funolio-agent 0.13.0 → 0.15.17

package/dist/agent-config.d.ts

@@ -22,6 +22,8 @@ export interface AgentLocalConfig {
     workspace?: string;
     permissionMode?: 'autopilot' | 'approve-destructive' | 'approve-all';
     systemPrompt?: string;
+    maxToolCallsPerMessage?: number;
+    maxTokensPerMessage?: number;
     createdAt: string;
 }
 export declare function getAgentsDir(): string;

package/dist/agent-config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"agent-config.d.ts","sourceRoot":"","sources":["../src/agent-config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAKH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAE/C,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,WAAW,GAAG,qBAAqB,GAAG,aAAa,CAAC;IACrE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;CACnB;AAKD,wBAAgB,YAAY,IAAI,MAAM,CAErC;AAED,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEvD;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEpD;AAED,wBAAgB,UAAU,IAAI,MAAM,EAAE,CAMrC;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,gBAAgB,GAAG,IAAI,CAQrE;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,gBAAgB,GAAG,IAAI,CAS5E;AAED,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAKpD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GAAG,SAAS,EACzB,QAAQ,EAAE,cAAc,EACxB,SAAS,CAAC,EAAE,MAAM,GACjB,gBAAgB,CAYlB"}
+{"version":3,"file":"agent-config.d.ts","sourceRoot":"","sources":["../src/agent-config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAKH,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAE/C,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,cAAc,CAAC,EAAE,WAAW,GAAG,qBAAqB,GAAG,aAAa,CAAC;IACrE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,SAAS,EAAE,MAAM,CAAC;CACnB;AAKD,wBAAgB,YAAY,IAAI,MAAM,CAErC;AAED,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEhD;AAED,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEvD;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAEpD;AAED,wBAAgB,UAAU,IAAI,MAAM,EAAE,CAMrC;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,gBAAgB,GAAG,IAAI,CAQrE;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,gBAAgB,GAAG,IAAI,CAS5E;AAED,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,CAKpD;AAED;;GAEG;AACH,wBAAgB,sBAAsB,CACpC,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,GAAG,SAAS,EACzB,QAAQ,EAAE,cAAc,EACxB,SAAS,CAAC,EAAE,MAAM,GACjB,gBAAgB,CAYlB"}

package/dist/agent-config.js.map

@@ -1 +1 @@
-{"version":3,"file":"agent-config.js","sourceRoot":"","sources":["../src/agent-config.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAuBH,oCAEC;AAED,kCAEC;AAED,gDAEC;AAED,0CAEC;AAED,gCAMC;AAED,0CAQC;AAED,0CASC;AAED,8CAKC;AAKD,wDAiBC;AA7FD,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AAgBzB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,UAAU,CAAC,CAAC;AACxD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;AAEpD,SAAgB,YAAY;IAC1B,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAgB,WAAW,CAAC,IAAY;IACtC,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;AACrC,CAAC;AAED,SAAgB,kBAAkB,CAAC,IAAY;IAC7C,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC;AACpD,CAAC;AAED,SAAgB,eAAe,CAAC,IAAY;IAC1C,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;AAC7C,CAAC;AAED,SAAgB,UAAU;IACxB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,EAAE,CAAC;IAC1C,OAAO,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;QACjD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC;QAC/D,OAAO,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAgB,eAAe,CAAC,IAAY;IAC1C,MAAM,UAAU,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAC5C,IAAI,CAAC;QACH,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAqB,CAAC;QAC9E,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,2BAA2B,CAAC,CAAC;IACvC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,eAAe,CAAC,IAAY,EAAE,MAAwB;IACpE,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IAEtC,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACzD,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAExD,MAAM,UAAU,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAC5C,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACjF,CAAC;AAED,SAAgB,iBAAiB,CAAC,IAAY;IAC5C,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACnC,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,EAAE,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACxD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,sBAAsB,CACpC,IAAY,EACZ,KAAyB,EACzB,QAAwB,EACxB,SAAkB;IAElB,OAAO;QACL,IAAI;QACJ,KAAK;QACL,QAAQ,EAAE,QAAQ,CAAC,EAAE;QACrB,KAAK,EAAE,QAAQ,CAAC,YAAY;QAC5B,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;QAC/B,SAAS,EAAE,SAAS,IAAI,OAAO,CAAC,GAAG,EAAE;QACrC,cAAc,EAAE,WAAW;QAC3B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACJ,CAAC"}
+{"version":3,"file":"agent-config.js","sourceRoot":"","sources":["../src/agent-config.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;GAYG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAyBH,oCAEC;AAED,kCAEC;AAED,gDAEC;AAED,0CAEC;AAED,gCAMC;AAED,0CAQC;AAED,0CASC;AAED,8CAKC;AAKD,wDAiBC;AA/FD,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AAkBzB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,UAAU,CAAC,CAAC;AACxD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;AAEpD,SAAgB,YAAY;IAC1B,OAAO,UAAU,CAAC;AACpB,CAAC;AAED,SAAgB,WAAW,CAAC,IAAY;IACtC,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;AACrC,CAAC;AAED,SAAgB,kBAAkB,CAAC,IAAY;IAC7C,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,EAAE,aAAa,CAAC,CAAC;AACpD,CAAC;AAED,SAAgB,eAAe,CAAC,IAAY;IAC1C,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;AAC7C,CAAC;AAED,SAAgB,UAAU;IACxB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC;QAAE,OAAO,EAAE,CAAC;IAC1C,OAAO,EAAE,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;QACjD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC;QAC/D,OAAO,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAgB,eAAe,CAAC,IAAY;IAC1C,MAAM,UAAU,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAC5C,IAAI,CAAC;QACH,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAqB,CAAC;QAC9E,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,2BAA2B,CAAC,CAAC;IACvC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,eAAe,CAAC,IAAY,EAAE,MAAwB;IACpE,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IAEtC,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACzD,EAAE,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAExD,MAAM,UAAU,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAC5C,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACjF,CAAC;AAED,SAAgB,iBAAiB,CAAC,IAAY;IAC5C,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC;IACnC,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,EAAE,CAAC,MAAM,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACxD,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,sBAAsB,CACpC,IAAY,EACZ,KAAyB,EACzB,QAAwB,EACxB,SAAkB;IAElB,OAAO;QACL,IAAI;QACJ,KAAK;QACL,QAAQ,EAAE,QAAQ,CAAC,EAAE;QACrB,KAAK,EAAE,QAAQ,CAAC,YAAY;QAC5B,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,UAAU,EAAE,QAAQ,CAAC,UAAU;QAC/B,SAAS,EAAE,SAAS,IAAI,OAAO,CAAC,GAAG,EAAE;QACrC,cAAc,EAAE,WAAW;QAC3B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;AACJ,CAAC"}

