@dexto/tools-filesystem 1.5.8 → 1.6.1

package/dist/index.d.ts

@@ -1,14 +1,20 @@
-export { fileSystemToolsProvider } from './tool-provider.js';
-export { DirectoryApprovalCallbacks, FileToolOptions } from './file-tool-types.js';
+/**
+ * @dexto/tools-filesystem
+ *
+ * FileSystem tools factory for Dexto agents.
+ * Provides file operation tools: read, write, edit, glob, grep.
+ */
+export { fileSystemToolsFactory } from './tool-factory.js';
+export type { FileSystemServiceGetter } from './file-tool-types.js';
+export { FileSystemToolsConfigSchema, type FileSystemToolsConfig } from './tool-factory-config.js';
 export { FileSystemService } from './filesystem-service.js';
 export { PathValidator } from './path-validator.js';
 export { FileSystemError } from './errors.js';
 export { FileSystemErrorCode } from './error-codes.js';
-export { BufferEncoding, EditFileOptions, EditOperation, EditResult, FileContent, FileMetadata, FileSystemConfig, GlobOptions, GlobResult, GrepOptions, PathValidation, ReadFileOptions, SearchMatch, SearchResult, WriteFileOptions, WriteResult } from './types.js';
+export type { FileSystemConfig, FileContent, ReadFileOptions, GlobOptions, GlobResult, GrepOptions, SearchResult, SearchMatch, WriteFileOptions, WriteResult, EditFileOptions, EditResult, EditOperation, FileMetadata, DirectoryEntry, ListDirectoryOptions, ListDirectoryResult, CreateDirectoryOptions, CreateDirectoryResult, DeletePathOptions, DeletePathResult, RenamePathResult, PathValidation, BufferEncoding, } from './types.js';
 export { createReadFileTool } from './read-file-tool.js';
 export { createWriteFileTool } from './write-file-tool.js';
 export { createEditFileTool } from './edit-file-tool.js';
 export { createGlobFilesTool } from './glob-files-tool.js';
 export { createGrepContentTool } from './grep-content-tool.js';
-import 'zod';
-import '@dexto/core';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAC3D,YAAY,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AACpE,OAAO,EAAE,2BAA2B,EAAE,KAAK,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AAGnG,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAGvD,YAAY,EACR,gBAAgB,EAChB,WAAW,EACX,eAAe,EACf,WAAW,EACX,UAAU,EACV,WAAW,EACX,YAAY,EACZ,WAAW,EACX,gBAAgB,EAChB,WAAW,EACX,eAAe,EACf,UAAU,EACV,aAAa,EACb,YAAY,EACZ,cAAc,EACd,oBAAoB,EACpB,mBAAmB,EACnB,sBAAsB,EACtB,qBAAqB,EACrB,iBAAiB,EACjB,gBAAgB,EAChB,gBAAgB,EAChB,cAAc,EACd,cAAc,GACjB,MAAM,YAAY,CAAC;AAGpB,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AACzD,OAAO,EAAE,mBAAmB,EAAE,MAAM,sBAAsB,CAAC;AAC3D,OAAO,EAAE,qBAAqB,EAAE,MAAM,wBAAwB,CAAC"}

package/dist/index.js

@@ -1,4 +1,5 @@
-import { fileSystemToolsProvider } from "./tool-provider.js";
+import { fileSystemToolsFactory } from "./tool-factory.js";
+import { FileSystemToolsConfigSchema } from "./tool-factory-config.js";
 import { FileSystemService } from "./filesystem-service.js";
 import { PathValidator } from "./path-validator.js";
 import { FileSystemError } from "./errors.js";
@@ -12,11 +13,12 @@ export {
   FileSystemError,
   FileSystemErrorCode,
   FileSystemService,
+  FileSystemToolsConfigSchema,
   PathValidator,
   createEditFileTool,
   createGlobFilesTool,
   createGrepContentTool,
   createReadFileTool,
   createWriteFileTool,
-  fileSystemToolsProvider
+  fileSystemToolsFactory
 };

