@shawnstack/quickforge 1.3.24 → 1.3.26

package/server/agent-manager.mjs

@@ -1,17 +1,18 @@
 import { EventEmitter } from 'node:events'
 import { randomUUID } from 'node:crypto'
-import { Agent } from '@mariozechner/pi-agent-core'
+import { Agent } from '@earendil-works/pi-agent-core'
 import { streamSimpleWithAiHttpLogging } from './ai-http-logger.mjs'
-import { toolHandlers, loadSkillToolContext, abortRunningCommand } from './tools/index.mjs'
+import { loadSkillToolContext, abortRunningCommand } from './tools/index.mjs'
 import { createSkillTools, workspaceTools } from './tools/definitions.mjs'
-import { callMcpTool, createMcpToolDefinitions, isMcpToolName } from './mcp/registry.mjs'
+import { createMcpToolDefinitions, isMcpToolName } from './mcp/registry.mjs'
+import { createPluginToolDefinitions, isPluginToolName } from './plugins/registry.mjs'
 import {
   composeSubagentSystemPrompt,
   formatSubagentTask,
 } from './subagents.mjs'
 import { agentProfileSnapshot, getAgentProfile } from './agent-profiles.mjs'
 import { projectContextFromId, readProjectConfig } from './project-config.mjs'
-import { readStore, atomicUpdate, readSessionValue, writeSessionValue, deleteSessionValue } from './storage.mjs'
+import { readStore, atomicUpdate, atomicSessionMetadataUpdate, readSessionValue, writeSessionValue, deleteSessionValue } from './storage.mjs'
 import { logger } from './utils/logger.mjs'
 import { buildSystemPrompt, generateAiTitle, generateTitle } from './session-utils.mjs'
 import { restoreReasoningContentInPayload } from './reasoning-cache.mjs'
@@ -30,70 +31,22 @@ import {
   parseInternalCommandInvocation,
   resolveCustomCommandInvocation,
 } from './custom-commands.mjs'
+import { omitDetailsForLlm, serverConvertToLlm, messageText, lastAssistantText } from './message-converters.mjs'
+import { isPlainObject, mergeQuickForgeTiming, wrapToolDefinition, wrapMcpToolDefinition, wrapPluginToolDefinition, sessionSkillsContext } from './tool-wiring.mjs'
+import {
+  APPROVAL_TIMEOUT_MS,
+  commandRestrictedTools,
+  safeReadTools,
+  pendingApprovals,
+  pendingAutoCompactApprovals,
+  commandToolPermissionError,
+  createCommandToolPermissions,
+} from './approval-store.mjs'
 
 // ---------------------------------------------------------------------------
 // Tool definitions (server-side, no REST roundtrip)
 // ---------------------------------------------------------------------------
 
