@dexto/core 1.6.25 → 1.6.27

package/dist/approval/manager.js

@@ -6,6 +6,7 @@ import { createApprovalRequest } from "./factory.js";
 import { DextoLogComponent } from "../logger/v2/types.js";
 import { ApprovalError } from "./errors.js";
 import { patternCovers } from "../tools/pattern-utils.js";
+const GLOBAL_APPROVAL_SCOPE = "__global__";
 function tryRealpathSync(targetPath) {
   try {
     return realpathSync(targetPath);
@@ -31,45 +32,156 @@ function tryRealpathSyncWithExistingParent(resolvedPath) {
   }
 }
 class ApprovalManager {
-  handler;
-  config;
-  logger;
-  /**
-   * Tool approval patterns, keyed by tool id.
-   *
-   * Patterns use simple glob syntax (e.g. "git *", "npm install *") and are matched
-   * using pattern-to-pattern covering (see {@link patternCovers}).
-   */
-  toolPatterns = /* @__PURE__ */ new Map();
-  /**
-   * Directories approved for file access for the current session.
-   * Stores normalized absolute paths mapped to their approval type:
-   * - 'session': No directory prompt, follows tool config (working dir + user session-approved)
-   * - 'once': Prompts each time, but tool can execute
-   * Cleared when session ends.
-   */
-  approvedDirectories = /* @__PURE__ */ new Map();
-  constructor(config, logger) {
+  constructor(config, logger, sessionApprovalStore) {
+    this.sessionApprovalStore = sessionApprovalStore;
     this.config = config;
     this.logger = logger.createChild(DextoLogComponent.APPROVAL);
     this.logger.debug(
       `ApprovalManager initialized with permissions.mode: ${config.permissions.mode}, elicitation.enabled: ${config.elicitation.enabled}`
     );
   }
+  handler;
+  config;
+  logger;
+  loadedScopes = /* @__PURE__ */ new Set();
+  scopeLocks = /* @__PURE__ */ new Map();
+  scopes = /* @__PURE__ */ new Map();
+  getScopeKey(sessionId) {
+    return sessionId ?? GLOBAL_APPROVAL_SCOPE;
+  }
+  getScopeLabel(sessionId) {
+    return sessionId ?? "global";
+  }
+  getApprovalTimeout(type, timeout) {
+    return timeout ?? this.getDefaultTimeout(type);
+  }
+  getDefaultTimeout(type) {
+    return type === ApprovalType.ELICITATION ? this.config.elicitation.timeout : this.config.permissions.timeout;
+  }
+  createEmptyScopeState() {
+    return {
+      toolPatterns: /* @__PURE__ */ new Map(),
+      approvedDirectories: /* @__PURE__ */ new Map()
+    };
+  }
+  getOrCreateScope(scopeKey) {
+    const existing = this.scopes.get(scopeKey);
+    if (existing) return existing;
+    const created = this.createEmptyScopeState();
+    this.scopes.set(scopeKey, created);
+    return created;
+  }
+  getScope(scopeKey) {
+    return this.scopes.get(scopeKey) ?? this.createEmptyScopeState();
+  }
+  async runWithScopeLock(scopeKey, fn) {
+    const previousLock = this.scopeLocks.get(scopeKey) ?? Promise.resolve();
+    const currentResult = previousLock.catch(() => {
+    }).then(() => fn());
+    const currentLock = currentResult.then(
+      () => void 0,
+      () => void 0
+    );
+    this.scopeLocks.set(scopeKey, currentLock);
+    try {
+      return await currentResult;
+    } finally {
+      if (this.scopeLocks.get(scopeKey) === currentLock) {
+        this.scopeLocks.delete(scopeKey);
+      }
+    }
+  }
+  snapshotToolPatterns(scopeKey) {
+    const snapshot = {};
+    for (const [toolName, patterns] of this.getScope(scopeKey).toolPatterns) {
+      snapshot[toolName] = Array.from(patterns);
+    }
+    return snapshot;
+  }
