@agentprojectcontext/apx 1.31.0 → 1.31.2

package/src/core/tools/registry.js

@@ -619,6 +619,8 @@ function makeInlineHandlers({ projects, registries }) {
     memory_list: async (body) => {
       const { default: fs } = await import("node:fs");
       const { default: path } = await import("node:path");
+      const { readAgents } = await import("../parser.js");
+      const { agentMemoryPath } = await import("../agent-memory.js");
       // Find the project
       const all = projects.list();
       let p = null;
@@ -629,15 +631,13 @@ function makeInlineHandlers({ projects, registries }) {
       }
       if (!p) p = projects.get(all.filter((x) => x.id !== 0)[0]?.id) || projects.get(0);
       if (!p) throw new Error("no project registered");
-      const agentsDir = path.join(p.path, ".apc", "agents");
-      if (!fs.existsSync(agentsDir)) return { agents_with_memory: [] };
-      const result = fs.readdirSync(agentsDir).filter((slug) => {
-        return fs.existsSync(path.join(agentsDir, slug, "memory.md"));
-      }).map((slug) => {
-        const memPath = path.join(agentsDir, slug, "memory.md");
+      const result = readAgents(p.path).map((agent) => {
+        const slug = agent.slug;
+        const memPath = agentMemoryPath(p, slug);
+        if (!fs.existsSync(memPath)) return null;
         const stat = fs.statSync(memPath);
         return { agent: slug, path: memPath, size: stat.size, mtime: stat.mtime };
-      });
+      }).filter(Boolean);
       return { project: p.path, agents_with_memory: result };
     },
   };

package/src/host/daemon/api/agents.js

@@ -14,6 +14,13 @@ import {
   restoreVaultAgent,
   ensureAgentDir,
 } from "../../../core/scaffold.js";
+import {
+  ensureAgentRuntimeDir,
+  readAgentMemory,
+  writeAgentMemory,
+  agentMemoryPath,
+  legacyAgentMemoryPath,
+} from "../../../core/agent-memory.js";
 import { agentToResponse } from "./shared.js";
 
 // Lowercase the patch keys we accept on the vault and turn skills/tools into
@@ -114,6 +121,7 @@ export function register(app, { projects, project }) {
     try {
       writeAgentFile(p.path, slug, vault.fields || {}, vault.body || "");
       ensureAgentDir(p.path, slug);
+      ensureAgentRuntimeDir(p, slug);
       projects.rebuild(p.id);
       res.status(201).json(agentToResponse(readAgents(p.path).find((a) => a.slug === slug)));
     } catch (e) {
@@ -133,10 +141,7 @@ export function register(app, { projects, project }) {
     const agents = readAgents(p.path);
     const a = agents.find((x) => x.slug === req.params.slug);
     if (!a) return res.status(404).json({ error: "agent not found" });
-    const memPath = path.join(p.path, ".apc", "agents", a.slug, "memory.md");
-    const memory = fs.existsSync(memPath)
-      ? fs.readFileSync(memPath, "utf8")
-      : "";
+    const memory = readAgentMemory(p, a.slug);
     res.json({ ...agentToResponse(a), memory, system: a.body || "" });
   });
 
@@ -163,6 +168,7 @@ export function register(app, { projects, project }) {
         Parent: parent || null,
       });
       ensureAgentDir(p.path, slug);
+      ensureAgentRuntimeDir(p, slug);
       projects.rebuild(p.id);
       const created = readAgents(p.path).find((a) => a.slug === slug);
       res.status(201).json(agentToResponse(created));
@@ -203,6 +209,7 @@ export function register(app, { projects, project }) {
     try {
       writeAgentFile(p.path, slug, fields, body);
       ensureAgentDir(p.path, slug);
+      ensureAgentRuntimeDir(p, slug);
       projects.rebuild(p.id);
       const updated = readAgents(p.path).find((a) => a.slug === slug);
       res.json(agentToResponse(updated));
@@ -211,18 +218,20 @@ export function register(app, { projects, project }) {
     }
   });
 
