@agentprojectcontext/apx 1.31.1 → 1.32.0

package/src/host/daemon/plugins/telegram.js

@@ -41,6 +41,9 @@ import { transcribe as transcribeAudioFile } from "../transcription.js";
 import { resolveAgentName, SUPERAGENT_ACTOR_ID } from "../../../core/identity.js";
 import { registerSender, resolveAllowedTools } from "../../../core/telegram-identity.js";
 import { buildRelationshipBlock } from "../../../core/agent/index.js";
+import { getConfirmationStore as getConfirmStore } from "../../../core/confirmation/pending-store.js";
+import { createTelegramConfirmAdapter } from "../../../core/confirmation/adapters/telegram.js";
+import * as askFlow from "./telegram-ask.js";
 
 const API_BASE = "https://api.telegram.org";
 const nowIso = () => new Date().toISOString().replace(/\.\d{3}Z$/, "Z");
@@ -422,6 +425,13 @@ class ChannelPoller {
 
   async _handleUpdate(u) {
     this.lastUpdateAt = nowIso();
+
+    // Inline keyboard button press: route to the confirmation adapter.
+    if (u.callback_query) {
+      await this._handleCallbackQuery(u.callback_query);
+      return;
+    }
+
     const msg = u.message || u.edited_message;
     if (!msg) return;
     const target = this.resolveProject();
@@ -568,6 +578,30 @@ class ChannelPoller {
       text = text ? `${audioBody}\n${text}` : audioBody;
     }
 
+    // If there's a pending ask_questions flow for this chat AND the current
+    // question is free-text, treat this message as the answer rather than a
+    // brand-new turn. Returns true when the message was consumed.
+    if (chat_id && text && await this._maybeConsumeAskTextAnswer({ chat_id, text })) {
+      // Still log the inbound so the chat history records what the user said.
+      appendGlobalMessage({
+        channel: "telegram",
+        direction: "in",
+        type: "user",
+        actor_id: msg.from?.id ? String(msg.from.id) : author,
+        external_id: String(u.update_id),
+        author,
+        body: text,
+        meta: {
+          chat_id,
+          user_id: msg.from?.id || null,
+          message_id: msg.message_id,
+          tg_channel: this.channel.name,
+          ask_answer: true,
+        },
+      });
+      return;
+    }
+
     // /reset or /new wipes the rolling context for this chat. We just
     // remember a marker timestamp; subsequent inbounds will only consider
     // history newer than this. Implemented by writing a synthetic message
@@ -806,6 +840,12 @@ class ChannelPoller {
         }
       };
 
+      const confirmAdapter = createTelegramConfirmAdapter({
+        token: resolveBotToken(this.channel),
+        chatId: chat_id,
+        pendingStore: getConfirmStore(),
+      });
+
       try {
         const sa = await runSuperAgent({
           globalConfig: this.globalConfig,
@@ -826,12 +866,42 @@ class ChannelPoller {
           }),
           signal: abortCtrl.signal,
           onEvent,
+          requestConfirmation: confirmAdapter.requestConfirmation,
         });
         replyText = sa.text;
         replyAuthor = sa.name || agentDisplay;
         replyActorId = SUPERAGENT_ACTOR_ID;
         replyKind = "superagent";
         saUsage = sa.usage;
+
+        // ── ask_questions integration ────────────────────────────────────
+        // If the super-agent ended this turn by calling ask_questions, hand
+        // off to the inline-keyboard flow instead of sending the bare
+        // assistant text. The flow keeps state per chat_id and re-runs the
+        // super-agent once every answer is collected.
+        const askQuestions = askFlow.extractAskQuestionsFromTrace(sa.trace);
+        if (askQuestions && chat_id) {
+          if (chat_id) this.activeRequests.delete(chat_id);
+          stopTyping();
+          try {
+            await this._startAskFlow({
+              chat_id,
+              projectId: target?.id,
+              authorId: msg.from?.id,
+              questions: askQuestions,
+              author,
+              agentDisplay,
+              relationshipBlock,
+              allowedTools,
+              target,
+              sender,
+              update_id: u.update_id,
+            });
+          } catch (e) {
+            this.log(`telegram[${this.channel.name}] ask flow start failed: ${e.message}`);
+          }
+          return; // The reply for this turn IS the ask flow.
+        }
       } catch (e) {
         if (abortCtrl.signal.aborted) {
           // A newer message superseded this one. Whatever streamed so far is
@@ -911,6 +981,250 @@ class ChannelPoller {
     }
   }
 
