@inkeep/agents-run-api 0.36.1 → 0.37.1

package/dist/index.cjs

@@ -32,12 +32,6 @@ var factory = require('hono/factory');
 var swaggerUi = require('@hono/swagger-ui');
 var streaming = require('hono/streaming');
 var ai = require('ai');
-var anthropic = require('@ai-sdk/anthropic');
-var gateway = require('@ai-sdk/gateway');
-var google = require('@ai-sdk/google');
-var openai = require('@ai-sdk/openai');
-var openaiCompatible = require('@ai-sdk/openai-compatible');
-var aiSdkProvider = require('@openrouter/ai-sdk-provider');
 var jmespath = require('jmespath');
 var Ajv = require('ajv');
 var destr = require('destr');
@@ -95,6 +89,7 @@ var init_env = __esm({
       ENVIRONMENT: z8.z.enum(["development", "production", "pentest", "test"]).optional().default("development"),
       DATABASE_URL: z8.z.string().optional(),
       INKEEP_AGENTS_RUN_API_URL: z8.z.string().optional().default("http://localhost:3003"),
+      AGENTS_MANAGE_UI_URL: z8.z.string().optional().default("http://localhost:3000"),
       LOG_LEVEL: z8.z.enum(["trace", "debug", "info", "warn", "error"]).optional().default("debug"),
       NANGO_SERVER_URL: z8.z.string().optional().default("https://api.nango.dev"),
       NANGO_SECRET_KEY: z8.z.string().optional(),
@@ -103,6 +98,7 @@ var init_env = __esm({
       GOOGLE_GENERATIVE_AI_API_KEY: z8.z.string().optional(),
       INKEEP_AGENTS_RUN_API_BYPASS_SECRET: z8.z.string().optional(),
       INKEEP_AGENTS_JWT_SIGNING_SECRET: z8.z.string().optional(),
+      INKEEP_AGENTS_TEMP_JWT_PUBLIC_KEY: z8.z.string().optional(),
       OTEL_BSP_SCHEDULE_DELAY: z8.z.coerce.number().optional().default(500),
       OTEL_BSP_MAX_EXPORT_BATCH_SIZE: z8.z.coerce.number().optional().default(64)
     });
@@ -6740,10 +6736,9 @@ var init_NativeSandboxExecutor = __esm({
               "Reusing cached sandbox"
             );
             return sandbox.sandboxDir;
-          } else {
-            this.cleanupSandbox(sandbox.sandboxDir);
-            delete this.sandboxPool[poolKey];
           }
+          this.cleanupSandbox(sandbox.sandboxDir);
+          delete this.sandboxPool[poolKey];
         }
         return null;
       }
@@ -7643,6 +7638,31 @@ function createExecutionContext(params) {
 
 // src/middleware/api-key-auth.ts
 var logger2 = agentsCore.getLogger("env-key-auth");
+async function tryAuthenticateWithTempJwt(apiKey, baseUrl, subAgentId) {
+  if (!apiKey.startsWith("eyJ") || !env.INKEEP_AGENTS_TEMP_JWT_PUBLIC_KEY) {
+    return null;
+  }
+  try {
+    const publicKeyPem = Buffer.from(env.INKEEP_AGENTS_TEMP_JWT_PUBLIC_KEY, "base64").toString(
+      "utf-8"
+    );
+    const payload = await agentsCore.verifyTempToken(publicKeyPem, apiKey);
+    logger2.info({}, "JWT temp token authenticated successfully");
+    return createExecutionContext({
+      apiKey,
+      tenantId: payload.tenantId,
+      projectId: payload.projectId,
+      agentId: payload.agentId,
+      apiKeyId: "temp-jwt",
+      baseUrl,
+      subAgentId,
+      metadata: { initiatedBy: payload.initiatedBy }
+    });
+  } catch (error) {
+    logger2.debug({ error }, "JWT verification failed");
+    return null;
+  }
+}
 var apiKeyAuth = () => factory.createMiddleware(async (c2, next) => {
   if (c2.req.method === "OPTIONS") {
     await next();
@@ -7663,6 +7683,12 @@ var apiKeyAuth = () => factory.createMiddleware(async (c2, next) => {
     let executionContext;
     if (authHeader?.startsWith("Bearer ")) {
       const apiKey2 = authHeader.substring(7);
+      const jwtContext2 = await tryAuthenticateWithTempJwt(apiKey2, baseUrl, subAgentId);
+      if (jwtContext2) {
+        c2.set("executionContext", jwtContext2);
+        await next();
+        return;
+      }
       try {
         executionContext = await extractContextFromApiKey(apiKey2, baseUrl);
         if (subAgentId) {
@@ -7715,6 +7741,12 @@ var apiKeyAuth = () => factory.createMiddleware(async (c2, next) => {
     });
   }
   const apiKey = authHeader.substring(7);
+  const jwtContext = await tryAuthenticateWithTempJwt(apiKey, baseUrl, subAgentId);
+  if (jwtContext) {
+    c2.set("executionContext", jwtContext);
+    await next();
+    return;
+  }
   if (env.INKEEP_AGENTS_RUN_API_BYPASS_SECRET) {
     if (apiKey === env.INKEEP_AGENTS_RUN_API_BYPASS_SECRET) {
       if (!tenantId || !projectId || !agentId) {
@@ -7735,7 +7767,8 @@ var apiKeyAuth = () => factory.createMiddleware(async (c2, next) => {
       logger2.info({}, "Bypass secret authenticated successfully");
       await next();
       return;
-    } else if (apiKey) {
+    }
+    if (apiKey) {
       try {
         const executionContext = await extractContextFromApiKey(apiKey, baseUrl);
         if (subAgentId) {
@@ -7753,11 +7786,10 @@ var apiKeyAuth = () => factory.createMiddleware(async (c2, next) => {
       }
       await next();
       return;
-    } else {
-      throw new httpException.HTTPException(401, {
-        message: "Invalid Token"
-      });
     }
+    throw new httpException.HTTPException(401, {
+      message: "Invalid Token"
+    });
   }
   if (!apiKey || apiKey.length < 16) {
     throw new httpException.HTTPException(401, {
@@ -7906,6 +7938,19 @@ function setupOpenAPIRoutes(app6) {
           }
         ]
       });
+      document2.components = {
+        ...document2.components,
+        securitySchemes: {
+          ...document2.components?.securitySchemes || {},
+          bearerAuth: {
+            type: "http",
+            scheme: "bearer",
+            bearerFormat: "API Key",
+            description: 'API key authentication. All endpoints require a valid API key in the Authorization header as "Bearer <api-key>". API keys can be created in the management UI.'
+          }
+        }
+      };
+      document2.security = [{ bearerAuth: [] }];
       return c2.json(document2);
     } catch (error) {
       console.error("OpenAPI document generation failed:", error);
@@ -8537,275 +8582,10 @@ async function handleTasksResubscribe(c2, agent, request) {
 init_dbClient();
 init_logger();
 
-// src/agents/ModelFactory.ts
-init_logger();
-var logger4 = agentsCore.getLogger("ModelFactory");
-var nimDefault = openaiCompatible.createOpenAICompatible({
-  name: "nim",
-  baseURL: "https://integrate.api.nvidia.com/v1",
-  headers: {
-    Authorization: `Bearer ${process.env.NIM_API_KEY}`
-  }
-});
-var ModelFactory = class _ModelFactory {
-  /**
-   * Create a provider instance with custom configuration
-   */
-  static createProvider(provider, config) {
-    switch (provider) {
-      case "anthropic":
-        return anthropic.createAnthropic(config);
-      case "openai":
-        return openai.createOpenAI(config);
-      case "google":
-        return google.createGoogleGenerativeAI(config);
-      case "openrouter":
-        return {
-          ...aiSdkProvider.createOpenRouter(config),
-          textEmbeddingModel: () => {
-            throw new Error("OpenRouter does not support text embeddings");
-          },
-          imageModel: () => {
-            throw new Error("OpenRouter does not support image generation");
-          }
-        };
-      case "gateway":
-        return gateway.createGateway(config);
-      case "nim": {
-        const nimConfig = {
-          name: "nim",
-          baseURL: "https://integrate.api.nvidia.com/v1",
-          headers: {
-            Authorization: `Bearer ${process.env.NIM_API_KEY}`
-          },
-          ...config
-        };
-        return openaiCompatible.createOpenAICompatible(nimConfig);
-      }
-      case "custom": {
-        if (!config.baseURL && !config.baseUrl) {
-          throw new Error(
-            "Custom provider requires baseURL. Please provide it in providerOptions.baseURL or providerOptions.baseUrl"
-          );
-        }
-        const customConfig = {
-          name: "custom",
-          baseURL: config.baseURL || config.baseUrl,
-          headers: {
-            ...process.env.CUSTOM_LLM_API_KEY && {
-              Authorization: `Bearer ${process.env.CUSTOM_LLM_API_KEY}`
-            },
-            ...config.headers || {}
-          },
-          ...config
-        };
-        logger4.info(
-          {
-            config: {
-              baseURL: customConfig.baseURL,
-              hasApiKey: !!process.env.CUSTOM_LLM_API_KEY,
-              apiKeyPrefix: process.env.CUSTOM_LLM_API_KEY?.substring(0, 10) + "...",
-              headers: Object.keys(customConfig.headers || {})
-            }
-          },
-          "Creating custom OpenAI-compatible provider"
-        );
-        return openaiCompatible.createOpenAICompatible(customConfig);
-      }
-      default:
-        throw new Error(`Unsupported provider: ${provider}`);
-    }
-  }
-  /**
-   * Extract provider configuration from providerOptions
-   * Only includes settings that go to the provider constructor (baseURL, apiKey, etc.)