package/dist/approval.d.ts

@@ -1,26 +1,73 @@
 /**
- * Permission Gating — controls which tools can execute based on agent config.
+ * Permission Gating + Real-Time Tool Approval via MQTT
  *
  * Three modes:
  * - autopilot: execute everything without asking
- * - approve-destructive: auto-run reads, DENY destructive tools (writes/commands/git)
- * - approve-all: DENY everything until explicit approval via MQTT
+ * - approve-destructive: auto-run reads, ask user for destructive tools
+ * - approve-all: ask user for every tool call
  *
- * When a tool is denied, the agent returns an error to the LLM indicating
- * approval is required. A future version will implement real-time approval
- * via the web UI and MQTT.
+ * In non-autopilot modes, the agent publishes an approval_request via MQTT,
+ * renders an inline card in the web UI, and waits for the user's response
+ * (allow/deny) before proceeding. Times out after 60s → auto-deny.
  */
+import { EventEmitter } from 'events';
 export type PermissionMode = 'autopilot' | 'approve-destructive' | 'approve-all';
 export interface ApprovalResult {
     approved: boolean;
     reason?: string;
+    /** If true, user chose "always allow" — persist this tool as auto-approved */
+    remember?: boolean;
 }
+export interface ApprovalRequest {
+    requestId: string;
+    commandId: string;
+    tool: string;
+    arguments: Record<string, any>;
+    riskLevel: 'safe' | 'destructive';
+    summary: string;
+    timeout: number;
+}
+export interface ApprovalResponse {
+    requestId: string;
+    approved: boolean;
+    remember?: boolean;
+}
+export declare function rememberTool(toolName: string): void;
+export declare function isRemembered(toolName: string): boolean;
+export declare function clearRemembered(): void;
 /**
- * Check if a tool call is allowed based on permission mode and enabled tools.
- *
- * @param toolName - The tool being called
- * @param permissionMode - The agent's permission mode
- * @param enabledTools - List of tool names that are enabled (if undefined, all are enabled)
+ * Quick synchronous check — returns whether a tool needs interactive approval.
+ * Returns { approved: true } for auto-approved tools, { approved: false } for
+ * tools that need the async MQTT approval flow.
  */
 export declare function checkPermission(toolName: string, permissionMode: PermissionMode, enabledTools?: string[]): ApprovalResult;
+export type PublishFn = (topic: string, payload: string, opts?: {
+    qos?: number;
+}) => void;
+export declare class ApprovalManager extends EventEmitter {
+    private pending;
+    private userId;
+    private publishFn;
+    private defaultTimeout;
+    constructor(userId: string, publishFn: PublishFn, defaultTimeout?: number);
+    /**
+     * Request interactive approval for a tool call via MQTT.
+     * Publishes an approval_request, waits for user response or timeout.
+     */
+    requestApproval(commandId: string, toolName: string, toolArgs: Record<string, any>, timeout?: number): Promise<ApprovalResult>;
+    /**
+     * Handle an incoming approval response from the web UI.
+     * Call this from the MQTT message handler.
+     */
+    handleResponse(response: ApprovalResponse): void;
+    /**
+     * Cancel all pending approvals (e.g., on command cancel).
+     */
+    cancelAll(): void;
+    /**
+     * Cancel a specific pending approval by command ID.
+     */
+    cancelForCommand(commandId: string): void;
+    get pendingCount(): number;
+}
 //# sourceMappingURL=approval.d.ts.map

