@pixelbyte-software/pixcode 1.54.10 → 1.55.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (534) hide show
  1. package/CODE_OF_CONDUCT.md +41 -41
  2. package/CONTRIBUTING.md +156 -156
  3. package/LICENSE +21 -718
  4. package/README.de.md +169 -169
  5. package/README.ja.md +167 -167
  6. package/README.ko.md +167 -167
  7. package/README.md +435 -418
  8. package/README.ru.md +169 -169
  9. package/README.tr.md +298 -298
  10. package/README.zh-CN.md +167 -167
  11. package/SECURITY.md +46 -46
  12. package/dist-server/server/claude-sdk.js +1 -1
  13. package/dist-server/server/claude-sdk.js.map +1 -1
  14. package/dist-server/server/cli.js +100 -100
  15. package/dist-server/server/daemon/manager.js +33 -33
  16. package/dist-server/server/daemon-manager.js +64 -64
  17. package/dist-server/server/index.js +6 -11
  18. package/dist-server/server/index.js.map +1 -1
  19. package/dist-server/server/modules/security/permission-policy.js.map +1 -0
  20. package/dist-server/server/modules/tasks/git-worktree.js +98 -0
  21. package/dist-server/server/modules/tasks/git-worktree.js.map +1 -0
  22. package/dist-server/server/modules/tasks/index.js +8 -0
  23. package/dist-server/server/modules/tasks/index.js.map +1 -0
  24. package/dist-server/server/modules/tasks/prompt-builder.js +85 -0
  25. package/dist-server/server/modules/tasks/prompt-builder.js.map +1 -0
  26. package/dist-server/server/modules/tasks/role-presets.js +94 -0
  27. package/dist-server/server/modules/tasks/role-presets.js.map +1 -0
  28. package/dist-server/server/modules/tasks/runners/claude-runner.js +109 -0
  29. package/dist-server/server/modules/tasks/runners/claude-runner.js.map +1 -0
  30. package/dist-server/server/modules/tasks/runners/codex-runner.js +67 -0
  31. package/dist-server/server/modules/tasks/runners/codex-runner.js.map +1 -0
  32. package/dist-server/server/modules/tasks/runners/spawn-runner.js +111 -0
  33. package/dist-server/server/modules/tasks/runners/spawn-runner.js.map +1 -0
  34. package/dist-server/server/modules/tasks/runners/types.js +5 -0
  35. package/dist-server/server/modules/tasks/runners/types.js.map +1 -0
  36. package/dist-server/server/modules/tasks/scheduler.js +69 -0
  37. package/dist-server/server/modules/tasks/scheduler.js.map +1 -0
  38. package/dist-server/server/modules/tasks/task-queue.js +81 -0
  39. package/dist-server/server/modules/tasks/task-queue.js.map +1 -0
  40. package/dist-server/server/modules/tasks/task-routes.js +195 -0
  41. package/dist-server/server/modules/tasks/task-routes.js.map +1 -0
  42. package/dist-server/server/modules/tasks/task-runner.js +187 -0
  43. package/dist-server/server/modules/tasks/task-runner.js.map +1 -0
  44. package/dist-server/server/modules/tasks/task-store.js +196 -0
  45. package/dist-server/server/modules/tasks/task-store.js.map +1 -0
  46. package/dist-server/server/modules/tasks/task-types.js +5 -0
  47. package/dist-server/server/modules/tasks/task-types.js.map +1 -0
  48. package/dist-server/server/modules/tasks/user-interaction.js +73 -0
  49. package/dist-server/server/modules/tasks/user-interaction.js.map +1 -0
  50. package/dist-server/server/routes/commands.js +25 -25
  51. package/dist-server/server/routes/git.js +17 -17
  52. package/dist-server/server/routes/live-view.js +46 -46
  53. package/dist-server/server/services/control-room.js +9 -1
  54. package/dist-server/server/services/control-room.js.map +1 -1
  55. package/dist-server/server/services/public-api-manifest.js +54 -54
  56. package/dist-server/server/services/public-api-manifest.js.map +1 -1
  57. package/dist-server/server/services/telegram/control-center.js +10 -10
  58. package/dist-server/server/services/telegram/control-center.js.map +1 -1
  59. package/dist-server/server/services/telegram/telegram-gateway.js +2 -2
  60. package/dist-server/server/services/telegram/telegram-gateway.js.map +1 -1
  61. package/dist-server/server/services/telegram/translations.js +5 -5
  62. package/dist-server/server/services/telegram/translations.js.map +1 -1
  63. package/package.json +224 -224
  64. package/scripts/fix-node-pty.js +67 -67
  65. package/scripts/github/create-v1.38-issues.mjs +351 -351
  66. package/scripts/github/create-vscode-workbench-issues.mjs +121 -121
  67. package/scripts/smoke/backend-resource-bounds.mjs +152 -152
  68. package/scripts/smoke/changes-panel-layout.mjs +48 -48
  69. package/scripts/smoke/chat-composer-fixed-layout.mjs +55 -55
  70. package/scripts/smoke/chat-message-timeline-order.mjs +41 -41
  71. package/scripts/smoke/chat-realtime-hydration.mjs +44 -44
  72. package/scripts/smoke/chat-session-provider-pools.mjs +35 -35
  73. package/scripts/smoke/chat-session-state.mjs +19 -19
  74. package/scripts/smoke/code-editor-theme.mjs +55 -55
  75. package/scripts/smoke/code-editor-vscode-engine.mjs +91 -91
  76. package/scripts/smoke/command-center-agent-writes.mjs +79 -79
  77. package/scripts/smoke/command-center-non-git.mjs +46 -46
  78. package/scripts/smoke/context-packet.mjs +43 -43
  79. package/scripts/smoke/control-room-ux-redesign.mjs +91 -91
  80. package/scripts/smoke/daemon-entrypoint.mjs +20 -20
  81. package/scripts/smoke/default-landing-routing.mjs +33 -33
  82. package/scripts/smoke/desktop-native-notifications.mjs +30 -30
  83. package/scripts/smoke/desktop-tray-icon.mjs +33 -33
  84. package/scripts/smoke/discord-release-workflow.mjs +24 -24
  85. package/scripts/smoke/git-install-update.mjs +255 -255
  86. package/scripts/smoke/handoff-artifact-protocol.mjs +50 -50
  87. package/scripts/smoke/live-view-diagnostics.mjs +53 -53
  88. package/scripts/smoke/live-view-environment.mjs +92 -92
  89. package/scripts/smoke/live-view-integration.mjs +450 -450
  90. package/scripts/smoke/mac-desktop-runtime.mjs +37 -37
  91. package/scripts/smoke/mobile-tunnel-guidance.mjs +29 -29
  92. package/scripts/smoke/mobile-ux.mjs +76 -76
  93. package/scripts/smoke/model-registry.mjs +36 -36
  94. package/scripts/smoke/multi-project-ui.mjs +45 -45
  95. package/scripts/smoke/multi-worker-slots.mjs +42 -42
  96. package/scripts/smoke/notification-center.mjs +87 -87
  97. package/scripts/smoke/notification-inapp-preference.mjs +23 -23
  98. package/scripts/smoke/notification-taxonomy.mjs +58 -58
  99. package/scripts/smoke/orchestration-api.mjs +172 -172
  100. package/scripts/smoke/orchestration-execution-dashboard.mjs +33 -33
  101. package/scripts/smoke/orchestration-live-run.mjs +176 -176
  102. package/scripts/smoke/orchestration-mobile-scroll.mjs +29 -29
  103. package/scripts/smoke/orchestration-model-sync.mjs +30 -30
  104. package/scripts/smoke/orchestration-permission-fallback.mjs +34 -34
  105. package/scripts/smoke/orchestration-runtime-guards.mjs +48 -48
  106. package/scripts/smoke/orchestration-user-facing-output.mjs +25 -25
  107. package/scripts/smoke/permission-policy.mjs +50 -50
  108. package/scripts/smoke/pixcode-workbench-1-48.mjs +167 -167
  109. package/scripts/smoke/provider-models-opencode-live.mjs +66 -66
  110. package/scripts/smoke/provider-rest-api.mjs +124 -124
  111. package/scripts/smoke/provider-selection-status.mjs +52 -52
  112. package/scripts/smoke/run-state-refresh.mjs +52 -52
  113. package/scripts/smoke/runtime-manager.mjs +99 -99
  114. package/scripts/smoke/shell-manual-disconnect.mjs +30 -30
  115. package/scripts/smoke/side-panel-editor-layout.mjs +34 -34
  116. package/scripts/smoke/static-root-routing.mjs +21 -21
  117. package/scripts/smoke/strict-handoff-compact.mjs +60 -60
  118. package/scripts/smoke/taskmaster-config.mjs +24 -24
  119. package/scripts/smoke/taskmaster-execution-telegram.mjs +3 -3
  120. package/scripts/smoke/taskmaster-onboarding.mjs +3 -3
  121. package/scripts/smoke/taskmaster-run-graph.mjs +3 -3
  122. package/scripts/smoke/telegram-control.mjs +331 -331
  123. package/scripts/smoke/tunnel-persistence.mjs +56 -56
  124. package/scripts/smoke/update-issue-progress.mjs +69 -69
  125. package/scripts/smoke/update-ux.mjs +55 -55
  126. package/scripts/smoke/v138-completion.mjs +132 -132
  127. package/scripts/smoke/v138-desktop-release-hardening.mjs +69 -69
  128. package/scripts/smoke/v138-diagnostics.mjs +63 -63