-   */
-  static extractProviderConfig(providerOptions) {
-    if (!providerOptions) {
-      return {};
-    }
-    const providerConfig = {};
-    if (providerOptions.baseUrl || providerOptions.baseURL) {
-      providerConfig.baseURL = providerOptions.baseUrl || providerOptions.baseURL;
-    }
-    if (providerOptions.headers) {
-      providerConfig.headers = providerOptions.headers;
-    }
-    if (providerOptions.gateway) {
-      Object.assign(providerConfig, providerOptions.gateway);
-    }
-    if (providerOptions.nim) {
-      Object.assign(providerConfig, providerOptions.nim);
-    }
-    if (providerOptions.custom) {
-      Object.assign(providerConfig, providerOptions.custom);
-    }
-    return providerConfig;
-  }
-  /**
-   * Create a language model instance from configuration
-   * Throws error if no config provided - models must be configured at project level
-   */
-  static createModel(config) {
-    if (!config?.model?.trim()) {
-      throw new Error(
-        "Model configuration is required. Please configure models at the project level."
-      );
-    }
-    const modelSettings = config;
-    if (!modelSettings.model) {
-      throw new Error("Model configuration is required");
-    }
-    const modelString = modelSettings.model.trim();
-    const { provider, modelName } = _ModelFactory.parseModelString(modelString);
-    logger4.debug(
-      {
-        provider,
-        model: modelName,
-        fullModelString: modelSettings.model,
-        hasProviderOptions: !!modelSettings.providerOptions
-      },
-      "Creating language model from config"
-    );
-    const providerConfig = _ModelFactory.extractProviderConfig(modelSettings.providerOptions);
-    if (Object.keys(providerConfig).length > 0) {
-      logger4.info({ config: providerConfig }, `Applying custom ${provider} provider configuration`);
-      const customProvider = _ModelFactory.createProvider(provider, providerConfig);
-      return customProvider.languageModel(modelName);
-    }
-    switch (provider) {
-      case "anthropic":
-        return anthropic.anthropic(modelName);
-      case "openai":
-        return openai.openai(modelName);
-      case "google":
-        return google.google(modelName);
-      case "openrouter":
-        return aiSdkProvider.openrouter(modelName);
-      case "gateway":
-        return gateway.gateway(modelName);
-      case "nim":
-        return nimDefault(modelName);
-      case "custom":
-        throw new Error(
-          "Custom provider requires configuration. Please provide baseURL in providerOptions.custom.baseURL or providerOptions.baseURL"
-        );
-      default:
-        throw new Error(
-          `Unsupported provider: ${provider}. Supported providers are: ${_ModelFactory.BUILT_IN_PROVIDERS.join(", ")}. To access other models, use OpenRouter (openrouter/model-id), Vercel AI Gateway (gateway/model-id), NVIDIA NIM (nim/model-id), or Custom OpenAI-compatible (custom/model-id).`
-        );
-    }
-  }
-  /**
-   * Built-in providers that have special handling
-   */
-  static BUILT_IN_PROVIDERS = [
-    "anthropic",
-    "openai",
-    "google",
-    "openrouter",
-    "gateway",
-    "nim",
-    "custom"
-  ];
-  /**
-   * Parse model string to extract provider and model name
-   * Examples: "anthropic/claude-sonnet-4" -> { provider: "anthropic", modelName: "claude-sonnet-4" }
-   *          "openrouter/anthropic/claude-sonnet-4" -> { provider: "openrouter", modelName: "anthropic/claude-sonnet-4" }
-   *          "claude-sonnet-4" -> { provider: "anthropic", modelName: "claude-sonnet-4" } (default to anthropic)
-   */
-  static parseModelString(modelString) {
-    if (modelString.includes("/")) {
-      const [provider, ...modelParts] = modelString.split("/");
-      const normalizedProvider = provider.toLowerCase();
-      if (!_ModelFactory.BUILT_IN_PROVIDERS.includes(normalizedProvider)) {
-        throw new Error(
-          `Unsupported provider: ${normalizedProvider}. Supported providers are: ${_ModelFactory.BUILT_IN_PROVIDERS.join(", ")}. To access other models, use OpenRouter (openrouter/model-id), Vercel AI Gateway (gateway/model-id), NVIDIA NIM (nim/model-id), or Custom OpenAI-compatible (custom/model-id).`
-        );
-      }
-      return {
-        provider: normalizedProvider,
-        modelName: modelParts.join("/")
-        // In case model name has slashes
-      };
-    }
-    throw new Error(`No provider specified in model string: ${modelString}`);
-  }
-  /**
-   * Get generation parameters from provider options
-   * These are parameters that get passed to generateText/streamText calls
-   */
-  static getGenerationParams(providerOptions) {
-    if (!providerOptions) {
-      return {};
-    }
-    const excludedKeys = [
-      "apiKey",
-      "baseURL",
-      "baseUrl",
-      "maxDuration",
-      "headers",
-      "gateway",
-      "nim",
-      "custom"
-    ];
-    const params = {};
-    for (const [key, value] of Object.entries(providerOptions)) {
-      if (!excludedKeys.includes(key) && value !== void 0) {
-        params[key] = value;
-      }
-    }
-    return params;
-  }
-  /**
-   * Prepare complete generation configuration from model settings
-   * Returns model instance and generation parameters ready to spread into generateText/streamText
-   * Includes maxDuration if specified in provider options (in seconds, following Vercel standard)
-   */
-  static prepareGenerationConfig(modelSettings) {
-    const modelString = modelSettings?.model?.trim();
-    const model = _ModelFactory.createModel({
-      model: modelString,
-      providerOptions: modelSettings?.providerOptions
-    });
-    const generationParams = _ModelFactory.getGenerationParams(modelSettings?.providerOptions);
-    const maxDuration = modelSettings?.providerOptions?.maxDuration;
-    return {
-      model,
-      ...generationParams,
-      ...maxDuration !== void 0 && { maxDuration }
-    };
-  }
-  /**
-   * Validate model settingsuration
-   * Basic validation only - let AI SDK handle parameter-specific validation
-   */
-  static validateConfig(config) {
-    const errors = [];
-    if (!config.model) {
-      errors.push("Model name is required");
-    }
-    if (config.providerOptions) {
-      if (config.providerOptions.apiKey) {
-        errors.push(
-          "API keys should not be stored in provider options. Use environment variables (ANTHROPIC_API_KEY, OPENAI_API_KEY) or credential store instead."
