@agentprojectcontext/apx 1.31.1 → 1.32.0

package/src/host/daemon/super-agent-tools/tools/run-shell.js

@@ -64,7 +64,7 @@ export default {
     },
   },
   makeHandler: ({ projects, requirePermission }) => async ({ project, cwd = ".", command, timeout_s = 60, confirmed = false }) => {
-    requirePermission("run_shell", { dangerous: !isSafeShellCommand(command), confirmed });
+    await requirePermission("run_shell", { dangerous: !isSafeShellCommand(command), confirmed, args: { command } });
     if (!command) throw new Error("run_shell: command required");
 
     const p = resolveProject(projects, project);

package/src/host/daemon/super-agent-tools/tools/search-files.js

@@ -22,10 +22,7 @@ export default {
       },
     },
   },
-  makeHandler: ({ projects, requirePermission }) => async ({ query, project, path: sub = "." } = {}) => {
-    // Optional permission check if it's considered destructive, but search is safe read-only
-    await requirePermission("search_files", { query, project, path: sub }, "safe");
-    
+  makeHandler: ({ projects }) => async ({ query, project, path: sub = "." } = {}) => {
     const p = resolveProject(projects, project);
     const target = safePathJoin(p.path, sub);
 

package/src/host/daemon/super-agent-tools/tools/send-telegram.js

@@ -87,7 +87,7 @@ export default {
       confirmed = false,
     } = args;
 
-    requirePermission("send_telegram", { dangerous: true, confirmed });
+    await requirePermission("send_telegram", { dangerous: true, confirmed, args: { text } });
     if (!plugins) throw new Error("plugins unavailable");
     const telegram = plugins.get("telegram");
     if (!telegram) throw new Error("telegram plugin not loaded");

package/src/host/daemon/super-agent-tools/tools/set-identity.js

@@ -20,8 +20,8 @@ export default {
       },
     },
   },
-  makeHandler: ({ requirePermission }) => ({ agent_name, owner_name, owner_context, personality, confirmed = false } = {}) => {
-    requirePermission("set_identity", { dangerous: true, confirmed });
+  makeHandler: ({ requirePermission }) => async ({ agent_name, owner_name, owner_context, personality, confirmed = false } = {}) => {
+    await requirePermission("set_identity", { dangerous: true, confirmed, args: { agent_name } });
     const fields = {};
     if (agent_name) fields.agent_name = agent_name;
     if (owner_name) fields.owner_name = owner_name;

package/src/host/daemon/super-agent-tools/tools/set-permission-mode.js

@@ -20,8 +20,8 @@ export default {
       },
     },
   },
-  makeHandler: ({ requirePermission }) => ({ mode, confirmed = false }) => {
-    requirePermission("set_permission_mode", { dangerous: true, confirmed });
+  makeHandler: ({ requirePermission }) => async ({ mode, confirmed = false }) => {
+    await requirePermission("set_permission_mode", { dangerous: true, confirmed, args: { mode } });
     if (!MODES.has(mode)) throw new Error("mode must be total, automatico, or permiso");
     const cfg = readConfig();
     cfg.super_agent = cfg.super_agent || {};

package/src/host/daemon/super-agent-tools/tools/write-file.js

@@ -21,8 +21,8 @@ export default {
       },
     },
   },
-  makeHandler: ({ projects, requirePermission }) => ({ project, path: sub, content, confirmed = false }) => {
-    requirePermission("write_file", { dangerous: true, confirmed });
+  makeHandler: ({ projects, requirePermission }) => async ({ project, path: sub, content, confirmed = false }) => {
+    await requirePermission("write_file", { dangerous: true, confirmed, args: { path: sub } });
     if (!sub) throw new Error("write_file: path required");
     const p = resolveProject(projects, project);
     const target = safePathJoin(p.path, sub);

package/src/host/daemon/super-agent.js

@@ -54,6 +54,10 @@ export async function runSuperAgent({
   // restricts the visible tool schemas to those names; [] means no tools.
   // Used to gate guests/limited roles on Telegram (see resolveAllowedTools).
   allowedTools = "*",
+  // Channel-specific confirmation handler. See run-agent.js for contract.
+  // Null disables human-in-the-loop (tools that need confirmation fail
+  // immediately instead of waiting for user input).
+  requestConfirmation = null,
 }) {
   if (!isSuperAgentEnabled(globalConfig)) {
     throw new Error("super-agent not enabled (set super_agent.enabled and .model in ~/.apx/config.json)");
@@ -114,7 +118,7 @@ export async function runSuperAgent({
     overrideModel,
     toolSchemas,
     makeToolHandlers,
-    toolHandlerCtx: { projects, plugins, registries, globalConfig, channel, toolSession },
+    toolHandlerCtx: { projects, plugins, registries, globalConfig, channel, toolSession, requestConfirmation },
     onEvent,
     signal,
     onToken,

