@roxy-agent/agents 0.1.0

package/dist/tools/conversation.js

@@ -0,0 +1,36 @@
+import { z } from "zod";
+import { logEvent } from "../logger.js";
+// ---------------------------------------------------------------------------
+// audit_message — persist chat turns in the same SQLite audit stream as tools
+// ---------------------------------------------------------------------------
+export const auditMessageToolDefinition = {
+    name: "audit_message",
+    description: "Record a user or assistant message in the local audit database (dashboard + recent_events). Cursor does not send chat through MCP by default — only tool calls hit this server — so prompts are NOT logged unless you call this tool or use POST /api/chat/log from a Cursor hook. Use when the user wants the conversation visible next to bash/filesystem/network events.",
+    schema: z.object({
+        role: z.enum(["user", "assistant"]).describe("Who said this line."),
+        text: z
+            .string()
+            .min(1)
+            .describe("Message body to store (long text is truncated for storage)."),
+    }),
+};
+export function auditMessage(args, session_id) {
+    const id = logChatTurn(session_id, args.role, args.text);
+    return { success: true, event_id: id };
+}
+/** Shared by MCP tool and dashboard HTTP ingest */
+export function logChatTurn(session_id, role, text) {
+    const preview = text.length > 2000 ? text.slice(0, 1997) + "…" : text;
+    return logEvent({
+        session_id,
+        tool: "chat",
+        action_type: "message",
+        payload: { role, text: preview },
+        risk_level: "low",
+        decision: "allowed",
+        reason: `${role} message`,
+        result: "logged",
+        duration_ms: 0,
+    });
+}
+//# sourceMappingURL=conversation.js.map

package/dist/tools/conversation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"conversation.js","sourceRoot":"","sources":["../../src/tools/conversation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AAExC,8EAA8E;AAC9E,8EAA8E;AAC9E,8EAA8E;AAE9E,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,IAAI,EAAE,eAAe;IACrB,WAAW,EACT,6WAA6W;IAC/W,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC;QACnE,IAAI,EAAE,CAAC;aACJ,MAAM,EAAE;aACR,GAAG,CAAC,CAAC,CAAC;aACN,QAAQ,CAAC,6DAA6D,CAAC;KAC3E,CAAC;CACH,CAAC;AAIF,MAAM,UAAU,YAAY,CAC1B,IAAsB,EACtB,UAAkB;IAElB,MAAM,EAAE,GAAG,WAAW,CAAC,UAAU,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;IACzD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;AACzC,CAAC;AAED,mDAAmD;AACnD,MAAM,UAAU,WAAW,CACzB,UAAkB,EAClB,IAA0B,EAC1B,IAAY;IAEZ,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;IACtE,OAAO,QAAQ,CAAC;QACd,UAAU;QACV,IAAI,EAAE,MAAM;QACZ,WAAW,EAAE,SAAS;QACtB,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE;QAChC,UAAU,EAAE,KAAK;QACjB,QAAQ,EAAE,SAAS;QACnB,MAAM,EAAE,GAAG,IAAI,UAAU;QACzB,MAAM,EAAE,QAAQ;QAChB,WAAW,EAAE,CAAC;KACf,CAAC,CAAC;AACL,CAAC"}

package/dist/tools/filesystem.js

@@ -0,0 +1,243 @@
+import { z } from "zod";
+import fs from "node:fs/promises";
+import path from "node:path";
+import { classifyFilePathAsync } from "../classifier.js";
+import { logEvent, updateEventResult } from "../logger.js";
+import { awaitApproval } from "../approvals.js";
+async function gateFilesystem(classification, event_id, args, session_id) {
+    if (classification.decision === "denied") {
+        updateEventResult(event_id, "blocked by classifier", 0);
+        return {
+            proceed: false,
+            result: {
+                success: false,
+                blocked: true,
+                reason: classification.reason,
+                event_id,
+            },
+        };
+    }
+    if (classification.decision === "pending_approval") {
+        const verdict = await awaitApproval({
+            event_id,
+            tool: "filesystem",
+            summary: `${args.op} ${args.path}`,
+            reason: classification.reason,
+            payload: { path: args.path, operation: args.op },
+            session_id,
+        });
+        if (!verdict.approved) {
+            updateEventResult(event_id, verdict.reason, 0);
+            return {
+                proceed: false,
+                result: {
+                    success: false,
+                    blocked: true,
+                    reason: verdict.reason,
+                    event_id,
+                },
+            };
+        }
+    }
+    return { proceed: true };
+}
+// Cap the size of a single read so we never return multi-GB blobs through
+// the MCP transport.
