@dexto/core 1.6.25 → 1.6.26

package/dist/telemetry/telemetry.js

@@ -8,17 +8,17 @@ class Telemetry {
   name = "dexto-service";
   _isInitialized = false;
   _sdk;
+  _shutdownHandler;
   static _initPromise;
   static _signalHandlers;
-  constructor(config, enabled, sdk) {
+  constructor(config, options) {
     const serviceName = config.serviceName ?? "dexto-service";
     const tracerName = config.tracerName ?? serviceName;
     this.name = serviceName;
     this.tracer = trace.getTracer(tracerName);
-    if (sdk) {
-      this._sdk = sdk;
-    }
-    this._isInitialized = enabled && !!sdk;
+    this._sdk = options.sdk;
+    this._shutdownHandler = options.shutdown;
+    this._isInitialized = options.initialized;
   }
   static async buildTraceExporter(config) {
     const e = config?.export;
@@ -146,7 +146,10 @@ class Telemetry {
             process.once("SIGINT", sigint);
             Telemetry._signalHandlers = { sigterm, sigint };
           }
-          globalThis.__TELEMETRY__ = new Telemetry(config, enabled, sdk);
+          globalThis.__TELEMETRY__ = new Telemetry(config, {
+            initialized: enabled && !!sdk,
+            ...sdk !== void 0 && { sdk }
+          });
         }
         return globalThis.__TELEMETRY__;
       })();
@@ -162,6 +165,38 @@ class Telemetry {
       );
     }
   }
+  /**
+   * Register a global telemetry instance after a host installs its own provider/exporter lifecycle.
+   *
+   * This keeps core instrumentation active without forcing the default Node SDK bootstrap path.
+   */
+  static async registerGlobal(options = {}) {
+    try {
+      if (globalThis.__TELEMETRY__) return globalThis.__TELEMETRY__;
+      if (Telemetry._initPromise) return Telemetry._initPromise;
+      const config = options.config ?? {};
+      const initialized = options.initialized ?? true;
+      Telemetry._initPromise = Promise.resolve().then(() => {
+        if (!globalThis.__TELEMETRY__) {
+          globalThis.__TELEMETRY__ = new Telemetry(config, {
+            initialized,
+            ...options.shutdown !== void 0 && { shutdown: options.shutdown }
+          });
+        }
+        return globalThis.__TELEMETRY__;
+      });
+      return await Telemetry._initPromise;
+    } catch (error) {
+      Telemetry._initPromise = void 0;
+      if (error instanceof DextoRuntimeError) {
+        throw error;
+      }
+      throw TelemetryError.initializationFailed(
+        error instanceof Error ? error.message : String(error),
+        error
+      );
+    }
+  }
   static getActiveSpan() {
     const span = trace.getActiveSpan();
     return span;
@@ -243,25 +278,31 @@ class Telemetry {
    * This ensures agent switching works even when telemetry export fails.
    */
   async shutdown() {
-    if (this._sdk) {
-      try {
+    try {
+      if (this._shutdownHandler) {
+        await this._shutdownHandler();
+      } else if (this._sdk) {
         await this._sdk.shutdown();
-      } catch (error) {
-        const errorMsg = error instanceof Error ? error.message : String(error);
-        logger.warn(`Telemetry shutdown failed to flush spans (non-blocking): ${errorMsg}`);
-      } finally {
-        this._isInitialized = false;
-        globalThis.__TELEMETRY__ = void 0;
-        if (Telemetry._signalHandlers) {
-          process.off("SIGTERM", Telemetry._signalHandlers.sigterm);
-          process.off("SIGINT", Telemetry._signalHandlers.sigint);
-          Telemetry._signalHandlers = void 0;
-        }
-        this._sdk = void 0;
-        Telemetry._initPromise = void 0;
       }
+    } catch (error) {
+      const errorMsg = error instanceof Error ? error.message : String(error);
+      logger.warn(`Telemetry shutdown failed to flush spans (non-blocking): ${errorMsg}`);
+    } finally {
+      this.cleanupAfterShutdown();
     }
   }
+  cleanupAfterShutdown() {
+    this._isInitialized = false;
+    globalThis.__TELEMETRY__ = void 0;
+    if (Telemetry._signalHandlers) {
+      process.off("SIGTERM", Telemetry._signalHandlers.sigterm);
+      process.off("SIGINT", Telemetry._signalHandlers.sigint);
+      Telemetry._signalHandlers = void 0;
+    }
+    this._sdk = void 0;
+    this._shutdownHandler = void 0;
+    Telemetry._initPromise = void 0;
+  }
 }
 export {
   Telemetry