-function isPlainObject(value) {
-  return Boolean(value && typeof value === 'object' && !Array.isArray(value))
-}
-
-function mergeQuickForgeTiming(details, timing) {
-  if (!isPlainObject(details)) return { quickforgeTiming: timing }
-  return { ...details, quickforgeTiming: timing }
-}
-
-function wrapToolDefinition(definition, context, toolPermissions) {
-  const handler = toolHandlers[definition.name]
-  if (!handler) throw new Error(`Missing handler for tool: ${definition.name}`)
-  return {
-    ...definition,
-    execute: async (_toolCallId, params, signal, onUpdate) => {
-      if (toolPermissions) {
-        const permissionError = toolPermissions(definition.name)
-        if (permissionError) throw new Error(permissionError)
-      }
-
-      const startedAt = Date.now()
-      const startedAtPerf = performance.now()
-      const result = await handler(params || {}, context, { signal, onUpdate, toolCallId: _toolCallId })
-      const finishedAt = Date.now()
-      const durationMs = Math.max(0, Math.round(performance.now() - startedAtPerf))
-      const details = mergeQuickForgeTiming(result.details, { startedAt, finishedAt, durationMs })
-      return {
-        content: [{ type: 'text', text: result.content }],
-        details: isPlainObject(details) ? { ...details, toolCallId: _toolCallId } : details,
-      }
-    },
-  }
-}
-
-function wrapMcpToolDefinition(definition, toolPermissions) {
-  return {
-    ...definition,
-    execute: async (_toolCallId, params) => {
-      if (toolPermissions) {
-        const permissionError = toolPermissions(definition.name)
-        if (permissionError) throw new Error(permissionError)
-      }
-
-      const startedAt = Date.now()
-      const startedAtPerf = performance.now()
-      const result = await callMcpTool(definition.name, params || {})
-      const finishedAt = Date.now()
-      const durationMs = Math.max(0, Math.round(performance.now() - startedAtPerf))
-      if (result.isError) {
-        throw new Error(result.content || `MCP tool failed: ${definition.name}`)
-      }
-      return {
-        content: [{ type: 'text', text: result.content }],
-        details: mergeQuickForgeTiming(result.details, { startedAt, finishedAt, durationMs }),
-      }
-    },
-  }
-}
-
 function wrapSubagentToolDefinition(definition, parentSessionId) {
   return {
     ...definition,
@@ -119,6 +72,7 @@ async function createServerTools(projectId, projectContext, skillsContext, inclu
     allowedToolNames = null,
     includeSubagentTool = true,
     includeMcpTools = true,
+    includePluginTools = true,
     parentSessionId = null,
   } = options
   const allowedTools = allowedToolNames ? new Set(allowedToolNames) : null
@@ -151,14 +105,12 @@ async function createServerTools(projectId, projectContext, skillsContext, inclu
     tools.push(...mcpTools.filter(isAllowed).map((definition) => wrapMcpToolDefinition(definition, toolPermissions)))
   }
 
-  return tools
-}
-
-function sessionSkillsContext(session) {
-  return {
-    globalSkillNames: session.globalSkillNames,
-    projectSkillNames: session.projectSkillNames,
+  if (includePluginTools) {
+    const pluginTools = await createPluginToolDefinitions(projectContext)
+    tools.push(...pluginTools.filter(isAllowed).map((definition) => wrapPluginToolDefinition(definition, toolContext, toolPermissions)))
   }
+
+  return tools
 }
 
 async function rebuildSessionTools(session) {
@@ -181,31 +133,8 @@ const agentSessions = new Map()
 /** @typedef {{ agent: Agent, projectContext: object|null, projectId: string|null, yoloMode: boolean, model: object, thinkingLevel: string, scope: string, title: string, createdAt: string, status: string, startedAt: string|null, finishedAt: string|null, listeners: Set<function>, idleTimer: NodeJS.Timeout|null, eventBus: EventEmitter }} AgentSession */
 
 const IDLE_TIMEOUT_MS = 30 * 60 * 1000 // 30 minutes
-const APPROVAL_TIMEOUT_MS = 5 * 60 * 1000 // 5 minutes for tool approval
 const SUBAGENT_DEFAULT_TIMEOUT_MS = 30 * 60 * 1000
-const commandRestrictedTools = new Set(['write_file', 'edit_file', 'run_command', 'run_subagent'])
-const safeReadTools = new Set(['read_file', 'grep_files'])
-const pendingApprovals = new Map() // toolCallId → { resolve, reject, sessionId, toolName, args, source, timeout }
-const pendingAutoCompactApprovals = new Map() // approvalId → { resolve, reject, sessionId, timeout }
-
-function commandToolPermissionError(session, toolName) {
-  const permissions = session?.activeCommandPermissions
-  if (!permissions || !commandRestrictedTools.has(toolName)) return null
-  if (toolName === 'run_command' && permissions.allowCommands === false) {
-    return `Command /${session.activeCommandName} does not allow running shell commands.`
-  }
-  if (toolName === 'run_subagent' && permissions.allowCommands === false) {
-    return `Command /${session.activeCommandName} does not allow running subagents.`
-  }
-  if ((toolName === 'write_file' || toolName === 'edit_file') && permissions.allowEdit === false) {
-    return `Command /${session.activeCommandName} does not allow editing files.`
-  }
-  return null
-}
-
-function createCommandToolPermissions(session) {
-  return (toolName) => commandToolPermissionError(session, toolName)
-}
+const SUBAGENT_TRACE_THROTTLE_MS = 150
 