+const MAX_READ_BYTES = 5 * 1024 * 1024; // 5 MB
+export const readFileToolDefinition = {
+    name: "read_file",
+    description: "Read the contents of a file as UTF-8. Logged to the audit DB. Sensitive paths (e.g. ~/.ssh, .env) are flagged.",
+    schema: z.object({
+        path: z.string().min(1).describe("Absolute or relative path to the file."),
+        max_bytes: z
+            .number()
+            .int()
+            .positive()
+            .max(MAX_READ_BYTES)
+            .optional()
+            .describe(`Max bytes to read. Default ${MAX_READ_BYTES}.`),
+    }),
+};
+export const writeFileToolDefinition = {
+    name: "write_file",
+    description: "Write content to a file (creating parent dirs as needed). Logged. Writes to sensitive paths are denied.",
+    schema: z.object({
+        path: z.string().min(1),
+        content: z.string(),
+        append: z
+            .boolean()
+            .optional()
+            .default(false)
+            .describe("If true, append instead of overwrite."),
+    }),
+};
+export const deleteFileToolDefinition = {
+    name: "delete_file",
+    description: "Delete a file. Always flagged as high risk and logged.",
+    schema: z.object({
+        path: z.string().min(1),
+    }),
+};
+export const listDirectoryToolDefinition = {
+    name: "list_directory",
+    description: "List entries in a directory (non-recursive). Logged.",
+    schema: z.object({
+        path: z.string().min(1),
+    }),
+};
+export async function readFile(args, session_id) {
+    const classification = await classifyFilePathAsync(args.path, "read");
+    const max = args.max_bytes ?? MAX_READ_BYTES;
+    const event_id = logEvent({
+        session_id,
+        tool: "filesystem",
+        action_type: "read",
+        payload: { path: args.path, max_bytes: max },
+        risk_level: classification.risk_level,
+        decision: classification.decision,
+        reason: classification.reason,
+    });
+    const gate = await gateFilesystem(classification, event_id, { path: args.path, op: "read" }, session_id);
+    if (!gate.proceed)
+        return gate.result;
+    const start = Date.now();
+    try {
+        const buf = await fs.readFile(args.path);
+        const truncated = buf.length > max;
+        const slice = truncated ? buf.subarray(0, max) : buf;
+        const content = slice.toString("utf-8");
+        updateEventResult(event_id, `read ${slice.length}/${buf.length} bytes${truncated ? " (truncated)" : ""}`, Date.now() - start);
+        return {
+            success: true,
+            content,
+            bytes_read: slice.length,
+            total_bytes: buf.length,
+            truncated,
+            event_id,
+            flagged: classification.decision === "flagged",
+            flag_reason: classification.decision === "flagged"
+                ? classification.reason
+                : undefined,
+        };
+    }
+    catch (err) {
+        const e = err;
+        updateEventResult(event_id, "", Date.now() - start, e.message);
+        return { success: false, error: e.message, event_id };
+    }
+}
+export async function writeFile(args, session_id) {
+    const classification = await classifyFilePathAsync(args.path, "write");
+    const event_id = logEvent({
+        session_id,
+        tool: "filesystem",
+        action_type: args.append ? "append" : "write",
+        payload: {
+            path: args.path,
+            content_length: args.content.length,
+            append: args.append,
+        },
+        risk_level: classification.risk_level,
+        decision: classification.decision,
+        reason: classification.reason,
+    });
+    const gate = await gateFilesystem(classification, event_id, { path: args.path, op: args.append ? "append" : "write" }, session_id);
+    if (!gate.proceed)
+        return gate.result;
+    const start = Date.now();
+    try {
+        const dir = path.dirname(args.path);
+        if (dir && dir !== "." && dir !== "/") {
+            await fs.mkdir(dir, { recursive: true });
+        }
+        if (args.append) {
+            await fs.appendFile(args.path, args.content, "utf-8");
+        }
+        else {
+            await fs.writeFile(args.path, args.content, "utf-8");
+        }
+        updateEventResult(event_id, `${args.append ? "appended" : "wrote"} ${args.content.length} bytes`, Date.now() - start);
+        return {
+            success: true,
+            bytes_written: args.content.length,
+            event_id,
+            flagged: classification.decision === "flagged",
+            flag_reason: classification.decision === "flagged"
+                ? classification.reason
+                : undefined,
+        };
+    }
+    catch (err) {
+        const e = err;
+        updateEventResult(event_id, "", Date.now() - start, e.message);
+        return { success: false, error: e.message, event_id };
+    }
+}
+export async function deleteFile(args, session_id) {
+    const classification = await classifyFilePathAsync(args.path, "delete");
+    const event_id = logEvent({
+        session_id,
+        tool: "filesystem",
+        action_type: "delete",
+        payload: { path: args.path },
+        risk_level: classification.risk_level,
+        decision: classification.decision,
+        reason: classification.reason,
+    });
+    const gate = await gateFilesystem(classification, event_id, { path: args.path, op: "delete" }, session_id);
+    if (!gate.proceed)
+        return gate.result;
+    const start = Date.now();
+    try {
+        await fs.unlink(args.path);
+        updateEventResult(event_id, "deleted", Date.now() - start);
+        return {
+            success: true,
+            event_id,
+            flagged: true,
+            flag_reason: classification.reason,
+        };
+    }
+    catch (err) {
+        const e = err;
