@olane/o-approval 0.7.7

package/README.md

@@ -0,0 +1,272 @@
+# @olane/o-approval
+
+Human-in-the-loop approval service for AI actions in Olane OS.
+
+## Overview
+
+The `o-approval` package provides a configurable approval system that allows humans to review and approve AI actions before they are executed. This ensures that sensitive operations require human oversight, making Olane OS suitable for production environments where AI autonomy needs to be controlled.
+
+## Features
+
+- **Configurable Modes**: Switch between `allow`, `review`, and `auto` modes
+- **Preference Management**: Whitelist/blacklist specific tool methods
+- **Timeout Protection**: Auto-denies actions after configurable timeout (default: 3 minutes)
+- **Persistent Preferences**: "Always allow" and "never allow" choices are saved
+- **Backward Compatible**: Defaults to `allow` mode for seamless integration
+- **Non-Invasive**: Single interception point at task execution level
+
+## Installation
+
+This package is typically included as part of the Olane OS common tools and is automatically registered on all nodes.
+
+```bash
+npm install @olane/o-approval
+```
+
+## Usage
+
+### CLI Commands
+
+Enable review mode (all AI actions require approval):
+```bash
+o config set approvalMode=review
+```
+
+Disable review mode (default - no approval required):
+```bash
+o config set approvalMode=allow
+```
+
+Enable auto mode (only methods marked with `requiresApproval: true` need approval):
+```bash
+o config set approvalMode=auto
+```
+
+Check current mode:
+```bash
+o config get approvalMode
+```
+
+View approval mode in status:
+```bash
+o status
+```
+
+### Programmatic Usage
+
+#### Initialize Approval Tool
+
+The approval tool is automatically registered by `initCommonTools()`, but you can also create it manually:
+
+```typescript
+import { oApprovalTool } from '@olane/o-approval';
+
+const approvalTool = new oApprovalTool({
+  name: 'approval',
+  parent: parentNode.address,
+  leader: leaderNode.address,
+  mode: 'review', // 'allow' | 'review' | 'auto'
+  preferences: {
+    whitelist: ['o://storage/get', 'o://intelligence/prompt'],
+    blacklist: ['o://storage/delete'],
+    timeout: 180000, // 3 minutes in milliseconds
+  },
+});
+
+await approvalTool.start();
+```
+
+#### Request Approval
+
+```typescript
+import { oAddress } from '@olane/o-core';
+
+const response = await node.use(new oAddress('o://approval'), {
+  method: 'request_approval',
+  params: {
+    toolAddress: 'o://storage',
+    method: 'delete_file',
+    params: { file_path: '/important/document.txt' },
+    intent: 'Delete the old configuration file',
+  },
+});
+
+if (response.result.data.approved) {
+  // Proceed with action
+  console.log('Action approved');
+} else {
+  console.log('Action denied:', response.result.data.decision);
+}
+```
+
+## Approval Flow
+
+When an AI action requires approval, the human receives a prompt like this:
+
+```
+Action requires approval:
+  Tool: o://storage
+  Method: delete_file
+  Parameters: {
+    "file_path": "/important/document.txt"
+  }
+  Intent: Clean up old configuration files
+
+Response options:
+  - 'approve' - Allow this action once
+  - 'deny' - Reject this action
+  - 'always' - Always allow o://storage/delete_file
+  - 'never' - Never allow o://storage/delete_file
+
+Your response:
+```
+
+### Human Responses
+
+- **`approve`**: Allows the action this one time
+- **`deny`**: Rejects the action (AI receives an error)
+- **`always`**: Adds the tool/method to the whitelist (auto-approves in future)
+- **`never`**: Adds the tool/method to the blacklist (auto-denies in future)
+
+## Approval Modes
+