package/dist/test-utils/session-state-stores.cjs

@@ -0,0 +1,68 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var session_state_stores_exports = {};
+__export(session_state_stores_exports, {
+  createInMemoryMessageQueueStore: () => createInMemoryMessageQueueStore,
+  createInMemorySessionApprovalStore: () => createInMemorySessionApprovalStore,
+  createInMemorySessionStateStorage: () => createInMemorySessionStateStorage,
+  createInMemorySessionToolPreferencesStore: () => createInMemorySessionToolPreferencesStore
+});
+module.exports = __toCommonJS(session_state_stores_exports);
+var import_session_approval_store = require("../approval/session-approval-store.js");
+var import_session_tool_preferences_store = require("../tools/session-tool-preferences-store.js");
+var import_in_memory_storage = require("./in-memory-storage.js");
+function createInMemorySessionStateStorage() {
+  const cache = (0, import_in_memory_storage.createInMemoryCache)();
+  const database = (0, import_in_memory_storage.createInMemoryDatabase)();
+  return {
+    getCache: () => cache,
+    getDatabase: () => database
+  };
+}
+function createInMemorySessionApprovalStore(logger, storageManager = createInMemorySessionStateStorage()) {
+  return new import_session_approval_store.SessionApprovalStore(storageManager, logger);
+}
+function createInMemorySessionToolPreferencesStore(logger, storageManager = createInMemorySessionStateStorage()) {
+  return new import_session_tool_preferences_store.SessionToolPreferencesStore(storageManager, logger);
+}
+function createInMemoryMessageQueueStore() {
+  const queues = /* @__PURE__ */ new Map();
+  return {
+    async load(sessionId) {
+      return structuredClone(queues.get(sessionId) ?? []);
+    },
+    async save(sessionId, queue) {
+      if (queue.length === 0) {
+        queues.delete(sessionId);
+        return;
+      }
+      queues.set(sessionId, structuredClone(queue));
+    },
+    async delete(sessionId) {
+      queues.delete(sessionId);
+    }
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createInMemoryMessageQueueStore,
+  createInMemorySessionApprovalStore,
+  createInMemorySessionStateStorage,
+  createInMemorySessionToolPreferencesStore
+});

package/dist/test-utils/session-state-stores.js

@@ -0,0 +1,42 @@
+import "../chunk-PTJYTZNU.js";
+import { SessionApprovalStore } from "../approval/session-approval-store.js";
+import { SessionToolPreferencesStore } from "../tools/session-tool-preferences-store.js";
+import { createInMemoryCache, createInMemoryDatabase } from "./in-memory-storage.js";
+function createInMemorySessionStateStorage() {
+  const cache = createInMemoryCache();
+  const database = createInMemoryDatabase();
+  return {
+    getCache: () => cache,
+    getDatabase: () => database
+  };
+}
+function createInMemorySessionApprovalStore(logger, storageManager = createInMemorySessionStateStorage()) {
+  return new SessionApprovalStore(storageManager, logger);
+}
+function createInMemorySessionToolPreferencesStore(logger, storageManager = createInMemorySessionStateStorage()) {
+  return new SessionToolPreferencesStore(storageManager, logger);
+}
+function createInMemoryMessageQueueStore() {
+  const queues = /* @__PURE__ */ new Map();
+  return {
+    async load(sessionId) {
+      return structuredClone(queues.get(sessionId) ?? []);
+    },
+    async save(sessionId, queue) {
+      if (queue.length === 0) {
+        queues.delete(sessionId);
+        return;
+      }
+      queues.set(sessionId, structuredClone(queue));
+    },
+    async delete(sessionId) {
+      queues.delete(sessionId);
+    }
+  };
+}
+export {
+  createInMemoryMessageQueueStore,
+  createInMemorySessionApprovalStore,
+  createInMemorySessionStateStorage,
+  createInMemorySessionToolPreferencesStore
+};