 /**
  * Create a Promise that only resolves when the user accepts or rejects the tool call.
@@ -224,8 +153,14 @@ function createApprovalPromise(session, toolCallId, toolName, args, source) {
       resolve({ block: true, reason: `Approval timeout for ${toolName}` })
     }, APPROVAL_TIMEOUT_MS)
 
+    let onAbort = null
+
     const cleanup = () => {
       clearTimeout(timeout)
+      if (onAbort) {
+        session.agent.signal?.removeEventListener('abort', onAbort)
+        onAbort = null
+      }
       if (settled) return
       settled = true
       pendingApprovals.delete(toolCallId)
@@ -239,7 +174,7 @@ function createApprovalPromise(session, toolCallId, toolName, args, source) {
         reject(new Error('Run aborted'))
         return
       }
-      const onAbort = () => {
+      onAbort = () => {
         cleanup()
         reject(new Error('Run aborted'))
       }
@@ -289,8 +224,14 @@ function createAutoCompactApprovalPromise(session, details = {}) {
       resolve(false)
     }, APPROVAL_TIMEOUT_MS)
 
+    let onAbort = null
+
     const cleanup = () => {
       clearTimeout(timeout)
+      if (onAbort) {
+        session.agent.signal?.removeEventListener('abort', onAbort)
+        onAbort = null
+      }
       if (settled) return
       settled = true
       pendingAutoCompactApprovals.delete(approvalId)
@@ -303,7 +244,7 @@ function createAutoCompactApprovalPromise(session, details = {}) {
         reject(new Error('Run aborted'))
         return
       }
-      const onAbort = () => {
+      onAbort = () => {
         cleanup()
         reject(new Error('Run aborted'))
       }
@@ -619,6 +560,14 @@ async function resolveCommandState(session, userMessage) {
       commandName: 'plan',
     }
   }
+  if (internalResponse?.review) {
+    return {
+      userMessage,
+      commandPrompt: formatReviewCommandPrompt(internalResponse.args),
+      permissions: { allowEdit: false, allowCommands: true, allowSubagents: false },
+      commandName: 'review',
+    }
+  }
 
   if (!session.projectContext?.workspaceRoot) return { userMessage }
 
@@ -665,65 +614,31 @@ ${taskText}
 </plan_command_invocation>`
 }
 
-function omitDetailsForLlm(message) {
-  if (!message || typeof message !== 'object' || message.details === undefined) return message
-  const copy = { ...message }
-  delete copy.details
-  return copy
-}
+function formatReviewCommandPrompt(scope) {
+  const scopeText = String(scope || '').trim() || '(none; review the repository changes that appear relevant for a pre-commit check)'
+  return `<review_command_invocation name="review">
+This /review command applies only to the current user request. Perform a pre-commit self-review of the code that is about to be committed.
 
-/**
- * Convert AgentMessage[] to LLM-compatible Message[].
- * Handles "user-with-attachments" → "user" with multi-modal content blocks.
- * Without this the default pi-agent-core convertToLlm silently drops
- * user-with-attachments messages, so the LLM never sees attachments.
- */
-function serverConvertToLlm(messages) {
-  return messages
-    .filter(m => m.role !== 'artifact')
-    .map(m => {
-      if (m.role === 'user-with-attachments') {
-        const textContent = typeof m.content === 'string'
-          ? [{ type: 'text', text: m.content }]
-          : [...m.content]
-        if (Array.isArray(m.attachments)) {
-          for (const att of m.attachments) {
-            if (att.type === 'image' && att.content) {
-              textContent.push({ type: 'image', data: att.content, mimeType: att.mimeType })
-            } else if (att.type === 'document' && att.extractedText) {
-              textContent.push({ type: 'text', text: `\n\n[Document: ${att.fileName}]\n${att.extractedText}` })
-            }
-          }
-        }
-        return omitDetailsForLlm({ ...m, role: 'user', content: textContent })
-      }
-      if (m.role === 'user' || m.role === 'assistant' || m.role === 'toolResult') return omitDetailsForLlm(m)
-      return null
-    })
-    .filter(Boolean)
-}
+Rules for this turn:
+- Do not modify files.
+- Do not create files.
+- Do not stage, unstage, commit, tag, push, publish, or otherwise change repository state.
+- Do not use write_file or edit_file.
+- You may use read-only tools and shell commands to inspect the workspace and run validation checks.
+- Do not use subagents; perform the review directly in this turn.
+- Prefer safe inspection commands such as git status, git diff, git diff --cached, and targeted lint/build/test commands.
+- Treat command output as evidence; distinguish confirmed issues from risks or suggestions.
 