+  async _handleCallbackQuery(callbackQuery) {
+    // Route ask_questions button presses before the confirmation adapter —
+    // both use `apx:<verb>:...` namespacing but ask owns its own state.
+    const data = callbackQuery.data || "";
+    if (data.startsWith("apx:ask:")) {
+      await this._handleAskCallback(callbackQuery);
+      return;
+    }
+
+    const adapter = createTelegramConfirmAdapter({
+      token: resolveBotToken(this.channel),
+      chatId: callbackQuery.message?.chat?.id,
+      pendingStore: getConfirmStore(),
+    });
+    const handled = await adapter.handleCallbackQuery(callbackQuery);
+    if (!handled) {
+      this.log(`telegram[${this.channel.name}] unhandled callback_query: ${callbackQuery.data}`);
+    }
+  }
+
+  // ── ask_questions: state-machine helpers ───────────────────────────────
+  // The flow lives in telegram-ask.js; this class owns the I/O (sending
+  // messages, editing keyboards, re-entering the super-agent loop with the
+  // compiled answer once the flow finishes).
+
+  async _renderQuestion(state) {
+    const text = askFlow.formatQuestionText(state);
+    const reply_markup = askFlow.buildKeyboard(state);
+    // If we already have a message for the previous question, leave its
+    // keyboard wiped — we draw a fresh message per question for clearer
+    // history in the chat (the question text stays as a record).
+    if (state.messageId) {
+      try {
+        await this._editKeyboard({
+          chat_id: state.chatId,
+          message_id: state.messageId,
+          reply_markup: { inline_keyboard: [] },
+        });
+      } catch { /* best-effort */ }
+    }
+    const sent = await this._send({
+      chat_id: state.chatId,
+      text,
+      reply_markup,
+      parse_mode: "Markdown",
+    });
+    state.messageId = sent?.message_id || null;
+    askFlow.saveState(state.chatId, state);
+  }
+
+  // Kick off a brand-new ask flow after the super-agent called ask_questions.
+  // The flow's `resume` callback captures the per-turn context (sender,
+  // relationship, project) so when the compiled answer arrives we can run
+  // another super-agent turn without retyping all the inputs.
+  async _startAskFlow(ctx) {
+    const state = askFlow.startFlow({
+      chatId: ctx.chat_id,
+      projectId: ctx.projectId,
+      authorId: ctx.authorId,
+      questions: ctx.questions,
+      resume: async (compiled) => {
+        await this._runResumedTurn({ ...ctx, compiled });
+      },
+    });
+    await this._renderQuestion(state);
+  }
+
+  // Apply an inline-keyboard press, then react: redraw, advance, or finish.
+  async _handleAskCallback(callbackQuery) {
+    const chatId = callbackQuery.message?.chat?.id;
+    if (!chatId) return;
+    const result = askFlow.applyCallback(chatId, callbackQuery.data || "");
+    // Ack the press regardless — keeps the spinner from hanging client-side.
+    await this._answerCallback({ callback_query_id: callbackQuery.id });
+    if (!result) return; // stale or unknown — adapter already ack'd.
+
+    if (result.action === "redraw") {
+      // Multi-select toggle: just refresh the keyboard on the SAME message.
+      try {
+        await this._editKeyboard({
+          chat_id: chatId,
+          message_id: callbackQuery.message?.message_id,
+          reply_markup: askFlow.buildKeyboard(result.state),
+        });
+      } catch (e) {
+        this.log(`telegram[${this.channel.name}] redraw failed: ${e.message}`);
+      }
+      return;
+    }
+    if (result.action === "advance") {
+      await this._renderQuestion(result.state);
+      return;
+    }
+    if (result.action === "cancel") {
+      try {
+        await this._editKeyboard({
+          chat_id: chatId,
+          message_id: callbackQuery.message?.message_id,
+          reply_markup: { inline_keyboard: [] },
+        });
+        await this._send({ chat_id: chatId, text: "Pregunta cancelada." });
+      } catch { /* best-effort */ }
+      return;
+    }
+    if (result.action === "done") {
+      try {
+        await this._editKeyboard({
+          chat_id: chatId,
+          message_id: callbackQuery.message?.message_id,
+          reply_markup: { inline_keyboard: [] },
+        });
+      } catch { /* best-effort */ }
+      // Feed the compiled answer back as a synthetic user turn.
+      if (typeof result.state.resume === "function") {
+        await result.state.resume(result.compiled);
+      }
+    }
+  }
+
