@ottocode/server 0.1.225 → 0.1.227

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@ottocode/server",
-	"version": "0.1.225",
+	"version": "0.1.227",
 	"description": "HTTP API server for ottocode",
 	"type": "module",
 	"main": "./src/index.ts",
@@ -49,8 +49,8 @@
 		"typecheck": "tsc --noEmit"
 	},
 	"dependencies": {
-		"@ottocode/sdk": "0.1.225",
-		"@ottocode/database": "0.1.225",
+		"@ottocode/sdk": "0.1.227",
+		"@ottocode/database": "0.1.227",
 		"drizzle-orm": "^0.44.5",
 		"hono": "^4.9.9",
 		"zod": "^4.3.6"

package/src/events/types.ts

@@ -1,5 +1,6 @@
 export type OttoEventType =
 	| 'tool.approval.required'
+	| 'tool.approval.updated'
 	| 'tool.approval.resolved'
 	| 'setu.payment.required'
 	| 'setu.payment.signing'
@@ -11,6 +12,7 @@ export type OttoEventType =
 	| 'setu.fiat.checkout_created'
 	| 'setu.balance.updated'
 	| 'session.created'
+	| 'session.deleted'
 	| 'session.updated'
 	| 'message.created'
 	| 'message.updated'

package/src/hono-context.d.ts

@@ -0,0 +1,7 @@
+import type { EmbeddedAppConfig } from './index.ts';
+
+declare module 'hono' {
+	interface ContextVariableMap {
+		embeddedConfig: EmbeddedAppConfig | undefined;
+	}
+}

package/src/index.ts

@@ -191,6 +191,7 @@ export type EmbeddedAppConfig = {
 		provider?: ProviderId;
 		model?: string;
 		agent?: string;
+		toolApproval?: 'auto' | 'dangerous' | 'all';
 	};
 	/** Additional CORS origins for proxies/Tailscale (e.g., ['https://myapp.ts.net', 'https://example.com']) */
 	corsOrigins?: string[];
@@ -202,7 +203,14 @@ export function createEmbeddedApp(config: EmbeddedAppConfig = {}) {
 	// Store injected config in Hono context for routes to access
 	// Config can be empty - routes will fall back to files/env
 	honoApp.use('*', async (c, next) => {
-		c.set('embeddedConfig', config);
+		(
+			c as unknown as {
+				set: (
+					key: 'embeddedConfig',
+					value: EmbeddedAppConfig | undefined,
+				) => void;
+			}
+		).set('embeddedConfig', config);
 		await next();
 	});
 

