@dexto/tools-filesystem 1.5.2 → 1.5.4

package/dist/glob-files-tool.d.ts

@@ -1,5 +1,6 @@
 import { InternalTool } from '@dexto/core';
-import { FileSystemService } from './filesystem-service.js';
+import { FileToolOptions } from './file-tool-types.js';
+import './filesystem-service.js';
 import './types.js';
 
 /**
@@ -9,8 +10,8 @@ import './types.js';
  */
 
 /**
- * Create the glob_files internal tool
+ * Create the glob_files internal tool with directory approval support
  */
-declare function createGlobFilesTool(fileSystemService: FileSystemService): InternalTool;
+declare function createGlobFilesTool(options: FileToolOptions): InternalTool;
 
 export { createGlobFilesTool };

package/dist/glob-files-tool.js

@@ -1,18 +1,61 @@
+import * as path from "node:path";
 import { z } from "zod";
+import { ApprovalType } from "@dexto/core";
 const GlobFilesInputSchema = z.object({
   pattern: z.string().describe('Glob pattern to match files (e.g., "**/*.ts", "src/**/*.js")'),
   path: z.string().optional().describe("Base directory to search from (defaults to working directory)"),
   max_results: z.number().int().positive().optional().default(1e3).describe("Maximum number of results to return (default: 1000)")
 }).strict();
-function createGlobFilesTool(fileSystemService) {
+function createGlobFilesTool(options) {
+  const { fileSystemService, directoryApproval } = options;
+  let pendingApprovalSearchDir;
   return {
     id: "glob_files",
     description: "Find files matching a glob pattern. Supports standard glob syntax like **/*.js for recursive matches, *.ts for files in current directory, and src/**/*.tsx for nested paths. Returns array of file paths with metadata (size, modified date). Results are limited to allowed paths only.",
     inputSchema: GlobFilesInputSchema,
+    /**
+     * Check if this glob operation needs directory access approval.
+     * Returns custom approval request if the search directory is outside allowed paths.
+     */
+    getApprovalOverride: async (args) => {
+      const { path: searchPath } = args;
+      const baseDir = fileSystemService.getWorkingDirectory();
+      const searchDir = path.resolve(baseDir, searchPath || ".");
+      const isAllowed = await fileSystemService.isPathWithinConfigAllowed(searchDir);
+      if (isAllowed) {
+        return null;
+      }
+      if (directoryApproval?.isSessionApproved(searchDir)) {
+        return null;
+      }
+      pendingApprovalSearchDir = searchDir;
+      return {
+        type: ApprovalType.DIRECTORY_ACCESS,
+        metadata: {
+          path: searchDir,
+          parentDir: searchDir,
+          operation: "search",
+          toolName: "glob_files"
+        }
+      };
+    },
+    /**
+     * Handle approved directory access - remember the directory for session
+     */
+    onApprovalGranted: (response) => {
+      if (!directoryApproval || !pendingApprovalSearchDir) return;
+      const data = response.data;
+      const rememberDirectory = data?.rememberDirectory ?? false;
+      directoryApproval.addApproved(
+        pendingApprovalSearchDir,
+        rememberDirectory ? "session" : "once"
+      );
+      pendingApprovalSearchDir = void 0;
+    },
     execute: async (input, _context) => {
-      const { pattern, path, max_results } = input;
+      const { pattern, path: path2, max_results } = input;
       const result = await fileSystemService.globFiles(pattern, {
-        cwd: path,
+        cwd: path2,
         maxResults: max_results,
         includeMetadata: true
       });