+        updateEventResult(event_id, "", Date.now() - start, e.message);
+        return { success: false, error: e.message, event_id };
+    }
+}
+export async function listDirectory(args, session_id) {
+    const classification = await classifyFilePathAsync(args.path, "list");
+    const event_id = logEvent({
+        session_id,
+        tool: "filesystem",
+        action_type: "list",
+        payload: { path: args.path },
+        risk_level: classification.risk_level,
+        decision: classification.decision,
+        reason: classification.reason,
+    });
+    const gate = await gateFilesystem(classification, event_id, { path: args.path, op: "list" }, session_id);
+    if (!gate.proceed)
+        return gate.result;
+    const start = Date.now();
+    try {
+        const entries = await fs.readdir(args.path, { withFileTypes: true });
+        const items = entries.map((e) => ({
+            name: e.name,
+            type: e.isDirectory()
+                ? "dir"
+                : e.isSymbolicLink()
+                    ? "symlink"
+                    : e.isFile()
+                        ? "file"
+                        : "other",
+        }));
+        updateEventResult(event_id, `${items.length} entries`, Date.now() - start);
+        return { success: true, entries: items, event_id };
+    }
+    catch (err) {
+        const e = err;
+        updateEventResult(event_id, "", Date.now() - start, e.message);
+        return { success: false, error: e.message, event_id };
+    }
+}
+//# sourceMappingURL=filesystem.js.map

package/dist/tools/filesystem.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"filesystem.js","sourceRoot":"","sources":["../../src/tools/filesystem.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AACzD,OAAO,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,KAAK,UAAU,cAAc,CAC3B,cAAiE,EACjE,QAAgB,EAChB,IAAkC,EAClC,UAAkB;IAKlB,IAAI,cAAc,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACzC,iBAAiB,CAAC,QAAQ,EAAE,uBAAuB,EAAE,CAAC,CAAC,CAAC;QACxD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,MAAM,EAAE;gBACN,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,cAAc,CAAC,MAAM;gBAC7B,QAAQ;aACT;SACF,CAAC;IACJ,CAAC;IACD,IAAI,cAAc,CAAC,QAAQ,KAAK,kBAAkB,EAAE,CAAC;QACnD,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC;YAClC,QAAQ;YACR,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,GAAG,IAAI,CAAC,EAAE,IAAI,IAAI,CAAC,IAAI,EAAE;YAClC,MAAM,EAAE,cAAc,CAAC,MAAM;YAC7B,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,EAAE,EAAE;YAChD,UAAU;SACX,CAAC,CAAC;QACH,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;YACtB,iBAAiB,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YAC/C,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE;oBACN,OAAO,EAAE,KAAK;oBACd,OAAO,EAAE,IAAI;oBACb,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,QAAQ;iBACT;aACF,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC;AAED,0EAA0E;AAC1E,qBAAqB;AACrB,MAAM,cAAc,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO;AAE/C,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC,IAAI,EAAE,WAAW;IACjB,WAAW,EACT,gHAAgH;IAClH,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,wCAAwC,CAAC;QAC1E,SAAS,EAAE,CAAC;aACT,MAAM,EAAE;aACR,GAAG,EAAE;aACL,QAAQ,EAAE;aACV,GAAG,CAAC,cAAc,CAAC;aACnB,QAAQ,EAAE;aACV,QAAQ,CAAC,8BAA8B,cAAc,GAAG,CAAC;KAC7D,CAAC;CACH,CAAC;AAEF,MAAM,CAAC,MAAM,uBAAuB,GAAG;IACrC,IAAI,EAAE,YAAY;IAClB,WAAW,EACT,yGAAyG;IAC3G,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QACvB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;QACnB,MAAM,EAAE,CAAC;aACN,OAAO,EAAE;aACT,QAAQ,EAAE;aACV,OAAO,CAAC,KAAK,CAAC;aACd,QAAQ,CAAC,uCAAuC,CAAC;KACrD,CAAC;CACH,CAAC;AAEF,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,IAAI,EAAE,aAAa;IACnB,WAAW,EACT,wDAAwD;IAC1D,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;KACxB,CAAC;CACH,CAAC;AAEF,MAAM,CAAC,MAAM,2BAA2B,GAAG;IACzC,IAAI,EAAE,gBAAgB;IACtB,WAAW,EACT,sDAAsD;IACxD,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;KACxB,CAAC;CACH,CAAC;AASF,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,IAAkB,EAAE,UAAkB;IACnE,MAAM,cAAc,GAAG,MAAM,qBAAqB,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IACtE,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,IAAI,cAAc,CAAC;IAE7C,MAAM,QAAQ,GAAG,QAAQ,CAAC;QACxB,UAAU;QACV,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,MAAM;QACnB,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,GAAG,EAAE;QAC5C,UAAU,EAAE,cAAc,CAAC,UAAU;QACrC,QAAQ,EAAE,cAAc,CAAC,QAAQ;QACjC,MAAM,EAAE,cAAc,CAAC,MAAM;KAC9B,CAAC,CAAC;IAEH,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,cAAc,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,UAAU,CAAC,CAAC;IACzG,IAAI,CAAC,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC,MAAM,CAAC;IAEtC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzC,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC;QACnC,MAAM,KAAK,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QACrD,MAAM,OAAO,GAAG,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACxC,iBAAiB,CACf,QAAQ,EACR,QAAQ,KAAK,CAAC,MAAM,IAAI,GAAG,CAAC,MAAM,SAAS,SAAS,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,EAAE,EAC5E,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CACnB,CAAC;QACF,OAAO;YACL,OAAO,EAAE,IAAI;YACb,OAAO;YACP,UAAU,EAAE,KAAK,CAAC,MAAM;YACxB,WAAW,EAAE,GAAG,CAAC,MAAM;YACvB,SAAS;YACT,QAAQ;YACR,OAAO,EAAE,cAAc,CAAC,QAAQ,KAAK,SAAS;YAC9C,WAAW,EACT,cAAc,CAAC,QAAQ,KAAK,SAAS;gBACnC,CAAC,CAAC,cAAc,CAAC,MAAM;gBACvB,CAAC,CAAC,SAAS;SAChB,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,GAAG,GAAY,CAAC;QACvB,iBAAiB,CAAC,QAAQ,EAAE,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC;QAC/D,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC;IACxD,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,IAAmB,EAAE,UAAkB;IACrE,MAAM,cAAc,GAAG,MAAM,qBAAqB,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAEvE,MAAM,QAAQ,GAAG,QAAQ,CAAC;QACxB,UAAU;QACV,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO;QAC7C,OAAO,EAAE;YACP,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,cAAc,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;YACnC,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB;QACD,UAAU,EAAE,cAAc,CAAC,UAAU;QACrC,QAAQ,EAAE,cAAc,CAAC,QAAQ;QACjC,MAAM,EAAE,cAAc,CAAC,MAAM;KAC9B,CAAC,CAAC;IAEH,MAAM,IAAI,GAAG,MAAM,cAAc,CAC/B,cAAc,EACd,QAAQ,EACR,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,EACzD,UAAU,CACX,CAAC;IACF,IAAI,CAAC,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC,MAAM,CAAC;IAEtC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpC,IAAI,GAAG,IAAI,GAAG,KAAK,GAAG,IAAI,GAAG,KAAK,GAAG,EAAE,CAAC;YACtC,MAAM,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3C,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACxD,CAAC;aAAM,CAAC;YACN,MAAM,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACvD,CAAC;QACD,iBAAiB,CACf,QAAQ,EACR,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,QAAQ,EACpE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CACnB,CAAC;QACF,OAAO;YACL,OAAO,EAAE,IAAI;YACb,aAAa,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;YAClC,QAAQ;YACR,OAAO,EAAE,cAAc,CAAC,QAAQ,KAAK,SAAS;YAC9C,WAAW,EACT,cAAc,CAAC,QAAQ,KAAK,SAAS;gBACnC,CAAC,CAAC,cAAc,CAAC,MAAM;gBACvB,CAAC,CAAC,SAAS;SAChB,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,GAAG,GAAY,CAAC;QACvB,iBAAiB,CAAC,QAAQ,EAAE,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC;QAC/D,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC;IACxD,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,UAAU,CAAC,IAAoB,EAAE,UAAkB;IACvE,MAAM,cAAc,GAAG,MAAM,qBAAqB,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAExE,MAAM,QAAQ,GAAG,QAAQ,CAAC;QACxB,UAAU;QACV,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,QAAQ;QACrB,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;QAC5B,UAAU,EAAE,cAAc,CAAC,UAAU;QACrC,QAAQ,EAAE,cAAc,CAAC,QAAQ;QACjC,MAAM,EAAE,cAAc,CAAC,MAAM;KAC9B,CAAC,CAAC;IAEH,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,cAAc,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,EAAE,QAAQ,EAAE,EAAE,UAAU,CAAC,CAAC;IAC3G,IAAI,CAAC,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC,MAAM,CAAC;IAEtC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3B,iBAAiB,CAAC,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC;QAC3D,OAAO;YACL,OAAO,EAAE,IAAI;YACb,QAAQ;YACR,OAAO,EAAE,IAAI;YACb,WAAW,EAAE,cAAc,CAAC,MAAM;SACnC,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,GAAG,GAAY,CAAC;QACvB,iBAAiB,CAAC,QAAQ,EAAE,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC;QAC/D,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC;IACxD,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,IAAuB,EACvB,UAAkB;IAElB,MAAM,cAAc,GAAG,MAAM,qBAAqB,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAEtE,MAAM,QAAQ,GAAG,QAAQ,CAAC;QACxB,UAAU;QACV,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,MAAM;QACnB,OAAO,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;QAC5B,UAAU,EAAE,cAAc,CAAC,UAAU;QACrC,QAAQ,EAAE,cAAc,CAAC,QAAQ;QACjC,MAAM,EAAE,cAAc,CAAC,MAAM;KAC9B,CAAC,CAAC;IAEH,MAAM,IAAI,GAAG,MAAM,cAAc,CAAC,cAAc,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,UAAU,CAAC,CAAC;IACzG,IAAI,CAAC,IAAI,CAAC,OAAO;QAAE,OAAO,IAAI,CAAC,MAAM,CAAC;IAEtC,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;QACrE,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAChC,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE;gBACnB,CAAC,CAAC,KAAK;gBACP,CAAC,CAAC,CAAC,CAAC,cAAc,EAAE;oBAClB,CAAC,CAAC,SAAS;oBACX,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE;wBACV,CAAC,CAAC,MAAM;wBACR,CAAC,CAAC,OAAO;SAChB,CAAC,CAAC,CAAC;QACJ,iBAAiB,CAAC,QAAQ,EAAE,GAAG,KAAK,CAAC,MAAM,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC;QAC3E,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;IACrD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,GAAG,GAAY,CAAC;QACvB,iBAAiB,CAAC,QAAQ,EAAE,EAAE,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC;QAC/D,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,CAAC;IACxD,CAAC;AACH,CAAC"}

package/dist/tools/introspect.js

@@ -0,0 +1,187 @@
+// Introspection tools — let the agent query its own audit trail and
+// pre-flight-check actions before committing to them. These tools are
+// read-only and never produce side effects, so they are not themselves
+// audited.
+import { z } from "zod";
+import { classifyBashCommandAsync, classifyFilePathAsync, classifyNetworkRequestAsync, } from "../classifier.js";
+import { getRecentEvents, getEvent, getStats, getSessionEvents, } from "../db.js";
+import { isBashMLReady } from "../ml/bash-classifier.js";
+// ---------------------------------------------------------------------------
+// classify — pre-flight risk check (no side effects)
+// ---------------------------------------------------------------------------
+export const classifyToolDefinition = {
+    name: "classify",
+    description: "Pre-flight risk check. Returns the proxy's risk classification (low/medium/high) and decision (allowed/flagged/denied) for a hypothetical bash command, filesystem path, or network URL — WITHOUT executing it. Use this to preview whether a planned action would be blocked or flagged before committing to it. Especially useful when the user asks you to do something that might be destructive: classify it first, then explain the verdict.",
+    schema: z.object({
+        tool: z
+            .enum(["bash", "filesystem", "network"])
+            .describe("Which tool the action would run through: 'bash', 'filesystem', or 'network'."),
+        command: z
+            .string()
+            .optional()
+            .describe("Bash command to classify (when tool='bash')."),
+        path: z
+            .string()
+            .optional()
+            .describe("Filesystem path to classify (when tool='filesystem')."),
