@oh-my-pi/pi-coding-agent 15.4.3 → 15.5.1

package/src/tools/find.ts

@@ -59,11 +59,15 @@ const MAX_GLOB_TIMEOUT_MS = 60_000;
  * Commas inside brace expansion (`{a,b}`) are legitimate glob syntax and
  * must pass through.
  */
-function validateFindPathInputs(paths: readonly string[]): void {
+export function validateFindPathInputs(paths: readonly string[]): void {
 	for (const entry of paths) {
 		let braceDepth = 0;
 		for (let i = 0; i < entry.length; i++) {
 			const ch = entry.charCodeAt(i);
+			if (ch === 0x5c /* \ */ && i + 1 < entry.length) {
+				i++;
+				continue;
+			}
 			if (ch === 0x7b /* { */) braceDepth++;
 			else if (ch === 0x7d /* } */) {
 				if (braceDepth > 0) braceDepth--;
@@ -115,6 +119,7 @@ export interface FindToolOptions {
 
 export class FindTool implements AgentTool<typeof findSchema, FindToolDetails> {
 	readonly name = "find";
+	readonly approval = "read" as const;
 	readonly summary = "Find files and directories matching a glob pattern";
 	readonly loadMode = "discoverable";
 	readonly label = "Find";
@@ -304,6 +309,7 @@ export class FindTool implements AgentTool<typeof findSchema, FindToolDetails> {
 
 			let matches: natives.GlobMatch[];
 			const onUpdateMatches: string[] = [];
+			const onUpdateMtimes: number[] = [];
 			const updateIntervalMs = 200;
 			let lastUpdate = 0;
 			const emitUpdate = () => {
@@ -323,9 +329,10 @@ export class FindTool implements AgentTool<typeof findSchema, FindToolDetails> {
 				});
 			};
 			const onMatch = (err: Error | null, match: natives.GlobMatch | null) => {
-				if (err || signal?.aborted || !match?.path) return;
+				if (err || combinedSignal.aborted || !match?.path) return;
 				const relativePath = formatMatchPath(match.path, match.fileType);
 				onUpdateMatches.push(relativePath);
+				onUpdateMtimes.push(match.mtime ?? 0);
 				emitUpdate();
 			};
 
@@ -335,7 +342,6 @@ export class FindTool implements AgentTool<typeof findSchema, FindToolDetails> {
 						{
 							pattern: globPattern,
 							path: searchPath,
-							fileType: natives.FileType.File,
 							hidden: includeHidden,
 							maxResults: effectiveLimit,
 							sortByMtime: true,
@@ -371,15 +377,18 @@ export class FindTool implements AgentTool<typeof findSchema, FindToolDetails> {
 				// instead of throwing — empty results after a multi-second wait force the
 				// caller to retry blind, which is the worst possible outcome.
 				const seen = new Set<string>();
-				const partial: string[] = [];
-				for (const entry of onUpdateMatches) {
+				const partial: Array<{ p: string; m: number }> = [];
+				for (let i = 0; i < onUpdateMatches.length; i++) {
+					const entry = onUpdateMatches[i];
 					if (seen.has(entry)) continue;
 					seen.add(entry);
-					partial.push(entry);
+					partial.push({ p: entry, m: onUpdateMtimes[i] ?? 0 });
 				}
+				partial.sort((a, b) => b.m - a.m);
+				const sortedPaths = partial.map(e => e.p);
 				const seconds = timeoutMs % 1000 === 0 ? `${timeoutMs / 1000}` : (timeoutMs / 1000).toFixed(1);
-				const notice = `find timed out after ${seconds}s; returning ${partial.length} partial matches — increase timeout or narrow pattern`;
-				return buildResult(partial, { notice, forceTruncated: true });
+				const notice = `find timed out after ${seconds}s; returning ${sortedPaths.length} partial matches — increase timeout or narrow pattern`;
+				return buildResult(sortedPaths, { notice, forceTruncated: true });
 			}
 
 			const relativized: string[] = [];