-        );
-      }
-      if (config.providerOptions.maxDuration !== void 0) {
-        const maxDuration = config.providerOptions.maxDuration;
-        if (typeof maxDuration !== "number" || maxDuration <= 0) {
-          errors.push("maxDuration must be a positive number (in seconds)");
-        }
-      }
-    }
-    return errors;
-  }
-};
-
 // src/agents/ToolSessionManager.ts
 init_execution_limits();
 init_logger();
-var logger5 = agentsCore.getLogger("ToolSessionManager");
+var logger4 = agentsCore.getLogger("ToolSessionManager");
 var ToolSessionManager = class _ToolSessionManager {
   static instance;
   sessions = /* @__PURE__ */ new Map();
@@ -8839,7 +8619,7 @@ var ToolSessionManager = class _ToolSessionManager {
       createdAt: Date.now()
     };
     this.sessions.set(sessionId, session);
-    logger5.debug(
+    logger4.debug(
       {
         sessionId,
         tenantId,
@@ -8857,10 +8637,10 @@ var ToolSessionManager = class _ToolSessionManager {
    */
   ensureAgentSession(sessionId, tenantId, projectId, contextId, taskId) {
     if (this.sessions.has(sessionId)) {
-      logger5.debug({ sessionId }, "Agent session already exists, reusing");
+      logger4.debug({ sessionId }, "Agent session already exists, reusing");
       return sessionId;
     }
-    logger5.debug(
+    logger4.debug(
       { sessionId, tenantId, contextId, taskId },
       "Creating new agent-scoped tool session"
     );
@@ -8872,7 +8652,7 @@ var ToolSessionManager = class _ToolSessionManager {
   recordToolResult(sessionId, toolResult) {
     const session = this.sessions.get(sessionId);
     if (!session) {
-      logger5.warn(
+      logger4.warn(
         {
           sessionId,
           toolCallId: toolResult.toolCallId,
@@ -8884,7 +8664,7 @@ var ToolSessionManager = class _ToolSessionManager {
       return;
     }
     session.toolResults.set(toolResult.toolCallId, toolResult);
-    logger5.debug(
+    logger4.debug(
       {
         sessionId,
         toolCallId: toolResult.toolCallId,
@@ -8899,7 +8679,7 @@ var ToolSessionManager = class _ToolSessionManager {
   getToolResult(sessionId, toolCallId) {
     const session = this.sessions.get(sessionId);
     if (!session) {
-      logger5.warn(
+      logger4.warn(
         {
           sessionId,
           toolCallId,
@@ -8912,7 +8692,7 @@ var ToolSessionManager = class _ToolSessionManager {
     }
     const result = session.toolResults.get(toolCallId);
     if (!result) {
-      logger5.warn(
+      logger4.warn(
         {
           sessionId,
           toolCallId,
@@ -8922,7 +8702,7 @@ var ToolSessionManager = class _ToolSessionManager {
         "Tool result not found"
       );
     } else {
-      logger5.debug(
+      logger4.debug(
         {
           sessionId,
           toolCallId,
@@ -8961,10 +8741,10 @@ var ToolSessionManager = class _ToolSessionManager {
     }
     for (const sessionId of expiredSessions) {
       this.sessions.delete(sessionId);
-      logger5.debug({ sessionId }, "Cleaned up expired tool session");
+      logger4.debug({ sessionId }, "Cleaned up expired tool session");
     }
     if (expiredSessions.length > 0) {
-      logger5.info({ expiredCount: expiredSessions.length }, "Cleaned up expired tool sessions");
+      logger4.info({ expiredCount: expiredSessions.length }, "Cleaned up expired tool sessions");
     }
   }
 };
@@ -9046,7 +8826,7 @@ function extractFullFields(schema2) {
 }
 
 // src/services/ArtifactService.ts
-var logger7 = agentsCore.getLogger("ArtifactService");
+var logger6 = agentsCore.getLogger("ArtifactService");
 var ArtifactService = class _ArtifactService {
   constructor(context) {
     this.context = context;
@@ -9079,7 +8859,7 @@ var ArtifactService = class _ArtifactService {
           id: taskId
         });
         if (!task) {
-          logger7.warn({ taskId }, "Task not found when fetching artifacts");
+          logger6.warn({ taskId }, "Task not found when fetching artifacts");
           continue;
         }
         const taskArtifacts = await agentsCore.getLedgerArtifacts(dbClient_default)({
@@ -9097,7 +8877,7 @@ var ArtifactService = class _ArtifactService {
         }
       }
     } catch (error) {
-      logger7.error({ error, contextId }, "Error loading context artifacts");
+      logger6.error({ error, contextId }, "Error loading context artifacts");
     }
     return artifacts;
   }
@@ -9106,12 +8886,12 @@ var ArtifactService = class _ArtifactService {
    */
   async createArtifact(request, subAgentId) {
     if (!this.context.sessionId) {
-      logger7.warn({ request }, "No session ID available for artifact creation");
+      logger6.warn({ request }, "No session ID available for artifact creation");
       return null;
     }
     const toolResult = toolSessionManager.getToolResult(this.context.sessionId, request.toolCallId);
     if (!toolResult) {
-      logger7.warn(
+      logger6.warn(
         { request, sessionId: this.context.sessionId },
         "Tool result not found for artifact"
       );
@@ -9127,7 +8907,7 @@ var ArtifactService = class _ArtifactService {
         selectedData = selectedData.length > 0 ? selectedData[0] : {};
       }
       if (!selectedData) {
-        logger7.warn(
+        logger6.warn(
           {
             request,
             baseSelector: request.baseSelector
@@ -9198,7 +8978,7 @@ var ArtifactService = class _ArtifactService {
       );
       return artifactData;
     } catch (error) {
-      logger7.error({ error, request }, "Failed to create artifact");
+      logger6.error({ error, request }, "Failed to create artifact");
       const errorMessage = error instanceof Error ? error.message : "Unknown error";
       throw new Error(`Artifact creation failed for ${request.artifactId}: ${errorMessage}`);
     }
@@ -9227,7 +9007,7 @@ var ArtifactService = class _ArtifactService {
     }
     try {
       if (!this.context.projectId || !this.context.taskId) {
-        logger7.warn(
+        logger6.warn(
           { artifactId, toolCallId },
           "No projectId or taskId available for artifact lookup"
         );
@@ -9251,7 +9031,7 @@ var ArtifactService = class _ArtifactService {
         return this.formatArtifactSummaryData(artifacts[0], artifactId, toolCallId);
       }
     } catch (error) {
-      logger7.warn(
+      logger6.warn(
         { artifactId, toolCallId, taskId: this.context.taskId, error },
         "Failed to fetch artifact"
       );
@@ -9282,7 +9062,7 @@ var ArtifactService = class _ArtifactService {
     }
     try {
       if (!this.context.projectId || !this.context.taskId) {
-        logger7.warn(
+        logger6.warn(
           { artifactId, toolCallId },
           "No projectId or taskId available for artifact lookup"
         );
@@ -9306,7 +9086,7 @@ var ArtifactService = class _ArtifactService {
         return this.formatArtifactFullData(artifacts[0], artifactId, toolCallId);
       }
     } catch (error) {
-      logger7.warn(
+      logger6.warn(
         { artifactId, toolCallId, taskId: this.context.taskId, error },
         "Failed to fetch artifact"
       );
@@ -9323,7 +9103,7 @@ var ArtifactService = class _ArtifactService {
       data = artifact.parts?.[0]?.data;
       if (data && !(typeof data === "object" && Object.keys(data).length === 0)) {
         dataSource = "parts[0].data (fallback)";
-        logger7.debug(
+        logger6.debug(
           { artifactId, toolCallId, dataSource },
           "Using fallback data source for artifact summary"
         );
@@ -9331,14 +9111,14 @@ var ArtifactService = class _ArtifactService {
         data = artifact.data;
         if (data && !(typeof data === "object" && Object.keys(data).length === 0)) {
           dataSource = "artifact.data (fallback)";
-          logger7.debug(
+          logger6.debug(
             { artifactId, toolCallId, dataSource },
             "Using fallback data source for artifact summary"
           );
         } else {
           data = {};
           dataSource = "empty (no data found)";
-          logger7.warn(
+          logger6.warn(
             {
               artifactId,
               toolCallId,
@@ -9375,7 +9155,7 @@ var ArtifactService = class _ArtifactService {
       data = artifact.parts?.[0]?.data;
       if (data && !(typeof data === "object" && Object.keys(data).length === 0)) {
         dataSource = "parts[0].data (fallback)";
-        logger7.debug(
+        logger6.debug(
           { artifactId, toolCallId, dataSource },
           "Using fallback data source for artifact full data"
         );
@@ -9383,14 +9163,14 @@ var ArtifactService = class _ArtifactService {
         data = artifact.data;
         if (data && !(typeof data === "object" && Object.keys(data).length === 0)) {
           dataSource = "artifact.data (fallback)";
-          logger7.debug(
+          logger6.debug(
             { artifactId, toolCallId, dataSource },
