builtins

package
v1.58.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 11, 2026 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Overview

Package builtins contains the stock in-process hook implementations shipped with docker-agent.

Available builtins:

  • add_date (turn_start) — today's date
  • add_environment_info (session_start) — cwd, git, OS, arch
  • add_prompt_files (turn_start) — contents of prompt files
  • add_git_status (turn_start) — `git status --short --branch`
  • add_git_diff (turn_start) — `git diff --stat` (or full)
  • add_directory_listing (session_start) — top-level entries of cwd
  • add_user_info (session_start) — current OS user and host
  • add_recent_commits (session_start) — `git log --oneline -n N`
  • max_iterations (before_llm_call) — hard stop after N model calls
  • unload (on_agent_switch) — release the previous agent's local-engine resources via HTTP unload (DMR today)
  • snapshot (session_start, turn_start, turn_end, pre_tool_use, post_tool_use, session_end) — shadow-git snapshots. Installed via RegisterSnapshot (separate entry point) so the embedder receives a SnapshotController to drive /undo, /snapshots, /reset.
  • redact_secrets (pre_tool_use, before_llm_call, tool_response_transform) — scrub secrets from tool args, outgoing chat content, and tool output. Same builtin, dispatches on event so a single name covers all three legs of the feature.
  • http_post (any event) — POST args[1] to args[0]

Reference any of them from a hook YAML entry as `{type: builtin, command: "<name>"}`. The runtime additionally auto-injects add_date / add_environment_info / add_prompt_files / redact_secrets from the matching agent flags via ApplyAgentDefaults. snapshot auto-injection lives on the controller returned by RegisterSnapshot and is plumbed into the runtime as an AutoInjector, not as another bool on AgentDefaults.

turn_start builtins recompute every turn (date, git state). session_start builtins run once per session for context that's stable for its duration. snapshot is stateful: it keeps per-session turn/tool snapshot hashes and undo checkpoints in memory while the shadow git objects live under the data directory. Undo checkpoints intentionally survive the RunStream session_end cleanup so /undo can run after the response stops.

LLM-as-a-judge hooks are NOT shipped here: write `type: model` with `schema: pre_tool_use_decision` instead — see pkg/hooks/shape_pre_tool_use_decision.go and examples/llm_judge.yaml.

Index

Constants

View Source 
const AddDate = "add_date"

AddDate is the registered name of the add_date builtin.

View Source 
const AddDirectoryListing = "add_directory_listing"

AddDirectoryListing is the registered name of the add_directory_listing builtin.

View Source 
const AddEnvironmentInfo = "add_environment_info"

AddEnvironmentInfo is the registered name of the add_environment_info builtin.

View Source 
const AddGitDiff = "add_git_diff"

AddGitDiff is the registered name of the add_git_diff builtin.

View Source 
const AddGitStatus = "add_git_status"

AddGitStatus is the registered name of the add_git_status builtin.

View Source 
const AddPromptFiles = "add_prompt_files"

AddPromptFiles is the registered name of the add_prompt_files builtin.

View Source 
const AddRecentCommits = "add_recent_commits"

AddRecentCommits is the registered name of the add_recent_commits builtin.

View Source 
const AddUserInfo = "add_user_info"

AddUserInfo is the registered name of the add_user_info builtin.

View Source 
const HTTPPost = "http_post"

HTTPPost is the registered name of the http_post builtin.

View Source 
const MaxIterations = "max_iterations"

MaxIterations is the registered name of the max_iterations builtin.

View Source 
const RedactSecrets = "redact_secrets"

RedactSecrets is the registered name of the builtin that scrubs secret material at every leak vector docker-agent has into a third party. The same builtin is registered once and dispatches on hooks.Input.HookEventName so a single name covers all three legs:

  • hooks.EventPreToolUse — scrub tool ARGUMENTS before the call leaves the runtime (returns UpdatedInput).
  • hooks.EventBeforeLLMCall — scrub outgoing CHAT CONTENT before each model call (returns UpdatedMessages).
  • hooks.EventToolResponseTransform — scrub tool OUTPUT before it reaches event consumers, the persisted session, the post_tool_use hook, or the next LLM call (returns UpdatedToolResponse).

The agent-level redact_secrets flag is shorthand for wiring the builtin into all three events at once via ApplyAgentDefaults; the same hook entries can be authored directly in YAML to opt in to individual legs (or all of them) without touching agent flags.

Configured under any other event the builtin returns nil and logs a warning: keeping it lenient avoids surprising failures from typos while still nudging users toward the right event.

View Source 
const Snapshot = "snapshot"

Snapshot is the registered name of the snapshot builtin.

