@agentprojectcontext/apx 1.31.1 → 1.31.2

package/README.md

@@ -64,7 +64,6 @@ Runtime state — local machine only, never committed:
 
 ```text
 ~/.apx/projects/<project-id>/
-├── project.db             ← regenerable SQLite cache
 ├── messages/              ← local message history
 └── agents/
     ├── <slug>/

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@agentprojectcontext/apx",
-  "version": "1.31.1",
+  "version": "1.31.2",
   "description": "APX — unified CLI + daemon for the Agent Project Context (APC) standard.",
   "publishConfig": {
     "access": "public"

package/skills/apc-context/SKILL.md

@@ -81,7 +81,6 @@ Do not store:
 .apc/sessions/
 .apc/conversations/
 .apc/messages/
-.apc/project.db
 .apc/cache/
 .apc/tmp/
 .apc/private/

package/src/core/confirmation/adapters/code.js

@@ -0,0 +1,41 @@
+// Code-surface confirmation adapter.
+//
+// Same stdin readline pattern as terminal, but formatted for the code TUI:
+// more structured output so it's visually distinct from agent output in the
+// split-pane Build mode. Uses stderr to avoid polluting the code output stream.
+
+import readline from "node:readline";
+
+const SEPARATOR = "─".repeat(60);
+
+/**
+ * Creates a requestConfirmation function for the code channel.
+ *
+ * @returns {(tool: string, args: object, description: string) => Promise<boolean>}
+ */
+export function createCodeConfirmAdapter() {
+  return async function requestConfirmation(_tool, _args, description) {
+    const rl = readline.createInterface({
+      input: process.stdin,
+      output: process.stderr,
+      terminal: false,
+    });
+
+    return new Promise((resolve) => {
+      process.stderr.write(
+        `\n${SEPARATOR}\n` +
+        `[apx] CONFIRM ACTION\n` +
+        `  ${description}\n` +
+        `  Answer [y = yes / N = no]: `
+      );
+      rl.once("line", (answer) => {
+        rl.close();
+        const confirmed = /^(y|yes|ok)$/i.test(answer.trim());
+        process.stderr.write(confirmed ? "✓ Confirmed\n" : "✗ Cancelled\n");
+        process.stderr.write(`${SEPARATOR}\n`);
+        resolve(confirmed);
+      });
+      rl.once("close", () => resolve(false));
+    });
+  };
+}

package/src/core/confirmation/adapters/telegram.js

@@ -0,0 +1,134 @@
+// Telegram confirmation adapter — async inline keyboard.
+//
+// Flow (why a Promise survives across two independent HTTP calls):
+//
+//   1. requestConfirmation() is called by the agent loop mid-tool-execution.
+//      It creates a pending entry in the shared store, embeds the correlationId
+//      in the button callback_data, sends the keyboard to Telegram, and returns
+//      a Promise that is NOT yet resolved.
+//
+//   2. The agent loop is now suspended at `await requestConfirmation(...)`.
+//      The Telegram bot's polling loop keeps running independently.
+//
+//   3. When the user taps a button, Telegram sends a callback_query update.
+//      The plugin's _handleUpdate() routes it to handleCallbackQuery() here.
+//
+//   4. handleCallbackQuery() calls pendingStore.resolve(correlationId, value),
+//      which finds the Promise's resolve function in the in-memory map and
+//      calls it. The agent loop resumes with true or false.
+//
+// Idempotency: once the promise resolves the entry is removed from the store.
+// Any subsequent tap on the same button won't find an entry and is a no-op.
+//
+// Post-restart stale buttons: if the process restarted after sending the
+// keyboard but before the user tapped, pendingStore.wasKnown() detects the
+// SQLite row with no memory entry and we show "Expirado" instead of an error.
+
+const API_BASE = "https://api.telegram.org";
+const TIMEOUT_MS = 60_000; // 60 s — long enough for a human, short enough to not block forever
+
+/**
+ * @param {{ token: string, chatId: string|number, pendingStore: ConfirmationPendingStore }} opts
+ * @returns {{ requestConfirmation, handleCallbackQuery }}
+ */
+export function createTelegramConfirmAdapter({ token, chatId, pendingStore }) {
+  async function requestConfirmation(tool, _args, description) {
+    const { correlationId, promise } = pendingStore.create({ timeoutMs: TIMEOUT_MS });
+
+    await sendConfirmKeyboard(token, chatId, description, correlationId, TIMEOUT_MS);
+
+    return promise;
+  }
+
+  // Called by ChannelPoller._handleUpdate() when a callback_query arrives.
