nemoris 0.1.0 → 0.1.2

package/src/runtime/exec-approvals.js

@@ -1,216 +1,216 @@
-import crypto from "node:crypto";
-
-/**
- * ExecApprovalGate — pauses dangerous tool calls and requires
- * Telegram approval before they proceed.
- *
- * Opt-in per agent via `exec_approvals = true` in agent config.
- */
-
-const DANGEROUS_TOOLS = new Set(["shell_exec", "write_file"]);
-const DANGEROUS_HTTP_METHODS = new Set(["POST", "PUT", "DELETE", "PATCH"]);
-const LOG_CAP = 1000;
-
-function getExecApprovalSettings(agentConfig) {
-  const config = agentConfig?.execApprovals ?? agentConfig?.exec_approvals ?? false;
-  if (!config) {
-    return { enabled: false, allowTools: new Set() };
-  }
-
-  if (config === true) {
-    return { enabled: true, allowTools: new Set() };
-  }
-
-  const allowTools = config.allowTools
-    || config.allow_tools
-    || config.allowedTools
-    || config.allowed_tools
-    || [];
-
-  return {
-    enabled: config.enabled !== false,
-    allowTools: new Set((Array.isArray(allowTools) ? allowTools : []).map((toolName) => String(toolName)))
-  };
-}
-
-export class ExecApprovalGate {
-  /**
-   * @param {object} opts
-   * @param {function} opts.sendFn — async (text) => void, sends a Telegram message
-   * @param {number}   [opts.timeoutMs=300000] — auto-deny timeout (5 min default)
-   */
-  constructor({ sendFn, timeoutMs = 300_000 }) {
-    this._sendFn = sendFn;
-    this._timeoutMs = timeoutMs;
-    /** @type {Map<string, { resolve: Function, timer: ReturnType<typeof setTimeout>, toolName: string, toolInput: any, jobId: string, agentId: string, createdAt: string }>} */
-    this._pending = new Map();
-    /** @type {Array<object>} */
-    this._log = [];
-  }
-
-  /**
-   * Check whether a tool call requires human approval.
-   * @param {string} toolName
-   * @param {object} toolInput
-   * @param {object} agentConfig — parsed agent TOML
-   * @returns {boolean}
-   */
-  requiresApproval(toolName, toolInput, agentConfig) {
-    const settings = getExecApprovalSettings(agentConfig);
-    if (!settings.enabled) return false;
-    if (settings.allowTools.has(toolName)) return false;
-
-    if (DANGEROUS_TOOLS.has(toolName)) return true;
-
-    if (toolName === "http_fetch") {
-      const method = (toolInput?.method || "GET").toUpperCase();
-      return DANGEROUS_HTTP_METHODS.has(method);
-    }
-
-    if (toolName.startsWith("mcp:")) return true;
-
-    return false;
-  }
-
-  /**
-   * Request human approval for a tool call.
-   * Sends a Telegram message and returns a promise that resolves
-   * when /exec_approve or /exec_deny is called (or times out).
-   *
-   * @param {object} opts
-   * @param {string} opts.toolName
-   * @param {object} opts.toolInput
-   * @param {string} opts.jobId
-   * @param {string} opts.agentId
-   * @returns {Promise<{ approved: boolean, approvedBy?: string }>}
-   */
-  requestApproval({ toolName, toolInput, jobId, agentId, skipNotify = false }) {
-    const approvalId = crypto.randomUUID();
-
-    const approvalPromise = new Promise((resolve) => {
-      const timer = setTimeout(() => {
-        if (this._pending.has(approvalId)) {
-          this._pending.delete(approvalId);
-          this._logDecision({
-            approvalId,
-            toolName,
-            action: "auto_deny",
-            approved: false,
-            approvedBy: "timeout",
-            timestamp: new Date().toISOString(),
-          });
-          if (!skipNotify) {
-            this._sendFn(`Approval ${approvalId} auto-denied (timed out after ${this._timeoutMs / 1000}s).`).catch(() => {});
-          }
-          resolve({ approved: false });
-        }
-      }, this._timeoutMs);
-      timer.unref?.();
-
-      this._pending.set(approvalId, {
-        resolve,
-        timer,
-        toolName,
-        toolInput,
-        jobId,
-        agentId,
-        createdAt: new Date().toISOString(),
-      });
-
-      // Build detail string for the message
-      let detail = "";
-      if (toolName === "shell_exec") {
-        detail = `Command: ${toolInput?.command || JSON.stringify(toolInput)}`;
-      } else if (toolName === "write_file") {
-        detail = `Path: ${toolInput?.path || toolInput?.file_path || JSON.stringify(toolInput)}`;
-      } else if (toolName === "http_fetch") {
-        detail = `${toolInput?.method || "?"} ${toolInput?.url || "?"}`;
-      } else {
-        detail = JSON.stringify(toolInput || {}).slice(0, 200);
-      }
-
-      const msg = [
-        `\u{1F512} Approval needed`,
-        ``,
-        `Tool: ${toolName}`,
-        `${detail}`,
-        `Requester: interactive turn (job #${jobId})`,
-        ``,
-        `Reply /exec_approve ${approvalId} or /exec_deny ${approvalId}`,
-        `Auto-denied in ${Math.floor(this._timeoutMs / 60000)} minutes if no response.`,
-      ].join("\n");
-
-      if (!skipNotify) {
-        this._sendFn(msg).catch(() => {});
-      }
-    });
-
-    approvalPromise.approvalId = approvalId;
-    return approvalPromise;
-  }
-
-  /**
-   * Resolve a pending approval.
