npm - aegis-bridge - Versions diffs - 2.6.4 → 2.7.0 - Mend

aegis-bridge 2.6.4 → 2.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dashboard/dist/assets/{index-G8fziBeQ.js → index-SoKhTCVa.js} +1 -1
package/dashboard/dist/index.html +1 -1
package/dist/hook-settings.d.ts +12 -3
package/dist/hook-settings.js +59 -2
package/dist/server.js +87 -3
package/dist/session.d.ts +6 -0
package/dist/session.js +22 -1
package/dist/tool-registry.d.ts +40 -0
package/dist/tool-registry.js +83 -0
package/dist/validation.d.ts +36 -0
package/dist/validation.js +15 -0
package/package.json +1 -1
package/dist/dashboard/assets/index-9Hkkvm_I.css +0 -32
package/dist/dashboard/assets/index-G8fziBeQ.js +0 -262
package/dist/dashboard/index.html +0 -14

package/dashboard/dist/index.html CHANGED Viewed

@@ -5,7 +5,7 @@
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>Aegis Dashboard</title>
     <link rel="icon" type="image/svg+xml" href="data:image/svg+xml,<svg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 100 100'><text y='.9em' font-size='90'>🛡️</text></svg>" />
-    <script type="module" crossorigin src="/dashboard/assets/index-G8fziBeQ.js"></script>
+    <script type="module" crossorigin src="/dashboard/assets/index-SoKhTCVa.js"></script>
     <link rel="stylesheet" crossorigin href="/dashboard/assets/index-9Hkkvm_I.css">
   </head>
   <body class="bg-[#0a0a0f] text-gray-200 antialiased">

package/dist/hook-settings.d.ts CHANGED Viewed

@@ -19,12 +19,11 @@
  * for Aegis status detection and event forwarding.
  *
  * Excluded (low value for Aegis):
- *   - InstructionsLoaded, ConfigChange, CwdChanged, FileChanged (informational)
+ *   - InstructionsLoaded, ConfigChange (informational)
  *   - WorktreeCreate, WorktreeRemove (worktree management)
  *   - Elicitation, ElicitationResult (MCP-specific)
- *   - PreCompact, PostCompact (internal optimization)
  */
-declare const HTTP_HOOK_EVENTS: readonly ["Stop", "StopFailure", "PreToolUse", "PostToolUse", "PostToolUseFailure", "PermissionRequest", "TaskCompleted", "SessionStart", "SessionEnd", "UserPromptSubmit", "SubagentStart", "SubagentStop", "Notification", "TeammateIdle"];
+declare const HTTP_HOOK_EVENTS: readonly ["Stop", "StopFailure", "PreToolUse", "PostToolUse", "PostToolUseFailure", "PermissionRequest", "TaskCompleted", "SessionStart", "SessionEnd", "UserPromptSubmit", "SubagentStart", "SubagentStop", "PreCompact", "PostCompact", "FileChanged", "CwdChanged", "Notification", "TeammateIdle"];
 export { HTTP_HOOK_EVENTS };
 export type HttpHookEvent = typeof HTTP_HOOK_EVENTS[number];
 /** Shape of a single HTTP hook entry in CC settings.json. */
@@ -66,3 +65,13 @@ export declare function writeHookSettingsFile(baseUrl: string, sessionId: string
  * @param filePath - Path to the temporary settings file
  */
 export declare function cleanupHookSettingsFile(filePath: string): Promise<void>;
+/**
+ * Issue #936: Clean stale session hooks from settings.local.json before writing new hooks.
+ *
+ * When sessions die, their hook URLs remain in settings.local.json.
+ * On restart, CC loads these dead hooks and crashes.
+ *
+ * @param workDir - Project working directory
+ * @param activeSessionIds - Set of currently active session IDs
+ */
+export declare function cleanupStaleSessionHooks(workDir: string, activeSessionIds: Set<string>): Promise<void>;