package/dist/grep-content-tool.cjs

@@ -1,7 +1,9 @@
 "use strict";
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -15,13 +17,23 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var grep_content_tool_exports = {};
 __export(grep_content_tool_exports, {
   createGrepContentTool: () => createGrepContentTool
 });
 module.exports = __toCommonJS(grep_content_tool_exports);
+var path = __toESM(require("node:path"), 1);
 var import_zod = require("zod");
+var import_core = require("@dexto/core");
 const GrepContentInputSchema = import_zod.z.object({
   pattern: import_zod.z.string().describe("Regular expression pattern to search for"),
   path: import_zod.z.string().optional().describe("Directory to search in (defaults to working directory)"),
@@ -32,15 +44,55 @@ const GrepContentInputSchema = import_zod.z.object({
   case_insensitive: import_zod.z.boolean().optional().default(false).describe("Perform case-insensitive search (default: false)"),
   max_results: import_zod.z.number().int().positive().optional().default(100).describe("Maximum number of results to return (default: 100)")
 }).strict();
-function createGrepContentTool(fileSystemService) {
+function createGrepContentTool(options) {
+  const { fileSystemService, directoryApproval } = options;
+  let pendingApprovalSearchDir;
   return {
     id: "grep_content",
     description: 'Search for text patterns in files using regular expressions. Returns matching lines with file path, line number, and optional context lines. Use glob parameter to filter specific file types (e.g., "*.ts"). Supports case-insensitive search. Great for finding code patterns, function definitions, or specific text across multiple files.',
     inputSchema: GrepContentInputSchema,
+    /**
+     * Check if this grep operation needs directory access approval.
+     * Returns custom approval request if the search directory is outside allowed paths.
+     */
+    getApprovalOverride: async (args) => {
+      const { path: searchPath } = args;
+      const searchDir = path.resolve(searchPath || process.cwd());
+      const isAllowed = await fileSystemService.isPathWithinConfigAllowed(searchDir);
+      if (isAllowed) {
+        return null;
+      }
+      if (directoryApproval?.isSessionApproved(searchDir)) {
+        return null;
+      }
+      pendingApprovalSearchDir = searchDir;
+      return {
+        type: import_core.ApprovalType.DIRECTORY_ACCESS,
+        metadata: {
+          path: searchDir,
+          parentDir: searchDir,
+          operation: "search",
+          toolName: "grep_content"
+        }
+      };
+    },
+    /**
+     * Handle approved directory access - remember the directory for session
+     */
+    onApprovalGranted: (response) => {
+      if (!directoryApproval || !pendingApprovalSearchDir) return;
+      const data = response.data;
+      const rememberDirectory = data?.rememberDirectory ?? false;
+      directoryApproval.addApproved(
+        pendingApprovalSearchDir,
+        rememberDirectory ? "session" : "once"
+      );
+      pendingApprovalSearchDir = void 0;
+    },
     execute: async (input, _context) => {
-      const { pattern, path, glob, context_lines, case_insensitive, max_results } = input;
+      const { pattern, path: path2, glob, context_lines, case_insensitive, max_results } = input;
       const result = await fileSystemService.searchContent(pattern, {
-        path,
+        path: path2,
         glob,
         contextLines: context_lines,
         caseInsensitive: case_insensitive,

package/dist/grep-content-tool.d.cts

@@ -1,5 +1,6 @@
 import { InternalTool } from '@dexto/core';
-import { FileSystemService } from './filesystem-service.cjs';
+import { FileToolOptions } from './file-tool-types.cjs';
+import './filesystem-service.cjs';
 import './types.cjs';
 
 /**
@@ -9,8 +10,8 @@ import './types.cjs';
  */
 
 /**
- * Create the grep_content internal tool
+ * Create the grep_content internal tool with directory approval support
  */
-declare function createGrepContentTool(fileSystemService: FileSystemService): InternalTool;
+declare function createGrepContentTool(options: FileToolOptions): InternalTool;
 
 export { createGrepContentTool };

package/dist/grep-content-tool.d.ts

@@ -1,5 +1,6 @@
 import { InternalTool } from '@dexto/core';
-import { FileSystemService } from './filesystem-service.js';
+import { FileToolOptions } from './file-tool-types.js';
+import './filesystem-service.js';
 import './types.js';
 
 /**
@@ -9,8 +10,8 @@ import './types.js';
  */
 
 /**
- * Create the grep_content internal tool
+ * Create the grep_content internal tool with directory approval support
  */
-declare function createGrepContentTool(fileSystemService: FileSystemService): InternalTool;
+declare function createGrepContentTool(options: FileToolOptions): InternalTool;
 
 export { createGrepContentTool };

