acp: load configured extensions and refactor tests

clippy-baselines/too_many_lines.txt

@@ -23,3 +23,4 @@ crates/goose/src/providers/formats/google.rs::format_messages
 crates/goose/src/providers/formats/openai.rs::format_messages
 crates/goose/src/providers/formats/openai.rs::response_to_streaming_message
 crates/goose/src/providers/snowflake.rs::post
+crates/goose/src/security/mod.rs::analyze_tool_requests

crates/goose-acp/.gooseignore

@@ -0,0 +1,18 @@
+# This file is created automatically if no .gooseignore exists.
+# Customize or uncomment the patterns below instead of deleting the file.
+# Removing it will simply cause goose to recreate it on the next start.
+#
+# Suggested patterns you can uncomment if desired:
+# **/.ssh/**        # block SSH keys and configs
+# **/*.key         # block loose private keys
+# **/*.pem         # block certificates/private keys
+# **/.git/**        # block git metadata entirely
+# **/target/**     # block Rust build artifacts
+# **/node_modules/** # block JS/TS dependencies
+# **/*.db          # block local database files
+# **/*.sqlite      # block SQLite databases
+#
+
+**/.env
+**/.env.*
+**/secrets.*

crates/goose-acp/Cargo.toml

@@ -26,6 +26,7 @@ url = { workspace = true }
 
 [dev-dependencies]
 assert-json-diff = "2.0.2"
+async-trait = "0.1.89"
 wiremock = { workspace = true }
 tempfile = "3"
 test-case = { workspace = true }

crates/goose-acp/src/server.rs

@@ -2,6 +2,8 @@ use anyhow::Result;
 use fs_err as fs;
 use goose::agents::extension::{Envs, PLATFORM_EXTENSIONS};
 use goose::agents::{Agent, AgentConfig, ExtensionConfig, SessionConfig};
+use goose::config::base::CONFIG_YAML_NAME;
+use goose::config::extensions::get_enabled_extensions_with_config;
 use goose::config::paths::Paths;
 use goose::config::permission::PermissionManager;
 use goose::config::Config;
@@ -46,7 +48,7 @@ pub struct GooseAcpAgent {
     provider: Arc<dyn goose::providers::base::Provider>,
 }
 
-pub struct GooseAcpConfig {
+pub struct AcpServerConfig {
     pub provider: Arc<dyn goose::providers::base::Provider>,
     pub builtins: Vec<String>,
     pub data_dir: std::path::PathBuf,
@@ -276,8 +278,21 @@ async fn add_builtins(agent: &Agent, builtins: Vec<String>) {
         }
     }
 }
+async fn add_extensions(agent: &Agent, extensions: Vec<ExtensionConfig>) {
+    for extension in extensions {
+        let name = extension.name().to_string();
+        match agent.add_extension(extension).await {
+            Ok(_) => info!(extension = %name, "extension loaded"),
+            Err(e) => warn!(extension = %name, error = %e, "extension load failed"),
+        }
+    }
+}
 
 impl GooseAcpAgent {
+    pub fn permission_manager(&self) -> Arc<PermissionManager> {
+        Arc::clone(&self.agent.config.permission_manager)
+    }
+
     pub async fn new(builtins: Vec<String>) -> Result<Self> {
         let config = Config::global();
 
@@ -304,7 +319,7 @@ impl GooseAcpAgent {
             .get_goose_mode()
             .unwrap_or(goose::config::GooseMode::Auto);
 
-        Self::with_config(GooseAcpConfig {
+        Self::with_config(AcpServerConfig {
             provider,
             builtins,
             data_dir: Paths::data_dir(),
@@ -314,8 +329,9 @@ impl GooseAcpAgent {
         .await
     }
 
-    pub async fn with_config(config: GooseAcpConfig) -> Result<Self> {
+    pub async fn with_config(config: AcpServerConfig) -> Result<Self> {
         let session_manager = Arc::new(SessionManager::new(config.data_dir));
+        let config_dir = config.config_dir.clone();
         let permission_manager = Arc::new(PermissionManager::new(config.config_dir));
 
         let agent = Agent::with_config(AgentConfig::new(
@@ -327,7 +343,12 @@ impl GooseAcpAgent {
 
         let agent_ptr = Arc::new(agent);
 
