@renseiai/agentfactory 0.8.19 → 0.8.21

package/dist/src/providers/codex-app-server-provider.js

@@ -23,6 +23,8 @@
  */
 import { spawn } from 'child_process';
 import { createInterface } from 'readline';
+import { classifyTool } from '../tools/tool-category.js';
+import { evaluateCommandApproval, evaluateFileChangeApproval, } from './codex-approval-bridge.js';
 function isResponse(msg) {
     return 'id' in msg && typeof msg.id === 'number';
 }
@@ -208,6 +210,60 @@ export class AppServerProcessManager {
     isHealthy() {
         return this.initialized && !!this.process && !this.process.killed;
     }
+    // ─── MCP Server Configuration (SUP-1744) ──────────────────────────
+    /** Whether MCP servers have been configured on this process */
+    mcpConfigured = false;
+    /**
+     * Register MCP servers with the app-server via config/batchWrite.
+     * Called once after initialization to tell Codex about the stdio
+     * MCP tool servers (af-linear, af-code-intelligence, etc.).
+     *
+     * Uses the Codex app-server `config/batchWrite` JSON-RPC method
+     * to register multiple MCP server configurations in a single call.
+     */
+    async configureMcpServers(servers) {
+        if (!this.initialized || this.mcpConfigured)
+            return;
+        if (servers.length === 0)
+            return;
+        const mcpServers = {};
+        for (const server of servers) {
+            mcpServers[server.name] = {
+                command: server.command,
+                args: server.args,
+                env: server.env,
+            };
+        }
+        try {
+            await this.request('config/batchWrite', {
+                entries: [
+                    { key: 'mcpServers', value: mcpServers },
+                ],
+            });
+            this.mcpConfigured = true;
+            console.error(`[CodexAppServer] Configured ${servers.length} MCP servers: ${servers.map(s => s.name).join(', ')}`);
+        }
+        catch (err) {
+            // config/batchWrite may not be supported in all Codex versions
+            console.error(`[CodexAppServer] Failed to configure MCP servers: ${err instanceof Error ? err.message : String(err)}`);
+        }
+    }
+    /**
+     * Query MCP server health via mcpServerStatus/list.
+     * Returns the status of all registered MCP servers.
+     */
+    async getMcpServerStatus() {
+        if (!this.initialized)
+            return [];
+        try {
+            const result = await this.request('mcpServerStatus/list');
+            return result?.servers ?? [];
+        }
+        catch {
+            // mcpServerStatus/list may not be supported
+            return [];
+        }
+    }
     /**
      * Get the PID of the app-server process.
      */
@@ -470,13 +526,18 @@ export function mapAppServerItemEvent(method, params) {
                     }];
             }
             return [];
-        case 'mcpToolCall':
+        case 'mcpToolCall': {
+            // Normalize tool name to mcp__{server}__{tool} format (SUP-1745)
+            // This matches the convention used by the Claude provider for
+            // in-process MCP tools, enabling consistent tool tracking.
+            const mcpToolName = normalizeMcpToolName(item.server, item.tool);
             if (isStarted) {
                 return [{
                         type: 'tool_use',
-                        toolName: `mcp:${item.server}/${item.tool}`,
+                        toolName: mcpToolName,
                         toolUseId: item.id,
                         input: (item.arguments ?? {}),
+                        toolCategory: classifyTool(mcpToolName),
                         raw: { method, params },
                     }];
             }
@@ -486,7 +547,7 @@ export function mapAppServerItemEvent(method, params) {
                     ?? (item.result?.content ? JSON.stringify(item.result.content) : '');
                 return [{
                         type: 'tool_result',
-                        toolName: `mcp:${item.server}/${item.tool}`,
+                        toolName: mcpToolName,
                         toolUseId: item.id,
                         content,
                         isError,
@@ -494,6 +555,7 @@ export function mapAppServerItemEvent(method, params) {
                     }];
             }
             return [];
+        }
         case 'plan':
             return [{
                     type: 'system',
@@ -525,11 +587,31 @@ export function mapAppServerItemEvent(method, params) {
     }
 }
 // ---------------------------------------------------------------------------
+// MCP tool name normalization (SUP-1745)
+// ---------------------------------------------------------------------------
+/**
+ * Normalize Codex MCP tool names to the `mcp__{server}__{tool}` format
+ * used by the orchestrator and Claude provider for consistent tool tracking.
