@canonmsg/codex-plugin 0.11.3 → 0.11.5

package/dist/app-server-approval.d.ts

@@ -0,0 +1,32 @@
+import type { ApprovalNativeRequestMetadata, ApprovalRequestCategory, ApprovalRequestDetail, ApprovalResult, ApprovalRisk } from '@canonmsg/core';
+/**
+ * Mapping for Codex app-server native approval requests.
+ *
+ * The current Canon Codex host still uses `codex exec --json`, which cannot
+ * block on these methods. Keep this as metadata/decision plumbing for the
+ * future app-server transport, not as an advertised `exec --json` UI mode.
+ */
+export type CodexAppServerApprovalMethod = 'item/commandExecution/requestApproval' | 'item/fileChange/requestApproval' | 'item/permissions/requestApproval' | 'execCommandApproval' | 'applyPatchApproval';
+export interface CodexNativeApprovalRequest {
+    method: CodexAppServerApprovalMethod;
+    params: Record<string, unknown>;
+}
+export interface CanonCodexApprovalRequest {
+    toolName: string;
+    toolInput: Record<string, unknown>;
+    toolSummary: string;
+    category: ApprovalRequestCategory;
+    risk: ApprovalRisk;
+    riskLevel: 'normal' | 'destructive';
+    native: ApprovalNativeRequestMetadata;
+    details: ApprovalRequestDetail[];
+}
+export type CodexApprovalDecision = {
+    decision: 'accept';
+} | {
+    decision: 'acceptForSession';
+} | {
+    decision: 'decline';
+};
+export declare function mapCodexAppServerApprovalRequest(request: CodexNativeApprovalRequest): CanonCodexApprovalRequest | null;
+export declare function mapCanonApprovalResultToCodexDecision(result: ApprovalResult): CodexApprovalDecision;