package/dist/hook-settings.js CHANGED Viewed

@@ -43,10 +43,9 @@ function validateWorkDirPath(workDir) {
  * for Aegis status detection and event forwarding.
  *
  * Excluded (low value for Aegis):
- *   - InstructionsLoaded, ConfigChange, CwdChanged, FileChanged (informational)
+ *   - InstructionsLoaded, ConfigChange (informational)
  *   - WorktreeCreate, WorktreeRemove (worktree management)
  *   - Elicitation, ElicitationResult (MCP-specific)
- *   - PreCompact, PostCompact (internal optimization)
  */
 const HTTP_HOOK_EVENTS = [
     // Status detection (highest value)
@@ -64,6 +63,12 @@ const HTTP_HOOK_EVENTS = [
     // Subagent tracking
     'SubagentStart',
     'SubagentStop',
+    // Context management
+    'PreCompact',
+    'PostCompact',
+    // File & directory changes
+    'FileChanged',
+    'CwdChanged',
     // Notifications
     'Notification',
     'TeammateIdle',
@@ -168,3 +173,55 @@ export async function cleanupHookSettingsFile(filePath) {
         // Non-fatal: temp file cleanup failed
     }
 }
+/**
+ * Issue #936: Clean stale session hooks from settings.local.json before writing new hooks.
+ *
+ * When sessions die, their hook URLs remain in settings.local.json.
+ * On restart, CC loads these dead hooks and crashes.
+ *
+ * @param workDir - Project working directory
+ * @param activeSessionIds - Set of currently active session IDs
+ */
+export async function cleanupStaleSessionHooks(workDir, activeSessionIds) {
+    const safeWorkDir = workDir ? validateWorkDirPath(workDir) : undefined;
+    if (!safeWorkDir)
+        return;
+    const projectSettingsPath = join(safeWorkDir, '.claude', 'settings.local.json');
+    if (!existsSync(projectSettingsPath))
+        return;
+    try {
+        const raw = await readFile(projectSettingsPath, 'utf-8');
+        const parsed = ccSettingsSchema.safeParse(JSON.parse(raw));
+        if (!parsed.success)
+            return;
+        const settings = parsed.data;
+        const hooks = settings.hooks;
+        if (!hooks)
+            return;
+        let changed = false;
+        for (const [event, eventHooks] of Object.entries(hooks)) {
+            const filtered = eventHooks.filter(entry => {
+                const httpHook = entry.hooks?.find(h => h.type === 'http');
+                if (!httpHook)
+                    return true;
+                const url = httpHook.url;
+                const match = url.match(/[?&]sessionId=([^&]+)/);
+                if (!match)
+                    return true;
+                const sessionId = match[1];
+                if (!activeSessionIds.has(sessionId)) {
+                    changed = true;
+                    return false;
+                }
+                return true;
+            });
+            hooks[event] = filtered;
+        }
+        if (changed) {
+            await writeFile(projectSettingsPath, JSON.stringify(settings, null, 2) + '\n', 'utf-8');
+        }
+    }
+    catch {
+        // Non-fatal: cleanup failed
+    }
+}