+### `allow` Mode (Default)
+- No approval required
+- All AI actions execute automatically
+- Backward compatible with existing Olane OS instances
+
+### `review` Mode
+- All AI actions require human approval
+- Every tool execution is intercepted
+- Provides maximum human oversight
+
+### `auto` Mode
+- Only methods marked with `requiresApproval: true` need approval
+- Allows fine-grained control at the method level
+- Best for production environments with trusted tools
+
+## API Reference
+
+### Methods
+
+#### `request_approval`
+
+Request human approval for an AI action.
+
+**Parameters:**
+- `toolAddress` (string, required): The address of the tool to be called
+- `method` (string, required): The method name to be called
+- `params` (object, required): The parameters for the method call
+- `intent` (string, optional): The original intent that triggered this action
+
+**Returns:**
+```typescript
+{
+  success: boolean;
+  approved: boolean;
+  decision: 'approve' | 'deny' | 'always' | 'never';
+  timestamp: number;
+}
+```
+
+#### `set_preference`
+
+Store an approval preference (whitelist/blacklist).
+
+**Parameters:**
+- `toolMethod` (string, required): The tool/method combination (e.g., "o://storage/delete")
+- `preference` (string, required): The preference type: "allow" or "deny"
+
+**Returns:**
+```typescript
+{
+  success: boolean;
+  message: string;
+}
+```
+
+#### `get_mode`
+
+Get the current approval mode.
+
+**Parameters:** None
+
+**Returns:**
+```typescript
+{
+  success: boolean;
+  mode: 'allow' | 'review' | 'auto';
+  preferences: ApprovalPreferences;
+}
+```
+
+#### `set_mode`
+
+Set the approval mode.
+
+**Parameters:**
+- `mode` (string, required): The approval mode: "allow", "review", or "auto"
+
+**Returns:**
+```typescript
+{
+  success: boolean;
+  mode: 'allow' | 'review' | 'auto';
+}
+```
+
+## Configuration
+
+### Marking Methods as Requiring Approval
+
+To mark a method as requiring approval in `auto` mode, add the `requiresApproval` flag:
+
+```typescript
+import { oMethod } from '@olane/o-protocol';
+
+export const MY_METHODS: { [key: string]: oMethod } = {
+  delete_file: {
+    name: 'delete_file',
+    description: 'Delete a file from storage',
+    parameters: [...],
+    dependencies: [],
+    requiresApproval: true, // Requires approval in auto mode
+    approvalMetadata: {
+      riskLevel: 'high',
+      category: 'destructive',
+      description: 'Permanently deletes a file',
+    },
+  },
+};
+```
+
+## Security Considerations
+
+### Defense in Depth
+
+The approval system provides Layer 4 in the Olane OS security architecture:
+
+1. **Layer 1 (Database)**: RLS policies prevent unauthorized data access
+2. **Layer 2 (Application)**: Caller validation ensures proper ownership
+3. **Layer 3 (Audit)**: Access logging tracks all operations
+4. **Layer 4 (Human-in-the-Loop)**: Approval system prevents unauthorized AI actions
+
+### Best Practices
+
+1. **Use `review` mode in production** for sensitive environments
+2. **Use `auto` mode** with carefully marked methods for trusted environments
+3. **Regularly review audit logs** for denied actions
+4. **Keep whitelist/blacklist minimal** to avoid approval fatigue
+5. **Set appropriate timeouts** based on response time expectations
+
+## License
+
+(MIT OR Apache-2.0)
+
+## Related Packages
+
+- [@olane/o-core](../o-core) - Core node functionality
+- [@olane/o-lane](../o-lane) - Lane execution and capabilities
+- [@olane/o-login](../o-login) - Human/AI agent authentication
+- [@olane/o-protocol](../o-protocol) - Protocol definitions
+- [@olane/o-tools-common](../o-tools-common) - Common tools initialization

