@dexto/tools-filesystem 1.6.0 → 1.6.2

package/dist/directory-approval.integration.test.d.ts

@@ -1,14 +1,14 @@
 /**
  * Directory Approval Integration Tests
  *
- * Tests for the directory access permission system integrated into file tools.
+ * Tests for the directory access permission system integrated into filesystem tools.
  *
  * Key behaviors tested:
- * 1. Working directory: No directory prompt, normal tool flow
- * 2. External dir (first access): Directory prompt via getApprovalOverride
- * 3. External dir (after "session" approval): No directory prompt
- * 4. External dir (after "once" approval): Directory prompt every time
- * 5. Path containment: approving /ext covers /ext/sub/file.txt
+ * - Paths within config-allowed roots do not require directory access prompting metadata
+ * - Paths outside config-allowed roots return directory access prompting metadata
+ * - Session-approved directories do not prompt again
+ * - Once-approved directories still prompt again (prompting decision)
+ * - Session approvals cover child paths but not sibling directories
  */
 export {};
 //# sourceMappingURL=directory-approval.integration.test.d.ts.map

package/dist/directory-approval.integration.test.js

@@ -2,16 +2,14 @@ import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
 import * as path from "node:path";
 import * as fs from "node:fs/promises";
 import * as os from "node:os";
-import { createReadFileTool } from "./read-file-tool.js";
-import { createWriteFileTool } from "./write-file-tool.js";
-import { createEditFileTool } from "./edit-file-tool.js";
-import { FileSystemService } from "./filesystem-service.js";
 import {
   ApprovalManager,
-  ApprovalStatus,
-  ApprovalType,
   DextoRuntimeError
 } from "@dexto/core";
+import { FileSystemService } from "./filesystem-service.js";
+import { createReadFileTool } from "./read-file-tool.js";
+import { createWriteFileTool } from "./write-file-tool.js";
+import { createEditFileTool } from "./edit-file-tool.js";
 const createMockLogger = () => {
   const noopAsync = async () => void 0;
   const logger = {
@@ -22,6 +20,7 @@ const createMockLogger = () => {
     error: vi.fn(),
     trackException: vi.fn(),
     createChild: () => logger,
+    createFileOnlyChild: () => logger,
     setLevel: vi.fn(),
     getLevel: () => "info",
     getLogFilePath: () => null,
@@ -82,402 +81,152 @@ describe("Directory Approval Integration Tests", () => {
     } catch {
     }
   });
-  describe("Read File Tool", () => {
-    describe("getApprovalOverride", () => {
-      it("should return null for paths within working directory (no prompt needed)", async () => {
-        const tool = createReadFileTool(getFileSystemService);
-        const testFile = path.join(tempDir, "test.txt");
-        await fs.writeFile(testFile, "test content");
-        const override = await tool.getApprovalOverride?.(
-          tool.inputSchema.parse({ file_path: testFile }),
-          toolContext
-        );
-        expect(override).toBeNull();
-      });
-      it("should return directory access approval for external paths", async () => {
-        const tool = createReadFileTool(getFileSystemService);
-        const externalPath = "/external/project/file.ts";
-        const override = await tool.getApprovalOverride?.(
-          tool.inputSchema.parse({ file_path: externalPath }),
-          toolContext
-        );
-        expect(override).not.toBeNull();
-        expect(override?.type).toBe(ApprovalType.DIRECTORY_ACCESS);
-        const metadata = override?.metadata;
-        expect(metadata?.path).toBe(path.resolve(externalPath));
-        expect(metadata?.parentDir).toBe(path.dirname(path.resolve(externalPath)));
-        expect(metadata?.operation).toBe("read");
-        expect(metadata?.toolName).toBe("read_file");
-      });
-      it("should return null when external path is session-approved", async () => {
-        approvalManager.addApprovedDirectory("/external/project", "session");
-        const tool = createReadFileTool(getFileSystemService);
-        const externalPath = "/external/project/file.ts";
-        const override = await tool.getApprovalOverride?.(
-          tool.inputSchema.parse({ file_path: externalPath }),
-          toolContext
-        );
-        expect(override).toBeNull();
-      });
-    });
-    describe("onApprovalGranted", () => {
-      it("should add directory as session-approved when rememberDirectory is true", async () => {
-        const tool = createReadFileTool(getFileSystemService);