package/dist/app-server-approval.js

@@ -0,0 +1,168 @@
+function isRecord(value) {
+    return Boolean(value && typeof value === 'object' && !Array.isArray(value));
+}
+function readString(record, keys) {
+    for (const key of keys) {
+        const value = record[key];
+        if (typeof value === 'string' && value.trim())
+            return value.trim();
+    }
+    return undefined;
+}
+function firstString(value) {
+    if (typeof value === 'string' && value.trim())
+        return value.trim();
+    if (Array.isArray(value)) {
+        return value.map((entry) => (typeof entry === 'string' ? entry.trim() : '')).find(Boolean);
+    }
+    return undefined;
+}
+function stringifyPreview(value, maxLength = 500) {
+    if (typeof value === 'string')
+        return value.length > maxLength ? `${value.slice(0, maxLength - 3)}...` : value;
+    const json = JSON.stringify(value ?? {});
+    return json.length > maxLength ? `${json.slice(0, maxLength - 3)}...` : json;
+}
+function nativeHandle(method, params) {
+    const native = {
+        runtime: 'codex',
+        method,
+    };
+    const requestId = readString(params, ['requestId', 'id', 'callId']);
+    const provider = readString(params, ['provider']);
+    const origin = readString(params, ['origin']);
+    const surface = readString(params, ['surface']);
+    const threadId = readString(params, ['threadId', 'conversationId']);
+    const turnId = readString(params, ['turnId']);
+    const runId = readString(params, ['runId']);
+    const itemId = readString(params, ['itemId']);
+    const toolCallId = readString(params, ['toolCallId', 'toolUseId']);
+    const approvalId = readString(params, ['approvalId']);
+    const pluginId = readString(params, ['pluginId']);
+    const sessionKey = readString(params, ['sessionKey', 'sessionId']);
+    const cwd = readString(params, ['cwd', 'workingDirectory']);
+    const model = readString(params, ['model']);
+    if (requestId)
+        native.requestId = requestId;
+    if (provider)
+        native.provider = provider;
+    if (origin)
+        native.origin = origin;
+    if (surface)
+        native.surface = surface;
+    if (threadId)
+        native.threadId = threadId;
+    if (turnId)
+        native.turnId = turnId;
+    if (runId)
+        native.runId = runId;
+    if (itemId)
+        native.itemId = itemId;
+    if (toolCallId)
+        native.toolCallId = toolCallId;
+    if (approvalId)
+        native.approvalId = approvalId;
+    if (pluginId)
+        native.pluginId = pluginId;
+    if (sessionKey)
+        native.sessionKey = sessionKey;
+    if (cwd)
+        native.cwd = cwd;
+    if (model)
+        native.model = model;
+    return native;
+}
+function commandRisk(command) {
+    if (/\brm\s+(-rf?|--force)|\bgit\s+reset\s+--hard|\bgit\s+push\s+--force|\bdrop\s+(table|database)\b/i.test(command)) {
+        return 'destructive';
+    }
+    return 'high';
+}
+function detail(label, value, monospace = true) {
+    return value ? [{ label, value, monospace }] : [];
+}
+function mapCommandRequest(method, params) {
+    const command = readString(params, ['command', 'cmd'])
+        ?? firstString(params.argv)
+        ?? firstString(params.args)
+        ?? stringifyPreview(params);
+    const cwd = readString(params, ['cwd', 'workingDirectory']);
+    const risk = commandRisk(command);
+    return {
+        toolName: 'codex.command',
+        toolInput: {
+            command,
+            ...(cwd ? { cwd } : {}),
+        },
+        toolSummary: command,
+        category: 'command',
+        risk,
+        riskLevel: risk === 'destructive' ? 'destructive' : 'normal',
+        native: nativeHandle(method, params),
+        details: [
+            ...detail('Command', command),
+            ...detail('Working directory', cwd),
+        ],
+    };
+}
+function mapFileRequest(method, params) {
+    const path = readString(params, ['path', 'filePath', 'targetPath']);
+    const summary = path
+        ?? firstString(params.paths)
+        ?? stringifyPreview(params.changes ?? params.patch ?? params);
+    const patch = readString(params, ['patch', 'diff']);
+    const destructive = /\b(delete|remove|unlink)\b/i.test(stringifyPreview(params, 1000));
+    return {
+        toolName: method === 'applyPatchApproval' ? 'codex.applyPatch' : 'codex.fileChange',
+        toolInput: {
+            ...(path ? { path } : {}),
+            ...(patch ? { patch } : {}),
+        },
+        toolSummary: summary,
+        category: 'file',
+        risk: destructive ? 'destructive' : 'high',
+        riskLevel: destructive ? 'destructive' : 'normal',
+        native: nativeHandle(method, params),
+        details: [
+            ...detail('Path', path),
+            ...detail('Patch', patch),
+        ],
+    };
+}
+function mapPermissionRequest(method, params) {
+    const action = readString(params, ['action', 'permission', 'toolName', 'tool'])
+        ?? stringifyPreview(params);
+    return {
+        toolName: 'codex.permission',
+        toolInput: { action },
+        toolSummary: action,
+        category: 'tool',
+        risk: 'normal',
+        riskLevel: 'normal',
+        native: nativeHandle(method, params),
+        details: detail('Permission', action, false),
+    };
+}
+export function mapCodexAppServerApprovalRequest(request) {
+    if (!isRecord(request.params))
+        return null;
+    if (request.method === 'item/commandExecution/requestApproval'
+        || request.method === 'execCommandApproval') {
+        return mapCommandRequest(request.method, request.params);
+    }
+    if (request.method === 'item/fileChange/requestApproval'
+        || request.method === 'applyPatchApproval') {
+        return mapFileRequest(request.method, request.params);
+    }
+    if (request.method === 'item/permissions/requestApproval') {
+        return mapPermissionRequest(request.method, request.params);
+    }
+    return null;
+}
+export function mapCanonApprovalResultToCodexDecision(result) {
+    if (result.decision === 'deny')
+        return { decision: 'decline' };
+    if (result.sessionRule)
+        return { decision: 'acceptForSession' };
+    return { decision: 'accept' };
+}