-function messageText(message) {
-  const content = message?.content
-  if (typeof content === 'string') return content
-  if (Array.isArray(content)) {
-    return content
-      .filter((block) => block?.type === 'text')
-      .map((block) => block.text ?? '')
-      .join('\n')
-      .trim()
-  }
-  return ''
-}
+Review checklist:
+1. Identify the changes under review, prioritizing staged changes when present and otherwise unstaged working tree changes.
+2. Look for correctness bugs, regressions, edge cases, missing error handling, security or privacy risks, and unintended side effects.
+3. Check whether tests, lint/build validation, or documentation/wiki updates are needed.
+4. Call out any risky commands that should not be run automatically.
+5. Output a concise review with severity, file/area, evidence, and recommended next steps. If no blocking issues are found, say so clearly.
 
-function lastAssistantText(messages) {
-  for (let index = messages.length - 1; index >= 0; index--) {
-    const message = messages[index]
-    if (message?.role !== 'assistant') continue
-    const text = messageText(message)
-    if (text) return text
-  }
-  return ''
+User review scope or focus:
+${scopeText}
+</review_command_invocation>`
 }
 
 async function runSubagent(parentSession, params, parentSignal, onUpdate) {
@@ -755,6 +670,9 @@ async function runSubagent(parentSession, params, parentSignal, onUpdate) {
   let latestMessages = []
   let latestPendingToolCalls = []
   let toolsForClient = []
+  let lastTraceAt = 0
+  let tracePending = false
+  let traceTimer = null
 
   const tools = await createServerTools(
     parentSession.projectId,
@@ -774,6 +692,12 @@ async function runSubagent(parentSession, params, parentSignal, onUpdate) {
   toolsForClient = tools.map(({ execute, prepareArguments, ...tool }) => tool)
 
   const emitSubagentTrace = () => {
+    if (traceTimer) {
+      clearTimeout(traceTimer)
+      traceTimer = null
+    }
+    tracePending = false
+    lastTraceAt = Date.now()
     onUpdate?.({
       content: [],
       details: {
@@ -792,6 +716,19 @@ async function runSubagent(parentSession, params, parentSignal, onUpdate) {
     })
   }
 
+  const emitSubagentTraceThrottled = () => {
+    const elapsed = Date.now() - lastTraceAt
+    if (elapsed >= SUBAGENT_TRACE_THROTTLE_MS) {
+      emitSubagentTrace()
+      return
+    }
+    tracePending = true
+    if (traceTimer) return
+    traceTimer = setTimeout(() => {
+      if (tracePending) emitSubagentTrace()
+    }, SUBAGENT_TRACE_THROTTLE_MS - elapsed)
+  }
+
   const systemPrompt = composeSubagentSystemPrompt({
     definition,
     parentSystemPrompt: parentSession.agent.state.systemPrompt,
@@ -848,7 +785,11 @@ async function runSubagent(parentSession, params, parentSignal, onUpdate) {
         latestMessages = [...latestMessages, event.message]
       }
     }
-    emitSubagentTrace()
+    if (event.type === 'tool_execution_start' || event.type === 'tool_execution_end' || event.type === 'message_end') {
+      emitSubagentTrace()
+    } else {
+      emitSubagentTraceThrottled()
+    }
   })
 
   let timedOut = false
@@ -866,6 +807,7 @@ async function runSubagent(parentSession, params, parentSignal, onUpdate) {
   } finally {
     clearTimeout(timeout)
     parentSignal?.removeEventListener?.('abort', onParentAbort)
+    emitSubagentTrace()
   }
 
   const content = lastAssistantText(subagent.state.messages) || `Subagent ${definition.name} completed without a text response.`
@@ -905,6 +847,57 @@ function applyActiveCommandPrompt(messages, commandPrompt) {
   return messages
 }
 