package/dist/tools/session-tool-preferences-store.cjs

@@ -0,0 +1,86 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var session_tool_preferences_store_exports = {};
+__export(session_tool_preferences_store_exports, {
+  SessionToolPreferencesStore: () => SessionToolPreferencesStore
+});
+module.exports = __toCommonJS(session_tool_preferences_store_exports);
+var import_zod = require("zod");
+const SessionToolPreferencesSchema = import_zod.z.object({
+  userAutoApproveTools: import_zod.z.array(import_zod.z.string()).default([]),
+  disabledTools: import_zod.z.array(import_zod.z.string()).default([])
+}).strict();
+const DEFAULT_SESSION_TOOL_PREFERENCES = {
+  userAutoApproveTools: [],
+  disabledTools: []
+};
+class SessionToolPreferencesStore {
+  constructor(storageManager, logger, options = {}) {
+    this.storageManager = storageManager;
+    this.logger = logger;
+    const cacheTtlMs = options.cacheTtlMs ?? 36e5;
+    this.cacheTtlSeconds = Math.max(1, Math.floor(cacheTtlMs / 1e3));
+  }
+  cacheTtlSeconds;
+  buildKey(sessionId) {
+    return `session-tool-preferences:${sessionId}`;
+  }
+  async load(sessionId) {
+    const key = this.buildKey(sessionId);
+    const cached = await this.storageManager.getCache().get(key);
+    if (cached !== void 0) {
+      return this.parsePreferences(cached, key);
+    }
+    const stored = await this.storageManager.getDatabase().get(key);
+    if (stored === void 0) {
+      return structuredClone(DEFAULT_SESSION_TOOL_PREFERENCES);
+    }
+    const parsed = this.parsePreferences(stored, key);
+    await this.storageManager.getCache().set(key, parsed, this.cacheTtlSeconds);
+    return parsed;
+  }
+  async save(sessionId, preferences) {
+    const key = this.buildKey(sessionId);
+    const normalized = SessionToolPreferencesSchema.parse(preferences);
+    await this.storageManager.getDatabase().set(key, normalized);
+    await this.storageManager.getCache().set(key, normalized, this.cacheTtlSeconds);
+  }
+  async delete(sessionId) {
+    const key = this.buildKey(sessionId);
+    await Promise.all([
+      this.storageManager.getDatabase().delete(key),
+      this.storageManager.getCache().delete(key)
+    ]);
+  }
+  parsePreferences(value, key) {
+    const result = SessionToolPreferencesSchema.safeParse(value);
+    if (result.success) {
+      return result.data;
+    }
+    this.logger.warn("Invalid persisted session tool preferences encountered; using defaults", {
+      key,
+      error: result.error.message
+    });
+    return structuredClone(DEFAULT_SESSION_TOOL_PREFERENCES);
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  SessionToolPreferencesStore
+});

package/dist/tools/session-tool-preferences-store.d.ts

@@ -0,0 +1,29 @@
+import { z } from 'zod';
+import type { StorageManager } from '../storage/index.js';
+import type { Logger } from '../logger/v2/types.js';
+declare const SessionToolPreferencesSchema: z.ZodObject<{
+    userAutoApproveTools: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+    disabledTools: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+}, "strict", z.ZodTypeAny, {
+    userAutoApproveTools: string[];
+    disabledTools: string[];
+}, {
+    userAutoApproveTools?: string[] | undefined;
+    disabledTools?: string[] | undefined;
+}>;
+export type SessionToolPreferences = z.output<typeof SessionToolPreferencesSchema>;
+export declare class SessionToolPreferencesStore {
+    private readonly storageManager;
+    private readonly logger;
+    private readonly cacheTtlSeconds;
+    constructor(storageManager: StorageManager, logger: Logger, options?: {
+        cacheTtlMs?: number;
+    });
+    private buildKey;
+    load(sessionId: string): Promise<SessionToolPreferences>;
+    save(sessionId: string, preferences: SessionToolPreferences): Promise<void>;
+    delete(sessionId: string): Promise<void>;
+    private parsePreferences;
+}
+export {};
+//# sourceMappingURL=session-tool-preferences-store.d.ts.map