View Source 
const Unload = "unload"

Unload is the registered name of the on_agent_switch builtin that asks the previous agent's local inference engines (today: Docker Model Runner) to release the resources they hold.

Wire it into a config with: 

hooks:
  on_agent_switch:
    - type: builtin
      command: unload

The hook is pure: it depends only on the hooks.Input.FromAgentModels snapshot the runtime ships on every on_agent_switch dispatch, plus net/http. It carries no runtime-side coupling and silently skips any model whose endpoint isn't reachable as plain HTTP (e.g. cloud providers that don't expose hooks.ModelEndpoint.BaseURL).

Provider dispatch and URL resolution are owned by pkg/model/provider/dmr (see dmr.ProviderType and dmr.UnloadURL), so this builtin stays a dumb dispatcher and DMR keeps full control of its conventions.

Variables

This section is empty.

Functions

func ApplyAgentDefaults 

func ApplyAgentDefaults(cfg *hooks.Config, d AgentDefaults) *hooks.Config

ApplyAgentDefaults appends the stock builtin hook entries implied by d to cfg. A nil cfg is treated as empty. Returns nil iff no hook (user-configured or auto-injected) is present.

Snapshot auto-injection is handled separately via SnapshotController (an AutoInjector) so it can be configured by the embedder rather than by another bool on AgentDefaults.

func Register 

func Register(r *hooks.Registry) error

Register installs the stock builtin hooks on r.

Note: the snapshot builtin is NOT installed by Register. It ships its own entry point (RegisterSnapshot) so the embedder receives a SnapshotController for driving /undo, /snapshots, /reset.

Types

type AgentDefaults 

type AgentDefaults struct {
	AddDate            bool
	AddEnvironmentInfo bool
	AddPromptFiles     []string
	// RedactSecrets auto-injects the redact_secrets builtin under
	// pre_tool_use, before_llm_call, and tool_response_transform — the
	// three legs of the feature. Equivalent to writing those three
	// hook entries by hand; the dedup in [hooks.Executor.hooksFor]
	// makes the auto-injection idempotent against an explicit YAML
	// entry that already names the same builtin.
	RedactSecrets bool
}

AgentDefaults captures defaults that map onto stock builtin hook entries. Pass each AgentConfig.AddXxx flag as-is.

type AutoInjector added in v1.58.0 

type AutoInjector interface {
	AutoInject(cfg *hooks.Config)
}

AutoInjector adds default hooks to an agent's hook configuration. The runtime invokes AutoInject for every registered injector when it builds per-agent executors, so a builtin that wants to be auto-wired only needs to ship its own AutoInjector and let the embedder plumb it in via runtime.WithAutoInjector.

The snapshot controller returned by RegisterSnapshot satisfies this interface and is the canonical use case today; future builtins can opt in the same way without growing the central ApplyAgentDefaults table.

type SnapshotController added in v1.58.0 

type SnapshotController interface {
	AutoInjector
	Enabled() bool
	UndoLast(ctx context.Context, sessionID, cwd string) (files int, ok bool, err error)
	List(sessionID string) []SnapshotInfo
	Reset(ctx context.Context, sessionID, cwd string, keep int) (files int, ok bool, err error)
}

SnapshotController exposes the operations the embedder uses to drive shadow-git snapshot commands (/undo, /snapshots, /reset). It is returned by RegisterSnapshot and intentionally narrow: the runtime no longer brokers snapshot operations on the embedder's behalf.

Enabled() reports whether snapshot auto-injection (capturing checkpoints at session/turn boundaries) is configured. The other methods always work against any checkpoints already captured for sessionID, regardless of Enabled().

SnapshotController also satisfies AutoInjector so the same instance the App uses for /undo can be passed to the runtime via runtime.WithAutoInjector. AutoInject is a runtime-internal call; embedders normally don't invoke it directly.

func RegisterSnapshot added in v1.58.0 

func RegisterSnapshot(r *hooks.Registry, enabled bool) (SnapshotController, error)

RegisterSnapshot installs the snapshot builtin on r and returns a SnapshotController. enabled controls whether the controller's AutoInject mounts the snapshot hook on session/turn boundaries; pass false to keep the hook resolvable for users who wire it manually via YAML without auto-capturing checkpoints.

Embedders typically pass the same controller to both the runtime (via runtime.WithAutoInjector) and the App (via app.WithSnapshotController) so /undo et al. drive the same instance that captures the checkpoints.

type SnapshotInfo added in v1.56.0 

type SnapshotInfo struct {
	// Files is the number of unique files captured in the checkpoint.
	Files int
}

SnapshotInfo summarises one completed snapshot checkpoint for display.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.