  129. package/scripts/smoke/v138-issue-planner.mjs +33 -33
  130. package/scripts/smoke/v143-remote-control.mjs +76 -76
  131. package/scripts/smoke/v144-production-loop.mjs +47 -47
  132. package/scripts/smoke/v145-platformization.mjs +46 -46
  133. package/scripts/smoke/v146-control-room-ui.mjs +150 -150
  134. package/scripts/smoke/version-modal-autoshow.mjs +29 -29
  135. package/scripts/smoke/vscode-workbench-layout.mjs +63 -63
  136. package/scripts/smoke/vscode-workbench-polish.mjs +461 -461
  137. package/scripts/smoke/workflow-fallback-replay.mjs +56 -56
  138. package/scripts/smoke/workflow-templates.mjs +43 -43
  139. package/scripts/smoke/workflow-trace-timeline.mjs +46 -46
  140. package/scripts/update-git-install.mjs +298 -298
  141. package/server/claude-sdk.js +927 -927
  142. package/server/cli.js +1106 -1106
  143. package/server/constants/config.js +4 -4
  144. package/server/cursor-cli.js +344 -344
  145. package/server/daemon/manager.js +563 -563
  146. package/server/daemon-manager.js +964 -964
  147. package/server/database/db.js +988 -988
  148. package/server/database/json-store.js +197 -197
  149. package/server/gemini-cli.js +550 -550
  150. package/server/gemini-response-handler.js +79 -79
  151. package/server/index.js +5654 -5671
  152. package/server/load-env.js +35 -35
  153. package/server/middleware/account-lockout.js +112 -112
  154. package/server/middleware/auth.js +277 -277
  155. package/server/middleware/rate-limiter.js +87 -87
  156. package/server/modules/providers/index.ts +2 -2
  157. package/server/modules/providers/list/claude/claude-auth.provider.ts +146 -146
  158. package/server/modules/providers/list/claude/claude-mcp.provider.ts +135 -135
  159. package/server/modules/providers/list/claude/claude-sessions.provider.ts +306 -306
  160. package/server/modules/providers/list/claude/claude.provider.ts +15 -15
  161. package/server/modules/providers/list/codex/codex-auth.provider.ts +117 -117
  162. package/server/modules/providers/list/codex/codex-mcp.provider.ts +135 -135
  163. package/server/modules/providers/list/codex/codex-sessions.provider.ts +319 -319
  164. package/server/modules/providers/list/codex/codex.provider.ts +15 -15
  165. package/server/modules/providers/list/cursor/cursor-auth.provider.ts +147 -147
  166. package/server/modules/providers/list/cursor/cursor-mcp.provider.ts +108 -108
  167. package/server/modules/providers/list/cursor/cursor-sessions.provider.ts +421 -421
  168. package/server/modules/providers/list/cursor/cursor.provider.ts +15 -15
  169. package/server/modules/providers/list/gemini/gemini-auth.provider.ts +173 -173
  170. package/server/modules/providers/list/gemini/gemini-mcp.provider.ts +110 -110
  171. package/server/modules/providers/list/gemini/gemini-sessions.provider.ts +227 -227
  172. package/server/modules/providers/list/gemini/gemini.provider.ts +15 -15
  173. package/server/modules/providers/list/opencode/opencode-auth.provider.ts +131 -131
  174. package/server/modules/providers/list/opencode/opencode-sessions.provider.ts +286 -286
  175. package/server/modules/providers/list/qwen/qwen-auth.provider.ts +146 -146
  176. package/server/modules/providers/list/qwen/qwen-sessions.provider.ts +265 -265
  177. package/server/modules/providers/provider.registry.ts +40 -40
  178. package/server/modules/providers/provider.routes.ts +982 -982
  179. package/server/modules/providers/services/mcp.service.ts +86 -86
  180. package/server/modules/providers/services/provider-auth.service.ts +26 -26
  181. package/server/modules/providers/services/sessions.service.ts +45 -45
  182. package/server/modules/providers/shared/base/abstract.provider.ts +20 -20
  183. package/server/modules/providers/shared/mcp/mcp.provider.ts +151 -151
  184. package/server/modules/providers/tests/mcp.test.ts +293 -293
  185. package/server/modules/{orchestration/security → security}/permission-policy.ts +401 -401
  186. package/server/modules/tasks/git-worktree.ts +102 -0
  187. package/server/modules/tasks/index.ts +9 -0
  188. package/server/modules/tasks/prompt-builder.ts +98 -0
  189. package/server/modules/tasks/role-presets.ts +113 -0
  190. package/server/modules/tasks/runners/claude-runner.ts +120 -0
  191. package/server/modules/tasks/runners/codex-runner.ts +80 -0
  192. package/server/modules/tasks/runners/spawn-runner.ts +122 -0
  193. package/server/modules/tasks/runners/types.ts +25 -0
  194. package/server/modules/tasks/scheduler.ts +75 -0
  195. package/server/modules/tasks/task-queue.ts +91 -0
  196. package/server/modules/tasks/task-routes.ts +245 -0
  197. package/server/modules/tasks/task-runner.ts +219 -0
  198. package/server/modules/tasks/task-store.ts +223 -0
  199. package/server/modules/tasks/task-types.ts +100 -0
  200. package/server/modules/tasks/user-interaction.ts +93 -0
  201. package/server/openai-codex.js +468 -468
  202. package/server/opencode-cli.js +491 -491
  203. package/server/opencode-response-handler.js +111 -111
  204. package/server/projects.js +3135 -3135
  205. package/server/qwen-code-cli.js +410 -410
  206. package/server/routes/agent.js +1462 -1462
  207. package/server/routes/auth.js +298 -298
  208. package/server/routes/codex.js +20 -20
  209. package/server/routes/commands.js +581 -581
  210. package/server/routes/cursor.js +61 -61
  211. package/server/routes/diagnostics.js +44 -44
  212. package/server/routes/gemini.js +25 -25
  213. package/server/routes/git.js +1822 -1822
  214. package/server/routes/live-view.js +434 -434
  215. package/server/routes/mcp-utils.js +13 -13
  216. package/server/routes/messages.js +97 -97
  217. package/server/routes/network.js +143 -143
  218. package/server/routes/platformization.js +231 -231
  219. package/server/routes/plugins.js +690 -690
  220. package/server/routes/production-agent-loop.js +90 -90
  221. package/server/routes/projects.js +918 -918
  222. package/server/routes/public-api.js +34 -34
  223. package/server/routes/qwen.js +27 -27
  224. package/server/routes/remote.js +56 -56
  225. package/server/routes/settings.js +321 -321
  226. package/server/routes/telegram.js +163 -163
  227. package/server/routes/user.js +125 -125
  228. package/server/routes/webhooks.js +63 -63
  229. package/server/services/control-room.js +111 -102
  230. package/server/services/diagnostics.js +165 -165
  231. package/server/services/external-access.js +403 -403
  232. package/server/services/install-jobs.js +715 -715
  233. package/server/services/live-view.js +956 -956
  234. package/server/services/managed-runtimes.js +493 -493
  235. package/server/services/model-registry.js +144 -144
  236. package/server/services/notification-orchestrator.js +365 -365
  237. package/server/services/notification-taxonomy.js +204 -204
  238. package/server/services/platformization.js +1052 -1052
  239. package/server/services/production-agent-loop.js +248 -248
  240. package/server/services/provider-cli-versions.js +149 -149
  241. package/server/services/provider-credentials.js +189 -189
  242. package/server/services/provider-models.js +396 -396
  243. package/server/services/public-api-manifest.js +181 -181
  244. package/server/services/qr-login.js +126 -126
  245. package/server/services/remote-connection.js +127 -127
  246. package/server/services/runtime-manager.js +323 -323
  247. package/server/services/startup-update.js +259 -259
  248. package/server/services/telegram/bot.js +393 -393
  249. package/server/services/telegram/control-center.js +2453 -2453
  250. package/server/services/telegram/telegram-gateway.js +314 -314
  251. package/server/services/telegram/telegram-http-client.js +201 -201
  252. package/server/services/telegram/translations.js +470 -470
  253. package/server/services/webhooks.js +216 -216
  254. package/server/sessionManager.js +225 -225
  255. package/server/setup-wizard.js +283 -283
  256. package/server/shared/interfaces.ts +54 -54
  257. package/server/shared/types.ts +172 -172
  258. package/server/shared/utils.ts +193 -193
  259. package/server/tsconfig.json +36 -36
  260. package/server/utils/colors.js +21 -21
  261. package/server/utils/commandParser.js +305 -305
  262. package/server/utils/frontmatter.js +18 -18