package/dist/tools/session-tool-preferences-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-tool-preferences-store.d.ts","sourceRoot":"","sources":["../../src/tools/session-tool-preferences-store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAEpD,QAAA,MAAM,4BAA4B;;;;;;;;;EAKrB,CAAC;AAEd,MAAM,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,4BAA4B,CAAC,CAAC;AAOnF,qBAAa,2BAA2B;IAIhC,OAAO,CAAC,QAAQ,CAAC,cAAc;IAC/B,OAAO,CAAC,QAAQ,CAAC,MAAM;IAJ3B,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAS;gBAGpB,cAAc,EAAE,cAAc,EAC9B,MAAM,EAAE,MAAM,EAC/B,OAAO,GAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAA;KAAO;IAMzC,OAAO,CAAC,QAAQ;IAIV,IAAI,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,sBAAsB,CAAC;IAiBxD,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,sBAAsB,GAAG,OAAO,CAAC,IAAI,CAAC;IAO3E,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQ9C,OAAO,CAAC,gBAAgB;CAY3B"}

package/dist/tools/session-tool-preferences-store.js

@@ -0,0 +1,63 @@
+import "../chunk-PTJYTZNU.js";
+import { z } from "zod";
+const SessionToolPreferencesSchema = z.object({
+  userAutoApproveTools: z.array(z.string()).default([]),
+  disabledTools: z.array(z.string()).default([])
+}).strict();
+const DEFAULT_SESSION_TOOL_PREFERENCES = {
+  userAutoApproveTools: [],
+  disabledTools: []
+};
+class SessionToolPreferencesStore {
+  constructor(storageManager, logger, options = {}) {
+    this.storageManager = storageManager;
+    this.logger = logger;
+    const cacheTtlMs = options.cacheTtlMs ?? 36e5;
+    this.cacheTtlSeconds = Math.max(1, Math.floor(cacheTtlMs / 1e3));
+  }
+  cacheTtlSeconds;
+  buildKey(sessionId) {
+    return `session-tool-preferences:${sessionId}`;
+  }
+  async load(sessionId) {
+    const key = this.buildKey(sessionId);
+    const cached = await this.storageManager.getCache().get(key);
+    if (cached !== void 0) {
+      return this.parsePreferences(cached, key);
+    }
+    const stored = await this.storageManager.getDatabase().get(key);
+    if (stored === void 0) {
+      return structuredClone(DEFAULT_SESSION_TOOL_PREFERENCES);
+    }
+    const parsed = this.parsePreferences(stored, key);
+    await this.storageManager.getCache().set(key, parsed, this.cacheTtlSeconds);
+    return parsed;
+  }
+  async save(sessionId, preferences) {
+    const key = this.buildKey(sessionId);
+    const normalized = SessionToolPreferencesSchema.parse(preferences);
+    await this.storageManager.getDatabase().set(key, normalized);
+    await this.storageManager.getCache().set(key, normalized, this.cacheTtlSeconds);
+  }
+  async delete(sessionId) {
+    const key = this.buildKey(sessionId);
+    await Promise.all([
+      this.storageManager.getDatabase().delete(key),
+      this.storageManager.getCache().delete(key)
+    ]);
+  }
+  parsePreferences(value, key) {
+    const result = SessionToolPreferencesSchema.safeParse(value);
+    if (result.success) {
+      return result.data;
+    }
+    this.logger.warn("Invalid persisted session tool preferences encountered; using defaults", {
+      key,
+      error: result.error.message
+    });
+    return structuredClone(DEFAULT_SESSION_TOOL_PREFERENCES);
+  }
+}
+export {
+  SessionToolPreferencesStore
+};

