@agi-cli/server 0.1.139 → 0.1.141

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@agi-cli/server",
-	"version": "0.1.139",
+	"version": "0.1.141",
 	"description": "HTTP API server for AGI CLI",
 	"type": "module",
 	"main": "./src/index.ts",
@@ -29,8 +29,8 @@
 		"typecheck": "tsc --noEmit"
 	},
 	"dependencies": {
-		"@agi-cli/sdk": "0.1.139",
-		"@agi-cli/database": "0.1.139",
+		"@agi-cli/sdk": "0.1.141",
+		"@agi-cli/database": "0.1.141",
 		"drizzle-orm": "^0.44.5",
 		"hono": "^4.9.9",
 		"zod": "^4.1.8"

package/src/events/types.ts

@@ -1,4 +1,6 @@
 export type AGIEventType =
+	| 'tool.approval.required'
+	| 'tool.approval.resolved'
 	| 'solforge.payment.required'
 	| 'solforge.payment.signing'
 	| 'solforge.payment.complete'

package/src/index.ts

@@ -16,6 +16,7 @@ import { registerTerminalsRoutes } from './routes/terminals.ts';
 import { registerSessionFilesRoutes } from './routes/session-files.ts';
 import { registerBranchRoutes } from './routes/branch.ts';
 import { registerResearchRoutes } from './routes/research.ts';
+import { registerSessionApprovalRoute } from './routes/session-approval.ts';
 import { registerSolforgeRoutes } from './routes/solforge.ts';
 import type { AgentConfigEntry } from './runtime/agent/registry.ts';
 
@@ -59,6 +60,7 @@ function initApp() {
 	registerRootRoutes(app);
 	registerOpenApiRoute(app);
 	registerSessionsRoutes(app);
+	registerSessionApprovalRoute(app);
 	registerSessionMessagesRoutes(app);
 	registerSessionStreamRoute(app);
 	registerAskRoutes(app);
@@ -128,6 +130,7 @@ export function createStandaloneApp(_config?: StandaloneAppConfig) {
 	registerRootRoutes(honoApp);
 	registerOpenApiRoute(honoApp);
 	registerSessionsRoutes(honoApp);
+	registerSessionApprovalRoute(honoApp);
 	registerSessionMessagesRoutes(honoApp);
 	registerSessionStreamRoute(honoApp);
 	registerAskRoutes(honoApp);
@@ -225,6 +228,7 @@ export function createEmbeddedApp(config: EmbeddedAppConfig = {}) {
 	registerRootRoutes(honoApp);
 	registerOpenApiRoute(honoApp);
 	registerSessionsRoutes(honoApp);
+	registerSessionApprovalRoute(honoApp);
 	registerSessionMessagesRoutes(honoApp);
 	registerSessionStreamRoute(honoApp);
 	registerAskRoutes(honoApp);

package/src/openapi/schemas.ts

@@ -91,8 +91,8 @@ export const schemas = {
 			createdAt: { type: 'integer', format: 'int64' },
 			completedAt: { type: 'integer', format: 'int64', nullable: true },
 			latencyMs: { type: 'integer', nullable: true },
-			promptTokens: { type: 'integer', nullable: true },
-			completionTokens: { type: 'integer', nullable: true },
+			inputTokens: { type: 'integer', nullable: true },
+			outputTokens: { type: 'integer', nullable: true },
 			totalTokens: { type: 'integer', nullable: true },
 			error: { type: 'string', nullable: true },
 		},
@@ -206,7 +206,7 @@ export const schemas = {
 			id: { type: 'string' },
 			label: { type: 'string' },
 			toolCall: { type: 'boolean' },
-			reasoning: { type: 'boolean' },
+			reasoningText: { type: 'boolean' },
 		},
 		required: ['id', 'label'],
 	},

package/src/routes/config/defaults.ts

@@ -11,6 +11,7 @@ export function registerDefaultsRoute(app: Hono) {
 				agent?: string;
 				provider?: string;
 				model?: string;
+				toolApproval?: 'auto' | 'dangerous' | 'all';
 				scope?: 'global' | 'local';
 			}>();
 