package/dist/approval.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"approval.d.ts","sourceRoot":"","sources":["../src/approval.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,MAAM,MAAM,cAAc,GAAG,WAAW,GAAG,qBAAqB,GAAG,aAAa,CAAC;AAkBjF,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED;;;;;;GAMG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,MAAM,EAChB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,MAAM,EAAE,GACtB,cAAc,CAuChB"}
+{"version":3,"file":"approval.d.ts","sourceRoot":"","sources":["../src/approval.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,QAAQ,CAAC;AAMtC,MAAM,MAAM,cAAc,GAAG,WAAW,GAAG,qBAAqB,GAAG,aAAa,CAAC;AAqBjF,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,OAAO,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,8EAA8E;IAC9E,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAID,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC/B,SAAS,EAAE,MAAM,GAAG,aAAa,CAAC;IAClC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AA0BD,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAInD;AAED,wBAAgB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAEtD;AAED,wBAAgB,eAAe,IAAI,IAAI,CAGtC;AAID;;;;GAIG;AACH,wBAAgB,eAAe,CAC7B,QAAQ,EAAE,MAAM,EAChB,cAAc,EAAE,cAAc,EAC9B,YAAY,CAAC,EAAE,MAAM,EAAE,GACtB,cAAc,CAmChB;AAmCD,MAAM,MAAM,SAAS,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE;IAAE,GAAG,CAAC,EAAE,MAAM,CAAA;CAAE,KAAK,IAAI,CAAC;AAE1F,qBAAa,eAAgB,SAAQ,YAAY;IAC/C,OAAO,CAAC,OAAO,CAGV;IAEL,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,SAAS,CAAY;IAC7B,OAAO,CAAC,cAAc,CAAS;gBAEnB,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,cAAc,SAAS;IAOzE;;;OAGG;IACG,eAAe,CACnB,SAAS,EAAE,MAAM,EACjB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC7B,OAAO,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,cAAc,CAAC;IAgC1B;;;OAGG;IACH,cAAc,CAAC,QAAQ,EAAE,gBAAgB,GAAG,IAAI;IAsBhD;;OAEG;IACH,SAAS,IAAI,IAAI;IAQjB;;OAEG;IACH,gBAAgB,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAMzC,IAAI,YAAY,IAAI,MAAM,CAEzB;CACF"}