+  snapshotApprovedDirectories(scopeKey) {
+    return Array.from(this.getScope(scopeKey).approvedDirectories.entries()).map(
+      ([path2, type]) => ({
+        path: path2,
+        type
+      })
+    );
+  }
+  async persistScope(sessionId) {
+    const scopeKey = this.getScopeKey(sessionId);
+    const state = {
+      toolPatterns: this.snapshotToolPatterns(scopeKey),
+      approvedDirectories: this.snapshotApprovedDirectories(scopeKey)
+    };
+    await this.sessionApprovalStore.save(sessionId, state);
+  }
+  hydrateScope(sessionId, state) {
+    const scopeKey = this.getScopeKey(sessionId);
+    const toolPatterns = /* @__PURE__ */ new Map();
+    for (const [toolName, patterns] of Object.entries(state.toolPatterns)) {
+      toolPatterns.set(toolName, new Set(patterns));
+    }
+    const approvedDirectories = /* @__PURE__ */ new Map();
+    for (const entry of state.approvedDirectories) {
+      approvedDirectories.set(entry.path, entry.type);
+    }
+    this.scopes.set(scopeKey, {
+      toolPatterns,
+      approvedDirectories
+    });
+  }
+  async restoreSessionState(sessionId) {
+    const scopeKey = this.getScopeKey(sessionId);
+    if (this.loadedScopes.has(scopeKey)) {
+      return;
+    }
+    await this.runWithScopeLock(scopeKey, async () => {
+      if (this.loadedScopes.has(scopeKey)) {
+        return;
+      }
+      const state = await this.sessionApprovalStore.load(sessionId);
+      this.hydrateScope(sessionId, state);
+      this.loadedScopes.add(scopeKey);
+      this.logger.debug("Restored persisted approval state", {
+        sessionId: this.getScopeLabel(sessionId),
+        toolCount: Object.keys(state.toolPatterns).length,
+        directoryCount: state.approvedDirectories.length
+      });
+    });
+  }
+  evictSessionState(sessionId) {
+    const scopeKey = this.getScopeKey(sessionId);
+    this.scopes.delete(scopeKey);
+    this.loadedScopes.delete(scopeKey);
+  }
+  async deleteSessionState(sessionId) {
+    const scopeKey = this.getScopeKey(sessionId);
+    await this.runWithScopeLock(scopeKey, async () => {
+      this.evictSessionState(sessionId);
+      await this.sessionApprovalStore.delete(sessionId);
+    });
+  }
   // ==================== Pattern Methods ====================
-  getOrCreateToolPatternSet(toolName) {
-    const existing = this.toolPatterns.get(toolName);
+  getOrCreateToolPatternSet(toolName, scopeKey) {
+    const scope = this.getOrCreateScope(scopeKey).toolPatterns;
+    const existing = scope.get(toolName);
     if (existing) return existing;
     const created = /* @__PURE__ */ new Set();
-    this.toolPatterns.set(toolName, created);
+    scope.set(toolName, created);
     return created;
   }
   /**
    * Add an approval pattern for a tool.
    */
-  addPattern(toolName, pattern) {
-    this.getOrCreateToolPatternSet(toolName).add(pattern);
-    this.logger.debug(`Added pattern for '${toolName}': "${pattern}"`);
+  async addPattern(toolName, pattern, sessionId) {
+    await this.restoreSessionState(sessionId);
+    const scopeKey = this.getScopeKey(sessionId);
+    await this.runWithScopeLock(scopeKey, async () => {
+      this.getOrCreateToolPatternSet(toolName, scopeKey).add(pattern);
+      await this.persistScope(sessionId);
+    });
+    this.logger.debug(
+      `Added pattern for '${toolName}' in '${this.getScopeLabel(sessionId)}': "${pattern}"`
+    );
   }
   /**
    * Check if a pattern key is covered by any approved pattern for a tool.