+        operation: z
+            .enum(["read", "write", "delete", "list"])
+            .optional()
+            .describe("Filesystem operation (when tool='filesystem'). Defaults to 'read'."),
+        url: z
+            .string()
+            .optional()
+            .describe("URL to classify (when tool='network')."),
+        method: z
+            .string()
+            .optional()
+            .describe("HTTP method (when tool='network'). Defaults to 'GET'."),
+    }),
+};
+export async function classify(args) {
+    let cls;
+    switch (args.tool) {
+        case "bash": {
+            if (!args.command)
+                throw new Error("`command` is required when tool='bash'");
+            cls = await classifyBashCommandAsync(args.command);
+            break;
+        }
+        case "filesystem": {
+            if (!args.path)
+                throw new Error("`path` is required when tool='filesystem'");
+            cls = await classifyFilePathAsync(args.path, args.operation ?? "read");
+            break;
+        }
+        case "network": {
+            if (!args.url)
+                throw new Error("`url` is required when tool='network'");
+            cls = await classifyNetworkRequestAsync(args.url, args.method ?? "GET");
+            break;
+        }
+    }
+    const would_be = cls.decision === "denied"
+        ? "blocked"
+        : cls.decision === "flagged"
+            ? "executed_with_flag"
+            : "executed";
+    return {
+        ...cls,
+        tool: args.tool,
+        ml_ready: isBashMLReady(),
+        would_be,
+    };
+}
+// ---------------------------------------------------------------------------
+// recent_events — read the audit trail
+// ---------------------------------------------------------------------------
+export const recentEventsToolDefinition = {
+    name: "recent_events",
+    description: "Return the most recent audited tool calls. Use this to answer 'what did I just do?', summarize a session, or investigate a flagged event. Optional filters narrow by tool, decision, or session. The current session's events are most useful for self-audit.",
+    schema: z.object({
+        limit: z
+            .number()
+            .int()
+            .positive()
+            .max(500)
+            .optional()
+            .describe("Max events to return (default 25, max 500)."),
+        tool: z
+            .enum(["bash", "filesystem", "network"])
+            .optional()
+            .describe("Only return events for this tool."),
+        decision: z
+            .enum(["allowed", "flagged", "denied"])
+            .optional()
+            .describe("Only return events with this decision."),
+        session_id: z
+            .string()
+            .optional()
+            .describe("Only return events from this session. Pass 'current' to use the proxy server's current session."),
+        event_id: z
+            .number()
+            .int()
+            .positive()
+            .optional()
+            .describe("Fetch a single event by id. Overrides other filters."),
+    }),
+};
+function summarizeEvent(e) {
+    let payload = {};
+    try {
+        payload = JSON.parse(e.payload);
+    }
+    catch {
+        /* ignore */
+    }
+    if (e.tool === "bash" && payload.command)
+        return payload.command;
+    if (e.tool === "filesystem" && payload.path) {
+        return `${e.action_type} ${payload.path}`;
+    }
+    if (e.tool === "network" && payload.url)
+        return payload.url;
+    return e.action_type;
+}
+function toSlim(e) {
+    let payload = e.payload;
+    try {
+        payload = JSON.parse(e.payload);
+    }
+    catch {
+        /* keep raw */
+    }
+    return {
+        id: e.id,
+        timestamp: e.timestamp,
+        session_id: e.session_id,
+        tool: e.tool,
+        action_type: e.action_type,
+        summary: summarizeEvent(e),
+        payload,
+        risk_level: e.risk_level,
+        decision: e.decision,
+        reason: e.reason,
+        duration_ms: e.duration_ms,
+        error: e.error,
+        result: e.result,
+    };
+}
+export function recentEvents(args, current_session_id) {
+    if (args.event_id) {
+        const e = getEvent(args.event_id);
+        return { events: e ? [toSlim(e)] : [], count: e ? 1 : 0 };
+    }
+    const limit = args.limit ?? 25;
+    let rows;
+    const session = args.session_id === "current" ? current_session_id : args.session_id;
+    if (session) {
+        rows = getSessionEvents(session).slice(-limit).reverse();
+    }
+    else {
+        rows = getRecentEvents(Math.max(limit, 200));
+    }
+    if (args.tool)
+        rows = rows.filter((r) => r.tool === args.tool);
+    if (args.decision)
+        rows = rows.filter((r) => r.decision === args.decision);
+    rows = rows.slice(0, limit);
+    return { events: rows.map(toSlim), count: rows.length };
+}
+// ---------------------------------------------------------------------------
+// proxy_stats — heartbeat / aggregate counters
+// ---------------------------------------------------------------------------
+export const proxyStatsToolDefinition = {
+    name: "proxy_stats",
+    description: "Return aggregate audit counters and proxy health (total events, decisions breakdown, ML readiness, current session). Useful as a heartbeat or to summarize the audit log at a glance.",
+    schema: z.object({}),
+};
+export function proxyStats(current_session_id, dashboard_port) {
+    return {
+        current_session_id,
+        ml_ready: isBashMLReady(),
+        dashboard_url: `http://localhost:${dashboard_port}`,
+        totals: getStats(),
+    };
+}
+//# sourceMappingURL=introspect.js.map

