Files
executus/tools/create_file_url.go
T
steve ac961e1539
executus CI / test (pull_request) Successful in 58s
Adversarial Review (Gadfly) / review (pull_request) Successful in 10m10s
P3: store group — kv_* + file_* tools (agent memory)
RegisterStore(reg, StoreDeps) registers the persistent-memory tools over the
host's KV and/or File backends:
- kv_get/set/list/delete (KVStorage seam)
- file_save/get/get_text/get_metadata/list/delete (FileStorage seam), plus
  file_search (FileSearcher) and create_file_url (FileTokenMinter) when wired.

Near-zero-config: Quota defaults to a generous static cap (staticQuota), the
per-value/per-file caps default, and the kv vs file groups register
independently (a host can take just one). Seams moved clean (interface-only):
kv_storage.go, quota_provider.go, file_descendant_grant.go. The default
in-memory KV/File backends come with contrib/store at P4.

Core go.sum still free of gorm/redis/discordgo/sqlite.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-26 22:06:46 -04:00

197 lines
7.1 KiB
Go

// create_file_url mints a public-token URL (mort.sh/files/<token>)
// that resolves to a saved file_id. Use it for artifacts that are too
// large for Discord (>25 MiB), need a stable link to share outside
// Discord, or where the recipient is not in mort's auth domain.
//
// Why a separate tool (vs always returning a URL from file_save):
// most files are private working state — only some need a public URL,
// and minting one is a deliberate act. Decoupling save from
// publication keeps the storage layer cheap (no token row per file)
// and the audit clean (you can grep skill_file_tokens for "who
// published what").
//
// Cycle-break: this tool can't import pkg/logic/skills directly
// (pkg/logic/skills imports pkg/skilltools). The narrow interface
// FileTokenMinter is declared here; mort.go bridges to
// *skills.System.Storage() at wiring time.
package tools
import (
"context"
"crypto/rand"
"encoding/base64"
"encoding/json"
"errors"
"fmt"
"strings"
"time"
"gitea.stevedudenhoeffer.com/steve/executus/tool"
)
// FileToken is the wire-shape of the storage row that backs the
// public /files/<token> URL. Mirrors pkg/logic/skills.FileToken
// field-for-field; the adapter in mort.go is a struct copy.
//
// Why mirror (vs import skills.FileToken): same cycle constraint as
// FileDomainMeta / KVDomainEntry — the tool layer cannot import
// pkg/logic/skills.
type FileToken struct {
Token string
FileID string
SkillID string
CallerID string
CreatedAt time.Time
ExpiresAt *time.Time
MaxViews *int
Views int
}
// FileTokenMinter is the narrow interface the create_file_url tool
// needs to persist a new token. Production wires to
// *skills.gormStorage via a thin adapter in mort.go.
type FileTokenMinter interface {
SaveFileToken(ctx context.Context, t FileToken) error
}
// Caps for create_file_url. Public so tests can assert against them.
const (
// DefaultFileURLExpiry is the default lifetime applied when the
// caller doesn't supply expires_in_seconds.
DefaultFileURLExpiry = 24 * time.Hour
// MaxFileURLExpiry is the per-tool hard cap. 30 days is generous
// enough for "share this report with someone" without becoming
// effectively-permanent. Operators can lower via the
// SkillFileURLConfigProvider; this is the floor below which the
// admin gate doesn't apply.
MaxFileURLExpiry = 30 * 24 * time.Hour
// MaxFileURLViews is the per-tool hard cap on max_views. 1000 is
// the largest value an LLM might plausibly set; anything beyond
// is "unlimited" semantically and the caller should leave the
// field absent.
MaxFileURLViews = 1000
)
type createFileURLArgs struct {
FileID string `json:"file_id" description:"file_id previously saved by this skill (from file_save, code_exec, etc)."`
ExpiresInSeconds int `json:"expires_in_seconds,omitempty" description:"How long the URL stays valid in seconds. Default 86400 (24h). Max 2592000 (30 days)."`