-        const externalPath = "/external/project/file.ts";
-        const approvalRequest = await tool.getApprovalOverride?.(
-          tool.inputSchema.parse({ file_path: externalPath }),
-          toolContext
-        );
-        expect(approvalRequest).not.toBeNull();
-        if (!approvalRequest) {
-          throw new Error("Expected approval request");
-        }
-        tool.onApprovalGranted?.(
-          {
-            approvalId: "test-approval",
-            status: ApprovalStatus.APPROVED,
-            data: { rememberDirectory: true }
-          },
-          toolContext,
-          approvalRequest
-        );
-        expect(
-          approvalManager.getApprovedDirectories().get(path.dirname(path.resolve(externalPath)))
-        ).toBe("session");
-      });
-      it("should add directory as once-approved when rememberDirectory is false", async () => {
-        const tool = createReadFileTool(getFileSystemService);
-        const externalPath = "/external/project/file.ts";
-        const approvalRequest = await tool.getApprovalOverride?.(
-          tool.inputSchema.parse({ file_path: externalPath }),
-          toolContext
-        );
-        expect(approvalRequest).not.toBeNull();
-        if (!approvalRequest) {
-          throw new Error("Expected approval request");
-        }
-        tool.onApprovalGranted?.(
-          {
-            approvalId: "test-approval",
-            status: ApprovalStatus.APPROVED,
-            data: { rememberDirectory: false }
-          },
-          toolContext,
-          approvalRequest
-        );
-        expect(
-          approvalManager.getApprovedDirectories().get(path.dirname(path.resolve(externalPath)))
-        ).toBe("once");
-      });
-      it("should default to once-approved when rememberDirectory is not specified", async () => {
-        const tool = createReadFileTool(getFileSystemService);
-        const externalPath = "/external/project/file.ts";
-        const approvalRequest = await tool.getApprovalOverride?.(
-          tool.inputSchema.parse({ file_path: externalPath }),
-          toolContext
-        );
-        expect(approvalRequest).not.toBeNull();
-        if (!approvalRequest) {
-          throw new Error("Expected approval request");
-        }
-        tool.onApprovalGranted?.(
-          {
-            approvalId: "test-approval",
-            status: ApprovalStatus.APPROVED,
-            data: {}
-          },
-          toolContext,
-          approvalRequest
-        );
-        expect(
-          approvalManager.getApprovedDirectories().get(path.dirname(path.resolve(externalPath)))
-        ).toBe("once");
-      });
-    });
-    describe("execute", () => {
-      it("should read file contents within working directory", async () => {
-        const tool = createReadFileTool(getFileSystemService);
-        const testFile = path.join(tempDir, "readable.txt");
-        await fs.writeFile(testFile, "Hello, world!\nLine 2");
-        const result = await tool.execute({ file_path: testFile }, toolContext);
-        expect(result.content).toBe("Hello, world!\nLine 2");
-        expect(result.lines).toBe(2);
-      });
-    });
-  });
-  describe("Write File Tool", () => {
-    describe("getApprovalOverride", () => {
-      it("should return null for paths within working directory", async () => {
-        const tool = createWriteFileTool(getFileSystemService);
-        const testFile = path.join(tempDir, "new-file.txt");
-        const override = await tool.getApprovalOverride?.(
-          tool.inputSchema.parse({ file_path: testFile, content: "test" }),
-          toolContext
-        );
-        expect(override).toBeNull();
-      });
-      it("should return directory access approval for external paths", async () => {
-        const tool = createWriteFileTool(getFileSystemService);
-        const externalPath = "/external/project/new.ts";
-        const override = await tool.getApprovalOverride?.(
-          tool.inputSchema.parse({ file_path: externalPath, content: "test" }),
-          toolContext
-        );
-        expect(override).not.toBeNull();
-        expect(override?.type).toBe(ApprovalType.DIRECTORY_ACCESS);
-        const metadata = override?.metadata;
-        expect(metadata?.operation).toBe("write");
-        expect(metadata?.toolName).toBe("write_file");
-      });
-      it("should return null when external path is session-approved", async () => {
-        approvalManager.addApprovedDirectory("/external/project", "session");
-        const tool = createWriteFileTool(getFileSystemService);