package/dist/server.js CHANGED Viewed

@@ -24,11 +24,12 @@ import { ChannelManager, TelegramChannel, WebhookChannel, } from './channels/ind
 import { loadConfig } from './config.js';
 import { captureScreenshot, isPlaywrightAvailable } from './screenshot.js';
 import { validateScreenshotUrl, resolveAndCheckIp, buildHostResolverRule } from './ssrf.js';
-import { validateWorkDir } from './validation.js';
+import { validateWorkDir, permissionRuleSchema } from './validation.js';
 import { SessionEventBus } from './events.js';
 import { SSEWriter } from './sse-writer.js';
 import { SSEConnectionLimiter } from './sse-limiter.js';
 import { PipelineManager } from './pipeline.js';
+import { ToolRegistry } from './tool-registry.js';
 import { AuthManager } from './auth.js';
 import { MetricsCollector } from './metrics.js';
 import { registerPermissionRoutes } from './permission-routes.js';
@@ -57,6 +58,7 @@ const channels = new ChannelManager();
 const eventBus = new SessionEventBus();
 let sseLimiter;
 let pipelines;
+let toolRegistry;
 let auth;
 let metrics;
 let swarmMonitor;
@@ -320,6 +322,7 @@ const createSessionSchema = z.object({
     stallThresholdMs: z.number().int().positive().max(3_600_000).optional(),
     permissionMode: z.enum(['default', 'bypassPermissions', 'plan', 'acceptEdits', 'dontAsk', 'auto']).optional(),
     autoApprove: z.boolean().optional(),
+    parentId: z.string().uuid().optional(),
 }).strict();
 // Health — Issue #397: includes tmux server health check
 async function healthHandler() {
@@ -420,6 +423,29 @@ app.get('/v1/sessions/:id/metrics', async (req, reply) => {
         return reply.status(404).send({ error: 'No metrics for this session' });
     return m;
 });
+// Issue #704: Tool usage endpoints
+app.get('/v1/sessions/:id/tools', async (req, reply) => {
+    const session = sessions.getSession(req.params.id);
+    if (!session)
+        return reply.status(404).send({ error: 'Session not found' });
+    // Parse JSONL on-demand for tool usage
+    const { readNewEntries } = await import('./transcript.js');
+    if (session.jsonlPath) {
+        try {
+            const result = await readNewEntries(session.jsonlPath, 0);
+            const entries = result.entries;
+            toolRegistry.processEntries(req.params.id, entries);
+        }
+        catch { /* JSONL not available */ }
+    }
+    const tools = toolRegistry.getSessionTools(req.params.id);
+    return { sessionId: req.params.id, tools, totalCalls: tools.reduce((sum, t) => sum + t.count, 0) };
+});
+app.get('/v1/tools', async () => {
+    const definitions = toolRegistry.getToolDefinitions();
+    const categories = [...new Set(definitions.map(t => t.category))];
+    return { tools: definitions, categories, totalTools: definitions.length };
+});
 // Issue #89 L14: Webhook dead letter queue
 app.get('/v1/webhooks/dead-letter', async () => {
     for (const ch of channels.getChannels()) {
@@ -550,7 +576,7 @@ async function createSessionHandler(req, reply) {
     if (!parsed.success) {
         return reply.status(400).send({ error: 'Invalid request body', details: parsed.error.issues });
     }
-    const { workDir, name, prompt, resumeSessionId, claudeCommand, env, stallThresholdMs, permissionMode, autoApprove } = parsed.data;
+    const { workDir, name, prompt, resumeSessionId, claudeCommand, env, stallThresholdMs, permissionMode, autoApprove, parentId } = parsed.data;
     if (!workDir)
         return reply.status(400).send({ error: 'workDir is required' });
     // Issue #564: Validate installed Claude Code version
@@ -588,7 +614,7 @@ async function createSessionHandler(req, reply) {
         }
     }
     console.time("POST_CREATE_SESSION");
-    const session = await sessions.createSession({ workDir: safeWorkDir, name, resumeSessionId, claudeCommand, env, stallThresholdMs, permissionMode, autoApprove });
+    const session = await sessions.createSession({ workDir: safeWorkDir, name, resumeSessionId, claudeCommand, env, stallThresholdMs, permissionMode, autoApprove, parentId });
     console.timeEnd("POST_CREATE_SESSION");
     console.time("POST_CHANNEL_CREATED");