+  // Apply a free-text user reply when there's a pending free-text question.
+  // Returns true iff the message was consumed by the ask flow (so the normal
+  // super-agent path should be skipped for this update).
+  async _maybeConsumeAskTextAnswer({ chat_id, text }) {
+    if (!chat_id || !text) return false;
+    if (!askFlow.hasPendingFreeText(chat_id)) return false;
+    const state = askFlow.applyTextAnswer(chat_id, text);
+    if (!state) return false;
+    // Advance: emit a synthetic "next" to move past this question.
+    const next = askFlow.applyCallback(
+      chat_id,
+      `apx:ask:${state.correlationId}:next`,
+    );
+    if (!next) return true;
+    if (next.action === "advance") {
+      await this._renderQuestion(next.state);
+      return true;
+    }
+    if (next.action === "done") {
+      if (typeof next.state.resume === "function") {
+        await next.state.resume(next.compiled);
+      }
+      return true;
+    }
+    return true;
+  }
+
+  // Run a follow-up super-agent turn with the compiled answers as the user
+  // prompt. Mirrors the post-runSuperAgent reply path in _handleUpdate but
+  // skipped of the photo/audio/reset preamble. Re-enters the ask flow if the
+  // model decides to ask again.
+  async _runResumedTurn(ctx) {
+    const { chat_id, compiled, target, relationshipBlock, allowedTools, author, agentDisplay, update_id, sender, authorId } = ctx;
+    if (!chat_id) return;
+    // Log the synthetic user message so getRecentTelegramTurnsFromFs picks
+    // it up on the NEXT inbound. Mirrors how a normal text reply would be
+    // recorded.
+    appendGlobalMessage({
+      channel: "telegram",
+      direction: "in",
+      type: "user",
+      actor_id: authorId ? String(authorId) : (author || "ask_flow"),
+      external_id: `ask-${Date.now()}`,
+      author: author || "user",
+      body: compiled,
+      meta: {
+        chat_id,
+        user_id: authorId || null,
+        tg_channel: this.channel.name,
+        ask_flow: true,
+      },
+    });
+
+    const previousMessages = getRecentTelegramTurnsFromFs({
+      chat_id,
+      keepRecent: 40,
+      max_age_hours: 24,
+    });
+
+    const stopTyping = this._startTyping(chat_id);
+    try {
+      const sa = await runSuperAgent({
+        globalConfig: this.globalConfig,
+        projects: this.projects,
+        plugins: this.plugins,
+        registries: this.registries,
+        prompt: compiled,
+        previousMessages,
+        channel: "telegram",
+        relationshipBlock,
+        allowedTools,
+        channelMeta: { channel: "telegram", chat_id, author, route_to_agent: this.channel.route_to_agent },
+      });
+      stopTyping();
+
+      // Did the model ask again? Restart the flow instead of replying.
+      const followupAsk = askFlow.extractAskQuestionsFromTrace(sa.trace);
+      if (followupAsk) {
+        await this._startAskFlow({
+          chat_id,
+          projectId: target?.id,
+          authorId,
+          questions: followupAsk,
+          author,
+          agentDisplay,
+          relationshipBlock,
+          allowedTools,
+          target,
+          sender,
+          update_id,
+        });
+        return;
+      }
+
+      const replyText = sa.text ? stripThinking(sa.text).trim() : "";
+      if (replyText) {
+        await this._send({ chat_id, text: replyText });
+        appendGlobalMessage({
+          channel: "telegram",
+          direction: "out",
+          type: "agent",
+          actor_id: SUPERAGENT_ACTOR_ID,
+          actor_kind: "superagent",
+          agent_slug: SUPERAGENT_ACTOR_ID,
+          author: sa.name || agentDisplay,
+          body: replyText,
+          meta: {
+            chat_id,
+            tg_channel: this.channel.name,
+            in_reply_to: update_id,
+            final: true,
+            ask_resume: true,
+            ...(sa.usage ? { usage: sa.usage } : {}),
+          },
+        });
+      }
+    } catch (e) {
+      stopTyping();
+      this.log(`telegram[${this.channel.name}] ask resume failed: ${e.message}`);
+      try {
+        await this._send({ chat_id, text: `⚠️ Error procesando tus respuestas (${e.message}).` });
+      } catch { /* best-effort */ }
+    }
+  }
+
   // Show "typing..." indicator in the chat. Telegram clears it automatically
   // after 5 seconds, so call this every ~4s while a long operation is going.
   async _typing(chat_id) {
@@ -943,22 +1257,64 @@ class ChannelPoller {
     return () => { stopped = true; };
   }
 