package/dist/src/index.d.ts

@@ -0,0 +1,4 @@
+export * from './o-approval.tool.js';
+export * from './interfaces/index.js';
+export * from './methods/approval.methods.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,sBAAsB,CAAC;AACrC,cAAc,uBAAuB,CAAC;AACtC,cAAc,+BAA+B,CAAC"}

package/dist/src/index.js

@@ -0,0 +1,3 @@
+export * from './o-approval.tool.js';
+export * from './interfaces/index.js';
+export * from './methods/approval.methods.js';

package/dist/src/interfaces/approval-config.d.ts

@@ -0,0 +1,12 @@
+import { oNodeToolConfig } from '@olane/o-node';
+export type ApprovalMode = 'allow' | 'review' | 'auto';
+export interface ApprovalPreferences {
+    whitelist?: string[];
+    blacklist?: string[];
+    timeout?: number;
+}
+export interface oApprovalConfig extends oNodeToolConfig {
+    mode?: ApprovalMode;
+    preferences?: ApprovalPreferences;
+}
+//# sourceMappingURL=approval-config.d.ts.map

package/dist/src/interfaces/approval-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"approval-config.d.ts","sourceRoot":"","sources":["../../../src/interfaces/approval-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAEhD,MAAM,MAAM,YAAY,GAAG,OAAO,GAAG,QAAQ,GAAG,MAAM,CAAC;AAEvD,MAAM,WAAW,mBAAmB;IAClC,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,EAAE,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,eAAgB,SAAQ,eAAe;IACtD,IAAI,CAAC,EAAE,YAAY,CAAC;IACpB,WAAW,CAAC,EAAE,mBAAmB,CAAC;CACnC"}

package/dist/src/interfaces/approval-config.js

@@ -0,0 +1 @@
+export {};

package/dist/src/interfaces/approval-request.d.ts

@@ -0,0 +1,8 @@
+export interface ApprovalRequest {
+    toolAddress: string;
+    method: string;
+    params: any;
+    intent?: string;
+    timestamp: number;
+}
+//# sourceMappingURL=approval-request.d.ts.map

package/dist/src/interfaces/approval-request.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"approval-request.d.ts","sourceRoot":"","sources":["../../../src/interfaces/approval-request.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,GAAG,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB"}

package/dist/src/interfaces/approval-request.js

@@ -0,0 +1 @@
+export {};

package/dist/src/interfaces/approval-response.d.ts

@@ -0,0 +1,7 @@
+export type ApprovalDecision = 'approve' | 'deny' | 'always' | 'never';
+export interface ApprovalResponse {
+    decision: ApprovalDecision;
+    reason?: string;
+    timestamp: number;
+}
+//# sourceMappingURL=approval-response.d.ts.map

package/dist/src/interfaces/approval-response.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"approval-response.d.ts","sourceRoot":"","sources":["../../../src/interfaces/approval-response.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,gBAAgB,GAAG,SAAS,GAAG,MAAM,GAAG,QAAQ,GAAG,OAAO,CAAC;AAEvE,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,gBAAgB,CAAC;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB"}

package/dist/src/interfaces/approval-response.js

@@ -0,0 +1 @@
+export {};

package/dist/src/interfaces/index.d.ts

@@ -0,0 +1,4 @@
+export * from './approval-request.js';
+export * from './approval-response.js';
+export * from './approval-config.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/src/interfaces/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/interfaces/index.ts"],"names":[],"mappings":"AAAA,cAAc,uBAAuB,CAAC;AACtC,cAAc,wBAAwB,CAAC;AACvC,cAAc,sBAAsB,CAAC"}

package/dist/src/interfaces/index.js

@@ -0,0 +1,3 @@
+export * from './approval-request.js';
+export * from './approval-response.js';
+export * from './approval-config.js';

package/dist/src/methods/approval.methods.d.ts

@@ -0,0 +1,5 @@
+import { oMethod } from '@olane/o-protocol';
+export declare const APPROVAL_METHODS: {
+    [key: string]: oMethod;
+};
+//# sourceMappingURL=approval.methods.d.ts.map

package/dist/src/methods/approval.methods.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"approval.methods.d.ts","sourceRoot":"","sources":["../../../src/methods/approval.methods.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAE5C,eAAO,MAAM,gBAAgB,EAAE;IAAE,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CAsEtD,CAAC"}