package/dist/approval.js

@@ -1,18 +1,60 @@
 "use strict";
 /**
- * Permission Gating — controls which tools can execute based on agent config.
+ * Permission Gating + Real-Time Tool Approval via MQTT
  *
  * Three modes:
  * - autopilot: execute everything without asking
- * - approve-destructive: auto-run reads, DENY destructive tools (writes/commands/git)
- * - approve-all: DENY everything until explicit approval via MQTT
+ * - approve-destructive: auto-run reads, ask user for destructive tools
+ * - approve-all: ask user for every tool call
  *
- * When a tool is denied, the agent returns an error to the LLM indicating
- * approval is required. A future version will implement real-time approval
- * via the web UI and MQTT.
+ * In non-autopilot modes, the agent publishes an approval_request via MQTT,
+ * renders an inline card in the web UI, and waits for the user's response
+ * (allow/deny) before proceeding. Times out after 60s → auto-deny.
  */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApprovalManager = void 0;
+exports.rememberTool = rememberTool;
+exports.isRemembered = isRemembered;
+exports.clearRemembered = clearRemembered;
 exports.checkPermission = checkPermission;
+const events_1 = require("events");
+const crypto = __importStar(require("crypto"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
 /** Tools that modify state — require approval in approve-destructive mode */
 const DESTRUCTIVE_TOOLS = new Set([
     'write_file',
@@ -26,13 +68,49 @@ const READONLY_TOOLS = new Set([
     'list_directory',
     'git_status',
     'git_diff',
+    'web_search',
+    'web_fetch',
+    'search_local_memory',
 ]);
+// ── Remembered Approvals ────────────────────────────────────────────────────
+const REMEMBERED_FILE = path.join(os.homedir(), '.funolio', 'remembered-tools.json');
+let rememberedTools = null;
+function loadRemembered() {
+    if (rememberedTools)
+        return rememberedTools;
+    try {
+        const data = JSON.parse(fs.readFileSync(REMEMBERED_FILE, 'utf-8'));
+        rememberedTools = new Set(Array.isArray(data) ? data : []);
+    }
+    catch {
+        rememberedTools = new Set();
+    }
+    return rememberedTools;
+}
+function saveRemembered() {
+    if (!rememberedTools)
+        return;
+    const dir = path.dirname(REMEMBERED_FILE);
+    fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+    fs.writeFileSync(REMEMBERED_FILE, JSON.stringify([...rememberedTools], null, 2), { mode: 0o600 });
+}
+function rememberTool(toolName) {
+    const set = loadRemembered();
+    set.add(toolName);
+    saveRemembered();
+}
+function isRemembered(toolName) {
+    return loadRemembered().has(toolName);
+}
+function clearRemembered() {
+    rememberedTools = new Set();
+    saveRemembered();
+}
+// ── Synchronous Permission Check ────────────────────────────────────────────
 /**
- * Check if a tool call is allowed based on permission mode and enabled tools.
- *
- * @param toolName - The tool being called
- * @param permissionMode - The agent's permission mode
- * @param enabledTools - List of tool names that are enabled (if undefined, all are enabled)
+ * Quick synchronous check — returns whether a tool needs interactive approval.
+ * Returns { approved: true } for auto-approved tools, { approved: false } for
+ * tools that need the async MQTT approval flow.
  */
 function checkPermission(toolName, permissionMode, enabledTools) {
     // Check if tool is enabled
@@ -42,32 +120,144 @@ function checkPermission(toolName, permissionMode, enabledTools) {
             reason: `Tool "${toolName}" is not enabled for this agent`,
         };
     }
-    // Check permission mode
-    switch (permissionMode) {
-        case 'autopilot':
+    // Autopilot — everything is approved
+    if (permissionMode === 'autopilot') {
+        return { approved: true };
+    }
+    // Check remembered approvals
+    if (isRemembered(toolName)) {
+        return { approved: true };
+    }
+    // approve-destructive: auto-approve read-only tools
+    if (permissionMode === 'approve-destructive') {
+        if (READONLY_TOOLS.has(toolName)) {
             return { approved: true };
-        case 'approve-destructive':
-            if (READONLY_TOOLS.has(toolName)) {
-                return { approved: true };
-            }
-            if (DESTRUCTIVE_TOOLS.has(toolName)) {
-                return {
-                    approved: false,
-                    reason: `Tool "${toolName}" requires user approval (destructive action). Permission mode: approve-destructive.`,
-                };
-            }
-            // Unknown tool — deny by default in approve-destructive mode
-            return {
-                approved: false,
-                reason: `Tool "${toolName}" is not recognized as read-only. Approval required.`,
-            };
-        case 'approve-all':
-            return {
-                approved: false,
-                reason: `Tool "${toolName}" requires user approval. Permission mode: approve-all.`,
-            };
+        }
+        return {
+            approved: false,
+            reason: `Tool "${toolName}" requires user approval (destructive action).`,
+        };
+    }
+    // approve-all: everything needs approval
+    return {
+        approved: false,
+        reason: `Tool "${toolName}" requires user approval.`,
+    };
+}
+// ── Tool Summary Generator ──────────────────────────────────────────────────
+function generateToolSummary(toolName, args) {
+    switch (toolName) {
+        case 'write_file':
+            return `Write file: ${args.path || args.filePath || 'unknown'}`;
+        case 'edit_file':
+            return `Edit file: ${args.path || args.filePath || 'unknown'}`;
+        case 'run_command':
+            return `Run command: ${args.command || 'unknown'}`;
+        case 'git_commit':
+            return `Git commit: ${args.message || 'unknown'}`;
+        case 'read_file':
+            return `Read file: ${args.path || args.filePath || 'unknown'}`;
+        case 'list_directory':
+            return `List directory: ${args.path || args.directory || '.'}`;
+        case 'web_search':
+            return `Web search: ${args.query || 'unknown'}`;
+        case 'web_fetch':
+            return `Fetch URL: ${args.url || 'unknown'}`;
+        case 'schedule_task':
+            return `Schedule task: ${args.description || args.name || 'unknown'}`;
         default:
-            return { approved: true };
+            return `${toolName}(${JSON.stringify(args).slice(0, 80)})`;
+    }
+}
+function getRiskLevel(toolName) {
+    return DESTRUCTIVE_TOOLS.has(toolName) ? 'destructive' : 'safe';
+}
+class ApprovalManager extends events_1.EventEmitter {
+    pending = new Map();
+    userId;
+    publishFn;
+    defaultTimeout;
+    constructor(userId, publishFn, defaultTimeout = 60_000) {
+        super();
+        this.userId = userId;
+        this.publishFn = publishFn;
+        this.defaultTimeout = defaultTimeout;
+    }
+    /**
+     * Request interactive approval for a tool call via MQTT.
+     * Publishes an approval_request, waits for user response or timeout.
+     */
+    async requestApproval(commandId, toolName, toolArgs, timeout) {
+        const requestId = crypto.randomUUID();
+        const timeoutMs = timeout || this.defaultTimeout;
+        const request = {
+            requestId,
+            commandId,
+            tool: toolName,
+            arguments: toolArgs,
+            riskLevel: getRiskLevel(toolName),
+            summary: generateToolSummary(toolName, toolArgs),
+            timeout: timeoutMs,
+        };
+        // Publish the approval request
+        const topic = `funolio/${this.userId}/agent/approval`;
+        this.publishFn(topic, JSON.stringify(request), { qos: 1 });
+        // Wait for response or timeout
+        return new Promise((resolve) => {
+            const timer = setTimeout(() => {
+                this.pending.delete(requestId);
+                resolve({
+                    approved: false,
+                    reason: `Approval timed out after ${timeoutMs / 1000}s. User did not respond.`,
+                });
+            }, timeoutMs);
+            this.pending.set(requestId, { resolve, timer });
+        });
+    }
+    /**
+     * Handle an incoming approval response from the web UI.
+     * Call this from the MQTT message handler.
+     */
+    handleResponse(response) {
+        const entry = this.pending.get(response.requestId);
+        if (!entry)
+            return; // Stale or unknown request
+        clearTimeout(entry.timer);
+        this.pending.delete(response.requestId);
+        // If user chose "always allow", persist it
+        if (response.approved && response.remember) {
+            // We need the tool name — stored in the request we sent.
+            // The response only has requestId, but we can emit an event
+            // for the caller to handle remembering.
+            this.emit('remember', response.requestId);
+        }
+        entry.resolve({
+            approved: response.approved,
+            reason: response.approved ? undefined : 'User denied the tool call.',
+            remember: response.remember,
+        });
+    }
+    /**
+     * Cancel all pending approvals (e.g., on command cancel).
+     */
+    cancelAll() {
+        for (const [id, entry] of this.pending) {
+            clearTimeout(entry.timer);
+            entry.resolve({ approved: false, reason: 'Cancelled.' });
+        }
+        this.pending.clear();
+    }
+    /**
+     * Cancel a specific pending approval by command ID.
+     */
+    cancelForCommand(commandId) {
+        // We don't track commandId→requestId mapping here, so this is
+        // handled by the message loop cancelling all pending on command cancel.
+        this.cancelAll();
+    }
+    get pendingCount() {
+        return this.pending.size;
     }
 }
+exports.ApprovalManager = ApprovalManager;
 //# sourceMappingURL=approval.js.map

