@agi-cli/server 0.1.140 → 0.1.142

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@agi-cli/server",
-	"version": "0.1.140",
+	"version": "0.1.142",
 	"description": "HTTP API server for AGI CLI",
 	"type": "module",
 	"main": "./src/index.ts",
@@ -29,8 +29,8 @@
 		"typecheck": "tsc --noEmit"
 	},
 	"dependencies": {
-		"@agi-cli/sdk": "0.1.140",
-		"@agi-cli/database": "0.1.140",
+		"@agi-cli/sdk": "0.1.142",
+		"@agi-cli/database": "0.1.142",
 		"drizzle-orm": "^0.44.5",
 		"hono": "^4.9.9",
 		"zod": "^4.1.8"

package/src/events/types.ts

@@ -1,8 +1,10 @@
 export type AGIEventType =
-	| 'solforge.payment.required'
-	| 'solforge.payment.signing'
-	| 'solforge.payment.complete'
-	| 'solforge.payment.error'
+	| 'tool.approval.required'
+	| 'tool.approval.resolved'
+	| 'setu.payment.required'
+	| 'setu.payment.signing'
+	| 'setu.payment.complete'
+	| 'setu.payment.error'
 	| 'session.created'
 	| 'session.updated'
 	| 'message.created'

package/src/index.ts

@@ -16,7 +16,8 @@ import { registerTerminalsRoutes } from './routes/terminals.ts';
 import { registerSessionFilesRoutes } from './routes/session-files.ts';
 import { registerBranchRoutes } from './routes/branch.ts';
 import { registerResearchRoutes } from './routes/research.ts';
-import { registerSolforgeRoutes } from './routes/solforge.ts';
+import { registerSessionApprovalRoute } from './routes/session-approval.ts';
+import { registerSetuRoutes } from './routes/setu.ts';
 import type { AgentConfigEntry } from './runtime/agent/registry.ts';
 
 const globalTerminalManager = new TerminalManager();
@@ -59,6 +60,7 @@ function initApp() {
 	registerRootRoutes(app);
 	registerOpenApiRoute(app);
 	registerSessionsRoutes(app);
+	registerSessionApprovalRoute(app);
 	registerSessionMessagesRoutes(app);
 	registerSessionStreamRoute(app);
 	registerAskRoutes(app);
@@ -69,7 +71,7 @@ function initApp() {
 	registerSessionFilesRoutes(app);
 	registerBranchRoutes(app);
 	registerResearchRoutes(app);
-	registerSolforgeRoutes(app);
+	registerSetuRoutes(app);
 
 	return app;
 }
@@ -128,6 +130,7 @@ export function createStandaloneApp(_config?: StandaloneAppConfig) {
 	registerRootRoutes(honoApp);
 	registerOpenApiRoute(honoApp);
 	registerSessionsRoutes(honoApp);
+	registerSessionApprovalRoute(honoApp);
 	registerSessionMessagesRoutes(honoApp);
 	registerSessionStreamRoute(honoApp);
 	registerAskRoutes(honoApp);
@@ -138,7 +141,7 @@ export function createStandaloneApp(_config?: StandaloneAppConfig) {
 	registerSessionFilesRoutes(honoApp);
 	registerBranchRoutes(honoApp);
 	registerResearchRoutes(honoApp);
-	registerSolforgeRoutes(honoApp);
+	registerSetuRoutes(honoApp);
 
 	return honoApp;
 }
@@ -225,6 +228,7 @@ export function createEmbeddedApp(config: EmbeddedAppConfig = {}) {
 	registerRootRoutes(honoApp);
 	registerOpenApiRoute(honoApp);
 	registerSessionsRoutes(honoApp);
+	registerSessionApprovalRoute(honoApp);
 	registerSessionMessagesRoutes(honoApp);
 	registerSessionStreamRoute(honoApp);
 	registerAskRoutes(honoApp);
@@ -235,7 +239,7 @@ export function createEmbeddedApp(config: EmbeddedAppConfig = {}) {
 	registerSessionFilesRoutes(honoApp);
 	registerBranchRoutes(honoApp);
 	registerResearchRoutes(honoApp);
-	registerSolforgeRoutes(honoApp);
+	registerSetuRoutes(honoApp);
 