     // Issue #625: Track session in metrics so sessionsCreated counter is accurate
@@ -682,6 +708,61 @@ async function sendMessageHandler(req, reply) {
 }
 app.post('/v1/sessions/:id/send', sendMessageHandler);
 app.post('/sessions/:id/send', sendMessageHandler);
+// Issue #702: GET children sessions
+async function getChildrenHandler(req, reply) {
+    const session = sessions.getSession(req.params.id);
+    if (!session)
+        return reply.status(404).send({ error: 'Session not found' });
+    const children = (session.children ?? []).map(id => {
+        const child = sessions.getSession(id);
+        if (!child)
+            return null;
+        return { id: child.id, windowName: child.windowName, status: child.status, createdAt: child.createdAt };
+    }).filter(Boolean);
+    return { children };
+}
+app.get('/v1/sessions/:id/children', getChildrenHandler);
+app.get('/sessions/:id/children', getChildrenHandler);
+async function spawnChildHandler(req, reply) {
+    const parentId = req.params.id;
+    const parent = sessions.getSession(parentId);
+    if (!parent)
+        return reply.status(404).send({ error: 'Parent session not found' });
+    const { name, prompt, workDir, permissionMode } = req.body ?? {};
+    const childName = name ?? `${parent.windowName ?? 'session'}-child`;
+    const childWorkDir = workDir ?? parent.workDir;
+    const childPermMode = permissionMode ?? parent.permissionMode ?? 'bypassPermissions';
+    const childSession = await sessions.createSession({ workDir: childWorkDir, name: childName, parentId, permissionMode: childPermMode });
+    let promptDelivery;
+    if (prompt) {
+        promptDelivery = await sessions.sendInitialPrompt(childSession.id, prompt);
+    }
+    return reply.status(201).send({ ...childSession, promptDelivery });
+}
+app.post('/v1/sessions/:id/spawn', spawnChildHandler);
+app.post('/sessions/:id/spawn', spawnChildHandler);
+async function getPermissionPolicyHandler(req, reply) {
+    const session = sessions.getSession(req.params.id);
+    if (!session)
+        return reply.status(404).send({ error: 'Session not found' });
+    return { permissionPolicy: session.permissionPolicy ?? [] };
+}
+async function updatePermissionPolicyHandler(req, reply) {
+    const session = sessions.getSession(req.params.id);
+    if (!session)
+        return reply.status(404).send({ error: 'Session not found' });
+    const policy = req.body ?? [];
+    const result = permissionRuleSchema.array().safeParse(policy);
+    if (!result.success)
+        return reply.status(400).send({ error: 'Invalid permission policy', details: result.error.issues });
+    session.permissionPolicy = policy;
+    await sessions.save();
+    return { permissionPolicy: policy };
+}
+app.get('/v1/sessions/:id/permissions', getPermissionPolicyHandler);
+app.put('/v1/sessions/:id/permissions', updatePermissionPolicyHandler);
+app.get('/sessions/:id/permissions', getPermissionPolicyHandler);
+app.put('/sessions/:id/permissions', updatePermissionPolicyHandler);
 // Read messages
 async function readMessagesHandler(req, reply) {
     try {
@@ -1109,6 +1190,7 @@ async function reapStaleSessions(maxAgeMs) {
                 });
                 monitor.removeSession(session.id);
                 metrics.cleanupSession(session.id);
+                toolRegistry.cleanupSession(session.id);
             }
             catch (e) {
                 console.error(`Reaper: failed to kill session ${session.id}:`, e);
@@ -1138,6 +1220,7 @@ async function reapZombieSessions() {
             eventBus.cleanupSession(session.id);
             await sessions.killSession(session.id);
             metrics.cleanupSession(session.id);
+            toolRegistry.cleanupSession(session.id);
             await channels.sessionEnded({
                 event: 'session.ended',
                 timestamp: new Date().toISOString(),
@@ -1537,6 +1620,7 @@ async function main() {
     monitor.start();
     // Issue #81: Start swarm monitor for agent swarm awareness
     swarmMonitor = new SwarmMonitor(sessions);
+    toolRegistry = new ToolRegistry();
     swarmMonitor.onEvent((event) => {
         if (!event.swarm.parentSession)
             return;