package/src/tools/gh.ts

@@ -2,7 +2,13 @@ import * as fs from "node:fs/promises";
 import * as os from "node:os";
 import * as path from "node:path";
 import { scheduler } from "node:timers/promises";
-import type { AgentTool, AgentToolContext, AgentToolResult, AgentToolUpdateCallback } from "@oh-my-pi/pi-agent-core";
+import type {
+	AgentTool,
+	AgentToolContext,
+	AgentToolResult,
+	AgentToolUpdateCallback,
+	ToolApprovalDecision,
+} from "@oh-my-pi/pi-agent-core";
 
 import { getWorktreeDir, hashPath, isEnoent, prompt, untilAborted } from "@oh-my-pi/pi-utils";
 import * as z from "zod/v4";
@@ -196,6 +202,15 @@ const RUN_URL_PATTERN = /^https:\/\/github\.com\/([^/]+\/[^/]+)\/actions\/runs\/
 const RUN_SUCCESS_CONCLUSIONS = new Set(["success", "neutral", "skipped"]);
 const RUN_FAILURE_CONCLUSIONS = new Set(["failure", "timed_out", "cancelled", "action_required", "startup_failure"]);
 const JOB_FAILURE_CONCLUSIONS = new Set(["failure", "timed_out", "cancelled", "action_required"]);
+const GITHUB_READONLY_OPS: ReadonlySet<string> = new Set([
+	"repo_view",
+	"search_issues",
+	"search_prs",
+	"search_code",
+	"search_commits",
+	"search_repos",
+	"run_watch",
+]);
 
 const githubSchema = z
 	.object({
@@ -2344,6 +2359,11 @@ function buildTextResult(
 
 export class GithubTool implements AgentTool<typeof githubSchema, GhToolDetails> {
 	readonly name = "github";
+	readonly approval = (args: unknown): ToolApprovalDecision => {
+		const rawOp = (args as Partial<GithubInput>).op;
+		const op = typeof rawOp === "string" ? rawOp : "";
+		return GITHUB_READONLY_OPS.has(op) ? "read" : "exec";
+	};
 	readonly summary = "Interact with GitHub issues, pull requests, and repositories";
 	readonly loadMode = "discoverable";
 	readonly label = "GitHub";

package/src/tools/hindsight-recall.ts

@@ -13,6 +13,7 @@ export type HindsightRecallParams = z.infer<typeof hindsightRecallSchema>;
 
 export class HindsightRecallTool implements AgentTool<typeof hindsightRecallSchema> {
 	readonly name = "recall";
+	readonly approval = "read" as const;
 	readonly label = "Recall";
 	readonly description = recallDescription;
 	readonly parameters = hindsightRecallSchema;

package/src/tools/hindsight-reflect.ts

@@ -14,6 +14,7 @@ export type HindsightReflectParams = z.infer<typeof hindsightReflectSchema>;
 
 export class HindsightReflectTool implements AgentTool<typeof hindsightReflectSchema> {
 	readonly name = "reflect";
+	readonly approval = "read" as const;
 	readonly label = "Reflect";
 	readonly description = reflectDescription;
 	readonly parameters = hindsightReflectSchema;

package/src/tools/hindsight-retain.ts

@@ -18,6 +18,7 @@ const hindsightRetainSchema = z.object({
 export type HindsightRetainParams = z.infer<typeof hindsightRetainSchema>;
 export class HindsightRetainTool implements AgentTool<typeof hindsightRetainSchema> {
 	readonly name = "retain";
+	readonly approval = "read" as const;
 	readonly label = "Retain";
 	readonly description = retainDescription;
 	readonly parameters = hindsightRetainSchema;

package/src/tools/image-gen.ts

@@ -901,6 +901,7 @@ export const imageGenTool: CustomTool<typeof imageGenSchema, ImageGenToolDetails
 	name: "generate_image",
 	label: "GenerateImage",
 	strict: false,
+	approval: "write",
 	description: prompt.render(imageGenDescription),
 	parameters: imageGenSchema,
 	async execute(_toolCallId, params, _onUpdate, ctx, signal) {