 	return honoApp;
 }

package/src/openapi/paths/{solforge.ts → setu.ts}

@@ -1,9 +1,9 @@
-export const solforgePaths = {
-	'/v1/solforge/balance': {
+export const setuPaths = {
+	'/v1/setu/balance': {
 		get: {
-			tags: ['solforge'],
-			operationId: 'getSolforgeBalance',
-			summary: 'Get Solforge account balance',
+			tags: ['setu'],
+			operationId: 'getSetuBalance',
+			summary: 'Get Setu account balance',
 			description:
 				'Returns wallet balance, total spent, total topups, and request count',
 			responses: {
@@ -44,7 +44,7 @@ export const solforgePaths = {
 					},
 				},
 				502: {
-					description: 'Failed to fetch balance from Solforge',
+					description: 'Failed to fetch balance from Setu',
 					content: {
 						'application/json': {
 							schema: {
@@ -58,11 +58,11 @@ export const solforgePaths = {
 			},
 		},
 	},
-	'/v1/solforge/wallet': {
+	'/v1/setu/wallet': {
 		get: {
-			tags: ['solforge'],
-			operationId: 'getSolforgeWallet',
-			summary: 'Get Solforge wallet info',
+			tags: ['setu'],
+			operationId: 'getSetuWallet',
+			summary: 'Get Setu wallet info',
 			description:
 				'Returns whether the wallet is configured and its public key',
 			responses: {
@@ -85,10 +85,10 @@ export const solforgePaths = {
 			},
 		},
 	},
-	'/v1/solforge/usdc-balance': {
+	'/v1/setu/usdc-balance': {
 		get: {
-			tags: ['solforge'],
-			operationId: 'getSolforgeUsdcBalance',
+			tags: ['setu'],
+			operationId: 'getSetuUsdcBalance',
 			summary: 'Get USDC token balance',
 			description:
 				'Fetches USDC balance from Solana blockchain for the configured wallet',

package/src/openapi/spec.ts

@@ -8,7 +8,7 @@ import { streamPaths } from './paths/stream';
 import { schemas } from './schemas';
 
 import { terminalsPath } from './paths/terminals';
-import { solforgePaths } from './paths/solforge';
+import { setuPaths } from './paths/setu';
 
 export function getOpenAPISpec() {
 	const spec = {
@@ -28,7 +28,7 @@ export function getOpenAPISpec() {
 			{ name: 'files' },
 			{ name: 'git' },
 			{ name: 'terminals' },
-			{ name: 'solforge' },
+			{ name: 'setu' },
 		],
 		paths: {
 			...askPaths,
@@ -39,7 +39,7 @@ export function getOpenAPISpec() {
 			...filesPaths,
 			...gitPaths,
 			...terminalsPath,
-			...solforgePaths,
+			...setuPaths,
 		},
 		components: {
 			schemas,

package/src/routes/config/defaults.ts

@@ -11,6 +11,7 @@ export function registerDefaultsRoute(app: Hono) {
 				agent?: string;
 				provider?: string;
 				model?: string;
+				toolApproval?: 'auto' | 'dangerous' | 'all';
 				scope?: 'global' | 'local';
 			}>();
 
@@ -19,11 +20,13 @@ export function registerDefaultsRoute(app: Hono) {
 				agent: string;
 				provider: string;
 				model: string;
+				toolApproval: 'auto' | 'dangerous' | 'all';
 			}> = {};
 
 			if (body.agent) updates.agent = body.agent;
 			if (body.provider) updates.provider = body.provider;
 			if (body.model) updates.model = body.model;
+			if (body.toolApproval) updates.toolApproval = body.toolApproval;
 
 			await setConfig(scope, updates, projectRoot);
 

package/src/routes/config/main.ts

@@ -52,6 +52,11 @@ export function registerMainConfigRoute(app: Hono) {
 					embeddedConfig?.defaults?.model,
 					cfg.defaults.model,
 				),
+				toolApproval: getDefault(
+					undefined,
+					embeddedConfig?.defaults?.toolApproval,
+					cfg.defaults.toolApproval,
+				) as 'auto' | 'dangerous' | 'all',
 			};
 