             "Using fallback data source for artifact full data"
           );
         } else {
           data = {};
           dataSource = "empty (no data found)";
-          logger7.warn(
+          logger6.warn(
             {
               artifactId,
               toolCallId,
@@ -9444,7 +9224,7 @@ var ArtifactService = class _ArtifactService {
       const error = new Error(
         `Cannot save artifact: Missing required fields [${summaryValidation.missingRequired.join(", ")}] for '${artifactType}' schema. Required: [${summaryValidation.missingRequired.join(", ")}]. Found: [${summaryValidation.actualFields.join(", ")}]. Consider using a different artifact component type that matches your data structure.`
       );
-      logger7.error(
+      logger6.error(
         {
           artifactId,
           artifactType,
@@ -9457,7 +9237,7 @@ var ArtifactService = class _ArtifactService {
       throw error;
     }
     if (!summaryValidation.hasExpectedFields || summaryValidation.extraFields.length > 0) {
-      logger7.warn(
+      logger6.warn(
         {
           artifactId,
           artifactType,
@@ -9471,7 +9251,7 @@ var ArtifactService = class _ArtifactService {
       );
     }
     if (!fullValidation.hasExpectedFields || fullValidation.extraFields.length > 0) {
-      logger7.warn(
+      logger6.warn(
         {
           artifactId,
           artifactType,
@@ -9543,7 +9323,7 @@ var ArtifactService = class _ArtifactService {
         }
       );
     } else {
-      logger7.warn(
+      logger6.warn(
         {
           artifactId: request.artifactId,
           hasStreamRequestId: !!this.context.streamRequestId,
@@ -9618,7 +9398,7 @@ var ArtifactService = class _ArtifactService {
           summaryData = this.filterBySchema(artifact.data, previewSchema);
           fullData = this.filterBySchema(artifact.data, fullSchema);
         } catch (error) {
-          logger7.warn(
+          logger6.warn(
             {
               artifactType: artifact.type,
               error: error instanceof Error ? error.message : "Unknown error"
@@ -9656,7 +9436,7 @@ var ArtifactService = class _ArtifactService {
       artifact: artifactToSave
     });
     if (!result.created && result.existing) {
-      logger7.debug(
+      logger6.debug(
         {
           artifactId: artifact.artifactId,
           taskId: this.context.taskId
@@ -9716,7 +9496,7 @@ var ArtifactService = class _ArtifactService {
             extracted[fieldName] = this.cleanEscapedContent(rawValue);
           }
         } catch (error) {
-          logger7.warn(
+          logger6.warn(
             { fieldName, error: error instanceof Error ? error.message : "Unknown error" },
             "Failed to extract schema field"
           );
@@ -9745,7 +9525,7 @@ var ArtifactService = class _ArtifactService {
 };
 
 // src/services/ArtifactParser.ts
-var logger8 = agentsCore.getLogger("ArtifactParser");
+var logger7 = agentsCore.getLogger("ArtifactParser");
 var ArtifactParser = class _ArtifactParser {
   static ARTIFACT_CHECK_REGEX = /<artifact:ref\s+(?=.*id=['"][^'"]+['"])(?=.*tool=['"][^'"]+['"])[^>]*\/>/;
   static ATTR_REGEX = /(\w+)="([^"]*)"|(\w+)='([^']*)'|(\w+)=({[^}]+})/g;
@@ -9856,7 +9636,7 @@ var ArtifactParser = class _ArtifactParser {
       attrs[key] = value;
     }
     if (!attrs.id || !attrs.tool || !attrs.type || !attrs.base) {
-      logger8.warn({ attrs, attrString }, "Missing required attributes in artifact annotation");
+      logger7.warn({ attrs, attrString }, "Missing required attributes in artifact annotation");
       return null;
     }
     return {
@@ -9917,7 +9697,7 @@ var ArtifactParser = class _ArtifactParser {
             `Failed to create artifact "${annotation.artifactId}": Missing or invalid data`
           );
           processedText = processedText.replace(annotation.raw, "");
-          logger8.warn(
+          logger7.warn(
             { annotation, artifactData },
             "Removed failed artifact:create annotation from output"
           );
@@ -9928,11 +9708,11 @@ var ArtifactParser = class _ArtifactParser {
         if (annotation.raw) {
           processedText = processedText.replace(annotation.raw, "");
         }
-        logger8.error({ annotation, error }, "Failed to extract artifact from create annotation");
+        logger7.error({ annotation, error }, "Failed to extract artifact from create annotation");
       }
     }
     if (failedAnnotations.length > 0) {
-      logger8.warn(
+      logger7.warn(
         {
           failedCount: failedAnnotations.length,
           failures: failedAnnotations
@@ -10116,7 +9896,7 @@ var ArtifactParser = class _ArtifactParser {
 };
 
 // src/services/AgentSession.ts
-var logger9 = agentsCore.getLogger("AgentSession");
+var logger8 = agentsCore.getLogger("AgentSession");
 var AgentSession = class {
   // Whether to send data operations
   constructor(sessionId, messageId, agentId, tenantId, projectId, contextId) {
@@ -10126,7 +9906,7 @@ var AgentSession = class {
     this.tenantId = tenantId;
     this.projectId = projectId;
     this.contextId = contextId;
-    logger9.debug({ sessionId, messageId, agentId }, "AgentSession created");
+    logger8.debug({ sessionId, messageId, agentId }, "AgentSession created");
     if (tenantId && projectId) {
       toolSessionManager.createSessionWithId(
         sessionId,
@@ -10183,7 +9963,7 @@ var AgentSession = class {
    */
   enableEmitOperations() {
     this.isEmitOperations = true;
-    logger9.info(
+    logger8.info(
       { sessionId: this.sessionId },
       "\u{1F50D} DEBUG: Emit operations enabled for AgentSession"
     );
@@ -10192,6 +9972,7 @@ var AgentSession = class {
    * Send data operation to stream when emit operations is enabled
    */
   async sendDataOperation(event) {
+    console.log("sendDataOperation called with event", Date.now());
     try {
       const streamHelper = getStreamHelper(this.sessionId);
       if (streamHelper) {
@@ -10207,7 +9988,7 @@ var AgentSession = class {
         await streamHelper.writeOperation(formattedOperation);
       }
     } catch (error) {
-      logger9.error(
+      logger8.error(
         {
           sessionId: this.sessionId,
           eventType: event.eventType,
@@ -10266,7 +10047,7 @@ var AgentSession = class {
     if (this.statusUpdateState.config.timeInSeconds) {
       this.statusUpdateTimer = setInterval(async () => {
         if (!this.statusUpdateState || this.isEnded) {
-          logger9.debug(
+          logger8.debug(
             { sessionId: this.sessionId },
             "Timer triggered but session already cleaned up or ended"
           );
@@ -10278,7 +10059,7 @@ var AgentSession = class {
         }
         await this.checkAndSendTimeBasedUpdate();
       }, this.statusUpdateState.config.timeInSeconds * 1e3);
-      logger9.info(
+      logger8.info(
         {
           sessionId: this.sessionId,
           intervalMs: this.statusUpdateState.config.timeInSeconds * 1e3
@@ -10302,7 +10083,7 @@ var AgentSession = class {
       this.sendDataOperation(dataOpEvent);
     }
     if (this.isEnded) {
-      logger9.debug(
+      logger8.debug(
         {
           sessionId: this.sessionId,
           eventType,
@@ -10324,7 +10105,7 @@ var AgentSession = class {
       if (artifactData.pendingGeneration) {
         const artifactId = artifactData.artifactId;
         if (this.pendingArtifacts.size >= this.MAX_PENDING_ARTIFACTS) {
-          logger9.warn(
+          logger8.warn(
             {
               sessionId: this.sessionId,
               artifactId,
@@ -10346,7 +10127,7 @@ var AgentSession = class {
             this.artifactProcessingErrors.set(artifactId, errorCount);
             if (errorCount >= this.MAX_ARTIFACT_RETRIES) {
               this.pendingArtifacts.delete(artifactId);
-              logger9.error(
+              logger8.error(
                 {
                   sessionId: this.sessionId,
                   artifactId,
@@ -10358,7 +10139,7 @@ var AgentSession = class {
                 "Artifact processing failed after max retries, giving up"
               );
             } else {
-              logger9.warn(
+              logger8.warn(
                 {
                   sessionId: this.sessionId,
                   artifactId,
@@ -10381,14 +10162,14 @@ var AgentSession = class {
    */
   checkStatusUpdates() {
     if (this.isEnded) {
-      logger9.debug(
+      logger8.debug(
         { sessionId: this.sessionId },
         "Session has ended - skipping status update check"
       );
       return;
     }
     if (!this.statusUpdateState) {
-      logger9.debug({ sessionId: this.sessionId }, "No status update state - skipping check");
+      logger8.debug({ sessionId: this.sessionId }, "No status update state - skipping check");
       return;
     }
     const statusUpdateState = this.statusUpdateState;