package/src/tools/inspect-image.ts

@@ -33,6 +33,7 @@ export interface InspectImageToolDetails {
 
 export class InspectImageTool implements AgentTool<typeof inspectImageSchema, InspectImageToolDetails> {
 	readonly name = "inspect_image";
+	readonly approval = "read" as const;
 	readonly label = "InspectImage";
 	readonly loadMode = "discoverable";
 	readonly summary = "Describe or analyze an image file";

package/src/tools/irc.ts

@@ -54,6 +54,7 @@ export interface IrcDetails {
 
 export class IrcTool implements AgentTool<typeof ircSchema, IrcDetails> {
 	readonly name = "irc";
+	readonly approval = "read" as const;
 	readonly label = "IRC";
 	readonly summary = "Send and receive messages between agents over IRC-like channels";
 	readonly description: string;

package/src/tools/job.ts

@@ -67,6 +67,7 @@ export interface JobToolDetails {
 
 export class JobTool implements AgentTool<typeof jobSchema, JobToolDetails> {
 	readonly name = "job";
+	readonly approval = "read" as const;
 	readonly label = "Job";
 	readonly summary = "Manage long-running background jobs (async bash/python)";
 	readonly description: string;

package/src/tools/path-utils.ts

@@ -29,6 +29,13 @@ const INTERNAL_SCHEMES_WITH_SELECTORS: Record<string, true> = {
 	rule: true,
 	skill: true,
 };
+// Schemes whose resource URIs are server-defined and may legitimately end
+// with selector-shaped tails (e.g. `:raw`, `:conflicts`, `:1-50`, `/:raw`).
+// `McpProtocolHandler` resolves by exact URI match (`r.uri === uri`), so
+// peeling syntactically can make valid resources unreachable. Keep these
+// schemes opaque; selector support for them needs a resolver-aware path that
+// tries the exact URI before interpreting any suffix as a read selector.
+const OPAQUE_RESOURCE_SCHEMES: ReadonlySet<string> = new Set(["mcp"]);
 const INTERNAL_URL_SCHEME_RE = /^([a-z][a-z0-9+.-]*):\/\//i;
 const NARROW_NO_BREAK_SPACE = "\u202F";
 const TOP_LEVEL_INTERNAL_URL_PREFIXES = [
@@ -173,10 +180,16 @@ export function splitPathAndSel(rawPath: string): { path: string; sel?: string }
  *
  * Falls back to the input unchanged when nothing matches.
  */
+
 export function splitInternalUrlSel(rawPath: string): { path: string; sel?: string } {
 	const schemeMatch = rawPath.match(INTERNAL_URL_SCHEME_RE);
 	if (!schemeMatch) return { path: rawPath };
-	if (!INTERNAL_SCHEMES_WITH_SELECTORS[schemeMatch[1].toLowerCase()]) return { path: rawPath };
+	const scheme = schemeMatch[1].toLowerCase();
+	// Opaque schemes (mcp://, etc.) carry server-defined resource URIs that may
+	// legitimately end in selector-shaped tails. Forward verbatim — see
+	// OPAQUE_RESOURCE_SCHEMES.
+	if (OPAQUE_RESOURCE_SCHEMES.has(scheme)) return { path: rawPath };
+	if (!INTERNAL_SCHEMES_WITH_SELECTORS[scheme]) return { path: rawPath };
 
 	const schemeEnd = schemeMatch[0].length;
 	let path = rawPath;

package/src/tools/read.ts

@@ -718,6 +718,7 @@ interface ResolvedSqliteReadPath {
  */
 export class ReadTool implements AgentTool<typeof readSchema, ReadToolDetails> {
 	readonly name = "read";
+	readonly approval = "read" as const;
 	readonly label = "Read";
 	readonly loadMode = "essential";
 	readonly description: string;

