trait]
1216impl Tool for EditTool {
1217 fn schema(&self) -> ToolSchema {
1218 tool_schema_with_capabilities(
1219 "edit",
1220 "String replacement edit",
1221 json!({
1222 "type":"object",
1223 "properties":{
1224 "path":{"type":"string"},
1225 "old":{"type":"string"},
1226 "new":{"type":"string"}
1227 },
1228 "required":["path", "old", "new"]
1229 }),
1230 workspace_write_capabilities(),
1231 )
1232 }
1233 async fn execute(&self, args: Value) -> anyhow::Result<ToolResult> {
1234 let path = args["path"].as_str().unwrap_or("");
1235 let old = args["old"].as_str().unwrap_or("");
1236 let new = args["new"].as_str().unwrap_or("");
1237 let Some(path_buf) = resolve_tool_path(path, &args) else {
1238 return Ok(sandbox_path_denied_result(path, &args));
1239 };
1240 let content = fs::read_to_string(&path_buf).await.unwrap_or_default();
1241 let updated = content.replace(old, new);
1242 fs::write(&path_buf, updated).await?;
1243 Ok(ToolResult {
1244 output: "ok".to_string(),
1245 metadata: json!({"path": path_buf.to_string_lossy()}),
1246 })
1247 }
1248}
1249
1250struct GlobTool;
1251
1252fn normalize_recursive_wildcard_pattern(pattern: &str) -> Option<String> {
1253 let mut changed = false;
1254 let normalized = pattern
1255 .split('/')
1256 .flat_map(|component| {
1257 if let Some(tail) = component.strip_prefix("**") {
1258 if !tail.is_empty() {
1259 changed = true;
1260 let normalized_tail = if tail.starts_with('.') || tail.starts_with('{') {
1261 format!("*{tail}")
1262 } else {
1263 tail.to_string()
1264 };
1265 return vec!["**".to_string(), normalized_tail];
1266 }
1267 }
1268 vec![component.to_string()]
1269 })
1270 .collect::<Vec<_>>()
1271 .join("/");
1272 changed.then_some(normalized)
1273}
1274
1275#[async_trait]
1276impl Tool for GlobTool {
1277 fn schema(&self) -> ToolSchema {
1278 tool_schema_with_capabilities(
1279 "glob",
1280 "Find files by glob",
1281 json!({"type":"object","properties":{"pattern":{"type":"string"}}}),
1282 workspace_search_capabilities(),
1283 )
1284 }
1285 async fn execute(&self, args: Value) -> anyhow::Result<ToolResult> {
1286 let pattern = args["pattern"].as_str().unwrap_or("*");
1287 if pattern.contains("..") {
1288 return Ok(ToolResult {
1289 output: "pattern denied by sandbox policy".to_string(),
1290 metadata: json!({"pattern": pattern}),
1291 });
1292 }
1293 if is_malformed_tool_pattern_token(pattern) {
1294 return Ok(ToolResult {
1295 output: "pattern denied by sandbox policy".to_string(),
1296 metadata: json!({"pattern": pattern}),
1297 });
1298 }
1299 let workspace_root = workspace_root_from_args(&args);
1300 let effective_cwd = effective_cwd_from_args(&args);
1301 let scoped_pattern = if Path::new(pattern).is_absolute() {
1302 pattern.to_string()
1303 } else {
1304 effective_cwd.join(pattern).to_string_lossy().to_string()
1305 };
1306 let mut files = Vec::new();
1307 let mut effective_pattern = scoped_pattern.clone();
1308 let paths = match glob::glob(&scoped_pattern) {
1309 Ok(paths) => paths,
1310 Err(err) => {
1311 if let Some(normalized) = normalize_recursive_wildcard_pattern(&scoped_pattern) {
1312 if let Ok(paths) = glob::glob(&normalized) {
1313 effective_pattern = normalized;
1314 paths
1315 } else {
1316 return Err(err.into());
1317 }
1318 } else {
1319 return Err(err.into());
1320 }
1321 }
1322 };
1323 for path in paths.flatten() {
1324 if is_discovery_ignored_path(&path) {
1325 continue;
1326 }
1327 if let Some(root) = workspace_root.as_ref() {
1328 if !is_within_workspace_root(&path, root) {
1329 continue;
1330 }
1331 }
1332 files.push(path.display().to_string());
1333 if files.len() >= 100 {
1334 break;
1335 }
1336 }
1337 Ok(ToolResult {
1338 output: files.join("\n"),
1339 metadata: json!({
1340 "count": files.len(),
1341 "effective_cwd": effective_cwd,
1342 "workspace_root": workspace_root,
1343 "pattern": pattern,
1344 "effective_pattern": effective_pattern
1345 }),
1346 })
1347 }
1348}
1349
1350fn is_discovery_ignored_path(path: &Path) -> bool {
1351 let components: Vec<_> = path.components().collect();
1352 for (idx, component) in components.iter().enumerate() {
1353 if component.as_os_str() == ".tandem" {
1354 let next = components
1355 .get(idx + 1)
1356 .map(|component| component.as_os_str());
1357 return next != Some(std::ffi::OsStr::new("artifacts"));
1358 }
1359 }
1360 false
1361}
1362
1363struct GrepTool;
1364
1365#[derive(Debug, Clone)]
1366struct GrepHit {
1367 path: String,
1368 line: usize,
1369 text: String,
1370 ordinal: usize,
1371}
1372
1373fn grep_hit_to_value(hit: &GrepHit) -> Value {
1374 json!({
1375 "path": hit.path,
1376 "line": hit.line,
1377 "text": hit.text,
1378 "ordinal": hit.ordinal,
1379 })
1380}
1381
1382fn emit_grep_progress_chunk(
1383 progress: Option<&SharedToolProgressSink>,
1384 tool: &str,
1385 hits: &[GrepHit],
1386) {
1387 let Some(progress) = progress else {
1388 return;
1389 };
1390 if hits.is_empty() {
1391 return;
1392 }
1393 progress.publish(ToolProgressEvent::new(
1394 "tool.search.chunk",
1395 json!({
1396 "tool": tool,
1397 "hits": hits.iter().map(grep_hit_to_value).collect::<Vec<_>>(),
1398 }),
1399 ));
1400}
1401
1402fn emit_grep_progress_done(
1403 progress: Option<&SharedToolProgressSink>,
1404 tool: &str,
1405 path: &Path,
1406 total_hits: usize,
1407 truncated: bool,
1408 cancelled: bool,
1409) {
1410 let Some(progress) = progress else {
1411 return;
1412 };
1413 progress.publish(ToolProgressEvent::new(
1414 "tool.search.done",
1415 json!({
1416 "tool": tool,
1417 "path": path.to_string_lossy(),
1418 "count": total_hits,
1419 "truncated": truncated,
1420 "cancelled": cancelled,
1421 }),
1422 ));
1423}
1424
1425struct GrepSearchState {
1426 hits: Mutex<Vec<GrepHit>>,
1427 hit_count: AtomicUsize,
1428 stop: AtomicBool,
1429 cancel: CancellationToken,
1430 limit: usize,
1431 chunk_size: usize,
1432 progress: Option<SharedToolProgressSink>,
1433}