package/dist/path-validator.cjs

@@ -68,6 +68,24 @@ class PathValidator {
    * Validate a file path for security and policy compliance
    */
   async validatePath(filePath) {
+    return this.validatePathInternal(filePath, { skipAllowedCheck: false });
+  }
+  /**
+   * Validate a file path for preview purposes.
+   *
+   * This is identical to {@link validatePath} except it does NOT enforce config-allowed roots.
+   * It still enforces:
+   * - traversal protection
+   * - blocked paths (absolute blocked paths only; relative blocked paths are resolved against
+   *   config-allowed roots and may not match paths outside those roots)
+   * - blocked extensions
+   *
+   * Used for generating UI-only previews (e.g., diffs) before the user approves directory access.
+   */
+  async validatePathForPreview(filePath) {
+    return this.validatePathInternal(filePath, { skipAllowedCheck: true });
+  }
+  async validatePathInternal(filePath, options) {
     if (!filePath || filePath.trim() === "") {
       return {
         isValid: false,
@@ -75,9 +93,11 @@ class PathValidator {
       };
     }
     const workingDir = this.config.workingDirectory || process.cwd();
+    let resolvedPath;
     let normalizedPath;
     try {
-      normalizedPath = path.isAbsolute(filePath) ? path.resolve(filePath) : path.resolve(workingDir, filePath);
+      resolvedPath = path.isAbsolute(filePath) ? path.resolve(filePath) : path.resolve(workingDir, filePath);
+      normalizedPath = resolvedPath;
       try {
         normalizedPath = await fs.realpath(normalizedPath);
       } catch {
@@ -94,7 +114,13 @@ class PathValidator {
         error: "Path traversal detected"
       };
     }
-    if (!this.isPathAllowed(normalizedPath)) {
+    if (options.skipAllowedCheck && this.isInConfigAllowedPaths(resolvedPath) && !this.isInConfigAllowedPaths(normalizedPath)) {
+      return {
+        isValid: false,
+        error: "Symlink target escapes allowed paths"
+      };
+    }
+    if (!options.skipAllowedCheck && !this.isPathAllowed(normalizedPath)) {
       return {
         isValid: false,
         error: `Path is not within allowed paths. Allowed: ${this.normalizedAllowedPaths.join(", ")}`

package/dist/path-validator.d.ts

@@ -1,17 +1,15 @@
-import { FileSystemConfig, PathValidation } from './types.js';
-import { IDextoLogger } from '@dexto/core';
-
 /**
  * Path Validator
  *
  * Security-focused path validation for file system operations
  */
-
+import { FileSystemConfig, PathValidation } from './types.js';
+import type { Logger } from '@dexto/core';
 /**
  * Callback type for checking if a path is in an approved directory.
  * Used to consult ApprovalManager without creating a direct dependency.
  */
-type DirectoryApprovalChecker = (filePath: string) => boolean;
+export type DirectoryApprovalChecker = (filePath: string) => boolean;
 /**
  * PathValidator - Validates file paths for security and policy compliance
  *
@@ -25,14 +23,14 @@ type DirectoryApprovalChecker = (filePath: string) => boolean;
  * PathValidator can optionally consult an external approval checker (e.g., ApprovalManager)
  * to determine if paths outside the config's allowed paths are accessible.
  */
-declare class PathValidator {
+export declare class PathValidator {
     private config;
     private normalizedAllowedPaths;
     private normalizedBlockedPaths;
     private normalizedBlockedExtensions;
     private logger;
     private directoryApprovalChecker;
-    constructor(config: FileSystemConfig, logger: IDextoLogger);
+    constructor(config: FileSystemConfig, logger: Logger);
     /**
      * Set a callback to check if a path is in an approved directory.
      * This allows PathValidator to consult ApprovalManager without a direct dependency.
@@ -44,6 +42,20 @@ declare class PathValidator {
      * Validate a file path for security and policy compliance
      */
     validatePath(filePath: string): Promise<PathValidation>;
+    /**
+     * Validate a file path for preview purposes.
+     *
+     * This is identical to {@link validatePath} except it does NOT enforce config-allowed roots.
+     * It still enforces:
+     * - traversal protection
+     * - blocked paths (absolute blocked paths only; relative blocked paths are resolved against
+     *   config-allowed roots and may not match paths outside those roots)
+     * - blocked extensions
+     *
+     * Used for generating UI-only previews (e.g., diffs) before the user approves directory access.
+     */
+    validatePathForPreview(filePath: string): Promise<PathValidation>;
+    private validatePathInternal;
     /**
      * Check if path contains traversal attempts
      */
@@ -93,5 +105,4 @@ declare class PathValidator {
      */
     getBlockedPaths(): string[];
 }
-
-export { type DirectoryApprovalChecker, PathValidator };
+//# sourceMappingURL=path-validator.d.ts.map