@@ -77,8 +189,9 @@ class ApprovalManager {
    * Note: This expects a pattern key (e.g. "git push *"), not raw arguments.
    * Tools are responsible for generating the key via `tool.approval.patternKey()`.
    */
-  matchesPattern(toolName, patternKey) {
-    const patterns = this.toolPatterns.get(toolName);
+  matchesPattern(toolName, patternKey, sessionId) {
+    const scopeKey = this.getScopeKey(sessionId);
+    const patterns = this.getScope(scopeKey).toolPatterns.get(toolName);
     if (!patterns || patterns.size === 0) return false;
     for (const storedPattern of patterns) {
       if (patternCovers(storedPattern, patternKey)) {
@@ -93,37 +206,47 @@ class ApprovalManager {
   /**
    * Clear all patterns for a tool (or all tools when omitted).
    */
-  clearPatterns(toolName) {
-    if (toolName) {
-      const patterns = this.toolPatterns.get(toolName);
-      if (!patterns) return;
-      const count2 = patterns.size;
-      patterns.clear();
-      if (count2 > 0) {
-        this.logger.debug(`Cleared ${count2} pattern(s) for '${toolName}'`);
+  async clearPatterns(toolName, sessionId) {
+    await this.restoreSessionState(sessionId);
+    const scopeKey = this.getScopeKey(sessionId);
+    await this.runWithScopeLock(scopeKey, async () => {
+      const scope = this.getOrCreateScope(scopeKey).toolPatterns;
+      if (toolName) {
+        const patterns = scope.get(toolName);
+        if (!patterns) return;
+        const count2 = patterns.size;
+        scope.delete(toolName);
+        await this.persistScope(sessionId);
+        if (count2 > 0) {
+          this.logger.debug(
+            `Cleared ${count2} pattern(s) for '${toolName}' in '${this.getScopeLabel(sessionId)}'`
+          );
+        }
+        return;
       }
-      return;
-    }
-    const count = Array.from(this.toolPatterns.values()).reduce(
-      (sum, set) => sum + set.size,
-      0
-    );
-    this.toolPatterns.clear();
-    if (count > 0) {
-      this.logger.debug(`Cleared ${count} total tool pattern(s)`);
-    }
+      const count = Array.from(scope.values()).reduce((sum, set) => sum + set.size, 0);
+      scope.clear();
+      await this.persistScope(sessionId);
+      if (count > 0) {
+        this.logger.debug(
+          `Cleared ${count} total tool pattern(s) in '${this.getScopeLabel(sessionId)}'`
+        );
+      }
+    });
   }
   /**
    * Get patterns for a tool (for debugging/display).
    */
-  getToolPatterns(toolName) {
-    return this.toolPatterns.get(toolName) ?? /* @__PURE__ */ new Set();
+  getToolPatterns(toolName, sessionId) {
+    const scopeKey = this.getScopeKey(sessionId);
+    return this.getScope(scopeKey).toolPatterns.get(toolName) ?? /* @__PURE__ */ new Set();
   }
   /**
    * Get all tool patterns (for debugging/display).
    */
-  getAllToolPatterns() {
-    return this.toolPatterns;
+  getAllToolPatterns(sessionId) {
+    const scopeKey = this.getScopeKey(sessionId);
+    return this.getScope(scopeKey).toolPatterns;
   }
   // ==================== Directory Access Methods ====================
   /**
@@ -133,21 +256,32 @@ class ApprovalManager {
    * continue to work even when other subsystems canonicalize paths via realpath
    * (e.g. macOS /tmp -> /private/tmp or custom symlinked directories).