  263. package/server/utils/gitConfig.js +34 -34
  264. package/server/utils/plugin-loader.js +461 -461
  265. package/server/utils/plugin-process-manager.js +185 -185
  266. package/server/utils/port-access.js +227 -227
  267. package/server/utils/runtime-paths.js +37 -37
  268. package/server/utils/security-log.js +84 -84
  269. package/server/utils/url-detection.js +71 -71
  270. package/server/vite-daemon.js +79 -79
  271. package/shared/modelConstants.js +161 -161
  272. package/shared/networkHosts.js +22 -22
  273. package/dist/api-automation.html +0 -110
  274. package/dist/api-docs.html +0 -548
  275. package/dist/assets/KaTeX_AMS-Regular-BQhdFMY1.woff2 +0 -0
  276. package/dist/assets/KaTeX_AMS-Regular-DMm9YOAa.woff +0 -0
  277. package/dist/assets/KaTeX_AMS-Regular-DRggAlZN.ttf +0 -0
  278. package/dist/assets/KaTeX_Caligraphic-Bold-ATXxdsX0.ttf +0 -0
  279. package/dist/assets/KaTeX_Caligraphic-Bold-BEiXGLvX.woff +0 -0
  280. package/dist/assets/KaTeX_Caligraphic-Bold-Dq_IR9rO.woff2 +0 -0
  281. package/dist/assets/KaTeX_Caligraphic-Regular-CTRA-rTL.woff +0 -0
  282. package/dist/assets/KaTeX_Caligraphic-Regular-Di6jR-x-.woff2 +0 -0
  283. package/dist/assets/KaTeX_Caligraphic-Regular-wX97UBjC.ttf +0 -0
  284. package/dist/assets/KaTeX_Fraktur-Bold-BdnERNNW.ttf +0 -0
  285. package/dist/assets/KaTeX_Fraktur-Bold-BsDP51OF.woff +0 -0
  286. package/dist/assets/KaTeX_Fraktur-Bold-CL6g_b3V.woff2 +0 -0
  287. package/dist/assets/KaTeX_Fraktur-Regular-CB_wures.ttf +0 -0
  288. package/dist/assets/KaTeX_Fraktur-Regular-CTYiF6lA.woff2 +0 -0
  289. package/dist/assets/KaTeX_Fraktur-Regular-Dxdc4cR9.woff +0 -0
  290. package/dist/assets/KaTeX_Main-Bold-Cx986IdX.woff2 +0 -0
  291. package/dist/assets/KaTeX_Main-Bold-Jm3AIy58.woff +0 -0
  292. package/dist/assets/KaTeX_Main-Bold-waoOVXN0.ttf +0 -0
  293. package/dist/assets/KaTeX_Main-BoldItalic-DxDJ3AOS.woff2 +0 -0
  294. package/dist/assets/KaTeX_Main-BoldItalic-DzxPMmG6.ttf +0 -0
  295. package/dist/assets/KaTeX_Main-BoldItalic-SpSLRI95.woff +0 -0
  296. package/dist/assets/KaTeX_Main-Italic-3WenGoN9.ttf +0 -0
  297. package/dist/assets/KaTeX_Main-Italic-BMLOBm91.woff +0 -0
  298. package/dist/assets/KaTeX_Main-Italic-NWA7e6Wa.woff2 +0 -0
  299. package/dist/assets/KaTeX_Main-Regular-B22Nviop.woff2 +0 -0
  300. package/dist/assets/KaTeX_Main-Regular-Dr94JaBh.woff +0 -0
  301. package/dist/assets/KaTeX_Main-Regular-ypZvNtVU.ttf +0 -0
  302. package/dist/assets/KaTeX_Math-BoldItalic-B3XSjfu4.ttf +0 -0
  303. package/dist/assets/KaTeX_Math-BoldItalic-CZnvNsCZ.woff2 +0 -0
  304. package/dist/assets/KaTeX_Math-BoldItalic-iY-2wyZ7.woff +0 -0
  305. package/dist/assets/KaTeX_Math-Italic-DA0__PXp.woff +0 -0
  306. package/dist/assets/KaTeX_Math-Italic-flOr_0UB.ttf +0 -0
  307. package/dist/assets/KaTeX_Math-Italic-t53AETM-.woff2 +0 -0
  308. package/dist/assets/KaTeX_SansSerif-Bold-CFMepnvq.ttf +0 -0
  309. package/dist/assets/KaTeX_SansSerif-Bold-D1sUS0GD.woff2 +0 -0
  310. package/dist/assets/KaTeX_SansSerif-Bold-DbIhKOiC.woff +0 -0
  311. package/dist/assets/KaTeX_SansSerif-Italic-C3H0VqGB.woff2 +0 -0
  312. package/dist/assets/KaTeX_SansSerif-Italic-DN2j7dab.woff +0 -0
  313. package/dist/assets/KaTeX_SansSerif-Italic-YYjJ1zSn.ttf +0 -0
  314. package/dist/assets/KaTeX_SansSerif-Regular-BNo7hRIc.ttf +0 -0
  315. package/dist/assets/KaTeX_SansSerif-Regular-CS6fqUqJ.woff +0 -0
  316. package/dist/assets/KaTeX_SansSerif-Regular-DDBCnlJ7.woff2 +0 -0
  317. package/dist/assets/KaTeX_Script-Regular-C5JkGWo-.ttf +0 -0
  318. package/dist/assets/KaTeX_Script-Regular-D3wIWfF6.woff2 +0 -0
  319. package/dist/assets/KaTeX_Script-Regular-D5yQViql.woff +0 -0
  320. package/dist/assets/KaTeX_Size1-Regular-C195tn64.woff +0 -0
  321. package/dist/assets/KaTeX_Size1-Regular-Dbsnue_I.ttf +0 -0
  322. package/dist/assets/KaTeX_Size1-Regular-mCD8mA8B.woff2 +0 -0
  323. package/dist/assets/KaTeX_Size2-Regular-B7gKUWhC.ttf +0 -0
  324. package/dist/assets/KaTeX_Size2-Regular-Dy4dx90m.woff2 +0 -0
  325. package/dist/assets/KaTeX_Size2-Regular-oD1tc_U0.woff +0 -0
  326. package/dist/assets/KaTeX_Size3-Regular-CTq5MqoE.woff +0 -0
  327. package/dist/assets/KaTeX_Size3-Regular-DgpXs0kz.ttf +0 -0
  328. package/dist/assets/KaTeX_Size4-Regular-BF-4gkZK.woff +0 -0
  329. package/dist/assets/KaTeX_Size4-Regular-DWFBv043.ttf +0 -0
  330. package/dist/assets/KaTeX_Size4-Regular-Dl5lxZxV.woff2 +0 -0
  331. package/dist/assets/KaTeX_Typewriter-Regular-C0xS9mPB.woff +0 -0
  332. package/dist/assets/KaTeX_Typewriter-Regular-CO6r4hn1.woff2 +0 -0
  333. package/dist/assets/KaTeX_Typewriter-Regular-D3Ib7_Hf.ttf +0 -0
  334. package/dist/assets/index-DWOW_Jn0.js +0 -877
  335. package/dist/assets/index-Dz1luE0u.css +0 -32
  336. package/dist/assets/index-ak1p_4ew.js +0 -11
  337. package/dist/assets/localMonaco-DFIbtDNp.js +0 -1
  338. package/dist/assets/vendor-codemirror-CIYNS698.js +0 -41
  339. package/dist/assets/vendor-react-DB6V5Fl1.js +0 -59
  340. package/dist/assets/vendor-xterm-C7tpxJl7.js +0 -9
  341. package/dist/clear-cache.html +0 -85
  342. package/dist/convert-icons.md +0 -53
  343. package/dist/docs.html +0 -308
  344. package/dist/favicon.png +0 -0
  345. package/dist/favicon.svg +0 -8
  346. package/dist/features.html +0 -133
  347. package/dist/generate-icons.js +0 -49
  348. package/dist/humans.txt +0 -15
  349. package/dist/icons/claude-ai-icon.svg +0 -1
  350. package/dist/icons/codex-white.svg +0 -3
  351. package/dist/icons/codex.svg +0 -3
  352. package/dist/icons/cursor-white.svg +0 -12
  353. package/dist/icons/cursor.svg +0 -1
  354. package/dist/icons/gemini-ai-icon.svg +0 -1
  355. package/dist/icons/icon-128x128.png +0 -0
  356. package/dist/icons/icon-128x128.svg +0 -9
  357. package/dist/icons/icon-144x144.png +0 -0
  358. package/dist/icons/icon-144x144.svg +0 -9
  359. package/dist/icons/icon-152x152.png +0 -0
  360. package/dist/icons/icon-152x152.svg +0 -9
  361. package/dist/icons/icon-192x192.png +0 -0
  362. package/dist/icons/icon-192x192.svg +0 -9
  363. package/dist/icons/icon-384x384.png +0 -0
  364. package/dist/icons/icon-384x384.svg +0 -9
  365. package/dist/icons/icon-512x512.png +0 -0
  366. package/dist/icons/icon-512x512.svg +0 -9
  367. package/dist/icons/icon-72x72.png +0 -0
  368. package/dist/icons/icon-72x72.svg +0 -9
  369. package/dist/icons/icon-96x96.png +0 -0
  370. package/dist/icons/icon-96x96.svg +0 -9
  371. package/dist/icons/icon-template.svg +0 -9
  372. package/dist/icons/opencode-logo-dark.svg +0 -1
  373. package/dist/icons/opencode-logo-light.svg +0 -1
  374. package/dist/icons/qwen-ai-icon.png +0 -0
  375. package/dist/icons/qwen-logo.svg +0 -15
  376. package/dist/index.html +0 -62
  377. package/dist/landing.html +0 -268
  378. package/dist/llms-full.txt +0 -119
  379. package/dist/llms.txt +0 -53
  380. package/dist/logo-128.png +0 -0
  381. package/dist/logo-256.png +0 -0
  382. package/dist/logo-32.png +0 -0
  383. package/dist/logo-512.png +0 -0
  384. package/dist/logo-64.png +0 -0
  385. package/dist/logo.png +0 -0
  386. package/dist/logo.svg +0 -12
  387. package/dist/manifest.json +0 -61
  388. package/dist/openapi.yaml +0 -1696
  389. package/dist/orchestration.html +0 -125
  390. package/dist/robots.txt +0 -4
  391. package/dist/screenshots/cli-selection.png +0 -0
  392. package/dist/screenshots/desktop-main.png +0 -0
  393. package/dist/screenshots/mobile-chat.png +0 -0
  394. package/dist/screenshots/tools-modal.png +0 -0
  395. package/dist/site.css +0 -692
  396. package/dist/sitemap.xml +0 -51
  397. package/dist/sw.js +0 -132
  398. package/dist-server/server/modules/orchestration/a2a/adapter-registry.js +0 -73
  399. package/dist-server/server/modules/orchestration/a2a/adapter-registry.js.map +0 -1
  400. package/dist-server/server/modules/orchestration/a2a/adapters/abstract-a2a.adapter.js +0 -17
  401. package/dist-server/server/modules/orchestration/a2a/adapters/abstract-a2a.adapter.js.map +0 -1
  402. package/dist-server/server/modules/orchestration/a2a/adapters/claude-code.adapter.js +0 -236
  403. package/dist-server/server/modules/orchestration/a2a/adapters/claude-code.adapter.js.map +0 -1
  404. package/dist-server/server/modules/orchestration/a2a/adapters/codex.adapter.js +0 -202