package/dist/path-validator.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"path-validator.d.ts","sourceRoot":"","sources":["../src/path-validator.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAIH,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAC9D,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAE1C;;;GAGG;AACH,MAAM,MAAM,wBAAwB,GAAG,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC;AAErE;;;;;;;;;;;;GAYG;AACH,qBAAa,aAAa;IACtB,OAAO,CAAC,MAAM,CAAmB;IACjC,OAAO,CAAC,sBAAsB,CAAW;IACzC,OAAO,CAAC,sBAAsB,CAAW;IACzC,OAAO,CAAC,2BAA2B,CAAW;IAC9C,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,wBAAwB,CAAuC;gBAE3D,MAAM,EAAE,gBAAgB,EAAE,MAAM,EAAE,MAAM;IAsBpD;;;;;OAKG;IACH,2BAA2B,CAAC,OAAO,EAAE,wBAAwB,GAAG,IAAI;IAKpE;;OAEG;IACG,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAI7D;;;;;;;;;;;OAWG;IACG,sBAAsB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;YAIzD,oBAAoB;IAyFlC;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAaxB;;;;OAIG;IACH,OAAO,CAAC,aAAa;IAIrB;;OAEG;IACH,OAAO,CAAC,aAAa;IAyBrB;;;OAGG;IACH,kBAAkB,CAAC,cAAc,EAAE,MAAM,GAAG,OAAO;IAInD;;;OAGG;IACH,OAAO,CAAC,iBAAiB;IAyBzB;;;;;;;;;OASG;IACG,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IA8B7D;;;OAGG;IACH,OAAO,CAAC,sBAAsB;IAY9B;;OAEG;IACH,eAAe,IAAI,MAAM,EAAE;IAI3B;;OAEG;IACH,eAAe,IAAI,MAAM,EAAE;CAG9B"}

package/dist/path-validator.js

@@ -35,6 +35,24 @@ class PathValidator {
    * Validate a file path for security and policy compliance
    */
   async validatePath(filePath) {
+    return this.validatePathInternal(filePath, { skipAllowedCheck: false });
+  }
+  /**
+   * Validate a file path for preview purposes.
+   *
+   * This is identical to {@link validatePath} except it does NOT enforce config-allowed roots.
+   * It still enforces:
+   * - traversal protection
+   * - blocked paths (absolute blocked paths only; relative blocked paths are resolved against
+   *   config-allowed roots and may not match paths outside those roots)
+   * - blocked extensions
+   *
+   * Used for generating UI-only previews (e.g., diffs) before the user approves directory access.
+   */
+  async validatePathForPreview(filePath) {
+    return this.validatePathInternal(filePath, { skipAllowedCheck: true });
+  }
+  async validatePathInternal(filePath, options) {
     if (!filePath || filePath.trim() === "") {
       return {
         isValid: false,
@@ -42,9 +60,11 @@ class PathValidator {
       };
     }
     const workingDir = this.config.workingDirectory || process.cwd();
+    let resolvedPath;
     let normalizedPath;
     try {
-      normalizedPath = path.isAbsolute(filePath) ? path.resolve(filePath) : path.resolve(workingDir, filePath);
+      resolvedPath = path.isAbsolute(filePath) ? path.resolve(filePath) : path.resolve(workingDir, filePath);
+      normalizedPath = resolvedPath;
       try {
         normalizedPath = await fs.realpath(normalizedPath);
       } catch {
@@ -61,7 +81,13 @@ class PathValidator {
         error: "Path traversal detected"
       };
     }
-    if (!this.isPathAllowed(normalizedPath)) {
+    if (options.skipAllowedCheck && this.isInConfigAllowedPaths(resolvedPath) && !this.isInConfigAllowedPaths(normalizedPath)) {
+      return {
+        isValid: false,
+        error: "Symlink target escapes allowed paths"
+      };
+    }
+    if (!options.skipAllowedCheck && !this.isPathAllowed(normalizedPath)) {
       return {
         isValid: false,
         error: `Path is not within allowed paths. Allowed: ${this.normalizedAllowedPaths.join(", ")}`

package/dist/path-validator.test.d.ts

@@ -1,2 +1,7 @@
-
-export {  }
+/**
+ * PathValidator Unit Tests
+ *
+ * Tests for path validation, security checks, and allowed path logic.
+ */
+export {};
+//# sourceMappingURL=path-validator.test.d.ts.map