package/dist/src/methods/approval.methods.js

@@ -0,0 +1,71 @@
+export const APPROVAL_METHODS = {
+    request_approval: {
+        name: 'request_approval',
+        description: 'Request human approval for an AI action',
+        parameters: [
+            {
+                name: 'toolAddress',
+                type: 'string',
+                description: 'The address of the tool to be called',
+                required: true,
+            },
+            {
+                name: 'method',
+                type: 'string',
+                description: 'The method name to be called',
+                required: true,
+            },
+            {
+                name: 'params',
+                type: 'object',
+                description: 'The parameters for the method call',
+                required: true,
+            },
+            {
+                name: 'intent',
+                type: 'string',
+                description: 'The original intent that triggered this action',
+                required: false,
+            },
+        ],
+        dependencies: [],
+    },
+    set_preference: {
+        name: 'set_preference',
+        description: 'Store an approval preference (whitelist/blacklist)',
+        parameters: [
+            {
+                name: 'toolMethod',
+                type: 'string',
+                description: 'The tool/method combination (e.g., "o://storage/delete")',
+                required: true,
+            },
+            {
+                name: 'preference',
+                type: 'string',
+                description: 'The preference type: "allow" or "deny"',
+                required: true,
+            },
+        ],
+        dependencies: [],
+    },
+    get_mode: {
+        name: 'get_mode',
+        description: 'Get the current approval mode',
+        parameters: [],
+        dependencies: [],
+    },
+    set_mode: {
+        name: 'set_mode',
+        description: 'Set the approval mode',
+        parameters: [
+            {
+                name: 'mode',
+                type: 'string',
+                description: 'The approval mode: "allow", "review", or "auto"',
+                required: true,
+            },
+        ],
+        dependencies: [],
+    },
+};

package/dist/src/o-approval.tool.d.ts

@@ -0,0 +1,50 @@
+import { ToolResult } from '@olane/o-tool';
+import { oRequest } from '@olane/o-core';
+import { oApprovalConfig } from './interfaces/approval-config.js';
+import { oLaneTool } from '@olane/o-lane';
+export declare class oApprovalTool extends oLaneTool {
+    private mode;
+    private preferences;
+    constructor(config: oApprovalConfig);
+    /**
+     * Check if approval is needed for a given tool/method combination
+     */
+    private needsApproval;
+    /**
+     * Request human approval for an action
+     */
+    _tool_request_approval(request: oRequest): Promise<ToolResult>;
+    /**
+     * Format the approval prompt for the human
+     */
+    private formatApprovalPrompt;
+    /**
+     * Parse the human's approval response
+     */
+    private parseApprovalResponse;
+    /**
+     * Add a tool/method to the whitelist
+     */
+    private addToWhitelist;
+    /**
+     * Add a tool/method to the blacklist
+     */
+    private addToBlacklist;
+    /**
+     * Save preferences to OS config
+     */
+    private savePreferences;
+    /**
+     * Set an approval preference manually
+     */
+    _tool_set_preference(request: oRequest): Promise<ToolResult>;
+    /**
+     * Get the current approval mode
+     */
+    _tool_get_mode(request: oRequest): Promise<ToolResult>;
+    /**
+     * Set the approval mode
+     */
+    _tool_set_mode(request: oRequest): Promise<ToolResult>;
+}
+//# sourceMappingURL=o-approval.tool.d.ts.map

package/dist/src/o-approval.tool.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"o-approval.tool.d.ts","sourceRoot":"","sources":["../../src/o-approval.tool.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC3C,OAAO,EAAY,QAAQ,EAAE,MAAM,eAAe,CAAC;AAEnD,OAAO,EACL,eAAe,EAGhB,MAAM,iCAAiC,CAAC;AAMzC,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAK1C,qBAAa,aAAc,SAAQ,SAAS;IAC1C,OAAO,CAAC,IAAI,CAAe;IAC3B,OAAO,CAAC,WAAW,CAAsB;gBAE7B,MAAM,EAAE,eAAe;IAenC;;OAEG;IACH,OAAO,CAAC,aAAa;IA4BrB;;OAEG;IACG,sBAAsB,CAAC,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC;IAuHpE;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAmB5B;;OAEG;IACH,OAAO,CAAC,qBAAqB;IAkB7B;;OAEG;YACW,cAAc;IAU5B;;OAEG;YACW,cAAc;IAU5B;;OAEG;YACW,eAAe;IAY7B;;OAEG;IACG,oBAAoB,CAAC,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC;IA+BlE;;OAEG;IACG,cAAc,CAAC,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC;IAQ5D;;OAEG;IACG,cAAc,CAAC,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC;CA+B7D"}