 			return c.json({

package/src/routes/research.ts

@@ -4,7 +4,7 @@ import { getDb } from '@agi-cli/database';
 import { sessions, messages, messageParts } from '@agi-cli/database/schema';
 import { desc, eq, and, asc, count } from 'drizzle-orm';
 import type { ProviderId } from '@agi-cli/sdk';
-import { isProviderId, catalog } from '@agi-cli/sdk';
+import { isProviderId } from '@agi-cli/sdk';
 import { serializeError } from '../runtime/errors/api-error.ts';
 import { logger } from '@agi-cli/sdk';
 import { publish } from '../events/bus.ts';
@@ -207,7 +207,7 @@ export function registerResearchRoutes(app: Hono) {
 			return c.json({ error: 'Research session not found' }, 404);
 		}
 
-		const researchSession = researchRows[0];
+		const _researchSession = researchRows[0];
 
 		const researchMessages = await db
 			.select({

package/src/routes/session-approval.ts

@@ -0,0 +1,53 @@
+import type { Hono } from 'hono';
+import {
+	resolveApproval,
+	getPendingApprovalsForSession,
+} from '../runtime/tools/approval.ts';
+
+export function registerSessionApprovalRoute(app: Hono) {
+	app.post('/v1/sessions/:id/approval', async (c) => {
+		const sessionId = c.req.param('id');
+		const body = await c.req.json<{
+			callId: string;
+			approved: boolean;
+		}>();
+
+		if (!body.callId) {
+			return c.json({ ok: false, error: 'callId is required' }, 400);
+		}
+
+		if (typeof body.approved !== 'boolean') {
+			return c.json({ ok: false, error: 'approved must be a boolean' }, 400);
+		}
+
+		console.log('[approval-route] Received approval request', {
+			sessionId,
+			callId: body.callId,
+			approved: body.approved,
+		});
+
+		const result = resolveApproval(body.callId, body.approved);
+
+		if (!result.ok) {
+			return c.json(result, 404);
+		}
+
+		return c.json({ ok: true, callId: body.callId, approved: body.approved });
+	});
+
+	app.get('/v1/sessions/:id/approval/pending', async (c) => {
+		const sessionId = c.req.param('id');
+		const pending = getPendingApprovalsForSession(sessionId);
+
+		return c.json({
+			ok: true,
+			pending: pending.map((p) => ({
+				callId: p.callId,
+				toolName: p.toolName,
+				args: p.args,
+				messageId: p.messageId,
+				createdAt: p.createdAt,
+			})),
+		});
+	});
+}

package/src/routes/{solforge.ts → setu.ts}

@@ -1,6 +1,6 @@
 import type { Hono } from 'hono';
 import {
-	fetchSolforgeBalance,
+	fetchSetuBalance,
 	getPublicKeyFromPrivate,
 	getAuth,
 	loadConfig,
@@ -9,14 +9,14 @@ import {
 import { logger } from '@agi-cli/sdk';
 import { serializeError } from '../runtime/errors/api-error.ts';
 
-async function getSolforgePrivateKey(): Promise<string | null> {
-	if (process.env.SOLFORGE_PRIVATE_KEY) {
-		return process.env.SOLFORGE_PRIVATE_KEY;
+async function getSetuPrivateKey(): Promise<string | null> {
+	if (process.env.SETU_PRIVATE_KEY) {
+		return process.env.SETU_PRIVATE_KEY;
 	}
 
 	try {
 		const cfg = await loadConfig(process.cwd());
-		const auth = await getAuth('solforge', cfg.projectRoot);
+		const auth = await getAuth('setu', cfg.projectRoot);
 		if (auth?.type === 'wallet' && auth.secret) {
 			return auth.secret;
 		}
@@ -25,33 +25,33 @@ async function getSolforgePrivateKey(): Promise<string | null> {
 	return null;
 }
 
-export function registerSolforgeRoutes(app: Hono) {
-	app.get('/v1/solforge/balance', async (c) => {
+export function registerSetuRoutes(app: Hono) {
+	app.get('/v1/setu/balance', async (c) => {
 		try {
-			const privateKey = await getSolforgePrivateKey();
+			const privateKey = await getSetuPrivateKey();
 			if (!privateKey) {
-				return c.json({ error: 'Solforge wallet not configured' }, 401);
+				return c.json({ error: 'Setu wallet not configured' }, 401);
 			}
 
-			const balance = await fetchSolforgeBalance({ privateKey });
+			const balance = await fetchSetuBalance({ privateKey });
 			if (!balance) {
-				return c.json({ error: 'Failed to fetch balance from Solforge' }, 502);
+				return c.json({ error: 'Failed to fetch balance from Setu' }, 502);
 			}
 
 			return c.json(balance);
 		} catch (error) {
-			logger.error('Failed to fetch Solforge balance', error);
+			logger.error('Failed to fetch Setu balance', error);
 			const errorResponse = serializeError(error);
 			return c.json(errorResponse, errorResponse.error.status || 500);
 		}
 	});
 
-	app.get('/v1/solforge/wallet', async (c) => {
+	app.get('/v1/setu/wallet', async (c) => {
 		try {
-			const privateKey = await getSolforgePrivateKey();
+			const privateKey = await getSetuPrivateKey();
 			if (!privateKey) {
 				return c.json(
-					{ error: 'Solforge wallet not configured', configured: false },
+					{ error: 'Setu wallet not configured', configured: false },
 					200,
 				);
 			}
@@ -66,17 +66,17 @@ export function registerSolforgeRoutes(app: Hono) {
 				publicKey,
 			});
 		} catch (error) {
-			logger.error('Failed to get Solforge wallet info', error);
+			logger.error('Failed to get Setu wallet info', error);
 			const errorResponse = serializeError(error);
 			return c.json(errorResponse, errorResponse.error.status || 500);
 		}
 	});
 
-	app.get('/v1/solforge/usdc-balance', async (c) => {
+	app.get('/v1/setu/usdc-balance', async (c) => {
 		try {
-			const privateKey = await getSolforgePrivateKey();
+			const privateKey = await getSetuPrivateKey();
 			if (!privateKey) {
-				return c.json({ error: 'Solforge wallet not configured' }, 401);
+				return c.json({ error: 'Setu wallet not configured' }, 401);
 			}
 
 			const network =

package/src/runtime/ask/service.ts

@@ -127,7 +127,7 @@ async function processAskRequest(
 				google: { enabled: true },
 				openrouter: { enabled: true },
 				opencode: { enabled: true },
-				solforge: { enabled: true },
+				setu: { enabled: true },
 			},
 			paths: {
 				dataDir: `${projectRoot}/.agi`,

package/src/runtime/message/compaction-auto.ts

@@ -62,7 +62,7 @@ export async function performAutoCompaction(
 				| 'google'
 				| 'openrouter'
 				| 'opencode'
-				| 'solforge'
+				| 'setu'
 				| 'zai'
 				| 'zai-coding',
 			cfg.projectRoot,

package/src/runtime/message/service.ts

@@ -171,6 +171,9 @@ export async function dispatchAssistantMessage(
 		);
 	}
 
+	// Read tool approval mode from config
+	const toolApprovalMode = cfg.defaults.toolApproval ?? 'auto';
+
 	enqueueAssistantRun(
 		{
 			sessionId,
@@ -184,6 +187,7 @@ export async function dispatchAssistantMessage(
 			reasoningText,
 			isCompactCommand: isCompact,
 			compactionContext,
+			toolApprovalMode,
 		},
 		runSessionLoop,
 	);

package/src/runtime/provider/index.ts

@@ -3,9 +3,10 @@ import { getAnthropicInstance } from './anthropic.ts';
 import { resolveOpenAIModel } from './openai.ts';
 import { resolveGoogleModel } from './google.ts';
 import { resolveOpenRouterModel } from './openrouter.ts';
-import { resolveSolforgeModel } from './solforge.ts';
+import { resolveSetuModel } from './setu.ts';
 import { getZaiInstance, getZaiCodingInstance } from './zai.ts';
 import { resolveOpencodeModel } from './opencode.ts';
+import { getMoonshotInstance } from './moonshot.ts';
 
 export type ProviderName = ProviderId;
 