+function textFromMessageContent(content) {
+  if (typeof content === 'string') return content
+  if (Array.isArray(content)) {
+    return content.filter((block) => block?.type === 'text').map((block) => block.text ?? '').join('\n')
+  }
+  return ''
+}
+
+function selectedCapabilityPrompt(capabilities) {
+  if (!Array.isArray(capabilities) || capabilities.length === 0) return null
+  const normalized = capabilities
+    .filter((capability) => capability && typeof capability === 'object')
+    .map((capability) => ({
+      type: String(capability.type || '').slice(0, 32),
+      pluginName: String(capability.pluginName || '').slice(0, 120),
+      name: String(capability.name || '').slice(0, 120),
+      label: String(capability.label || capability.name || '').slice(0, 160),
+      description: String(capability.description || '').slice(0, 400),
+    }))
+    .filter((capability) => capability.type && capability.pluginName && capability.name)
+    .slice(0, 4)
+  if (normalized.length === 0) return null
+
+  const lines = normalized.map((capability) => {
+    const toolHint = capability.type === 'tool' ? ` Tool name: plugin__${capability.pluginName}__${capability.name}.` : ''
+    const description = capability.description ? ` Description: ${capability.description}` : ''
+    return `- ${capability.label} (${capability.type}, plugin: ${capability.pluginName}, name: ${capability.name}).${toolHint}${description}`
+  }).join('\n')
+
+  return `The user selected the following QuickForge plugin capability mentions for this turn. Treat them as an explicit preference for routing and context. Use the selected capability when relevant, but do not force it if it is unrelated to the actual request.\n\n${lines}`
+}
+
+function applyActiveCapabilityPrompt(messages, capabilityPrompt) {
+  if (!capabilityPrompt) return messages
+
+  for (let index = messages.length - 1; index >= 0; index--) {
+    const message = messages[index]
+    if (message?.role !== 'user' && message?.role !== 'user-with-attachments') continue
+
+    const visibleText = textFromMessageContent(message.content)
+    const transformed = messages.slice()
+    transformed[index] = {
+      ...message,
+      content: `${capabilityPrompt}\n\nUser request:\n${visibleText}`,
+    }
+    return transformed
+  }
+
+  return messages
+}
+
 function compactSummaryIndex(messages) {
   for (let index = messages.length - 1; index >= 0; index--) {
     const message = messages[index]
@@ -943,7 +936,10 @@ async function transformSessionContext(session, messages, signal) {
   }
   const transformedMessages = buildAutoCompactLoopMessages(session, messages)
   session.lastTransformedContextMessages = transformedMessages
-  return applyActiveCommandPrompt(compactedContextMessages(transformedMessages), session?.activeCommandPrompt)
+  return applyActiveCapabilityPrompt(
+    applyActiveCommandPrompt(compactedContextMessages(transformedMessages), session?.activeCommandPrompt),
+    session?.activeCapabilityPrompt,
+  )
 }
 
 export const agentEvents = new EventEmitter()
@@ -1098,7 +1094,7 @@ export async function createAgent(sessionId, config = {}) {
       if (isSkillTool) return undefined
       if (profileToolNames && !profileToolNames.includes(toolName)) return { block: true, reason: `Agent profile ${agentProfile.name} is not allowed to use ${toolName}.` }
       if (toolName === 'run_subagent') return undefined
-      if (isMcpToolName(toolName)) {
+      if (isMcpToolName(toolName) || isPluginToolName(toolName)) {
         if (!currentSession?.yoloMode) return createApprovalPromise(currentSession, toolCallId, toolName, context.args)
         return undefined
       }
@@ -1181,6 +1177,7 @@ export async function createAgent(sessionId, config = {}) {
     if (event.type === 'agent_end') {
       session.status = session.agent.state.errorMessage ? 'error' : 'idle'
       session.finishedAt = new Date().toISOString()
+      session.toolTimings?.clear()
       resetIdleTimer(session)
 