-  // Delete an agent: removes .apc/agents/<slug>.md and its data dir.
+  // Delete an agent: removes .apc/agents/<slug>.md and runtime data dir.
   app.delete("/projects/:pid/agents/:slug", (req, res) => {
     const p = project(req, res);
     if (!p) return;
     const slug = req.params.slug;
     const file = path.join(p.path, ".apc", "agents", `${slug}.md`);
-    const dir = path.join(p.path, ".apc", "agents", slug);
-    if (!fs.existsSync(file) && !fs.existsSync(dir))
+    const runtimeDir = path.dirname(agentMemoryPath(p, slug));
+    const legacyDir = path.dirname(legacyAgentMemoryPath(p.path, slug));
+    if (!fs.existsSync(file) && !fs.existsSync(runtimeDir) && !fs.existsSync(legacyDir))
       return res.status(404).json({ error: "agent not found" });
     try {
       if (fs.existsSync(file)) fs.rmSync(file);
-      if (fs.existsSync(dir)) fs.rmSync(dir, { recursive: true, force: true });
+      if (fs.existsSync(runtimeDir)) fs.rmSync(runtimeDir, { recursive: true, force: true });
+      if (fs.existsSync(legacyDir)) fs.rmSync(legacyDir, { recursive: true, force: true });
       projects.rebuild(p.id);
       res.json({ ok: true });
     } catch (e) {
@@ -257,15 +266,7 @@ export function register(app, { projects, project }) {
   app.get("/projects/:pid/agents/:slug/memory", (req, res) => {
     const p = project(req, res);
     if (!p) return;
-    const memPath = path.join(
-      p.path,
-      ".apc",
-      "agents",
-      req.params.slug,
-      "memory.md"
-    );
-    if (!fs.existsSync(memPath)) return res.json({ body: "" });
-    res.json({ body: fs.readFileSync(memPath, "utf8") });
+    res.json({ body: readAgentMemory(p, req.params.slug) });
   });
 
   app.put("/projects/:pid/agents/:slug/memory", (req, res) => {
@@ -274,10 +275,7 @@ export function register(app, { projects, project }) {
     const { body } = req.body || {};
     if (typeof body !== "string")
       return res.status(400).json({ error: "body must be string" });
-    const dir = path.join(p.path, ".apc", "agents", req.params.slug);
-    fs.mkdirSync(path.join(dir, "sessions"), { recursive: true });
-    const memPath = path.join(dir, "memory.md");
-    fs.writeFileSync(memPath, body);
+    writeAgentMemory(p, req.params.slug, body);
     projects.rebuild(p.id);
     res.json({ ok: true, bytes: Buffer.byteLength(body, "utf8") });
   });

package/src/host/daemon/api/code.js

@@ -14,6 +14,7 @@
 // + per-mode tool gating), then persists the rich assistant turn.
 import { runSuperAgent } from "../super-agent.js";
 import { appendSuperAgentErrorTrace } from "./shared.js";
+import { createWebConfirmAdapter } from "../../../core/confirmation/adapters/web.js";
 import {
   listCodeSessions,
   getCodeSession,
@@ -295,6 +296,7 @@ export function register(app, { projects, project, config, registries, plugins }
         // it keeps the normal "text ends the turn" behavior.
         completionContract: mode === "build",
         onEvent,
+        requestConfirmation: createWebConfirmAdapter({ onEvent }),
       });
       projects.rebuild(p.id);
 

package/src/host/daemon/api/confirm.js

@@ -0,0 +1,30 @@
+// Confirmation resolution endpoint for web and TUI channels.
+//
+//   POST /super-agent/confirm/:correlationId
+//   Body: { confirmed: boolean }
+//
+// Called by the frontend after the user responds to a "confirmation_required"
+// SSE event emitted by the web confirmation adapter. Resolves the pending
+// Promise in the agent loop, unblocking it to continue with confirmed: true
+// or to return a cancelled error.
+
+import { getConfirmationStore } from "../../../core/confirmation/pending-store.js";
+
+export function register(app) {
+  app.post("/super-agent/confirm/:correlationId", async (req, res) => {
+    const { correlationId } = req.params;
+    const { confirmed } = req.body;
+
+    if (typeof confirmed !== "boolean") {
+      return res.status(400).json({ error: "confirmed must be a boolean" });
+    }
+
+    const resolved = getConfirmationStore().resolve(correlationId, confirmed);
+
+    if (!resolved) {
+      return res.status(404).json({ error: "confirmation not found or already expired" });
+    }
+
+    return res.json({ ok: true, confirmed });
+  });
+}

package/src/host/daemon/api/sessions-search.js

@@ -31,7 +31,7 @@ export function register(app, { projects, config }) {
     for (const p of targetProjects) {
       if (!p) continue;
 