package/dist/approval.js.map

@@ -1 +1 @@
-{"version":3,"file":"approval.js","sourceRoot":"","sources":["../src/approval.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;AAgCH,0CA2CC;AAvED,6EAA6E;AAC7E,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,YAAY;IACZ,WAAW;IACX,aAAa;IACb,YAAY;CACb,CAAC,CAAC;AAEH,kEAAkE;AAClE,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,WAAW;IACX,gBAAgB;IAChB,YAAY;IACZ,UAAU;CACX,CAAC,CAAC;AAOH;;;;;;GAMG;AACH,SAAgB,eAAe,CAC7B,QAAgB,EAChB,cAA8B,EAC9B,YAAuB;IAEvB,2BAA2B;IAC3B,IAAI,YAAY,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrD,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,SAAS,QAAQ,iCAAiC;SAC3D,CAAC;IACJ,CAAC;IAED,wBAAwB;IACxB,QAAQ,cAAc,EAAE,CAAC;QACvB,KAAK,WAAW;YACd,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAE5B,KAAK,qBAAqB;YACxB,IAAI,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACjC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;YAC5B,CAAC;YACD,IAAI,iBAAiB,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;gBACpC,OAAO;oBACL,QAAQ,EAAE,KAAK;oBACf,MAAM,EAAE,SAAS,QAAQ,sFAAsF;iBAChH,CAAC;YACJ,CAAC;YACD,6DAA6D;YAC7D,OAAO;gBACL,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,SAAS,QAAQ,sDAAsD;aAChF,CAAC;QAEJ,KAAK,aAAa;YAChB,OAAO;gBACL,QAAQ,EAAE,KAAK;gBACf,MAAM,EAAE,SAAS,QAAQ,yDAAyD;aACnF,CAAC;QAEJ;YACE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC9B,CAAC;AACH,CAAC"}
+{"version":3,"file":"approval.js","sourceRoot":"","sources":["../src/approval.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA8EH,oCAIC;AAED,oCAEC;AAED,0CAGC;AASD,0CAuCC;AAzID,mCAAsC;AACtC,+CAAiC;AACjC,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AAIzB,6EAA6E;AAC7E,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC;IAChC,YAAY;IACZ,WAAW;IACX,aAAa;IACb,YAAY;CACb,CAAC,CAAC;AAEH,kEAAkE;AAClE,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,WAAW;IACX,gBAAgB;IAChB,YAAY;IACZ,UAAU;IACV,YAAY;IACZ,WAAW;IACX,qBAAqB;CACtB,CAAC,CAAC;AA2BH,+EAA+E;AAE/E,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,UAAU,EAAE,uBAAuB,CAAC,CAAC;AAErF,IAAI,eAAe,GAAuB,IAAI,CAAC;AAE/C,SAAS,cAAc;IACrB,IAAI,eAAe;QAAE,OAAO,eAAe,CAAC;IAC5C,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC,CAAC;QACnE,eAAe,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAC7D,CAAC;IAAC,MAAM,CAAC;QACP,eAAe,GAAG,IAAI,GAAG,EAAE,CAAC;IAC9B,CAAC;IACD,OAAO,eAAe,CAAC;AACzB,CAAC;AAED,SAAS,cAAc;IACrB,IAAI,CAAC,eAAe;QAAE,OAAO;IAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;IAC1C,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACpD,EAAE,CAAC,aAAa,CAAC,eAAe,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,GAAG,eAAe,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;AACpG,CAAC;AAED,SAAgB,YAAY,CAAC,QAAgB;IAC3C,MAAM,GAAG,GAAG,cAAc,EAAE,CAAC;IAC7B,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IAClB,cAAc,EAAE,CAAC;AACnB,CAAC;AAED,SAAgB,YAAY,CAAC,QAAgB;IAC3C,OAAO,cAAc,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;AACxC,CAAC;AAED,SAAgB,eAAe;IAC7B,eAAe,GAAG,IAAI,GAAG,EAAE,CAAC;IAC5B,cAAc,EAAE,CAAC;AACnB,CAAC;AAED,+EAA+E;AAE/E;;;;GAIG;AACH,SAAgB,eAAe,CAC7B,QAAgB,EAChB,cAA8B,EAC9B,YAAuB;IAEvB,2BAA2B;IAC3B,IAAI,YAAY,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACrD,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,SAAS,QAAQ,iCAAiC;SAC3D,CAAC;IACJ,CAAC;IAED,qCAAqC;IACrC,IAAI,cAAc,KAAK,WAAW,EAAE,CAAC;QACnC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5B,CAAC;IAED,6BAA6B;IAC7B,IAAI,YAAY,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC3B,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC5B,CAAC;IAED,oDAAoD;IACpD,IAAI,cAAc,KAAK,qBAAqB,EAAE,CAAC;QAC7C,IAAI,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;QAC5B,CAAC;QACD,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,SAAS,QAAQ,gDAAgD;SAC1E,CAAC;IACJ,CAAC;IAED,yCAAyC;IACzC,OAAO;QACL,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,SAAS,QAAQ,2BAA2B;KACrD,CAAC;AACJ,CAAC;AAED,+EAA+E;AAE/E,SAAS,mBAAmB,CAAC,QAAgB,EAAE,IAAyB;IACtE,QAAQ,QAAQ,EAAE,CAAC;QACjB,KAAK,YAAY;YACf,OAAO,eAAe,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE,CAAC;QAClE,KAAK,WAAW;YACd,OAAO,cAAc,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjE,KAAK,aAAa;YAChB,OAAO,gBAAgB,IAAI,CAAC,OAAO,IAAI,SAAS,EAAE,CAAC;QACrD,KAAK,YAAY;YACf,OAAO,eAAe,IAAI,CAAC,OAAO,IAAI,SAAS,EAAE,CAAC;QACpD,KAAK,WAAW;YACd,OAAO,cAAc,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,IAAI,SAAS,EAAE,CAAC;QACjE,KAAK,gBAAgB;YACnB,OAAO,mBAAmB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,SAAS,IAAI,GAAG,EAAE,CAAC;QACjE,KAAK,YAAY;YACf,OAAO,eAAe,IAAI,CAAC,KAAK,IAAI,SAAS,EAAE,CAAC;QAClD,KAAK,WAAW;YACd,OAAO,cAAc,IAAI,CAAC,GAAG,IAAI,SAAS,EAAE,CAAC;QAC/C,KAAK,eAAe;YAClB,OAAO,kBAAkB,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,IAAI,IAAI,SAAS,EAAE,CAAC;QACxE;YACE,OAAO,GAAG,QAAQ,IAAI,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC;IAC/D,CAAC;AACH,CAAC;AAED,SAAS,YAAY,CAAC,QAAgB;IACpC,OAAO,iBAAiB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC;AAClE,CAAC;AAMD,MAAa,eAAgB,SAAQ,qBAAY;IACvC,OAAO,GAAG,IAAI,GAAG,EAGrB,CAAC;IAEG,MAAM,CAAS;IACf,SAAS,CAAY;IACrB,cAAc,CAAS;IAE/B,YAAY,MAAc,EAAE,SAAoB,EAAE,cAAc,GAAG,MAAM;QACvE,KAAK,EAAE,CAAC;QACR,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;IACvC,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,eAAe,CACnB,SAAiB,EACjB,QAAgB,EAChB,QAA6B,EAC7B,OAAgB;QAEhB,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QACtC,MAAM,SAAS,GAAG,OAAO,IAAI,IAAI,CAAC,cAAc,CAAC;QAEjD,MAAM,OAAO,GAAoB;YAC/B,SAAS;YACT,SAAS;YACT,IAAI,EAAE,QAAQ;YACd,SAAS,EAAE,QAAQ;YACnB,SAAS,EAAE,YAAY,CAAC,QAAQ,CAAC;YACjC,OAAO,EAAE,mBAAmB,CAAC,QAAQ,EAAE,QAAQ,CAAC;YAChD,OAAO,EAAE,SAAS;SACnB,CAAC;QAEF,+BAA+B;QAC/B,MAAM,KAAK,GAAG,WAAW,IAAI,CAAC,MAAM,iBAAiB,CAAC;QACtD,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAE3D,+BAA+B;QAC/B,OAAO,IAAI,OAAO,CAAiB,CAAC,OAAO,EAAE,EAAE;YAC7C,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC5B,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBAC/B,OAAO,CAAC;oBACN,QAAQ,EAAE,KAAK;oBACf,MAAM,EAAE,4BAA4B,SAAS,GAAG,IAAI,0BAA0B;iBAC/E,CAAC,CAAC;YACL,CAAC,EAAE,SAAS,CAAC,CAAC;YAEd,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,cAAc,CAAC,QAA0B;QACvC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QACnD,IAAI,CAAC,KAAK;YAAE,OAAO,CAAC,2BAA2B;QAE/C,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC1B,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;QAExC,2CAA2C;QAC3C,IAAI,QAAQ,CAAC,QAAQ,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC;YAC3C,yDAAyD;YACzD,4DAA4D;YAC5D,wCAAwC;YACxC,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC;QAC5C,CAAC;QAED,KAAK,CAAC,OAAO,CAAC;YACZ,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,MAAM,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,4BAA4B;YACpE,QAAQ,EAAE,QAAQ,CAAC,QAAQ;SAC5B,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,SAAS;QACP,KAAK,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACvC,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAC1B,KAAK,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,SAAiB;QAChC,8DAA8D;QAC9D,wEAAwE;QACxE,IAAI,CAAC,SAAS,EAAE,CAAC;IACnB,CAAC;IAED,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3B,CAAC;CACF;AA3GD,0CA2GC"}

