npm - @diologue/local-agent - Versions diffs - 0.3.0 → 0.5.0 - Mend

@diologue/local-agent 0.3.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/cli.mjs CHANGED Viewed

@@ -1266,7 +1266,10 @@ var agentMessageBodySchema = z2.object({
   /** Optional user-chosen routing for this turn. When absent the cloud
    *  picks the default (CODING_AGENT_DEFAULT_PROVIDER/MODEL). */
   preferredProvider: z2.string().min(1).max(100).optional(),
-  preferredModel: z2.string().min(1).max(200).optional()
+  preferredModel: z2.string().min(1).max(200).optional(),
+  /** Tool-gating policy. Absent → "auto" (run everything) so older clients
+   *  keep their current behaviour. */
+  permissionMode: z2.enum(["auto", "confirm"]).optional()
 });
 var writeEvent = (res, event) => {
   res.write(`data: ${JSON.stringify(event)}
@@ -1322,7 +1325,8 @@ var createAgentRouter = (deps) => {
         signal: controller.signal,
         broker: (payload, observer) => broker.request(payload, observer),
         preferredProvider: parsed.data.preferredProvider,
-        preferredModel: parsed.data.preferredModel
+        preferredModel: parsed.data.preferredModel,
+        permissionMode: parsed.data.permissionMode
       })) {
         if (controller.signal.aborted) {
           logAgentRoute(
@@ -1493,6 +1497,36 @@ var createLlmChunkRouter = (deps) => {
   });
   return router;
 };
+var permissionDecisionBodySchema = z2.object({
+  sessionId: z2.string().min(1),
+  permissionId: z2.string().min(1),
+  response: z2.enum(["once", "always", "reject"])
+});
+var createPermissionRouter = (deps) => {
+  const router = createRouter2();
+  router.post("/", async (req, res) => {
+    const parsed = permissionDecisionBodySchema.safeParse(req.body);
+    if (!parsed.success) {
+      res.status(400).json({ error: "invalid_body", issues: parsed.error.issues });
+      return;
+    }
+    if (!deps.adapter.replyPermission) {
+      res.status(501).json({ error: "permissions_unsupported" });
+      return;
+    }
+    const matched = await deps.adapter.replyPermission(
+      parsed.data.sessionId,
+      parsed.data.permissionId,
+      parsed.data.response
+    );
+    if (!matched) {
+      res.status(404).json({ error: "no_active_permission" });
+      return;
+    }
+    res.json({ ok: true });
+  });
+  return router;
+};
 // src/routes/llm-shim.ts
 import { Router as createRouter3 } from "express";
@@ -2359,13 +2393,30 @@ var MockOpenCodeAdapter = class {
 };
 // src/adapters/opencode-event-mapper.ts
+var MAX_TOOL_OUTPUT_CHARS = 4e3;
+var truncateOutput = (raw) => {
+  if (!raw) return void 0;
+  if (raw.length <= MAX_TOOL_OUTPUT_CHARS) return raw;
+  const omitted = raw.length - MAX_TOOL_OUTPUT_CHARS;
+  return `${raw.slice(0, MAX_TOOL_OUTPUT_CHARS)}
+\u2026 [${omitted} more characters truncated]`;
+};
 var createMapState = (ourSessionId, openCodeSessionId) => ({
   ourSessionId,
   openCodeSessionId,
   startedTools: /* @__PURE__ */ new Set(),
   endedTools: /* @__PURE__ */ new Set(),
-  announcedPatches: /* @__PURE__ */ new Set()
+  announcedPatches: /* @__PURE__ */ new Set(),
+  announcedPermissions: /* @__PURE__ */ new Set()
 });
+var extractPermissionCommand = (metadata) => {
+  if (!metadata) return void 0;
+  for (const key of ["command", "cmd", "url", "pattern", "filePath"]) {
+    const v = metadata[key];
+    if (typeof v === "string" && v) return v;
+  }
+  return void 0;
+};
 var EMPTY = { events: [], done: false };
 var mapEvent = (item, state) => {
   const sid = item.properties?.sessionID;