@@ -10399,11 +10180,11 @@ var AgentSession = class {
    */
   async checkAndSendTimeBasedUpdate() {
     if (this.isEnded) {
-      logger9.debug({ sessionId: this.sessionId }, "Session has ended - skipping time-based update");
+      logger8.debug({ sessionId: this.sessionId }, "Session has ended - skipping time-based update");
       return;
     }
     if (!this.statusUpdateState) {
-      logger9.debug(
+      logger8.debug(
         { sessionId: this.sessionId },
         "No status updates configured for time-based check"
       );
@@ -10416,7 +10197,7 @@ var AgentSession = class {
     try {
       await this.generateAndSendUpdate();
     } catch (error) {
-      logger9.error(
+      logger8.error(
         {
           sessionId: this.sessionId,
           error: error instanceof Error ? error.message : "Unknown error"
@@ -10519,29 +10300,29 @@ var AgentSession = class {
    */
   async generateAndSendUpdate() {
     if (this.isEnded) {
-      logger9.debug({ sessionId: this.sessionId }, "Session has ended - not generating update");
+      logger8.debug({ sessionId: this.sessionId }, "Session has ended - not generating update");
       return;
     }
     if (this.isTextStreaming) {
-      logger9.debug(
+      logger8.debug(
         { sessionId: this.sessionId },
         "Text is currently streaming - skipping status update"
       );
       return;
     }
     if (this.isGeneratingUpdate) {
-      logger9.debug(
+      logger8.debug(
         { sessionId: this.sessionId },
         "Update already in progress - skipping duplicate generation"
       );
       return;
     }
     if (!this.statusUpdateState) {
-      logger9.warn({ sessionId: this.sessionId }, "No status update state - cannot generate update");
+      logger8.warn({ sessionId: this.sessionId }, "No status update state - cannot generate update");
       return;
     }
     if (!this.agentId) {
-      logger9.warn({ sessionId: this.sessionId }, "No agent ID - cannot generate update");
+      logger8.warn({ sessionId: this.sessionId }, "No agent ID - cannot generate update");
       return;
     }
     const newEventCount = this.events.length - this.statusUpdateState.lastEventCount;
@@ -10553,7 +10334,7 @@ var AgentSession = class {
     try {
       const streamHelper = getStreamHelper(this.sessionId);
       if (!streamHelper) {
-        logger9.warn(
+        logger8.warn(
           { sessionId: this.sessionId },
           "No stream helper found - cannot send status update"
         );
@@ -10573,7 +10354,7 @@ var AgentSession = class {
       if (result.summaries && result.summaries.length > 0) {
         for (const summary of result.summaries) {
           if (!summary || !summary.type || !summary.data || !summary.data.label || Object.keys(summary.data).length === 0) {
-            logger9.warn(
+            logger8.warn(
               {
                 sessionId: this.sessionId,
                 summary
@@ -10610,7 +10391,7 @@ var AgentSession = class {
         this.statusUpdateState.lastEventCount = this.events.length;
       }
     } catch (error) {
-      logger9.error(
+      logger8.error(
         {
           sessionId: this.sessionId,
           error: error instanceof Error ? error.message : "Unknown error",
@@ -10648,7 +10429,7 @@ var AgentSession = class {
           this.releaseUpdateLock();
         }
       } catch (error) {
-        logger9.error(
+        logger8.error(
           {
             sessionId: this.sessionId,
             error: error instanceof Error ? error.message : "Unknown error"
@@ -10727,7 +10508,7 @@ User's Question/Context:
 ${conversationHistory}
 ` : "";
             } catch (error) {
-              logger9.warn(
+              logger8.warn(
                 { sessionId: this.sessionId, error },
                 "Failed to fetch conversation history for structured status update"
               );
@@ -10821,7 +10602,7 @@ ${this.statusUpdateState?.config.prompt?.trim() || ""}`;
           if (!modelToUse) {
             throw new Error("No model configuration available");
           }
-          const model = ModelFactory.createModel(modelToUse);
+          const model = agentsCore.ModelFactory.createModel(modelToUse);
           const { object } = await ai.generateObject({
             model,
             prompt,
@@ -10838,10 +10619,10 @@ ${this.statusUpdateState?.config.prompt?.trim() || ""}`;
             }
           });
           const result = object;
-          logger9.info({ result: JSON.stringify(result) }, "DEBUG: Result");
+          logger8.info({ result: JSON.stringify(result) }, "DEBUG: Result");
           const summaries = [];
           for (const [componentId, data] of Object.entries(result)) {
-            logger9.info({ componentId, data: JSON.stringify(data) }, "DEBUG: Component data");
+            logger8.info({ componentId, data: JSON.stringify(data) }, "DEBUG: Component data");
             if (componentId === "no_relevant_updates") {
               continue;
             }
@@ -10861,7 +10642,7 @@ ${this.statusUpdateState?.config.prompt?.trim() || ""}`;
           return { summaries };
         } catch (error) {
           agentsCore.setSpanWithError(span, error instanceof Error ? error : new Error(String(error)));
-          logger9.error({ error }, "Failed to generate structured update, using fallback");
+          logger8.error({ error }, "Failed to generate structured update, using fallback");
           return { summaries: [] };
         } finally {
           span.end();
@@ -11133,7 +10914,7 @@ Make it specific and relevant.`;
                   });
                   if (agentData && "models" in agentData && agentData.models?.base?.model) {
                     modelToUse = agentData.models.base;
-                    logger9.info(
+                    logger8.info(
                       {
                         sessionId: this.sessionId,
                         artifactId: artifactData.artifactId,
@@ -11144,7 +10925,7 @@ Make it specific and relevant.`;
                     );
                   }
                 } catch (error) {
-                  logger9.warn(
+                  logger8.warn(
                     {
                       sessionId: this.sessionId,
                       artifactId: artifactData.artifactId,
@@ -11156,7 +10937,7 @@ Make it specific and relevant.`;
                 }
               }
               if (!modelToUse?.model?.trim()) {
-                logger9.warn(
+                logger8.warn(
                   {
                     sessionId: this.sessionId,
                     artifactId: artifactData.artifactId
@@ -11176,7 +10957,7 @@ Make it specific and relevant.`;
               description: `${artifactData.artifactType || "Data"} from ${artifactData.metadata?.toolCallId || "tool results"}`
             };
           } else {
-            const model = ModelFactory.createModel(modelToUse);
+            const model = agentsCore.ModelFactory.createModel(modelToUse);
             const schema2 = z8.z.object({
               name: z8.z.string().describe("Concise, descriptive name for the artifact"),
               description: z8.z.string().describe("Brief description of the artifact's relevance to the user's question")
@@ -11238,7 +11019,7 @@ Make it specific and relevant.`;
                     return result2;
                   } catch (error) {
                     lastError = error instanceof Error ? error : new Error(String(error));
-                    logger9.warn(
+                    logger8.warn(
                       {
                         sessionId: this.sessionId,
                         artifactId: artifactData.artifactId,
@@ -11286,7 +11067,7 @@ Make it specific and relevant.`;
             });
             span.setStatus({ code: api.SpanStatusCode.OK });
           } catch (saveError) {
-            logger9.error(
+            logger8.error(
               {
                 sessionId: this.sessionId,
                 artifactId: artifactData.artifactId,
@@ -11314,7 +11095,7 @@ Make it specific and relevant.`;
                   metadata: artifactData.metadata || {},
                   toolCallId: artifactData.toolCallId
                 });
-                logger9.info(
+                logger8.info(
                   {
                     sessionId: this.sessionId,
                     artifactId: artifactData.artifactId
@@ -11325,7 +11106,7 @@ Make it specific and relevant.`;
             } catch (fallbackError) {
               const isDuplicateError = fallbackError instanceof Error && (fallbackError.message?.includes("UNIQUE") || fallbackError.message?.includes("duplicate"));
               if (isDuplicateError) ; else {
-                logger9.error(
+                logger8.error(
                   {
                     sessionId: this.sessionId,
                     artifactId: artifactData.artifactId,