package/src/tools/recipe/index.ts

@@ -27,6 +27,7 @@ type RecipeRenderResult = {
 export class RecipeTool implements AgentTool<typeof recipeSchema, BashToolDetails, Theme> {
 	readonly name = "recipe";
 	readonly label = "Run";
+	readonly approval = "exec" as const;
 	readonly description: string;
 	readonly parameters = recipeSchema;
 	readonly strict = true;

package/src/tools/render-mermaid.ts

@@ -34,6 +34,7 @@ export interface RenderMermaidToolDetails {
 
 export class RenderMermaidTool implements AgentTool<typeof renderMermaidSchema, RenderMermaidToolDetails> {
 	readonly name = "render_mermaid";
+	readonly approval = "read" as const;
 	readonly label = "RenderMermaid";
 	readonly summary = "Render a Mermaid diagram to an image";
 	readonly description: string;

package/src/tools/report-tool-issue.ts

@@ -466,6 +466,7 @@ export function createReportToolIssueTool(session: ToolSession, activeBuiltinNam
 		name: "report_tool_issue",
 		label: "Report Tool Issue",
 		strict: false,
+		approval: "write",
 		description: "Report unexpected tool behavior for automated QA tracking.",
 		parameters: buildReportToolIssueParams(activeBuiltinNames),
 		intent: "omit",

package/src/tools/resolve.ts

@@ -160,6 +160,7 @@ export async function runResolveInvocation(
 
 export class ResolveTool implements AgentTool<typeof resolveSchema, ResolveToolDetails> {
 	readonly name = "resolve";
+	readonly approval = "read" as const;
 	readonly label = "Resolve";
 	readonly hidden = true;
 	readonly description: string;

package/src/tools/review.ts

@@ -122,6 +122,7 @@ export function parseReportFindingDetails(value: unknown): ReportFindingDetails
 export const reportFindingTool: AgentTool<typeof ReportFindingParams, ReportFindingDetails, Theme> = {
 	name: "report_finding",
 	label: "Report Finding",
+	approval: "read",
 	description: "Report a code review finding. Use this for each issue found. Call yield when done.",
 	parameters: ReportFindingParams,
 	intent: "omit",

package/src/tools/search-tool-bm25.ts

@@ -180,6 +180,7 @@ function renderFallbackResult(text: string, theme: Theme): Component {
  */
 export class SearchToolBm25Tool implements AgentTool<typeof searchToolBm25Schema, SearchToolBm25Details> {
 	readonly name = "search_tool_bm25";
+	readonly approval = "read" as const;
 	readonly label = "SearchTools";
 	readonly loadMode = "essential";
 	get description(): string {

package/src/tools/search.ts

@@ -218,6 +218,7 @@ type SearchParams = z.infer<typeof searchSchema>;
 
 export class SearchTool implements AgentTool<typeof searchSchema, SearchToolDetails> {
 	readonly name = "search";
+	readonly approval = "read" as const;
 	readonly label = "Search";
 	readonly loadMode = "discoverable";
 	readonly summary = "Search file contents using ripgrep (fast text search)";

package/src/tools/ssh.ts

@@ -16,6 +16,7 @@ import { executeSSH } from "../ssh/ssh-executor";
 import { renderStatusLine } from "../tui";
 import { CachedOutputBlock } from "../tui/output-block";
 import type { ToolSession } from ".";
+import { truncateForPrompt } from "./approval";
 import { formatStyledTruncationWarning, type OutputMeta, stripOutputNotice } from "./output-meta";
 import { ToolError } from "./tool-errors";
 import { toolResult } from "./tool-result";
@@ -120,6 +121,13 @@ type SshToolParams = z.infer<typeof sshSchema>;
 