-        const externalPath = "/external/project/new.ts";
-        const override = await tool.getApprovalOverride?.(
-          tool.inputSchema.parse({ file_path: externalPath, content: "test" }),
-          toolContext
-        );
-        expect(override).toBeNull();
-      });
+  describe("getApprovalOverride", () => {
+    it("should return null for paths within config-allowed roots", async () => {
+      const tool = createReadFileTool(getFileSystemService);
+      const overrideFn = tool.approval?.override;
+      expect(overrideFn).toBeDefined();
+      const testFile = path.join(tempDir, "test.txt");
+      await fs.writeFile(testFile, "test content");
+      const metadata = await overrideFn(
+        tool.inputSchema.parse({ file_path: testFile }),
+        toolContext
+      );
+      expect(metadata).toBeNull();
     });
-    describe("onApprovalGranted", () => {
-      it("should add directory as session-approved when rememberDirectory is true", async () => {
-        const tool = createWriteFileTool(getFileSystemService);
-        const externalPath = "/external/project/new.ts";
-        const approvalRequest = await tool.getApprovalOverride?.(
-          tool.inputSchema.parse({ file_path: externalPath, content: "test" }),
-          toolContext
-        );
-        expect(approvalRequest).not.toBeNull();
-        if (!approvalRequest) {
-          throw new Error("Expected approval request");
+    it("should return directory access metadata for external paths", async () => {
+      const tool = createReadFileTool(getFileSystemService);
+      const overrideFn = tool.approval?.override;
+      expect(overrideFn).toBeDefined();
+      const externalPath = "/external/project/file.ts";
+      const metadata = await overrideFn(
+        tool.inputSchema.parse({ file_path: externalPath }),
+        toolContext
+      );
+      expect(metadata).not.toBeNull();
+      expect(metadata).toMatchObject({
+        type: "directory_access",
+        metadata: {
+          path: path.resolve(externalPath),
+          parentDir: path.dirname(path.resolve(externalPath)),
+          operation: "read",
+          toolName: "read_file"
         }
-        tool.onApprovalGranted?.(
-          {
-            approvalId: "test-approval",
-            status: ApprovalStatus.APPROVED,
-            data: { rememberDirectory: true }
-          },
-          toolContext,
-          approvalRequest
-        );
-        expect(
-          approvalManager.getApprovedDirectories().get(path.dirname(path.resolve(externalPath)))
-        ).toBe("session");
       });
     });
-  });
-  describe("Edit File Tool", () => {
-    describe("getApprovalOverride", () => {
-      it("should return null for paths within working directory", async () => {
-        const tool = createEditFileTool(getFileSystemService);
-        const testFile = path.join(tempDir, "existing.txt");
-        const override = await tool.getApprovalOverride?.(
-          tool.inputSchema.parse({
-            file_path: testFile,
-            old_string: "old",
-            new_string: "new"
-          }),
-          toolContext
-        );
-        expect(override).toBeNull();
-      });
-      it("should return directory access approval for external paths", async () => {
-        const tool = createEditFileTool(getFileSystemService);
-        const externalPath = "/external/project/existing.ts";
-        const override = await tool.getApprovalOverride?.(
-          tool.inputSchema.parse({
-            file_path: externalPath,
-            old_string: "old",
-            new_string: "new"
-          }),
-          toolContext
-        );
-        expect(override).not.toBeNull();
-        expect(override?.type).toBe(ApprovalType.DIRECTORY_ACCESS);
-        const metadata = override?.metadata;
-        expect(metadata?.operation).toBe("edit");
-        expect(metadata?.toolName).toBe("edit_file");
-      });
-      it("should return null when external path is session-approved", async () => {
-        approvalManager.addApprovedDirectory("/external/project", "session");
-        const tool = createEditFileTool(getFileSystemService);
-        const externalPath = "/external/project/existing.ts";
-        const override = await tool.getApprovalOverride?.(
-          tool.inputSchema.parse({
-            file_path: externalPath,
-            old_string: "old",
-            new_string: "new"
-          }),
-          toolContext
-        );
-        expect(override).toBeNull();
-      });