package/dist/grep-content-tool.js

@@ -1,4 +1,6 @@
+import * as path from "node:path";
 import { z } from "zod";
+import { ApprovalType } from "@dexto/core";
 const GrepContentInputSchema = z.object({
   pattern: z.string().describe("Regular expression pattern to search for"),
   path: z.string().optional().describe("Directory to search in (defaults to working directory)"),
@@ -9,15 +11,55 @@ const GrepContentInputSchema = z.object({
   case_insensitive: z.boolean().optional().default(false).describe("Perform case-insensitive search (default: false)"),
   max_results: z.number().int().positive().optional().default(100).describe("Maximum number of results to return (default: 100)")
 }).strict();
-function createGrepContentTool(fileSystemService) {
+function createGrepContentTool(options) {
+  const { fileSystemService, directoryApproval } = options;
+  let pendingApprovalSearchDir;
   return {
     id: "grep_content",
     description: 'Search for text patterns in files using regular expressions. Returns matching lines with file path, line number, and optional context lines. Use glob parameter to filter specific file types (e.g., "*.ts"). Supports case-insensitive search. Great for finding code patterns, function definitions, or specific text across multiple files.',
     inputSchema: GrepContentInputSchema,
+    /**
+     * Check if this grep operation needs directory access approval.
+     * Returns custom approval request if the search directory is outside allowed paths.
+     */
+    getApprovalOverride: async (args) => {
+      const { path: searchPath } = args;
+      const searchDir = path.resolve(searchPath || process.cwd());
+      const isAllowed = await fileSystemService.isPathWithinConfigAllowed(searchDir);
+      if (isAllowed) {
+        return null;
+      }
+      if (directoryApproval?.isSessionApproved(searchDir)) {
+        return null;
+      }
+      pendingApprovalSearchDir = searchDir;
+      return {
+        type: ApprovalType.DIRECTORY_ACCESS,
+        metadata: {
+          path: searchDir,
+          parentDir: searchDir,
+          operation: "search",
+          toolName: "grep_content"
+        }
+      };
+    },
+    /**
+     * Handle approved directory access - remember the directory for session
+     */
+    onApprovalGranted: (response) => {
+      if (!directoryApproval || !pendingApprovalSearchDir) return;
+      const data = response.data;
+      const rememberDirectory = data?.rememberDirectory ?? false;
+      directoryApproval.addApproved(
+        pendingApprovalSearchDir,
+        rememberDirectory ? "session" : "once"
+      );
+      pendingApprovalSearchDir = void 0;
+    },
     execute: async (input, _context) => {
-      const { pattern, path, glob, context_lines, case_insensitive, max_results } = input;
+      const { pattern, path: path2, glob, context_lines, case_insensitive, max_results } = input;
       const result = await fileSystemService.searchContent(pattern, {
-        path,
+        path: path2,
         glob,
         contextLines: context_lines,
         caseInsensitive: case_insensitive,

package/dist/path-validator.cjs

@@ -32,7 +32,7 @@ __export(path_validator_exports, {
 });
 module.exports = __toCommonJS(path_validator_exports);
 var path = __toESM(require("node:path"), 1);
-var import_node_fs = require("node:fs");
+var fs = __toESM(require("node:fs/promises"), 1);
 class PathValidator {
   config;
   normalizedAllowedPaths;
@@ -67,7 +67,7 @@ class PathValidator {
   /**
    * Validate a file path for security and policy compliance
    */
-  validatePath(filePath) {
+  async validatePath(filePath) {
     if (!filePath || filePath.trim() === "") {
       return {
         isValid: false,
@@ -79,7 +79,7 @@ class PathValidator {
     try {
       normalizedPath = path.isAbsolute(filePath) ? path.resolve(filePath) : path.resolve(workingDir, filePath);
       try {
-        normalizedPath = import_node_fs.realpathSync.native(normalizedPath);
+        normalizedPath = await fs.realpath(normalizedPath);
       } catch {
       }
     } catch (error) {
@@ -135,22 +135,10 @@ class PathValidator {
   /**
    * Check if path is within allowed paths (whitelist check)
    * Also consults the directory approval checker if configured.
+   * Uses the sync version since the path is already normalized at this point.
    */
   isPathAllowed(normalizedPath) {
-    if (this.normalizedAllowedPaths.length === 0) {
-      return true;
-    }
-    const isInConfigPaths = this.normalizedAllowedPaths.some((allowedPath) => {
-      const relative = path.relative(allowedPath, normalizedPath);
-      return !relative.startsWith("..") && !path.isAbsolute(relative);
-    });
-    if (isInConfigPaths) {
-      return true;
-    }
-    if (this.directoryApprovalChecker) {
-      return this.directoryApprovalChecker(normalizedPath);
-    }
-    return false;
+    return this.isPathAllowedSync(normalizedPath);
   }
   /**
    * Check if path matches blocked patterns (blacklist check)
@@ -169,9 +157,30 @@ class PathValidator {
   }
   /**
    * Quick check if a path is allowed (for internal use)
+   * Note: This assumes the path is already normalized/canonicalized
    */
   isPathAllowedQuick(normalizedPath) {
-    return this.isPathAllowed(normalizedPath) && !this.isPathBlocked(normalizedPath);
+    return this.isPathAllowedSync(normalizedPath) && !this.isPathBlocked(normalizedPath);
+  }
+  /**
+   * Synchronous path allowed check (for already-normalized paths)
+   * This is used internally when we already have a canonicalized path
+   */
+  isPathAllowedSync(normalizedPath) {
+    if (this.normalizedAllowedPaths.length === 0) {
+      return true;
+    }
+    const isInConfigPaths = this.normalizedAllowedPaths.some((allowedPath) => {
+      const relative = path.relative(allowedPath, normalizedPath);
+      return !relative.startsWith("..") && !path.isAbsolute(relative);
+    });
+    if (isInConfigPaths) {
+      return true;
+    }
+    if (this.directoryApprovalChecker) {
+      return this.directoryApprovalChecker(normalizedPath);
+    }
+    return false;
   }
   /**
    * Check if a file path is within the configured allowed paths (from config only).
@@ -183,7 +192,7 @@ class PathValidator {
    * @param filePath The file path to check (can be relative or absolute)
    * @returns true if the path is within config-allowed paths, false otherwise
    */
-  isPathWithinAllowed(filePath) {
+  async isPathWithinAllowed(filePath) {
     if (!filePath || filePath.trim() === "") {
       return false;
     }
@@ -192,7 +201,7 @@ class PathValidator {
     try {
       normalizedPath = path.isAbsolute(filePath) ? path.resolve(filePath) : path.resolve(workingDir, filePath);
       try {
-        normalizedPath = import_node_fs.realpathSync.native(normalizedPath);
+        normalizedPath = await fs.realpath(normalizedPath);
       } catch {
       }
     } catch {