-      // 1) Session files in the repo (.apc/agents/<slug>/sessions/)
+      // 1) Legacy session files in the repo (.apc/agents/<slug>/sessions/)
       const sessionAgentsDir = path.join(p.path, ".apc", "agents");
       if (fs.existsSync(sessionAgentsDir)) {
         for (const slug of fs.readdirSync(sessionAgentsDir)) {

package/src/host/daemon/api/shared.js

@@ -6,6 +6,8 @@ import fs from "node:fs";
 import path from "node:path";
 import { randomUUID } from "node:crypto";
 import { appendErrorTrace, previewText } from "../../../core/logging.js";
+import { readAgents } from "../../../core/parser.js";
+import { agentMemoryPath } from "../../../core/agent-memory.js";
 
 export const nowIso = () =>
   new Date().toISOString().replace(/\.\d{3}Z$/, "Z");
@@ -110,15 +112,10 @@ export function makeTopProjectResolver(projects) {
 }
 
 // Pick the memory.md to use when /memory is called without an agent ref.
-// Prefer the first .apc/agents/<slug>/memory.md; else .apc/memory.md.
+// Prefer the first agent's runtime-local memory; else project-level .apc/memory.md.
 export function resolveMemoryPath(p) {
-  const agentsDir = path.join(p.path, ".apc", "agents");
-  if (fs.existsSync(agentsDir)) {
-    const slugs = fs.readdirSync(agentsDir).filter((s) =>
-      fs.statSync(path.join(agentsDir, s)).isDirectory()
-    );
-    if (slugs.length) return path.join(agentsDir, slugs[0], "memory.md");
-  }
+  const firstAgent = readAgents(p.path)[0];
+  if (firstAgent) return agentMemoryPath(p, firstAgent.slug);
   return path.join(p.path, ".apc", "memory.md");
 }
 

package/src/host/daemon/api/super-agent.js

@@ -12,6 +12,7 @@ import {
 } from "./shared.js";
 import { loggerFor } from "../../../core/logging.js";
 import { appendGlobalMessage } from "../../../core/messages-store.js";
+import { createWebConfirmAdapter } from "../../../core/confirmation/adapters/web.js";
 
 const log = loggerFor("super-agent");
 
@@ -79,6 +80,15 @@ export function register(app, { projects, registries, plugins, project, config }
       res.write(JSON.stringify(event) + "\n");
     };
 
+    const onEvent = wrapOnEventForLog(send, {
+      trace_id: req.apxTraceId,
+      channel: ctx.channel,
+    });
+
+    // Web/TUI channels receive a "confirmation_required" SSE event and respond
+    // via POST /super-agent/confirm/:correlationId (see api/confirm.js).
+    const requestConfirmation = createWebConfirmAdapter({ onEvent });
+
     try {
       const saResult = await runSuperAgent({
         globalConfig: config,
@@ -94,10 +104,8 @@ export function register(app, { projects, registries, plugins, project, config }
         ...(Number.isFinite(Number(maxIters)) ? { maxIters: Number(maxIters) } : {}),
         ...(Number.isFinite(Number(maxTokens)) ? { maxTokens: Number(maxTokens) } : {}),
         ...(completionContract ? { completionContract: true } : {}),
-        onEvent: wrapOnEventForLog(send, {
-          trace_id: req.apxTraceId,
-          channel: ctx.channel,
-        }),
+        onEvent,
+        requestConfirmation,
       });
       projects.rebuild(p.id);
       logWebTurn(ctx.channel, { prompt, replyText: saResult.text });

package/src/host/daemon/api.js

@@ -46,6 +46,7 @@ import { register as registerAdmin } from "./api/admin.js";
 import { register as registerAdminConfig } from "./api/admin-config.js";
 import { register as registerIdentity } from "./api/identity.js";
 import { register as registerWeb } from "./api/web.js";
+import { register as registerConfirm } from "./api/confirm.js";
 
 export function buildApi({
   projects,
@@ -108,6 +109,7 @@ export function buildApi({
   registerEngines(app, ctx);
   registerExec(app, ctx);
   registerSuperAgent(app, ctx);
+  registerConfirm(app, ctx);
   registerCode(app, ctx);
   registerConversations(app, ctx);
   registerConnections(app, ctx);