package/dist/session.d.ts CHANGED Viewed

@@ -8,6 +8,7 @@ import { TmuxManager } from './tmux.js';
 import { type ParsedEntry } from './transcript.js';
 import { type UIState } from './terminal-parser.js';
 import type { Config } from './config.js';
+import { type PermissionPolicy } from './validation.js';
 export interface SessionInfo {
     id: string;
     windowId: string;
@@ -35,6 +36,9 @@ export interface SessionInfo {
     model?: string;
     lastDeadAt?: number;
     ccPid?: number;
+    parentId?: string;
+    children?: string[];
+    permissionPolicy?: PermissionPolicy;
 }
 export interface SessionState {
     sessions: Record<string, SessionInfo>;
@@ -136,6 +140,8 @@ export declare class SessionManager {
         permissionMode?: string;
         /** @deprecated Use permissionMode instead. Maps true→bypassPermissions, false→default. */
         autoApprove?: boolean;
+        /** Issue #702: Parent session ID for sub-agent hierarchy */
+        parentId?: string;
     }): Promise<SessionInfo>;
     /** Get a session by ID. */
     getSession(id: string): SessionInfo | null;

package/dist/session.js CHANGED Viewed

@@ -16,7 +16,7 @@ import { computeStallThreshold } from './config.js';
 import { neutralizeBypassPermissions, restoreSettings, cleanOrphanedBackup } from './permission-guard.js';
 import { persistedStateSchema } from './validation.js';
 import { loadContinuationPointers } from './continuation-pointer.js';
-import { writeHookSettingsFile, cleanupHookSettingsFile } from './hook-settings.js';
+import { writeHookSettingsFile, cleanupHookSettingsFile, cleanupStaleSessionHooks } from './hook-settings.js';
 import { Mutex } from 'async-mutex';
 import { maybeInjectFault } from './fault-injection.js';
 /** Convert parsed JSON arrays to Sets for activeSubagents (#668). */
@@ -512,6 +512,17 @@ export class SessionManager {
         const hookSecret = randomBytes(32).toString('hex');
         // Issue #169 Phase 2: Generate HTTP hook settings for this session.
         // Writes a temp file with hooks pointing to Aegis's hook receiver.
+        // Issue #936: Clean stale session hooks from settings.local.json before writing new hooks.
+        // This prevents CC from loading dead hook URLs on restart.
+        try {
+            const activeIds = new Set(this.listSessions().map(s => s.id));
+            if (activeIds.size > 0) {
+                await cleanupStaleSessionHooks(opts.workDir, activeIds);
+            }
+        }
+        catch (e) {
+            console.warn(`Hook cleanup: failed to clean stale hooks: ${e.message}`);
+        }
         let hookSettingsFile;
         try {
             const baseUrl = `http://${this.config.host}:${this.config.port}`;
@@ -553,6 +564,16 @@ export class SessionManager {
         this.state.sessions[id] = session;
         this.invalidateSessionsListCache();
         await this.save();
+        // Issue #702: Register child with parent
+        if (opts.parentId) {
+            const parent = this.state.sessions[opts.parentId];
+            if (parent) {
+                if (!parent.children)
+                    parent.children = [];
+                parent.children.push(id);
+                await this.save();
+            }
+        }
         // Issue #353: Fetch CC process PID for swarm parent matching.
         // Fire-and-forget — PID is not needed synchronously.
         // Issue #574: Add .catch() to prevent unhandled rejection if tmux fails mid-lookup.

package/dist/tool-registry.d.ts ADDED Viewed

@@ -0,0 +1,40 @@
+/**
+ * tool-registry.ts — Tool usage tracking and registry for CC tool introspection.
+ *
+ * Parses tool_use messages from JSONL transcripts to build per-session
+ * and global tool usage metrics. Exposes API endpoints for observability.
+ *
+ * Issue #704: Tool registry and schema validation for CC tool introspection.
+ */
+import type { ParsedEntry } from './transcript.js';
+/** Known CC tool definitions with metadata. */
+export interface ToolDefinition {
+    name: string;
+    category: string;
+    description: string;
+    permissionLevel: string;
+}
+/** Per-tool usage stats within a session. */
+export interface ToolUsageRecord {
+    name: string;
+    count: number;
+    lastUsedAt: number;
+    firstUsedAt: number;
+    errors: number;
+}
+/** Tool registry: known tools + per-session usage tracking. */
+export declare class ToolRegistry {
+    private sessionUsage;
+    /** Built-in CC tool definitions (from CC src/tools/). */
+    private readonly tools;
+    /** Process parsed entries and extract tool usage. */
+    processEntries(sessionId: string, entries: ParsedEntry[]): void;
+    /** Get tool usage for a session, sorted by count descending. */
+    getSessionTools(sessionId: string): ToolUsageRecord[];
+    /** Get all known CC tool definitions. */
+    getToolDefinitions(): ToolDefinition[];
+    /** Get a tool definition by name. */
+    getToolDefinition(name: string): ToolDefinition | undefined;
+    /** Clean up session data. */
+    cleanupSession(sessionId: string): void;
+}