+  // Returns true if the callback matched our pattern (consumed it), false otherwise.
+  async function handleCallbackQuery(callbackQuery) {
+    const data = callbackQuery.data || "";
+    const match = data.match(/^apx:confirm:([a-f0-9]{16}):(yes|no)$/);
+    if (!match) return false;
+
+    const [, correlationId, answer] = match;
+    const confirmed = answer === "yes";
+
+    // ACK the callback immediately to clear the loading spinner on the button.
+    // Fire-and-forget — a slow ACK is annoying but not fatal.
+    await answerCallbackQuery(token, callbackQuery.id, confirmed ? "✅ Confirmed" : "❌ Cancelled");
+
+    const resolved = pendingStore.resolve(correlationId, confirmed);
+
+    // If not resolved, the entry timed out or the process restarted — show "Expired"
+    // so the user knows the button is no longer actionable.
+    const inlineKeyboard = resolved
+      ? [[{ text: confirmed ? "✅ Confirmed" : "❌ Cancelled", callback_data: "apx:noop" }]]
+      : [[{ text: "⏱ Expired", callback_data: "apx:noop" }]];
+
+    if (callbackQuery.message?.chat?.id && callbackQuery.message?.message_id) {
+      await editMessageButtons(
+        token,
+        callbackQuery.message.chat.id,
+        callbackQuery.message.message_id,
+        inlineKeyboard
+      );
+    }
+
+    return true;
+  }
+
+  return { requestConfirmation, handleCallbackQuery };
+}
+
+// ---------- Telegram API helpers --------------------------------------------
+
+async function sendConfirmKeyboard(token, chatId, description, correlationId, timeoutMs) {
+  const timeoutSec = Math.round(timeoutMs / 1000);
+  await fetch(`${API_BASE}/bot${token}/sendMessage`, {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: JSON.stringify({
+      chat_id: chatId,
+      text:
+        `⚠️ *Confirm action*\n\n${escapeMarkdown(description)}\n\n` +
+        `_Expires in ${timeoutSec}s. No response → cancelled._`,
+      parse_mode: "Markdown",
+      reply_markup: {
+        inline_keyboard: [[
+          { text: "✅ Yes", callback_data: `apx:confirm:${correlationId}:yes` },
+          { text: "❌ No",  callback_data: `apx:confirm:${correlationId}:no` },
+        ]],
+      },
+    }),
+  });
+}
+
+async function answerCallbackQuery(token, callbackQueryId, text) {
+  try {
+    await fetch(`${API_BASE}/bot${token}/answerCallbackQuery`, {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify({ callback_query_id: callbackQueryId, text }),
+    });
+  } catch {
+    // best-effort — Telegram gives only 30s to answer; after that it's already cleared
+  }
+}
+
+async function editMessageButtons(token, chatId, messageId, inlineKeyboard) {
+  try {
+    await fetch(`${API_BASE}/bot${token}/editMessageReplyMarkup`, {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify({
+        chat_id: chatId,
+        message_id: messageId,
+        reply_markup: { inline_keyboard: inlineKeyboard },
+      }),
+    });
+  } catch {
+    // best-effort
+  }
+}
+
+// Escape Markdown special chars so description text doesn't break Telegram markup.
+function escapeMarkdown(text) {
+  return String(text || "").replace(/[_*[\]()~`>#+\-=|{}.!]/g, "\\$&");
+}

package/src/core/confirmation/adapters/terminal.js

@@ -0,0 +1,35 @@
+// Terminal confirmation adapter — synchronous stdin readline.
+//
+// The agent loop blocks here while waiting for user input. This is fine on
+// the terminal surface because the whole process is interactive and
+// single-threaded from the user's perspective.
+
+import readline from "node:readline";
+
+/**
+ * Creates a requestConfirmation function for the terminal channel.
+ * Uses stderr so stdout remains clean (useful when output is piped).