+        let config_path = config_dir.join(CONFIG_YAML_NAME);
+        let config_file = Config::new(&config_path, "goose")?;
+        let extensions = get_enabled_extensions_with_config(&config_file);
+
         add_builtins(&agent_ptr, config.builtins).await;
+        add_extensions(&agent_ptr, extensions).await;
 
         Ok(Self {
             provider: config.provider.clone(),

crates/goose-acp/tests/common_tests/mod.rs

@@ -0,0 +1,224 @@
+// Required when compiled as standalone test "common"; harmless warning when included as module.
+#![recursion_limit = "256"]
+#![allow(unused_attributes)]
+
+#[path = "../fixtures/mod.rs"]
+pub mod fixtures;
+use fixtures::{
+    ExpectedSessionId, McpFixture, OpenAiFixture, PermissionDecision, Session, TestSessionConfig,
+    FAKE_CODE,
+};
+use fs_err as fs;
+use goose::config::base::CONFIG_YAML_NAME;
+use goose::config::GooseMode;
+use sacp::schema::{McpServer, McpServerHttp, ToolCallStatus};
+
+pub async fn run_basic_completion<S: Session>() {
+    let expected_session_id = ExpectedSessionId::default();
+    let openai = OpenAiFixture::new(
+        vec![(
+            r#"</info-msg>\nwhat is 1+1""#.into(),
+            include_str!("../test_data/openai_basic_response.txt"),
+        )],
+        expected_session_id.clone(),
+    )
+    .await;
+
+    let mut session = S::new(TestSessionConfig::default(), openai).await;
+    expected_session_id.set(session.id());
+
+    let output = session
+        .prompt("what is 1+1", PermissionDecision::Cancel)
+        .await;
+    assert!(output.text.contains("2"));
+    expected_session_id.assert_matches(&session.id().0);
+}
+
+pub async fn run_mcp_http_server<S: Session>() {
+    let expected_session_id = ExpectedSessionId::default();
+    let mcp = McpFixture::new(expected_session_id.clone()).await;
+    let openai = OpenAiFixture::new(
+        vec![
+            (
+                r#"</info-msg>\nUse the get_code tool and output only its result.""#.into(),
+                include_str!("../test_data/openai_tool_call_response.txt"),
+            ),
+            (
+                format!(r#""content":"{FAKE_CODE}""#),
+                include_str!("../test_data/openai_tool_result_response.txt"),
+            ),
+        ],
+        expected_session_id.clone(),
+    )
+    .await;
+
+    let config = TestSessionConfig {
+        mcp_servers: vec![McpServer::Http(McpServerHttp::new("lookup", &mcp.url))],
+        ..Default::default()
+    };
+    let mut session = S::new(config, openai).await;
+    expected_session_id.set(session.id());
+
+    let output = session
+        .prompt(
+            "Use the get_code tool and output only its result.",
+            PermissionDecision::Cancel,
+        )
+        .await;
+    assert!(output.text.contains(FAKE_CODE));
+    expected_session_id.assert_matches(&session.id().0);
+}
+
+pub async fn run_builtin_and_mcp<S: Session>() {
+    let expected_session_id = ExpectedSessionId::default();
+    let prompt =
+        "Search for get_code and text_editor tools. Use them to save the code to /tmp/result.txt.";
+    let mcp = McpFixture::new(expected_session_id.clone()).await;
+    let openai = OpenAiFixture::new(
+        vec![
+            (
+                format!(r#"</info-msg>\n{prompt}""#),
+                include_str!("../test_data/openai_builtin_search.txt"),
+            ),
+            (
+                r#"lookup/get_code: Get the code"#.into(),
+                include_str!("../test_data/openai_builtin_read_modules.txt"),
+            ),
+            (
+                r#"lookup[\"get_code\"]({}): string - Get the code"#.into(),
+                include_str!("../test_data/openai_builtin_execute.txt"),
+            ),
+            (
+                r#"Successfully wrote to /tmp/result.txt"#.into(),
+                include_str!("../test_data/openai_builtin_final.txt"),
+            ),
+        ],
+        expected_session_id.clone(),
+    )
+    .await;
+
+    let config = TestSessionConfig {
+        builtins: vec!["code_execution".to_string(), "developer".to_string()],
+        mcp_servers: vec![McpServer::Http(McpServerHttp::new("lookup", &mcp.url))],
+        ..Default::default()
+    };
+
+    let _ = fs::remove_file("/tmp/result.txt");
+
