Module: TalkToYourApp::Plugins::Rake

Defined in:: lib/talk_to_your_app/plugins/rake/plugin.rb,
lib/talk_to_your_app/plugins/rake/tools/run.rb

Overview

The Rake plugin runs operator-approved rake tasks over MCP. It is fail-closed and allow-list-only: it refuses to boot without an explicit ‘allowed:` list, and refuses any task not on that list. Because rake tasks can do anything, the allow-list is the security boundary — keep it tight, and prefer read-only/reporting tasks.

config.plugin :rake, allowed: ["stats", "report:generate"]
config.plugin :rake, allowed: [...], timeout: 60   # seconds, default 20

Defined Under Namespace

Modules: Tools Classes: Plugin

Constant Summary collapse

DEFAULT_TIMEOUT =

Class Method Summary collapse

.allowed?(task) ⇒ Boolean
.allowed_tasks ⇒ Object
.timeout ⇒ Object

Per-task wall-clock limit in seconds.

Class Method Details

.allowed?(task) ⇒ `Boolean`

Returns:

(Boolean)



26
27
28

# File 'lib/talk_to_your_app/plugins/rake/plugin.rb', line 26

def allowed?(task)
  allowed_tasks.include?(task.to_s)
end

.allowed_tasks ⇒ `Object`

# File 'lib/talk_to_your_app/plugins/rake/plugin.rb', line 21

def allowed_tasks
  options = TalkToYourApp.configuration.enabled_plugins[:rake] || {}
  Array(options[:allowed]).map(&:to_s)
end

.timeout ⇒ `Object`

Per-task wall-clock limit in seconds. A task exceeding it is killed and the tool returns an error. Override with ‘timeout:` on the plugin. A non-positive or non-numeric value falls back to the default rather than coercing to 0 (which would kill every task before it could run).

# File 'lib/talk_to_your_app/plugins/rake/plugin.rb', line 34

def timeout
  options = TalkToYourApp.configuration.enabled_plugins[:rake] || {}
  value = options[:timeout].to_i
  value.positive? ? value : DEFAULT_TIMEOUT
end