+ *
+ * @returns {(tool: string, args: object, description: string) => Promise<boolean>}
+ */
+export function createTerminalConfirmAdapter() {
+  return async function requestConfirmation(_tool, _args, description) {
+    const rl = readline.createInterface({
+      input: process.stdin,
+      output: process.stderr,
+      terminal: false,
+    });
+
+    return new Promise((resolve) => {
+      process.stderr.write(
+        `\n⚠  Confirmation required\n   ${description}\n   Continue? [y/N] `
+      );
+      rl.once("line", (answer) => {
+        rl.close();
+        resolve(/^(y|yes|ok)$/i.test(answer.trim()));
+      });
+      // Covers Ctrl+C / EOF while waiting.
+      rl.once("close", () => resolve(false));
+    });
+  };
+}

package/src/core/confirmation/adapters/web.js

@@ -0,0 +1,53 @@
+// Web / TUI confirmation adapter — async SSE + HTTP confirm endpoint.
+//
+// How the Promise resolves across two separate HTTP calls:
+//
+//   1. The agent loop (running inside an SSE request handler) calls
+//      requestConfirmation(). This emits a "confirmation_required" SSE event
+//      containing the correlationId and description, then suspends by awaiting
+//      the pending store's Promise.
+//
+//   2. The browser / TUI receives the SSE event and renders a confirm/cancel
+//      dialog. The dialog is keyed by correlationId.
+//
+//   3. The user responds → frontend POSTs to
+//      POST /super-agent/confirm/:correlationId  { confirmed: boolean }
+//
+//   4. The API handler (api/confirm.js) calls pendingStore.resolve(correlationId,
+//      value). This finds the in-memory resolve callback and calls it, unblocking
+//      the agent loop. The SSE stream receives the next event and continues.
+//
+// `onEvent` is the SSE emitter for the current turn. It's injected at adapter
+// creation time (each turn gets its own adapter instance) so the "please show
+// a dialog" event reaches the right open SSE connection.
+
+import { getConfirmationStore } from "../pending-store.js";
+
+const TIMEOUT_MS = 120_000; // 2 min — humans on screens are slower than keyboard
+
+/**
+ * Factory — call once per SSE turn, passing the turn's `onEvent` emitter.
+ *
+ * @param {{ onEvent: (event: object) => Promise<void>|void }} opts
+ * @returns {(tool: string, args: object, description: string) => Promise<boolean>}
+ */
+export function createWebConfirmAdapter({ onEvent }) {
+  return async function requestConfirmation(tool, _args, description) {
+    const store = getConfirmationStore();
+
+    const { correlationId, promise } = store.create({ timeoutMs: TIMEOUT_MS });
+
+    // Push a structured event to the open SSE stream so the frontend knows
+    // to render a confirmation dialog. The correlationId is the shared key
+    // between this pending promise and the POST /confirm/:correlationId call.
+    await onEvent({
+      type: "confirmation_required",
+      correlationId,
+      tool,
+      description,
+      timeout_ms: TIMEOUT_MS,
+    });
+
+    return promise;
+  };
+}

package/src/core/confirmation/index.js

@@ -0,0 +1,44 @@
+// Human-in-the-loop confirmation system.
+//
+// Public surface:
+//   getConfirmationStore()          shared SQLite-backed pending store
+//   buildConfirmDescription(t, a)   human-readable action summary
+//   isConfirmationRequired(err)     true when a tool threw requires_confirmation:
+//
+// Adapters (one per channel type) live under ./adapters/.
+
+export { getConfirmationStore, ConfirmationPendingStore } from "./pending-store.js";
+
+/**
+ * Returns true when `error` was thrown by createPermissionGuard() to signal
+ * that this tool call needs explicit user approval before proceeding.
+ */
+export function isConfirmationRequired(error) {
+  return (
+    error != null &&
+    typeof error.message === "string" &&
+    error.message.startsWith("requires_confirmation:")
+  );
+}
+
+/**
+ * Build a short, human-readable description of the action being confirmed.
+ * Shown in all confirmation channels (terminal prompt, Telegram message, web dialog).