-  async _send({ chat_id, text }) {
+  async _send({ chat_id, text, reply_markup, parse_mode }) {
     const token = resolveBotToken(this.channel);
     if (!token) throw new Error(`channel ${this.channel.name}: no bot_token`);
     const target = chat_id || resolveChatId(this.channel);
     if (!target) throw new Error(`channel ${this.channel.name}: no chat_id`);
     const url = `${API_BASE}/bot${token}/sendMessage`;
+    const body = { chat_id: target, text };
+    if (reply_markup) body.reply_markup = reply_markup;
+    if (parse_mode) body.parse_mode = parse_mode;
     const res = await fetch(url, {
       method: "POST",
       headers: { "content-type": "application/json" },
-      body: JSON.stringify({ chat_id: target, text }),
+      body: JSON.stringify(body),
     });
     const json = await res.json();
     if (!json.ok) throw new Error(json.description || `send failed (${res.status})`);
     return json.result;
   }
 
+  // Replace just the inline keyboard on a previously-sent message (used to
+  // refresh after a multi-select toggle, or to wipe buttons once the flow
+  // has moved on). Best-effort: failures are logged but don't break the flow.
+  async _editKeyboard({ chat_id, message_id, reply_markup }) {
+    const token = resolveBotToken(this.channel);
+    if (!token) return;
+    try {
+      const url = `${API_BASE}/bot${token}/editMessageReplyMarkup`;
+      const body = { chat_id, message_id };
+      if (reply_markup) body.reply_markup = reply_markup;
+      await fetch(url, {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify(body),
+      });
+    } catch (e) {
+      this.log(`telegram[${this.channel.name}] editMessageReplyMarkup failed: ${e.message}`);
+    }
+  }
+
+  // Acknowledge a callback button press so the user's Telegram client clears
+  // the spinner on the tapped button. Optional `text` shows a small toast.
+  async _answerCallback({ callback_query_id, text }) {
+    const token = resolveBotToken(this.channel);
+    if (!token) return;
+    try {
+      const url = `${API_BASE}/bot${token}/answerCallbackQuery`;
+      const body = { callback_query_id };
+      if (text) body.text = text;
+      await fetch(url, {
+        method: "POST",
+        headers: { "content-type": "application/json" },
+        body: JSON.stringify(body),
+      });
+    } catch (e) {
+      this.log(`telegram[${this.channel.name}] answerCallbackQuery failed: ${e.message}`);
+    }
+  }
+
   /** Send a photo via this channel */
   async _sendPhoto({ chat_id, photo, caption, parse_mode }) {
     const token = resolveBotToken(this.channel);

package/src/host/daemon/super-agent-tools/helpers.js

@@ -1,5 +1,6 @@
 import path from "node:path";
 import { agentSkills, buildAgentSystem as buildCoreAgentSystem } from "../../../core/agent-system.js";
+import { buildConfirmDescription } from "../../../core/confirmation/index.js";
 
 export function projectMeta(projects, entry) {
   const meta = projects.list().find((p) => p.id === entry.id);
@@ -79,19 +80,39 @@ export function buildAgentSystem(project, agent, opts = {}) {
   return buildCoreAgentSystem(project, agent, opts);
 }
 
-export function createPermissionGuard(globalConfig = {}, { implicitConfirmation = false } = {}) {
+export function createPermissionGuard(globalConfig = {}, {
+  implicitConfirmation = false,
+  requestConfirmation = null,
+} = {}) {
   const permissionMode = globalConfig.super_agent?.permission_mode || "automatico";
   const allowedTools = new Set(globalConfig.super_agent?.allowed_tools || []);
 