+ *
+ * Codex reports MCP tools as `server` + `tool` (e.g., server='af-linear',
+ * tool='af_linear_get_issue'). We normalize to 'mcp__af-linear__af_linear_get_issue'.
+ */
+export function normalizeMcpToolName(server, tool) {
+    if (server && tool) {
+        return `mcp__${server}__${tool}`;
+    }
+    // Fallback for missing server/tool
+    return `mcp:${server ?? 'unknown'}/${tool ?? 'unknown'}`;
+}
+// ---------------------------------------------------------------------------
 // Resolve approval policy from AgentSpawnConfig
 // ---------------------------------------------------------------------------
 function resolveApprovalPolicy(config) {
+    // SUP-1747: Use 'onRequest' for autonomous agents so all tool executions
+    // flow through the approval bridge for safety evaluation. The bridge
+    // auto-approves safe commands and declines destructive patterns.
     if (config.autonomous)
-        return 'never';
+        return 'onRequest';
     return 'unlessTrusted';
 }
 function resolveSandboxPolicy(config) {
@@ -541,6 +623,37 @@ function resolveSandboxPolicy(config) {
     };
 }
 // ---------------------------------------------------------------------------
+// Base Instructions Builder (SUP-1746)
+// ---------------------------------------------------------------------------
+/**
+ * Build persistent base instructions for the Codex App Server `thread/start`.
+ *
+ * Assembles safety rules (mirroring `autonomousCanUseTool` deny patterns as
+ * natural-language rules) and optional project-specific instructions loaded
+ * from AGENTS.md or CLAUDE.md in the worktree root.
+ */
+function buildBaseInstructions(config) {
+    // If explicit baseInstructions are provided (from orchestrator), use those
+    if (config.baseInstructions) {
+        return config.baseInstructions;
+    }
+    // Otherwise, build safety-only instructions as a fallback
+    const sections = [];
+    sections.push(`# Safety Rules
+
+You are running in an AgentFactory-managed worktree. Follow these rules strictly:
+
+1. NEVER run: rm -rf / (or any rm of the filesystem root)
+2. NEVER run: git worktree remove, git worktree prune
+3. NEVER run: git reset --hard
+4. NEVER run: git push --force (use --force-with-lease on feature branches if needed)
+5. NEVER run: git checkout <branch>, git switch <branch> (do not change the checked-out branch)
+6. NEVER modify files in the .git directory
+7. Work only within the worktree directory: ${config.cwd}
+8. Commit changes with descriptive messages before reporting completion`);
+    return sections.join('\n\n');
+}
+// ---------------------------------------------------------------------------
 // AgentHandle for App Server threads (SUP-1737)
 // ---------------------------------------------------------------------------
 class AppServerAgentHandle {
@@ -554,9 +667,12 @@ class AppServerAgentHandle {
         totalOutputTokens: 0,
         turnCount: 0,
     };
+    activeTurnId = null;
     notificationQueue = [];
     notificationResolve = null;
     streamEnded = false;
+    /** True while we're waiting for a possible injected turn between turns */
+    awaitingInjection = false;
     constructor(processManager, config, resumeThreadId) {
         this.processManager = processManager;
         this.config = config;
@@ -565,12 +681,18 @@ class AppServerAgentHandle {
     get stream() {
         return this.createEventStream();
     }
-    async injectMessage(_text) {
-        // App Server supports turn/steer for mid-turn injection, but the
-        // orchestrator's contract expects injectMessage to add a new user message.