@@ -11338,7 +11119,7 @@ Make it specific and relevant.`;
           }
         } catch (error) {
           agentsCore.setSpanWithError(span, error instanceof Error ? error : new Error(String(error)));
-          logger9.error(
+          logger8.error(
             {
               sessionId: this.sessionId,
               artifactId: artifactData.artifactId,
@@ -11357,7 +11138,7 @@ Make it specific and relevant.`;
    */
   setArtifactCache(key, artifact) {
     this.artifactCache.set(key, artifact);
-    logger9.debug({ sessionId: this.sessionId, key }, "Artifact cached in session");
+    logger8.debug({ sessionId: this.sessionId, key }, "Artifact cached in session");
   }
   /**
    * Get session-scoped ArtifactService instance
@@ -11376,7 +11157,7 @@ Make it specific and relevant.`;
    */
   getArtifactCache(key) {
     const artifact = this.artifactCache.get(key);
-    logger9.debug({ sessionId: this.sessionId, key, found: !!artifact }, "Artifact cache lookup");
+    logger8.debug({ sessionId: this.sessionId, key, found: !!artifact }, "Artifact cache lookup");
     return artifact || null;
   }
   /**
@@ -11397,7 +11178,7 @@ var AgentSessionManager = class {
     const sessionId = messageId;
     const session = new AgentSession(sessionId, messageId, agentId, tenantId, projectId, contextId);
     this.sessions.set(sessionId, session);
-    logger9.info(
+    logger8.info(
       { sessionId, messageId, agentId, tenantId, projectId, contextId },
       "AgentSession created"
     );
@@ -11411,7 +11192,7 @@ var AgentSessionManager = class {
     if (session) {
       session.initializeStatusUpdates(config, summarizerModel, baseModel);
     } else {
-      logger9.error(
+      logger8.error(
         {
           sessionId,
           availableSessions: Array.from(this.sessions.keys())
@@ -11428,7 +11209,7 @@ var AgentSessionManager = class {
     if (session) {
       session.enableEmitOperations();
     } else {
-      logger9.error(
+      logger8.error(
         {
           sessionId,
           availableSessions: Array.from(this.sessions.keys())
@@ -11450,7 +11231,7 @@ var AgentSessionManager = class {
   recordEvent(sessionId, eventType, subAgentId, data) {
     const session = this.sessions.get(sessionId);
     if (!session) {
-      logger9.warn({ sessionId }, "Attempted to record event in non-existent session");
+      logger8.warn({ sessionId }, "Attempted to record event in non-existent session");
       return;
     }
     session.recordEvent(eventType, subAgentId, data);
@@ -11461,12 +11242,12 @@ var AgentSessionManager = class {
   endSession(sessionId) {
     const session = this.sessions.get(sessionId);
     if (!session) {
-      logger9.warn({ sessionId }, "Attempted to end non-existent session");
+      logger8.warn({ sessionId }, "Attempted to end non-existent session");
       return [];
     }
     const events = session.getEvents();
     const summary = session.getSummary();
-    logger9.info({ sessionId, summary }, "AgentSession ended");
+    logger8.info({ sessionId, summary }, "AgentSession ended");
     session.cleanup();
     this.sessions.delete(sessionId);
     return events;
@@ -11576,7 +11357,7 @@ init_logger();
 // src/services/IncrementalStreamParser.ts
 init_execution_limits();
 init_logger();
-var logger10 = agentsCore.getLogger("IncrementalStreamParser");
+var logger9 = agentsCore.getLogger("IncrementalStreamParser");
 var IncrementalStreamParser = class _IncrementalStreamParser {
   buffer = "";
   pendingTextBuffer = "";
@@ -11634,7 +11415,7 @@ var IncrementalStreamParser = class _IncrementalStreamParser {
   async initializeArtifactMap() {
     try {
       this.artifactMap = await this.artifactParser.getContextArtifacts(this.contextId);
-      logger10.debug(
+      logger9.debug(
         {
           contextId: this.contextId,
           artifactMapSize: this.artifactMap.size
@@ -11642,7 +11423,7 @@ var IncrementalStreamParser = class _IncrementalStreamParser {
         "Initialized artifact map for streaming"
       );
     } catch (error) {
-      logger10.warn({ error, contextId: this.contextId }, "Failed to initialize artifact map");
+      logger9.warn({ error, contextId: this.contextId }, "Failed to initialize artifact map");
       this.artifactMap = /* @__PURE__ */ new Map();
     }
   }
@@ -11975,6 +11756,143 @@ ${chunk}`;
   }
 };
 
+// src/services/PendingToolApprovalManager.ts
+init_logger();
+var logger10 = agentsCore.getLogger("PendingToolApprovalManager");
+var APPROVAL_CLEANUP_INTERVAL_MS = 2 * 60 * 1e3;
+var APPROVAL_TIMEOUT_MS = 10 * 60 * 1e3;
+var PendingToolApprovalManager = class _PendingToolApprovalManager {
+  static instance;
+  pendingApprovals = /* @__PURE__ */ new Map();
+  constructor() {
+    setInterval(() => this.cleanupExpiredApprovals(), APPROVAL_CLEANUP_INTERVAL_MS);
+  }
+  static getInstance() {
+    if (!_PendingToolApprovalManager.instance) {
+      _PendingToolApprovalManager.instance = new _PendingToolApprovalManager();
+    }
+    return _PendingToolApprovalManager.instance;
+  }
+  /**
+   * Create a new pending approval and return a promise that resolves with approval status
+   */
+  async waitForApproval(toolCallId, toolName, args2, conversationId, subAgentId) {
+    return new Promise((resolve2, reject) => {
+      const timeoutId = setTimeout(() => {
+        this.pendingApprovals.delete(toolCallId);
+        resolve2({
+          approved: false,
+          reason: `Tool approval timeout for ${toolName} (${toolCallId})`
+        });
+      }, APPROVAL_TIMEOUT_MS);
+      const approval = {
+        toolCallId,
+        toolName,
+        args: args2,
+        conversationId,
+        subAgentId,
+        createdAt: Date.now(),
+        resolve: resolve2,
+        reject,
+        timeoutId
+      };
+      this.pendingApprovals.set(toolCallId, approval);
+      logger10.info(
+        {
+          toolCallId,
+          toolName,
+          conversationId,
+          subAgentId
+        },
+        "Tool approval request created, waiting for user response"
+      );
+    });
+  }
+  /**
+   * Approve a pending tool call
+   */
+  approveToolCall(toolCallId) {
+    const approval = this.pendingApprovals.get(toolCallId);
+    if (!approval) {
+      logger10.warn({ toolCallId }, "Tool approval not found or already processed");
+      return false;
+    }
+    logger10.info(
+      {
+        toolCallId,
+        toolName: approval.toolName,
+        conversationId: approval.conversationId
+      },
+      "Tool approved by user, resuming execution"
+    );
+    clearTimeout(approval.timeoutId);
+    this.pendingApprovals.delete(toolCallId);
+    approval.resolve({ approved: true });
+    return true;
+  }
+  /**
+   * Deny a pending tool call
+   */
+  denyToolCall(toolCallId, reason) {
+    const approval = this.pendingApprovals.get(toolCallId);
+    if (!approval) {
+      logger10.warn({ toolCallId }, "Tool approval not found or already processed");
+      return false;
+    }
+    logger10.info(
+      {
+        toolCallId,
+        toolName: approval.toolName,
+        conversationId: approval.conversationId,
+        reason
+      },
+      "Tool execution denied by user"
+    );
+    clearTimeout(approval.timeoutId);
+    this.pendingApprovals.delete(toolCallId);
+    approval.resolve({
+      approved: false,
+      reason: reason || "User denied approval"
+    });
+    return true;
+  }
+  /**
+   * Clean up expired approvals (called by interval timer)
+   */
+  cleanupExpiredApprovals() {
+    const now = Date.now();
+    let cleanedUp = 0;
+    for (const [toolCallId, approval] of this.pendingApprovals) {
+      if (now - approval.createdAt > APPROVAL_TIMEOUT_MS) {
+        clearTimeout(approval.timeoutId);
+        this.pendingApprovals.delete(toolCallId);
+        approval.resolve({ approved: false, reason: "Tool approval expired" });
+        cleanedUp++;
+      }
+    }
+    if (cleanedUp > 0) {
+      logger10.info({ cleanedUp }, "Cleaned up expired tool approvals");
+    }
+  }
+  /**
+   * Get current status for monitoring
+   */
+  getStatus() {
+    return {
+      pendingApprovals: this.pendingApprovals.size,
+      approvals: Array.from(this.pendingApprovals.values()).map((approval) => ({
+        toolCallId: approval.toolCallId,
+        toolName: approval.toolName,
+        conversationId: approval.conversationId,
+        subAgentId: approval.subAgentId,
+        createdAt: approval.createdAt,
+        age: Date.now() - approval.createdAt
+      }))
+    };
+  }
+};
+var pendingToolApprovalManager = PendingToolApprovalManager.getInstance();
+
 // src/services/ResponseFormatter.ts
 init_logger();
 var logger11 = agentsCore.getLogger("ResponseFormatter");
@@ -14796,7 +14714,7 @@ var Agent = class {
   /**
    * Wraps a tool with streaming lifecycle tracking (start, complete, error) and AgentSession recording
    */