package/dist/path-validator.d.cts

@@ -43,7 +43,7 @@ declare class PathValidator {
     /**
      * Validate a file path for security and policy compliance
      */
-    validatePath(filePath: string): PathValidation;
+    validatePath(filePath: string): Promise<PathValidation>;
     /**
      * Check if path contains traversal attempts
      */
@@ -51,6 +51,7 @@ declare class PathValidator {
     /**
      * Check if path is within allowed paths (whitelist check)
      * Also consults the directory approval checker if configured.
+     * Uses the sync version since the path is already normalized at this point.
      */
     private isPathAllowed;
     /**
@@ -59,8 +60,14 @@ declare class PathValidator {
     private isPathBlocked;
     /**
      * Quick check if a path is allowed (for internal use)
+     * Note: This assumes the path is already normalized/canonicalized
      */
     isPathAllowedQuick(normalizedPath: string): boolean;
+    /**
+     * Synchronous path allowed check (for already-normalized paths)
+     * This is used internally when we already have a canonicalized path
+     */
+    private isPathAllowedSync;
     /**
      * Check if a file path is within the configured allowed paths (from config only).
      * This method does NOT consult ApprovalManager - it only checks the static config paths.
@@ -71,7 +78,7 @@ declare class PathValidator {
      * @param filePath The file path to check (can be relative or absolute)
      * @returns true if the path is within config-allowed paths, false otherwise
      */
-    isPathWithinAllowed(filePath: string): boolean;
+    isPathWithinAllowed(filePath: string): Promise<boolean>;
     /**
      * Check if path is within config-allowed paths only (no approval checker).
      * Used for prompting decisions.

package/dist/path-validator.d.ts

@@ -43,7 +43,7 @@ declare class PathValidator {
     /**
      * Validate a file path for security and policy compliance
      */
-    validatePath(filePath: string): PathValidation;
+    validatePath(filePath: string): Promise<PathValidation>;
     /**
      * Check if path contains traversal attempts
      */
@@ -51,6 +51,7 @@ declare class PathValidator {
     /**
      * Check if path is within allowed paths (whitelist check)
      * Also consults the directory approval checker if configured.
+     * Uses the sync version since the path is already normalized at this point.
      */
     private isPathAllowed;
     /**
@@ -59,8 +60,14 @@ declare class PathValidator {
     private isPathBlocked;
     /**
      * Quick check if a path is allowed (for internal use)
+     * Note: This assumes the path is already normalized/canonicalized
      */
     isPathAllowedQuick(normalizedPath: string): boolean;
+    /**
+     * Synchronous path allowed check (for already-normalized paths)
+     * This is used internally when we already have a canonicalized path
+     */
+    private isPathAllowedSync;
     /**
      * Check if a file path is within the configured allowed paths (from config only).
      * This method does NOT consult ApprovalManager - it only checks the static config paths.
@@ -71,7 +78,7 @@ declare class PathValidator {
      * @param filePath The file path to check (can be relative or absolute)
      * @returns true if the path is within config-allowed paths, false otherwise
      */
-    isPathWithinAllowed(filePath: string): boolean;
+    isPathWithinAllowed(filePath: string): Promise<boolean>;
     /**
      * Check if path is within config-allowed paths only (no approval checker).
      * Used for prompting decisions.