@@ -19,11 +20,13 @@ export function registerDefaultsRoute(app: Hono) {
 				agent: string;
 				provider: string;
 				model: string;
+				toolApproval: 'auto' | 'dangerous' | 'all';
 			}> = {};
 
 			if (body.agent) updates.agent = body.agent;
 			if (body.provider) updates.provider = body.provider;
 			if (body.model) updates.model = body.model;
+			if (body.toolApproval) updates.toolApproval = body.toolApproval;
 
 			await setConfig(scope, updates, projectRoot);
 

package/src/routes/config/main.ts

@@ -52,6 +52,11 @@ export function registerMainConfigRoute(app: Hono) {
 					embeddedConfig?.defaults?.model,
 					cfg.defaults.model,
 				),
+				toolApproval: getDefault(
+					undefined,
+					embeddedConfig?.defaults?.toolApproval,
+					cfg.defaults.toolApproval,
+				) as 'auto' | 'dangerous' | 'all',
 			};
 
 			return c.json({

package/src/routes/config/models.ts

@@ -59,7 +59,7 @@ export function registerModelsRoutes(app: Hono) {
 					id: m.id,
 					label: m.label || m.id,
 					toolCall: m.toolCall,
-					reasoning: m.reasoning,
+					reasoningText: m.reasoningText,
 					vision: m.modalities?.input?.includes('image') ?? false,
 				})),
 				default: getDefault(
@@ -97,7 +97,7 @@ export function registerModelsRoutes(app: Hono) {
 						id: string;
 						label: string;
 						toolCall?: boolean;
-						reasoning?: boolean;
+						reasoningText?: boolean;
 					}>;
 				}
 			> = {};
@@ -122,7 +122,7 @@ export function registerModelsRoutes(app: Hono) {
 							id: m.id,
 							label: m.label || m.id,
 							toolCall: m.toolCall,
-							reasoning: m.reasoning,
+							reasoningText: m.reasoningText,
 							vision: m.modalities?.input?.includes('image') ?? false,
 						})),
 					};

package/src/routes/git/commit.ts

@@ -159,7 +159,7 @@ Commit message:`;
 				model,
 				system: systemPrompt,
 				prompt: userPrompt,
-				maxTokens: 500,
+				maxOutputTokens: 500,
 			});
 
 			const message = text.trim();

package/src/routes/git/schemas.ts

@@ -1,4 +1,4 @@
-import { z } from 'zod';
+import { z } from 'zod/v3';
 
 export const gitStatusSchema = z.object({
 	project: z.string().optional(),

package/src/routes/session-approval.ts

@@ -0,0 +1,53 @@
+import type { Hono } from 'hono';
+import {
+	resolveApproval,
+	getPendingApprovalsForSession,
+} from '../runtime/tools/approval.ts';
+
+export function registerSessionApprovalRoute(app: Hono) {
+	app.post('/v1/sessions/:id/approval', async (c) => {
+		const sessionId = c.req.param('id');
+		const body = await c.req.json<{
+			callId: string;
+			approved: boolean;
+		}>();
+
+		if (!body.callId) {
+			return c.json({ ok: false, error: 'callId is required' }, 400);
+		}
+
+		if (typeof body.approved !== 'boolean') {
+			return c.json({ ok: false, error: 'approved must be a boolean' }, 400);
+		}
+
+		console.log('[approval-route] Received approval request', {
+			sessionId,
+			callId: body.callId,
+			approved: body.approved,
+		});
+
+		const result = resolveApproval(body.callId, body.approved);
+
+		if (!result.ok) {
+			return c.json(result, 404);
+		}
+
+		return c.json({ ok: true, callId: body.callId, approved: body.approved });
+	});
+
+	app.get('/v1/sessions/:id/approval/pending', async (c) => {
+		const sessionId = c.req.param('id');
+		const pending = getPendingApprovalsForSession(sessionId);
+
+		return c.json({
+			ok: true,
+			pending: pending.map((p) => ({
+				callId: p.callId,
+				toolName: p.toolName,
+				args: p.args,
+				messageId: p.messageId,
+				createdAt: p.createdAt,
+			})),
+		});
+	});
+}

package/src/routes/session-messages.ts

@@ -122,7 +122,7 @@ export function registerSessionMessagesRoutes(app: Hono) {
 				typeOf: typeof userContext,
 			});
 
-			const reasoning = body?.reasoning === true;
+			const reasoning = body?.reasoningText === true;
 