package/src/host/daemon/plugins/telegram.js

@@ -41,6 +41,8 @@ import { transcribe as transcribeAudioFile } from "../transcription.js";
 import { resolveAgentName, SUPERAGENT_ACTOR_ID } from "../../../core/identity.js";
 import { registerSender, resolveAllowedTools } from "../../../core/telegram-identity.js";
 import { buildRelationshipBlock } from "../../../core/agent/index.js";
+import { getConfirmationStore as getConfirmStore } from "../../../core/confirmation/pending-store.js";
+import { createTelegramConfirmAdapter } from "../../../core/confirmation/adapters/telegram.js";
 
 const API_BASE = "https://api.telegram.org";
 const nowIso = () => new Date().toISOString().replace(/\.\d{3}Z$/, "Z");
@@ -422,6 +424,13 @@ class ChannelPoller {
 
   async _handleUpdate(u) {
     this.lastUpdateAt = nowIso();
+
+    // Inline keyboard button press: route to the confirmation adapter.
+    if (u.callback_query) {
+      await this._handleCallbackQuery(u.callback_query);
+      return;
+    }
+
     const msg = u.message || u.edited_message;
     if (!msg) return;
     const target = this.resolveProject();
@@ -806,6 +815,12 @@ class ChannelPoller {
         }
       };
 
+      const confirmAdapter = createTelegramConfirmAdapter({
+        token: resolveBotToken(this.channel),
+        chatId: chat_id,
+        pendingStore: getConfirmStore(),
+      });
+
       try {
         const sa = await runSuperAgent({
           globalConfig: this.globalConfig,
@@ -826,6 +841,7 @@ class ChannelPoller {
           }),
           signal: abortCtrl.signal,
           onEvent,
+          requestConfirmation: confirmAdapter.requestConfirmation,
         });
         replyText = sa.text;
         replyAuthor = sa.name || agentDisplay;
@@ -911,6 +927,18 @@ class ChannelPoller {
     }
   }
 
+  async _handleCallbackQuery(callbackQuery) {
+    const adapter = createTelegramConfirmAdapter({
+      token: resolveBotToken(this.channel),
+      chatId: callbackQuery.message?.chat?.id,
+      pendingStore: getConfirmStore(),
+    });
+    const handled = await adapter.handleCallbackQuery(callbackQuery);
+    if (!handled) {
+      this.log(`telegram[${this.channel.name}] unhandled callback_query: ${callbackQuery.data}`);
+    }
+  }
+
   // Show "typing..." indicator in the chat. Telegram clears it automatically
   // after 5 seconds, so call this every ~4s while a long operation is going.
   async _typing(chat_id) {

package/src/host/daemon/super-agent-tools/helpers.js

@@ -1,5 +1,6 @@
 import path from "node:path";
 import { agentSkills, buildAgentSystem as buildCoreAgentSystem } from "../../../core/agent-system.js";
+import { buildConfirmDescription } from "../../../core/confirmation/index.js";
 
 export function projectMeta(projects, entry) {
   const meta = projects.list().find((p) => p.id === entry.id);
@@ -79,19 +80,39 @@ export function buildAgentSystem(project, agent, opts = {}) {
   return buildCoreAgentSystem(project, agent, opts);
 }
 
-export function createPermissionGuard(globalConfig = {}, { implicitConfirmation = false } = {}) {
+export function createPermissionGuard(globalConfig = {}, {
+  implicitConfirmation = false,
+  requestConfirmation = null,
+} = {}) {
   const permissionMode = globalConfig.super_agent?.permission_mode || "automatico";
   const allowedTools = new Set(globalConfig.super_agent?.allowed_tools || []);
 
