mirror of
https://github.com/sipeed/picoclaw.git
synced 2026-06-12 18:08:54 +00:00
Huang Rui
d5370c9605
* fix(tools): allow /dev/null redirection and add read/write sandbox split - Remove deny pattern that incorrectly blocked redirects to /dev/null - Expand block device write pattern to cover nvme, mmcblk, vd, xvd, hd, loop, dm-, md, sr and nbd in addition to sd - Add safe path whitelist for kernel pseudo-devices so workspace path check does not reject /dev/null, /dev/zero, /dev/random, /dev/urandom, /dev/stdin, /dev/stdout and /dev/stderr - Add allow_read_outside_workspace config option (default true) so file read and list tools are unrestricted while write tools stay sandboxed Closes https://github.com/sipeed/picoclaw/issues/964 Closes https://github.com/sipeed/picoclaw/issues/965 Signed-off-by: Huang Rui <vowstar@gmail.com> * feat(tools): add configurable allow patterns and path whitelists - Add custom_allow_patterns to exec config so users can exempt specific commands from deny pattern checks - Add allow_read_paths and allow_write_paths regex lists to tools config for whitelisting specific paths outside the workspace - Introduce whitelistFs that wraps sandboxFs and falls through to hostFs for paths matching whitelist patterns - Use variadic constructor signatures to keep backward compatibility Suggested-by: lxowalle Signed-off-by: Huang Rui <vowstar@gmail.com> --------- Signed-off-by: Huang Rui <vowstar@gmail.com>
175 lines
4.6 KiB
Go
175 lines
4.6 KiB
Go
package tools
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"io/fs"
|
|
"regexp"
|
|
"strings"
|
|
)
|
|
|
|
// EditFileTool edits a file by replacing old_text with new_text.
|
|
// The old_text must exist exactly in the file.
|
|
type EditFileTool struct {
|
|
fs fileSystem
|
|
}
|
|
|
|
// NewEditFileTool creates a new EditFileTool with optional directory restriction.
|
|
func NewEditFileTool(workspace string, restrict bool, allowPaths ...[]*regexp.Regexp) *EditFileTool {
|
|
var patterns []*regexp.Regexp
|
|
if len(allowPaths) > 0 {
|
|
patterns = allowPaths[0]
|
|
}
|
|
return &EditFileTool{fs: buildFs(workspace, restrict, patterns)}
|
|
}
|
|
|
|
func (t *EditFileTool) Name() string {
|
|
return "edit_file"
|
|
}
|
|
|
|
func (t *EditFileTool) Description() string {
|
|
return "Edit a file by replacing old_text with new_text. The old_text must exist exactly in the file."
|
|
}
|
|
|
|
func (t *EditFileTool) Parameters() map[string]any {
|
|
return map[string]any{
|
|
"type": "object",
|
|
"properties": map[string]any{
|
|
"path": map[string]any{
|
|
"type": "string",
|
|
"description": "The file path to edit",
|
|
},
|
|
"old_text": map[string]any{
|
|
"type": "string",
|
|
"description": "The exact text to find and replace",
|
|
},
|
|
"new_text": map[string]any{
|
|
"type": "string",
|
|
"description": "The text to replace with",
|
|
},
|
|
},
|
|
"required": []string{"path", "old_text", "new_text"},
|
|
}
|
|
}
|
|
|
|
func (t *EditFileTool) Execute(ctx context.Context, args map[string]any) *ToolResult {
|
|
path, ok := args["path"].(string)
|
|
if !ok {
|
|
return ErrorResult("path is required")
|
|
}
|
|
|
|
oldText, ok := args["old_text"].(string)
|
|
if !ok {
|
|
return ErrorResult("old_text is required")
|
|
}
|
|
|
|
newText, ok := args["new_text"].(string)
|
|
if !ok {
|
|
return ErrorResult("new_text is required")
|
|
}
|
|
|
|
if err := editFile(t.fs, path, oldText, newText); err != nil {
|
|
return ErrorResult(err.Error())
|
|
}
|
|
return SilentResult(fmt.Sprintf("File edited: %s", path))
|
|
}
|
|
|
|
type AppendFileTool struct {
|
|
fs fileSystem
|
|
}
|
|
|
|
func NewAppendFileTool(workspace string, restrict bool, allowPaths ...[]*regexp.Regexp) *AppendFileTool {
|
|
var patterns []*regexp.Regexp
|
|
if len(allowPaths) > 0 {
|
|
patterns = allowPaths[0]
|
|
}
|
|
return &AppendFileTool{fs: buildFs(workspace, restrict, patterns)}
|
|
}
|
|
|
|
func (t *AppendFileTool) Name() string {
|
|
return "append_file"
|
|
}
|
|
|
|
func (t *AppendFileTool) Description() string {
|
|
return "Append content to the end of a file"
|
|
}
|
|
|
|
func (t *AppendFileTool) Parameters() map[string]any {
|
|
return map[string]any{
|
|
"type": "object",
|
|
"properties": map[string]any{
|
|
"path": map[string]any{
|
|
"type": "string",
|
|
"description": "The file path to append to",
|
|
},
|
|
"content": map[string]any{
|
|
"type": "string",
|
|
"description": "The content to append",
|
|
},
|
|
},
|
|
"required": []string{"path", "content"},
|
|
}
|
|
}
|
|
|
|
func (t *AppendFileTool) Execute(ctx context.Context, args map[string]any) *ToolResult {
|
|
path, ok := args["path"].(string)
|
|
if !ok {
|
|
return ErrorResult("path is required")
|
|
}
|
|
|
|
content, ok := args["content"].(string)
|
|
if !ok {
|
|
return ErrorResult("content is required")
|
|
}
|
|
|
|
if err := appendFile(t.fs, path, content); err != nil {
|
|
return ErrorResult(err.Error())
|
|
}
|
|
return SilentResult(fmt.Sprintf("Appended to %s", path))
|
|
}
|
|
|
|
// editFile reads the file via sysFs, performs the replacement, and writes back.
|
|
// It uses a fileSystem interface, allowing the same logic for both restricted and unrestricted modes.
|
|
func editFile(sysFs fileSystem, path, oldText, newText string) error {
|
|
content, err := sysFs.ReadFile(path)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
newContent, err := replaceEditContent(content, oldText, newText)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return sysFs.WriteFile(path, newContent)
|
|
}
|
|
|
|
// appendFile reads the existing content (if any) via sysFs, appends new content, and writes back.
|
|
func appendFile(sysFs fileSystem, path, appendContent string) error {
|
|
content, err := sysFs.ReadFile(path)
|
|
if err != nil && !errors.Is(err, fs.ErrNotExist) {
|
|
return err
|
|
}
|
|
|
|
newContent := append(content, []byte(appendContent)...)
|
|
return sysFs.WriteFile(path, newContent)
|
|
}
|
|
|
|
// replaceEditContent handles the core logic of finding and replacing a single occurrence of oldText.
|
|
func replaceEditContent(content []byte, oldText, newText string) ([]byte, error) {
|
|
contentStr := string(content)
|
|
|
|
if !strings.Contains(contentStr, oldText) {
|
|
return nil, fmt.Errorf("old_text not found in file. Make sure it matches exactly")
|
|
}
|
|
|
|
count := strings.Count(contentStr, oldText)
|
|
if count > 1 {
|
|
return nil, fmt.Errorf("old_text appears %d times. Please provide more context to make it unique", count)
|
|
}
|
|
|
|
newContent := strings.Replace(contentStr, oldText, newText, 1)
|
|
return []byte(newContent), nil
|
|
}
|