 			// Validate model capabilities if tools are allowed for this agent
 			const wantsToolCalls = true; // agent toolset may be non-empty
@@ -156,7 +156,7 @@ export function registerSessionMessagesRoutes(app: Hono) {
 				content,
 				oneShot: Boolean(body?.oneShot),
 				userContext,
-				reasoning,
+				reasoningText: reasoning,
 				images,
 				files,
 			});

package/src/runtime/agent/runner-setup.ts

@@ -1,4 +1,4 @@
-import { loadConfig, catalog } from '@agi-cli/sdk';
+import { loadConfig, getUnderlyingProviderKey } from '@agi-cli/sdk';
 import { getDb } from '@agi-cli/database';
 import { sessions } from '@agi-cli/database/schema';
 import { eq } from 'drizzle-orm';
@@ -40,16 +40,6 @@ export interface SetupResult {
 
 const THINKING_BUDGET = 16000;
 
-function getSolforgeUnderlyingProvider(
-	model: string,
-): 'anthropic' | 'openai' | null {
-	const entry = catalog.solforge?.models?.find((m) => m.id === model);
-	const npm = entry?.provider?.npm;
-	if (npm === '@ai-sdk/anthropic') return 'anthropic';
-	if (npm === '@ai-sdk/openai') return 'openai';
-	return null;
-}
-
 export async function setupRunner(opts: RunOpts): Promise<SetupResult> {
 	const cfgTimer = time('runner:loadConfig+db');
 	const cfg = await loadConfig(opts.projectRoot);
@@ -231,36 +221,31 @@ export async function setupRunner(opts: RunOpts): Promise<SetupResult> {
 	const providerOptions: Record<string, unknown> = {};
 	let effectiveMaxOutputTokens = maxOutputTokens;
 
-	if (opts.reasoning) {
-		if (opts.provider === 'anthropic') {
+	if (opts.reasoningText) {
+		const underlyingProvider = getUnderlyingProviderKey(
+			opts.provider,
+			opts.model,
+		);
+
+		if (underlyingProvider === 'anthropic') {
 			providerOptions.anthropic = {
 				thinking: { type: 'enabled', budgetTokens: THINKING_BUDGET },
 			};
 			if (maxOutputTokens && maxOutputTokens > THINKING_BUDGET) {
 				effectiveMaxOutputTokens = maxOutputTokens - THINKING_BUDGET;
 			}
-		} else if (opts.provider === 'openai') {
+		} else if (underlyingProvider === 'openai') {
 			providerOptions.openai = {
 				reasoningSummary: 'auto',
 			};
-		} else if (opts.provider === 'google') {
+		} else if (underlyingProvider === 'google') {
 			providerOptions.google = {
 				thinkingConfig: { thinkingBudget: THINKING_BUDGET },
 			};
-		} else if (opts.provider === 'solforge') {
-			const underlying = getSolforgeUnderlyingProvider(opts.model);
-			if (underlying === 'anthropic') {
-				providerOptions.anthropic = {
-					thinking: { type: 'enabled', budgetTokens: THINKING_BUDGET },
-				};
-				if (maxOutputTokens && maxOutputTokens > THINKING_BUDGET) {
-					effectiveMaxOutputTokens = maxOutputTokens - THINKING_BUDGET;
-				}
-			} else if (underlying === 'openai') {
-				providerOptions.openai = {
-					reasoningSummary: 'auto',
-				};
-			}
+		} else if (underlyingProvider === 'openai-compatible') {
+			providerOptions['openai-compatible'] = {
+				reasoningEffort: 'high',
+			};
 		}
 	}
 

package/src/runtime/message/compaction-limits.ts

@@ -9,7 +9,7 @@ export interface TokenUsage {
 	output: number;
 	cacheRead?: number;
 	cacheWrite?: number;
-	reasoning?: number;
+	reasoningText?: number;
 }
 
 export interface ModelLimits {
@@ -17,7 +17,10 @@ export interface ModelLimits {
 	output: number;
 }
 