@@ -33,8 +34,8 @@ export async function resolveModel(
 	if (provider === 'opencode') {
 		return resolveOpencodeModel(model, cfg);
 	}
-	if (provider === 'solforge') {
-		return resolveSolforgeModel(model, options?.sessionId);
+	if (provider === 'setu') {
+		return resolveSetuModel(model, options?.sessionId);
 	}
 	if (provider === 'zai') {
 		return getZaiInstance(cfg, model);
@@ -42,5 +43,8 @@ export async function resolveModel(
 	if (provider === 'zai-coding') {
 		return getZaiCodingInstance(cfg, model);
 	}
+	if (provider === 'moonshot') {
+		return getMoonshotInstance(cfg, model);
+	}
 	throw new Error(`Unsupported provider: ${provider}`);
 }

package/src/runtime/provider/moonshot.ts

@@ -0,0 +1,8 @@
+import type { AGIConfig } from '@agi-cli/sdk';
+import { getAuth, createMoonshotModel } from '@agi-cli/sdk';
+
+export async function getMoonshotInstance(cfg: AGIConfig, model: string) {
+	const auth = await getAuth('moonshot', cfg.projectRoot);
+	const apiKey = auth?.type === 'api' ? auth.key : undefined;
+	return createMoonshotModel(model, { apiKey });
+}

package/src/runtime/provider/selection.ts

@@ -14,7 +14,7 @@ const FALLBACK_ORDER: ProviderId[] = [
 	'google',
 	'opencode',
 	'openrouter',
-	'solforge',
+	'setu',
 ];
 
 type SelectionInput = {

package/src/runtime/provider/{solforge.ts → setu.ts}

@@ -1,51 +1,51 @@
 import {
-	createSolforgeModel,
+	createSetuModel,
 	catalog,
-	type SolforgePaymentCallbacks,
+	type SetuPaymentCallbacks,
 } from '@agi-cli/sdk';
 import { publish } from '../../events/bus.ts';
 
 function getProviderNpm(model: string): string | undefined {
-	const entry = catalog.solforge?.models?.find((m) => m.id === model);
+	const entry = catalog.setu?.models?.find((m) => m.id === model);
 	return entry?.provider?.npm;
 }
 
-export function resolveSolforgeModel(model: string, sessionId?: string) {
-	const privateKey = process.env.SOLFORGE_PRIVATE_KEY ?? '';
+export function resolveSetuModel(model: string, sessionId?: string) {
+	const privateKey = process.env.SETU_PRIVATE_KEY ?? '';
 	if (!privateKey) {
 		throw new Error(
-			'Solforge provider requires SOLFORGE_PRIVATE_KEY (base58 Solana secret).',
+			'Setu provider requires SETU_PRIVATE_KEY (base58 Solana secret).',
 		);
 	}
-	const baseURL = process.env.SOLFORGE_BASE_URL;
-	const rpcURL = process.env.SOLFORGE_SOLANA_RPC_URL;
+	const baseURL = process.env.SETU_BASE_URL;
+	const rpcURL = process.env.SETU_SOLANA_RPC_URL;
 
-	const callbacks: SolforgePaymentCallbacks = sessionId
+	const callbacks: SetuPaymentCallbacks = sessionId
 		? {
 				onPaymentRequired: (amountUsd) => {
 					publish({
-						type: 'solforge.payment.required',
+						type: 'setu.payment.required',
 						sessionId,
 						payload: { amountUsd },
 					});
 				},
 				onPaymentSigning: () => {
 					publish({
-						type: 'solforge.payment.signing',
+						type: 'setu.payment.signing',
 						sessionId,
 						payload: {},
 					});
 				},
 				onPaymentComplete: (data) => {
 					publish({
-						type: 'solforge.payment.complete',
+						type: 'setu.payment.complete',
 						sessionId,
 						payload: data,
 					});
 				},
 				onPaymentError: (error) => {
 					publish({
-						type: 'solforge.payment.error',
+						type: 'setu.payment.error',
 						sessionId,
 						payload: { error },
 					});
@@ -55,7 +55,7 @@ export function resolveSolforgeModel(model: string, sessionId?: string) {
 
 	const providerNpm = getProviderNpm(model);
 