package/dist/tool-registry.js ADDED Viewed

@@ -0,0 +1,83 @@
+/**
+ * tool-registry.ts — Tool usage tracking and registry for CC tool introspection.
+ *
+ * Parses tool_use messages from JSONL transcripts to build per-session
+ * and global tool usage metrics. Exposes API endpoints for observability.
+ *
+ * Issue #704: Tool registry and schema validation for CC tool introspection.
+ */
+/** Tool registry: known tools + per-session usage tracking. */
+export class ToolRegistry {
+    sessionUsage = new Map();
+    /** Built-in CC tool definitions (from CC src/tools/). */
+    tools = [
+        { name: 'Read', category: 'read', description: 'Read file contents', permissionLevel: 'read' },
+        { name: 'Write', category: 'write', description: 'Write file contents', permissionLevel: 'write' },
+        { name: 'Edit', category: 'edit', description: 'Edit file with search/replace', permissionLevel: 'edit' },
+        { name: 'MultiEdit', category: 'edit', description: 'Multiple edits in one operation', permissionLevel: 'edit' },
+        { name: 'Bash', category: 'bash', description: 'Execute shell commands', permissionLevel: 'bash' },
+        { name: 'Glob', category: 'search', description: 'Find files matching pattern', permissionLevel: 'read' },
+        { name: 'Grep', category: 'search', description: 'Search file contents', permissionLevel: 'read' },
+        { name: 'ListFiles', category: 'search', description: 'List directory contents', permissionLevel: 'read' },
+        { name: 'TodoWrite', category: 'edit', description: 'Update todo list', permissionLevel: 'edit' },
+        { name: 'TodoRead', category: 'read', description: 'Read todo list', permissionLevel: 'read' },
+        { name: 'WebFetch', category: 'read', description: 'Fetch web page content', permissionLevel: 'read' },
+        { name: 'NotebookRead', category: 'read', description: 'Read notebook cells', permissionLevel: 'read' },
+        { name: 'NotebookEdit', category: 'edit', description: 'Edit notebook cells', permissionLevel: 'edit' },
+        { name: 'AskUserQuestion', category: 'agent', description: 'Ask user for clarification', permissionLevel: 'read' },
+        { name: 'AgentTool', category: 'agent', description: 'Spawn sub-agent for parallel execution', permissionLevel: 'agent' },
+        { name: 'MCPTool', category: 'mcp', description: 'MCP server tool invocation', permissionLevel: 'mcp' },
+    ];
+    /** Process parsed entries and extract tool usage. */
+    processEntries(sessionId, entries) {
+        let usage = this.sessionUsage.get(sessionId);
+        if (!usage) {
+            usage = new Map();
+            this.sessionUsage.set(sessionId, usage);
+        }
+        const now = Date.now();
+        for (const entry of entries) {
+            if (entry.contentType === 'tool_use' && entry.toolName) {
+                const existing = usage.get(entry.toolName);
+                if (existing) {
+                    existing.count++;
+                    existing.lastUsedAt = now;
+                }
+                else {
+                    usage.set(entry.toolName, {
+                        name: entry.toolName,
+                        count: 1,
+                        lastUsedAt: now,
+                        firstUsedAt: now,
+                        errors: 0,
+                    });
+                }
+            }
+            if (entry.contentType === 'tool_error' && entry.toolName) {
+                const existing = usage.get(entry.toolName);
+                if (existing) {
+                    existing.errors++;
+                }
+            }
+        }
+    }
+    /** Get tool usage for a session, sorted by count descending. */
+    getSessionTools(sessionId) {
+        const usage = this.sessionUsage.get(sessionId);
+        if (!usage)
+            return [];
+        return [...usage.values()].sort((a, b) => b.count - a.count);
+    }
+    /** Get all known CC tool definitions. */
+    getToolDefinitions() {
+        return [...this.tools];
+    }
+    /** Get a tool definition by name. */
+    getToolDefinition(name) {
+        return this.tools.find(t => t.name === name);
+    }
+    /** Clean up session data. */
+    cleanupSession(sessionId) {
+        this.sessionUsage.delete(sessionId);
+    }
+}