package/src/interfaces/cli/commands/artifact.js

@@ -1,6 +1,40 @@
+import fs from "node:fs";
+import { spawn } from "node:child_process";
+import path from "node:path";
 import { http } from "../http.js";
 import { resolveProjectId } from "./project.js";
 
+// First two bytes of an executable script. Used as a hint when the file
+// doesn't have the exec bit but clearly intends to run (shebang line).
+const SHEBANG = "#!";
+
+// Decide if an artifact is "runnable": exec bit on the file, OR the file
+// starts with a shebang. If shebang-but-not-exec, we set the bit before
+// spawning so `./script` works without the user having to chmod +x.
+function detectRunnable(absPath) {
+  let stat;
+  try {
+    stat = fs.statSync(absPath);
+  } catch {
+    return { runnable: false, reason: "not_found" };
+  }
+  if (!stat.isFile()) return { runnable: false, reason: "not_a_file" };
+  const execBit = (stat.mode & 0o111) !== 0;
+  let hasShebang = false;
+  try {
+    const fd = fs.openSync(absPath, "r");
+    const buf = Buffer.alloc(2);
+    fs.readSync(fd, buf, 0, 2, 0);
+    fs.closeSync(fd);
+    hasShebang = buf.toString("utf8") === SHEBANG;
+  } catch {
+    // ignore: hasShebang stays false
+  }
+  if (execBit) return { runnable: true, reason: "exec_bit", autoChmod: false };
+  if (hasShebang) return { runnable: true, reason: "shebang", autoChmod: true };
+  return { runnable: false, reason: "no_exec_no_shebang" };
+}
+
 export async function cmdArtifactCreate(args) {
   const name = args._[0];
   if (!name) throw new Error("apx artifact create: missing <name>");
@@ -43,3 +77,68 @@ export async function cmdArtifactRemove(args) {
   await http.delete(`/projects/${pid}/artifacts/${encodeURIComponent(name)}`);
   console.log(`removed artifact "${name}"`);
 }
+
+// `apx artifact run <name> [-- args...]`
+//
+// Resolves the artifact's absolute path via the daemon (single source of
+// truth for project storage), then spawns the file LOCALLY with stdio
+// inherited so the caller sees output as if they typed `./artifact <args>`.
+// Detection is lenient: exec bit OR shebang → runnable; shebang-only files
+// get a one-shot chmod +x so the user doesn't have to do it themselves.
+//
+// The remaining argv after `run <name>` is passed straight to the script,
+// so `apx artifact run hello.sh -- hola mundo` becomes `./hello.sh hola mundo`.
+export async function cmdArtifactRun(args) {
+  const name = args._[0];
+  if (!name) throw new Error("apx artifact run: missing <name>");
+  const pid = await resolveProjectId(args?.flags?.project);
+  // Pull the artifact record from the daemon for the absolute path.
+  let entry;
+  try {
+    entry = await http.get(`/projects/${pid}/artifacts/${encodeURIComponent(name)}`);
+  } catch (e) {
+    throw new Error(`artifact "${name}" not found in project #${pid}: ${e.message}`);
+  }
+  const absPath = entry.path;
+  if (!absPath || !fs.existsSync(absPath)) {
+    throw new Error(`artifact "${name}" path missing on disk: ${absPath}`);
+  }
+
+  const detection = detectRunnable(absPath);
+  if (!detection.runnable) {
+    const hint = detection.reason === "no_exec_no_shebang"
+      ? "no es ejecutable (sin shebang ni bit +x). Probá `apx artifact show` para ver el contenido."
+      : `no se puede ejecutar (${detection.reason}).`;
+    throw new Error(`artifact "${name}" ${hint}`);
+  }
+  if (detection.autoChmod) {
+    try {
+      const st = fs.statSync(absPath);
+      fs.chmodSync(absPath, st.mode | 0o111);
+    } catch (e) {
+      throw new Error(`could not chmod +x ${absPath}: ${e.message}`);
+    }
+  }
+
+  // Everything after the artifact name is forwarded to the script. The CLI's
+  // argv parser already strips top-level flags; what's left in `_` is name
+  // + script args.
+  const scriptArgs = (args._ || []).slice(1);
+  const cwd = path.dirname(absPath);
+  const child = spawn(absPath, scriptArgs, { stdio: "inherit", cwd });
+
+  await new Promise((resolve) => {
+    child.on("exit", (code, signal) => {
+      if (signal) {
+        // Killed by signal — surface a non-zero exit for shell pipelines.
+        process.exit(128 + (signal === "SIGINT" ? 2 : 15));
+      }
+      process.exit(code ?? 0);
+    });
+    child.on("error", (err) => {
+      console.error(`apx artifact run: spawn failed — ${err.message}`);
+      resolve();
+      process.exit(1);
+    });
+  });
+}