-  wrapToolWithStreaming(toolName, toolDefinition, streamRequestId, toolType, relationshipId) {
+  wrapToolWithStreaming(toolName, toolDefinition, streamRequestId, toolType, relationshipId, options) {
     if (!toolDefinition || typeof toolDefinition !== "object" || !("execute" in toolDefinition)) {
       return toolDefinition;
     }
@@ -14818,13 +14736,24 @@ var Agent = class {
           });
         }
         const isInternalTool = toolName.includes("save_tool_result") || toolName.includes("thinking_complete") || toolName.startsWith("transfer_to_");
+        const needsApproval = options?.needsApproval || false;
         if (streamRequestId && !isInternalTool) {
-          agentSessionManager.recordEvent(streamRequestId, "tool_call", this.config.id, {
+          const toolCallData = {
             toolName,
             input: args2,
             toolCallId,
             relationshipId
-          });
+          };
+          if (needsApproval) {
+            toolCallData.needsApproval = true;
+            toolCallData.conversationId = this.conversationId;
+          }
+          await agentSessionManager.recordEvent(
+            streamRequestId,
+            "tool_call",
+            this.config.id,
+            toolCallData
+          );
         }
         try {
           const result = await originalExecute(args2, context);
@@ -14869,7 +14798,8 @@ var Agent = class {
               output: result,
               toolCallId,
               duration,
-              relationshipId
+              relationshipId,
+              needsApproval
             });
           }
           return result;
@@ -14883,7 +14813,8 @@ var Agent = class {
               toolCallId,
               duration,
               error: errorMessage,
-              relationshipId
+              relationshipId,
+              needsApproval
             });
           }
           throw error;
@@ -14952,30 +14883,120 @@ var Agent = class {
       const wrappedTools2 = {};
       for (const [index, toolSet] of tools.entries()) {
         const relationshipId = mcpTools[index]?.relationshipId;
-        for (const [toolName, toolDef] of Object.entries(toolSet)) {
+        for (const [toolName, toolDef] of Object.entries(toolSet.tools)) {
+          const needsApproval = toolSet.toolPolicies?.[toolName]?.needsApproval || false;
+          const enhancedTool = {
+            ...toolDef,
+            needsApproval
+          };
           wrappedTools2[toolName] = this.wrapToolWithStreaming(
             toolName,
-            toolDef,
+            enhancedTool,
             streamRequestId,
             "mcp",
-            relationshipId
+            relationshipId,
+            { needsApproval }
           );
         }
       }
       return wrappedTools2;
     }
     const wrappedTools = {};
-    for (const [index, toolSet] of tools.entries()) {
+    for (const [index, toolResult] of tools.entries()) {
       const relationshipId = mcpTools[index]?.relationshipId;
-      for (const [toolName, originalTool] of Object.entries(toolSet)) {
+      for (const [toolName, originalTool] of Object.entries(toolResult.tools)) {
         if (!isValidTool(originalTool)) {
           logger19.error({ toolName }, "Invalid MCP tool structure - missing required properties");
           continue;
         }
+        const needsApproval = toolResult.toolPolicies?.[toolName]?.needsApproval || false;
+        logger19.debug(
+          {
+            toolName,
+            toolPolicies: toolResult.toolPolicies,
+            needsApproval,
+            policyForThisTool: toolResult.toolPolicies?.[toolName]
+          },
+          "Tool approval check"
+        );
         const sessionWrappedTool = ai.tool({
           description: originalTool.description,
           inputSchema: originalTool.inputSchema,
           execute: async (args2, { toolCallId }) => {
+            if (needsApproval) {
+              logger19.info(
+                { toolName, toolCallId, args: args2 },
+                "Tool requires approval - waiting for user response"
+              );
+              const currentSpan = api.trace.getActiveSpan();
+              if (currentSpan) {
+                currentSpan.addEvent("tool.approval.requested", {
+                  "tool.name": toolName,
+                  "tool.callId": toolCallId,
+                  "subAgent.id": this.config.id
+                });
+              }
+              tracer.startActiveSpan(
+                "tool.approval_requested",
+                {
+                  attributes: {
+                    "tool.name": toolName,
+                    "tool.callId": toolCallId,
+                    "subAgent.id": this.config.id,
+                    "subAgent.name": this.config.name
+                  }
+                },
+                (requestSpan) => {
+                  requestSpan.setStatus({ code: api.SpanStatusCode.OK });
+                  requestSpan.end();
+                }
+              );
+              const approvalResult = await pendingToolApprovalManager.waitForApproval(
+                toolCallId,
+                toolName,
+                args2,
+                this.conversationId || "unknown",
+                this.config.id
+              );
+              if (!approvalResult.approved) {
+                return tracer.startActiveSpan(
+                  "tool.approval_denied",
+                  {
+                    attributes: {
+                      "tool.name": toolName,
+                      "tool.callId": toolCallId,
+                      "subAgent.id": this.config.id,
+                      "subAgent.name": this.config.name
+                    }
+                  },
+                  (denialSpan) => {
+                    logger19.info(
+                      { toolName, toolCallId, reason: approvalResult.reason },
+                      "Tool execution denied by user"
+                    );
+                    denialSpan.setStatus({ code: api.SpanStatusCode.OK });
+                    denialSpan.end();
+                    return `User denied approval to run this tool: ${approvalResult.reason}`;
+                  }
+                );
+              }
+              tracer.startActiveSpan(
+                "tool.approval_approved",
+                {
+                  attributes: {
+                    "tool.name": toolName,
+                    "tool.callId": toolCallId,
+                    "subAgent.id": this.config.id,
+                    "subAgent.name": this.config.name
+                  }
+                },
+                (approvedSpan) => {
+                  logger19.info({ toolName, toolCallId }, "Tool approved, continuing with execution");
+                  approvedSpan.setStatus({ code: api.SpanStatusCode.OK });
+                  approvedSpan.end();
+                }
+              );
+            }
             logger19.debug({ toolName, toolCallId }, "MCP Tool Called");
             try {
               const rawResult = await originalTool.execute(args2, { toolCallId });
@@ -15041,7 +15062,8 @@ var Agent = class {
           sessionWrappedTool,
           streamRequestId,
           "mcp",
-          relationshipId
+          relationshipId,
+          { needsApproval }
         );
       }
     }
@@ -15080,8 +15102,10 @@ var Agent = class {
         subAgentId: this.config.id
       }
     });
-    const agentToolRelationHeaders = toolsForAgent.data.find((t2) => t2.toolId === tool3.id)?.headers || void 0;
-    const selectedTools = toolsForAgent.data.find((t2) => t2.toolId === tool3.id)?.selectedTools || void 0;
+    const toolRelation = toolsForAgent.data.find((t2) => t2.toolId === tool3.id);
+    const agentToolRelationHeaders = toolRelation?.headers || void 0;
+    const selectedTools = toolRelation?.selectedTools || void 0;
+    const toolPolicies = toolRelation?.toolPolicies || {};
     let serverConfig;
     if (credentialReferenceId && this.credentialStuffer) {
       const credentialReference = await agentsCore.getCredentialReference(dbClient_default)({
@@ -15212,7 +15236,7 @@ var Agent = class {
         );
       }
     }
-    return tools;
+    return { tools, toolPolicies };
   }
   async createMcpConnection(tool3, serverConfig) {
     const client = new agentsCore.McpClient({
@@ -15235,12 +15259,12 @@ var Agent = class {
         if (error?.cause && JSON.stringify(error.cause).includes("ECONNREFUSED")) {
           const errorMessage = "Connection refused. Please check if the MCP server is running.";
           throw new Error(errorMessage);
-        } else if (error.message.includes("404")) {
+        }
+        if (error.message.includes("404")) {
           const errorMessage = "Error accessing endpoint (HTTP 404)";
           throw new Error(errorMessage);
-        } else {
-          throw new Error(`MCP server connection failed: ${error.message}`);
         }
