Initial public release v0.0.1.alpha2
opencode-rails — production-grade Rails integration for OpenCode. Rails companion to opencode-ruby. ActiveRecord-aware session lifecycle (idempotent ensure!/recreate!/abort! with row-level locks), a Turn orchestrator driving the Reply state machine and recovering from session-not-found, an artifact pipeline backed by ActiveStorage, sandbox seeding, and tool-display value objects for Turbo Stream broadcasts. Drop into any Rails 7.1+ app that wants production-grade OpenCode streaming without rolling boilerplate. What this version ships: - Opencode::Session (AR-coupled lifecycle, row-level locks) - Opencode::Turn (Reply state machine, session-not-found recovery) - Opencode::Exchange (one turn = one request/response unit) - Opencode::Impostor (deterministic mock for tests) - Opencode::Sandbox / SandboxFile (per-session FS scratch space) - Opencode::Transform (host-rendered artifact pipeline) - Opencode::Artifact / MessageArtifacts (ActiveStorage-backed) - Opencode::UploadedFilesPrompt (system-prompt builder) - Opencode::ToolDisplay (Turbo Stream value objects) - Opencode::ErrorReporter (pluggable adapter — Honeybadger/Sentry/etc.) - examples/rails_integration.rb — canonical wiring blueprint 53 smoke tests. CI on Ruby 3.2/3.3/3.4. Ruby >= 3.2. Runtime deps: opencode-ruby = 0.0.1.alpha2, activerecord/activestorage/activesupport >= 7.1, < 9.0. See CHANGELOG.md for the alpha1 -> alpha2 delta.
This commit is contained in:
48
lib/opencode/impostor.rb
Normal file
48
lib/opencode/impostor.rb
Normal file
@@ -0,0 +1,48 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
module Opencode
|
||||
# An ActiveStorage::Attachment on an assistant message that uses a
|
||||
# trusted Transform's destination filename but fails the transform's
|
||||
# `#trusted?` predicate. In plain English: a same-named attachment
|
||||
# that wasn't produced by the host-trusted renderer pipeline.
|
||||
#
|
||||
# Where impostors come from:
|
||||
#
|
||||
# 1. A previous job retry attached the destination filename via the
|
||||
# tool-extracted path (the agent wrote a file with that name and
|
||||
# it landed before the trusted render did).
|
||||
# 2. A pre-substrate code path persisted an agent-authored file
|
||||
# under the destination filename — the same-name stored-XSS
|
||||
# attack the trust boundary exists to prevent.
|
||||
# 3. A previous transform version stamped different metadata and the
|
||||
# trust check now correctly rejects it.
|
||||
#
|
||||
# The Impostor knows how to remove itself. The orchestrator just asks
|
||||
# "are there impostors of this transform on this message?" and tells
|
||||
# each one to `purge!`. Purging is a verb that belongs to the
|
||||
# impostor — it's the noun whose state the purge mutates.
|
||||
class Impostor
|
||||
# Finds impostors of `transform` on `message` — attachments whose
|
||||
# filename matches the transform's destination but whose contents
|
||||
# fail the transform's trust predicate.
|
||||
def self.for(message:, transform:)
|
||||
target = transform.destination_filename
|
||||
message.artifacts
|
||||
.select { |a| a.filename.to_s == target }
|
||||
.reject { |a| transform.trusted?(a) }
|
||||
.map { |a| new(attachment: a) }
|
||||
end
|
||||
|
||||
def initialize(attachment:)
|
||||
@attachment = attachment
|
||||
end
|
||||
|
||||
def purge!
|
||||
@attachment.purge
|
||||
end
|
||||
|
||||
def filename
|
||||
@attachment.filename.to_s
|
||||
end
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user