-    });
-  });
-  describe("Session vs Once Approval Scenarios", () => {
-    it("should not prompt for subsequent requests after session approval", async () => {
+    it("should return null when external path is session-approved", async () => {
+      approvalManager.addApprovedDirectory("/external/project", "session");
       const tool = createReadFileTool(getFileSystemService);
-      const externalPath1 = "/external/project/file1.ts";
-      const externalPath2 = "/external/project/file2.ts";
-      let override = await tool.getApprovalOverride?.(
-        tool.inputSchema.parse({ file_path: externalPath1 }),
-        toolContext
-      );
-      expect(override).not.toBeNull();
-      if (!override) {
-        throw new Error("Expected approval request");
-      }
-      tool.onApprovalGranted?.(
-        {
-          approvalId: "approval-1",
-          status: ApprovalStatus.APPROVED,
-          data: { rememberDirectory: true }
-        },
-        toolContext,
-        override
-      );
-      expect(
-        approvalManager.getApprovedDirectories().get(path.dirname(path.resolve(externalPath1)))
-      ).toBe("session");
-      override = await tool.getApprovalOverride?.(
-        tool.inputSchema.parse({ file_path: externalPath2 }),
+      const overrideFn = tool.approval?.override;
+      expect(overrideFn).toBeDefined();
+      const externalPath = "/external/project/file.ts";
+      const metadata = await overrideFn(
+        tool.inputSchema.parse({ file_path: externalPath }),
         toolContext
       );
-      expect(override).toBeNull();
+      expect(metadata).toBeNull();
     });
-    it("should prompt for subsequent requests after once approval", async () => {
+    it("should still return metadata when external path is once-approved (prompt again)", async () => {
+      approvalManager.addApprovedDirectory("/external/project", "once");
       const tool = createReadFileTool(getFileSystemService);
-      const externalPath1 = "/external/project/file1.ts";
-      const externalPath2 = "/external/project/file2.ts";
-      let override = await tool.getApprovalOverride?.(
-        tool.inputSchema.parse({ file_path: externalPath1 }),
+      const overrideFn = tool.approval?.override;
+      expect(overrideFn).toBeDefined();
+      const externalPath = "/external/project/file.ts";
+      const metadata = await overrideFn(
+        tool.inputSchema.parse({ file_path: externalPath }),
         toolContext
       );
-      expect(override).not.toBeNull();
-      if (!override) {
-        throw new Error("Expected approval request");
-      }
-      tool.onApprovalGranted?.(
-        {
-          approvalId: "approval-1",
-          status: ApprovalStatus.APPROVED,
-          data: { rememberDirectory: false }
-        },
-        toolContext,
-        override
+      expect(metadata).not.toBeNull();
+    });
+  });
+  describe("Different tool operations", () => {
+    it("should label write operations correctly", async () => {
+      const tool = createWriteFileTool(getFileSystemService);
+      const overrideFn = tool.approval?.override;
+      expect(overrideFn).toBeDefined();
+      const externalPath = "/external/project/new.ts";
+      const metadata = await overrideFn(
+        tool.inputSchema.parse({ file_path: externalPath, content: "test" }),
+        toolContext
       );
-      expect(
-        approvalManager.getApprovedDirectories().get(path.dirname(path.resolve(externalPath1)))
-      ).toBe("once");
-      override = await tool.getApprovalOverride?.(
-        tool.inputSchema.parse({ file_path: externalPath2 }),
+      expect(metadata).not.toBeNull();
+      expect(metadata).toMatchObject({
+        type: "directory_access",
+        metadata: {
+          path: path.resolve(externalPath),
+          parentDir: path.dirname(path.resolve(externalPath)),
+          operation: "write",
+          toolName: "write_file"
+        }
+      });
+    });
+    it("should label edit operations correctly", async () => {
+      const tool = createEditFileTool(getFileSystemService);
+      const overrideFn = tool.approval?.override;
+      expect(overrideFn).toBeDefined();
+      const externalPath = "/external/project/existing.ts";
+      const metadata = await overrideFn(
+        tool.inputSchema.parse({
+          file_path: externalPath,
+          old_string: "old",
+          new_string: "new"
+        }),
         toolContext
       );
-      expect(override).not.toBeNull();
+      expect(metadata).not.toBeNull();