-	return createSolforgeModel(
+	return createSetuModel(
 		model,
 		{ privateKey },
 		{

package/src/runtime/session/db-operations.ts

@@ -74,7 +74,7 @@ export function resolveUsageProvider(
 	model: string,
 ): ProviderId {
 	if (
-		provider !== 'solforge' &&
+		provider !== 'setu' &&
 		provider !== 'openrouter' &&
 		provider !== 'opencode'
 	) {

package/src/runtime/session/queue.ts

@@ -1,5 +1,6 @@
 import type { ProviderName } from '../provider/index.ts';
 import { publish } from '../../events/bus.ts';
+import type { ToolApprovalMode } from '../tools/approval.ts';
 
 export type RunOpts = {
 	sessionId: string;
@@ -14,6 +15,7 @@ export type RunOpts = {
 	abortSignal?: AbortSignal;
 	isCompactCommand?: boolean;
 	compactionContext?: string;
+	toolApprovalMode?: ToolApprovalMode;
 };
 
 export type QueuedMessage = {

package/src/runtime/stream/finish-handler.ts

@@ -8,7 +8,6 @@ import {
 	pruneSession,
 	isOverflow,
 	getModelLimits,
-	type TokenUsage,
 	markSessionCompacted,
 } from '../message/compaction.ts';
 import { debugLog } from '../debug/index.ts';

package/src/runtime/stream/step-finish.ts

@@ -47,7 +47,7 @@ export function createStepFinishHandler(
 			try {
 				await updateSessionTokensIncrementalFn(
 					step.usage,
-					step.experimental_providerMetadata,
+					step.providerMetadata,
 					opts,
 					db,
 				);
@@ -56,7 +56,7 @@ export function createStepFinishHandler(
 			try {
 				await updateMessageTokensIncrementalFn(
 					step.usage,
-					step.experimental_providerMetadata,
+					step.providerMetadata,
 					opts,
 					db,
 				);

package/src/runtime/stream/types.ts

@@ -4,7 +4,7 @@ export type StepFinishEvent = {
 	usage?: UsageData;
 	finishReason?: string;
 	response?: unknown;
-	experimental_providerMetadata?: ProviderMetadata;
+	providerMetadata?: ProviderMetadata;
 };
 