-   * @param {string} approvalId
-   * @param {boolean} approved
-   * @param {string} [approvedBy]
-   * @returns {boolean} — true if the approval was found and resolved
-   */
-  resolve(approvalId, approved, approvedBy) {
-    const entry = this._pending.get(approvalId);
-    if (!entry) return false;
-
-    clearTimeout(entry.timer);
-    this._pending.delete(approvalId);
-
-    this._logDecision({
-      approvalId,
-      toolName: entry.toolName,
-      action: approved ? "approved" : "denied",
-      approved,
-      approvedBy: approvedBy || "unknown",
-      timestamp: new Date().toISOString(),
-    });
-
-    entry.resolve({ approved, approvedBy });
-    return true;
-  }
-
-  /**
-   * Get all pending approvals for status display.
-   * @returns {Array<{ approvalId: string, toolName: string, toolInput: any, jobId: string, agentId: string, createdAt: string }>}
-   */
-  getPending() {
-    const results = [];
-    for (const [approvalId, entry] of this._pending) {
-      results.push({
-        approvalId,
-        toolName: entry.toolName,
-        toolInput: entry.toolInput,
-        jobId: entry.jobId,
-        agentId: entry.agentId,
-        createdAt: entry.createdAt,
-      });
-    }
-    return results;
-  }
-
-  /**
-   * Append a decision to the in-memory audit log (capped at LOG_CAP).
-   * @param {object} decision
-   */
-  _logDecision(decision) {
-    this._log.push(decision);
-    if (this._log.length > LOG_CAP) {
-      this._log = this._log.slice(this._log.length - LOG_CAP);
-    }
-  }
-
-  /**
-   * Return the full decision log (for debugging / admin).
-   * @returns {Array<object>}
-   */
-  getLog() {
-    return this._log;
-  }
-}
+import crypto from "node:crypto";
+
+/**
+ * ExecApprovalGate — pauses dangerous tool calls and requires
+ * Telegram approval before they proceed.
+ *
+ * Opt-in per agent via `exec_approvals = true` in agent config.
+ */
+
+const DANGEROUS_TOOLS = new Set(["shell_exec", "write_file"]);
+const DANGEROUS_HTTP_METHODS = new Set(["POST", "PUT", "DELETE", "PATCH"]);
+const LOG_CAP = 1000;
+
+function getExecApprovalSettings(agentConfig) {
+  const config = agentConfig?.execApprovals ?? agentConfig?.exec_approvals ?? false;
+  if (!config) {
+    return { enabled: false, allowTools: new Set() };
+  }
+
+  if (config === true) {
+    return { enabled: true, allowTools: new Set() };
+  }
+
+  const allowTools = config.allowTools
+    || config.allow_tools
+    || config.allowedTools
+    || config.allowed_tools
+    || [];
+
+  return {
+    enabled: config.enabled !== false,
+    allowTools: new Set((Array.isArray(allowTools) ? allowTools : []).map((toolName) => String(toolName)))
+  };
+}
+
+export class ExecApprovalGate {
+  /**
+   * @param {object} opts
+   * @param {function} opts.sendFn — async (text) => void, sends a Telegram message
+   * @param {number}   [opts.timeoutMs=300000] — auto-deny timeout (5 min default)
+   */
+  constructor({ sendFn, timeoutMs = 300_000 }) {
+    this._sendFn = sendFn;
+    this._timeoutMs = timeoutMs;
+    /** @type {Map<string, { resolve: Function, timer: ReturnType<typeof setTimeout>, toolName: string, toolInput: any, jobId: string, agentId: string, createdAt: string }>} */
+    this._pending = new Map();
+    /** @type {Array<object>} */
+    this._log = [];
+  }
+
+  /**
+   * Check whether a tool call requires human approval.
+   * @param {string} toolName
+   * @param {object} toolInput
+   * @param {object} agentConfig — parsed agent TOML
+   * @returns {boolean}
+   */
+  requiresApproval(toolName, toolInput, agentConfig) {
+    const settings = getExecApprovalSettings(agentConfig);
+    if (!settings.enabled) return false;
+    if (settings.allowTools.has(toolName)) return false;
+
+    if (DANGEROUS_TOOLS.has(toolName)) return true;
+
+    if (toolName === "http_fetch") {
+      const method = (toolInput?.method || "GET").toUpperCase();
+      return DANGEROUS_HTTP_METHODS.has(method);
+    }
+
+    if (toolName.startsWith("mcp:")) return true;
+
+    return false;
+  }
+
+  /**
+   * Request human approval for a tool call.