+ */
+export function buildConfirmDescription(tool, args) {
+  const text = (s, max = 150) => String(s || "").slice(0, max);
+
+  const builders = {
+    send_telegram: (a) => `Send Telegram message: "${text(a.text)}"`,
+    run_shell:     (a) => `Run shell command: \`${text(a.command)}\``,
+    write_file:    (a) => `Write file: ${a.path || a.file || "(no path)"}`,
+    edit_file:     (a) => `Edit file: ${a.path || a.file || "(no path)"}`,
+    create_task:   (a) => `Create task: "${a.title || a.name || "?"}"`,
+    add_project:   (a) => `Add project: ${a.path || a.name || "?"}`,
+    set_identity:  (a) => `Change agent identity to: "${a.name || "?"}"`,
+    call_runtime:  (a) => `Call runtime: ${a.runtime || a.name || "?"}`,
+  };
+
+  const fn = builders[tool];
+  return fn ? fn(args) : `Run tool: \`${tool}\``;
+}

package/src/core/confirmation/pending-store.js

@@ -0,0 +1,68 @@
+// Pending confirmation store: in-memory map of unresolved confirmations.
+//
+// Each entry holds a Promise's resolve callback and a timeout timer.
+// When the user responds (any channel), resolve() is called and the agent
+// loop that was suspended at `await requestConfirmation(...)` resumes.
+//
+// No persistence needed: confirmations are ephemeral (30–120s window).
+// If the daemon restarts, the agent runs that created them are also dead,
+// so there is nothing to resume. Stale Telegram buttons simply won't find
+// an entry and the handleCallbackQuery path shows "Expired" gracefully.
+
+import { randomBytes } from "node:crypto";
+
+function generateId() {
+  return randomBytes(8).toString("hex"); // 16 hex chars, URL-safe
+}
+
+export class ConfirmationPendingStore {
+  constructor() {
+    // correlationId -> { resolve: (boolean) => void, timer: NodeJS.Timeout }
+    this._pending = new Map();
+  }
+
+  /**
+   * Register a new pending confirmation.
+   *
+   * Returns { correlationId, promise } where:
+   *   - correlationId: embed in the reply (button callback_data, SSE event…)
+   *   - promise: resolves to true (confirmed) or false (denied / timeout)
+   *
+   * After timeoutMs with no response the promise auto-resolves to false.
+   */
+  create({ timeoutMs = 30_000 } = {}) {
+    const correlationId = generateId();
+
+    const promise = new Promise((resolve) => {
+      const timer = setTimeout(() => {
+        this._pending.delete(correlationId);
+        resolve(false);
+      }, timeoutMs);
+      this._pending.set(correlationId, { resolve, timer });
+    });
+
+    return { correlationId, promise };
+  }
+
+  /**
+   * Resolve a pending confirmation.
+   * Returns true if found and resolved, false if not found (timed out, already
+   * resolved, or stale button after a process restart).
+   */
+  resolve(correlationId, value) {
+    const entry = this._pending.get(correlationId);
+    if (!entry) return false;
+    clearTimeout(entry.timer);
+    this._pending.delete(correlationId);
+    entry.resolve(value);
+    return true;
+  }
+}
+
+// Singleton — one store per daemon process, shared by all adapters.
+let _store = null;
+
+export function getConfirmationStore() {
+  if (!_store) _store = new ConfirmationPendingStore();
+  return _store;
+}

package/src/host/daemon/api/code.js

@@ -14,6 +14,7 @@
 // + per-mode tool gating), then persists the rich assistant turn.
 import { runSuperAgent } from "../super-agent.js";
 import { appendSuperAgentErrorTrace } from "./shared.js";
+import { createWebConfirmAdapter } from "../../../core/confirmation/adapters/web.js";
 import {
   listCodeSessions,
   getCodeSession,
@@ -295,6 +296,7 @@ export function register(app, { projects, project, config, registries, plugins }
         // it keeps the normal "text ends the turn" behavior.
         completionContract: mode === "build",
         onEvent,
+        requestConfirmation: createWebConfirmAdapter({ onEvent }),
       });
       projects.rebuild(p.id);
 

package/src/host/daemon/api/confirm.js

@@ -0,0 +1,30 @@
+// Confirmation resolution endpoint for web and TUI channels.
+//
+//   POST /super-agent/confirm/:correlationId
+//   Body: { confirmed: boolean }
+//
+// Called by the frontend after the user responds to a "confirmation_required"
+// SSE event emitted by the web confirmation adapter. Resolves the pending
+// Promise in the agent loop, unblocking it to continue with confirmed: true
+// or to return a cancelled error.