-        // For now, throw like the CLI provider — the orchestrator uses stop+resume.
-        throw new Error('Codex App Server provider does not support mid-session message injection. ' +
-            'Stop and resume with a new prompt instead.');
+    async injectMessage(text) {
+        if (!this.sessionId) {
+            throw new Error('No active session for message injection');
+        }
+        if (this.activeTurnId) {
+            // Mid-turn injection: steer the active turn (SUP-1740)
+            await this.steerTurn(text);
+        }
+        else {
+            // Between-turn injection: start a new turn on the existing thread (SUP-1741)
+            await this.startNewTurn(text);
+        }
     }
     async stop() {
         if (this.sessionId) {
@@ -593,10 +715,103 @@ class AppServerAgentHandle {
         this.streamEnded = true;
         this.notificationResolve?.();
     }
+    /**
+     * Steer an active turn with additional user input (SUP-1740).
+     * Sends a `turn/steer` JSON-RPC request to inject a message mid-turn.
+     */
+    async steerTurn(text) {
+        if (!this.sessionId || !this.activeTurnId) {
+            throw new Error('No active turn to steer');
+        }
+        await this.processManager.request('turn/steer', {
+            threadId: this.sessionId,
+            turnId: this.activeTurnId,
+            input: [{ type: 'text', text }],
+        });
+    }
+    /**
+     * Handle an approval request from the App Server (SUP-1747).
+     *
+     * Evaluates the command or file change against deny patterns (ported from
+     * Claude's `autonomousCanUseTool`) and template-level permissions, then
+     * responds with accept/decline/acceptForSession via JSON-RPC.
+     *
+     * Returns a system event if the request was declined, for observability.
+     */
+    async handleApprovalRequest(notification) {
+        const params = notification.params ?? {};
+        const requestId = params.requestId;
+        const command = params.command;
+        const filePath = params.filePath;
+        let decision;
+        if (command !== undefined) {
+            // Command execution approval
+            decision = evaluateCommandApproval(command, this.config.permissionConfig);
+        }
+        else if (filePath !== undefined) {
+            // File change approval
+            decision = evaluateFileChangeApproval(filePath, this.config.cwd, this.config.permissionConfig);
+        }
+        else {
+            // Unknown approval request — accept by default
+            decision = { action: 'acceptForSession' };
+        }
+        // Respond to the App Server with the approval decision
+        await this.processManager.request('approval/respond', {
+            threadId: this.sessionId,
+            requestId,
+            decision: decision.action,
+            reason: decision.reason,
+        });
+        // Emit system event for declined approvals (observability)
+        if (decision.action === 'decline') {
+            const target = command ?? filePath ?? 'unknown';
+            return {
+                type: 'system',
+                subtype: 'approval_denied',
+                message: `Blocked: ${decision.reason} — ${command ? 'command' : 'file'}: ${target}`,
+                raw: notification,
+            };
+        }
+        return null;
+    }
+    /**
+     * Start a new turn on the existing thread with additional user input (SUP-1741).
+     * Used for between-turn injection when no turn is currently active.
+     */
+    async startNewTurn(text) {
+        if (!this.sessionId) {
+            throw new Error('No active session to start new turn');
+        }
+        const turnParams = {
+            threadId: this.sessionId,
+            input: [{ type: 'text', text }],
+            cwd: this.config.cwd,
+            approvalPolicy: resolveApprovalPolicy(this.config),
+        };
+        if (this.config.maxTurns) {
+            turnParams.maxTurns = this.config.maxTurns;
+        }
+        const sandboxPolicy = resolveSandboxPolicy(this.config);
+        if (sandboxPolicy) {
+            turnParams.sandboxPolicy = sandboxPolicy;
+        }
+        // Mark that we're no longer waiting between turns
+        this.awaitingInjection = false;
+        await this.processManager.request('turn/start', turnParams);
+        // Wake up the notification loop so it processes the new turn's events
+        this.notificationResolve?.();
+    }
     async *createEventStream() {
         try {
             // Ensure the app-server is running
             await this.processManager.start();
+            // Configure MCP servers if provided (SUP-1744)
+            // This registers stdio MCP tool servers (af-linear, af-code-intelligence)
+            // with the Codex app-server so it can discover and invoke them.