package/dist/tools/tool-manager.cjs

@@ -81,6 +81,24 @@ _ToolManager_decorators = [(0, import_decorators.InstrumentClass)({
   excludeMethods: ["setHookSupport", "getApprovalManager", "getAllowedToolsProvider"]
 })];
 let _ToolManager = class _ToolManager {
+  constructor(mcpManager, approvalManager, allowedToolsProvider, approvalMode, agentEventBus, toolPolicies, tools, logger, sessionToolPreferencesStore) {
+    this.sessionToolPreferencesStore = sessionToolPreferencesStore;
+    this.mcpManager = mcpManager;
+    this.approvalManager = approvalManager;
+    this.allowedToolsProvider = allowedToolsProvider;
+    this.approvalMode = approvalMode;
+    this.agentEventBus = agentEventBus;
+    this.toolPolicies = toolPolicies;
+    this.logger = logger.createChild(import_types2.DextoLogComponent.TOOLS);
+    this.setTools(tools);
+    this.toolExecutionContextFactory = () => {
+      throw import_errors.ToolError.configInvalid(
+        "ToolExecutionContextFactory not configured. DextoAgent.start() must configure tool execution context before tools can run."
+      );
+    };
+    this.setupNotificationListeners();
+    this.logger.debug("ToolManager initialized");
+  }
   mcpManager;
   agentTools = /* @__PURE__ */ new Map();
   approvalManager;
@@ -113,6 +131,8 @@ let _ToolManager = class _ToolManager {
   // Session-level auto-approve tools set by users (UI)
   sessionUserAutoApproveTools = /* @__PURE__ */ new Map();
   sessionDisabledTools = /* @__PURE__ */ new Map();
+  restoredSessionPreferences = /* @__PURE__ */ new Set();
+  sessionPreferenceLocks = /* @__PURE__ */ new Map();
   globalDisabledTools = [];
   cleanupHandlers = /* @__PURE__ */ new Set();
   cleanupStarted = false;
@@ -136,22 +156,76 @@ let _ToolManager = class _ToolManager {
     }
     return this.resolveLocalToolIdOrAlias(pattern) ?? pattern;
   }
-  constructor(mcpManager, approvalManager, allowedToolsProvider, approvalMode, agentEventBus, toolPolicies, tools, logger) {
-    this.mcpManager = mcpManager;
-    this.approvalManager = approvalManager;
-    this.allowedToolsProvider = allowedToolsProvider;
-    this.approvalMode = approvalMode;
-    this.agentEventBus = agentEventBus;
-    this.toolPolicies = toolPolicies;
-    this.logger = logger.createChild(import_types2.DextoLogComponent.TOOLS);
-    this.setTools(tools);
-    this.toolExecutionContextFactory = () => {
-      throw import_errors.ToolError.configInvalid(
-        "ToolExecutionContextFactory not configured. DextoAgent.start() must configure tool execution context before tools can run."
-      );
+  async runWithSessionPreferenceLock(sessionId, fn) {
+    const previousLock = this.sessionPreferenceLocks.get(sessionId) ?? Promise.resolve();
+    const currentResult = previousLock.catch(() => {
+    }).then(() => fn());
+    const currentLock = currentResult.then(
+      () => void 0,
+      () => void 0
+    );
+    this.sessionPreferenceLocks.set(sessionId, currentLock);
+    try {
+      return await currentResult;
+    } finally {
+      if (this.sessionPreferenceLocks.get(sessionId) === currentLock) {
+        this.sessionPreferenceLocks.delete(sessionId);
+      }
+    }
+  }
+  applySessionToolPreferences(sessionId, preferences) {
+    if (preferences.userAutoApproveTools.length > 0) {
+      this.sessionUserAutoApproveTools.set(sessionId, [...preferences.userAutoApproveTools]);
+    } else {
+      this.sessionUserAutoApproveTools.delete(sessionId);
+    }
+    if (preferences.disabledTools.length > 0) {
+      this.sessionDisabledTools.set(sessionId, [...preferences.disabledTools]);
+    } else {
+      this.sessionDisabledTools.delete(sessionId);
+    }
+  }
+  getSessionToolPreferencesSnapshot(sessionId) {
+    return {
+      userAutoApproveTools: [...this.sessionUserAutoApproveTools.get(sessionId) ?? []],