+
+import { getConfirmationStore } from "../../../core/confirmation/pending-store.js";
+
+export function register(app) {
+  app.post("/super-agent/confirm/:correlationId", async (req, res) => {
+    const { correlationId } = req.params;
+    const { confirmed } = req.body;
+
+    if (typeof confirmed !== "boolean") {
+      return res.status(400).json({ error: "confirmed must be a boolean" });
+    }
+
+    const resolved = getConfirmationStore().resolve(correlationId, confirmed);
+
+    if (!resolved) {
+      return res.status(404).json({ error: "confirmation not found or already expired" });
+    }
+
+    return res.json({ ok: true, confirmed });
+  });
+}

package/src/host/daemon/api/super-agent.js

@@ -12,6 +12,7 @@ import {
 } from "./shared.js";
 import { loggerFor } from "../../../core/logging.js";
 import { appendGlobalMessage } from "../../../core/messages-store.js";
+import { createWebConfirmAdapter } from "../../../core/confirmation/adapters/web.js";
 
 const log = loggerFor("super-agent");
 
@@ -79,6 +80,15 @@ export function register(app, { projects, registries, plugins, project, config }
       res.write(JSON.stringify(event) + "\n");
     };
 
+    const onEvent = wrapOnEventForLog(send, {
+      trace_id: req.apxTraceId,
+      channel: ctx.channel,
+    });
+
+    // Web/TUI channels receive a "confirmation_required" SSE event and respond
+    // via POST /super-agent/confirm/:correlationId (see api/confirm.js).
+    const requestConfirmation = createWebConfirmAdapter({ onEvent });
+
     try {
       const saResult = await runSuperAgent({
         globalConfig: config,
@@ -94,10 +104,8 @@ export function register(app, { projects, registries, plugins, project, config }
         ...(Number.isFinite(Number(maxIters)) ? { maxIters: Number(maxIters) } : {}),
         ...(Number.isFinite(Number(maxTokens)) ? { maxTokens: Number(maxTokens) } : {}),
         ...(completionContract ? { completionContract: true } : {}),
-        onEvent: wrapOnEventForLog(send, {
-          trace_id: req.apxTraceId,
-          channel: ctx.channel,
-        }),
+        onEvent,
+        requestConfirmation,
       });
       projects.rebuild(p.id);
       logWebTurn(ctx.channel, { prompt, replyText: saResult.text });

package/src/host/daemon/api.js

@@ -46,6 +46,7 @@ import { register as registerAdmin } from "./api/admin.js";
 import { register as registerAdminConfig } from "./api/admin-config.js";
 import { register as registerIdentity } from "./api/identity.js";
 import { register as registerWeb } from "./api/web.js";
+import { register as registerConfirm } from "./api/confirm.js";
 
 export function buildApi({
   projects,
@@ -108,6 +109,7 @@ export function buildApi({
   registerEngines(app, ctx);
   registerExec(app, ctx);
   registerSuperAgent(app, ctx);
+  registerConfirm(app, ctx);
   registerCode(app, ctx);
   registerConversations(app, ctx);
   registerConnections(app, ctx);

package/src/host/daemon/plugins/telegram.js

@@ -41,6 +41,8 @@ import { transcribe as transcribeAudioFile } from "../transcription.js";
 import { resolveAgentName, SUPERAGENT_ACTOR_ID } from "../../../core/identity.js";
 import { registerSender, resolveAllowedTools } from "../../../core/telegram-identity.js";
 import { buildRelationshipBlock } from "../../../core/agent/index.js";
+import { getConfirmationStore as getConfirmStore } from "../../../core/confirmation/pending-store.js";
+import { createTelegramConfirmAdapter } from "../../../core/confirmation/adapters/telegram.js";
 
 const API_BASE = "https://api.telegram.org";
 const nowIso = () => new Date().toISOString().replace(/\.\d{3}Z$/, "Z");
@@ -422,6 +424,13 @@ class ChannelPoller {
 
   async _handleUpdate(u) {
     this.lastUpdateAt = nowIso();
+
+    // Inline keyboard button press: route to the confirmation adapter.