+            if (this.config.mcpStdioServers && this.config.mcpStdioServers.length > 0) {
+                await this.processManager.configureMcpServers(this.config.mcpStdioServers);
+            }
             // Start or resume the thread
             let threadId;
             if (this.resumeThreadId) {
@@ -614,6 +829,12 @@ class AppServerAgentHandle {
                     approvalPolicy: resolveApprovalPolicy(this.config),
                     serviceName: 'agentfactory',
                 };
+                // SUP-1746: Pass persistent system instructions via `instructions` on thread/start.
+                // Separates safety rules and project context from per-turn task input.
+                const instructions = buildBaseInstructions(this.config);
+                if (instructions) {
+                    threadParams.instructions = instructions;
+                }
                 const sandboxPolicy = resolveSandboxPolicy(this.config);
                 if (sandboxPolicy) {
                     threadParams.sandboxPolicy = sandboxPolicy;
@@ -660,8 +881,16 @@ class AppServerAgentHandle {
                 turnParams.sandboxPolicy = sandboxPolicy;
             }
             await this.processManager.request('turn/start', turnParams);
-            // Stream notifications until turn completes
-            let hasResult = false;
+            // Stream notifications until explicitly stopped.
+            // After a turn completes, we enter "awaiting injection" mode — the stream
+            // stays alive to allow injectMessage() to start a new turn. The stream
+            // only terminates when stop() is called or the process dies.
+            //
+            // turn/completed `result` events are intercepted and re-emitted as `system`
+            // events so the orchestrator doesn't interpret them as the agent finishing.
+            // A single `result` event is emitted when the stream actually ends.
+            let lastTurnSuccess = true;
+            let lastTurnErrors;
             while (!this.streamEnded) {
                 // Wait for notifications
                 if (this.notificationQueue.length === 0) {
@@ -675,17 +904,46 @@ class AppServerAgentHandle {
                 // Drain the queue
                 while (this.notificationQueue.length > 0) {
                     const notification = this.notificationQueue.shift();
+                    // SUP-1747: Intercept approval requests before other processing.
+                    // The App Server emits these when approvalPolicy is 'onRequest'.
+                    if (notification.method.endsWith('/requestApproval')) {
+                        const deniedEvent = await this.handleApprovalRequest(notification);
+                        if (deniedEvent) {
+                            yield deniedEvent;
+                        }
+                        continue; // Don't yield as a regular AgentEvent
+                    }
+                    // Track active turn ID for mid-turn steering (SUP-1740)
+                    if (notification.method === 'turn/started') {
+                        const turn = notification.params?.turn;
+                        if (turn?.id) {
+                            this.activeTurnId = turn.id;
+                        }
+                        this.awaitingInjection = false;
+                    }
+                    else if (notification.method === 'turn/completed') {
+                        this.activeTurnId = null;
+                        // Enter awaiting-injection mode — the stream stays alive
+                        this.awaitingInjection = true;
+                    }
                     const events = mapAppServerNotification(notification, this.mapperState);
                     for (const event of events) {
+                        // Intercept turn/completed result events — convert to system events
+                        // so the orchestrator doesn't think the agent is done. Track the last
+                        // turn's outcome so we can emit a proper result when the stream ends.