 export type FinishEvent = {

package/src/runtime/tools/approval.ts

@@ -0,0 +1,179 @@
+import { publish } from '../../events/bus.ts';
+
+export type ToolApprovalMode = 'auto' | 'dangerous' | 'all';
+
+export const DANGEROUS_TOOLS = new Set([
+	'bash',
+	'write',
+	'apply_patch',
+	'terminal',
+	'edit',
+	'git_commit',
+	'git_push',
+]);
+
+export const SAFE_TOOLS = new Set([
+	'finish',
+	'progress_update',
+	'update_todos',
+]);
+
+export interface PendingApproval {
+	callId: string;
+	toolName: string;
+	args: unknown;
+	sessionId: string;
+	messageId: string;
+	resolve: (approved: boolean) => void;
+	createdAt: number;
+}
+
+const pendingApprovals = new Map<string, PendingApproval>();
+
+export function requiresApproval(
+	toolName: string,
+	mode: ToolApprovalMode,
+): boolean {
+	if (SAFE_TOOLS.has(toolName)) return false;
+	if (mode === 'auto') return false;
+	if (mode === 'all') return true;
+	if (mode === 'dangerous') return DANGEROUS_TOOLS.has(toolName);
+	return false;
+}
+
+export async function requestApproval(
+	sessionId: string,
+	messageId: string,
+	callId: string,
+	toolName: string,
+	args: unknown,
+	timeoutMs = 120000,
+): Promise<boolean> {
+	console.log('[approval] requestApproval called', {
+		sessionId,
+		messageId,
+		callId,
+		toolName,
+	});
+	return new Promise((resolve) => {
+		const approval: PendingApproval = {
+			callId,
+			toolName,
+			args,
+			sessionId,
+			messageId,
+			resolve,
+			createdAt: Date.now(),
+		};
+
+		pendingApprovals.set(callId, approval);
+		console.log(
+			'[approval] Added to pendingApprovals, count:',
+			pendingApprovals.size,
+		);
+
+		publish({
+			type: 'tool.approval.required',
+			sessionId,
+			payload: {
+				callId,
+				toolName,
+				args,
+				messageId,
+			},
+		});
+
+		setTimeout(() => {
+			if (pendingApprovals.has(callId)) {
+				pendingApprovals.delete(callId);
+				resolve(false);
+				publish({
+					type: 'tool.approval.resolved',
+					sessionId,
+					payload: {
+						callId,
+						toolName,
+						approved: false,
+						reason: 'timeout',
+					},
+				});
+			}
+		}, timeoutMs);
+	});
+}
+
+export function resolveApproval(
+	callId: string,
+	approved: boolean,
+): { ok: boolean; error?: string } {
+	console.log('[approval] resolveApproval called', {
+		callId,
+		approved,
+		pendingCount: pendingApprovals.size,
+		pendingIds: [...pendingApprovals.keys()],
+	});
+	const approval = pendingApprovals.get(callId);
+	if (!approval) {
+		console.log('[approval] No pending approval found for callId:', callId);
+		return { ok: false, error: 'No pending approval found for this callId' };
+	}
+
+	pendingApprovals.delete(callId);
+	approval.resolve(approved);
+
+	publish({
+		type: 'tool.approval.resolved',
+		sessionId: approval.sessionId,
+		payload: {
+			callId,
+			toolName: approval.toolName,
+			approved,
+			reason: approved ? 'user_approved' : 'user_rejected',
+		},
+	});
+
+	return { ok: true };
+}
+
+export function getPendingApproval(
+	callId: string,
+): PendingApproval | undefined {
+	return pendingApprovals.get(callId);
+}
+
+export function updateApprovalArgs(callId: string, args: unknown): boolean {
+	const approval = pendingApprovals.get(callId);
+	if (!approval) return false;
+
+	approval.args = args;
+
+	publish({
+		type: 'tool.approval.updated',
+		sessionId: approval.sessionId,
+		payload: {
+			callId,
+			toolName: approval.toolName,
+			args,
+			messageId: approval.messageId,
+		},
+	});
+
+	return true;
+}
+
+export function getPendingApprovalsForSession(
+	sessionId: string,
+): PendingApproval[] {
+	return Array.from(pendingApprovals.values()).filter(
+		(a) => a.sessionId === sessionId,
+	);
+}
+
+export function clearPendingApprovalsForSession(sessionId: string): void {
+	for (const [callId, approval] of pendingApprovals) {
+		if (approval.sessionId === sessionId) {
+			approval.resolve(false);
+			pendingApprovals.delete(callId);
+		}
+	}
+}

package/src/runtime/tools/context.ts

@@ -1,6 +1,7 @@
 import { eq } from 'drizzle-orm';
 import type { DB } from '@agi-cli/database';
 import { messageParts } from '@agi-cli/database/schema';
+import type { ToolApprovalMode } from './approval.ts';
 import { publish } from '../../events/bus.ts';
 
 export type StepExecutionState = {
@@ -24,6 +25,7 @@ export type ToolAdapterContext = {
 	stepExecution?: {
 		states: Map<number, StepExecutionState>;
 	};
+	toolApprovalMode?: ToolApprovalMode;
 };
 
 export function extractFinishText(input: unknown): string | undefined {

package/src/runtime/tools/setup.ts

@@ -32,6 +32,7 @@ export async function setupToolContext(
 		model: opts.model,
 		projectRoot: opts.projectRoot,
 		stepExecution: { states: new Map() },
+		toolApprovalMode: opts.toolApprovalMode,
 		onFirstToolCall: () => {
 			if (firstToolSeen) return;
 			firstToolSeen = true;

package/src/tools/adapter.ts

@@ -13,6 +13,10 @@ import {
 	toClaudeCodeName,
 	requiresClaudeCodeNaming,
 } from '../runtime/tools/mapping.ts';
+import {
+	requiresApproval,
+	requestApproval,
+} from '../runtime/tools/approval.ts';
 
 export type { ToolAdapterContext } from '../runtime/tools/context.ts';
 