-  return function requirePermission(tool, { dangerous = false, confirmed = false } = {}) {
+  // async so tools can `await requirePermission(...)` and the confirmation
+  // dialog resolves transparently before execution continues.
+  return async function requirePermission(tool, { dangerous = false, confirmed = false, args } = {}) {
     const ok = confirmed || implicitConfirmation;
     if (permissionMode === "total") return;
-    if (permissionMode === "permiso" && !allowedTools.has(tool) && !ok) {
-      throw new Error(`requires_confirmation: permission_mode=permiso blocks ${tool}`);
+
+    const blocked =
+      (permissionMode === "permiso" && !allowedTools.has(tool) && !ok) ||
+      (permissionMode === "automatico" && dangerous && !ok);
+
+    if (!blocked) return;
+
+    const description = buildConfirmDescription(tool, args || {});
+
+    if (!requestConfirmation) {
+      // No confirmation channel wired for this invocation context (e.g. routine,
+      // autonomous agent). Surface a clear message so the model can explain it.
+      throw new Error(`Action requires user confirmation: ${description}`);
     }
-    if (permissionMode === "automatico" && dangerous && !ok) {
-      throw new Error(`requires_confirmation: permission_mode=automatico requires confirmation for ${tool}`);
+
+    const userConfirmed = await requestConfirmation(tool, args || {}, description);
+
+    if (!userConfirmed) {
+      throw new Error(`User did not confirm: ${description}`);
     }
+    // Confirmed — fall through, tool executes normally.
   };
 }
 

package/src/host/daemon/super-agent-tools/index.js

@@ -335,6 +335,7 @@ export function makeToolHandlers(ctx) {
     ...ctx,
     requirePermission: createPermissionGuard(ctx.globalConfig || {}, {
       implicitConfirmation: !!ctx.implicitConfirmation,
+      requestConfirmation: ctx.requestConfirmation || null,
     }),
   };
   return Object.fromEntries(TOOLS.map((tool) => [tool.name, tool.makeHandler(toolCtx)]));

package/src/host/daemon/super-agent-tools/tools/add-project.js

@@ -31,8 +31,8 @@ export default {
       },
     },
   },
-  makeHandler: ({ projects, requirePermission }) => ({ path: projectPath, name, init = true, confirmed = false }) => {
-    requirePermission("add_project", { dangerous: true, confirmed });
+  makeHandler: ({ projects, requirePermission }) => async ({ path: projectPath, name, init = true, confirmed = false }) => {
+    await requirePermission("add_project", { dangerous: true, confirmed, args: { path: projectPath } });
     if (!projectPath) throw new Error("add_project: path required");
 
     const abs = path.resolve(projectPath);

package/src/host/daemon/super-agent-tools/tools/call-mcp.js

@@ -21,7 +21,7 @@ export default {
     },
   },
   makeHandler: ({ projects, registries, requirePermission }) => async ({ project, mcp, tool, args = {}, confirmed = false }) => {
-    requirePermission("call_mcp", { dangerous: true, confirmed });
+    await requirePermission("call_mcp", { dangerous: true, confirmed, args: { mcp, tool } });
     const p = resolveProject(projects, project);
     if (!registries) throw new Error("MCP registry unavailable");
     const registry = registries.for ? registries.for(p) : registries.ensure(p);

package/src/host/daemon/super-agent-tools/tools/call-runtime.js

@@ -174,7 +174,7 @@ export default {
     },
   },
   makeHandler: ({ projects, requirePermission }) => async ({ project, agent: slug, runtime, prompt, resume_session_id = null, timeout_s = 300, confirmed = false }) => {
-    requirePermission("call_runtime", { dangerous: true, confirmed });
+    await requirePermission("call_runtime", { dangerous: true, confirmed, args: { runtime } });
 
     const p = slug ? resolveProjectForAgent(projects, project, slug) : resolveProject(projects, project);
     const agent = slug ? readAgents(p.path).find((a) => a.slug === slug) : null;

package/src/host/daemon/super-agent-tools/tools/edit-file.js

@@ -22,8 +22,8 @@ export default {
       },
     },
   },
-  makeHandler: ({ projects, requirePermission }) => ({ project, path, search, replace, all = false, confirmed = false }) => {
-    requirePermission("edit_file", { dangerous: true, confirmed });
+  makeHandler: ({ projects, requirePermission }) => async ({ project, path, search, replace, all = false, confirmed = false }) => {
+    await requirePermission("edit_file", { dangerous: true, confirmed, args: { path } });
     if (!path) throw new Error("edit_file: path required");
     if (!search) throw new Error("edit_file: search required");
 

package/src/host/daemon/super-agent-tools/tools/import-agent.js

@@ -2,6 +2,7 @@ import fs from "node:fs";
 import path from "node:path";
 import { readVaultAgents, VAULT_DIR } from "../../../../core/parser.js";
 import { addImportedAgent, ensureAgentDir } from "../../../../core/scaffold.js";
+import { ensureAgentRuntimeDir } from "../../../../core/agent-memory.js";
 import { confirmedProperty, projectMeta, resolveProject } from "../helpers.js";
 