package/dist/auth/anthropic-subscription.d.ts

@@ -0,0 +1,24 @@
+import { OAuthCredential } from './credential-reader';
+export declare const ANTHROPIC_OAUTH_BETA_HEADER = "oauth-2025-04-20";
+export declare const ANTHROPIC_CLAUDE_CODE_API_KEY_URL = "https://api.anthropic.com/api/oauth/claude_cli/create_api_key";
+export interface AnthropicSubscriptionTokenInput {
+    accessToken: string;
+    refreshToken?: string | null;
+    expiresAt?: number | null;
+    onRefresh?: ((credential: OAuthCredential) => void) | null;
+}
+export type AnthropicAuthMode = 'api-key' | 'oauth-bearer';
+export interface AnthropicSubscriptionAuthResult {
+    token: string;
+    authMode: AnthropicAuthMode;
+    credential: OAuthCredential;
+    refreshed: boolean;
+    source: 'api-key-exchange' | 'oauth-bearer';
+}
+export declare function ensureFreshAnthropicCredential(input: AnthropicSubscriptionTokenInput): Promise<{
+    credential: OAuthCredential;
+    refreshed: boolean;
+}>;
+export declare function createAnthropicApiKeyFromOauth(accessToken: string): Promise<string>;
+export declare function resolveAnthropicSubscriptionAuth(input: AnthropicSubscriptionTokenInput): Promise<AnthropicSubscriptionAuthResult>;
+//# sourceMappingURL=anthropic-subscription.d.ts.map

package/dist/auth/anthropic-subscription.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"anthropic-subscription.d.ts","sourceRoot":"","sources":["../../src/auth/anthropic-subscription.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAa,MAAM,qBAAqB,CAAC;AAGjE,eAAO,MAAM,2BAA2B,qBAAqB,CAAC;AAC9D,eAAO,MAAM,iCAAiC,kEAAkE,CAAC;AASjH,MAAM,WAAW,+BAA+B;IAC9C,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,SAAS,CAAC,EAAE,CAAC,CAAC,UAAU,EAAE,eAAe,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC;CAC5D;AAED,MAAM,MAAM,iBAAiB,GAAG,SAAS,GAAG,cAAc,CAAC;AAE3D,MAAM,WAAW,+BAA+B;IAC9C,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,iBAAiB,CAAC;IAC5B,UAAU,EAAE,eAAe,CAAC;IAC5B,SAAS,EAAE,OAAO,CAAC;IACnB,MAAM,EAAE,kBAAkB,GAAG,cAAc,CAAC;CAC7C;AAqCD,wBAAsB,8BAA8B,CAClD,KAAK,EAAE,+BAA+B,GACrC,OAAO,CAAC;IAAE,UAAU,EAAE,eAAe,CAAC;IAAC,SAAS,EAAE,OAAO,CAAA;CAAE,CAAC,CAS9D;AAED,wBAAsB,8BAA8B,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CA4BzF;AAED,wBAAsB,gCAAgC,CACpD,KAAK,EAAE,+BAA+B,GACrC,OAAO,CAAC,+BAA+B,CAAC,CA0B1C"}