  405. package/dist-server/server/modules/orchestration/a2a/adapters/codex.adapter.js.map +0 -1
  406. package/dist-server/server/modules/orchestration/a2a/adapters/cursor.adapter.js +0 -205
  407. package/dist-server/server/modules/orchestration/a2a/adapters/cursor.adapter.js.map +0 -1
  408. package/dist-server/server/modules/orchestration/a2a/adapters/gemini.adapter.js +0 -205
  409. package/dist-server/server/modules/orchestration/a2a/adapters/gemini.adapter.js.map +0 -1
  410. package/dist-server/server/modules/orchestration/a2a/adapters/json-event.adapter.js +0 -84
  411. package/dist-server/server/modules/orchestration/a2a/adapters/json-event.adapter.js.map +0 -1
  412. package/dist-server/server/modules/orchestration/a2a/adapters/json-event.adapter.test.js +0 -43
  413. package/dist-server/server/modules/orchestration/a2a/adapters/json-event.adapter.test.js.map +0 -1
  414. package/dist-server/server/modules/orchestration/a2a/adapters/opencode.adapter.js +0 -205
  415. package/dist-server/server/modules/orchestration/a2a/adapters/opencode.adapter.js.map +0 -1
  416. package/dist-server/server/modules/orchestration/a2a/adapters/qwen.adapter.js +0 -205
  417. package/dist-server/server/modules/orchestration/a2a/adapters/qwen.adapter.js.map +0 -1
  418. package/dist-server/server/modules/orchestration/a2a/agent-card.js +0 -50
  419. package/dist-server/server/modules/orchestration/a2a/agent-card.js.map +0 -1
  420. package/dist-server/server/modules/orchestration/a2a/auth.middleware.js +0 -25
  421. package/dist-server/server/modules/orchestration/a2a/auth.middleware.js.map +0 -1
  422. package/dist-server/server/modules/orchestration/a2a/bus.js +0 -34
  423. package/dist-server/server/modules/orchestration/a2a/bus.js.map +0 -1
  424. package/dist-server/server/modules/orchestration/a2a/routes.js +0 -502
  425. package/dist-server/server/modules/orchestration/a2a/routes.js.map +0 -1
  426. package/dist-server/server/modules/orchestration/a2a/task-dispatcher.js +0 -295
  427. package/dist-server/server/modules/orchestration/a2a/task-dispatcher.js.map +0 -1
  428. package/dist-server/server/modules/orchestration/a2a/task-store.js +0 -144
  429. package/dist-server/server/modules/orchestration/a2a/task-store.js.map +0 -1
  430. package/dist-server/server/modules/orchestration/a2a/types.js +0 -6
  431. package/dist-server/server/modules/orchestration/a2a/types.js.map +0 -1
  432. package/dist-server/server/modules/orchestration/a2a/validator.js +0 -101
  433. package/dist-server/server/modules/orchestration/a2a/validator.js.map +0 -1
  434. package/dist-server/server/modules/orchestration/index.js +0 -27
  435. package/dist-server/server/modules/orchestration/index.js.map +0 -1
  436. package/dist-server/server/modules/orchestration/preview/port-watcher.js +0 -90
  437. package/dist-server/server/modules/orchestration/preview/port-watcher.js.map +0 -1
  438. package/dist-server/server/modules/orchestration/preview/preview-proxy.js +0 -58
  439. package/dist-server/server/modules/orchestration/preview/preview-proxy.js.map +0 -1
  440. package/dist-server/server/modules/orchestration/preview/types.js +0 -2
  441. package/dist-server/server/modules/orchestration/preview/types.js.map +0 -1
  442. package/dist-server/server/modules/orchestration/security/permission-policy.js.map +0 -1
  443. package/dist-server/server/modules/orchestration/tasks/orchestration-task-store.js +0 -34
  444. package/dist-server/server/modules/orchestration/tasks/orchestration-task-store.js.map +0 -1
  445. package/dist-server/server/modules/orchestration/tasks/orchestration-task.routes.js +0 -70
  446. package/dist-server/server/modules/orchestration/tasks/orchestration-task.routes.js.map +0 -1
  447. package/dist-server/server/modules/orchestration/tasks/orchestration-task.service.js +0 -181
  448. package/dist-server/server/modules/orchestration/tasks/orchestration-task.service.js.map +0 -1
  449. package/dist-server/server/modules/orchestration/tasks/orchestration-task.types.js +0 -2
  450. package/dist-server/server/modules/orchestration/tasks/orchestration-task.types.js.map +0 -1
  451. package/dist-server/server/modules/orchestration/tasks/task-run-graph.js +0 -100
  452. package/dist-server/server/modules/orchestration/tasks/task-run-graph.js.map +0 -1
  453. package/dist-server/server/modules/orchestration/workflows/approval-queue.js +0 -72
  454. package/dist-server/server/modules/orchestration/workflows/approval-queue.js.map +0 -1
  455. package/dist-server/server/modules/orchestration/workflows/built-in-workflows.js +0 -126
  456. package/dist-server/server/modules/orchestration/workflows/built-in-workflows.js.map +0 -1
  457. package/dist-server/server/modules/orchestration/workflows/context-packet.js +0 -89
  458. package/dist-server/server/modules/orchestration/workflows/context-packet.js.map +0 -1
  459. package/dist-server/server/modules/orchestration/workflows/handoff-artifact.js +0 -123
  460. package/dist-server/server/modules/orchestration/workflows/handoff-artifact.js.map +0 -1
  461. package/dist-server/server/modules/orchestration/workflows/workflow-fallback-policy.js +0 -114
  462. package/dist-server/server/modules/orchestration/workflows/workflow-fallback-policy.js.map +0 -1
  463. package/dist-server/server/modules/orchestration/workflows/workflow-replay.js +0 -177
  464. package/dist-server/server/modules/orchestration/workflows/workflow-replay.js.map +0 -1
  465. package/dist-server/server/modules/orchestration/workflows/workflow-runner.js +0 -1718
  466. package/dist-server/server/modules/orchestration/workflows/workflow-runner.js.map +0 -1
  467. package/dist-server/server/modules/orchestration/workflows/workflow-store.js +0 -76
  468. package/dist-server/server/modules/orchestration/workflows/workflow-store.js.map +0 -1
  469. package/dist-server/server/modules/orchestration/workflows/workflow-templates.js +0 -242
  470. package/dist-server/server/modules/orchestration/workflows/workflow-templates.js.map +0 -1
  471. package/dist-server/server/modules/orchestration/workflows/workflow-trace.js +0 -388
  472. package/dist-server/server/modules/orchestration/workflows/workflow-trace.js.map +0 -1
  473. package/dist-server/server/modules/orchestration/workflows/workflow.routes.js +0 -508
  474. package/dist-server/server/modules/orchestration/workflows/workflow.routes.js.map +0 -1
  475. package/dist-server/server/modules/orchestration/workflows/workflow.types.js +0 -2
  476. package/dist-server/server/modules/orchestration/workflows/workflow.types.js.map +0 -1
  477. package/dist-server/server/modules/orchestration/workflows/workspace-target.js +0 -100
  478. package/dist-server/server/modules/orchestration/workflows/workspace-target.js.map +0 -1
  479. package/dist-server/server/modules/orchestration/workspace/docker-workspace.js +0 -123
  480. package/dist-server/server/modules/orchestration/workspace/docker-workspace.js.map +0 -1
  481. package/dist-server/server/modules/orchestration/workspace/path-safety.js +0 -48
  482. package/dist-server/server/modules/orchestration/workspace/path-safety.js.map +0 -1
  483. package/dist-server/server/modules/orchestration/workspace/types.js +0 -11
  484. package/dist-server/server/modules/orchestration/workspace/types.js.map +0 -1
  485. package/dist-server/server/modules/orchestration/workspace/workspace-manager.js +0 -84
  486. package/dist-server/server/modules/orchestration/workspace/workspace-manager.js.map +0 -1
  487. package/dist-server/server/modules/orchestration/workspace/worktree-workspace.js +0 -97
  488. package/dist-server/server/modules/orchestration/workspace/worktree-workspace.js.map +0 -1
  489. package/server/modules/orchestration/a2a/adapter-registry.ts +0 -108
  490. package/server/modules/orchestration/a2a/adapters/abstract-a2a.adapter.ts +0 -63
  491. package/server/modules/orchestration/a2a/adapters/claude-code.adapter.ts +0 -286
  492. package/server/modules/orchestration/a2a/adapters/codex.adapter.ts +0 -244
  493. package/server/modules/orchestration/a2a/adapters/cursor.adapter.ts +0 -249
  494. package/server/modules/orchestration/a2a/adapters/gemini.adapter.ts +0 -248
