Module: Woods::Console::Tools::Tier4

Defined in:

lib/woods/console/tools/tier4.rb

Overview

Tier 4: Guarded tools requiring confirmation or SQL validation.

• ‘console_eval` — Arbitrary Ruby execution with confirmation + timeout

• ‘console_sql` — Read-only SQL (validated by SqlValidator)

• ‘console_query` — Enhanced query builder with joins/grouping

Each method builds a bridge request hash. The bridge executes against the live Rails environment.

Constant Summary

MAX_EVAL_TIMEOUT =

30

MIN_EVAL_TIMEOUT =

1

DEFAULT_EVAL_TIMEOUT =

10

MAX_SQL_LIMIT =

10_000

MAX_QUERY_LIMIT =

10_000

Class Method Summary

• .console_eval(code:, timeout: DEFAULT_EVAL_TIMEOUT, guard: nil) ⇒ Hash

  Arbitrary Ruby evaluation with timeout.

• .console_query(model:, select:, joins: nil, group_by: nil, having: nil, order: nil, scope: nil, limit: nil) ⇒ Hash

  Enhanced query builder with joins and grouping.

• .console_sql(sql:, validator:, limit: nil) ⇒ Hash

  Read-only SQL execution with validation.

Class Method Details

.console_eval(code:, timeout: DEFAULT_EVAL_TIMEOUT, guard: nil) ⇒ Hash

Arbitrary Ruby evaluation with timeout.

Parameters:

• code (String) —

  Ruby code to execute

• timeout (Integer) (defaults to: DEFAULT_EVAL_TIMEOUT) —

  Execution timeout in seconds (default 10, max 30)

• guard (#check!, nil) (defaults to: nil) —

  Optional EvalGuard instance. When present, the payload is parsed and refused before the bridge request is built — surfacing credential/reflection escapes as a clean MCP error instead of relying on the bridge’s own enforcement.

Returns:

• (Hash) —

  Bridge request

Raises:

• (Woods::Console::ForbiddenExpressionError) —

  if guard rejects

# File 'lib/woods/console/tools/tier4.rb', line 34

def console_eval(code:, timeout: DEFAULT_EVAL_TIMEOUT, guard: nil)
  guard&.check!(code)
  timeout = timeout.clamp(MIN_EVAL_TIMEOUT, MAX_EVAL_TIMEOUT)
  { tool: 'eval', params: { code: code, timeout: timeout } }
end

.console_query(model:, select:, joins: nil, group_by: nil, having: nil, order: nil, scope: nil, limit: nil) ⇒ Hash

Enhanced query builder with joins and grouping.

rubocop:disable Metrics/ParameterLists

Parameters:

• model (String) —

  Model name

• select (Array<String>) —

  Columns to select

• joins (Array<String>, nil) (defaults to: nil) —

  Associations to join

• group_by (Array<String>, nil) (defaults to: nil) —

  Columns to group by

• having (String, nil) (defaults to: nil) —

  HAVING clause

• order (Hash, nil) (defaults to: nil) —

  Order specification (e.g., { id: :desc })

• scope (Hash, nil) (defaults to: nil) —

  Filter conditions

• limit (Integer, nil) (defaults to: nil) —

  Row limit (max 10000)

Returns:

• (Hash) —

  Bridge request

# File 'lib/woods/console/tools/tier4.rb', line 65

def console_query(model:, select:, joins: nil, group_by: nil, having: nil, order: nil, scope: nil, limit: nil)
  limit = [limit, MAX_QUERY_LIMIT].min if limit
  {
    tool: 'query',
    params: {
      model: model,
      select: select,
      joins: joins,
      group_by: group_by,
      having: having,
      order: order,
      scope: scope,
      limit: limit
    }.compact
  }
end

.console_sql(sql:, validator:, limit: nil) ⇒ Hash

Read-only SQL execution with validation.

Parameters:

• sql (String) —

  SQL query (must be SELECT or WITH…SELECT)

• validator (SqlValidator) —

  SQL validator instance

• limit (Integer, nil) (defaults to: nil) —

  Optional row limit (max 10000)

Returns:

• (Hash) —

  Bridge request

Raises:

• (SqlValidationError) —

  if SQL is not read-only

# File 'lib/woods/console/tools/tier4.rb', line 47

def console_sql(sql:, validator:, limit: nil)
  validator.validate!(sql)
  limit = [limit, MAX_SQL_LIMIT].min if limit
  { tool: 'sql', params: { sql: sql, limit: limit }.compact }
end