package/dist/src/o-approval.tool.js

@@ -0,0 +1,304 @@
+import { oAddress } from '@olane/o-core';
+import { APPROVAL_METHODS } from './methods/approval.methods.js';
+import { oLaneTool } from '@olane/o-lane';
+import { oNodeAddress } from '@olane/o-node';
+const DEFAULT_TIMEOUT = 180000; // 3 minutes in milliseconds
+export class oApprovalTool extends oLaneTool {
+    constructor(config) {
+        super({
+            ...config,
+            address: new oNodeAddress('o://approval'),
+            description: 'Human approval service for AI actions',
+            methods: APPROVAL_METHODS,
+        });
+        this.mode = config.mode || 'allow';
+        this.preferences = config.preferences || {
+            whitelist: [],
+            blacklist: [],
+            timeout: DEFAULT_TIMEOUT,
+        };
+    }
+    /**
+     * Check if approval is needed for a given tool/method combination
+     */
+    needsApproval(toolAddress, method) {
+        const toolMethod = `${toolAddress}/${method}`;
+        // Check blacklist first - always deny
+        if (this.preferences.blacklist?.includes(toolMethod)) {
+            return false; // Will be denied, but doesn't need approval prompt
+        }
+        // Check whitelist - always allow
+        if (this.preferences.whitelist?.includes(toolMethod)) {
+            return false; // Pre-approved
+        }
+        // Determine based on mode
+        switch (this.mode) {
+            case 'allow':
+                return false; // No approval needed
+            case 'review':
+                return true; // Always require approval
+            case 'auto':
+                // In auto mode, only methods marked with requiresApproval need approval
+                // This will be checked by the caller
+                return true;
+            default:
+                return false;
+        }
+    }
+    /**
+     * Request human approval for an action
+     */
+    async _tool_request_approval(request) {
+        try {
+            const toolAddress = request.params.toolAddress;
+            const method = request.params.method;
+            const params = request.params.params;
+            const intent = request.params.intent;
+            const approvalRequest = {
+                toolAddress,
+                method,
+                params,
+                intent,
+                timestamp: Date.now(),
+            };
+            const toolMethod = `${toolAddress}/${method}`;
+            // Check if this action is blacklisted
+            if (this.preferences.blacklist?.includes(toolMethod)) {
+                this.logger.warn(`Action denied by blacklist: ${toolMethod}`);
+                return {
+                    success: false,
+                    error: 'Action denied by approval blacklist',
+                    approved: false,
+                };
+            }
+            // Check if this action is whitelisted
+            if (this.preferences.whitelist?.includes(toolMethod)) {
+                this.logger.info(`Action pre-approved by whitelist: ${toolMethod}`);
+                return {
+                    success: true,
+                    approved: true,
+                    decision: 'approve',
+                };
+            }
+            // Check if approval is needed based on mode
+            if (!this.needsApproval(toolAddress, method)) {
+                this.logger.debug(`Approval not required for ${toolMethod} (mode: ${this.mode})`);
+                return {
+                    success: true,
+                    approved: true,
+                    decision: 'approve',
+                };
+            }
+            // Format the approval prompt
+            const question = this.formatApprovalPrompt(approvalRequest);
+            // Request approval from human
+            this.logger.info(`Requesting approval for: ${toolMethod}`);
+            const timeout = this.preferences.timeout || DEFAULT_TIMEOUT;
+            const approvalPromise = this.use(new oAddress('o://human'), {
+                method: 'question',
+                params: { question },
+            });
+            // Implement timeout
+            const timeoutPromise = new Promise((_, reject) => setTimeout(() => reject(new Error('Approval timeout')), timeout));
+            try {
+                const response = await Promise.race([approvalPromise, timeoutPromise]);
+                const answer = response.result.data?.answer
+                    ?.trim()
+                    .toLowerCase();
+                // Parse the response
+                const decision = this.parseApprovalResponse(answer);
+                // Handle preference storage
+                if (decision === 'always') {
+                    await this.addToWhitelist(toolMethod);
+                    this.logger.info(`Added to whitelist: ${toolMethod}`);
+                }
+                else if (decision === 'never') {
+                    await this.addToBlacklist(toolMethod);
+                    this.logger.info(`Added to blacklist: ${toolMethod}`);
+                }
+                const approved = decision === 'approve' || decision === 'always';
+                this.logger.info(`Approval decision for ${toolMethod}: ${decision} (approved: ${approved})`);
+                return {
+                    success: true,
+                    approved,
+                    decision,
+                    timestamp: Date.now(),
+                };