@@ -2375,6 +2426,25 @@ var mapEvent = (item, state) => {
   if (item.type === "session.idle" && sid === state.openCodeSessionId) {
     return { events: [{ type: "done" }], done: true };
   }
+  if (item.type === "permission.updated") {
+    const permissionId = item.properties?.id;
+    if (!permissionId || state.announcedPermissions.has(permissionId)) {
+      return EMPTY;
+    }
+    state.announcedPermissions.add(permissionId);
+    return {
+      events: [
+        {
+          type: "permission_request",
+          permissionId,
+          tool: item.properties?.type ?? "tool",
+          title: item.properties?.title,
+          command: extractPermissionCommand(item.properties?.metadata)
+        }
+      ],
+      done: false
+    };
+  }
   if (item.type !== "message.part.updated") {
     return EMPTY;
   }
@@ -2413,7 +2483,10 @@ var mapEvent = (item, state) => {
           type: "tool_call_end",
           toolCallId: callId,
           ok: status === "completed",
-          summary: status === "error" ? part.state?.error ?? "Tool failed" : part.state?.title
+          summary: status === "error" ? part.state?.error ?? "Tool failed" : part.state?.title,
+          output: truncateOutput(
+            status === "error" ? part.state?.error : part.state?.output
+          )
         };
         return { events: [event], done: false };
       }
@@ -2472,6 +2545,7 @@ init_engine_locator_npm();
 var DIOLOGUE_PROVIDER_ID = "diologue";
 var DIOLOGUE_MODEL_ID = "diologue-routed";
 var END_OF_TURN_GRACE_MS = 600;
+var PERMISSION_DECISION_TIMEOUT_MS = 18e4;
 var EDIT_DIRECTIVE = "You are an autonomous coding agent operating on a real git repository. Carry out the request by editing files directly with your tools (write / edit / patch / bash) \u2014 do not just describe the change, outline steps, or print code for the user to copy. Read only what you need, make the edits on disk, and finish once the change has actually been written.";
 var logAdapter = (message) => {
   console.error(`[opencode-adapter] ${message}`);
@@ -2485,6 +2559,9 @@ var OpenCodeProcessAdapter = class {
   /** Maps our sessionId → opencode session id so successive turns within
    *  one coding-agent session reuse the same opencode conversation. */
   sessionMap = /* @__PURE__ */ new Map();
+  /** In-flight turns by our sessionId, so replyPermission() can reach the
+   *  engine client to resolve a paused tool call. */
+  activeTurns = /* @__PURE__ */ new Map();
   async resolveLocator() {
     if (this.options.engineLocator) {
       return this.options.engineLocator;
@@ -2527,14 +2604,17 @@ var OpenCodeProcessAdapter = class {
         }
       },
       model: `${DIOLOGUE_PROVIDER_ID}/${DIOLOGUE_MODEL_ID}`,
-      // Auto-approve tool execution. opencode gates edit/bash/webfetch
-      // behind a permission prompt; this helper runs headless with no
-      // approver, so without this the agent's writes are never applied to
-      // the repo and a turn finishes having changed nothing.
+      // Permission policy. The ADAPTER is the policy engine, not this config:
+      //   - edit stays "allow" — edits land in the working tree and are
+      //     reversible via the chat's Keep/Revert, so we never prompt on them.
+      //   - bash + webfetch are "ask" so opencode pauses them. In "auto" mode
+      //     the adapter auto-approves instantly (behaves like allow); in
+      //     "confirm" mode it forwards an AgentPermissionRequest to the browser
+      //     and resumes only once the user replies. See streamMessage().