+      expect(metadata).toMatchObject({
+        type: "directory_access",
+        metadata: {
+          path: path.resolve(externalPath),
+          parentDir: path.dirname(path.resolve(externalPath)),
+          operation: "edit",
+          toolName: "edit_file"
+        }
+      });
     });
   });
-  describe("Path Containment Scenarios", () => {
+  describe("Path containment scenarios", () => {
     it("should cover child paths when parent directory is session-approved", async () => {
       const tool = createReadFileTool(getFileSystemService);
+      const overrideFn = tool.approval?.override;
+      expect(overrideFn).toBeDefined();
       approvalManager.addApprovedDirectory("/external/project", "session");
-      let override = await tool.getApprovalOverride?.(
+      const metadata1 = await overrideFn(
         tool.inputSchema.parse({ file_path: "/external/project/file.ts" }),
         toolContext
       );
-      expect(override).toBeNull();
-      override = await tool.getApprovalOverride?.(
+      expect(metadata1).toBeNull();
+      const metadata2 = await overrideFn(
         tool.inputSchema.parse({ file_path: "/external/project/deep/nested/file.ts" }),
         toolContext
       );
-      expect(override).toBeNull();
+      expect(metadata2).toBeNull();
     });
     it("should NOT cover sibling directories", async () => {
       const tool = createReadFileTool(getFileSystemService);
+      const overrideFn = tool.approval?.override;
+      expect(overrideFn).toBeDefined();
       approvalManager.addApprovedDirectory("/external/sub", "session");
-      let override = await tool.getApprovalOverride?.(
+      const metadata1 = await overrideFn(
         tool.inputSchema.parse({ file_path: "/external/sub/file.ts" }),
         toolContext
       );
-      expect(override).toBeNull();
-      override = await tool.getApprovalOverride?.(
+      expect(metadata1).toBeNull();
+      const metadata2 = await overrideFn(
         tool.inputSchema.parse({ file_path: "/external/other/file.ts" }),
         toolContext
       );
-      expect(override).not.toBeNull();
-    });
-  });
-  describe("Different External Directories Scenarios", () => {
-    it("should require separate approval for different external directories", async () => {
-      const tool = createReadFileTool(getFileSystemService);
-      const dir1Path = "/external/project1/file.ts";
-      const dir2Path = "/external/project2/file.ts";
-      const override1 = await tool.getApprovalOverride?.(
-        tool.inputSchema.parse({ file_path: dir1Path }),
-        toolContext
-      );
-      expect(override1).not.toBeNull();
-      const metadata1 = override1?.metadata;
-      expect(metadata1?.parentDir).toBe("/external/project1");
-      const override2 = await tool.getApprovalOverride?.(
-        tool.inputSchema.parse({ file_path: dir2Path }),
-        toolContext
-      );
-      expect(override2).not.toBeNull();
-      const metadata2 = override2?.metadata;
-      expect(metadata2?.parentDir).toBe("/external/project2");
-    });
-  });
-  describe("Mixed Operations Scenarios", () => {
-    it("should share directory approval across different file operations", async () => {
-      const readTool = createReadFileTool(getFileSystemService);
-      const writeTool = createWriteFileTool(getFileSystemService);
-      const editTool = createEditFileTool(getFileSystemService);
-      const externalDir = "/external/project";
-      const approvalRequest = await readTool.getApprovalOverride?.(
-        readTool.inputSchema.parse({ file_path: `${externalDir}/file1.ts` }),
-        toolContext
-      );
-      expect(approvalRequest).not.toBeNull();
-      if (!approvalRequest) {
-        throw new Error("Expected approval request");
-      }
-      readTool.onApprovalGranted?.(
-        {
-          approvalId: "approval-1",
-          status: ApprovalStatus.APPROVED,
-          data: { rememberDirectory: true }
-        },
-        toolContext,
-        approvalRequest
-      );
-      expect(
-        await writeTool.getApprovalOverride?.(
-          writeTool.inputSchema.parse({
-            file_path: `${externalDir}/file2.ts`,
-            content: "test"
-          }),
-          toolContext
-        )
-      ).toBeNull();
-      expect(
-        await editTool.getApprovalOverride?.(
-          editTool.inputSchema.parse({
-            file_path: `${externalDir}/file3.ts`,
-            old_string: "a",
-            new_string: "b"
-          }),
-          toolContext
-        )
-      ).toBeNull();