    */
-  getDirectoryApprovalKeys(directory) {
-    const resolved = path.resolve(directory);
+  getPathApprovalKeys(targetPath) {
+    const resolved = path.resolve(targetPath);
     const real = tryRealpathSyncWithExistingParent(resolved);
     if (real && real !== resolved) {
       return [resolved, real];
     }
     return [resolved];
   }
-  getFileApprovalKeys(filePath) {
-    const resolved = path.resolve(filePath);
-    const real = tryRealpathSyncWithExistingParent(resolved);
-    if (real && real !== resolved) {
-      return [resolved, real];
+  isPathWithinApprovedDirectory(targetPath, sessionId, approvedTypes) {
+    const scopeKey = this.getScopeKey(sessionId);
+    const directoryScope = this.getScope(scopeKey).approvedDirectories;
+    for (const normalized of this.getPathApprovalKeys(targetPath)) {
+      for (const [approvedDir, type] of directoryScope) {
+        if (!approvedTypes.has(type)) {
+          continue;
+        }
+        const relative = path.relative(approvedDir, normalized);
+        if (!relative.startsWith("..") && !path.isAbsolute(relative)) {
+          this.logger.debug(
+            `Path "${normalized}" is within approved directory "${approvedDir}" (type: ${type})`
+          );
+          return true;
+        }
+      }
     }
-    return [resolved];
+    return false;
   }
   /**
    * Initialize the working directory as a session-approved directory.
@@ -156,8 +290,8 @@ class ApprovalManager {
    *
    * @param workingDir The working directory path
    */
-  initializeWorkingDirectory(workingDir) {
-    this.addApprovedDirectory(workingDir, "session");
+  async initializeWorkingDirectory(workingDir, sessionId) {
+    await this.addApprovedDirectory(workingDir, "session", sessionId);
   }
   /**
    * Add a directory to the approved list for this session.
@@ -176,29 +310,35 @@ class ApprovalManager {
    * // Tool can access, but will prompt again next time
    * ```
    */
-  addApprovedDirectory(directory, type = "session") {
-    const keys = this.getDirectoryApprovalKeys(directory);
-    const existingTypes = keys.map((key) => this.approvedDirectories.get(key)).filter((value) => value !== void 0);
-    const hasSessionApproval = existingTypes.includes("session");
-    const effectiveType = type === "session" || hasSessionApproval ? "session" : "once";
-    for (const key of keys) {
-      const existing = this.approvedDirectories.get(key);
-      if (existing === "session") {
-        continue;
+  async addApprovedDirectory(directory, type = "session", sessionId) {
+    await this.restoreSessionState(sessionId);
+    const scopeKey = this.getScopeKey(sessionId);
+    await this.runWithScopeLock(scopeKey, async () => {
+      const keys = this.getPathApprovalKeys(directory);
+      const directoryScope = this.getOrCreateScope(scopeKey).approvedDirectories;
+      const existingTypes = keys.map((key) => directoryScope.get(key)).filter((value) => value !== void 0);
+      const hasSessionApproval = existingTypes.includes("session");
+      const effectiveType = type === "session" || hasSessionApproval ? "session" : "once";
+      for (const key of keys) {
+        const existing = directoryScope.get(key);
+        if (existing === "session") {
+          continue;
+        }
+        directoryScope.set(key, effectiveType);
       }
-      this.approvedDirectories.set(key, effectiveType);
-    }
-    const resolvedKey = keys[0];
-    if (effectiveType === "session" && type === "once" && hasSessionApproval) {
+      await this.persistScope(sessionId);
+      const resolvedKey = keys[0];
+      if (effectiveType === "session" && type === "once" && hasSessionApproval) {
+        this.logger.debug(
+          `Directory "${resolvedKey}" already approved as 'session', not downgrading to 'once'`
+        );
+        return;
+      }
+      const realKey = keys.length > 1 ? keys[1] : null;
       this.logger.debug(
-        `Directory "${resolvedKey}" already approved as 'session', not downgrading to 'once'`
+        `Added approved directory in '${this.getScopeLabel(sessionId)}': "${resolvedKey}" (type: ${effectiveType})${realKey ? `, realpath: "${realKey}"` : ""}`
       );
-      return;
-    }
-    const realKey = keys.length > 1 ? keys[1] : null;
-    this.logger.debug(
-      `Added approved directory: "${resolvedKey}" (type: ${effectiveType})${realKey ? `, realpath: "${realKey}"` : ""}`
-    );
+    });
   }
   /**
    * Check if a file path is within any session-approved directory.