+    if (u.callback_query) {
+      await this._handleCallbackQuery(u.callback_query);
+      return;
+    }
+
     const msg = u.message || u.edited_message;
     if (!msg) return;
     const target = this.resolveProject();
@@ -806,6 +815,12 @@ class ChannelPoller {
         }
       };
 
+      const confirmAdapter = createTelegramConfirmAdapter({
+        token: resolveBotToken(this.channel),
+        chatId: chat_id,
+        pendingStore: getConfirmStore(),
+      });
+
       try {
         const sa = await runSuperAgent({
           globalConfig: this.globalConfig,
@@ -826,6 +841,7 @@ class ChannelPoller {
           }),
           signal: abortCtrl.signal,
           onEvent,
+          requestConfirmation: confirmAdapter.requestConfirmation,
         });
         replyText = sa.text;
         replyAuthor = sa.name || agentDisplay;
@@ -911,6 +927,18 @@ class ChannelPoller {
     }
   }
 
+  async _handleCallbackQuery(callbackQuery) {
+    const adapter = createTelegramConfirmAdapter({
+      token: resolveBotToken(this.channel),
+      chatId: callbackQuery.message?.chat?.id,
+      pendingStore: getConfirmStore(),
+    });
+    const handled = await adapter.handleCallbackQuery(callbackQuery);
+    if (!handled) {
+      this.log(`telegram[${this.channel.name}] unhandled callback_query: ${callbackQuery.data}`);
+    }
+  }
+
   // Show "typing..." indicator in the chat. Telegram clears it automatically
   // after 5 seconds, so call this every ~4s while a long operation is going.
   async _typing(chat_id) {

package/src/host/daemon/super-agent-tools/helpers.js

@@ -1,5 +1,6 @@
 import path from "node:path";
 import { agentSkills, buildAgentSystem as buildCoreAgentSystem } from "../../../core/agent-system.js";
+import { buildConfirmDescription } from "../../../core/confirmation/index.js";
 
 export function projectMeta(projects, entry) {
   const meta = projects.list().find((p) => p.id === entry.id);
@@ -79,19 +80,39 @@ export function buildAgentSystem(project, agent, opts = {}) {
   return buildCoreAgentSystem(project, agent, opts);
 }
 
-export function createPermissionGuard(globalConfig = {}, { implicitConfirmation = false } = {}) {
+export function createPermissionGuard(globalConfig = {}, {
+  implicitConfirmation = false,
+  requestConfirmation = null,
+} = {}) {
   const permissionMode = globalConfig.super_agent?.permission_mode || "automatico";
   const allowedTools = new Set(globalConfig.super_agent?.allowed_tools || []);
 
-  return function requirePermission(tool, { dangerous = false, confirmed = false } = {}) {
+  // async so tools can `await requirePermission(...)` and the confirmation
+  // dialog resolves transparently before execution continues.
+  return async function requirePermission(tool, { dangerous = false, confirmed = false, args } = {}) {
     const ok = confirmed || implicitConfirmation;
     if (permissionMode === "total") return;
-    if (permissionMode === "permiso" && !allowedTools.has(tool) && !ok) {
-      throw new Error(`requires_confirmation: permission_mode=permiso blocks ${tool}`);
+
+    const blocked =
+      (permissionMode === "permiso" && !allowedTools.has(tool) && !ok) ||
+      (permissionMode === "automatico" && dangerous && !ok);
+
+    if (!blocked) return;
+
+    const description = buildConfirmDescription(tool, args || {});
+
+    if (!requestConfirmation) {
+      // No confirmation channel wired for this invocation context (e.g. routine,
+      // autonomous agent). Surface a clear message so the model can explain it.
+      throw new Error(`Action requires user confirmation: ${description}`);
     }
-    if (permissionMode === "automatico" && dangerous && !ok) {
-      throw new Error(`requires_confirmation: permission_mode=automatico requires confirmation for ${tool}`);
+
+    const userConfirmed = await requestConfirmation(tool, args || {}, description);
+
+    if (!userConfirmed) {
+      throw new Error(`User did not confirm: ${description}`);
     }
+    // Confirmed — fall through, tool executes normally.