  495. package/server/modules/orchestration/a2a/adapters/json-event.adapter.test.ts +0 -60
  496. package/server/modules/orchestration/a2a/adapters/json-event.adapter.ts +0 -101
  497. package/server/modules/orchestration/a2a/adapters/opencode.adapter.ts +0 -248
  498. package/server/modules/orchestration/a2a/adapters/qwen.adapter.ts +0 -248
  499. package/server/modules/orchestration/a2a/agent-card.ts +0 -55
  500. package/server/modules/orchestration/a2a/auth.middleware.ts +0 -29
  501. package/server/modules/orchestration/a2a/bus.ts +0 -46
  502. package/server/modules/orchestration/a2a/routes.ts +0 -586
  503. package/server/modules/orchestration/a2a/task-dispatcher.ts +0 -345
  504. package/server/modules/orchestration/a2a/task-store.ts +0 -178
  505. package/server/modules/orchestration/a2a/types.ts +0 -126
  506. package/server/modules/orchestration/a2a/validator.ts +0 -113
  507. package/server/modules/orchestration/index.ts +0 -99
  508. package/server/modules/orchestration/preview/port-watcher.ts +0 -112
  509. package/server/modules/orchestration/preview/preview-proxy.ts +0 -60
  510. package/server/modules/orchestration/preview/types.ts +0 -19
  511. package/server/modules/orchestration/tasks/orchestration-task-store.ts +0 -41
  512. package/server/modules/orchestration/tasks/orchestration-task.routes.ts +0 -81
  513. package/server/modules/orchestration/tasks/orchestration-task.service.ts +0 -201
  514. package/server/modules/orchestration/tasks/orchestration-task.types.ts +0 -40
  515. package/server/modules/orchestration/tasks/task-run-graph.ts +0 -155
  516. package/server/modules/orchestration/workflows/approval-queue.ts +0 -106
  517. package/server/modules/orchestration/workflows/built-in-workflows.ts +0 -127
  518. package/server/modules/orchestration/workflows/context-packet.ts +0 -186
  519. package/server/modules/orchestration/workflows/handoff-artifact.ts +0 -175
  520. package/server/modules/orchestration/workflows/workflow-fallback-policy.ts +0 -161
  521. package/server/modules/orchestration/workflows/workflow-replay.ts +0 -254
  522. package/server/modules/orchestration/workflows/workflow-runner.ts +0 -2062
  523. package/server/modules/orchestration/workflows/workflow-store.ts +0 -97
  524. package/server/modules/orchestration/workflows/workflow-templates.ts +0 -272
  525. package/server/modules/orchestration/workflows/workflow-trace.ts +0 -424
  526. package/server/modules/orchestration/workflows/workflow.routes.ts +0 -586
  527. package/server/modules/orchestration/workflows/workflow.types.ts +0 -111
  528. package/server/modules/orchestration/workflows/workspace-target.ts +0 -122
  529. package/server/modules/orchestration/workspace/docker-workspace.ts +0 -136
  530. package/server/modules/orchestration/workspace/path-safety.ts +0 -55
  531. package/server/modules/orchestration/workspace/types.ts +0 -52
  532. package/server/modules/orchestration/workspace/workspace-manager.ts +0 -102
  533. package/server/modules/orchestration/workspace/worktree-workspace.ts +0 -126
  534. /package/dist-server/server/modules/{orchestration/security → security}/permission-policy.js +0 -0
@@ -1,401 +1,401 @@
1
- import os from 'node:os';
2
- import path from 'node:path';
3
-
4
- export const PIXCODE_PERMISSION_POLICY_PROTOCOL = 'pixcode.permission-policy.v1' as const;
5
-
6
- export const PERMISSION_CAPABILITIES = [
7
- 'shell',
8
- 'file_write',
9
- 'external_directory',
10
- 'network',
11
- 'secret',
12
- ] as const;
13
-
14
- export const PERMISSION_POLICY_MODES = ['allow', 'deny', 'prompt', 'audit'] as const;
15
-
16
- export type PermissionCapability = typeof PERMISSION_CAPABILITIES[number];
17
- export type PermissionPolicyMode = typeof PERMISSION_POLICY_MODES[number];
18
- export type PermissionDecisionStatus = 'allowed' | 'denied' | 'needs_approval';
19
-
20
- export interface PermissionPolicy {
21
- protocol: typeof PIXCODE_PERMISSION_POLICY_PROTOCOL;
22
- modes: Record<PermissionCapability, PermissionPolicyMode>;
23
- allowedExternalDirectories: string[];
24
- audit: boolean;
25
- }
26
-
27
- export interface PermissionRequest {
28
- requestId?: string;
29
- source: 'workflow_node' | 'provider_tool' | 'api' | 'shell' | 'file' | string;
30
- capability?: PermissionCapability;
31
- capabilities?: PermissionCapability[];
32
- toolName?: string;
33
- command?: string;
34
- input?: unknown;
35
- cwd?: string;
36
- workspacePath?: string;
37
- targetPaths?: string[];
38
- summary?: string;
39
- }
40
-
41
- export interface PermissionPolicyContext {
42
- runId?: string;
43
- nodeId?: string;
44
- workflowId?: string;
45
- adapterId?: string;
46
- agentLabel?: string;
47
- userId?: string | number | null;
48
- }
49
-
50
- export interface PermissionApprovalRequest {
51
- id: string;
52
- protocol: typeof PIXCODE_PERMISSION_POLICY_PROTOCOL;
53
- status: 'pending' | 'allowed' | 'denied' | 'canceled';
54
- capabilities: PermissionCapability[];
55
- source: string;
56
- toolName?: string;
57
- runId?: string;
58
- nodeId?: string;
59
- workflowId?: string;
60
- adapterId?: string;
61
- agentLabel?: string;
62
- summary?: string;
63
- message: string;
64
- createdAt: number;
65
- resolvedAt?: number;
66
- resolvedBy?: string | number | null;
67
- resolutionMessage?: string;
68
- }
69
-
70
- export interface PermissionPolicyEvent {
71
- id: string;
72
- protocol: typeof PIXCODE_PERMISSION_POLICY_PROTOCOL;
73
- status: PermissionDecisionStatus;
74
- behavior: 'allow' | 'deny' | 'prompt';
75
- capabilities: PermissionCapability[];
76
- source: string;
77
- toolName?: string;
78
- summary?: string;
79
- message: string;
80
- modeByCapability: Partial<Record<PermissionCapability, PermissionPolicyMode>>;
81
- audit: boolean;
82
- runId?: string;
83
- nodeId?: string;
84
- workflowId?: string;
85
- adapterId?: string;
86
- agentLabel?: string;
87
- createdAt: number;
88
- }
89
-
90
- export interface PermissionDecision {
91
- protocol: typeof PIXCODE_PERMISSION_POLICY_PROTOCOL;
92
- requestId: string;
93
- status: PermissionDecisionStatus;
94
- behavior: 'allow' | 'deny' | 'prompt';
95
- capabilities: PermissionCapability[];
96
- modeByCapability: Partial<Record<PermissionCapability, PermissionPolicyMode>>;
97
- message: string;
98
- audit: boolean;
99
- event: PermissionPolicyEvent;
100
- approvalRequest?: PermissionApprovalRequest;
101
- }
102
-
103
- const DEFAULT_MODES: Record<PermissionCapability, PermissionPolicyMode> = {
104
- shell: 'audit',
105
- file_write: 'audit',
106
- external_directory: 'audit',
107
- network: 'audit',
108
- secret: 'audit',
109
- };
110
-
111
- const NETWORK_COMMAND_PATTERN = /\b(curl|wget|fetch|ssh|scp|rsync|gh|git\s+(?:clone|fetch|pull|push)|npm\s+(?:install|publish|view|pack|audit)|pnpm\s+(?:install|publish)|yarn\s+(?:install|publish)|pip\s+install|cargo\s+(?:install|publish)|go\s+(?:get|install)|docker\s+(?:pull|push|run))\b|https?:\/\//iu;
112
- const FILE_WRITE_COMMAND_PATTERN = /(^|\s)(apply_patch|touch|mkdir|rm|mv|cp|tee|sed\s+-i|perl\s+-pi|truncate|chmod|chown)\b|>>?|\b(write|edit|patch|delete|create)\s+(?:file|folder|directory)\b/iu;
113
- const SECRET_COMMAND_PATTERN = /\b(printenv|env|set)\b|\b(cat|type|less|more)\s+(\S*\.env\b|\S*secret\S*|\S*token\S*|\S*key\S*)/iu;
114
- const SECRET_VALUE_PATTERN = /\b(?:sk|ghp|github_pat|glpat|npm)_[A-Za-z0-9_=-]{12,}\b|(?:api[_-]?key|secret|token|password)\s*[:=]\s*['"]?[A-Za-z0-9_./+=-]{8,}/iu;
115
-
116
- function readRecord(value: unknown): Record<string, unknown> | undefined {
117
- return value && typeof value === 'object' ? value as Record<string, unknown> : undefined;
118
- }
119
-
120
- function readString(value: unknown): string | undefined {
121
- return typeof value === 'string' && value.trim() ? value.trim() : undefined;
122
- }
123
-
124
- function readMode(value: unknown): PermissionPolicyMode | undefined {
125
- return typeof value === 'string' && (PERMISSION_POLICY_MODES as readonly string[]).includes(value)
126
- ? value as PermissionPolicyMode
127
- : undefined;
128
- }
129
-
130
- function uniqueCapabilities(values: Array<PermissionCapability | undefined>): PermissionCapability[] {
131
- return [...new Set(values.filter((value): value is PermissionCapability => Boolean(value)))];