+        throw new Error(`MCP server connection failed: ${error.message}`);
       }
       throw error;
     }
@@ -16025,7 +16049,7 @@ ${output}`;
             }
           }
           const primaryModelSettings = this.getPrimaryModel();
-          const modelSettings = ModelFactory.prepareGenerationConfig(primaryModelSettings);
+          const modelSettings = agentsCore.ModelFactory.prepareGenerationConfig(primaryModelSettings);
           let response;
           let textResponse;
           const hasStructuredOutput = this.config.dataComponents && this.config.dataComponents.length > 0;
@@ -16138,13 +16162,13 @@ ${output}`;
                     parser.markToolResult();
                   }
                   break;
-                case "error":
+                case "error": {
                   if (event.error instanceof Error) {
                     throw event.error;
-                  } else {
-                    const errorMessage = event.error?.error?.message;
-                    throw new Error(errorMessage);
                   }
+                  const errorMessage = event.error?.error?.message;
+                  throw new Error(errorMessage);
+                }
               }
             }
             await parser.finalize();
@@ -16336,7 +16360,7 @@ ${output}${structureHintsFormatted}`;
                   componentSchemas
                 );
               }
-              const structuredModelSettings = ModelFactory.prepareGenerationConfig(
+              const structuredModelSettings = agentsCore.ModelFactory.prepareGenerationConfig(
                 this.getStructuredOutputModel()
               );
               const configuredPhase2Timeout = structuredModelSettings.maxDuration ? Math.min(
@@ -17039,17 +17063,16 @@ var createTaskHandler = (config, credentialStoreRegistry) => {
                   }
                 ]
               };
-            } else {
-              logger20.warn(
-                {
-                  hasToolResult: !!toolResult,
-                  hasOutput: !!toolResult?.output,
-                  validationPassed: false,
-                  output: toolResult?.output
-                },
-                "[DEBUG] Transfer validation FAILED"
-              );
             }
+            logger20.warn(
+              {
+                hasToolResult: !!toolResult,
+                hasOutput: !!toolResult?.output,
+                validationPassed: false,
+                output: toolResult?.output
+              },
+              "[DEBUG] Transfer validation FAILED"
+            );
           }
         }
       }
@@ -17968,7 +17991,7 @@ var VercelDataStreamHelper = class _VercelDataStreamHelper {
     }
     const now = Date.now();
     const gapFromLastTextEnd = this.lastTextEndTimestamp > 0 ? now - this.lastTextEndTimestamp : Number.MAX_SAFE_INTEGER;
-    if (this.isTextStreaming || gapFromLastTextEnd < STREAM_TEXT_GAP_THRESHOLD_MS) {
+    if (operation.type !== "tool_call" && operation.type !== "tool_result" && (this.isTextStreaming || gapFromLastTextEnd < STREAM_TEXT_GAP_THRESHOLD_MS)) {
       this.queuedEvents.push({ type: "data-operation", event: operation });
       return;
     }
@@ -19137,13 +19160,152 @@ app3.openapi(chatDataStreamRoute, async (c2) => {
       );
     });
   } catch (error) {
-    logger26.error({ error }, "chatDataStream error");
+    logger26.error(
+      {
+        error,
+        errorMessage: error instanceof Error ? error.message : String(error),
+        errorStack: error instanceof Error ? error.stack : void 0,
+        errorType: error?.constructor?.name
+      },
+      "chatDataStream error - DETAILED"
+    );
     throw agentsCore.createApiError({
       code: "internal_server_error",
       message: "Failed to process chat completion"
     });
   }
 });
+var toolApprovalRoute = zodOpenapi.createRoute({
+  method: "post",
+  path: "/tool-approvals",
+  tags: ["chat"],
+  summary: "Approve or deny tool execution",
+  description: "Handle user approval/denial of tool execution requests during conversations",
+  security: [{ bearerAuth: [] }],
+  request: {
+    body: {
+      content: {
+        "application/json": {
+          schema: zodOpenapi.z.object({
+            conversationId: zodOpenapi.z.string().describe("The conversation ID"),
+            toolCallId: zodOpenapi.z.string().describe("The tool call ID to respond to"),
+            approved: zodOpenapi.z.boolean().describe("Whether the tool execution is approved"),
+            reason: zodOpenapi.z.string().optional().describe("Optional reason for the decision")
+          })
+        }
+      }
+    }
+  },
+  responses: {
+    200: {
+      description: "Tool approval response processed successfully",
+      content: {
+        "application/json": {
+          schema: zodOpenapi.z.object({
+            success: zodOpenapi.z.boolean(),
+            message: zodOpenapi.z.string().optional()
+          })
+        }
+      }
+    },
+    400: {
+      description: "Bad request - invalid tool call ID or conversation ID",
+      content: {
+        "application/json": {
+          schema: zodOpenapi.z.object({
+            error: zodOpenapi.z.string()
+          })
+        }
+      }
+    },
+    404: {
+      description: "Tool call not found or already processed",
+      content: {
+        "application/json": {
+          schema: zodOpenapi.z.object({
+            error: zodOpenapi.z.string()
+          })
+        }
+      }
+    },
+    500: {
+      description: "Internal server error",
+      content: {
+        "application/json": {
+          schema: zodOpenapi.z.object({
+            error: zodOpenapi.z.string(),
+            message: zodOpenapi.z.string()
+          })
+        }
+      }
+    }
+  }
+});
+app3.openapi(toolApprovalRoute, async (c2) => {
+  const tracer2 = api.trace.getTracer("tool-approval-handler");
+  return tracer2.startActiveSpan("tool_approval_request", async (span) => {
+    try {
+      const executionContext = agentsCore.getRequestExecutionContext(c2);
+      const { tenantId, projectId } = executionContext;
+      const requestBody = await c2.req.json();
+      const { conversationId, toolCallId, approved, reason } = requestBody;
+      logger26.info(
+        {
+          conversationId,
+          toolCallId,
+          approved,
+          reason,
+          tenantId,
+          projectId
+        },
+        "Processing tool approval request"
+      );
+      const conversation = await agentsCore.getConversation(dbClient_default)({
+        scopes: { tenantId, projectId },
+        conversationId
+      });
+      if (!conversation) {
+        span.setStatus({ code: 1, message: "Conversation not found" });
+        return c2.json({ error: "Conversation not found" }, 404);
+      }
+      let success = false;
+      if (approved) {
+        success = pendingToolApprovalManager.approveToolCall(toolCallId);
+      } else {
+        success = pendingToolApprovalManager.denyToolCall(toolCallId, reason);
+      }
+      if (!success) {
+        span.setStatus({ code: 1, message: "Tool call not found" });
+        return c2.json({ error: "Tool call not found or already processed" }, 404);
+      }
+      logger26.info({ conversationId, toolCallId, approved }, "Tool approval processed successfully");
+      span.setStatus({ code: 1, message: "Success" });
+      return c2.json({
+        success: true,
+        message: approved ? "Tool execution approved" : "Tool execution denied"
+      });
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : "Unknown error";
+      logger26.error(
+        {
+          error: errorMessage,
+          stack: error instanceof Error ? error.stack : void 0
+        },
+        "Failed to process tool approval"
+      );
+      span.setStatus({ code: 2, message: errorMessage });
+      return c2.json(
+        {
+          error: "Internal server error",
+          message: errorMessage
+        },
+        500
+      );
+    } finally {
+      span.end();
+    }
+  });
+});
 var chatDataStream_default = app3;
 
 // src/routes/mcp.ts
@@ -19226,7 +19388,8 @@ var validateSession = async (req, res, body2, tenantId, projectId, agentId) => {
       })
     );
     return false;
-  } else if (Array.isArray(sessionId)) {
+  }
+  if (Array.isArray(sessionId)) {
     res.writeHead(400).end(
       JSON.stringify({
         jsonrpc: "2.0",
@@ -19649,16 +19812,15 @@ app4.openapi(
           c2,
           credentialStores
         );
-      } else {
-        return await handleExistingSessionRequest(
-          body2,
-          executionContext,
-          validatedContext,
-          req,
-          res,
-          credentialStores
-        );
       }
+      return await handleExistingSessionRequest(
+        body2,
+        executionContext,
+        validatedContext,
+        req,
+        res,
+        credentialStores
+      );
     } catch (e) {
       logger27.error(
         {