package/dist/auth/anthropic-subscription.js

@@ -0,0 +1,104 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ANTHROPIC_CLAUDE_CODE_API_KEY_URL = exports.ANTHROPIC_OAUTH_BETA_HEADER = void 0;
+exports.ensureFreshAnthropicCredential = ensureFreshAnthropicCredential;
+exports.createAnthropicApiKeyFromOauth = createAnthropicApiKeyFromOauth;
+exports.resolveAnthropicSubscriptionAuth = resolveAnthropicSubscriptionAuth;
+const credential_reader_1 = require("./credential-reader");
+const token_refresh_1 = require("./token-refresh");
+exports.ANTHROPIC_OAUTH_BETA_HEADER = 'oauth-2025-04-20';
+exports.ANTHROPIC_CLAUDE_CODE_API_KEY_URL = 'https://api.anthropic.com/api/oauth/claude_cli/create_api_key';
+const API_KEY_CACHE_TTL_MS = 30 * 60_000;
+const apiKeyCache = new Map();
+function readCachedApiKey(accessToken) {
+    const cached = apiKeyCache.get(accessToken);
+    if (!cached)
+        return null;
+    if (cached.expiresAt <= Date.now()) {
+        apiKeyCache.delete(accessToken);
+        return null;
+    }
+    return cached.rawKey;
+}
+function storeCachedApiKey(accessToken, rawKey) {
+    apiKeyCache.set(accessToken, {
+        rawKey,
+        expiresAt: Date.now() + API_KEY_CACHE_TTL_MS,
+    });
+}
+function toCredential(input) {
+    return {
+        provider: 'anthropic',
+        accessToken: input.accessToken,
+        refreshToken: input.refreshToken || '',
+        expiresAt: input.expiresAt || 0,
+    };
+}
+function isScopeLimitedOauthError(message) {
+    const normalized = message.toLowerCase();
+    return normalized.includes('org:create_api_key')
+        || normalized.includes('permission_error')
+        || normalized.includes('scope requirement');
+}
+async function ensureFreshAnthropicCredential(input) {
+    const credential = toCredential(input);
+    if (!credential.refreshToken || !(0, credential_reader_1.isExpired)(credential)) {
+        return { credential, refreshed: false };
+    }
+    const refreshed = await (0, token_refresh_1.refreshToken)(credential);
+    input.onRefresh?.(refreshed.credential);
+    return { credential: refreshed.credential, refreshed: true };
+}
+async function createAnthropicApiKeyFromOauth(accessToken) {
+    const cached = readCachedApiKey(accessToken);
+    if (cached)
+        return cached;
+    const response = await fetch(exports.ANTHROPIC_CLAUDE_CODE_API_KEY_URL, {
+        method: 'POST',
+        headers: {
+            Authorization: `Bearer ${accessToken}`,
+            'anthropic-beta': exports.ANTHROPIC_OAUTH_BETA_HEADER,
+            'Content-Type': 'application/json',
+            'User-Agent': 'funolio-agent',
+            'x-app': 'funolio-desktop',
+        },
+        body: '{}',
+    });
+    if (!response.ok) {
+        const body = await response.text().catch(() => '');
+        throw new Error(`Anthropic Claude subscription API key exchange failed (${response.status}): ${body}`);
+    }
+    const data = await response.json();
+    if (!data.raw_key) {
+        throw new Error('Anthropic Claude subscription API key exchange returned no raw_key');
+    }
+    storeCachedApiKey(accessToken, data.raw_key);
+    return data.raw_key;
+}
+async function resolveAnthropicSubscriptionAuth(input) {
+    const { credential, refreshed } = await ensureFreshAnthropicCredential(input);
+    try {
+        const apiKey = await createAnthropicApiKeyFromOauth(credential.accessToken);
+        return {
+            token: apiKey,
+            authMode: 'api-key',
+            credential,
+            refreshed,
+            source: 'api-key-exchange',
+        };
+    }
+    catch (err) {
+        const message = err?.message || String(err);
+        if (!isScopeLimitedOauthError(message)) {
+            throw err;
+        }
+        return {
+            token: credential.accessToken,
+            authMode: 'oauth-bearer',
+            credential,
+            refreshed,
+            source: 'oauth-bearer',
+        };
+    }
+}
+//# sourceMappingURL=anthropic-subscription.js.map