package/src/interfaces/cli/index.js

@@ -125,6 +125,7 @@ import {
   cmdArtifactList,
   cmdArtifactShow,
   cmdArtifactRemove,
+  cmdArtifactRun,
 } from "./commands/artifact.js";
 import {
   cmdTaskAdd,
@@ -1273,12 +1274,14 @@ const HELP_TOPICS = new Map(Object.entries({
       ["create <name>", "Create a new empty artifact. Prints its absolute path."],
       ["list | ls", "List artifacts in the project."],
       ["show <name>", "Print artifact content."],
+      ["run <name> [args...]", "Execute a runnable artifact (shebang or +x). Stdio is inherited."],
       ["remove | rm <name>", "Delete an artifact."],
     ],
     examples: [
       "apx artifact create check_asana.sh --project 0",
       "apx artifact list",
       "apx artifact show check_asana.sh",
+      "apx artifact run check_asana.sh",
     ],
   }),
   "artifact create": topic({
@@ -2490,6 +2493,7 @@ async function dispatch(cmd, rest) {
         else if (sub === "create" || sub === "new") await cmdArtifactCreate(a);
         else if (sub === "show" || sub === "get") await cmdArtifactShow(a);
         else if (sub === "remove" || sub === "rm") await cmdArtifactRemove(a);
+        else if (sub === "run") await cmdArtifactRun(a);
         else die(`unknown artifact subcommand: ${sub}`);
         break;
       }

package/src/interfaces/cli/terminal-chat/renderer.js

@@ -326,11 +326,31 @@ function transcriptLines(transcript, width) {
       if (isQuestion && trace.args?.questions) {
         addLine(lines, "", C.bg);
         addLine(lines, margin + label + C.muted + " (…)" + C.bg, C.bg);
-        for (const q of trace.args.questions) {
-          const qWrapped = wrapText(`• ${q}`, inner - 2);
+        for (const rawQ of trace.args.questions) {
+          // Rich shape: {question, options[], multiSelect, allowText}. Legacy: string.
+          const q = typeof rawQ === "string" ? { question: rawQ } : (rawQ || {});
+          const qText = typeof q.question === "string" ? q.question : "";
+          if (!qText) continue;
+          const qWrapped = wrapText(`• ${qText}`, inner - 2);
           for (const line of qWrapped) {
             addLine(lines, margin + C.primary + "┃ " + C.text + padAnsi(line, inner - 2), C.bg);
           }
+          const opts = Array.isArray(q.options) ? q.options : [];
+          if (opts.length > 0) {
+            const marker = q.multiSelect ? "[ ]" : "( )";
+            opts.forEach((opt, i) => {
+              const label = (opt && typeof opt === "object" && typeof opt.label === "string")
+                ? opt.label
+                : (typeof opt === "string" ? opt : "");
+              if (!label) return;
+              const desc = (opt && typeof opt === "object" && typeof opt.description === "string")
+                ? ` — ${opt.description}` : "";
+              const optLine = `   ${marker} ${i + 1}. ${label}${desc}`;
+              for (const line of wrapText(optLine, inner - 2)) {
+                addLine(lines, margin + C.primary + "┃ " + C.muted + padAnsi(line, inner - 2), C.bg);
+              }
+            });
+          }
         }
       } else {
         addLine(lines, margin + label + " " + name + C.bg, C.bg);