 export default {
@@ -22,8 +23,8 @@ export default {
       },
     },
   },
-  makeHandler: ({ projects, requirePermission }) => ({ project, agent: slug, confirmed = false }) => {
-    requirePermission("import_agent", { dangerous: true, confirmed });
+  makeHandler: ({ projects, requirePermission }) => async ({ project, agent: slug, confirmed = false }) => {
+    await requirePermission("import_agent", { dangerous: true, confirmed, args: { agent: slug } });
     if (!slug) throw new Error("import_agent: agent required");
 
     const vaultPath = path.join(VAULT_DIR, `${slug}.md`);
@@ -35,6 +36,7 @@ export default {
     const p = resolveProject(projects, project || "default");
     addImportedAgent(p.path, slug);
     ensureAgentDir(p.path, slug);
+    ensureAgentRuntimeDir(p, slug);
     projects.rebuild(p.id);
 
     return {

package/src/host/daemon/super-agent-tools/tools/read-agent-memory.js

@@ -1,6 +1,6 @@
 import fs from "node:fs";
-import path from "node:path";
 import { resolveProject } from "../helpers.js";
+import { agentMemoryPath, readAgentMemory } from "../../../../core/agent-memory.js";
 
 export default {
   name: "read_agent_memory",
@@ -21,8 +21,9 @@ export default {
   },
   makeHandler: ({ projects }) => ({ project, agent }) => {
     const p = resolveProject(projects, project);
-    const file = path.join(p.path, ".apc", "agents", agent, "memory.md");
-    if (!fs.existsSync(file)) return { error: `no memory.md for agent ${agent}` };
-    return { body: fs.readFileSync(file, "utf8") };
+    const file = agentMemoryPath(p, agent);
+    const body = readAgentMemory(p, agent);
+    if (!body && !fs.existsSync(file)) return { error: `no memory.md for agent ${agent}` };
+    return { body, path: file };
   },
 };

package/src/host/daemon/super-agent-tools/tools/run-shell.js

@@ -64,7 +64,7 @@ export default {
     },
   },
   makeHandler: ({ projects, requirePermission }) => async ({ project, cwd = ".", command, timeout_s = 60, confirmed = false }) => {
-    requirePermission("run_shell", { dangerous: !isSafeShellCommand(command), confirmed });
+    await requirePermission("run_shell", { dangerous: !isSafeShellCommand(command), confirmed, args: { command } });
     if (!command) throw new Error("run_shell: command required");
 
     const p = resolveProject(projects, project);

package/src/host/daemon/super-agent-tools/tools/search-files.js

@@ -22,10 +22,7 @@ export default {
       },
     },
   },
-  makeHandler: ({ projects, requirePermission }) => async ({ query, project, path: sub = "." } = {}) => {
-    // Optional permission check if it's considered destructive, but search is safe read-only
-    await requirePermission("search_files", { query, project, path: sub }, "safe");
-    
+  makeHandler: ({ projects }) => async ({ query, project, path: sub = "." } = {}) => {
     const p = resolveProject(projects, project);
     const target = safePathJoin(p.path, sub);
 

package/src/host/daemon/super-agent-tools/tools/send-telegram.js

@@ -87,7 +87,7 @@ export default {
       confirmed = false,
     } = args;
 
-    requirePermission("send_telegram", { dangerous: true, confirmed });
+    await requirePermission("send_telegram", { dangerous: true, confirmed, args: { text } });
     if (!plugins) throw new Error("plugins unavailable");
     const telegram = plugins.get("telegram");
     if (!telegram) throw new Error("telegram plugin not loaded");

package/src/host/daemon/super-agent-tools/tools/set-identity.js

@@ -20,8 +20,8 @@ export default {
       },
     },
   },
-  makeHandler: ({ requirePermission }) => ({ agent_name, owner_name, owner_context, personality, confirmed = false } = {}) => {
-    requirePermission("set_identity", { dangerous: true, confirmed });
+  makeHandler: ({ requirePermission }) => async ({ agent_name, owner_name, owner_context, personality, confirmed = false } = {}) => {
+    await requirePermission("set_identity", { dangerous: true, confirmed, args: { agent_name } });
     const fields = {};
     if (agent_name) fields.agent_name = agent_name;
     if (owner_name) fields.owner_name = owner_name;