   };
 }
 

package/src/host/daemon/super-agent-tools/index.js

@@ -335,6 +335,7 @@ export function makeToolHandlers(ctx) {
     ...ctx,
     requirePermission: createPermissionGuard(ctx.globalConfig || {}, {
       implicitConfirmation: !!ctx.implicitConfirmation,
+      requestConfirmation: ctx.requestConfirmation || null,
     }),
   };
   return Object.fromEntries(TOOLS.map((tool) => [tool.name, tool.makeHandler(toolCtx)]));

package/src/host/daemon/super-agent-tools/tools/add-project.js

@@ -31,8 +31,8 @@ export default {
       },
     },
   },
-  makeHandler: ({ projects, requirePermission }) => ({ path: projectPath, name, init = true, confirmed = false }) => {
-    requirePermission("add_project", { dangerous: true, confirmed });
+  makeHandler: ({ projects, requirePermission }) => async ({ path: projectPath, name, init = true, confirmed = false }) => {
+    await requirePermission("add_project", { dangerous: true, confirmed, args: { path: projectPath } });
     if (!projectPath) throw new Error("add_project: path required");
 
     const abs = path.resolve(projectPath);

package/src/host/daemon/super-agent-tools/tools/call-mcp.js

@@ -21,7 +21,7 @@ export default {
     },
   },
   makeHandler: ({ projects, registries, requirePermission }) => async ({ project, mcp, tool, args = {}, confirmed = false }) => {
-    requirePermission("call_mcp", { dangerous: true, confirmed });
+    await requirePermission("call_mcp", { dangerous: true, confirmed, args: { mcp, tool } });
     const p = resolveProject(projects, project);
     if (!registries) throw new Error("MCP registry unavailable");
     const registry = registries.for ? registries.for(p) : registries.ensure(p);

package/src/host/daemon/super-agent-tools/tools/call-runtime.js

@@ -174,7 +174,7 @@ export default {
     },
   },
   makeHandler: ({ projects, requirePermission }) => async ({ project, agent: slug, runtime, prompt, resume_session_id = null, timeout_s = 300, confirmed = false }) => {
-    requirePermission("call_runtime", { dangerous: true, confirmed });
+    await requirePermission("call_runtime", { dangerous: true, confirmed, args: { runtime } });
 
     const p = slug ? resolveProjectForAgent(projects, project, slug) : resolveProject(projects, project);
     const agent = slug ? readAgents(p.path).find((a) => a.slug === slug) : null;

package/src/host/daemon/super-agent-tools/tools/edit-file.js

@@ -22,8 +22,8 @@ export default {
       },
     },
   },
-  makeHandler: ({ projects, requirePermission }) => ({ project, path, search, replace, all = false, confirmed = false }) => {
-    requirePermission("edit_file", { dangerous: true, confirmed });
+  makeHandler: ({ projects, requirePermission }) => async ({ project, path, search, replace, all = false, confirmed = false }) => {
+    await requirePermission("edit_file", { dangerous: true, confirmed, args: { path } });
     if (!path) throw new Error("edit_file: path required");
     if (!search) throw new Error("edit_file: search required");
 

package/src/host/daemon/super-agent-tools/tools/import-agent.js

@@ -23,8 +23,8 @@ export default {
       },
     },
   },
-  makeHandler: ({ projects, requirePermission }) => ({ project, agent: slug, confirmed = false }) => {
-    requirePermission("import_agent", { dangerous: true, confirmed });
+  makeHandler: ({ projects, requirePermission }) => async ({ project, agent: slug, confirmed = false }) => {
+    await requirePermission("import_agent", { dangerous: true, confirmed, args: { agent: slug } });
     if (!slug) throw new Error("import_agent: agent required");
 
     const vaultPath = path.join(VAULT_DIR, `${slug}.md`);

package/src/host/daemon/super-agent-tools/tools/run-shell.js

@@ -64,7 +64,7 @@ export default {
     },
   },
   makeHandler: ({ projects, requirePermission }) => async ({ project, cwd = ".", command, timeout_s = 60, confirmed = false }) => {
-    requirePermission("run_shell", { dangerous: !isSafeShellCommand(command), confirmed });
+    await requirePermission("run_shell", { dangerous: !isSafeShellCommand(command), confirmed, args: { command } });
     if (!command) throw new Error("run_shell: command required");
 
     const p = resolveProject(projects, project);

package/src/host/daemon/super-agent-tools/tools/search-files.js

@@ -22,10 +22,7 @@ export default {
       },
     },
   },
-  makeHandler: ({ projects, requirePermission }) => async ({ query, project, path: sub = "." } = {}) => {