+      disabledTools: [...this.sessionDisabledTools.get(sessionId) ?? []]
     };
-    this.setupNotificationListeners();
-    this.logger.debug("ToolManager initialized");
+  }
+  async restoreSessionState(sessionId) {
+    if (this.restoredSessionPreferences.has(sessionId)) {
+      return;
+    }
+    await this.runWithSessionPreferenceLock(sessionId, async () => {
+      if (this.restoredSessionPreferences.has(sessionId)) {
+        return;
+      }
+      const preferences = await this.sessionToolPreferencesStore.load(sessionId);
+      this.applySessionToolPreferences(sessionId, preferences);
+      this.restoredSessionPreferences.add(sessionId);
+      this.logger.debug("Restored persisted session tool preferences", {
+        sessionId,
+        autoApproveCount: preferences.userAutoApproveTools.length,
+        disabledCount: preferences.disabledTools.length
+      });
+    });
+  }
+  evictSessionState(sessionId) {
+    this.sessionAutoApproveTools.delete(sessionId);
+    this.sessionUserAutoApproveTools.delete(sessionId);
+    this.sessionDisabledTools.delete(sessionId);
+    this.restoredSessionPreferences.delete(sessionId);
+  }
+  async deleteSessionState(sessionId) {
+    await this.runWithSessionPreferenceLock(sessionId, async () => {
+      this.evictSessionState(sessionId);
+      await this.sessionToolPreferencesStore.delete(sessionId);
+    });
+  }
+  async persistSessionToolPreferences(sessionId) {
+    await this.sessionToolPreferencesStore.save(
+      sessionId,
+      this.getSessionToolPreferencesSnapshot(sessionId)
+    );
   }
   /**
    * Initialize the ToolManager and its components
@@ -308,15 +382,19 @@ let _ToolManager = class _ToolManager {
   /**
    * Set session-level auto-approve tools chosen by the user.
    */
-  setSessionUserAutoApproveTools(sessionId, autoApproveTools) {
+  async setSessionUserAutoApproveTools(sessionId, autoApproveTools) {
+    await this.restoreSessionState(sessionId);
     if (autoApproveTools.length === 0) {
-      this.clearSessionUserAutoApproveTools(sessionId);
+      await this.clearSessionUserAutoApproveTools(sessionId);
       return;
     }
     const normalized = autoApproveTools.map(
       (pattern) => this.normalizeToolPolicyPattern(pattern)
     );
-    this.sessionUserAutoApproveTools.set(sessionId, normalized);
+    await this.runWithSessionPreferenceLock(sessionId, async () => {
+      this.sessionUserAutoApproveTools.set(sessionId, normalized);
+      await this.persistSessionToolPreferences(sessionId);
+    });
     this.logger.info(
       `Session user auto-approve tools set for '${sessionId}': ${autoApproveTools.length} tools`
     );
@@ -325,9 +403,14 @@ let _ToolManager = class _ToolManager {
   /**
    * Clear session-level auto-approve tools chosen by the user.
    */
-  clearSessionUserAutoApproveTools(sessionId) {
-    const hadAutoApprove = this.sessionUserAutoApproveTools.has(sessionId);
-    this.sessionUserAutoApproveTools.delete(sessionId);
+  async clearSessionUserAutoApproveTools(sessionId) {
+    await this.restoreSessionState(sessionId);
+    let hadAutoApprove = false;
+    await this.runWithSessionPreferenceLock(sessionId, async () => {
+      hadAutoApprove = this.sessionUserAutoApproveTools.has(sessionId);
+      this.sessionUserAutoApproveTools.delete(sessionId);
+      await this.persistSessionToolPreferences(sessionId);
+    });
     if (hadAutoApprove) {
       this.logger.info(`Session user auto-approve tools cleared for '${sessionId}'`);
     }
@@ -368,12 +451,16 @@ let _ToolManager = class _ToolManager {
   /**
    * Set session-level disabled tools (overrides global list).
    */
-  setSessionDisabledTools(sessionId, toolNames) {
+  async setSessionDisabledTools(sessionId, toolNames) {