-export function isOverflow(tokens: TokenUsage, limits: ModelLimits): boolean {
+export function isOverflow(
+	tokens: LanguageModelUsage,
+	limits: ModelLimits,
+): boolean {
 	if (limits.context === 0) return false;
 
 	const count =

package/src/runtime/message/history-builder.ts

@@ -211,7 +211,7 @@ export async function buildHistoryMessages(
 		}
 	}
 
-	return convertToModelMessages(ui);
+	return await convertToModelMessages(ui);
 }
 
 async function logPendingToolParts(

package/src/runtime/message/service.ts

@@ -23,7 +23,7 @@ type DispatchOptions = {
 	content: string;
 	oneShot?: boolean;
 	userContext?: string;
-	reasoning?: boolean;
+	reasoningText?: boolean;
 	images?: Array<{ data: string; mediaType: string }>;
 	files?: Array<{
 		type: 'image' | 'pdf' | 'text';
@@ -47,7 +47,7 @@ export async function dispatchAssistantMessage(
 		content,
 		oneShot,
 		userContext,
-		reasoning,
+		reasoningText,
 		images,
 		files,
 	} = options;
@@ -171,6 +171,9 @@ export async function dispatchAssistantMessage(
 		);
 	}
 
+	// Read tool approval mode from config
+	const toolApprovalMode = cfg.defaults.toolApproval ?? 'auto';
+
 	enqueueAssistantRun(
 		{
 			sessionId,
@@ -181,9 +184,10 @@ export async function dispatchAssistantMessage(
 			projectRoot: cfg.projectRoot,
 			oneShot: Boolean(oneShot),
 			userContext,
-			reasoning,
+			reasoningText,
 			isCompactCommand: isCompact,
 			compactionContext,
+			toolApprovalMode,
 		},
 		runSessionLoop,
 	);

package/src/runtime/provider/index.ts

@@ -6,6 +6,7 @@ import { resolveOpenRouterModel } from './openrouter.ts';
 import { resolveSolforgeModel } from './solforge.ts';
 import { getZaiInstance, getZaiCodingInstance } from './zai.ts';
 import { resolveOpencodeModel } from './opencode.ts';
+import { getMoonshotInstance } from './moonshot.ts';
 
 export type ProviderName = ProviderId;
 
@@ -42,5 +43,8 @@ export async function resolveModel(
 	if (provider === 'zai-coding') {
 		return getZaiCodingInstance(cfg, model);
 	}
+	if (provider === 'moonshot') {
+		return getMoonshotInstance(cfg, model);
+	}
 	throw new Error(`Unsupported provider: ${provider}`);
 }

package/src/runtime/provider/moonshot.ts

@@ -0,0 +1,8 @@
+import type { AGIConfig } from '@agi-cli/sdk';
+import { getAuth, createMoonshotModel } from '@agi-cli/sdk';
+
+export async function getMoonshotInstance(cfg: AGIConfig, model: string) {
+	const auth = await getAuth('moonshot', cfg.projectRoot);
+	const apiKey = auth?.type === 'api' ? auth.key : undefined;
+	return createMoonshotModel(model, { apiKey });
+}

package/src/runtime/session/branch.ts

@@ -115,8 +115,8 @@ export async function createBranch({
 			createdAt: msg.createdAt,
 			completedAt: msg.completedAt,
 			latencyMs: msg.latencyMs,
-			promptTokens: msg.promptTokens,
-			completionTokens: msg.completionTokens,
+			inputTokens: msg.inputTokens,
+			outputTokens: msg.outputTokens,
 			totalTokens: msg.totalTokens,
 			cachedInputTokens: msg.cachedInputTokens,
 			cacheCreationInputTokens: msg.cacheCreationInputTokens,

package/src/runtime/session/db-operations.ts

@@ -27,7 +27,7 @@ export type ProviderMetadata = Record<string, unknown> & {
 
 export function normalizeUsage(
 	usage: UsageData,
-	providerMetadata: ProviderMetadata | undefined,
+	providerOptions: ProviderMetadata | undefined,
 	provider: ProviderId,
 ): UsageData {
 	const rawInputTokens = Number(usage.inputTokens ?? 0);
@@ -37,17 +37,17 @@ export function normalizeUsage(
 	const cachedInputTokens =
 		usage.cachedInputTokens != null
 			? Number(usage.cachedInputTokens)
-			: providerMetadata?.openai?.cachedPromptTokens != null
-				? Number(providerMetadata.openai.cachedPromptTokens)
-				: providerMetadata?.anthropic?.cacheReadInputTokens != null
-					? Number(providerMetadata.anthropic.cacheReadInputTokens)
+			: providerOptions?.openai?.cachedPromptTokens != null
+				? Number(providerOptions.openai.cachedPromptTokens)
+				: providerOptions?.anthropic?.cacheReadInputTokens != null
+					? Number(providerOptions.anthropic.cacheReadInputTokens)
 					: undefined;
 