package/dist/host.js

@@ -413,10 +413,12 @@ export async function main() {
         ]);
         return buildHydratedInboundContext({
             agentId,
+            conversationId: input.conversationId,
             conversation,
             page,
             activeSelfContextId: input.activeSelfContextId,
             selfContexts: input.selfContexts,
+            provenance: input.provenance,
             message: input.message,
             senderName: input.senderName,
             isOwner: input.isOwner,
@@ -687,6 +689,7 @@ export async function main() {
             isOwner: input.isOwner,
             activeSelfContextId: input.activeSelfContextId,
             selfContexts: input.selfContexts,
+            provenance: input.provenance,
             hydratedPage: input.hydratedPage,
         });
         const behavior = input.behavior ?? hydrated.behavior;
@@ -1096,6 +1099,7 @@ export async function main() {
                     behavior: payload.behavior,
                     activeSelfContextId: payload.activeSelfContextId,
                     selfContexts: payload.selfContexts,
+                    provenance: payload.provenance,
                 });
                 if (message.id) {
                     saveRuntimeSessionState(runtimeId, {

package/dist/index.d.ts

@@ -1,3 +1,5 @@
 export { main as hostMain } from './host.js';
 export { main as registerMain } from './register.js';
 export { main as setupMain } from './setup.js';
+export { mapCanonApprovalResultToCodexDecision, mapCodexAppServerApprovalRequest, } from './app-server-approval.js';
+export type { CanonCodexApprovalRequest, CodexAppServerApprovalMethod, CodexApprovalDecision, CodexNativeApprovalRequest, } from './app-server-approval.js';

package/dist/index.js

@@ -1,3 +1,4 @@
 export { main as hostMain } from './host.js';
 export { main as registerMain } from './register.js';
 export { main as setupMain } from './setup.js';
+export { mapCanonApprovalResultToCodexDecision, mapCodexAppServerApprovalRequest, } from './app-server-approval.js';

package/dist/permission-mode.d.ts

@@ -11,10 +11,12 @@ export declare const CODEX_PERMISSION_OPTIONS: readonly [{
     readonly value: "full-auto";
     readonly label: "Full auto";
     readonly description: "Automatically run workspace-write actions with lower-friction approvals.";
+    readonly ownerOnly: true;
 }, {
     readonly value: "bypass";
     readonly label: "Bypass (dangerous)";
     readonly description: "Skip Codex approval and sandbox protection. Use only in an externally sandboxed environment.";
+    readonly ownerOnly: true;
 }];
 export type CodexPermissionMode = (typeof CODEX_PERMISSION_OPTIONS)[number]['value'];
 export type CodexApprovalShape = {

package/dist/permission-mode.js

@@ -1,8 +1,8 @@
 export const CODEX_PERMISSION_OPTIONS = [
     { value: 'readonly', label: 'Read-only', description: 'Inspect files and project state without making changes.' },
     { value: 'workspace', label: 'Workspace-write', description: 'Edit inside the selected workspace using Codex CLI sandboxing.' },
-    { value: 'full-auto', label: 'Full auto', description: 'Automatically run workspace-write actions with lower-friction approvals.' },
-    { value: 'bypass', label: 'Bypass (dangerous)', description: 'Skip Codex approval and sandbox protection. Use only in an externally sandboxed environment.' },
+    { value: 'full-auto', label: 'Full auto', description: 'Automatically run workspace-write actions with lower-friction approvals.', ownerOnly: true },
+    { value: 'bypass', label: 'Bypass (dangerous)', description: 'Skip Codex approval and sandbox protection. Use only in an externally sandboxed environment.', ownerOnly: true },
 ];
 export function mapCanonPermissionToCodex(mode) {
     switch (mode) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@canonmsg/codex-plugin",
-  "version": "0.11.3",
+  "version": "0.11.5",
   "description": "Canon host integration for Codex CLI",
   "type": "module",
   "main": "dist/index.js",
@@ -29,8 +29,8 @@
     "prepack": "npm run build"
   },
   "dependencies": {
-    "@canonmsg/agent-sdk": "^1.4.1",
-    "@canonmsg/core": "^0.18.1"
+    "@canonmsg/agent-sdk": "^1.5.0",
+    "@canonmsg/core": "^0.19.1"
   },
   "engines": {
     "node": ">=18.0.0"