                         if (event.type === 'result') {
-                            hasResult = true;
+                            lastTurnSuccess = event.success;
+                            lastTurnErrors = event.errors;
+                            yield {
+                                type: 'system',
+                                subtype: 'turn_result',
+                                message: `Turn ${event.success ? 'succeeded' : 'failed'}${event.errors?.length ? ': ' + event.errors[0] : ''}`,
+                                raw: event.raw,
+                            };
+                        }
+                        else {
+                            yield event;
                         }
-                        yield event;
-                    }
-                    // If we got a result, we're done
-                    if (hasResult) {
-                        this.streamEnded = true;
-                        break;
                     }
                 }
             }
@@ -697,21 +955,18 @@ class AppServerAgentHandle {
             catch {
                 // Best effort
             }
-            // If we never got a result, synthesize one
-            if (!hasResult) {
-                yield {
-                    type: 'result',
-                    success: false,
-                    errors: ['Stream ended without a result event'],
-                    errorSubtype: 'stream_ended',
-                    cost: {
-                        inputTokens: this.mapperState.totalInputTokens || undefined,
-                        outputTokens: this.mapperState.totalOutputTokens || undefined,
-                        numTurns: this.mapperState.turnCount || undefined,
-                    },
-                    raw: null,
-                };
-            }
+            // Emit the final result event when the stream ends
+            yield {
+                type: 'result',
+                success: lastTurnSuccess,
+                errors: lastTurnErrors,
+                cost: {
+                    inputTokens: this.mapperState.totalInputTokens || undefined,
+                    outputTokens: this.mapperState.totalOutputTokens || undefined,
+                    numTurns: this.mapperState.turnCount || undefined,
+                },
+                raw: null,
+            };
         }
         catch (err) {
             const message = err instanceof Error ? err.message : String(err);
@@ -743,7 +998,7 @@ class AppServerAgentHandle {
 export class CodexAppServerProvider {
     name = 'codex';
     capabilities = {
-        supportsMessageInjection: false,
+        supportsMessageInjection: true,
         supportsSessionResume: true,
     };
     /** Shared process manager — one app-server process serves all threads */

package/dist/src/providers/codex-app-server-provider.test.js

@@ -1,5 +1,5 @@
 import { describe, it, expect } from 'vitest';
-import { mapAppServerNotification, mapAppServerItemEvent, } from './codex-app-server-provider.js';
+import { mapAppServerNotification, mapAppServerItemEvent, normalizeMcpToolName, } from './codex-app-server-provider.js';
 function freshState() {
     return {
         sessionId: null,
@@ -400,31 +400,33 @@ describe('mapAppServerItemEvent', () => {
             isError: false,
         });
     });
-    it('maps mcpToolCall item.started to tool_use', () => {
+    // --- MCP tool call mapping (SUP-1745) ---
+    it('maps mcpToolCall item.started to tool_use with normalized name', () => {
         const result = mapAppServerItemEvent('item/started', {
             item: {
                 id: 'mcp-1',
                 type: 'mcpToolCall',
-                server: 'linear',
-                tool: 'create_issue',
+                server: 'af-linear',
+                tool: 'af_linear_create_issue',
                 arguments: { title: 'Test' },
                 status: 'in_progress',
             },
         });
         expect(result[0]).toMatchObject({
             type: 'tool_use',
-            toolName: 'mcp:linear/create_issue',
+            toolName: 'mcp__af-linear__af_linear_create_issue',
             toolUseId: 'mcp-1',
             input: { title: 'Test' },
+            toolCategory: 'general',
         });
     });
-    it('maps mcpToolCall item.completed to tool_result (success)', () => {
+    it('maps mcpToolCall item.completed to tool_result with normalized name (success)', () => {
         const result = mapAppServerItemEvent('item/completed', {
             item: {
                 id: 'mcp-1',
                 type: 'mcpToolCall',
-                server: 'linear',
-                tool: 'create_issue',
+                server: 'af-linear',
+                tool: 'af_linear_create_issue',
                 arguments: {},
                 result: { content: [{ text: 'Created' }] },
                 status: 'completed',
@@ -432,7 +434,7 @@ describe('mapAppServerItemEvent', () => {
         });