 	const cacheCreationInputTokens =
 		usage.cacheCreationInputTokens != null
 			? Number(usage.cacheCreationInputTokens)
-			: providerMetadata?.anthropic?.cacheCreationInputTokens != null
-				? Number(providerMetadata.anthropic.cacheCreationInputTokens)
+			: providerOptions?.anthropic?.cacheCreationInputTokens != null
+				? Number(providerOptions.anthropic.cacheCreationInputTokens)
 				: undefined;
 
 	const cachedValue = cachedInputTokens ?? 0;
@@ -99,18 +99,14 @@ export function resolveUsageProvider(
  */
 export async function updateSessionTokensIncremental(
 	usage: UsageData,
-	providerMetadata: ProviderMetadata | undefined,
+	providerOptions: ProviderMetadata | undefined,
 	opts: RunOpts,
 	db: Awaited<ReturnType<typeof getDb>>,
 ) {
 	if (!usage || !db) return;
 
 	const usageProvider = resolveUsageProvider(opts.provider, opts.model);
-	const normalizedUsage = normalizeUsage(
-		usage,
-		providerMetadata,
-		usageProvider,
-	);
+	const normalizedUsage = normalizeUsage(usage, providerOptions, usageProvider);
 
 	// Read session totals
 	const sessRows = await db
@@ -134,8 +130,8 @@ export async function updateSessionTokensIncremental(
 		.where(eq(messages.id, opts.assistantMessageId));
 
 	const msg = msgRows[0];
-	const priorPromptMsg = Number(msg?.promptTokens ?? 0);
-	const priorCompletionMsg = Number(msg?.completionTokens ?? 0);
+	const priorPromptMsg = Number(msg?.inputTokens ?? 0);
+	const priorCompletionMsg = Number(msg?.outputTokens ?? 0);
 	const priorCachedMsg = Number(msg?.cachedInputTokens ?? 0);
 	const priorCacheCreationMsg = Number(msg?.cacheCreationInputTokens ?? 0);
 	const priorReasoningMsg = Number(msg?.reasoningTokens ?? 0);
@@ -231,18 +227,14 @@ export async function updateSessionTokens(
  */
 export async function updateMessageTokensIncremental(
 	usage: UsageData,
-	providerMetadata: ProviderMetadata | undefined,
+	providerOptions: ProviderMetadata | undefined,
 	opts: RunOpts,
 	db: Awaited<ReturnType<typeof getDb>>,
 ) {
 	if (!usage || !db) return;
 
 	const usageProvider = resolveUsageProvider(opts.provider, opts.model);
-	const normalizedUsage = normalizeUsage(
-		usage,
-		providerMetadata,
-		usageProvider,
-	);
+	const normalizedUsage = normalizeUsage(usage, providerOptions, usageProvider);
 
 	const msgRows = await db
 		.select()
@@ -251,8 +243,8 @@ export async function updateMessageTokensIncremental(
 
 	if (msgRows.length > 0 && msgRows[0]) {
 		const msg = msgRows[0];
-		const priorPrompt = Number(msg.promptTokens ?? 0);
-		const priorCompletion = Number(msg.completionTokens ?? 0);
+		const priorPrompt = Number(msg.inputTokens ?? 0);
+		const priorCompletion = Number(msg.outputTokens ?? 0);
 		const priorCached = Number(msg.cachedInputTokens ?? 0);
 		const priorCacheCreation = Number(msg.cacheCreationInputTokens ?? 0);
 		const priorReasoning = Number(msg.reasoningTokens ?? 0);
@@ -287,8 +279,8 @@ export async function updateMessageTokensIncremental(
 		await db
 			.update(messages)
 			.set({
-				promptTokens: cumPrompt,
-				completionTokens: cumCompletion,
+				inputTokens: cumPrompt,
+				outputTokens: cumCompletion,
 				totalTokens: cumTotal,
 				cachedInputTokens: cumCached,
 				cacheCreationInputTokens: cumCacheCreation,

package/src/runtime/session/queue.ts

@@ -1,5 +1,6 @@
 import type { ProviderName } from '../provider/index.ts';
 import { publish } from '../../events/bus.ts';
+import type { ToolApprovalMode } from '../tools/approval.ts';
 