-  return function requirePermission(tool, { dangerous = false, confirmed = false } = {}) {
+  // async so tools can `await requirePermission(...)` and the confirmation
+  // dialog resolves transparently before execution continues.
+  return async function requirePermission(tool, { dangerous = false, confirmed = false, args } = {}) {
     const ok = confirmed || implicitConfirmation;
     if (permissionMode === "total") return;
-    if (permissionMode === "permiso" && !allowedTools.has(tool) && !ok) {
-      throw new Error(`requires_confirmation: permission_mode=permiso blocks ${tool}`);
+
+    const blocked =
+      (permissionMode === "permiso" && !allowedTools.has(tool) && !ok) ||
+      (permissionMode === "automatico" && dangerous && !ok);
+
+    if (!blocked) return;
+
+    const description = buildConfirmDescription(tool, args || {});
+
+    if (!requestConfirmation) {
+      // No confirmation channel wired for this invocation context (e.g. routine,
+      // autonomous agent). Surface a clear message so the model can explain it.
+      throw new Error(`Action requires user confirmation: ${description}`);
     }
-    if (permissionMode === "automatico" && dangerous && !ok) {
-      throw new Error(`requires_confirmation: permission_mode=automatico requires confirmation for ${tool}`);
+
+    const userConfirmed = await requestConfirmation(tool, args || {}, description);
+
+    if (!userConfirmed) {
+      throw new Error(`User did not confirm: ${description}`);
     }
+    // Confirmed — fall through, tool executes normally.
   };
 }
 

package/src/host/daemon/super-agent-tools/index.js

@@ -335,6 +335,7 @@ export function makeToolHandlers(ctx) {
     ...ctx,
     requirePermission: createPermissionGuard(ctx.globalConfig || {}, {
       implicitConfirmation: !!ctx.implicitConfirmation,
+      requestConfirmation: ctx.requestConfirmation || null,
     }),
   };
   return Object.fromEntries(TOOLS.map((tool) => [tool.name, tool.makeHandler(toolCtx)]));

package/src/host/daemon/super-agent-tools/tools/add-project.js

@@ -31,8 +31,8 @@ export default {
       },
     },
   },
-  makeHandler: ({ projects, requirePermission }) => ({ path: projectPath, name, init = true, confirmed = false }) => {
-    requirePermission("add_project", { dangerous: true, confirmed });
+  makeHandler: ({ projects, requirePermission }) => async ({ path: projectPath, name, init = true, confirmed = false }) => {
+    await requirePermission("add_project", { dangerous: true, confirmed, args: { path: projectPath } });
     if (!projectPath) throw new Error("add_project: path required");
 
     const abs = path.resolve(projectPath);

package/src/host/daemon/super-agent-tools/tools/ask-questions.js

@@ -1,3 +1,38 @@
+// Normalize a raw question entry into the canonical shape rendered by every
+// surface (web InlineAskPanel, future desktop/telegram/CLI). The model can
+// pass either a plain string (legacy) or a rich object with options.
+function normalizeQuestion(q) {
+  if (typeof q === "string") {
+    return { question: q, options: [], multiSelect: false, allowText: true };
+  }
+  if (!q || typeof q !== "object") return null;
+  const text = typeof q.question === "string" ? q.question : "";
+  if (!text) return null;
+  const options = Array.isArray(q.options)
+    ? q.options
+        .map((o) => {
+          if (typeof o === "string") return { label: o };
+          if (o && typeof o === "object" && typeof o.label === "string") {
+            return {
+              label: o.label,
+              description: typeof o.description === "string" ? o.description : undefined,
+            };
+          }
+          return null;
+        })
+        .filter(Boolean)
+    : [];
+  return {
+    question: text,
+    header: typeof q.header === "string" ? q.header : undefined,
+    options,
+    multiSelect: q.multiSelect === true,
+    // Free-text fallback: on by default. Set false explicitly to force a
+    // pick from `options`. Has no effect when options is empty.
+    allowText: q.allowText === false ? false : true,
+  };
+}
+
 export default {
   name: "ask_questions",
   schema: {
@@ -7,26 +42,74 @@ export default {
     type: "function",
     function: {
       name: "ask_questions",
-      description: "Ask the user one or more specific questions to clarify the task or gather requirements.",
+      description:
+        "Ask the user one or more questions when you genuinely need input to proceed. " +
+        "Each question can be free-text OR a selectable list of options (single- or multi-select). " +
+        "Call this ONCE per turn — the loop hands control back to the user immediately.",
       parameters: {
         type: "object",
         properties: {
           questions: {
             type: "array",
-            items: { type: "string" },
-            description: "A list of questions for the user."
-          }
+            description:
+              "Questions for the user. Each item is an object with the question text " +
+              "and optional `options` for selectable answers (single- or multi-select). " +
+              "Leave `options` empty for free-text questions.",
+            items: {
+              type: "object",
+              properties: {
+                question: { type: "string", description: "The question text." },
+                header: {
+                  type: "string",
+                  description: "Optional short chip (≤12 chars) shown next to the question.",
+                },
+                options: {
+                  type: "array",
+                  description:
+                    "Selectable answers. Omit or leave empty for a free-text question. " +
+                    "Prefer 2–4 distinct, mutually-exclusive choices.",
+                  items: {
+                    type: "object",
+                    properties: {
+                      label: { type: "string", description: "Visible label." },
+                      description: {
+                        type: "string",
+                        description: "Optional explanation shown under the label.",
+                      },
+                    },
+                    required: ["label"],
+                  },
+                },
+                multiSelect: {
+                  type: "boolean",
+                  description:
+                    "true → user can pick several options (checkboxes). Default false (single-select).",
+                },
+                allowText: {
+                  type: "boolean",
+                  description:
+                    "When options is non-empty, also show an 'Otro' free-text field. Default true.",
+                },
+              },
+              required: ["question"],
+            },
+          },
         },
-        required: ["questions"]
-      }
-    }
+        required: ["questions"],
+      },
+    },
   },
   makeHandler: () => async ({ questions }) => {
-    // This tool is used by the agent to explicitly signal that it is waiting for 
-    // answers to specific questions. The UI can then highlight these.
-    return { 
-      status: "Questions presented to user. Waiting for input.", 
-      count: questions.length 
+    // Normalize so downstream code (UI panels, persistence) always sees the
+    // canonical shape. The agent loop treats this tool as turn-ending
+    // (see TURN_ENDING_TOOLS in src/core/agent/constants.js).
+    const normalized = Array.isArray(questions)
+      ? questions.map(normalizeQuestion).filter(Boolean)
+      : [];
+    return {
+      status: "Questions presented to user. Waiting for input.",
+      count: normalized.length,
+      questions: normalized,
     };
-  }
+  },
 };

