npm - @dugleelabs/copair - Versions diffs - 1.6.0 → 1.7.0 - Mend

@dugleelabs/copair 1.6.0 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/api.d.ts CHANGED Viewed

@@ -216,21 +216,42 @@ declare class ToolRegistry {
     getAllDefinitions(): ToolDefinition[];
 }
+/**
+ * Path-level permissions — model-agnostic.
+ * Applies regardless of which tool the model uses (read, bash cat, grep, etc.).
+ * write permission implies read.
+ */
+interface PathPermissions {
+    read: string[];
+    write: string[];
+}
 interface AllowRules {
     /** bash entries: exact match, or prefix if the pattern ends with " *" */
     bash: string[];
     /**
      * git entries: matched against the args string.
-     * Entry is the subcommand (e.g. "diff") — automatically covers all
-     * flags for that subcommand (e.g. "diff --cached", "diff HEAD~1").
+     * Entry is the subcommand (e.g. "diff") — covers all flags for that subcommand.
      */
     git: string[];
     /**
-     * write / edit entries: glob patterns matched against the file path.
-     * Supports * (within a segment) and ** (across segments).
+     * Tool-specific read/write/edit entries (kept for backward-compat and
+     * fine-grained tool control). For multi-model setups, prefer `paths:`.
      */
+    read: string[];
     write: string[];
     edit: string[];
+    /**
+     * Path-level permissions — the preferred way to allow cross-repo access.
+     * Works regardless of which tool the model chooses to use for an operation.
+     *
+     * Example allow.yaml:
+     *   paths:
+     *     read:
+     *       - "../../other-repo/**"
+     *     write:
+     *       - "../../shared-output/**"
+     */
+    paths: PathPermissions;
 }
 declare class AllowList {
     private rules;
@@ -238,11 +259,25 @@ declare class AllowList {
     /**
      * Returns true when the operation is explicitly listed and should bypass
      * the approval prompt. Called by ApprovalGate before prompting.
+     *
+     * Check order per tool:
+     *   1. Tool-specific entries (bash:, git:, read:, write:, edit:) — fine-grained
+     *   2. Path-level entries (paths.read / paths.write) — model-agnostic
      */
     matches(toolName: string, input: Record<string, unknown>): boolean;
     private matchBash;
+    /**
+     * Path-level bash matching: extract path tokens from the command, classify
+     * as read or write intent, then check against paths.read / paths.write.
+     * All path tokens in the command must be covered for the check to pass.
+     */
+    private matchBashByPath;
     private matchGit;
     private matchPath;
+    /**
+     * Check filePath against paths.read or paths.write (write implies read).
+     */
+    private matchPathAgainstPermissions;
 }
 interface ToolInfo {
@@ -275,15 +310,27 @@ interface TokenUsage {
     contextPercent?: number;
 }
 type ApprovalAnswer = 'allow' | 'always' | 'deny' | 'all' | 'similar';
+/** Pre-approval diff shown at the approval prompt (before execution). */
+interface ApprovalDiffPreview {
+    filePath: string;
+    oldContent: string | null;
+    newContent: string;
+    diffText: string;
+}
 interface ApprovalRequest {
     toolName: string;
     input: Record<string, unknown>;
     summary: string;
     index: number;
     total: number;
-    diff?: DiffInfo;
+    /** Pre-approval diff preview (shown before user approves). */
+    diff?: ApprovalDiffPreview | null;
     /** Present when a bash command references a sensitive system path. */
     warning?: string;
+    /** Present when a bash command references a path outside the project root. */
+    crossRepoBashPath?: string;
+    /** Present when a read/glob/grep targets a path outside the project root. */
+    crossRepoReadPath?: string;
 }
 interface AgentBridgeEvents {
     'stream-text': (text: string) => void;
@@ -297,11 +344,13 @@ interface AgentBridgeEvents {
     'approval-request': (request: ApprovalRequest, respond: (answer: ApprovalAnswer) => void) => void;
     'diff': (diff: DiffInfo) => void;
     'usage': (usage: TokenUsage) => void;
-    'thinking-start': () => void;
+    'thinking-start': (label?: string) => void;
     'thinking-stop': () => void;
     'turn-complete': () => void;
     'error': (message: string) => void;
     'input-request': (respond: (input: string) => void) => void;
+    'context-limit-warning': () => void;
+    'context-limit-action': (respond: (action: 'compact' | 'abort') => void) => void;
 }
 type EventName = keyof AgentBridgeEvents;
 /**
@@ -335,8 +384,8 @@ declare class AgentBridge extends EventEmitter {
  * input_summary is always redacted and truncated to ≤ 200 chars before
  * writing so that raw secrets never appear in the audit log.
  */
-type AuditEvent = 'session_start' | 'session_end' | 'tool_call' | 'approval' | 'denial' | 'path_block' | 'schema_rejection' | 'bash_sensitive_path';
-type AuditOutcome = 'allowed' | 'denied' | 'error';
+type AuditEvent = 'session_start' | 'session_end' | 'tool_call' | 'approval' | 'denial' | 'path_block' | 'schema_rejection' | 'bash_sensitive_path' | 'bash_cross_repo' | 'cross_repo_read';
+type AuditOutcome = 'allowed' | 'denied' | 'error' | 'flagged';
 interface AuditEntry {
     ts: string;
     event: AuditEvent;
@@ -386,7 +435,7 @@ declare class ApprovalGate {
      * The agent never calls this. ToolExecutor calls it. The agent only
      * sees the resulting ExecutionResult.
      */
-    allow(toolName: string, input: Record<string, unknown>): Promise<boolean>;
+    allow(toolName: string, input: Record<string, unknown>, diffPreview?: ApprovalDiffPreview): Promise<boolean>;
     /** Bridge-based approval: emit event and await response from ink UI. */
     private bridgePrompt;
     /** Legacy approval prompt: reads from /dev/tty directly (not stdin).
@@ -455,7 +504,15 @@ declare class PathGuard {
      * @param mustExist true for read operations (file must exist); false for
      *                  write/edit operations (parent dir must exist).
      */
-    check(rawPath: string, mustExist: boolean): PathGuardResult;
+    check(rawPath: string, mustExist: boolean, opts?: {
+        skipBoundaryCheck?: boolean;
+    }): PathGuardResult;
+    /**
+     * Check whether a raw path resolves to somewhere inside the project root.
+     * Used by the tool executor to flag cross-repo references before the gate fires.
+     * Returns false on any resolution error — treat as outside.
+     */
+    isInsideProject(rawPath: string): boolean;
     private isDenied;
     private isAllowed;
     /**
@@ -664,6 +721,8 @@ interface AgentOptions {
     toolCallFormat?: FormatName;
     bridge?: AgentBridge;
     pluginManager?: PluginManager;
+    /** Fraction of maxTokens at which to warn about context limit (0–1, default 0.9). */
+    contextLimitThresholdPct?: number;
 }
 declare class Agent {
     private provider;
@@ -693,6 +752,14 @@ declare class Agent {
         /** Input tokens from the last API call — reflects actual context window usage. */
         lastInputTokens: number;
     }>;
+    /**
+     * Detect whether the model likely hit its context limit this turn.
+     * Two signals:
+     *   1. Token threshold: input tokens ≥ contextLimitThresholdPct of maxTokens
+     *   2. Truncation heuristic: text present, no tool calls, and response ends
+     *      without terminal punctuation (sentence was cut off mid-stream)
+     */
+    private detectContextLimit;
 }
 interface SessionMetadata {