+            }
+            catch (error) {
+                // Timeout or error - default to deny
+                this.logger.error(`Approval timeout or error for ${toolMethod}:`, error.message);
+                return {
+                    success: false,
+                    error: error.message || 'Approval timeout',
+                    approved: false,
+                    decision: 'deny',
+                };
+            }
+        }
+        catch (error) {
+            this.logger.error('Error in approval request:', error);
+            return {
+                success: false,
+                error: error.message || 'Unknown error',
+                approved: false,
+            };
+        }
+    }
+    /**
+     * Format the approval prompt for the human
+     */
+    formatApprovalPrompt(request) {
+        const paramsStr = JSON.stringify(request.params, null, 2);
+        return `
+Action requires approval:
+  Tool: ${request.toolAddress}
+  Method: ${request.method}
+  Parameters: ${paramsStr}
+  ${request.intent ? `Intent: ${request.intent}` : ''}
+
+Response options:
+  - 'approve' - Allow this action once
+  - 'deny' - Reject this action
+  - 'always' - Always allow ${request.toolAddress}/${request.method}
+  - 'never' - Never allow ${request.toolAddress}/${request.method}
+
+Your response:`.trim();
+    }
+    /**
+     * Parse the human's approval response
+     */
+    parseApprovalResponse(answer) {
+        if (!answer)
+            return 'deny';
+        if (answer.includes('approve') ||
+            answer.includes('yes') ||
+            answer.includes('allow')) {
+            return 'approve';
+        }
+        else if (answer.includes('always')) {
+            return 'always';
+        }
+        else if (answer.includes('never')) {
+            return 'never';
+        }
+        else {
+            return 'deny';
+        }
+    }
+    /**
+     * Add a tool/method to the whitelist
+     */
+    async addToWhitelist(toolMethod) {
+        if (!this.preferences.whitelist) {
+            this.preferences.whitelist = [];
+        }
+        if (!this.preferences.whitelist.includes(toolMethod)) {
+            this.preferences.whitelist.push(toolMethod);
+            await this.savePreferences();
+        }
+    }
+    /**
+     * Add a tool/method to the blacklist
+     */
+    async addToBlacklist(toolMethod) {
+        if (!this.preferences.blacklist) {
+            this.preferences.blacklist = [];
+        }
+        if (!this.preferences.blacklist.includes(toolMethod)) {
+            this.preferences.blacklist.push(toolMethod);
+            await this.savePreferences();
+        }
+    }
+    /**
+     * Save preferences to OS config
+     */
+    async savePreferences() {
+        try {
+            // Save preferences via the leader node's config
+            await this.use(new oAddress('o://leader'), {
+                method: 'update_approval_preferences',
+                params: { preferences: this.preferences },
+            });
+        }
+        catch (error) {
+            this.logger.error('Failed to save approval preferences:', error.message);
+        }
+    }
+    /**
+     * Set an approval preference manually
+     */
+    async _tool_set_preference(request) {
+        try {
+            const toolMethod = request.params.toolMethod;
+            const preference = request.params.preference;
+            if (preference === 'allow') {
+                await this.addToWhitelist(toolMethod);
+                return {
+                    success: true,
+                    message: `Added ${toolMethod} to whitelist`,
+                };
+            }
+            else if (preference === 'deny') {
+                await this.addToBlacklist(toolMethod);
+                return {
+                    success: true,
+                    message: `Added ${toolMethod} to blacklist`,
+                };
+            }
+            else {
+                return {
+                    success: false,
+                    error: 'Invalid preference. Use "allow" or "deny"',
+                };
+            }
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: error.message || 'Unknown error',
+            };
+        }
+    }
+    /**
+     * Get the current approval mode
+     */
+    async _tool_get_mode(request) {
+        return {
+            success: true,
+            mode: this.mode,
+            preferences: this.preferences,
+        };
+    }
+    /**
+     * Set the approval mode
+     */
+    async _tool_set_mode(request) {
+        try {
+            const mode = request.params.mode;
+            if (!['allow', 'review', 'auto'].includes(mode)) {
+                return {
+                    success: false,
+                    error: 'Invalid mode. Use "allow", "review", or "auto"',
+                };
+            }
+            this.mode = mode;
+            this.logger.info(`Approval mode set to: ${this.mode}`);
+            // Save mode to OS config
+            await this.use(new oAddress('o://leader'), {
+                method: 'update_approval_mode',
+                params: { mode: this.mode },
+            });
+            return {
+                success: true,
+                mode: this.mode,
+            };
+        }
+        catch (error) {
+            return {
+                success: false,
+                error: error.message || 'Unknown error',
+            };
+        }
+    }
+}