package/dist/tools/introspect.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"introspect.js","sourceRoot":"","sources":["../../src/tools/introspect.ts"],"names":[],"mappings":"AAAA,oEAAoE;AACpE,sEAAsE;AACtE,uEAAuE;AACvE,WAAW;AACX,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EACL,wBAAwB,EACxB,qBAAqB,EACrB,2BAA2B,GAE5B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EACL,eAAe,EACf,QAAQ,EACR,QAAQ,EACR,gBAAgB,GAEjB,MAAM,UAAU,CAAC;AAClB,OAAO,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAEzD,8EAA8E;AAC9E,qDAAqD;AACrD,8EAA8E;AAE9E,MAAM,CAAC,MAAM,sBAAsB,GAAG;IACpC,IAAI,EAAE,UAAU;IAChB,WAAW,EACT,obAAob;IACtb,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,IAAI,EAAE,CAAC;aACJ,IAAI,CAAC,CAAC,MAAM,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;aACvC,QAAQ,CACP,8EAA8E,CAC/E;QACH,OAAO,EAAE,CAAC;aACP,MAAM,EAAE;aACR,QAAQ,EAAE;aACV,QAAQ,CAAC,8CAA8C,CAAC;QAC3D,IAAI,EAAE,CAAC;aACJ,MAAM,EAAE;aACR,QAAQ,EAAE;aACV,QAAQ,CAAC,uDAAuD,CAAC;QACpE,SAAS,EAAE,CAAC;aACT,IAAI,CAAC,CAAC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;aACzC,QAAQ,EAAE;aACV,QAAQ,CAAC,oEAAoE,CAAC;QACjF,GAAG,EAAE,CAAC;aACH,MAAM,EAAE;aACR,QAAQ,EAAE;aACV,QAAQ,CAAC,wCAAwC,CAAC;QACrD,MAAM,EAAE,CAAC;aACN,MAAM,EAAE;aACR,QAAQ,EAAE;aACV,QAAQ,CAAC,uDAAuD,CAAC;KACrE,CAAC;CACH,CAAC;AAUF,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,IAAkB;IAC/C,IAAI,GAAmB,CAAC;IACxB,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,KAAK,MAAM,CAAC,CAAC,CAAC;YACZ,IAAI,CAAC,IAAI,CAAC,OAAO;gBAAE,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;YAC7E,GAAG,GAAG,MAAM,wBAAwB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACnD,MAAM;QACR,CAAC;QACD,KAAK,YAAY,CAAC,CAAC,CAAC;YAClB,IAAI,CAAC,IAAI,CAAC,IAAI;gBAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;YAC7E,GAAG,GAAG,MAAM,qBAAqB,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,IAAI,MAAM,CAAC,CAAC;YACvE,MAAM;QACR,CAAC;QACD,KAAK,SAAS,CAAC,CAAC,CAAC;YACf,IAAI,CAAC,IAAI,CAAC,GAAG;gBAAE,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;YACxE,GAAG,GAAG,MAAM,2BAA2B,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC,CAAC;YACxE,MAAM;QACR,CAAC;IACH,CAAC;IAED,MAAM,QAAQ,GACZ,GAAG,CAAC,QAAQ,KAAK,QAAQ;QACvB,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,GAAG,CAAC,QAAQ,KAAK,SAAS;YAC1B,CAAC,CAAC,oBAAoB;YACtB,CAAC,CAAC,UAAU,CAAC;IAEnB,OAAO;QACL,GAAG,GAAG;QACN,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,QAAQ,EAAE,aAAa,EAAE;QACzB,QAAQ;KACT,CAAC;AACJ,CAAC;AAED,8EAA8E;AAC9E,uCAAuC;AACvC,8EAA8E;AAE9E,MAAM,CAAC,MAAM,0BAA0B,GAAG;IACxC,IAAI,EAAE,eAAe;IACrB,WAAW,EACT,+PAA+P;IACjQ,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,KAAK,EAAE,CAAC;aACL,MAAM,EAAE;aACR,GAAG,EAAE;aACL,QAAQ,EAAE;aACV,GAAG,CAAC,GAAG,CAAC;aACR,QAAQ,EAAE;aACV,QAAQ,CAAC,6CAA6C,CAAC;QAC1D,IAAI,EAAE,CAAC;aACJ,IAAI,CAAC,CAAC,MAAM,EAAE,YAAY,EAAE,SAAS,CAAC,CAAC;aACvC,QAAQ,EAAE;aACV,QAAQ,CAAC,mCAAmC,CAAC;QAChD,QAAQ,EAAE,CAAC;aACR,IAAI,CAAC,CAAC,SAAS,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;aACtC,QAAQ,EAAE;aACV,QAAQ,CAAC,wCAAwC,CAAC;QACrD,UAAU,EAAE,CAAC;aACV,MAAM,EAAE;aACR,QAAQ,EAAE;aACV,QAAQ,CACP,iGAAiG,CAClG;QACH,QAAQ,EAAE,CAAC;aACR,MAAM,EAAE;aACR,GAAG,EAAE;aACL,QAAQ,EAAE;aACV,QAAQ,EAAE;aACV,QAAQ,CAAC,sDAAsD,CAAC;KACpE,CAAC;CACH,CAAC;AAoBF,SAAS,cAAc,CAAC,CAAW;IACjC,IAAI,OAAO,GAAsD,EAAE,CAAC;IACpE,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,YAAY;IACd,CAAC;IACD,IAAI,CAAC,CAAC,IAAI,KAAK,MAAM,IAAI,OAAO,CAAC,OAAO;QAAE,OAAO,OAAO,CAAC,OAAO,CAAC;IACjE,IAAI,CAAC,CAAC,IAAI,KAAK,YAAY,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QAC5C,OAAO,GAAG,CAAC,CAAC,WAAW,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;IAC5C,CAAC;IACD,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,IAAI,OAAO,CAAC,GAAG;QAAE,OAAO,OAAO,CAAC,GAAG,CAAC;IAC5D,OAAO,CAAC,CAAC,WAAW,CAAC;AACvB,CAAC;AAED,SAAS,MAAM,CAAC,CAAW;IACzB,IAAI,OAAO,GAAY,CAAC,CAAC,OAAO,CAAC;IACjC,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC;IAAC,MAAM,CAAC;QACP,cAAc;IAChB,CAAC;IACD,OAAO;QACL,EAAE,EAAE,CAAC,CAAC,EAAE;QACR,SAAS,EAAE,CAAC,CAAC,SAAS;QACtB,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,OAAO,EAAE,cAAc,CAAC,CAAC,CAAC;QAC1B,OAAO;QACP,UAAU,EAAE,CAAC,CAAC,UAAU;QACxB,QAAQ,EAAE,CAAC,CAAC,QAAQ;QACpB,MAAM,EAAE,CAAC,CAAC,MAAM;QAChB,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,KAAK,EAAE,CAAC,CAAC,KAAK;QACd,MAAM,EAAE,CAAC,CAAC,MAAM;KACjB,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAC1B,IAAsB,EACtB,kBAA0B;IAE1B,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;QAClB,MAAM,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAClC,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAC5D,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;IAC/B,IAAI,IAAgB,CAAC;IAErB,MAAM,OAAO,GACX,IAAI,CAAC,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC;IAEvE,IAAI,OAAO,EAAE,CAAC;QACZ,IAAI,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC;IAC3D,CAAC;SAAM,CAAC;QACN,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,IAAI,CAAC,IAAI;QAAE,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,CAAC;IAC/D,IAAI,IAAI,CAAC,QAAQ;QAAE,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,IAAI,CAAC,QAAQ,CAAC,CAAC;IAE3E,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAC5B,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;AAC1D,CAAC;AAED,8EAA8E;AAC9E,+CAA+C;AAC/C,8EAA8E;AAE9E,MAAM,CAAC,MAAM,wBAAwB,GAAG;IACtC,IAAI,EAAE,aAAa;IACnB,WAAW,EACT,uLAAuL;IACzL,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC;CACrB,CAAC;AASF,MAAM,UAAU,UAAU,CACxB,kBAA0B,EAC1B,cAAsB;IAEtB,OAAO;QACL,kBAAkB;QAClB,QAAQ,EAAE,aAAa,EAAE;QACzB,aAAa,EAAE,oBAAoB,cAAc,EAAE;QACnD,MAAM,EAAE,QAAQ,EAAE;KACnB,CAAC;AACJ,CAAC"}

package/dist/tools/network.js

@@ -0,0 +1,152 @@
+import { z } from "zod";
+import { classifyNetworkRequestAsync } from "../classifier.js";
+import { logEvent, updateEventResult } from "../logger.js";
+import { awaitApproval } from "../approvals.js";
+const MAX_BODY_BYTES = 2 * 1024 * 1024; // 2 MB
+const DEFAULT_TIMEOUT_MS = 30_000;
+// Headers that should never be echoed back to the agent or stored in the
+// audit DB unredacted.