package/src/host/daemon/super-agent-tools/tools/set-permission-mode.js

@@ -20,8 +20,8 @@ export default {
       },
     },
   },
-  makeHandler: ({ requirePermission }) => ({ mode, confirmed = false }) => {
-    requirePermission("set_permission_mode", { dangerous: true, confirmed });
+  makeHandler: ({ requirePermission }) => async ({ mode, confirmed = false }) => {
+    await requirePermission("set_permission_mode", { dangerous: true, confirmed, args: { mode } });
     if (!MODES.has(mode)) throw new Error("mode must be total, automatico, or permiso");
     const cfg = readConfig();
     cfg.super_agent = cfg.super_agent || {};

package/src/host/daemon/super-agent-tools/tools/write-file.js

@@ -21,8 +21,8 @@ export default {
       },
     },
   },
-  makeHandler: ({ projects, requirePermission }) => ({ project, path: sub, content, confirmed = false }) => {
-    requirePermission("write_file", { dangerous: true, confirmed });
+  makeHandler: ({ projects, requirePermission }) => async ({ project, path: sub, content, confirmed = false }) => {
+    await requirePermission("write_file", { dangerous: true, confirmed, args: { path: sub } });
     if (!sub) throw new Error("write_file: path required");
     const p = resolveProject(projects, project);
     const target = safePathJoin(p.path, sub);

package/src/host/daemon/super-agent.js

@@ -54,6 +54,10 @@ export async function runSuperAgent({
   // restricts the visible tool schemas to those names; [] means no tools.
   // Used to gate guests/limited roles on Telegram (see resolveAllowedTools).
   allowedTools = "*",
+  // Channel-specific confirmation handler. See run-agent.js for contract.
+  // Null disables human-in-the-loop (tools that need confirmation fail
+  // immediately instead of waiting for user input).
+  requestConfirmation = null,
 }) {
   if (!isSuperAgentEnabled(globalConfig)) {
     throw new Error("super-agent not enabled (set super_agent.enabled and .model in ~/.apx/config.json)");
@@ -114,7 +118,7 @@ export async function runSuperAgent({
     overrideModel,
     toolSchemas,
     makeToolHandlers,
-    toolHandlerCtx: { projects, plugins, registries, globalConfig, channel, toolSession },
+    toolHandlerCtx: { projects, plugins, registries, globalConfig, channel, toolSession, requestConfirmation },
     onEvent,
     signal,
     onToken,

package/src/interfaces/cli/commands/agent.js

@@ -2,6 +2,7 @@ import fs from "node:fs";
 import path from "node:path";
 import { findApfRoot, readAgents, readVaultAgents, readVaultAgent, VAULT_DIR, SLUG_RE } from "../../../core/parser.js";
 import { writeAgentFile, writeVaultAgentFile, removeVaultAgent, restoreVaultAgent, addImportedAgent, ensureAgentDir } from "../../../core/scaffold.js";
+import { ensureAgentRuntimeDir, agentMemoryPath } from "../../../core/agent-memory.js";
 import { http } from "../http.js";
 
 // ── ANSI ──────────────────────────────────────────────────────────────────────
@@ -49,6 +50,7 @@ export async function cmdAgentAdd(args) {
 
   writeAgentFile(root, slug, fields);
   ensureAgentDir(root, slug);
+  ensureAgentRuntimeDir(root, slug);
   await nudgeDaemon(root);
 
   console.log(`Added agent ${slug}`);
@@ -207,10 +209,11 @@ export async function cmdAgentImport(args) {
     addImportedAgent(root, slug);
     console.log(`\n  ${bold(slug)} imported from vault ${tag("↑ vault")}\n`);
     console.log(gray(`  definition: ${vaultPath}`));
-    console.log(gray(`  memory:     ${path.join(root, ".apc", "agents", slug, "memory.md")} (project-local)`));
+    console.log(gray(`  memory:     ${agentMemoryPath(root, slug)} (runtime-local)`));
     console.log();
   }
 
   ensureAgentDir(root, slug);
+  ensureAgentRuntimeDir(root, slug);
   await nudgeDaemon(root);
 }