132
- }
133
-
134
- function requestId(value?: string): string {
135
- return value?.trim() || `perm_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 10)}`;
136
- }
137
-
138
- function normalizePath(value: string | undefined): string | undefined {
139
- if (!value?.trim()) return undefined;
140
- try {
141
- return path.resolve(value);
142
- } catch {
143
- return undefined;
144
- }
145
- }
146
-
147
- function isInsidePath(basePath: string | undefined, candidatePath: string | undefined): boolean {
148
- const base = normalizePath(basePath);
149
- const candidate = normalizePath(candidatePath);
150
- if (!base || !candidate) return true;
151
- if (candidate === base) return true;
152
- const relative = path.relative(base, candidate);
153
- return Boolean(relative && !relative.startsWith('..') && !path.isAbsolute(relative));
154
- }
155
-
156
- function collectInputPaths(input: unknown): string[] {
157
- const paths: string[] = [];
158
- const visit = (value: unknown) => {
159
- if (typeof value === 'string') {
160
- if (/^(?:[A-Za-z]:[\\/]|\/|~\/|\.\.?[\\/])/u.test(value.trim())) {
161
- paths.push(value.trim().replace(/^~(?=$|[\\/])/u, os.homedir()));
162
- }
163
- return;
164
- }
165
- if (Array.isArray(value)) {
166
- value.forEach(visit);
167
- return;
168
- }
169
- const record = readRecord(value);
170
- if (!record) return;
171
- for (const [key, nested] of Object.entries(record)) {
172
- if (/path|file|dir|cwd|target|source|destination/iu.test(key)) {
173
- visit(nested);
174
- }
175
- }
176
- };
177
- visit(input);
178
- return paths;
179
- }
180
-
181
- function inferCapabilities(request: PermissionRequest): PermissionCapability[] {
182
- const capabilities: PermissionCapability[] = [];
183
- if (request.capability) capabilities.push(request.capability);
184
- if (Array.isArray(request.capabilities)) capabilities.push(...request.capabilities);
185
-
186
- const toolName = request.toolName?.toLocaleLowerCase('en') ?? '';
187
- const command = [
188
- request.command,
189
- typeof request.input === 'string' ? request.input : undefined,
190
- readString(readRecord(request.input)?.command),
191
- readString(readRecord(request.input)?.query),
192
- ].filter(Boolean).join('\n');
193
- const inputText = [
194
- command,
195
- typeof request.summary === 'string' ? request.summary : undefined,
196
- typeof request.input === 'object' ? JSON.stringify(request.input) : undefined,
197
- ].filter(Boolean).join('\n');
198
-
199
- if (toolName === 'bash' || toolName.includes('shell') || toolName.includes('terminal') || command.trim()) {
200
- capabilities.push('shell');
201
- }
202
- if (/write|edit|multiedit|notebookedit|delete|patch/iu.test(toolName) || FILE_WRITE_COMMAND_PATTERN.test(command)) {
203
- capabilities.push('file_write');
204
- }
205
- if (/webfetch|websearch|fetch|search/iu.test(toolName) || NETWORK_COMMAND_PATTERN.test(command)) {
206
- capabilities.push('network');
207
- }
208
- if (/secret|credential|token|keychain|vault/iu.test(toolName) || SECRET_COMMAND_PATTERN.test(command) || SECRET_VALUE_PATTERN.test(inputText)) {
209
- capabilities.push('secret');
210
- }
211
-
212
- const targetPaths = [
213
- ...(Array.isArray(request.targetPaths) ? request.targetPaths : []),
214
- ...collectInputPaths(request.input),
215
- ];
216
- if (targetPaths.some((targetPath) => !isInsidePath(request.workspacePath ?? request.cwd, targetPath))) {
217
- capabilities.push('external_directory');
218
- }
219
-
220
- return uniqueCapabilities(capabilities);
221
- }
222
-
223
- export const DEFAULT_PERMISSION_POLICY: PermissionPolicy = {
224
- protocol: PIXCODE_PERMISSION_POLICY_PROTOCOL,
225
- modes: DEFAULT_MODES,
226
- allowedExternalDirectories: [],
227
- audit: true,
228
- };
229
-
230
- export function normalizePermissionPolicy(value?: unknown): PermissionPolicy {
231
- const record = readRecord(value);
232
- const modeRecord = readRecord(record?.modes) ?? readRecord(record?.rules) ?? record ?? {};
233
- const modes = { ...DEFAULT_MODES };
234
- for (const capability of PERMISSION_CAPABILITIES) {
235
- modes[capability] = readMode(modeRecord[capability]) ?? modes[capability];
236
- }
237
-
238
- const allowedExternalDirectories = Array.isArray(record?.allowedExternalDirectories)
239
- ? record.allowedExternalDirectories
240
- .map((item) => readString(item))
241
- .filter((item): item is string => Boolean(item))
242
- : [];
243
-
244
- return {
245
- protocol: PIXCODE_PERMISSION_POLICY_PROTOCOL,
246
- modes,
247
- allowedExternalDirectories,
248
- audit: typeof record?.audit === 'boolean' ? record.audit : true,
249
- };
250
- }
251
-
252
- export function resolvePermissionPolicyFromMetadata(metadata?: Record<string, unknown>): PermissionPolicy {
253
- const settings = readRecord(metadata?.settings);
254
- return normalizePermissionPolicy(metadata?.permissionPolicy ?? settings?.permissionPolicy);
255
- }
256
-
257
- export function redactPermissionText(
258
- value: string | undefined,
259
- context?: { workspacePath?: string; cwd?: string; projectPath?: string },
260
- ): string | undefined {
261
- if (!value?.trim()) return undefined;
262
- const candidates = [
263
- os.homedir(),
264
- context?.workspacePath,
265
- context?.cwd,
266
- context?.projectPath,
267
- ].filter((item): item is string => Boolean(item && item.length > 2));
268
-
269
- let text = value;
270
- for (const candidate of candidates) {
271
- text = text.split(candidate).join('[workspace]');
272
- }
273
-
274
- return text
275
- .replace(SECRET_VALUE_PATTERN, '[redacted-secret]')
276
- .replace(/\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b/gu, '[redacted-email]')
277
- .trim();
278
- }
279
-
280
- function modeAllowsExternalDirectory(
281
- request: PermissionRequest,
282
- policy: PermissionPolicy,
283
- ): boolean {
284
- const targetPaths = [
285
- ...(Array.isArray(request.targetPaths) ? request.targetPaths : []),
286
- ...collectInputPaths(request.input),
287
- ];
288
- if (!targetPaths.length || !policy.allowedExternalDirectories.length) return false;
289
-
290
- return targetPaths.every((targetPath) =>
291
- policy.allowedExternalDirectories.some((allowedPath) => isInsidePath(allowedPath, targetPath)),
292
- );
293
- }
294
-
295
- export function createPermissionApprovalRequest(
296
- decision: Omit<PermissionDecision, 'approvalRequest'>,
297
- context?: PermissionPolicyContext,
298
- ): PermissionApprovalRequest {
299
- return {
300
- id: decision.requestId,
301
- protocol: PIXCODE_PERMISSION_POLICY_PROTOCOL,
302
- status: 'pending',
303
- capabilities: decision.capabilities,
304
- source: decision.event.source,
305
- toolName: decision.event.toolName,
306
- runId: context?.runId,
307
- nodeId: context?.nodeId,
308
- workflowId: context?.workflowId,
309
- adapterId: context?.adapterId,
310
- agentLabel: context?.agentLabel,
311
- summary: decision.event.summary,
312
- message: decision.message,
313
- createdAt: decision.event.createdAt,
314
- };
315
- }
316
-
317
- export function evaluatePermissionRequest({
318
- policy: policyInput,
319
- request,
320
- context,
321
- }: {
322
- policy?: unknown;
323
- request: PermissionRequest;
324
- context?: PermissionPolicyContext;
325
- }): PermissionDecision {
326
- const policy = normalizePermissionPolicy(policyInput);
327
- const id = requestId(request.requestId);
328
- const capabilities = inferCapabilities(request);
329
- const modeByCapability: Partial<Record<PermissionCapability, PermissionPolicyMode>> = {};
330
-
331
- for (const capability of capabilities) {
332
- const mode = capability === 'external_directory' && modeAllowsExternalDirectory(request, policy)
333
- ? 'allow'
334
- : policy.modes[capability];
335
- modeByCapability[capability] = mode;
336
- }
337
-
338
- const modes = Object.values(modeByCapability);
339
- const behavior: PermissionDecision['behavior'] = modes.includes('deny')
340
- ? 'deny'
341
- : modes.includes('prompt')
342
- ? 'prompt'
343
- : 'allow';
344
- const status: PermissionDecisionStatus = behavior === 'deny'
345
- ? 'denied'
346
- : behavior === 'prompt'
347
- ? 'needs_approval'
348
- : 'allowed';
349
- const summary = redactPermissionText(
350
- request.summary