 export class SshTool implements AgentTool<typeof sshSchema, SSHToolDetails> {
 	readonly name = "ssh";
+	readonly approval = "exec" as const;
+	readonly formatApprovalDetails = (args: unknown): string[] => {
+		const params = args as Partial<SshToolParams>;
+		const host = typeof params.host === "string" ? params.host : "(missing)";
+		const command = typeof params.command === "string" ? params.command : "(missing)";
+		return [`Host: ${truncateForPrompt(host)}`, `Command: ${truncateForPrompt(command)}`];
+	};
 	readonly summary = "Execute a command on a remote host over SSH";
 	readonly loadMode = "discoverable";
 	readonly label = "SSH";

package/src/tools/todo-write.ts

@@ -493,6 +493,7 @@ function formatSummary(phases: TodoPhase[], errors: string[]): string {
 
 export class TodoWriteTool implements AgentTool<typeof todoWriteSchema, TodoWriteToolDetails> {
 	readonly name = "todo_write";
+	readonly approval = "read" as const;
 	readonly label = "Todo Write";
 	readonly summary = "Write a structured todo list to track progress within a session";
 	readonly description: string;

package/src/tools/write.ts

@@ -16,6 +16,7 @@ import writeDescription from "../prompts/tools/write.md" with { type: "text" };
 import type { ToolSession } from "../sdk";
 import { Ellipsis, Hasher, type RenderCache, renderStatusLine, truncateToWidth } from "../tui";
 import { resolveFileDisplayMode } from "../utils/file-display-mode";
+import { truncateForPrompt } from "./approval";
 import { parseArchivePathCandidates } from "./archive-reader";
 import { assertEditableFile } from "./auto-generated-guard";
 import {
@@ -27,7 +28,7 @@ import {
 } from "./conflict-detect";
 import { invalidateFsScanAfterWrite } from "./fs-cache-invalidation";
 import { type OutputMeta, outputMeta } from "./output-meta";
-import { formatPathRelativeToCwd } from "./path-utils";
+import { formatPathRelativeToCwd, isInternalUrlPath } from "./path-utils";
 import { enforcePlanModeWrite, resolvePlanPath } from "./plan-mode-guard";
 import {
 	formatDiagnostics,
@@ -184,6 +185,16 @@ function parseSqliteWriteTarget(subPath: string, queryString: string): { table:
  */
 export class WriteTool implements AgentTool<typeof writeSchema, WriteToolDetails> {
 	readonly name = "write";
+	readonly approval = (args: unknown) => {
+		const rawPath = (args as Partial<WriteParams>).path;
+		return typeof rawPath === "string" && isInternalUrlPath(rawPath) ? "read" : "write";
+	};
+	readonly formatApprovalDetails = (args: unknown): string[] => {
+		const params = args as Partial<WriteParams>;
+		const targetPath = typeof params.path === "string" ? params.path : "(missing)";
+		const content = typeof params.content === "string" ? params.content : "";
+		return [`Path: ${truncateForPrompt(targetPath)}`, `Content:\n${truncateForPrompt(content)}`];
+	};
 	readonly label = "Write";
 	readonly description: string;
 	readonly parameters = writeSchema;

package/src/tools/yield.ts

@@ -99,6 +99,7 @@ const MAX_SCHEMA_RETRIES = 3;
 
 export class YieldTool implements AgentTool<TSchema, YieldDetails> {
 	readonly name = "yield";
+	readonly approval = "read" as const;
 	readonly label = "Submit Result";
 	readonly description =
 		"Finish the task with structured JSON output. Call exactly once at the end of the task.\n\n" +

package/src/web/search/index.ts

@@ -224,6 +224,7 @@ export async function runSearchQuery(
  */
 export class WebSearchTool implements AgentTool<typeof webSearchSchema, SearchRenderDetails> {
 	readonly name = "web_search";
+	readonly approval = "read" as const;
 	readonly label = "Web Search";
 	readonly description: string;
 	readonly parameters = webSearchSchema;
@@ -258,6 +259,7 @@ export const webSearchCustomTool: CustomTool<typeof webSearchSchema, SearchRende
 	description: prompt.render(webSearchDescription),
 	parameters: webSearchSchema,
 
+	approval: "read",
 	async execute(
 		toolCallId: string,
 		params: SearchToolParams,