@@ -33,6 +37,7 @@ type PendingCallMeta = {
 	startTs: number;
 	stepIndex?: number;
 	args?: unknown;
+	approvalPromise?: Promise<boolean>;
 };
 
 function getPendingQueue(
@@ -294,6 +299,19 @@ export function adaptTools(
 						toolCallId: callId,
 					});
 				} catch {}
+				// Start approval request with full args
+				if (
+					ctx.toolApprovalMode &&
+					requiresApproval(name, ctx.toolApprovalMode)
+				) {
+					meta.approvalPromise = requestApproval(
+						ctx.sessionId,
+						ctx.messageId,
+						callId,
+						name,
+						args,
+					);
+				}
 				if (typeof base.onInputAvailable === 'function') {
 					// biome-ignore lint/suspicious/noExplicitAny: AI SDK types are complex
 					await base.onInputAvailable(options as any);
@@ -324,6 +342,16 @@ export function adaptTools(
 
 				const executeWithGuards = async (): Promise<ToolExecuteReturn> => {
 					try {
+						// Await approval if it was requested in onInputAvailable
+						if (meta?.approvalPromise) {
+							const approved = await meta.approvalPromise;
+							if (!approved) {
+								return {
+									ok: false,
+									error: 'Tool execution rejected by user',
+								} as ToolExecuteReturn;
+							}
+						}
 						// Handle session-relative paths and cwd tools
 						let res: ToolExecuteReturn | { cwd: string } | null | undefined;
 						const cwd = getCwd(ctx.sessionId);

package/src/tools/database/get-parent-session.ts

@@ -136,12 +136,12 @@ export function buildGetParentSessionTool(
 									try {
 										const parsed = JSON.parse(part.content);
 										if (parsed?.text) {
-											textContent += parsed.text + '\n';
+											textContent += `${parsed.text}\n`;
 										} else {
-											textContent += part.content + '\n';
+											textContent += `${part.content}\n`;
 										}
 									} catch {
-										textContent += part.content + '\n';
+										textContent += `${part.content}\n`;
 									}
 								}
 								if (part.type === 'tool_call' && part.toolName) {

package/src/tools/database/query-messages.ts

@@ -2,7 +2,7 @@ import { tool } from 'ai';
 import { z } from 'zod/v3';
 import { getDb } from '@agi-cli/database';
 import { sessions, messages, messageParts } from '@agi-cli/database/schema';
-import { eq, desc, asc, gte, lte, and, like, count, sql } from 'drizzle-orm';
+import { eq, desc, asc, gte, lte, and, count, sql } from 'drizzle-orm';
 
 const inputSchema = z.object({
 	sessionId: z.string().optional().describe('Filter by specific session ID'),
@@ -47,7 +47,7 @@ export function buildQueryMessagesTool(projectRoot: string) {
 				if (input.sessionId) {
 					conditions.push(eq(messages.sessionId, input.sessionId));
 				} else {
-					const projectSessions = db
+					const _projectSessions = db
 						.select({ id: sessions.id })
 						.from(sessions)
 						.where(eq(sessions.projectPath, projectRoot));

package/src/tools/database/query-sessions.ts

@@ -2,7 +2,7 @@ import { tool } from 'ai';
 import { z } from 'zod/v3';
 import { getDb } from '@agi-cli/database';
 import { sessions, messages } from '@agi-cli/database/schema';
-import { eq, desc, asc, gte, lte, and, sql, count } from 'drizzle-orm';
+import { eq, desc, asc, gte, lte, and, count } from 'drizzle-orm';
 
 const inputSchema = z.object({
 	limit: z

package/src/tools/database/search-history.ts

@@ -2,7 +2,7 @@ import { tool } from 'ai';
 import { z } from 'zod/v3';
 import { getDb } from '@agi-cli/database';
 import { sessions, messages, messageParts } from '@agi-cli/database/schema';
-import { eq, desc, asc, like, and, sql } from 'drizzle-orm';
+import { eq, like, and } from 'drizzle-orm';
 
 const inputSchema = z.object({
 	query: z.string().min(1).describe('Search term to find in message content'),

package/sst-env.d.ts

@@ -2,9 +2,7 @@
 /* tslint:disable */
 /* eslint-disable */
 /* deno-fmt-ignore-file */
-/* biome-ignore-all lint: auto-generated */
 
 /// <reference path="../../sst-env.d.ts" />
 
 import 'sst';
-export {};