-    // Optional permission check if it's considered destructive, but search is safe read-only
-    await requirePermission("search_files", { query, project, path: sub }, "safe");
-    
+  makeHandler: ({ projects }) => async ({ query, project, path: sub = "." } = {}) => {
     const p = resolveProject(projects, project);
     const target = safePathJoin(p.path, sub);
 

package/src/host/daemon/super-agent-tools/tools/send-telegram.js

@@ -87,7 +87,7 @@ export default {
       confirmed = false,
     } = args;
 
-    requirePermission("send_telegram", { dangerous: true, confirmed });
+    await requirePermission("send_telegram", { dangerous: true, confirmed, args: { text } });
     if (!plugins) throw new Error("plugins unavailable");
     const telegram = plugins.get("telegram");
     if (!telegram) throw new Error("telegram plugin not loaded");

package/src/host/daemon/super-agent-tools/tools/set-identity.js

@@ -20,8 +20,8 @@ export default {
       },
     },
   },
-  makeHandler: ({ requirePermission }) => ({ agent_name, owner_name, owner_context, personality, confirmed = false } = {}) => {
-    requirePermission("set_identity", { dangerous: true, confirmed });
+  makeHandler: ({ requirePermission }) => async ({ agent_name, owner_name, owner_context, personality, confirmed = false } = {}) => {
+    await requirePermission("set_identity", { dangerous: true, confirmed, args: { agent_name } });
     const fields = {};
     if (agent_name) fields.agent_name = agent_name;
     if (owner_name) fields.owner_name = owner_name;

package/src/host/daemon/super-agent-tools/tools/set-permission-mode.js

@@ -20,8 +20,8 @@ export default {
       },
     },
   },
-  makeHandler: ({ requirePermission }) => ({ mode, confirmed = false }) => {
-    requirePermission("set_permission_mode", { dangerous: true, confirmed });
+  makeHandler: ({ requirePermission }) => async ({ mode, confirmed = false }) => {
+    await requirePermission("set_permission_mode", { dangerous: true, confirmed, args: { mode } });
     if (!MODES.has(mode)) throw new Error("mode must be total, automatico, or permiso");
     const cfg = readConfig();
     cfg.super_agent = cfg.super_agent || {};

package/src/host/daemon/super-agent-tools/tools/write-file.js

@@ -21,8 +21,8 @@ export default {
       },
     },
   },
-  makeHandler: ({ projects, requirePermission }) => ({ project, path: sub, content, confirmed = false }) => {
-    requirePermission("write_file", { dangerous: true, confirmed });
+  makeHandler: ({ projects, requirePermission }) => async ({ project, path: sub, content, confirmed = false }) => {
+    await requirePermission("write_file", { dangerous: true, confirmed, args: { path: sub } });
     if (!sub) throw new Error("write_file: path required");
     const p = resolveProject(projects, project);
     const target = safePathJoin(p.path, sub);

package/src/host/daemon/super-agent.js

@@ -54,6 +54,10 @@ export async function runSuperAgent({
   // restricts the visible tool schemas to those names; [] means no tools.
   // Used to gate guests/limited roles on Telegram (see resolveAllowedTools).
   allowedTools = "*",
+  // Channel-specific confirmation handler. See run-agent.js for contract.
+  // Null disables human-in-the-loop (tools that need confirmation fail
+  // immediately instead of waiting for user input).
+  requestConfirmation = null,
 }) {
   if (!isSuperAgentEnabled(globalConfig)) {
     throw new Error("super-agent not enabled (set super_agent.enabled and .model in ~/.apx/config.json)");
@@ -114,7 +118,7 @@ export async function runSuperAgent({
     overrideModel,
     toolSchemas,
     makeToolHandlers,
-    toolHandlerCtx: { projects, plugins, registries, globalConfig, channel, toolSession },
+    toolHandlerCtx: { projects, plugins, registries, globalConfig, channel, toolSession, requestConfirmation },
     onEvent,
     signal,
     onToken,

package/src/interfaces/web/package-lock.json

@@ -2598,9 +2598,9 @@
       "license": "MIT"
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.5.368",
-      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.368.tgz",
-      "integrity": "sha512-7RckJJK4uESJF9PxvfMWd3TGqIiieUTG4HxnKaKuIpGbcr+r2ZEB3g2gAhCP3Fqm42vJSzLfgab9eva/C4/XVw==",
+      "version": "1.5.370",
+      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.5.370.tgz",
+      "integrity": "sha512-D5tSHJReAb/Kf3Hu9F/GO4lJuSWzEWHwvQ/kKSUP7pimNgvxkSKj+gUQhHpKKACwrin7rS3byU7IxreF56rl5g==",
       "dev": true,
       "license": "ISC"
     },