+      expect(metadata2).not.toBeNull();
     });
   });
   describe("Without ApprovalManager in context", () => {
     it("should throw for external paths", async () => {
       const tool = createReadFileTool(getFileSystemService);
+      const overrideFn = tool.approval?.override;
+      expect(overrideFn).toBeDefined();
       const contextWithoutApprovalManager = { logger: mockLogger };
       await expect(
-        tool.getApprovalOverride?.(
+        overrideFn(
           tool.inputSchema.parse({ file_path: "/external/project/file.ts" }),
           contextWithoutApprovalManager
         )

package/dist/directory-approval.js

@@ -1,55 +1,59 @@
 import * as path from "node:path";
-import { ApprovalType, ToolError } from "@dexto/core";
+import { ApprovalStatus, ApprovalType, ToolError } from "@dexto/core";
 function resolveFilePath(workingDirectory, filePath) {
   const resolvedPath = path.isAbsolute(filePath) ? path.resolve(filePath) : path.resolve(workingDirectory, filePath);
   return { path: resolvedPath, parentDir: path.dirname(resolvedPath) };
 }
 function createDirectoryAccessApprovalHandlers(options) {
   return {
-    async getApprovalOverride(input, context) {
-      const resolvedFileSystemService = await options.getFileSystemService(context);
-      const paths = options.resolvePaths(input, resolvedFileSystemService);
-      const isAllowed = await resolvedFileSystemService.isPathWithinConfigAllowed(paths.path);
-      if (isAllowed) {
-        return null;
-      }
-      const approvalManager = context.services?.approval;
-      if (!approvalManager) {
-        throw ToolError.configInvalid(
-          `${options.toolName} requires ToolExecutionContext.services.approval`
+    approval: {
+      async override(input, context) {
+        const resolvedFileSystemService = await options.getFileSystemService(context);
+        const paths = options.resolvePaths(input, resolvedFileSystemService);
+        const isAllowed = await resolvedFileSystemService.isPathWithinConfigAllowed(
+          paths.path
         );
-      }
-      if (approvalManager.isDirectorySessionApproved(paths.path)) {
-        return null;
-      }
-      return {
-        type: ApprovalType.DIRECTORY_ACCESS,
-        metadata: {
-          path: paths.path,
-          parentDir: paths.parentDir,
-          operation: options.operation,
-          toolName: options.toolName
+        if (isAllowed) {
+          return null;
         }
-      };
-    },
-    onApprovalGranted(response, context, approvalRequest) {
-      if (approvalRequest.type !== ApprovalType.DIRECTORY_ACCESS) {
-        return;
-      }
-      const metadata = approvalRequest.metadata;
-      const parentDir = typeof metadata?.parentDir === "string" ? metadata.parentDir : null;
-      if (!parentDir) {
-        return;
-      }
-      const data = response.data;
-      const rememberDirectory = data?.rememberDirectory ?? false;
-      const approvalManager = context.services?.approval;
-      if (!approvalManager) {
-        throw ToolError.configInvalid(
-          `${options.toolName} requires ToolExecutionContext.services.approval`
+        const approvalManager = context.services?.approval;
+        if (!approvalManager) {
+          throw ToolError.configInvalid(
+            `${options.toolName} requires ToolExecutionContext.services.approval`
+          );
+        }
+        if (approvalManager.isDirectorySessionApproved(paths.path)) {
+          return null;
+        }
+        return {
+          type: ApprovalType.DIRECTORY_ACCESS,
+          metadata: {
+            path: paths.path,
+            parentDir: paths.parentDir,
+            operation: options.operation,
+            toolName: options.toolName
+          }
+        };
+      },
+      async onGranted(response, context, approvalRequest) {
+        const approvalManager = context.services?.approval;
+        if (!approvalManager) {
+          return;
+        }
+        if (response.status !== ApprovalStatus.APPROVED) {
+          return;
+        }
+        const data = response.data;
+        const rememberDirectory = data?.rememberDirectory ?? false;
+        const metadata = approvalRequest.metadata;
+        if (!metadata?.parentDir) {
+          return;
+        }
+        approvalManager.addApprovedDirectory(
+          metadata.parentDir,
+          rememberDirectory ? "session" : "once"
         );
       }
-      approvalManager.addApprovedDirectory(parentDir, rememberDirectory ? "session" : "once");
     }
   };
 }