+const SENSITIVE_HEADER_NAMES = new Set([
+    "authorization",
+    "proxy-authorization",
+    "cookie",
+    "set-cookie",
+    "x-api-key",
+    "x-auth-token",
+]);
+export const networkToolDefinition = {
+    name: "fetch_url",
+    description: "Make an HTTP(S) request to a URL. All requests are risk-classified and logged. External URLs and mutating methods are flagged. Fetching executable scripts is denied.",
+    schema: z.object({
+        url: z.string().url(),
+        method: z
+            .enum(["GET", "POST", "PUT", "DELETE", "PATCH", "HEAD"])
+            .optional()
+            .default("GET"),
+        headers: z.record(z.string(), z.string()).optional(),
+        body: z.string().optional(),
+        timeout_ms: z
+            .number()
+            .int()
+            .positive()
+            .max(5 * 60 * 1000)
+            .optional()
+            .describe(`Timeout in ms (default ${DEFAULT_TIMEOUT_MS}).`),
+    }),
+};
+export async function fetchUrl(args, session_id) {
+    const method = args.method ?? "GET";
+    const classification = await classifyNetworkRequestAsync(args.url, method);
+    const timeout = args.timeout_ms ?? DEFAULT_TIMEOUT_MS;
+    const event_id = logEvent({
+        session_id,
+        tool: "network",
+        action_type: `http_${method.toLowerCase()}`,
+        payload: {
+            url: args.url,
+            method,
+            has_body: !!args.body,
+            header_names: args.headers ? redactHeaderNames(args.headers) : [],
+            timeout_ms: timeout,
+        },
+        risk_level: classification.risk_level,
+        decision: classification.decision,
+        reason: classification.reason,
+    });
+    if (classification.decision === "denied") {
+        updateEventResult(event_id, "blocked by classifier", 0);
+        return {
+            success: false,
+            blocked: true,
+            reason: classification.reason,
+            event_id,
+        };
+    }
+    if (classification.decision === "pending_approval") {
+        const verdict = await awaitApproval({
+            event_id,
+            tool: "network",
+            summary: `${method} ${args.url}`,
+            reason: classification.reason,
+            payload: { url: args.url, method },
+            session_id,
+        });
+        if (!verdict.approved) {
+            updateEventResult(event_id, verdict.reason, 0);
+            return {
+                success: false,
+                blocked: true,
+                reason: verdict.reason,
+                event_id,
+            };
+        }
+    }
+    const start = Date.now();
+    const controller = new AbortController();
+    const timer = setTimeout(() => controller.abort(), timeout);
+    try {
+        const response = await fetch(args.url, {
+            method,
+            headers: args.headers,
+            body: args.body,
+            signal: controller.signal,
+            redirect: "follow",
+        });
+        const buf = Buffer.from(await response.arrayBuffer());
+        const truncated = buf.length > MAX_BODY_BYTES;
+        const slice = truncated ? buf.subarray(0, MAX_BODY_BYTES) : buf;
+        const text = safeUtf8(slice);
+        const duration_ms = Date.now() - start;
+        updateEventResult(event_id, `${response.status} ${response.statusText} — ${buf.length}B${truncated ? " (truncated)" : ""}`, duration_ms);
+        return {
+            success: response.ok,
+            status: response.status,
+            status_text: response.statusText,
+            headers: redactResponseHeaders(response.headers),
+            body: text,
+            bytes_received: buf.length,
+            truncated,
+            duration_ms,
+            event_id,
+            flagged: classification.decision === "flagged",
+            flag_reason: classification.decision === "flagged"
+                ? classification.reason
+                : undefined,
+        };
+    }
+    catch (err) {
+        const duration_ms = Date.now() - start;
+        const e = err;
+        const msg = controller.signal.aborted && e.name === "AbortError"
+            ? `timeout after ${timeout}ms`
+            : e.message;
+        updateEventResult(event_id, "", duration_ms, msg);
+        return { success: false, error: msg, duration_ms, event_id };
+    }
+    finally {
+        clearTimeout(timer);
+    }
+}
+function redactHeaderNames(headers) {
+    return Object.keys(headers).map((name) => SENSITIVE_HEADER_NAMES.has(name.toLowerCase())
+        ? `${name} (redacted)`
+        : name);
+}
+function redactResponseHeaders(headers) {
+    const out = {};
+    headers.forEach((value, key) => {
+        out[key] = SENSITIVE_HEADER_NAMES.has(key.toLowerCase())
+            ? "[redacted]"
+            : value;
+    });
+    return out;
+}
+function safeUtf8(buf) {
+    try {
+        return buf.toString("utf-8");
+    }
+    catch {
+        return `[non-utf8 body, ${buf.length} bytes]`;
+    }
+}
+//# sourceMappingURL=network.js.map