         expect(result[0]).toMatchObject({
             type: 'tool_result',
-            toolName: 'mcp:linear/create_issue',
+            toolName: 'mcp__af-linear__af_linear_create_issue',
             content: '[{"text":"Created"}]',
             isError: false,
         });
@@ -442,8 +444,8 @@ describe('mapAppServerItemEvent', () => {
             item: {
                 id: 'mcp-1',
                 type: 'mcpToolCall',
-                server: 'linear',
-                tool: 'create_issue',
+                server: 'af-linear',
+                tool: 'af_linear_create_issue',
                 arguments: {},
                 error: { message: 'Auth failed' },
                 status: 'failed',
@@ -451,10 +453,28 @@ describe('mapAppServerItemEvent', () => {
         });
         expect(result[0]).toMatchObject({
             type: 'tool_result',
+            toolName: 'mcp__af-linear__af_linear_create_issue',
             isError: true,
             content: 'Auth failed',
         });
     });
+    it('maps mcpToolCall with code-intelligence server to searchable category', () => {
+        const result = mapAppServerItemEvent('item/started', {
+            item: {
+                id: 'mcp-2',
+                type: 'mcpToolCall',
+                server: 'af-code-intelligence',
+                tool: 'af_code_search_symbols',
+                arguments: { query: 'ToolRegistry' },
+                status: 'in_progress',
+            },
+        });
+        expect(result[0]).toMatchObject({
+            type: 'tool_use',
+            toolName: 'mcp__af-code-intelligence__af_code_search_symbols',
+            toolCategory: 'research', // search matches research category
+        });
+    });
     it('maps plan item to system event', () => {
         const result = mapAppServerItemEvent('item/completed', {
             item: { id: 'p-1', type: 'plan', text: 'Step 1: Read code' },
@@ -512,7 +532,7 @@ describe('CodexAppServerProvider', () => {
         const { createCodexAppServerProvider } = await import('./codex-app-server-provider.js');
         const provider = createCodexAppServerProvider();
         expect(provider.name).toBe('codex');
-        expect(provider.capabilities.supportsMessageInjection).toBe(false);
+        expect(provider.capabilities.supportsMessageInjection).toBe(true);
         expect(provider.capabilities.supportsSessionResume).toBe(true);
     });
 });
@@ -526,4 +546,44 @@ describe('AppServerProcessManager', () => {
         expect(manager.isHealthy()).toBe(false);
         expect(manager.pid).toBeUndefined();
     });
+    it('configureMcpServers is a no-op when not initialized', async () => {
+        const { AppServerProcessManager } = await import('./codex-app-server-provider.js');
+        const manager = new AppServerProcessManager({ cwd: '/tmp' });
+        // Should not throw when not initialized
+        await manager.configureMcpServers([
+            { name: 'af-linear', command: 'node', args: ['server.js'] },
+        ]);
+        // No error means it silently skipped (not initialized)
+    });
+    it('getMcpServerStatus returns empty when not initialized', async () => {
+        const { AppServerProcessManager } = await import('./codex-app-server-provider.js');
+        const manager = new AppServerProcessManager({ cwd: '/tmp' });
+        const result = await manager.getMcpServerStatus();
+        expect(result).toEqual([]);
+    });
+});
+// ---------------------------------------------------------------------------
+// normalizeMcpToolName (SUP-1745)
+// ---------------------------------------------------------------------------
+describe('normalizeMcpToolName', () => {
+    it('normalizes server and tool to mcp__ format', () => {
+        expect(normalizeMcpToolName('af-linear', 'af_linear_get_issue'))
+            .toBe('mcp__af-linear__af_linear_get_issue');
+    });
+    it('normalizes code-intelligence tools', () => {
+        expect(normalizeMcpToolName('af-code-intelligence', 'af_code_search_symbols'))
+            .toBe('mcp__af-code-intelligence__af_code_search_symbols');
+    });
+    it('falls back to mcp:server/tool format for missing server', () => {
+        expect(normalizeMcpToolName(undefined, 'some_tool'))
+            .toBe('mcp:unknown/some_tool');
+    });
+    it('falls back to mcp:server/tool format for missing tool', () => {
+        expect(normalizeMcpToolName('server', undefined))
+            .toBe('mcp:server/unknown');
+    });
+    it('handles both missing server and tool', () => {
+        expect(normalizeMcpToolName(undefined, undefined))
+            .toBe('mcp:unknown/unknown');
+    });
 });

package/dist/src/providers/codex-approval-bridge.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Codex Approval Bridge (SUP-1747)
+ *
+ * Evaluates Codex App Server `requestApproval` events against deny patterns
+ * ported from Claude's `autonomousCanUseTool` callback (claude-provider.ts:33-112).