       // Persist after run ends
@@ -1237,7 +1234,7 @@ async function persistSession(session) {
   if (messages.length === 0) {
     try {
       await deleteSessionValue(sessionId)
-      await atomicUpdate('sessions-metadata', (data) => {
+      await atomicSessionMetadataUpdate(scope, projectId, (data) => {
         delete data[sessionId]
         return data
       })
@@ -1324,7 +1321,7 @@ async function persistSession(session) {
   // Write to storage atomically (read-modify-write within queue)
   try {
     await writeSessionValue(sessionId, sessionData)
-    await atomicUpdate('sessions-metadata', (data) => {
+    await atomicSessionMetadataUpdate(scope, projectId, (data) => {
       data[sessionId] = {
         ...metadata,
         pinnedAt: data[sessionId]?.pinnedAt,
@@ -1395,29 +1392,11 @@ export async function rollbackSessionMessages(sessionId, rollbackMessageIndex) {
   return { session: getSessionState(sessionId), rollbackIndex }
 }
 
-export async function replaceSessionMessages(sessionId, messages) {
-  const session = agentSessions.get(sessionId)
-  if (!session) return null
-  if (session.agent.state.isStreaming) {
-    throw Object.assign(new Error('Generation is still running. Stop it or wait until it finishes before rolling back.'), { statusCode: 409 })
-  }
-  updateSessionMessages(session, Array.isArray(messages) ? messages : [])
-  resetSessionCompaction(session)
-  session.status = 'idle'
-  session.finishedAt = new Date().toISOString()
-  await persistSession(session)
-  const nextMessages = session.agent.state.messages
-  const contextUsage = getSessionContextUsage(session)
-  emitSessionEvent(session, { type: 'message_end', messages: nextMessages, contextUsage })
-  emitSessionEvent(session, { type: 'agent_end', messages: nextMessages, contextUsage })
-  return getSessionState(sessionId)
-}
-
 /**
  * Send a user message to the agent and start the agent loop.
  * Returns immediately; events are streamed via the event bus.
  */
-export async function runPrompt(sessionId, message) {
+export async function runPrompt(sessionId, message, selectedCapabilities = []) {
   let session = agentSessions.get(sessionId)
   if (!session) {
     session = await restoreAgent(sessionId)
@@ -1426,6 +1405,10 @@ export async function runPrompt(sessionId, message) {
     throw Object.assign(new Error('Session not found'), { statusCode: 404 })
   }
 
+  if (session.agent.state.isStreaming) {
+    throw Object.assign(new Error('Generation is still running. Stop it or wait until it finishes.'), { statusCode: 409 })
+  }
+
   resetIdleTimer(session)
 
   // Build user message
@@ -1479,6 +1462,7 @@ export async function runPrompt(sessionId, message) {
   session.activeCommandName = commandState.commandName ?? null
   session.activeCommandPermissions = commandState.permissions ?? null
   session.activeCommandPrompt = commandState.commandPrompt ?? null
+  session.activeCapabilityPrompt = selectedCapabilityPrompt(selectedCapabilities)
 
   // Fire and forget — events come through eventBus
   session.agent.prompt(userMessage).catch((err) => {
@@ -1492,6 +1476,7 @@ export async function runPrompt(sessionId, message) {
     session.activeCommandName = null
     session.activeCommandPermissions = null
     session.activeCommandPrompt = null
+    session.activeCapabilityPrompt = null
   })
 
   return { sessionId, status: session.status }
@@ -1701,6 +1686,7 @@ export async function destroyAgent(sessionId) {
   logger.info(`Destroying session ${sessionId} (status: ${session.status})`, { sessionId, status: session.status })
 
   if (session.idleTimer) clearTimeout(session.idleTimer)
+  session.toolTimings?.clear()
 
   try {
     session.agent.abort()

package/server/ai-http-logger.mjs

@@ -2,7 +2,7 @@ import fs from 'node:fs'
 import path from 'node:path'
 import { AsyncLocalStorage } from 'node:async_hooks'
 import { randomUUID } from 'node:crypto'
-import { streamSimple } from '@mariozechner/pi-ai'
+import { streamSimple } from '@earendil-works/pi-ai'
 import { logsDir } from './storage.mjs'
 
 const PATCH_MARKER = Symbol.for('quickforge.aiHttpLogger.fetchPatched')
@@ -16,16 +16,31 @@ function currentLogFile() {
   return path.join(logsDir, `ai-http-${date}.jsonl`)
 }
 
