ژj;%UdZddlmZddlZddlZddlZddlZddlmZ ddl m Z m Z ddl mZddlmZddlmZdd lmZmZejeZed Gd d ZeegefZe ddZded<edZhdZdZ dZ!dZ"d@dZ#dAdZ$dBdZ%dCd Z&dDd$Z'dEd'Z(dEd(Z)dFd+Z*dGd-Z+dHdId1Z,dJd2Z-dKd3Z. dLdMd?Z/dS)NaPre-execution ACP edit approval helpers. This module is intentionally isolated from the generic tool registry. ACP binds an edit approval requester in a ContextVar for the duration of one ACP agent run; CLI, gateway, and other sessions leave it unset and therefore bypass this guard. ) annotationsN) TimeoutError) ContextVarToken) dataclass)count)Path)AnyCallableT)frozencFeZdZUdZded<ded<ded<ded<ded <d S) EditProposalz?A proposed single-file edit that can be shown to an ACP client.str tool_namepath str | Noneold_textnew_textdict[str, Any] argumentsN)__name__ __module__ __qualname____doc____annotations__>/home/ubuntu/.hermes/hermes-agent/acp_adapter/edit_approval.pyrrsKIINNN IIIMMMrrACP_EDIT_APPROVAL_REQUESTER)defaultz(ContextVar[EditApprovalRequester | None]_EDIT_APPROVAL_REQUESTER>.env .env.local.env.productionid_rsa id_ed25519askworkspace_sessionsession requesterEditApprovalRequester | Nonereturnrc6t|S)zs  &&&&&rc4tSN)r!getrrrget_edit_approval_requesterr<Ds # ' ' ) ))rrrrct|}|sdS|st d||ddS)NzCannot edit non-file path: zutf-8replace)encodingerrors)r expanduserexistsis_fileOSError read_text)rps r_read_text_if_existsrGHsk T A 88::t 99;;<:D::;;; ;; ; : ::rrrc .t|dpd}|std|d}|tdtd|t |t|t |S)Nr path requiredcontentzcontent required write_filerrrrr)rr; ValueErrorrrGdict)rrrKs r_proposal_for_write_filerPQs y}}V$$* + +D *)))mmI&&G+,,,  %d++Wy//    rc Nt|dpd}|std|d}|d}||tdt|}|td|dd lm}||t|t|t |d d \}}}} | s|dkrt| pd |td |||t|S)NrrIrJ old_string new_stringz"old_string and new_string requiredzFailed to read file: r)fuzzy_find_and_replace replace_allFz'Could not find match for old_string in patchrM) rr;rNrGtools.fuzzy_matchrTboolrrO) rrrRrSrrTr match_count _strategyerrors r_proposal_for_patch_replacer\asT y}}V$$* + +D *)))|,,J|,,JZ/=>>>#D))H777888888888.D.D J J Y]]=% 0 011 //+Hk9e  T q  R"RD"R"RSSS  y//    rrEditProposal | Nonec|dkrt|S|dkr)|dddkrt|SdS)z:Return an edit proposal for supported file mutation calls.rLrVmoder>N)rPr;r\)rrs rbuild_edit_proposalr`sSL  ' 222G fi @ @I M M*9555 4rrXct|j}d|D}d|vsd|vrdSt|jt vS)Nc6h|]}|Sr)lower).0parts r z2_is_sensitive_auto_approve_path..s ...tzz||...rz.gitz.sshT)r rApartsnamercSENSITIVE_AUTO_APPROVE_NAMES)rrglowereds r_is_sensitive_auto_approve_pathrksi JJ ! ! # # )E.....G Fg--t ::? " "&B BBrproposalpolicycwdct|pt}|tkst|jrdSt |jd}|tkrdS|tkrt tj d} | |dS#t$rYnwxYw|r^t |d} | |dS#t$rYdSwxYwdS)zReturn whether an ACP edit proposal may bypass the prompt for this session. This is intentionally session-scoped and conservative: sensitive paths still ask even under autonomous policies. F)strictT)rAUTO_APPROVE_ASKstriprkrr rAresolveAUTO_APPROVE_SESSIONAUTO_APPROVE_WORKSPACEtempfile gettempdir relative_torN)rlrmrnrtmp_rootroots rshould_auto_approve_editr{si++ , , 2 2 4 4F !!!%DX]%S%S!u    ) ) + + 3 35 3 A AD %%%t '''+--..66e6DD    X & & &4    D   99''))111??D   &&&t   uu  5s$C(( C54C50E EEct}|dS t||}nO#t$rB}td||t jdd|didcYd}~Sd}~wwxYw|dS t||}n4#t$r'}td|d}Yd}~nd}~wwxYw|rdSt jdd idS) zRun ACP edit approval if bound. Returns a JSON tool-error string when the edit must be blocked, otherwise ``None`` so dispatch can continue. Requester exceptions deny by default. Nz5Could not build ACP edit approval proposal for %s: %sr[z.Edit approval denied: could not prepare diff ()F) ensure_asciiz&ACP edit approval requester failed: %sz:Edit approval denied by ACP client; file was not modified.)r<r` ExceptionloggerwarningjsondumpsrX)rrr+rlexcapproveds rmaybe_require_edit_approvalrs=,--Itr&y)<< rrrNPY[^___z7$[UX$[$[$[\kpqqqqqqqqqrt (++,, ?EEEt :w \]lq r r rrs2% A17A,&A1,A19B CB>>Cc ddl}dtt}||d|jdd||j|j|jg|j|j d S) z._requesters//////>>>>>>  * Z1133 +HfcBB KK LfV^Vcddd4  Z Z Z ITX YYYYY Z  |,\ Z Z Z  vM O O O -X66 $$!    *)  K     >5 }}W}55HHy)    MMOOO NNJC P P P55555 (It44 GY - - ; Dd33|C s)?A&A<;A<C((D39/D..D3)rlrr-rXr)rrrrrrs````` r make_acp_edit_approval_requesterrsB) ) ) ) ) ) ) ) ) ) V r)r+r,r-r)r2rr-r3)r-r3)r-r,)rrr-r)rrr-r)rrrrr-r])rrr-rXr:)rlrrmrrnrr-rX)rrrrr-r)rlr)rN) rr rrrrrrrrr-r)0r __future__rasynciorloggingrvconcurrent.futuresrr contextvarsrr dataclassesr itertoolsrpathlibr typingr r getLoggerrrrrXrr!rrrirqrurtr1r6r8r<rGrPr\r`rkr{rrrrrrrs#""""" <<<<<<))))))))!!!!!!  8 $ $ $!,!56EOZ! FFF %(( a``, 3333 **** '''' ****;;;;     BCCCCBssss>4GK 4444444r