+    let mut session = S::new(config, openai).await;
+    expected_session_id.set(session.id());
+
+    let _ = session.prompt(prompt, PermissionDecision::Cancel).await;
+
+    let result = fs::read_to_string("/tmp/result.txt").unwrap_or_default();
+    assert!(result.contains(FAKE_CODE));
+    expected_session_id.assert_matches(&session.id().0);
+}
+
+pub async fn run_permission_persistence<S: Session>() {
+    let cases = vec![
+        (
+            PermissionDecision::AllowAlways,
+            ToolCallStatus::Completed,
+            "user:\n  always_allow:\n  - lookup__get_code\n  ask_before: []\n  never_allow: []\n",
+        ),
+        (PermissionDecision::AllowOnce, ToolCallStatus::Completed, ""),
+        (
+            PermissionDecision::RejectAlways,
+            ToolCallStatus::Failed,
+            "user:\n  always_allow: []\n  ask_before: []\n  never_allow:\n  - lookup__get_code\n",
+        ),
+        (PermissionDecision::RejectOnce, ToolCallStatus::Failed, ""),
+        (PermissionDecision::Cancel, ToolCallStatus::Failed, ""),
+    ];
+
+    let temp_dir = tempfile::tempdir().unwrap();
+    let prompt = "Use the get_code tool and output only its result.";
+    let expected_session_id = ExpectedSessionId::default();
+    let mcp = McpFixture::new(expected_session_id.clone()).await;
+    let openai = OpenAiFixture::new(
+        vec![
+            (
+                prompt.to_string(),
+                include_str!("../test_data/openai_tool_call_response.txt"),
+            ),
+            (
+                format!(r#""content":"{FAKE_CODE}""#),
+                include_str!("../test_data/openai_tool_result_response.txt"),
+            ),
+        ],
+        expected_session_id.clone(),
+    )
+    .await;
+
+    let config = TestSessionConfig {
+        mcp_servers: vec![McpServer::Http(McpServerHttp::new("lookup", &mcp.url))],
+        goose_mode: GooseMode::Approve,
+        data_root: temp_dir.path().to_path_buf(),
+        ..Default::default()
+    };
+
+    let mut session = S::new(config, openai).await;
+    expected_session_id.set(session.id());
+
+    for (decision, expected_status, expected_yaml) in cases {
+        session.reset_openai();
+        session.reset_permissions();
+        let _ = fs::remove_file(temp_dir.path().join("permission.yaml"));
+        let output = session.prompt(prompt, decision).await;
+
+        assert_eq!(
+            output.tool_status.unwrap(),
+            expected_status,
+            "permission decision {:?}",
+            decision
+        );
+        assert_eq!(
+            fs::read_to_string(temp_dir.path().join("permission.yaml")).unwrap_or_default(),
+            expected_yaml,
+            "permission decision {:?}",
+            decision
+        );
+    }
+    expected_session_id.assert_matches(&session.id().0);
+}
+
+pub async fn run_configured_extension<S: Session>() {
+    let temp_dir = tempfile::tempdir().unwrap();
+    let expected_session_id = ExpectedSessionId::default();
+    let prompt = "Use the get_code tool and output only its result.";
+    let mcp = McpFixture::new(expected_session_id.clone()).await;
+
+    let config_yaml = format!(
+        "extensions:\n  lookup:\n    enabled: true\n    type: streamable_http\n    name: lookup\n    description: Lookup server\n    uri: \"{}\"\n",
+        mcp.url
+    );
+    fs::write(temp_dir.path().join(CONFIG_YAML_NAME), config_yaml).unwrap();
+
+    let openai = OpenAiFixture::new(
+        vec![
+            (
+                prompt.to_string(),
+                include_str!("../test_data/openai_tool_call_response.txt"),
+            ),
+            (
+                format!(r#""content":"{FAKE_CODE}""#),
+                include_str!("../test_data/openai_tool_result_response.txt"),
+            ),
+        ],
+        expected_session_id.clone(),
+    )
+    .await;
+
+    let config = TestSessionConfig {
+        data_root: temp_dir.path().to_path_buf(),
+        ..Default::default()
+    };
+
+    let mut session = S::new(config, openai).await;
+    expected_session_id.set(session.id());
+
+    let output = session.prompt(prompt, PermissionDecision::Cancel).await;
+    assert!(output.text.contains(FAKE_CODE));
+    expected_session_id.assert_matches(&session.id().0);
+}