@@ -208,20 +348,8 @@ class ApprovalManager {
    * @param filePath The file path to check (can be relative or absolute)
    * @returns true if the path is within a session-approved directory
    */
-  isDirectorySessionApproved(filePath) {
-    for (const normalized of this.getFileApprovalKeys(filePath)) {
-      for (const [approvedDir, type] of this.approvedDirectories) {
-        if (type !== "session") continue;
-        const relative = path.relative(approvedDir, normalized);
-        if (!relative.startsWith("..") && !path.isAbsolute(relative)) {
-          this.logger.debug(
-            `Path "${normalized}" is within session-approved directory "${approvedDir}"`
-          );
-          return true;
-        }
-      }
-    }
-    return false;
+  isDirectorySessionApproved(filePath, sessionId) {
+    return this.isPathWithinApprovedDirectory(filePath, sessionId, /* @__PURE__ */ new Set(["session"]));
   }
   /**
    * Check if a file path is within any approved directory (session OR once).
@@ -231,51 +359,103 @@ class ApprovalManager {
    * @param filePath The file path to check (can be relative or absolute)
    * @returns true if the path is within any approved directory
    */
-  isDirectoryApproved(filePath) {
-    for (const normalized of this.getFileApprovalKeys(filePath)) {
-      for (const [approvedDir] of this.approvedDirectories) {
-        const relative = path.relative(approvedDir, normalized);
-        if (!relative.startsWith("..") && !path.isAbsolute(relative)) {
-          this.logger.debug(
-            `Path "${normalized}" is within approved directory "${approvedDir}"`
-          );
-          return true;
-        }
-      }
-    }
-    return false;
+  isDirectoryApproved(filePath, sessionId) {
+    return this.isPathWithinApprovedDirectory(
+      filePath,
+      sessionId,
+      /* @__PURE__ */ new Set(["session", "once"])
+    );
   }
   /**
    * Clear all approved directories.
    * Should be called when session ends.
    */
-  clearApprovedDirectories() {
-    const count = this.approvedDirectories.size;
-    this.approvedDirectories.clear();
-    if (count > 0) {
-      this.logger.debug(`Cleared ${count} approved directories`);
-    }
+  async clearApprovedDirectories(sessionId) {
+    await this.restoreSessionState(sessionId);
+    const scopeKey = this.getScopeKey(sessionId);
+    await this.runWithScopeLock(scopeKey, async () => {
+      const scope = this.getOrCreateScope(scopeKey).approvedDirectories;
+      const count = scope.size;
+      scope.clear();
+      await this.persistScope(sessionId);
+      if (count > 0) {
+        this.logger.debug(
+          `Cleared ${count} approved directories in '${this.getScopeLabel(sessionId)}'`
+        );
+      }
+    });
   }
   /**
    * Get the current map of approved directories with their types (for debugging/display).
    */
-  getApprovedDirectories() {
-    return this.approvedDirectories;
+  getApprovedDirectories(sessionId) {
+    const scopeKey = this.getScopeKey(sessionId);
+    return this.getScope(scopeKey).approvedDirectories;
   }
   /**
    * Get just the directory paths that are approved (for debugging/display).
    */
-  getApprovedDirectoryPaths() {
-    return Array.from(this.approvedDirectories.keys());
+  getApprovedDirectoryPaths(sessionId) {
+    return Array.from(this.getApprovedDirectories(sessionId).keys());
   }
   /**
    * Clear all session-scoped approvals (tool patterns and directories).
    * Convenience method for clearing all session state at once.