package/dist/path-validator.js

@@ -1,5 +1,5 @@
 import * as path from "node:path";
-import { realpathSync } from "node:fs";
+import * as fs from "node:fs/promises";
 class PathValidator {
   config;
   normalizedAllowedPaths;
@@ -34,7 +34,7 @@ class PathValidator {
   /**
    * Validate a file path for security and policy compliance
    */
-  validatePath(filePath) {
+  async validatePath(filePath) {
     if (!filePath || filePath.trim() === "") {
       return {
         isValid: false,
@@ -46,7 +46,7 @@ class PathValidator {
     try {
       normalizedPath = path.isAbsolute(filePath) ? path.resolve(filePath) : path.resolve(workingDir, filePath);
       try {
-        normalizedPath = realpathSync.native(normalizedPath);
+        normalizedPath = await fs.realpath(normalizedPath);
       } catch {
       }
     } catch (error) {
@@ -102,22 +102,10 @@ class PathValidator {
   /**
    * Check if path is within allowed paths (whitelist check)
    * Also consults the directory approval checker if configured.
+   * Uses the sync version since the path is already normalized at this point.
    */
   isPathAllowed(normalizedPath) {
-    if (this.normalizedAllowedPaths.length === 0) {
-      return true;
-    }
-    const isInConfigPaths = this.normalizedAllowedPaths.some((allowedPath) => {
-      const relative = path.relative(allowedPath, normalizedPath);
-      return !relative.startsWith("..") && !path.isAbsolute(relative);
-    });
-    if (isInConfigPaths) {
-      return true;
-    }
-    if (this.directoryApprovalChecker) {
-      return this.directoryApprovalChecker(normalizedPath);
-    }
-    return false;
+    return this.isPathAllowedSync(normalizedPath);
   }
   /**
    * Check if path matches blocked patterns (blacklist check)
@@ -136,9 +124,30 @@ class PathValidator {
   }
   /**
    * Quick check if a path is allowed (for internal use)
+   * Note: This assumes the path is already normalized/canonicalized
    */
   isPathAllowedQuick(normalizedPath) {
-    return this.isPathAllowed(normalizedPath) && !this.isPathBlocked(normalizedPath);
+    return this.isPathAllowedSync(normalizedPath) && !this.isPathBlocked(normalizedPath);
+  }
+  /**
+   * Synchronous path allowed check (for already-normalized paths)
+   * This is used internally when we already have a canonicalized path
+   */
+  isPathAllowedSync(normalizedPath) {
+    if (this.normalizedAllowedPaths.length === 0) {
+      return true;
+    }
+    const isInConfigPaths = this.normalizedAllowedPaths.some((allowedPath) => {
+      const relative = path.relative(allowedPath, normalizedPath);
+      return !relative.startsWith("..") && !path.isAbsolute(relative);
+    });
+    if (isInConfigPaths) {
+      return true;
+    }
+    if (this.directoryApprovalChecker) {
+      return this.directoryApprovalChecker(normalizedPath);
+    }
+    return false;
   }
   /**
    * Check if a file path is within the configured allowed paths (from config only).
@@ -150,7 +159,7 @@ class PathValidator {
    * @param filePath The file path to check (can be relative or absolute)
    * @returns true if the path is within config-allowed paths, false otherwise
    */
-  isPathWithinAllowed(filePath) {
+  async isPathWithinAllowed(filePath) {
     if (!filePath || filePath.trim() === "") {
       return false;
     }
@@ -159,7 +168,7 @@ class PathValidator {
     try {
       normalizedPath = path.isAbsolute(filePath) ? path.resolve(filePath) : path.resolve(workingDir, filePath);
       try {
-        normalizedPath = realpathSync.native(normalizedPath);
+        normalizedPath = await fs.realpath(normalizedPath);
       } catch {
       }
     } catch {