+ *
+ * When the Codex App Server's `approvalPolicy` is set to `'onRequest'`, every
+ * tool execution flows through this bridge. The bridge auto-approves safe commands
+ * and declines destructive patterns — giving Codex the same safety guardrails as Claude
+ * without requiring human interaction.
+ *
+ * Architecture:
+ *   App Server emits → requestApproval notification
+ *   Approval Bridge evaluates → deny patterns + permission config
+ *   Bridge responds → accept | decline | acceptForSession
+ */
+import type { CodexPermissionConfig } from '../templates/adapters.js';
+export interface ApprovalDecision {
+    action: 'accept' | 'decline' | 'acceptForSession';
+    reason?: string;
+}
+interface DenyPattern {
+    pattern: RegExp;
+    reason: string;
+}
+/**
+ * Hardcoded safety deny patterns — always active regardless of template config.
+ * These mirror the deny-list in Claude's `autonomousCanUseTool` callback.
+ */
+export declare const SAFETY_DENY_PATTERNS: DenyPattern[];
+/**
+ * Evaluate a shell command against safety deny patterns and optional
+ * template-level permission patterns.
+ *
+ * Evaluation order:
+ *   1. Safety deny patterns (always checked first, cannot be overridden)
+ *   2. Template deny patterns (from `tools.disallow`)
+ *   3. Template allow patterns (from `tools.allow`, if present)
+ *   4. Default: acceptForSession
+ */
+export declare function evaluateCommandApproval(command: string, permissionConfig?: CodexPermissionConfig): ApprovalDecision;
+/**
+ * Evaluate a file change (write/edit) against safety rules and optional
+ * template-level permissions.
+ */
+export declare function evaluateFileChangeApproval(filePath: string, cwd: string, permissionConfig?: CodexPermissionConfig): ApprovalDecision;
+/** Exported for testing */
+export type { DenyPattern };
+//# sourceMappingURL=codex-approval-bridge.d.ts.map

package/dist/src/providers/codex-approval-bridge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"codex-approval-bridge.d.ts","sourceRoot":"","sources":["../../../src/providers/codex-approval-bridge.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAA;AAMrE,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,QAAQ,GAAG,SAAS,GAAG,kBAAkB,CAAA;IACjD,MAAM,CAAC,EAAE,MAAM,CAAA;CAChB;AAMD,UAAU,WAAW;IACnB,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;CACf;AAED;;;GAGG;AACH,eAAO,MAAM,oBAAoB,EAAE,WAAW,EAW7C,CAAA;AAMD;;;;;;;;;GASG;AACH,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,MAAM,EACf,gBAAgB,CAAC,EAAE,qBAAqB,GACvC,gBAAgB,CAiDlB;AAMD;;;GAGG;AACH,wBAAgB,0BAA0B,CACxC,QAAQ,EAAE,MAAM,EAChB,GAAG,EAAE,MAAM,EACX,gBAAgB,CAAC,EAAE,qBAAqB,GACvC,gBAAgB,CAsBlB;AAED,2BAA2B;AAC3B,YAAY,EAAE,WAAW,EAAE,CAAA"}