package/dist/path-validator.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"path-validator.test.d.ts","sourceRoot":"","sources":["../src/path-validator.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}

package/dist/read-file-tool.cjs

@@ -1,9 +1,7 @@
 "use strict";
-var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -17,84 +15,53 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
-  // If the importer is in node compatibility mode or this is not an ESM
-  // file that has been converted to a CommonJS file using a Babel-
-  // compatible transform (i.e. "__esModule" has not been set), then set
-  // "default" to the CommonJS "module.exports" for node compatibility.
-  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-  mod
-));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 var read_file_tool_exports = {};
 __export(read_file_tool_exports, {
   createReadFileTool: () => createReadFileTool
 });
 module.exports = __toCommonJS(read_file_tool_exports);
-var path = __toESM(require("node:path"), 1);
 var import_zod = require("zod");
 var import_core = require("@dexto/core");
+var import_directory_approval = require("./directory-approval.js");
 const ReadFileInputSchema = import_zod.z.object({
-  file_path: import_zod.z.string().describe("Absolute path to the file to read"),
+  file_path: import_zod.z.string().min(1).describe("Absolute path to the file to read"),
   limit: import_zod.z.number().int().positive().optional().describe("Maximum number of lines to read (optional)"),
   offset: import_zod.z.number().int().min(1).optional().describe("Starting line number (1-based, optional)")
 }).strict();
-function createReadFileTool(options) {
-  const { fileSystemService, directoryApproval } = options;
-  let pendingApprovalParentDir;
-  return {
+function createReadFileTool(getFileSystemService) {
+  return (0, import_core.defineTool)({
     id: "read_file",
+    aliases: ["read"],
     description: "Read the contents of a file with optional pagination. Returns file content, line count, encoding, and whether the output was truncated. Use limit and offset parameters for large files to read specific sections. This tool is for reading files within allowed paths only.",
     inputSchema: ReadFileInputSchema,
-    /**
-     * Check if this read operation needs directory access approval.
-     * Returns custom approval request if the file is outside allowed paths.
-     */
-    getApprovalOverride: async (args) => {
-      const { file_path } = args;
-      if (!file_path) return null;
-      const isAllowed = await fileSystemService.isPathWithinConfigAllowed(file_path);
-      if (isAllowed) {
-        return null;
-      }
-      if (directoryApproval?.isSessionApproved(file_path)) {
-        return null;
-      }
-      const absolutePath = path.resolve(file_path);
-      const parentDir = path.dirname(absolutePath);
-      pendingApprovalParentDir = parentDir;
-      return {
-        type: import_core.ApprovalType.DIRECTORY_ACCESS,
-        metadata: {
-          path: absolutePath,
-          parentDir,
-          operation: "read",
-          toolName: "read_file"
-        }
-      };
+    presentation: {
+      describeHeader: (input) => (0, import_core.createLocalToolCallHeader)({
+        title: "Read",
+        argsText: (0, import_core.truncateForHeader)(input.file_path, 140)
+      })
     },
-    /**
-     * Handle approved directory access - remember the directory for session
-     */
-    onApprovalGranted: (response) => {
-      if (!directoryApproval || !pendingApprovalParentDir) return;
-      const data = response.data;
-      const rememberDirectory = data?.rememberDirectory ?? false;
-      directoryApproval.addApproved(
-        pendingApprovalParentDir,
-        rememberDirectory ? "session" : "once"
-      );
-      pendingApprovalParentDir = void 0;
-    },
-    execute: async (input, _context) => {
+    ...(0, import_directory_approval.createDirectoryAccessApprovalHandlers)({
+      toolName: "read_file",
+      operation: "read",
+      inputSchema: ReadFileInputSchema,
+      getFileSystemService,
+      resolvePaths: (input, fileSystemService) => (0, import_directory_approval.resolveFilePath)(fileSystemService.getWorkingDirectory(), input.file_path)
+    }),
+    async execute(input, context) {
+      const resolvedFileSystemService = await getFileSystemService(context);
       const { file_path, limit, offset } = input;
-      const result = await fileSystemService.readFile(file_path, {
+      const { path: resolvedPath } = (0, import_directory_approval.resolveFilePath)(
+        resolvedFileSystemService.getWorkingDirectory(),
+        file_path
+      );
+      const result = await resolvedFileSystemService.readFile(resolvedPath, {
         limit,
         offset
       });
       const _display = {
         type: "file",
-        path: file_path,
+        path: resolvedPath,
         operation: "read",
         size: result.size,
         lineCount: result.lines
@@ -109,7 +76,7 @@ function createReadFileTool(options) {
         _display
       };
     }
-  };
+  });
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {

package/dist/read-file-tool.d.ts

@@ -1,17 +1,27 @@
-import { InternalTool } from '@dexto/core';
-import { FileToolOptions } from './file-tool-types.js';
-import './filesystem-service.js';
-import './types.js';
-
 /**
  * Read File Tool
  *
  * Internal tool for reading file contents with size limits and pagination
  */
-
+import { z } from 'zod';
+import type { Tool } from '@dexto/core';
+import type { FileSystemServiceGetter } from './file-tool-types.js';
+declare const ReadFileInputSchema: z.ZodObject<{
+    file_path: z.ZodString;
+    limit: z.ZodOptional<z.ZodNumber>;
+    offset: z.ZodOptional<z.ZodNumber>;
+}, "strict", z.ZodTypeAny, {
+    file_path: string;
+    limit?: number | undefined;
+    offset?: number | undefined;
+}, {
+    file_path: string;
+    limit?: number | undefined;
+    offset?: number | undefined;
+}>;
 /**
  * Create the read_file internal tool with directory approval support
  */
-declare function createReadFileTool(options: FileToolOptions): InternalTool;
-
-export { createReadFileTool };
+export declare function createReadFileTool(getFileSystemService: FileSystemServiceGetter): Tool<typeof ReadFileInputSchema>;
+export {};
+//# sourceMappingURL=read-file-tool.d.ts.map

package/dist/read-file-tool.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"read-file-tool.d.ts","sourceRoot":"","sources":["../src/read-file-tool.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,KAAK,EAAmB,IAAI,EAAwB,MAAM,aAAa,CAAC;AAC/E,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAC;AAGpE,QAAA,MAAM,mBAAmB;;;;;;;;;;;;EAgBZ,CAAC;AAEd;;GAEG;AACH,wBAAgB,kBAAkB,CAC9B,oBAAoB,EAAE,uBAAuB,GAC9C,IAAI,CAAC,OAAO,mBAAmB,CAAC,CA6DlC"}

package/dist/read-file-tool.js

@@ -1,67 +1,44 @@
-import * as path from "node:path";
 import { z } from "zod";
-import { ApprovalType } from "@dexto/core";
+import { createLocalToolCallHeader, defineTool, truncateForHeader } from "@dexto/core";
+import { createDirectoryAccessApprovalHandlers, resolveFilePath } from "./directory-approval.js";
 const ReadFileInputSchema = z.object({
-  file_path: z.string().describe("Absolute path to the file to read"),
+  file_path: z.string().min(1).describe("Absolute path to the file to read"),
   limit: z.number().int().positive().optional().describe("Maximum number of lines to read (optional)"),
   offset: z.number().int().min(1).optional().describe("Starting line number (1-based, optional)")
 }).strict();
-function createReadFileTool(options) {
-  const { fileSystemService, directoryApproval } = options;
-  let pendingApprovalParentDir;
-  return {
+function createReadFileTool(getFileSystemService) {
+  return defineTool({
     id: "read_file",
+    aliases: ["read"],
     description: "Read the contents of a file with optional pagination. Returns file content, line count, encoding, and whether the output was truncated. Use limit and offset parameters for large files to read specific sections. This tool is for reading files within allowed paths only.",
     inputSchema: ReadFileInputSchema,
-    /**
-     * Check if this read operation needs directory access approval.
-     * Returns custom approval request if the file is outside allowed paths.
-     */
-    getApprovalOverride: async (args) => {
-      const { file_path } = args;
-      if (!file_path) return null;
-      const isAllowed = await fileSystemService.isPathWithinConfigAllowed(file_path);
-      if (isAllowed) {
-        return null;
-      }
-      if (directoryApproval?.isSessionApproved(file_path)) {
-        return null;
-      }
-      const absolutePath = path.resolve(file_path);
-      const parentDir = path.dirname(absolutePath);
-      pendingApprovalParentDir = parentDir;
-      return {
-        type: ApprovalType.DIRECTORY_ACCESS,
-        metadata: {
-          path: absolutePath,
-          parentDir,
-          operation: "read",
-          toolName: "read_file"
-        }
-      };
+    presentation: {
+      describeHeader: (input) => createLocalToolCallHeader({
+        title: "Read",
+        argsText: truncateForHeader(input.file_path, 140)
+      })
     },
-    /**
-     * Handle approved directory access - remember the directory for session
-     */
-    onApprovalGranted: (response) => {
-      if (!directoryApproval || !pendingApprovalParentDir) return;
-      const data = response.data;
-      const rememberDirectory = data?.rememberDirectory ?? false;
-      directoryApproval.addApproved(
-        pendingApprovalParentDir,
-        rememberDirectory ? "session" : "once"
-      );
-      pendingApprovalParentDir = void 0;
-    },
-    execute: async (input, _context) => {
+    ...createDirectoryAccessApprovalHandlers({
+      toolName: "read_file",
+      operation: "read",
+      inputSchema: ReadFileInputSchema,
+      getFileSystemService,
+      resolvePaths: (input, fileSystemService) => resolveFilePath(fileSystemService.getWorkingDirectory(), input.file_path)
+    }),
+    async execute(input, context) {
+      const resolvedFileSystemService = await getFileSystemService(context);
       const { file_path, limit, offset } = input;
-      const result = await fileSystemService.readFile(file_path, {
+      const { path: resolvedPath } = resolveFilePath(
+        resolvedFileSystemService.getWorkingDirectory(),
+        file_path
+      );
+      const result = await resolvedFileSystemService.readFile(resolvedPath, {
         limit,
         offset
       });
       const _display = {
         type: "file",
-        path: file_path,
+        path: resolvedPath,
         operation: "read",
         size: result.size,
         lineCount: result.lines
@@ -76,7 +53,7 @@ function createReadFileTool(options) {
         _display
       };
     }
-  };
+  });
 }
 export {
   createReadFileTool