    */
-  clearSessionApprovals() {
-    this.clearPatterns();
-    this.clearApprovedDirectories();
-    this.logger.debug("Cleared all session approvals");
+  async clearSessionApprovals(sessionId) {
+    await this.restoreSessionState(sessionId);
+    const scopeKey = this.getScopeKey(sessionId);
+    await this.runWithScopeLock(scopeKey, async () => {
+      const scope = this.getOrCreateScope(scopeKey);
+      const patternCount = Array.from(scope.toolPatterns.values()).reduce(
+        (sum, set) => sum + set.size,
+        0
+      );
+      const directoryCount = scope.approvedDirectories.size;
+      scope.toolPatterns.clear();
+      scope.approvedDirectories.clear();
+      await this.persistScope(sessionId);
+      if (patternCount > 0 || directoryCount > 0) {
+        this.logger.debug(
+          `Cleared ${patternCount} tool pattern(s) and ${directoryCount} approved director${directoryCount === 1 ? "y" : "ies"} in '${this.getScopeLabel(sessionId)}'`
+        );
+      }
+    });
+  }
+  createApprovalDetails(type, metadata, sessionId, hostRuntime, timeout) {
+    const details = {
+      type,
+      timeout: this.getApprovalTimeout(type, timeout),
+      metadata
+    };
+    if (sessionId !== void 0) {
+      details.sessionId = sessionId;
+    }
+    if (hostRuntime !== void 0) {
+      details.hostRuntime = hostRuntime;
+    }
+    return details;
+  }
+  createResponse(request, response) {
+    return {
+      approvalId: request.approvalId,
+      ...request.sessionId !== void 0 ? { sessionId: request.sessionId } : {},
+      ...request.hostRuntime !== void 0 ? { hostRuntime: request.hostRuntime } : {},
+      ...response
+    };
+  }
+  getElicitationFormData(response) {
+    if (response.data && typeof response.data === "object" && "formData" in response.data && typeof response.data.formData === "object" && response.data.formData !== null) {
+      return response.data.formData;
+    }
+    if (response.data === void 0 || typeof response.data === "object" && response.data !== null && !("formData" in response.data)) {
+      return {};
+    }
+    throw ApprovalError.invalidResponse("Approved elicitation response is missing formData", {
+      approvalId: response.approvalId,
+      type: ApprovalType.ELICITATION,
+      field: "formData"
+    });
   }
   /**
    * Request directory access approval.
@@ -293,17 +473,16 @@ class ApprovalManager {
    * ```
    */
   async requestDirectoryAccess(metadata) {
-    const { sessionId, timeout, ...directoryMetadata } = metadata;
-    const details = {
-      type: ApprovalType.DIRECTORY_ACCESS,
-      // Use provided timeout, fallback to config timeout, or undefined (no timeout)
-      timeout: timeout !== void 0 ? timeout : this.config.permissions.timeout,
-      metadata: directoryMetadata
-    };
-    if (sessionId !== void 0) {
-      details.sessionId = sessionId;
-    }
-    return this.requestApproval(details);
+    const { sessionId, hostRuntime, timeout, ...directoryMetadata } = metadata;
+    return this.requestApproval(
+      this.createApprovalDetails(
+        ApprovalType.DIRECTORY_ACCESS,
+        directoryMetadata,
+        sessionId,
+        hostRuntime,
+        timeout
+      )
+    );
   }
   /**
    * Request a generic approval
@@ -334,29 +513,19 @@ class ApprovalManager {
       this.logger.info(
         `Auto-approve approval '${request.type}', approvalId: ${request.approvalId}`
       );
-      const response = {
-        approvalId: request.approvalId,
+      return this.createResponse(request, {
         status: ApprovalStatus.APPROVED
-      };
-      if (request.sessionId !== void 0) {
-        response.sessionId = request.sessionId;
-      }
-      return response;
+      });
     }
     if (mode === "auto-deny") {
       this.logger.info(
         `Auto-deny approval '${request.type}', approvalId: ${request.approvalId}`
       );
-      const response = {
-        approvalId: request.approvalId,