 export type RunOpts = {
 	sessionId: string;
@@ -10,10 +11,11 @@ export type RunOpts = {
 	projectRoot: string;
 	oneShot?: boolean;
 	userContext?: string;
-	reasoning?: boolean;
+	reasoningText?: boolean;
 	abortSignal?: AbortSignal;
 	isCompactCommand?: boolean;
 	compactionContext?: string;
+	toolApprovalMode?: ToolApprovalMode;
 };
 
 export type QueuedMessage = {

package/src/runtime/stream/finish-handler.ts

@@ -73,8 +73,8 @@ export function createFinishHandler(
 
 		const usage = sessRows[0]
 			? {
-					inputTokens: Number(sessRows[0].promptTokens ?? 0),
-					outputTokens: Number(sessRows[0].completionTokens ?? 0),
+					inputTokens: Number(sessRows[0].inputTokens ?? 0),
+					outputTokens: Number(sessRows[0].outputTokens ?? 0),
 					totalTokens: Number(sessRows[0].totalTokens ?? 0),
 					cachedInputTokens: Number(sessRows[0].cachedInputTokens ?? 0),
 					cacheCreationInputTokens: Number(
@@ -97,7 +97,7 @@ export function createFinishHandler(
 			try {
 				const limits = getModelLimits(opts.provider, opts.model);
 				if (limits) {
-					const tokenUsage: TokenUsage = {
+					const tokenUsage: LanguageModelUsage = {
 						input: usage.inputTokens ?? 0,
 						output: usage.outputTokens ?? 0,
 						cacheRead:

package/src/runtime/stream/step-finish.ts

@@ -18,13 +18,13 @@ export function createStepFinishHandler(
 	sharedCtx: ToolAdapterContext,
 	updateSessionTokensIncrementalFn: (
 		usage: UsageData,
-		providerMetadata: ProviderMetadata | undefined,
+		providerOptions: ProviderMetadata | undefined,
 		opts: RunOpts,
 		db: Awaited<ReturnType<typeof getDb>>,
 	) => Promise<void>,
 	updateMessageTokensIncrementalFn: (
 		usage: UsageData,
-		providerMetadata: ProviderMetadata | undefined,
+		providerOptions: ProviderMetadata | undefined,
 		opts: RunOpts,
 		db: Awaited<ReturnType<typeof getDb>>,
 	) => Promise<void>,
@@ -47,7 +47,7 @@ export function createStepFinishHandler(
 			try {
 				await updateSessionTokensIncrementalFn(
 					step.usage,
-					step.experimental_providerMetadata,
+					step.providerMetadata,
 					opts,
 					db,
 				);
@@ -56,7 +56,7 @@ export function createStepFinishHandler(
 			try {
 				await updateMessageTokensIncrementalFn(
 					step.usage,
-					step.experimental_providerMetadata,
+					step.providerMetadata,
 					opts,
 					db,
 				);

package/src/runtime/stream/types.ts

@@ -4,7 +4,7 @@ export type StepFinishEvent = {
 	usage?: UsageData;
 	finishReason?: string;
 	response?: unknown;
-	experimental_providerMetadata?: ProviderMetadata;
+	providerMetadata?: ProviderMetadata;
 };
 