package/dist/validation.d.ts CHANGED Viewed

@@ -123,6 +123,24 @@ export declare function clamp(value: number, min: number, max: number, fallback:
 export declare function parseIntSafe(value: string | undefined, fallback: number): number;
 /** Validate that a string looks like a UUID. */
 export declare function isValidUUID(id: string): boolean;
+/** Issue #700: Permission Policy Schema */
+export declare const permissionRuleSchema: z.ZodObject<{
+    source: z.ZodEnum<{
+        userSettings: "userSettings";
+        projectSettings: "projectSettings";
+        localSettings: "localSettings";
+        flagSettings: "flagSettings";
+        aegisApi: "aegisApi";
+    }>;
+    ruleBehavior: z.ZodEnum<{
+        allow: "allow";
+        deny: "deny";
+        ask: "ask";
+    }>;
+    toolName: z.ZodOptional<z.ZodString>;
+    commandPattern: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+export type PermissionPolicy = z.infer<typeof permissionRuleSchema>[];
 /** Schema for persisted SessionState (sessions: { [id]: SessionInfo }). */
 export declare const persistedStateSchema: z.ZodRecord<z.ZodString, z.ZodObject<{
     id: z.ZodString;
@@ -170,6 +188,24 @@ export declare const persistedStateSchema: z.ZodRecord<z.ZodString, z.ZodObject<
     model: z.ZodOptional<z.ZodString>;
     lastDeadAt: z.ZodOptional<z.ZodNumber>;
     ccPid: z.ZodOptional<z.ZodNumber>;
+    parentId: z.ZodOptional<z.ZodString>;
+    children: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    permissionPolicy: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        source: z.ZodEnum<{
+            userSettings: "userSettings";
+            projectSettings: "projectSettings";
+            localSettings: "localSettings";
+            flagSettings: "flagSettings";
+            aegisApi: "aegisApi";
+        }>;
+        ruleBehavior: z.ZodEnum<{
+            allow: "allow";
+            deny: "deny";
+            ask: "ask";
+        }>;
+        toolName: z.ZodOptional<z.ZodString>;
+        commandPattern: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>>;
 }, z.core.$strip>>;
 /** Schema for a single continuation pointer entry in session_map.json (Issue #900). */
 export declare const sessionMapEntrySchema: z.ZodObject<{

package/dist/validation.js CHANGED Viewed

@@ -131,6 +131,13 @@ const UIStateEnum = z.enum([
     'permission_prompt', 'bash_approval', 'plan_mode', 'ask_question',
     'settings', 'error', 'unknown',
 ]);
+/** Issue #700: Permission Policy Schema */
+export const permissionRuleSchema = z.object({
+    source: z.enum(['userSettings', 'projectSettings', 'localSettings', 'flagSettings', 'aegisApi']),
+    ruleBehavior: z.enum(['allow', 'deny', 'ask']),
+    toolName: z.string().optional(),
+    commandPattern: z.string().optional(),
+});
 /** Schema for persisted SessionState (sessions: { [id]: SessionInfo }). */
 export const persistedStateSchema = z.record(z.string(), z.object({
     id: z.string(),
@@ -158,6 +165,14 @@ export const persistedStateSchema = z.record(z.string(), z.object({
     model: z.string().optional(),
     lastDeadAt: z.number().optional(),
     ccPid: z.number().optional(),
+    parentId: z.string().uuid().optional(),
+    children: z.array(z.string().uuid()).optional(),
+    permissionPolicy: z.array(z.object({
+        source: z.enum(['userSettings', 'projectSettings', 'localSettings', 'flagSettings', 'aegisApi']),
+        ruleBehavior: z.enum(['allow', 'deny', 'ask']),
+        toolName: z.string().optional(),
+        commandPattern: z.string().optional(),
+    })).optional(),
 }));
 /** Schema for a single continuation pointer entry in session_map.json (Issue #900). */
 export const sessionMapEntrySchema = z.object({

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "aegis-bridge",
-  "version": "2.6.4",
+  "version": "2.7.0",
   "type": "module",
   "description": "Orchestrate Claude Code sessions via API. Create, brief, monitor, refine, ship.",
   "main": "dist/server.js",