package/dist/test/method.spec.d.ts

@@ -0,0 +1 @@
+//# sourceMappingURL=method.spec.d.ts.map

package/dist/test/method.spec.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"method.spec.d.ts","sourceRoot":"","sources":["../../test/method.spec.ts"],"names":[],"mappings":""}

package/dist/test/method.spec.js

@@ -0,0 +1,29 @@
+"use strict";
+// import { oAddress, NodeState, oRequest } from '@olane/o-core';
+// import { oVirtualTool } from '../src/virtual.tool.js';
+// import { expect } from 'chai';
+// describe('o-tool @methods', () => {
+//   it('should call the hello_world method', async () => {
+//     const node = new oVirtualTool({
+//       address: new oAddress('o://test'),
+//       leader: null,
+//       parent: null,
+//     });
+//     await node.start();
+//     expect(node.state).to.equal(NodeState.RUNNING);
+//     // call the tool
+//     const req = new oRequest({
+//       method: 'hello_world',
+//       id: '123',
+//       params: {
+//         _connectionId: '123',
+//         _requestMethod: 'hello_world',
+//       },
+//     });
+//     const data = await node.callMyTool(req);
+//     expect(data.message).to.equal('Hello, world!');
+//     // stop the node
+//     await node.stop();
+//     expect(node.state).to.equal(NodeState.STOPPED);
+//   });
+// });

package/package.json

@@ -0,0 +1,68 @@
+{
+  "name": "@olane/o-approval",
+  "version": "0.7.7",
+  "type": "module",
+  "main": "dist/src/index.js",
+  "types": "dist/src/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/src/index.d.ts",
+      "default": "./dist/src/index.js"
+    }
+  },
+  "files": [
+    "dist/**/*",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "test": "aegir test",
+    "test:node": "aegir test -t node",
+    "test:browser": "aegir test -t browser",
+    "build": "tsc",
+    "deep:clean": "rm -rf node_modules && rm package-lock.json",
+    "start:prod": "node dist/index.js",
+    "prepublishOnly": "npm run build",
+    "update:lib": "npm install @olane/o-core@latest",
+    "update:peers": "npm install @olane/o-config@latest @olane/o-core@latest @olane/o-protocol@latest @olane/o-tool@latest @olane/o-lane@latest --save-peer",
+    "lint": "eslint src/**/*.ts"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/olane-labs/olane.git"
+  },
+  "author": "oLane Inc.",
+  "license": "(MIT OR Apache-2.0)",
+  "description": "Olane approval service for human-in-the-loop AI action approval",
+  "devDependencies": {
+    "@eslint/eslintrc": "^3.3.1",
+    "@eslint/js": "^9.29.0",
+    "@tsconfig/node20": "^20.1.6",
+    "@types/jest": "^30.0.0",
+    "@typescript-eslint/eslint-plugin": "^8.34.1",
+    "@typescript-eslint/parser": "^8.34.1",
+    "aegir": "^47.0.21",
+    "eslint": "^9.29.0",
+    "eslint-config-prettier": "^10.1.6",
+    "eslint-plugin-prettier": "^5.5.0",
+    "globals": "^16.2.0",
+    "jest": "^30.0.0",
+    "prettier": "^3.5.3",
+    "ts-jest": "^29.4.0",
+    "ts-node": "^10.9.2",
+    "tsconfig-paths": "^4.2.0",
+    "tsx": "^4.20.3",
+    "typescript": "5.4.5"
+  },
+  "peerDependencies": {
+    "@olane/o-config": "^0.7.6",
+    "@olane/o-core": "^0.7.6",
+    "@olane/o-lane": "^0.7.6",
+    "@olane/o-protocol": "^0.7.6",
+    "@olane/o-tool": "^0.7.6"
+  },
+  "dependencies": {
+    "debug": "^4.4.1",
+    "dotenv": "^16.5.0"
+  }
+}