 export type FinishEvent = {

package/src/runtime/tools/approval.ts

@@ -0,0 +1,179 @@
+import { publish } from '../../events/bus.ts';
+
+export type ToolApprovalMode = 'auto' | 'dangerous' | 'all';
+
+export const DANGEROUS_TOOLS = new Set([
+	'bash',
+	'write',
+	'apply_patch',
+	'terminal',
+	'edit',
+	'git_commit',
+	'git_push',
+]);
+
+export const SAFE_TOOLS = new Set([
+	'finish',
+	'progress_update',
+	'update_todos',
+]);
+
+export interface PendingApproval {
+	callId: string;
+	toolName: string;
+	args: unknown;
+	sessionId: string;
+	messageId: string;
+	resolve: (approved: boolean) => void;
+	createdAt: number;
+}
+
+const pendingApprovals = new Map<string, PendingApproval>();
+
+export function requiresApproval(
+	toolName: string,
+	mode: ToolApprovalMode,
+): boolean {
+	if (SAFE_TOOLS.has(toolName)) return false;
+	if (mode === 'auto') return false;
+	if (mode === 'all') return true;
+	if (mode === 'dangerous') return DANGEROUS_TOOLS.has(toolName);
+	return false;
+}
+
+export async function requestApproval(
+	sessionId: string,
+	messageId: string,
+	callId: string,
+	toolName: string,
+	args: unknown,
+	timeoutMs = 120000,
+): Promise<boolean> {
+	console.log('[approval] requestApproval called', {
+		sessionId,
+		messageId,
+		callId,
+		toolName,
+	});
+	return new Promise((resolve) => {
+		const approval: PendingApproval = {
+			callId,
+			toolName,
+			args,
+			sessionId,
+			messageId,
+			resolve,
+			createdAt: Date.now(),
+		};
+
+		pendingApprovals.set(callId, approval);
+		console.log(
+			'[approval] Added to pendingApprovals, count:',
+			pendingApprovals.size,
+		);
+
+		publish({
+			type: 'tool.approval.required',
+			sessionId,
+			payload: {
+				callId,
+				toolName,
+				args,
+				messageId,
+			},
+		});
+
+		setTimeout(() => {
+			if (pendingApprovals.has(callId)) {
+				pendingApprovals.delete(callId);
+				resolve(false);
+				publish({
+					type: 'tool.approval.resolved',
+					sessionId,
+					payload: {
+						callId,
+						toolName,
+						approved: false,
+						reason: 'timeout',
+					},
+				});
+			}
+		}, timeoutMs);
+	});
+}
+
+export function resolveApproval(
+	callId: string,
+	approved: boolean,
+): { ok: boolean; error?: string } {
+	console.log('[approval] resolveApproval called', {
+		callId,
+		approved,
+		pendingCount: pendingApprovals.size,
+		pendingIds: [...pendingApprovals.keys()],
+	});
+	const approval = pendingApprovals.get(callId);
+	if (!approval) {
+		console.log('[approval] No pending approval found for callId:', callId);
+		return { ok: false, error: 'No pending approval found for this callId' };
+	}
+
+	pendingApprovals.delete(callId);
+	approval.resolve(approved);
+
+	publish({
+		type: 'tool.approval.resolved',
+		sessionId: approval.sessionId,
+		payload: {
+			callId,
+			toolName: approval.toolName,
+			approved,
+			reason: approved ? 'user_approved' : 'user_rejected',
+		},
+	});
+
+	return { ok: true };
+}
+
+export function getPendingApproval(
+	callId: string,
+): PendingApproval | undefined {
+	return pendingApprovals.get(callId);
+}
+
+export function updateApprovalArgs(callId: string, args: unknown): boolean {
+	const approval = pendingApprovals.get(callId);
+	if (!approval) return false;
+
+	approval.args = args;
+
+	publish({
+		type: 'tool.approval.updated',
+		sessionId: approval.sessionId,
+		payload: {
+			callId,
+			toolName: approval.toolName,
+			args,
+			messageId: approval.messageId,
+		},
+	});
+
+	return true;
+}
+
+export function getPendingApprovalsForSession(
+	sessionId: string,
+): PendingApproval[] {
+	return Array.from(pendingApprovals.values()).filter(
+		(a) => a.sessionId === sessionId,
+	);
+}
+
+export function clearPendingApprovalsForSession(sessionId: string): void {
+	for (const [callId, approval] of pendingApprovals) {
+		if (approval.sessionId === sessionId) {
+			approval.resolve(false);
+			pendingApprovals.delete(callId);
+		}
+	}
+}

package/src/runtime/tools/context.ts

@@ -1,6 +1,7 @@
 import { eq } from 'drizzle-orm';
 import type { DB } from '@agi-cli/database';
 import { messageParts } from '@agi-cli/database/schema';
+import type { ToolApprovalMode } from './approval.ts';
 import { publish } from '../../events/bus.ts';
 
 export type StepExecutionState = {
@@ -24,6 +25,7 @@ export type ToolAdapterContext = {
 	stepExecution?: {
 		states: Map<number, StepExecutionState>;
 	};
+	toolApprovalMode?: ToolApprovalMode;
 };
 
 export function extractFinishText(input: unknown): string | undefined {

package/src/runtime/tools/setup.ts

@@ -32,6 +32,7 @@ export async function setupToolContext(
 		model: opts.model,
 		projectRoot: opts.projectRoot,
 		stepExecution: { states: new Map() },
+		toolApprovalMode: opts.toolApprovalMode,
 		onFirstToolCall: () => {
 			if (firstToolSeen) return;
 			firstToolSeen = true;

package/src/tools/adapter.ts

@@ -13,6 +13,10 @@ import {
 	toClaudeCodeName,
 	requiresClaudeCodeNaming,
 } from '../runtime/tools/mapping.ts';
+import {
+	requiresApproval,
+	requestApproval,
+} from '../runtime/tools/approval.ts';
 
 export type { ToolAdapterContext } from '../runtime/tools/context.ts';
 