package/dist/auth/anthropic-subscription.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"anthropic-subscription.js","sourceRoot":"","sources":["../../src/auth/anthropic-subscription.ts"],"names":[],"mappings":";;;AAiEA,wEAWC;AAED,wEA4BC;AAED,4EA4BC;AAxID,2DAAiE;AACjE,mDAA+C;AAElC,QAAA,2BAA2B,GAAG,kBAAkB,CAAC;AACjD,QAAA,iCAAiC,GAAG,+DAA+D,CAAC;AAEjH,MAAM,oBAAoB,GAAG,EAAE,GAAG,MAAM,CAAC;AAwBzC,MAAM,WAAW,GAAG,IAAI,GAAG,EAAwB,CAAC;AAEpD,SAAS,gBAAgB,CAAC,WAAmB;IAC3C,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;IAC5C,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IACzB,IAAI,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QACnC,WAAW,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAChC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,MAAM,CAAC,MAAM,CAAC;AACvB,CAAC;AAED,SAAS,iBAAiB,CAAC,WAAmB,EAAE,MAAc;IAC5D,WAAW,CAAC,GAAG,CAAC,WAAW,EAAE;QAC3B,MAAM;QACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,oBAAoB;KAC7C,CAAC,CAAC;AACL,CAAC;AAED,SAAS,YAAY,CAAC,KAAsC;IAC1D,OAAO;QACL,QAAQ,EAAE,WAAW;QACrB,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,YAAY,EAAE,KAAK,CAAC,YAAY,IAAI,EAAE;QACtC,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,CAAC;KAChC,CAAC;AACJ,CAAC;AAED,SAAS,wBAAwB,CAAC,OAAe;IAC/C,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IACzC,OAAO,UAAU,CAAC,QAAQ,CAAC,oBAAoB,CAAC;WAC3C,UAAU,CAAC,QAAQ,CAAC,kBAAkB,CAAC;WACvC,UAAU,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;AAChD,CAAC;AAEM,KAAK,UAAU,8BAA8B,CAClD,KAAsC;IAEtC,MAAM,UAAU,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC;IACvC,IAAI,CAAC,UAAU,CAAC,YAAY,IAAI,CAAC,IAAA,6BAAS,EAAC,UAAU,CAAC,EAAE,CAAC;QACvD,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC;IAC1C,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,IAAA,4BAAY,EAAC,UAAU,CAAC,CAAC;IACjD,KAAK,CAAC,SAAS,EAAE,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IACxC,OAAO,EAAE,UAAU,EAAE,SAAS,CAAC,UAAU,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AAC/D,CAAC;AAEM,KAAK,UAAU,8BAA8B,CAAC,WAAmB;IACtE,MAAM,MAAM,GAAG,gBAAgB,CAAC,WAAW,CAAC,CAAC;IAC7C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,yCAAiC,EAAE;QAC9D,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,WAAW,EAAE;YACtC,gBAAgB,EAAE,mCAA2B;YAC7C,cAAc,EAAE,kBAAkB;YAClC,YAAY,EAAE,eAAe;YAC7B,OAAO,EAAE,iBAAiB;SAC3B;QACD,IAAI,EAAE,IAAI;KACX,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,0DAA0D,QAAQ,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;IACzG,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAA0B,CAAC;IAC3D,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;IACxF,CAAC;IAED,iBAAiB,CAAC,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7C,OAAO,IAAI,CAAC,OAAO,CAAC;AACtB,CAAC;AAEM,KAAK,UAAU,gCAAgC,CACpD,KAAsC;IAEtC,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,MAAM,8BAA8B,CAAC,KAAK,CAAC,CAAC;IAE9E,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,MAAM,8BAA8B,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC;QAC5E,OAAO;YACL,KAAK,EAAE,MAAM;YACb,QAAQ,EAAE,SAAS;YACnB,UAAU;YACV,SAAS;YACT,MAAM,EAAE,kBAAkB;SAC3B,CAAC;IACJ,CAAC;IAAC,OAAO,GAAQ,EAAE,CAAC;QAClB,MAAM,OAAO,GAAG,GAAG,EAAE,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC;QAC5C,IAAI,CAAC,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;YACvC,MAAM,GAAG,CAAC;QACZ,CAAC;QAED,OAAO;YACL,KAAK,EAAE,UAAU,CAAC,WAAW;YAC7B,QAAQ,EAAE,cAAc;YACxB,UAAU;YACV,SAAS;YACT,MAAM,EAAE,cAAc;SACvB,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/auth/auto-detect.d.ts

@@ -0,0 +1,28 @@
+import { OAuthCredential } from './credential-reader';
+export interface ResolvedAuth {
+    provider: string;
+    model: string;
+    apiKey: string;
+    source: 'oauth' | 'api-key' | 'env';
+    credential?: OAuthCredential;
+    expired?: boolean;
+    error?: string;
+}
+/**
+ * Resolve the best available authentication method.
+ * Priority: explicit API key > OAuth credentials > env vars
+ */
+export declare function resolveAuth(config: {
+    provider?: string;
+    apiKey?: string;
+    model?: string;
+    oauthToken?: string;
+    oauthRefreshToken?: string;
+    oauthExpiresAt?: number;
+}): Promise<ResolvedAuth | null>;
+/**
+ * Ensure the token in a ResolvedAuth is still valid. Refreshes if needed.
+ * Returns the same object if still valid, or a new one with updated token.
+ */
+export declare function ensureFreshToken(auth: ResolvedAuth): Promise<ResolvedAuth>;
+//# sourceMappingURL=auto-detect.d.ts.map

package/dist/auth/auto-detect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auto-detect.d.ts","sourceRoot":"","sources":["../../src/auth/auto-detect.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAa,MAAM,qBAAqB,CAAC;AAQjE,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,OAAO,GAAG,SAAS,GAAG,KAAK,CAAC;IACpC,UAAU,CAAC,EAAE,eAAe,CAAC;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAYD;;;GAGG;AACH,wBAAsB,WAAW,CAAC,MAAM,EAAE;IACxC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,GAAG,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAgG/B;AAoCD;;;GAGG;AACH,wBAAsB,gBAAgB,CAAC,IAAI,EAAE,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,CAgChF"}