351
- ?? request.command
352
- ?? (request.toolName ? `${request.toolName} tool request` : `${request.source} permission request`),
353
- {
354
- workspacePath: request.workspacePath,
355
- cwd: request.cwd,
356
- },
357
- );
358
- const capabilityText = capabilities.length ? capabilities.join(', ') : 'unclassified';
359
- const message = behavior === 'deny'
360
- ? `Permission policy denied ${capabilityText}.`
361
- : behavior === 'prompt'
362
- ? `Permission policy requires approval for ${capabilityText}.`
363
- : `Permission policy allowed ${capabilityText}.`;
364
- const event: PermissionPolicyEvent = {
365
- id,
366
- protocol: PIXCODE_PERMISSION_POLICY_PROTOCOL,
367
- status,
368
- behavior,
369
- capabilities,
370
- source: request.source,
371
- toolName: request.toolName,
372
- summary,
373
- message,
374
- modeByCapability,
375
- audit: policy.audit || modes.includes('audit'),
376
- runId: context?.runId,
377
- nodeId: context?.nodeId,
378
- workflowId: context?.workflowId,
379
- adapterId: context?.adapterId,
380
- agentLabel: context?.agentLabel,
381
- createdAt: Date.now(),
382
- };
383
- const decisionBase: Omit<PermissionDecision, 'approvalRequest'> = {
384
- protocol: PIXCODE_PERMISSION_POLICY_PROTOCOL,
385
- requestId: id,
386
- status,
387
- behavior,
388
- capabilities,
389
- modeByCapability,
390
- message,
391
- audit: event.audit,
392
- event,
393
- };
394
-
395
- return {
396
- ...decisionBase,
397
- approvalRequest: behavior === 'prompt'
398
- ? createPermissionApprovalRequest(decisionBase, context)
399
- : undefined,
400
- };
401
- }
1
+ import os from 'node:os';
2
+ import path from 'node:path';
3
+
4
+ export const PIXCODE_PERMISSION_POLICY_PROTOCOL = 'pixcode.permission-policy.v1' as const;
5
+
6
+ export const PERMISSION_CAPABILITIES = [
7
+ 'shell',
8
+ 'file_write',
9
+ 'external_directory',
10
+ 'network',
11
+ 'secret',
12
+ ] as const;
13
+
14
+ export const PERMISSION_POLICY_MODES = ['allow', 'deny', 'prompt', 'audit'] as const;
15
+
16
+ export type PermissionCapability = typeof PERMISSION_CAPABILITIES[number];
17
+ export type PermissionPolicyMode = typeof PERMISSION_POLICY_MODES[number];
18
+ export type PermissionDecisionStatus = 'allowed' | 'denied' | 'needs_approval';
19
+
20
+ export interface PermissionPolicy {
21
+ protocol: typeof PIXCODE_PERMISSION_POLICY_PROTOCOL;
22
+ modes: Record<PermissionCapability, PermissionPolicyMode>;
23
+ allowedExternalDirectories: string[];
24
+ audit: boolean;
25
+ }
26
+
27
+ export interface PermissionRequest {
28
+ requestId?: string;
29
+ source: 'workflow_node' | 'provider_tool' | 'api' | 'shell' | 'file' | string;
30
+ capability?: PermissionCapability;
31
+ capabilities?: PermissionCapability[];
32
+ toolName?: string;
33
+ command?: string;
34
+ input?: unknown;
35
+ cwd?: string;
36
+ workspacePath?: string;
37
+ targetPaths?: string[];
38
+ summary?: string;
39
+ }
40
+
41
+ export interface PermissionPolicyContext {
42
+ runId?: string;
43
+ nodeId?: string;
44
+ workflowId?: string;
45
+ adapterId?: string;
46
+ agentLabel?: string;
47
+ userId?: string | number | null;
48
+ }
49
+
50
+ export interface PermissionApprovalRequest {
51
+ id: string;
52
+ protocol: typeof PIXCODE_PERMISSION_POLICY_PROTOCOL;
53
+ status: 'pending' | 'allowed' | 'denied' | 'canceled';
54
+ capabilities: PermissionCapability[];
55
+ source: string;
56
+ toolName?: string;
57
+ runId?: string;
58
+ nodeId?: string;
59
+ workflowId?: string;
60
+ adapterId?: string;
61
+ agentLabel?: string;
62
+ summary?: string;
63
+ message: string;
64
+ createdAt: number;
65
+ resolvedAt?: number;
66
+ resolvedBy?: string | number | null;
67
+ resolutionMessage?: string;
68
+ }
69
+
70
+ export interface PermissionPolicyEvent {
71
+ id: string;
72
+ protocol: typeof PIXCODE_PERMISSION_POLICY_PROTOCOL;
73
+ status: PermissionDecisionStatus;
74
+ behavior: 'allow' | 'deny' | 'prompt';
75
+ capabilities: PermissionCapability[];
76
+ source: string;
77
+ toolName?: string;
78
+ summary?: string;
79
+ message: string;
80
+ modeByCapability: Partial<Record<PermissionCapability, PermissionPolicyMode>>;
81
+ audit: boolean;
82
+ runId?: string;
83
+ nodeId?: string;
84
+ workflowId?: string;
85
+ adapterId?: string;
86
+ agentLabel?: string;
87
+ createdAt: number;
88
+ }
89
+
90
+ export interface PermissionDecision {
91
+ protocol: typeof PIXCODE_PERMISSION_POLICY_PROTOCOL;
92
+ requestId: string;
93
+ status: PermissionDecisionStatus;
94
+ behavior: 'allow' | 'deny' | 'prompt';
95
+ capabilities: PermissionCapability[];
96
+ modeByCapability: Partial<Record<PermissionCapability, PermissionPolicyMode>>;
97
+ message: string;
98
+ audit: boolean;
99
+ event: PermissionPolicyEvent;
100
+ approvalRequest?: PermissionApprovalRequest;
101
+ }
102
+
103
+ const DEFAULT_MODES: Record<PermissionCapability, PermissionPolicyMode> = {
104
+ shell: 'audit',
105
+ file_write: 'audit',
106
+ external_directory: 'audit',
107
+ network: 'audit',
108
+ secret: 'audit',
109
+ };
110
+
111
+ const NETWORK_COMMAND_PATTERN = /\b(curl|wget|fetch|ssh|scp|rsync|gh|git\s+(?:clone|fetch|pull|push)|npm\s+(?:install|publish|view|pack|audit)|pnpm\s+(?:install|publish)|yarn\s+(?:install|publish)|pip\s+install|cargo\s+(?:install|publish)|go\s+(?:get|install)|docker\s+(?:pull|push|run))\b|https?:\/\//iu;
112
+ const FILE_WRITE_COMMAND_PATTERN = /(^|\s)(apply_patch|touch|mkdir|rm|mv|cp|tee|sed\s+-i|perl\s+-pi|truncate|chmod|chown)\b|>>?|\b(write|edit|patch|delete|create)\s+(?:file|folder|directory)\b/iu;
113
+ const SECRET_COMMAND_PATTERN = /\b(printenv|env|set)\b|\b(cat|type|less|more)\s+(\S*\.env\b|\S*secret\S*|\S*token\S*|\S*key\S*)/iu;
114
+ const SECRET_VALUE_PATTERN = /\b(?:sk|ghp|github_pat|glpat|npm)_[A-Za-z0-9_=-]{12,}\b|(?:api[_-]?key|secret|token|password)\s*[:=]\s*['"]?[A-Za-z0-9_./+=-]{8,}/iu;
115
+
116
+ function readRecord(value: unknown): Record<string, unknown> | undefined {
117
+ return value && typeof value === 'object' ? value as Record<string, unknown> : undefined;
118
+ }
119
+
120
+ function readString(value: unknown): string | undefined {
121
+ return typeof value === 'string' && value.trim() ? value.trim() : undefined;
122
+ }
123
+
124
+ function readMode(value: unknown): PermissionPolicyMode | undefined {
125
+ return typeof value === 'string' && (PERMISSION_POLICY_MODES as readonly string[]).includes(value)
126
+ ? value as PermissionPolicyMode
127
+ : undefined;
128
+ }
129
+
130
+ function uniqueCapabilities(values: Array<PermissionCapability | undefined>): PermissionCapability[] {
131
+ return [...new Set(values.filter((value): value is PermissionCapability => Boolean(value)))];
132
+ }
133
+
134
+ function requestId(value?: string): string {
135
+ return value?.trim() || `perm_${Date.now().toString(36)}_${Math.random().toString(36).slice(2, 10)}`;
136
+ }
137
+
138
+ function normalizePath(value: string | undefined): string | undefined {
139
+ if (!value?.trim()) return undefined;
140
+ try {
141
+ return path.resolve(value);
142
+ } catch {
143
+ return undefined;
144
+ }
145
+ }
146
+
147
+ function isInsidePath(basePath: string | undefined, candidatePath: string | undefined): boolean {
148
+ const base = normalizePath(basePath);
149
+ const candidate = normalizePath(candidatePath);
150
+ if (!base || !candidate) return true;
151
+ if (candidate === base) return true;
152
+ const relative = path.relative(base, candidate);
153
+ return Boolean(relative && !relative.startsWith('..') && !path.isAbsolute(relative));
154
+ }
155
+
156
+ function collectInputPaths(input: unknown): string[] {
157
+ const paths: string[] = [];
158
+ const visit = (value: unknown) => {
159
+ if (typeof value === 'string') {
160
+ if (/^(?:[A-Za-z]:[\\/]|\/|~\/|\.\.?[\\/])/u.test(value.trim())) {
161
+ paths.push(value.trim().replace(/^~(?=$|[\\/])/u, os.homedir()));
162
+ }
163
+ return;
164
+ }
165
+ if (Array.isArray(value)) {
166
+ value.forEach(visit);
167
+ return;
168
+ }
169
+ const record = readRecord(value);
170
+ if (!record) return;
171
+ for (const [key, nested] of Object.entries(record)) {
172
+ if (/path|file|dir|cwd|target|source|destination/iu.test(key)) {
173
+ visit(nested);
174
+ }
175
+ }
176
+ };
177
+ visit(input);