       permission: {
         edit: "allow",
-        bash: "allow",
-        webfetch: "allow"
+        bash: "ask",
+        webfetch: "ask"
       }
     };
   }
@@ -2579,6 +2659,44 @@ var OpenCodeProcessAdapter = class {
     );
     return id;
   }
+  /** Send a decision for a paused permission to opencode. Best-effort: a
+   *  failure is logged but not thrown — the worst case is the turn hangs
+   *  until the grace/abort path tears it down. */
+  async replyToOpencode(client, openCodeSessionId, repoPath, permissionId, response) {
+    try {
+      await client.postSessionIdPermissionsPermissionId({
+        path: { id: openCodeSessionId, permissionID: permissionId },
+        query: { directory: repoPath },
+        body: { response }
+      });
+      logAdapter(
+        `permission reply id=${permissionId.slice(0, 8)} response=${response}`
+      );
+    } catch (err) {
+      logAdapter(
+        `permission reply FAILED id=${permissionId.slice(0, 8)} response=${response} error=${err instanceof Error ? err.message : String(err)}`
+      );
+    }
+  }
+  /** Apply a browser decision to a paused permission. Invoked by the
+   *  /agent/permission route on a separate HTTP request from the SSE stream. */
+  async replyPermission(sessionId, permissionId, response) {
+    const turn = this.activeTurns.get(sessionId);
+    if (!turn) return false;
+    const timer = turn.pending.get(permissionId);
+    if (timer) {
+      clearTimeout(timer);
+      turn.pending.delete(permissionId);
+    }
+    await this.replyToOpencode(
+      turn.client,
+      turn.openCodeSessionId,
+      turn.repoPath,
+      permissionId,
+      response
+    );
+    return true;
+  }
   async *streamMessage(request) {
     let handle;
     try {
@@ -2613,6 +2731,14 @@ var OpenCodeProcessAdapter = class {
     );
     let sawAnyPatch = false;
     let lastPatchHash = "";
+    const permissionMode = request.permissionMode ?? "auto";
+    const activeTurn = {
+      client: handle.client,
+      openCodeSessionId,
+      repoPath: request.repoPath,
+      pending: /* @__PURE__ */ new Map()
+    };
+    this.activeTurns.set(request.sessionId, activeTurn);
     let activeBrokerHandle = null;
     let streamScopedBroker = null;
     if (request.broker) {
@@ -2725,6 +2851,34 @@ ${request.prompt}` }
           );
         }
         for (const event of mapped.events) {
+          if (event.type === "permission_request") {
+            if (permissionMode === "confirm") {
+              const timer = setTimeout(() => {
+                activeTurn.pending.delete(event.permissionId);
+                void this.replyToOpencode(
+                  handle.client,
+                  openCodeSessionId,
+                  request.repoPath,
+                  event.permissionId,
+                  "reject"
+                );
+                logAdapter(
+                  `permission auto-rejected (timeout) id=${event.permissionId.slice(0, 8)} session=${request.sessionId.slice(0, 8)}`
+                );
+              }, PERMISSION_DECISION_TIMEOUT_MS);
+              activeTurn.pending.set(event.permissionId, timer);
+              yield event;
+            } else {
+              void this.replyToOpencode(
+                handle.client,
+                openCodeSessionId,
+                request.repoPath,
+                event.permissionId,
+                "once"
+              );
+            }
+            continue;
+          }
           if (event.type === "diff_proposed" && mapped.patchToFetch) {
             sawAnyPatch = true;
             lastPatchHash = mapped.patchToFetch.hash;
@@ -2743,6 +2897,18 @@ ${request.prompt}` }
       } catch {
       }
       request.signal?.removeEventListener("abort", stopOnAbort);
+      for (const [permId, timer] of activeTurn.pending) {
+        clearTimeout(timer);
+        void this.replyToOpencode(
+          handle.client,
+          openCodeSessionId,
+          request.repoPath,
+          permId,
+          "reject"
+        );
+      }
+      activeTurn.pending.clear();
+      this.activeTurns.delete(request.sessionId);
       activeBrokerHandle?.release();
       streamScopedBroker?.close("turn_ended");
     }
@@ -2850,6 +3016,7 @@ var createApp = (options) => {
   app.use("/agent", createAgentRouter({ state, adapter, brokerRegistry }));
   app.use("/agent/llm-response", createLlmResponseRouter({ brokerRegistry }));
   app.use("/agent/llm-chunk", createLlmChunkRouter({ brokerRegistry }));
+  app.use("/agent/permission", createPermissionRouter({ adapter }));
   app.use("/llm-shim", createLlmShimRouter());
   app.use((req, res) => {
     res.status(404).json({ error: "not_found", method: req.method, path: req.path });