package/dist/tool-factory-config.cjs

@@ -0,0 +1,61 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var tool_factory_config_exports = {};
+__export(tool_factory_config_exports, {
+  FILESYSTEM_TOOL_NAMES: () => FILESYSTEM_TOOL_NAMES,
+  FileSystemToolsConfigSchema: () => FileSystemToolsConfigSchema
+});
+module.exports = __toCommonJS(tool_factory_config_exports);
+var import_zod = require("zod");
+const DEFAULT_ALLOWED_PATHS = ["."];
+const DEFAULT_BLOCKED_PATHS = [".git", "node_modules/.bin", ".env"];
+const DEFAULT_BLOCKED_EXTENSIONS = [".exe", ".dll", ".so"];
+const DEFAULT_MAX_FILE_SIZE = 10 * 1024 * 1024;
+const DEFAULT_ENABLE_BACKUPS = false;
+const DEFAULT_BACKUP_RETENTION_DAYS = 7;
+const FILESYSTEM_TOOL_NAMES = [
+  "read_file",
+  "write_file",
+  "edit_file",
+  "glob_files",
+  "grep_content"
+];
+const FileSystemToolsConfigSchema = import_zod.z.object({
+  type: import_zod.z.literal("filesystem-tools"),
+  allowedPaths: import_zod.z.array(import_zod.z.string()).default(DEFAULT_ALLOWED_PATHS).describe("List of allowed base paths for file operations"),
+  blockedPaths: import_zod.z.array(import_zod.z.string()).default(DEFAULT_BLOCKED_PATHS).describe("List of blocked paths to exclude from operations"),
+  blockedExtensions: import_zod.z.array(import_zod.z.string()).default(DEFAULT_BLOCKED_EXTENSIONS).describe("List of blocked file extensions"),
+  maxFileSize: import_zod.z.number().int().positive().default(DEFAULT_MAX_FILE_SIZE).describe(
+    `Maximum file size in bytes (default: ${DEFAULT_MAX_FILE_SIZE / 1024 / 1024}MB)`
+  ),
+  workingDirectory: import_zod.z.string().optional().describe("Working directory for file operations (defaults to process.cwd())"),
+  enableBackups: import_zod.z.boolean().default(DEFAULT_ENABLE_BACKUPS).describe("Enable automatic backups of modified files"),
+  backupPath: import_zod.z.string().optional().describe("Absolute path for storing file backups (if enableBackups is true)"),
+  backupRetentionDays: import_zod.z.number().int().positive().default(DEFAULT_BACKUP_RETENTION_DAYS).describe(
+    `Number of days to retain backup files (default: ${DEFAULT_BACKUP_RETENTION_DAYS})`
+  ),
+  enabledTools: import_zod.z.array(import_zod.z.enum(FILESYSTEM_TOOL_NAMES)).optional().describe(
+    `Subset of tools to enable. If not specified, all tools are enabled. Available: ${FILESYSTEM_TOOL_NAMES.join(", ")}`
+  )
+}).strict();
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  FILESYSTEM_TOOL_NAMES,
+  FileSystemToolsConfigSchema
+});