+    await this.restoreSessionState(sessionId);
     if (toolNames.length === 0) {
-      this.clearSessionDisabledTools(sessionId);
+      await this.clearSessionDisabledTools(sessionId);
       return;
     }
-    this.sessionDisabledTools.set(sessionId, [...toolNames]);
+    await this.runWithSessionPreferenceLock(sessionId, async () => {
+      this.sessionDisabledTools.set(sessionId, [...toolNames]);
+      await this.persistSessionToolPreferences(sessionId);
+    });
     this.logger.info("Session disabled tools updated", {
       sessionId,
       count: toolNames.length
@@ -387,9 +474,14 @@ let _ToolManager = class _ToolManager {
   /**
    * Clear session-level disabled tools.
    */
-  clearSessionDisabledTools(sessionId) {
-    const hadOverrides = this.sessionDisabledTools.has(sessionId);
-    this.sessionDisabledTools.delete(sessionId);
+  async clearSessionDisabledTools(sessionId) {
+    await this.restoreSessionState(sessionId);
+    let hadOverrides = false;
+    await this.runWithSessionPreferenceLock(sessionId, async () => {
+      hadOverrides = this.sessionDisabledTools.has(sessionId);
+      this.sessionDisabledTools.delete(sessionId);
+      await this.persistSessionToolPreferences(sessionId);
+    });
     if (hadOverrides) {
       this.logger.info("Session disabled tools cleared", { sessionId });
     }
@@ -789,7 +881,7 @@ let _ToolManager = class _ToolManager {
           return false;
         }
         if (!patternKey) return false;
-        return this.approvalManager.matchesPattern(toolName, patternKey);
+        return this.approvalManager.matchesPattern(toolName, patternKey, sessionId);
       },
       { rememberPattern: void 0 }
       // Don't propagate pattern choice to auto-approved requests
@@ -820,7 +912,10 @@ let _ToolManager = class _ToolManager {
         if (!directoryAccess) {
           return false;
         }
-        return this.approvalManager.isDirectorySessionApproved(directoryAccess.parentDir);
+        return this.approvalManager.isDirectorySessionApproved(
+          directoryAccess.parentDir,
+          sessionId
+        );
       },
       { rememberDirectory: false }
     );
@@ -1470,7 +1565,11 @@ let _ToolManager = class _ToolManager {
   async tryQuickApprovalResolution(toolName, args, sessionId, directoryAccess) {
     if (directoryAccess) {
       if (this.approvalMode === "auto-approve") {
-        this.approvalManager.addApprovedDirectory(directoryAccess.parentDir, "once");
+        await this.approvalManager.addApprovedDirectory(
+          directoryAccess.parentDir,
+          "once",
+          sessionId
+        );
         return { requireApproval: false };
       }
       return null;
@@ -1494,7 +1593,7 @@ let _ToolManager = class _ToolManager {
       return { requireApproval: false };
     }
     const patternKey = this.getToolPatternKey(toolName, args);
-    if (patternKey && this.approvalManager.matchesPattern(toolName, patternKey)) {
+    if (patternKey && this.approvalManager.matchesPattern(toolName, patternKey, sessionId)) {
       this.logger.info(
         `Tool '${toolName}' matched approved pattern key '${patternKey}' \u2013 skipping confirmation.`
       );
@@ -1604,7 +1703,7 @@ let _ToolManager = class _ToolManager {
       );
       this.autoApprovePendingToolRequests(toolName, allowSessionId);
     } else if (rememberPattern && this.getToolApprovalPatternKeyFn(toolName)) {
-      this.approvalManager.addPattern(toolName, rememberPattern);
+      await this.approvalManager.addPattern(toolName, rememberPattern, sessionId);
       this.logger.info(`Pattern '${rememberPattern}' added for tool '${toolName}' approval`);
       this.autoApprovePendingPatternRequests(toolName, sessionId);
     } else if (rememberDirectory) {