@rnbsolucoes/axion-code 0.1.15 → 0.1.17

package/README.md

@@ -46,6 +46,9 @@ axion-code provider test openrouter google/gemini-2.5-flash-lite
 axion-code permission list --json
 axion-code permission set full_permission
 axion-code permission inspect Bash "{\"command\":\"npm install left-pad\"}" --mode full_permission --json
+axion-code permission request Bash "{\"command\":\"npm install left-pad\"}" --mode full_permission --json
+axion-code permission approvals --decision pending --json
+axion-code permission resolve <approval-id> --approve --reason "reviewed" --json
 axion-code graphics doctor
 axion-code graphics logo
 axion-code graphics logo --mode sixel --width 180
@@ -270,8 +273,20 @@ Execution contract: subagents inherit the active provider/model, receive an isol
 `axion permission inspect` exposes the native Go approval policy without running
 the tool. It classifies native tools, shell commands and MCP-proxied tools into
 stable risk classes, reports whether the active permission mode would require
-approval, redacts secret-shaped inputs and returns the sandbox profile that a
-future tool dispatcher must use.
+approval, redacts secret-shaped inputs and returns the sandbox profile that the
+guarded dispatcher must use.
+
+`axion permission request|approvals|resolve` adds the auditable approval queue.
+Requests are persisted in the shared session database under
+`%USERPROFILE%\.axion\sessions\axion.db` with the redacted decision, risk class,
+permission mode, impact summary and pending/approved/denied state. This is the
+headless contract used by the TUI approval menu and the future guarded
+dispatcher before mutating filesystem, shell or MCP tools are enabled.
+
+Provider stream `tool_call` events now open the TUI approval menu when the
+active permission mode requires review. Approve/Deny records the audited
+decision and returns focus to the chat input. Actual tool execution remains
+blocked until the guarded dispatcher is enabled.
 
 Examples:
 
@@ -279,6 +294,9 @@ Examples:
 axion permission inspect Read --mode approved_by_me --json
 axion permission inspect Bash "{\"command\":\"npm install left-pad\"}" --mode full_permission --json
 axion permission inspect mcp__serena__replace_symbol_body "{}" --mode full_permission --json
+axion permission request Bash "{\"command\":\"npm install left-pad\"}" --mode full_permission --session smoke --turn turn-1 --json
+axion permission approvals --session smoke --decision pending --json
+axion permission resolve <approval-id> --deny --reason "not needed" --json
 ```
 
 Security invariants:
@@ -328,7 +346,9 @@ This is a functional direction MVP, not the full harness:
   deferred until the Nexus beta handoff;
 - terminal logo uses Sixel when available and falls back to width-bounded ANSI/block rendering;
 - initial chat splash shows the Axion logo and system name until the first interaction;
-- no mutating tool execution yet; the approval/sandbox classification contract is implemented and inspectable;
+- no mutating tool execution yet; the approval/sandbox classification,
+  persisted approval queue and TUI approval menu are implemented and
+  inspectable;
 - no executable Pi RPC bridge yet;
 - no MCP transport execution yet;
 - native subagent execution is prompt-isolated and provider/model-inherited; richer multi-subagent orchestration, streaming and budget telemetry remain next-cycle items.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rnbsolucoes/axion-code",
-  "version": "0.1.15",
+  "version": "0.1.17",
   "description": "Axion Code CLI harness for the Axion ecosystem.",
   "type": "module",
   "repository": {