@@ -33,6 +37,7 @@ type PendingCallMeta = {
 	startTs: number;
 	stepIndex?: number;
 	args?: unknown;
+	approvalPromise?: Promise<boolean>;
 };
 
 function getPendingQueue(
@@ -294,6 +299,19 @@ export function adaptTools(
 						toolCallId: callId,
 					});
 				} catch {}
+				// Start approval request with full args
+				if (
+					ctx.toolApprovalMode &&
+					requiresApproval(name, ctx.toolApprovalMode)
+				) {
+					meta.approvalPromise = requestApproval(
+						ctx.sessionId,
+						ctx.messageId,
+						callId,
+						name,
+						args,
+					);
+				}
 				if (typeof base.onInputAvailable === 'function') {
 					// biome-ignore lint/suspicious/noExplicitAny: AI SDK types are complex
 					await base.onInputAvailable(options as any);
@@ -324,6 +342,16 @@ export function adaptTools(
 
 				const executeWithGuards = async (): Promise<ToolExecuteReturn> => {
 					try {
+						// Await approval if it was requested in onInputAvailable
+						if (meta?.approvalPromise) {
+							const approved = await meta.approvalPromise;
+							if (!approved) {
+								return {
+									ok: false,
+									error: 'Tool execution rejected by user',
+								} as ToolExecuteReturn;
+							}
+						}
 						// Handle session-relative paths and cwd tools
 						let res: ToolExecuteReturn | { cwd: string } | null | undefined;
 						const cwd = getCwd(ctx.sessionId);

package/src/tools/database/get-parent-session.ts

@@ -1,5 +1,5 @@
 import { tool } from 'ai';
-import { z } from 'zod';
+import { z } from 'zod/v3';
 import { getDb } from '@agi-cli/database';
 import { sessions, messages, messageParts } from '@agi-cli/database/schema';
 import { eq, asc, count } from 'drizzle-orm';

package/src/tools/database/get-session-context.ts

@@ -1,5 +1,5 @@
 import { tool } from 'ai';
-import { z } from 'zod';
+import { z } from 'zod/v3';
 import { getDb } from '@agi-cli/database';
 import { sessions, messages, messageParts } from '@agi-cli/database/schema';
 import { eq, asc, count } from 'drizzle-orm';

package/src/tools/database/present-session-links.ts

@@ -1,5 +1,5 @@
 import { tool } from 'ai';
-import { z } from 'zod';
+import { z } from 'zod/v3';
 
 const sessionLinkSchema = z.object({
 	sessionId: z.string().describe('The session ID to link to'),

package/src/tools/database/query-messages.ts

@@ -1,5 +1,5 @@
 import { tool } from 'ai';
-import { z } from 'zod';
+import { z } from 'zod/v3';
 import { getDb } from '@agi-cli/database';
 import { sessions, messages, messageParts } from '@agi-cli/database/schema';
 import { eq, desc, asc, gte, lte, and, like, count, sql } from 'drizzle-orm';

package/src/tools/database/query-sessions.ts

@@ -1,5 +1,5 @@
 import { tool } from 'ai';
-import { z } from 'zod';
+import { z } from 'zod/v3';
 import { getDb } from '@agi-cli/database';
 import { sessions, messages } from '@agi-cli/database/schema';
 import { eq, desc, asc, gte, lte, and, sql, count } from 'drizzle-orm';

package/src/tools/database/search-history.ts

@@ -1,5 +1,5 @@
 import { tool } from 'ai';
-import { z } from 'zod';
+import { z } from 'zod/v3';
 import { getDb } from '@agi-cli/database';
 import { sessions, messages, messageParts } from '@agi-cli/database/schema';
 import { eq, desc, asc, like, and, sql } from 'drizzle-orm';

package/sst-env.d.ts

@@ -2,9 +2,7 @@
 /* tslint:disable */
 /* eslint-disable */
 /* deno-fmt-ignore-file */
-/* biome-ignore-all lint: auto-generated */
 
 /// <reference path="../../sst-env.d.ts" />
 
 import 'sst';
-export {};