178
+ return paths;
179
+ }
180
+
181
+ function inferCapabilities(request: PermissionRequest): PermissionCapability[] {
182
+ const capabilities: PermissionCapability[] = [];
183
+ if (request.capability) capabilities.push(request.capability);
184
+ if (Array.isArray(request.capabilities)) capabilities.push(...request.capabilities);
185
+
186
+ const toolName = request.toolName?.toLocaleLowerCase('en') ?? '';
187
+ const command = [
188
+ request.command,
189
+ typeof request.input === 'string' ? request.input : undefined,
190
+ readString(readRecord(request.input)?.command),
191
+ readString(readRecord(request.input)?.query),
192
+ ].filter(Boolean).join('\n');
193
+ const inputText = [
194
+ command,
195
+ typeof request.summary === 'string' ? request.summary : undefined,
196
+ typeof request.input === 'object' ? JSON.stringify(request.input) : undefined,
197
+ ].filter(Boolean).join('\n');
198
+
199
+ if (toolName === 'bash' || toolName.includes('shell') || toolName.includes('terminal') || command.trim()) {
200
+ capabilities.push('shell');
201
+ }
202
+ if (/write|edit|multiedit|notebookedit|delete|patch/iu.test(toolName) || FILE_WRITE_COMMAND_PATTERN.test(command)) {
203
+ capabilities.push('file_write');
204
+ }
205
+ if (/webfetch|websearch|fetch|search/iu.test(toolName) || NETWORK_COMMAND_PATTERN.test(command)) {
206
+ capabilities.push('network');
207
+ }
208
+ if (/secret|credential|token|keychain|vault/iu.test(toolName) || SECRET_COMMAND_PATTERN.test(command) || SECRET_VALUE_PATTERN.test(inputText)) {
209
+ capabilities.push('secret');
210
+ }
211
+
212
+ const targetPaths = [
213
+ ...(Array.isArray(request.targetPaths) ? request.targetPaths : []),
214
+ ...collectInputPaths(request.input),
215
+ ];
216
+ if (targetPaths.some((targetPath) => !isInsidePath(request.workspacePath ?? request.cwd, targetPath))) {
217
+ capabilities.push('external_directory');
218
+ }
219
+
220
+ return uniqueCapabilities(capabilities);
221
+ }
222
+
223
+ export const DEFAULT_PERMISSION_POLICY: PermissionPolicy = {
224
+ protocol: PIXCODE_PERMISSION_POLICY_PROTOCOL,
225
+ modes: DEFAULT_MODES,
226
+ allowedExternalDirectories: [],
227
+ audit: true,
228
+ };
229
+
230
+ export function normalizePermissionPolicy(value?: unknown): PermissionPolicy {
231
+ const record = readRecord(value);
232
+ const modeRecord = readRecord(record?.modes) ?? readRecord(record?.rules) ?? record ?? {};
233
+ const modes = { ...DEFAULT_MODES };
234
+ for (const capability of PERMISSION_CAPABILITIES) {
235
+ modes[capability] = readMode(modeRecord[capability]) ?? modes[capability];
236
+ }
237
+
238
+ const allowedExternalDirectories = Array.isArray(record?.allowedExternalDirectories)
239
+ ? record.allowedExternalDirectories
240
+ .map((item) => readString(item))
241
+ .filter((item): item is string => Boolean(item))
242
+ : [];
243
+
244
+ return {
245
+ protocol: PIXCODE_PERMISSION_POLICY_PROTOCOL,
246
+ modes,
247
+ allowedExternalDirectories,
248
+ audit: typeof record?.audit === 'boolean' ? record.audit : true,
249
+ };
250
+ }
251
+
252
+ export function resolvePermissionPolicyFromMetadata(metadata?: Record<string, unknown>): PermissionPolicy {
253
+ const settings = readRecord(metadata?.settings);
254
+ return normalizePermissionPolicy(metadata?.permissionPolicy ?? settings?.permissionPolicy);
255
+ }
256
+
257
+ export function redactPermissionText(
258
+ value: string | undefined,
259
+ context?: { workspacePath?: string; cwd?: string; projectPath?: string },
260
+ ): string | undefined {
261
+ if (!value?.trim()) return undefined;
262
+ const candidates = [
263
+ os.homedir(),
264
+ context?.workspacePath,
265
+ context?.cwd,
266
+ context?.projectPath,
267
+ ].filter((item): item is string => Boolean(item && item.length > 2));
268
+
269
+ let text = value;
270
+ for (const candidate of candidates) {
271
+ text = text.split(candidate).join('[workspace]');
272
+ }
273
+
274
+ return text
275
+ .replace(SECRET_VALUE_PATTERN, '[redacted-secret]')
276
+ .replace(/\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,}\b/gu, '[redacted-email]')
277
+ .trim();
278
+ }
279
+
280
+ function modeAllowsExternalDirectory(
281
+ request: PermissionRequest,
282
+ policy: PermissionPolicy,
283
+ ): boolean {
284
+ const targetPaths = [
285
+ ...(Array.isArray(request.targetPaths) ? request.targetPaths : []),
286
+ ...collectInputPaths(request.input),
287
+ ];
288
+ if (!targetPaths.length || !policy.allowedExternalDirectories.length) return false;
289
+
290
+ return targetPaths.every((targetPath) =>
291
+ policy.allowedExternalDirectories.some((allowedPath) => isInsidePath(allowedPath, targetPath)),
292
+ );
293
+ }
294
+
295
+ export function createPermissionApprovalRequest(
296
+ decision: Omit<PermissionDecision, 'approvalRequest'>,
297
+ context?: PermissionPolicyContext,
298
+ ): PermissionApprovalRequest {
299
+ return {
300
+ id: decision.requestId,
301
+ protocol: PIXCODE_PERMISSION_POLICY_PROTOCOL,
302
+ status: 'pending',
303
+ capabilities: decision.capabilities,
304
+ source: decision.event.source,
305
+ toolName: decision.event.toolName,
306
+ runId: context?.runId,
307
+ nodeId: context?.nodeId,
308
+ workflowId: context?.workflowId,
309
+ adapterId: context?.adapterId,
310
+ agentLabel: context?.agentLabel,
311
+ summary: decision.event.summary,
312
+ message: decision.message,
313
+ createdAt: decision.event.createdAt,
314
+ };
315
+ }
316
+
317
+ export function evaluatePermissionRequest({
318
+ policy: policyInput,
319
+ request,
320
+ context,
321
+ }: {
322
+ policy?: unknown;
323
+ request: PermissionRequest;
324
+ context?: PermissionPolicyContext;
325
+ }): PermissionDecision {
326
+ const policy = normalizePermissionPolicy(policyInput);
327
+ const id = requestId(request.requestId);
328
+ const capabilities = inferCapabilities(request);
329
+ const modeByCapability: Partial<Record<PermissionCapability, PermissionPolicyMode>> = {};
330
+
331
+ for (const capability of capabilities) {
332
+ const mode = capability === 'external_directory' && modeAllowsExternalDirectory(request, policy)
333
+ ? 'allow'
334
+ : policy.modes[capability];
335
+ modeByCapability[capability] = mode;
336
+ }
337
+
338
+ const modes = Object.values(modeByCapability);
339
+ const behavior: PermissionDecision['behavior'] = modes.includes('deny')
340
+ ? 'deny'
341
+ : modes.includes('prompt')
342
+ ? 'prompt'
343
+ : 'allow';
344
+ const status: PermissionDecisionStatus = behavior === 'deny'
345
+ ? 'denied'
346
+ : behavior === 'prompt'
347
+ ? 'needs_approval'
348
+ : 'allowed';
349
+ const summary = redactPermissionText(
350
+ request.summary
351
+ ?? request.command
352
+ ?? (request.toolName ? `${request.toolName} tool request` : `${request.source} permission request`),
353
+ {
354
+ workspacePath: request.workspacePath,
355
+ cwd: request.cwd,
356
+ },
357
+ );
358
+ const capabilityText = capabilities.length ? capabilities.join(', ') : 'unclassified';
359
+ const message = behavior === 'deny'
360
+ ? `Permission policy denied ${capabilityText}.`
361
+ : behavior === 'prompt'
362
+ ? `Permission policy requires approval for ${capabilityText}.`
363
+ : `Permission policy allowed ${capabilityText}.`;
364
+ const event: PermissionPolicyEvent = {
365
+ id,
366
+ protocol: PIXCODE_PERMISSION_POLICY_PROTOCOL,
367
+ status,
368
+ behavior,
369
+ capabilities,
370
+ source: request.source,
371
+ toolName: request.toolName,
372
+ summary,
373
+ message,
374
+ modeByCapability,
375
+ audit: policy.audit || modes.includes('audit'),
376
+ runId: context?.runId,
377
+ nodeId: context?.nodeId,
378
+ workflowId: context?.workflowId,
379
+ adapterId: context?.adapterId,
380
+ agentLabel: context?.agentLabel,
381
+ createdAt: Date.now(),
382
+ };
383
+ const decisionBase: Omit<PermissionDecision, 'approvalRequest'> = {
384
+ protocol: PIXCODE_PERMISSION_POLICY_PROTOCOL,
385
+ requestId: id,
386
+ status,
387
+ behavior,
388
+ capabilities,
389
+ modeByCapability,
390
+ message,
391
+ audit: event.audit,
392
+ event,
393
+ };
394
+
395
+ return {
396
+ ...decisionBase,
397
+ approvalRequest: behavior === 'prompt'
398
+ ? createPermissionApprovalRequest(decisionBase, context)
399
+ : undefined,
400
+ };
401
+ }