package/src/openapi/paths/auth.ts

@@ -35,6 +35,8 @@ export const authPaths = {
 												},
 												label: { type: 'string' },
 												supportsOAuth: { type: 'boolean' },
+												supportsToken: { type: 'boolean' },
+												supportsGhImport: { type: 'boolean' },
 												modelCount: { type: 'integer' },
 												costRange: {
 													type: 'object',
@@ -473,6 +475,194 @@ export const authPaths = {
 			},
 		},
 	},
+	'/v1/auth/copilot/methods': {
+		get: {
+			tags: ['auth'],
+			operationId: 'getCopilotAuthMethods',
+			summary: 'Get available Copilot auth methods',
+			responses: {
+				200: {
+					description: 'OK',
+					content: {
+						'application/json': {
+							schema: {
+								type: 'object',
+								properties: {
+									oauth: { type: 'boolean' },
+									token: { type: 'boolean' },
+									ghImport: {
+										type: 'object',
+										properties: {
+											available: { type: 'boolean' },
+											authenticated: { type: 'boolean' },
+											reason: { type: 'string' },
+										},
+										required: ['available', 'authenticated'],
+									},
+								},
+								required: ['oauth', 'token', 'ghImport'],
+							},
+						},
+					},
+				},
+			},
+		},
+	},
+	'/v1/auth/copilot/token': {
+		post: {
+			tags: ['auth'],
+			operationId: 'saveCopilotToken',
+			summary: 'Save Copilot token after validating model access',
+			requestBody: {
+				required: true,
+				content: {
+					'application/json': {
+						schema: {
+							type: 'object',
+							properties: {
+								token: { type: 'string' },
+							},
+							required: ['token'],
+						},
+					},
+				},
+			},
+			responses: {
+				200: {
+					description: 'OK',
+					content: {
+						'application/json': {
+							schema: {
+								type: 'object',
+								properties: {
+									success: { type: 'boolean' },
+									provider: { type: 'string' },
+									source: { type: 'string', enum: ['token'] },
+									modelCount: { type: 'integer' },
+									hasGpt52Codex: { type: 'boolean' },
+									sampleModels: {
+										type: 'array',
+										items: { type: 'string' },
+									},
+								},
+								required: [
+									'success',
+									'provider',
+									'source',
+									'modelCount',
+									'hasGpt52Codex',
+									'sampleModels',
+								],
+							},
+						},
+					},
+				},
+				400: errorResponse(),
+			},
+		},
+	},
+	'/v1/auth/copilot/gh/import': {
+		post: {
+			tags: ['auth'],
+			operationId: 'importCopilotTokenFromGh',
+			summary: 'Import Copilot token from GitHub CLI (gh)',
+			responses: {
+				200: {
+					description: 'OK',
+					content: {
+						'application/json': {
+							schema: {
+								type: 'object',
+								properties: {
+									success: { type: 'boolean' },
+									provider: { type: 'string' },
+									source: { type: 'string', enum: ['gh'] },
+									modelCount: { type: 'integer' },
+									hasGpt52Codex: { type: 'boolean' },
+									sampleModels: {
+										type: 'array',
+										items: { type: 'string' },
+									},
+								},
+								required: [
+									'success',
+									'provider',
+									'source',
+									'modelCount',
+									'hasGpt52Codex',
+									'sampleModels',
+								],
+							},
+						},
+					},
+				},
+				400: errorResponse(),
+			},
+		},
+	},
+	'/v1/auth/copilot/diagnostics': {
+		get: {
+			tags: ['auth'],
+			operationId: 'getCopilotDiagnostics',
+			summary: 'Get Copilot token diagnostics and model visibility',
+			responses: {
+				200: {
+					description: 'OK',
+					content: {
+						'application/json': {
+							schema: {
+								type: 'object',
+								properties: {
+									tokenSources: {
+										type: 'array',
+										items: {
+											type: 'object',
+											properties: {
+												source: {
+													type: 'string',
+													enum: ['env', 'stored'],
+												},
+												configured: { type: 'boolean' },
+												modelCount: { type: 'integer' },
+												hasGpt52Codex: { type: 'boolean' },
+												sampleModels: {
+													type: 'array',
+													items: { type: 'string' },
+												},
+												restrictedByOrgPolicy: { type: 'boolean' },
+												restrictedOrg: { type: 'string' },
+												restrictionMessage: { type: 'string' },
+												error: { type: 'string' },
+											},
+											required: ['source', 'configured'],
+										},
+									},
+									methods: {
+										type: 'object',
+										properties: {
+											oauth: { type: 'boolean' },
+											token: { type: 'boolean' },
+											ghImport: {
+												type: 'object',
+												properties: {
+													available: { type: 'boolean' },
+													authenticated: { type: 'boolean' },
+													reason: { type: 'string' },
+												},
+												required: ['available', 'authenticated'],
+											},
+										},
+										required: ['oauth', 'token', 'ghImport'],
+									},
+								},
+								required: ['tokenSources', 'methods'],
+							},
+						},
+					},
+				},
+			},
+		},
+	},
 	'/v1/auth/onboarding/complete': {
 		post: {
 			tags: ['auth'],

package/src/routes/ask.ts

@@ -21,9 +21,11 @@ export function registerAskRoutes(app: Hono) {
 			return c.json({ error: 'Prompt is required.' }, 400);
 		}
 
-		const embeddedConfig = c.get('embeddedConfig') as
-			| EmbeddedAppConfig
-			| undefined;
+		const embeddedConfig = (
+			c as unknown as {
+				get: (key: 'embeddedConfig') => EmbeddedAppConfig | undefined;
+			}
+		).get('embeddedConfig');
 
 		// Hybrid fallback: Use embedded config if provided, otherwise fall back to files/env
 		let injectableConfig: InjectableConfig | undefined;