MaxViews int `json:"max_views,omitempty" description:"Optional cap on the number of times the URL can be fetched. Max 1000. Omit (or 0) for unlimited within the lifetime."`
}
type createFileURLResult struct {
URL string `json:"url"`
Token string `json:"token"`
ExpiresAt string `json:"expires_at,omitempty"` // RFC3339
MaxViews int `json:"max_views,omitempty"`
Note string `json:"note,omitempty"`
}
// NewCreateFileURL constructs the create_file_url tool. nil minter →
// "not configured" at execute time; nil fileStorage same. baseURL is
// the public site (e.g. "https://mort.sh"); the path "/files/<token>"
// is appended.
//
// Permission shape: anyone-authoring + caller-scope + share-safe +
// files/discord/composition. The "publishing" act is a tool call,
// not a save-time / share-time concern — every caller of a shared
// skill mints into their own audit trail.
func NewCreateFileURL(minter FileTokenMinter, fileStorage FileStorage, baseURL string) tool.Tool {
baseURL = strings.TrimRight(baseURL, "/")
return tool.NewGatedTool[createFileURLArgs](
"create_file_url",
"Mint a public URL (mort.sh/files/<token>) for a saved file_id. Use for files too large for Discord (>25 MiB) or when a stable link is preferred over an attachment. Default expiry 24h; max 30 days. Optional view-count cap (max 1000).",
tool.Permission{
AuthoringRequirement: tool.RequirementAnyone,
OperatesOn: tool.ScopeCaller,
SafeForShare: true,
Categories: []string{"files", "discord"},
},
func(ctx context.Context, inv tool.Invocation, args createFileURLArgs) (string, error) {
if minter == nil || fileStorage == nil {
return "", fmt.Errorf("create_file_url: not configured")
}
if strings.TrimSpace(args.FileID) == "" {
return "", fmt.Errorf("create_file_url: file_id required")
}
// Cross-skill rejection: the file MUST belong to the
// calling skill. Without this, a hostile skill could mint
// a URL for ANY file by file_id.
meta, _, err := fileStorage.FileGet(ctx, args.FileID)
if err != nil {
if errors.Is(err, ErrFileNotFound) {
return "", fmt.Errorf("create_file_url: file_id %q not found", args.FileID)
}
return "", fmt.Errorf("create_file_url: %w", err)
}
if meta.SkillID != inv.SkillID && !descendantFileGrant(ctx, fileStorage, inv, meta.SkillID) {
return "", fmt.Errorf("create_file_url: file_id %q does not belong to this skill (cross-skill refs rejected)", args.FileID)
}
// Resolve expiry.
expiry := DefaultFileURLExpiry
if args.ExpiresInSeconds > 0 {
expiry = time.Duration(args.ExpiresInSeconds) * time.Second
}
if expiry > MaxFileURLExpiry {
expiry = MaxFileURLExpiry
}
expiresAt := time.Now().Add(expiry)
// Resolve max_views.
var maxViews *int
if args.MaxViews > 0 {
mv := args.MaxViews
if mv > MaxFileURLViews {
mv = MaxFileURLViews
}
maxViews = &mv
}
// Mint a 32-byte random token, base64url-encoded
// (padless). 43 chars long; the storage column is 64 so
// there's room to grow without a migration.
token, err := mintFileURLToken()
if err != nil {
return "", fmt.Errorf("create_file_url: token generation: %w", err)
}
// Persist.
if err := minter.SaveFileToken(ctx, FileToken{
Token: token,
FileID: args.FileID,
SkillID: inv.SkillID,
CallerID: inv.CallerID,
ExpiresAt: &expiresAt,
MaxViews: maxViews,
}); err != nil {
return "", fmt.Errorf("create_file_url: save: %w", err)
}
url := baseURL + "/files/" + token
res := createFileURLResult{
URL: url,
Token: token,
ExpiresAt: expiresAt.UTC().Format(time.RFC3339),
Note: "URL is public — anyone with the link can fetch this file until it expires or the view cap is reached.",
}
if maxViews != nil {
res.MaxViews = *maxViews
}
b, _ := json.Marshal(res)
return string(b), nil
},
)
}
// mintFileURLToken returns a 32-byte random token, base64url-encoded
// without padding. ~190 bits of entropy, well above the
// collision-resistance threshold for the 64-char storage column.
func mintFileURLToken() (string, error) {
var b [32]byte
if _, err := rand.Read(b[:]); err != nil {
return "", err
}
return base64.RawURLEncoding.EncodeToString(b[:]), nil
}