feat: allow mutative actions with use_aws (#686)

brandonskiser · web-flow · commit cf8889efb77b · 2025-02-26T11:28:10.000-05:00
diff --git a/crates/q_cli/src/cli/chat/tools/mod.rs b/crates/q_cli/src/cli/chat/tools/mod.rs
@@ -63,7 +63,7 @@ impl Tool {
             Tool::FsRead(_) => "Read from filesystem",
             Tool::FsWrite(_) => "Write to filesystem",
             Tool::ExecuteBash(_) => "Execute shell command",
-            Tool::UseAws(_) => "Read AWS resources",
+            Tool::UseAws(_) => "Use AWS CLI",
         }
     }
 
@@ -73,7 +73,7 @@ impl Tool {
             Tool::FsRead(_) => false,
             Tool::FsWrite(_) => true,
             Tool::ExecuteBash(_) => true,
-            Tool::UseAws(_) => false,
+            Tool::UseAws(use_aws) => use_aws.requires_consent(),
         }
     }
 
diff --git a/crates/q_cli/src/cli/chat/tools/tool_index.json b/crates/q_cli/src/cli/chat/tools/tool_index.json
@@ -75,7 +75,7 @@
   },
   {
     "name": "use_aws",
-    "description": "Make an AWS CLI api call with the specified service, operation, and parameters. The arguments MUST conform to the AWS CLI specification. You may not create resources or perform any write or mutating actions. You may only use this tool to call read operations with names that start with: get, describe, list, search, batch_get.",
+    "description": "Make an AWS CLI api call with the specified service, operation, and parameters. The arguments MUST conform to the AWS CLI specification.",
     "input_schema": {
       "type": "object",
       "properties": {
diff --git a/crates/q_cli/src/cli/chat/tools/use_aws.rs b/crates/q_cli/src/cli/chat/tools/use_aws.rs
@@ -21,19 +21,6 @@ use super::{
 
 const ALLOWED_OPS: [&str; 6] = ["get", "describe", "list", "ls", "search", "batch_get"];
 
-#[derive(Debug, thiserror::Error)]
-enum AwsToolError {
-    ForbiddenOperation(String),
-}
-
-impl std::fmt::Display for AwsToolError {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        match self {
-            AwsToolError::ForbiddenOperation(op) => Ok(writeln!(f, "Forbidden operation encountered: {}", op)?),
-        }
-    }
-}
-
 // TODO: we should perhaps composite this struct with an interface that we can use to mock the
 // actual cli with. That will allow us to more thoroughly test it.
 #[derive(Debug, Deserialize)]
@@ -47,14 +34,8 @@ pub struct UseAws {
 }
 
 impl UseAws {
-    fn validate_operation(&self) -> Result<(), AwsToolError> {
-        let operation_name = &self.operation_name;
-        for op in ALLOWED_OPS {
-            if self.operation_name.starts_with(op) {
-                return Ok(());
-            }
-        }
-        Err(AwsToolError::ForbiddenOperation(operation_name.clone()))
+    pub fn requires_consent(&self) -> bool {
+        !ALLOWED_OPS.iter().any(|op| self.operation_name.starts_with(op))
     }
 
     pub async fn invoke(&self, _ctx: &Context, _updates: impl Write) -> Result<InvokeOutput> {
@@ -129,15 +110,48 @@ impl UseAws {
     }
 
     pub async fn validate(&mut self, _ctx: &Context) -> Result<()> {
-        self.validate_operation()
-            .wrap_err_with(|| format!("Unable to spawn command '{:?}'", &self))
+        Ok(())
     }
 }
 
 #[cfg(test)]
 mod tests {
     use super::*;
 
+    macro_rules! use_aws {
+        ($value:tt) => {
+            serde_json::from_value::<UseAws>(serde_json::json!($value)).unwrap()
+        };
+    }
+
+    #[test]
+    fn test_requires_consent() {
+        let cmd = use_aws! {{
+            "service_name": "ecs",
+            "operation_name": "list-task-definitions",
+            "region": "us-west-2",
+            "profile_name": "default",
+            "label": ""
+        }};
+        assert!(!cmd.requires_consent());
+        let cmd = use_aws! {{
+            "service_name": "lambda",
+            "operation_name": "list-functions",
+            "region": "us-west-2",
+            "profile_name": "default",
+            "label": ""
+        }};
+        assert!(!cmd.requires_consent());
+        let cmd = use_aws! {{
+            "service_name": "s3",
+            "operation_name": "put-object",
+            "region": "us-west-2",
+            "profile_name": "default",
+            "label": ""
+        }};
+        assert!(cmd.requires_consent());
+    }
+
     #[tokio::test]
     #[ignore = "not in ci"]
     async fn test_aws_read_only() {

Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,7 @@ impl Tool {`
`63`	`63`	`Tool::FsRead(_) => "Read from filesystem",`
`64`	`64`	`Tool::FsWrite(_) => "Write to filesystem",`
`65`	`65`	`Tool::ExecuteBash(_) => "Execute shell command",`
`66`		`- Tool::UseAws(_) => "Read AWS resources",`
	`66`	`+ Tool::UseAws(_) => "Use AWS CLI",`
`67`	`67`	`}`
`68`	`68`	`}`
`69`	`69`
`@@ -73,7 +73,7 @@ impl Tool {`
`73`	`73`	`Tool::FsRead(_) => false,`
`74`	`74`	`Tool::FsWrite(_) => true,`
`75`	`75`	`Tool::ExecuteBash(_) => true,`
`76`		`- Tool::UseAws(_) => false,`
	`76`	`+ Tool::UseAws(use_aws) => use_aws.requires_consent(),`
`77`	`77`	`}`
`78`	`78`	`}`
`79`	`79`
Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,7 @@`
`75`	`75`	`},`
`76`	`76`	`{`
`77`	`77`	`"name": "use_aws",`
`78`		`- "description": "Make an AWS CLI api call with the specified service, operation, and parameters. The arguments MUST conform to the AWS CLI specification. You may not create resources or perform any write or mutating actions. You may only use this tool to call read operations with names that start with: get, describe, list, search, batch_get.",`
	`78`	`+ "description": "Make an AWS CLI api call with the specified service, operation, and parameters. The arguments MUST conform to the AWS CLI specification.",`
`79`	`79`	`"input_schema": {`
`80`	`80`	`"type": "object",`
`81`	`81`	`"properties": {`