+   * Sends a Telegram message and returns a promise that resolves
+   * when /exec_approve or /exec_deny is called (or times out).
+   *
+   * @param {object} opts
+   * @param {string} opts.toolName
+   * @param {object} opts.toolInput
+   * @param {string} opts.jobId
+   * @param {string} opts.agentId
+   * @returns {Promise<{ approved: boolean, approvedBy?: string }>}
+   */
+  requestApproval({ toolName, toolInput, jobId, agentId, skipNotify = false }) {
+    const approvalId = crypto.randomUUID();
+
+    const approvalPromise = new Promise((resolve) => {
+      const timer = setTimeout(() => {
+        if (this._pending.has(approvalId)) {
+          this._pending.delete(approvalId);
+          this._logDecision({
+            approvalId,
+            toolName,
+            action: "auto_deny",
+            approved: false,
+            approvedBy: "timeout",
+            timestamp: new Date().toISOString(),
+          });
+          if (!skipNotify) {
+            this._sendFn(`Approval ${approvalId} auto-denied (timed out after ${this._timeoutMs / 1000}s).`).catch(() => {});
+          }
+          resolve({ approved: false });
+        }
+      }, this._timeoutMs);
+      timer.unref?.();
+
+      this._pending.set(approvalId, {
+        resolve,
+        timer,
+        toolName,
+        toolInput,
+        jobId,
+        agentId,
+        createdAt: new Date().toISOString(),
+      });
+
+      // Build detail string for the message
+      let detail = "";
+      if (toolName === "shell_exec") {
+        detail = `Command: ${toolInput?.command || JSON.stringify(toolInput)}`;
+      } else if (toolName === "write_file") {
+        detail = `Path: ${toolInput?.path || toolInput?.file_path || JSON.stringify(toolInput)}`;
+      } else if (toolName === "http_fetch") {
+        detail = `${toolInput?.method || "?"} ${toolInput?.url || "?"}`;
+      } else {
+        detail = JSON.stringify(toolInput || {}).slice(0, 200);
+      }
+
+      const msg = [
+        `\u{1F512} Approval needed`,
+        ``,
+        `Tool: ${toolName}`,
+        `${detail}`,
+        `Requester: interactive turn (job #${jobId})`,
+        ``,
+        `Reply /exec_approve ${approvalId} or /exec_deny ${approvalId}`,
+        `Auto-denied in ${Math.floor(this._timeoutMs / 60000)} minutes if no response.`,
+      ].join("\n");
+
+      if (!skipNotify) {
+        this._sendFn(msg).catch(() => {});
+      }
+    });
+
+    approvalPromise.approvalId = approvalId;
+    return approvalPromise;
+  }
+
+  /**
+   * Resolve a pending approval.
+   * @param {string} approvalId
+   * @param {boolean} approved
+   * @param {string} [approvedBy]
+   * @returns {boolean} — true if the approval was found and resolved
+   */
+  resolve(approvalId, approved, approvedBy) {
+    const entry = this._pending.get(approvalId);
+    if (!entry) return false;
+
+    clearTimeout(entry.timer);
+    this._pending.delete(approvalId);
+
+    this._logDecision({
+      approvalId,
+      toolName: entry.toolName,
+      action: approved ? "approved" : "denied",
+      approved,
+      approvedBy: approvedBy || "unknown",
+      timestamp: new Date().toISOString(),
+    });
+
+    entry.resolve({ approved, approvedBy });
+    return true;
+  }
+
+  /**
+   * Get all pending approvals for status display.
+   * @returns {Array<{ approvalId: string, toolName: string, toolInput: any, jobId: string, agentId: string, createdAt: string }>}
+   */
+  getPending() {
+    const results = [];
+    for (const [approvalId, entry] of this._pending) {
+      results.push({
+        approvalId,
+        toolName: entry.toolName,
+        toolInput: entry.toolInput,
+        jobId: entry.jobId,
+        agentId: entry.agentId,
+        createdAt: entry.createdAt,
+      });
+    }
+    return results;
+  }
+
+  /**
+   * Append a decision to the in-memory audit log (capped at LOG_CAP).
+   * @param {object} decision
+   */
+  _logDecision(decision) {
+    this._log.push(decision);
+    if (this._log.length > LOG_CAP) {
+      this._log = this._log.slice(this._log.length - LOG_CAP);
+    }
+  }
+
+  /**
+   * Return the full decision log (for debugging / admin).
+   * @returns {Array<object>}
+   */
+  getLog() {
+    return this._log;
+  }
+}