+      return this.createResponse(request, {
         status: ApprovalStatus.DENIED,
         reason: DenialReason.SYSTEM_DENIED,
         message: `Approval automatically denied by system policy (auto-deny mode)`
-      };
-      if (request.sessionId !== void 0) {
-        response.sessionId = request.sessionId;
-      }
-      return response;
+      });
     }
     const handler = this.ensureHandler();
     this.logger.info(
@@ -372,17 +541,16 @@ class ApprovalManager {
    * Tool confirmations always happen in session context during LLM execution
    */
   async requestToolApproval(metadata) {
-    const { sessionId, timeout, ...toolMetadata } = metadata;
-    const details = {
-      type: ApprovalType.TOOL_APPROVAL,
-      // Use provided timeout, fallback to config timeout, or undefined (no timeout)
-      timeout: timeout !== void 0 ? timeout : this.config.permissions.timeout,
-      metadata: toolMetadata
-    };
-    if (sessionId !== void 0) {
-      details.sessionId = sessionId;
-    }
-    return this.requestApproval(details);
+    const { sessionId, hostRuntime, timeout, ...toolMetadata } = metadata;
+    return this.requestApproval(
+      this.createApprovalDetails(
+        ApprovalType.TOOL_APPROVAL,
+        toolMetadata,
+        sessionId,
+        hostRuntime,
+        timeout
+      )
+    );
   }
   /**
    * Request command confirmation approval
@@ -406,17 +574,16 @@ class ApprovalManager {
    * ```
    */
   async requestCommandConfirmation(metadata) {
-    const { sessionId, timeout, ...commandMetadata } = metadata;
-    const details = {
-      type: ApprovalType.COMMAND_CONFIRMATION,
-      // Use provided timeout, fallback to config timeout, or undefined (no timeout)
-      timeout: timeout !== void 0 ? timeout : this.config.permissions.timeout,
-      metadata: commandMetadata
-    };
-    if (sessionId !== void 0) {
-      details.sessionId = sessionId;
-    }
-    return this.requestApproval(details);
+    const { sessionId, hostRuntime, timeout, ...commandMetadata } = metadata;
+    return this.requestApproval(
+      this.createApprovalDetails(
+        ApprovalType.COMMAND_CONFIRMATION,
+        commandMetadata,
+        sessionId,
+        hostRuntime,
+        timeout
+      )
+    );
   }
   /**
    * Request elicitation from MCP server
@@ -426,17 +593,16 @@ class ApprovalManager {
    * and the MCP protocol doesn't include session context in elicitation requests.
    */
   async requestElicitation(metadata) {
-    const { sessionId, timeout, ...elicitationMetadata } = metadata;
-    const details = {
-      type: ApprovalType.ELICITATION,
-      // Use provided timeout, fallback to config timeout, or undefined (no timeout)
-      timeout: timeout !== void 0 ? timeout : this.config.elicitation.timeout,
-      metadata: elicitationMetadata
-    };
-    if (sessionId !== void 0) {
-      details.sessionId = sessionId;
-    }
-    return this.requestApproval(details);
+    const { sessionId, hostRuntime, timeout, ...elicitationMetadata } = metadata;
+    return this.requestApproval(
+      this.createApprovalDetails(
+        ApprovalType.ELICITATION,
+        elicitationMetadata,
+        sessionId,
+        hostRuntime,
+        timeout
+      )
+    );
   }
   /**
    * Check if tool approval was approved
@@ -468,10 +634,7 @@ class ApprovalManager {
   async getElicitationData(metadata) {
     const response = await this.requestElicitation(metadata);
     if (response.status === ApprovalStatus.APPROVED) {
-      if (response.data && typeof response.data === "object" && "formData" in response.data && typeof response.data.formData === "object" && response.data.formData !== null) {
-        return response.data.formData;
-      }
-      return {};
+      return this.getElicitationFormData(response);
     } else if (response.status === ApprovalStatus.DENIED) {
       throw ApprovalError.elicitationDenied(
         metadata.serverName,