-function writeAiHttpRecord(record) {
-  if (!aiHttpLogEnabled) return
+let logsDirEnsured = false
+
+async function ensureLogsDir() {
+  if (logsDirEnsured) return
   try {
-    fs.mkdirSync(logsDir, { recursive: true })
-    fs.appendFile(currentLogFile(), `${JSON.stringify({ ts: new Date().toISOString(), ...record })}\n`, () => {})
+    const { promises: fsp } = await import('node:fs')
+    await fsp.mkdir(logsDir, { recursive: true })
+    logsDirEnsured = true
   } catch {
     // Keep AI calls working even when diagnostic logging fails.
   }
 }
 
+function writeAiHttpRecord(record) {
+  if (!aiHttpLogEnabled) return
+  // Schedule async write — never blocks the event loop
+  void ensureLogsDir().then(() => {
+    try {
+      fs.appendFile(currentLogFile(), `${JSON.stringify({ ts: new Date().toISOString(), ...record })}\n`, () => {})
+    } catch {
+      // Keep AI calls working even when diagnostic logging fails.
+    }
+  })
+}
+
 function headersToRecord(headers) {
   const result = {}
   if (!headers) return result

package/server/approval-store.mjs

@@ -0,0 +1,63 @@
+/**
+ * Tool approval store — shared state and permission helpers.
+ *
+ * Manages the pending approval queues and command-tool permission checks.
+ * The Promise-based approval functions (createApprovalPromise,
+ * createAutoCompactApprovalPromise) remain in agent-manager.mjs because
+ * they depend on the agent event buses.
+ */
+
+// ---------------------------------------------------------------------------
+// Constants
+// ---------------------------------------------------------------------------
+
+export const APPROVAL_TIMEOUT_MS = 5 * 60 * 1000 // 5 minutes for tool approval
+
+// ---------------------------------------------------------------------------
+// Tool categories
+// ---------------------------------------------------------------------------
+
+export const commandRestrictedTools = new Set([
+  'write_file',
+  'edit_file',
+  'run_command',
+  'run_subagent',
+])
+
+export const safeReadTools = new Set([
+  'read_file',
+  'grep_files',
+])
+
+// ---------------------------------------------------------------------------
+// Pending approval queues
+// ---------------------------------------------------------------------------
+
+/** toolCallId → { resolve, reject, sessionId, toolName, args, source, timeout } */
+export const pendingApprovals = new Map()
+
+/** approvalId → { resolve, reject, sessionId, timeout } */
+export const pendingAutoCompactApprovals = new Map()
+
+// ---------------------------------------------------------------------------
+// Permission helpers
+// ---------------------------------------------------------------------------
+
+export function commandToolPermissionError(session, toolName) {
+  const permissions = session?.activeCommandPermissions
+  if (!permissions || !commandRestrictedTools.has(toolName)) return null
+  if (toolName === 'run_command' && permissions.allowCommands === false) {
+    return `Command /${session.activeCommandName} does not allow running shell commands.`
+  }
+  if (toolName === 'run_subagent' && (permissions.allowSubagents === false || permissions.allowCommands === false)) {
+    return `Command /${session.activeCommandName} does not allow running subagents.`
+  }
+  if ((toolName === 'write_file' || toolName === 'edit_file') && permissions.allowEdit === false) {
+    return `Command /${session.activeCommandName} does not allow editing files.`
+  }
+  return null
+}
+
+export function createCommandToolPermissions(session) {
+  return (toolName) => commandToolPermissionError(session, toolName)
+}