clawdforge

Author SHA1 Message Date

Author	SHA1	Message	Date
Kayos	99173353bb	clients/ruby: v0.2 multi-turn Session API - Session class wrapping a session_id; block form `forge.session do \|s\|` - Idempotent Session#close (in-memory short-circuit + server is also idempotent server-side; @closed rolled back on transport failure so retry is safe) - Client#create_session / #list_sessions / #get_session - TurnResult#text helper concatenates text events (skips thinking, tool_call, and nil contents) - Session#inspect / #to_s / #pretty_print redact the embedded client reference so the bearer never leaks via logs / pp / irb / backtraces - test/test_session.rb: 26 tests covering block-form auto-close on return + on exception + with-failing-close-must-not-mask-block-error, manual lifecycle, close idempotency (single DELETE on N closes), transport-failure rollback, turn round-trip + files/timeout/auth, closed-session guard, empty-prompt guard, TurnResult#text edge cases, list/get state, cross-token 404, server 410, redaction in inspect / to_s / PP, and a v0.1 #run regression smoke v0.1 surface (#run, #upload_file, #create_token, #list_tokens, #revoke_token, #healthz) is byte-identical — purely additive. Spec: memory/spec-clawdforge-v0.2.md Server core: `940861f`	2026-04-29 06:46:52 -07:00
Kayos	6b8bccfb8d	clients/ruby: apply audit findings (`b1d6e3f` -> new) - S1: Client#inspect redacts @token (default ruby inspect walks ivars); to_s aliased and pretty_print overridden so PP doesn't bypass it. - S2: AppToken#inspect/#to_s/#pretty_print redact :token member; nil token still rendered as token=nil for list-row clarity. - S3: validate token name vs [a-z0-9_-]+ in revoke_token and create_token; drops URI.encode_www_form_component path-encoding dependency. - C1: upload_timeout_secs parameter on upload_file (default 60), decoupled from default_timeout/http_timeout_margin so big uploads aren't capped by the run-subprocess timeout. - Q6: clearer multipart filename escape via gsub block form. - C7: dropped unused @uri ivar. - A3: YARD note clarifying http_client: bypasses base_url host/port routing. Test gaps closed: Client/AppToken inspect+pp redaction, AppToken nil-token inspect, revoke_token name validation (path traversal, uppercase, empty, valid), create_token name validation, upload_timeout_secs independence from default_timeout (incl. default==60), Array-form ip_cidrs round-trip, non-JSON 5xx error body kept as String, empty 200 body raises Error. 35 runs / 104 assertions / 0 failures. Audit: memory/clawdforge-audits/ruby-b1d6e3f.md	2026-04-28 23:07:49 -07:00
Kayos	b1d6e3f697	clients/ruby: initial Ruby SDK for clawdforge	2026-04-28 22:34:01 -07:00

Kayos

99173353bb

clients/ruby: v0.2 multi-turn Session API

- Session class wrapping a session_id; block form `forge.session do |s|`
- Idempotent Session#close (in-memory short-circuit + server is also
  idempotent server-side; @closed rolled back on transport failure so
  retry is safe)
- Client#create_session / #list_sessions / #get_session
- TurnResult#text helper concatenates text events (skips thinking,
  tool_call, and nil contents)
- Session#inspect / #to_s / #pretty_print redact the embedded client
  reference so the bearer never leaks via logs / pp / irb / backtraces
- test/test_session.rb: 26 tests covering block-form auto-close on
  return + on exception + with-failing-close-must-not-mask-block-error,
  manual lifecycle, close idempotency (single DELETE on N closes),
  transport-failure rollback, turn round-trip + files/timeout/auth,
  closed-session guard, empty-prompt guard, TurnResult#text edge cases,
  list/get state, cross-token 404, server 410, redaction in inspect /
  to_s / PP, and a v0.1 #run regression smoke

v0.1 surface (#run, #upload_file, #create_token, #list_tokens,
#revoke_token, #healthz) is byte-identical — purely additive.

Spec: memory/spec-clawdforge-v0.2.md
Server core: 940861f

2026-04-29 06:46:52 -07:00

Kayos

6b8bccfb8d

clients/ruby: apply audit findings (b1d6e3f -> new)

- S1: Client#inspect redacts @token (default ruby inspect walks ivars);
  to_s aliased and pretty_print overridden so PP doesn't bypass it.
- S2: AppToken#inspect/#to_s/#pretty_print redact :token member; nil
  token still rendered as token=nil for list-row clarity.
- S3: validate token name vs [a-z0-9_-]+ in revoke_token and create_token;
  drops URI.encode_www_form_component path-encoding dependency.
- C1: upload_timeout_secs parameter on upload_file (default 60), decoupled
  from default_timeout/http_timeout_margin so big uploads aren't capped
  by the run-subprocess timeout.
- Q6: clearer multipart filename escape via gsub block form.
- C7: dropped unused @uri ivar.
- A3: YARD note clarifying http_client: bypasses base_url host/port
  routing.

Test gaps closed: Client/AppToken inspect+pp redaction, AppToken nil-token
inspect, revoke_token name validation (path traversal, uppercase, empty,
valid), create_token name validation, upload_timeout_secs independence
from default_timeout (incl. default==60), Array-form ip_cidrs round-trip,
non-JSON 5xx error body kept as String, empty 200 body raises Error.

35 runs / 104 assertions / 0 failures.

Audit: memory/clawdforge-audits/ruby-b1d6e3f.md

2026-04-28 23:07:49 -07:00

Kayos

b1d6e3f697

clients/ruby: initial Ruby SDK for clawdforge

2026-04-28 22:34:01 -07:00

3 commits