package/src/host/daemon/super-agent-tools/tools/call-mcp.js

@@ -21,7 +21,7 @@ export default {
     },
   },
   makeHandler: ({ projects, registries, requirePermission }) => async ({ project, mcp, tool, args = {}, confirmed = false }) => {
-    requirePermission("call_mcp", { dangerous: true, confirmed });
+    await requirePermission("call_mcp", { dangerous: true, confirmed, args: { mcp, tool } });
     const p = resolveProject(projects, project);
     if (!registries) throw new Error("MCP registry unavailable");
     const registry = registries.for ? registries.for(p) : registries.ensure(p);

package/src/host/daemon/super-agent-tools/tools/call-runtime.js

@@ -174,7 +174,7 @@ export default {
     },
   },
   makeHandler: ({ projects, requirePermission }) => async ({ project, agent: slug, runtime, prompt, resume_session_id = null, timeout_s = 300, confirmed = false }) => {
-    requirePermission("call_runtime", { dangerous: true, confirmed });
+    await requirePermission("call_runtime", { dangerous: true, confirmed, args: { runtime } });
 
     const p = slug ? resolveProjectForAgent(projects, project, slug) : resolveProject(projects, project);
     const agent = slug ? readAgents(p.path).find((a) => a.slug === slug) : null;

package/src/host/daemon/super-agent-tools/tools/edit-file.js

@@ -22,8 +22,8 @@ export default {
       },
     },
   },
-  makeHandler: ({ projects, requirePermission }) => ({ project, path, search, replace, all = false, confirmed = false }) => {
-    requirePermission("edit_file", { dangerous: true, confirmed });
+  makeHandler: ({ projects, requirePermission }) => async ({ project, path, search, replace, all = false, confirmed = false }) => {
+    await requirePermission("edit_file", { dangerous: true, confirmed, args: { path } });
     if (!path) throw new Error("edit_file: path required");
     if (!search) throw new Error("edit_file: search required");
 

package/src/host/daemon/super-agent-tools/tools/import-agent.js

@@ -23,8 +23,8 @@ export default {
       },
     },
   },
-  makeHandler: ({ projects, requirePermission }) => ({ project, agent: slug, confirmed = false }) => {
-    requirePermission("import_agent", { dangerous: true, confirmed });
+  makeHandler: ({ projects, requirePermission }) => async ({ project, agent: slug, confirmed = false }) => {
+    await requirePermission("import_agent", { dangerous: true, confirmed, args: { agent: slug } });
     if (!slug) throw new Error("import_agent: agent required");
 
     const vaultPath = path.join(VAULT_DIR, `${slug}.md`);