feat: add a new SDK server

This server will be used in the SDKs for running gptscripts. This change
also includes an implementation that allows the SDKs to "confirm" tools
execution.

Signed-off-by: Donnie Adams <[email protected]>

Author: thedadams

go.mod

@@ -14,13 +14,14 @@ require (
 	github.com/fatih/color v1.16.0
 	github.com/getkin/kin-openapi v0.123.0
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510
+	github.com/google/uuid v1.6.0
 	github.com/gptscript-ai/chat-completion-client v0.0.0-20240515050533-bdef9f2226a9
 	github.com/hexops/autogold/v2 v2.2.1
 	github.com/hexops/valast v1.4.4
 	github.com/jaytaylor/html2text v0.0.0-20230321000545-74c2419ad056
 	github.com/mholt/archiver/v4 v4.0.0-alpha.8
 	github.com/olahol/melody v1.1.4
-	github.com/rs/cors v1.10.1
+	github.com/rs/cors v1.11.0
 	github.com/samber/lo v1.38.1
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.0

go.sum

@@ -119,6 +119,8 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
@@ -219,8 +221,8 @@ github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/f
 github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
 github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
 github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
-github.com/rs/cors v1.10.1 h1:L0uuZVXIKlI1SShY2nhFfo44TYvDPQ1w4oFkUJNfhyo=
-github.com/rs/cors v1.10.1/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
+github.com/rs/cors v1.11.0 h1:0B9GE/r9Bc2UxRMMtymBkHTenPkHDv0CW4Y98GBY+po=
+github.com/rs/cors v1.11.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/rwcarlsen/goexif v0.0.0-20190401172101-9e8deecbddbd/go.mod h1:hPqNNc0+uJM6H+SuU8sEs5K5IQeKccPqeSjfgcKGgPk=
 github.com/samber/lo v1.38.1 h1:j2XEAqXKb09Am4ebOg31SpvzUTTs6EN3VfgeLUhPdXM=

pkg/auth/auth.go

@@ -15,24 +15,43 @@ import (
 func Authorize(ctx engine.Context, input string) (runner.AuthorizerResponse, error) {
 	defer context.GetPauseFuncFromCtx(ctx.Ctx)()()
 
-	if !ctx.Tool.IsCommand() {
+	if IsSafe(ctx) {
 		return runner.AuthorizerResponse{
 			Accept: true,
 		}, nil
 	}
 
+	var result bool
+	err := survey.AskOne(&survey.Confirm{
+		Help:    fmt.Sprintf("The full source of the tools is as follows:\n\n%s", ctx.Tool.String()),
+		Default: true,
+		Message: ConfirmMessage(ctx, input),
+	}, &result)
+	if err != nil {
+		return runner.AuthorizerResponse{}, err
+	}
+
+	return runner.AuthorizerResponse{
+		Accept:  result,
+		Message: "Request denied, blocking execution.",
+	}, nil
+}
+
+func IsSafe(ctx engine.Context) bool {
+	if !ctx.Tool.IsCommand() {
+		return true
+	}
+
+	_, ok := builtin.SafeTools[strings.Split(ctx.Tool.Instructions, "\n")[0][2:]]
+	return ok
+}
+
+func ConfirmMessage(ctx engine.Context, input string) string {
 	var (
-		result      bool
 		loc         = ctx.Tool.Source.Location
 		interpreter = strings.Split(ctx.Tool.Instructions, "\n")[0][2:]
 	)
 
-	if _, ok := builtin.SafeTools[interpreter]; ok {
-		return runner.AuthorizerResponse{
-			Accept: true,
-		}, nil
-	}
-
 	if ctx.Tool.Source.Repo != nil {
 		loc = ctx.Tool.Source.Repo.Root
 		loc = strings.TrimPrefix(loc, "https://")
@@ -44,21 +63,9 @@ func Authorize(ctx engine.Context, input string) (runner.AuthorizerResponse, err
 		loc = "Builtin"
 	}
 
-	err := survey.AskOne(&survey.Confirm{
-		Help:    fmt.Sprintf("The full source of the tools is as follows:\n\n%s", ctx.Tool.String()),
-		Default: true,
-		Message: fmt.Sprintf(`Description: %s
+	return fmt.Sprintf(`Description: %s
   Interpreter: %s
   Source: %s
   Input: %s
-Allow the above tool to execute?`, ctx.Tool.Description, interpreter, loc, strings.TrimSpace(input)),
-	}, &result)
-	if err != nil {
-		return runner.AuthorizerResponse{}, err
-	}
-
-	return runner.AuthorizerResponse{
-		Accept:  result,
-		Message: "Request denied, blocking execution.",
-	}, nil
+Allow the above tool to execute?`, ctx.Tool.Description, interpreter, loc, strings.TrimSpace(input))
 }