package/dist/tools/network.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"network.js","sourceRoot":"","sources":["../../src/tools/network.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EAAE,2BAA2B,EAAE,MAAM,kBAAkB,CAAC;AAC/D,OAAO,EAAE,QAAQ,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAEhD,MAAM,cAAc,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO;AAC/C,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAElC,yEAAyE;AACzE,uBAAuB;AACvB,MAAM,sBAAsB,GAAG,IAAI,GAAG,CAAC;IACrC,eAAe;IACf,qBAAqB;IACrB,QAAQ;IACR,YAAY;IACZ,WAAW;IACX,cAAc;CACf,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,IAAI,EAAE,WAAW;IACjB,WAAW,EACT,uKAAuK;IACzK,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC;QACf,GAAG,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;QACrB,MAAM,EAAE,CAAC;aACN,IAAI,CAAC,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;aACvD,QAAQ,EAAE;aACV,OAAO,CAAC,KAAK,CAAC;QACjB,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;QACpD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAC3B,UAAU,EAAE,CAAC;aACV,MAAM,EAAE;aACR,GAAG,EAAE;aACL,QAAQ,EAAE;aACV,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;aAClB,QAAQ,EAAE;aACV,QAAQ,CAAC,0BAA0B,kBAAkB,IAAI,CAAC;KAC9D,CAAC;CACH,CAAC;AAIF,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,IAAkB,EAAE,UAAkB;IACnE,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,IAAI,KAAK,CAAC;IACpC,MAAM,cAAc,GAAG,MAAM,2BAA2B,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAC3E,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,IAAI,kBAAkB,CAAC;IAEtD,MAAM,QAAQ,GAAG,QAAQ,CAAC;QACxB,UAAU;QACV,IAAI,EAAE,SAAS;QACf,WAAW,EAAE,QAAQ,MAAM,CAAC,WAAW,EAAE,EAAE;QAC3C,OAAO,EAAE;YACP,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,MAAM;YACN,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI;YACrB,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,iBAAiB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE;YACjE,UAAU,EAAE,OAAO;SACpB;QACD,UAAU,EAAE,cAAc,CAAC,UAAU;QACrC,QAAQ,EAAE,cAAc,CAAC,QAAQ;QACjC,MAAM,EAAE,cAAc,CAAC,MAAM;KAC9B,CAAC,CAAC;IAEH,IAAI,cAAc,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACzC,iBAAiB,CAAC,QAAQ,EAAE,uBAAuB,EAAE,CAAC,CAAC,CAAC;QACxD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,IAAI;YACb,MAAM,EAAE,cAAc,CAAC,MAAM;YAC7B,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,IAAI,cAAc,CAAC,QAAQ,KAAK,kBAAkB,EAAE,CAAC;QACnD,MAAM,OAAO,GAAG,MAAM,aAAa,CAAC;YAClC,QAAQ;YACR,IAAI,EAAE,SAAS;YACf,OAAO,EAAE,GAAG,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE;YAChC,MAAM,EAAE,cAAc,CAAC,MAAM;YAC7B,OAAO,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,MAAM,EAAE;YAClC,UAAU;SACX,CAAC,CAAC;QACH,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;YACtB,iBAAiB,CAAC,QAAQ,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;YAC/C,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,QAAQ;aACT,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACzB,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,OAAO,CAAC,CAAC;IAE5D,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE;YACrC,MAAM;YACN,OAAO,EAAE,IAAI,CAAC,OAAO;YACrB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,QAAQ,EAAE,QAAQ;SACnB,CAAC,CAAC;QAEH,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;QACtD,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,GAAG,cAAc,CAAC;QAC9C,MAAM,KAAK,GAAG,SAAS,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QAChE,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC;QAC7B,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QAEvC,iBAAiB,CACf,QAAQ,EACR,GAAG,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,MAAM,GAAG,CAAC,MAAM,IACvD,SAAS,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,EAC/B,EAAE,EACF,WAAW,CACZ,CAAC;QAEF,OAAO;YACL,OAAO,EAAE,QAAQ,CAAC,EAAE;YACpB,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,WAAW,EAAE,QAAQ,CAAC,UAAU;YAChC,OAAO,EAAE,qBAAqB,CAAC,QAAQ,CAAC,OAAO,CAAC;YAChD,IAAI,EAAE,IAAI;YACV,cAAc,EAAE,GAAG,CAAC,MAAM;YAC1B,SAAS;YACT,WAAW;YACX,QAAQ;YACR,OAAO,EAAE,cAAc,CAAC,QAAQ,KAAK,SAAS;YAC9C,WAAW,EACT,cAAc,CAAC,QAAQ,KAAK,SAAS;gBACnC,CAAC,CAAC,cAAc,CAAC,MAAM;gBACvB,CAAC,CAAC,SAAS;SAChB,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QACvC,MAAM,CAAC,GAAG,GAAY,CAAC;QACvB,MAAM,GAAG,GACP,UAAU,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,CAAC,IAAI,KAAK,YAAY;YAClD,CAAC,CAAC,iBAAiB,OAAO,IAAI;YAC9B,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;QAChB,iBAAiB,CAAC,QAAQ,EAAE,EAAE,EAAE,WAAW,EAAE,GAAG,CAAC,CAAC;QAClD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,WAAW,EAAE,QAAQ,EAAE,CAAC;IAC/D,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,KAAK,CAAC,CAAC;IACtB,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,OAA+B;IACxD,OAAO,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CACvC,sBAAsB,CAAC,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;QAC5C,CAAC,CAAC,GAAG,IAAI,aAAa;QACtB,CAAC,CAAC,IAAI,CACT,CAAC;AACJ,CAAC;AAED,SAAS,qBAAqB,CAAC,OAAgB;IAC7C,MAAM,GAAG,GAA2B,EAAE,CAAC;IACvC,OAAO,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QAC7B,GAAG,CAAC,GAAG,CAAC,GAAG,sBAAsB,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACtD,CAAC,CAAC,YAAY;YACd,CAAC,CAAC,KAAK,CAAC;IACZ,CAAC,CAAC,CAAC;IACH,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,QAAQ,CAAC,GAAW;IAC3B,IAAI,CAAC;QACH,OAAO,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IAC/B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,mBAAmB,GAAG,CAAC,MAAM,SAAS,CAAC;IAChD,CAAC;AACH,CAAC"}