package/dist/{tool-provider.d.ts → tool-factory-config.d.ts}

@@ -1,19 +1,17 @@
-import { z } from 'zod';
-import { CustomToolProvider } from '@dexto/core';
-export { FileToolOptions } from './file-tool-types.js';
-import './filesystem-service.js';
-import './types.js';
-
 /**
- * FileSystem Tools Provider
+ * FileSystem Tools Factory
  *
  * Provides file operation tools by wrapping FileSystemService.
- * When registered, the provider initializes FileSystemService and creates tools
+ * When registered, the factory initializes FileSystemService and creates tools
  * for file operations (read, write, edit, glob, grep).
  */
-
+import { z } from 'zod';
+/**
+ * Available filesystem tool names for enabledTools configuration.
+ */
+export declare const FILESYSTEM_TOOL_NAMES: readonly ["read_file", "write_file", "edit_file", "glob_files", "grep_content"];
 /**
- * Configuration schema for FileSystem tools provider.
+ * Configuration schema for FileSystem tools factory.
  *
  * This is the SINGLE SOURCE OF TRUTH for all configuration:
  * - Validation rules
@@ -24,7 +22,7 @@ import './types.js';
  * Services receive fully-validated config from this schema and use it as-is,
  * with no additional defaults or fallbacks needed.
  */
-declare const FileSystemToolsConfigSchema: z.ZodObject<{
+export declare const FileSystemToolsConfigSchema: z.ZodObject<{
     type: z.ZodLiteral<"filesystem-tools">;
     allowedPaths: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
     blockedPaths: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
@@ -45,7 +43,7 @@ declare const FileSystemToolsConfigSchema: z.ZodObject<{
     type: "filesystem-tools";
     backupPath?: string | undefined;
     workingDirectory?: string | undefined;
-    enabledTools?: ("edit_file" | "glob_files" | "grep_content" | "read_file" | "write_file")[] | undefined;
+    enabledTools?: ("read_file" | "write_file" | "edit_file" | "glob_files" | "grep_content")[] | undefined;
 }, {
     type: "filesystem-tools";
     allowedPaths?: string[] | undefined;
@@ -56,22 +54,7 @@ declare const FileSystemToolsConfigSchema: z.ZodObject<{
     enableBackups?: boolean | undefined;
     backupRetentionDays?: number | undefined;
     workingDirectory?: string | undefined;
-    enabledTools?: ("edit_file" | "glob_files" | "grep_content" | "read_file" | "write_file")[] | undefined;
+    enabledTools?: ("read_file" | "write_file" | "edit_file" | "glob_files" | "grep_content")[] | undefined;
 }>;
-type FileSystemToolsConfig = z.output<typeof FileSystemToolsConfigSchema>;
-/**
- * FileSystem tools provider.
- *
- * Wraps FileSystemService and provides file operation tools:
- * - read_file: Read file contents with pagination
- * - write_file: Write or overwrite file contents
- * - edit_file: Edit files using search/replace operations
- * - glob_files: Find files matching glob patterns
- * - grep_content: Search file contents using regex
- *
- * When registered via customToolRegistry, FileSystemService is automatically
- * initialized and file operation tools become available to the agent.
- */
-declare const fileSystemToolsProvider: CustomToolProvider<'filesystem-tools', FileSystemToolsConfig>;
-
-export { fileSystemToolsProvider };
+export type FileSystemToolsConfig = z.output<typeof FileSystemToolsConfigSchema>;
+//# sourceMappingURL=tool-factory-config.d.ts.map

package/dist/tool-factory-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tool-factory-config.d.ts","sourceRoot":"","sources":["../src/tool-factory-config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAaxB;;GAEG;AACH,eAAO,MAAM,qBAAqB,iFAMxB,CAAC;AAEX;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,2BAA2B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAkD3B,CAAC;AAEd,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,2BAA2B,CAAC,CAAC"}