palaryn 0.1.0

package/dist/src/approval/manager.d.ts

@@ -0,0 +1,147 @@
+import { ToolCall } from '../types/tool-call';
+import { ApprovalConfig } from '../types/config';
+import { ApprovalStore } from '../storage/interfaces';
+export interface PendingApproval {
+    approval_id: string;
+    tool_call_id: string;
+    task_id: string;
+    workspace_id: string;
+    actor_id: string;
+    requesting_api_key_id?: string;
+    tool_name: string;
+    tool_capability: string;
+    args_summary: string;
+    scope: string;
+    reason: string;
+    token_hash: string;
+    status: 'pending' | 'approved' | 'denied' | 'expired';
+    created_at: string;
+    expires_at: string;
+    resolved_at?: string;
+    resolved_by?: string;
+    denial_reason?: string;
+}
+export interface CreateApprovalResult {
+    approval: PendingApproval;
+    token: string;
+}
+export interface ApprovalResult {
+    approved: boolean;
+    approval_id: string;
+    resolved_by?: string;
+    denial_reason?: string;
+}
+export declare class ApprovalManager {
+    private config;
+    private store;
+    private webhook;
+    private requireDifferentIdentity;
+    /** Track approval IDs currently being processed to prevent concurrent resolution */
+    private inFlightApprovals;
+    /**
+     * Track used approval tokens (token hash -> usage timestamp) to prevent replay attacks.
+     * This is defense-in-depth; the primary defense against replay is the approval status
+     * check in the store (which persists across restarts).
+     */
+    private usedTokens;
+    constructor(config: ApprovalConfig, store?: ApprovalStore, options?: {
+        require_different_identity?: boolean;
+    });
+    /**
+     * Create a pending approval for a tool call that received a REQUIRE_APPROVAL
+     * decision from the policy engine. Generates a signed JWT token that must be
+     * presented when approving or denying the request.
+     */
+    createApproval(toolCall: ToolCall, scope: string, reason: string, ttlSeconds?: number, requestingApiKeyId?: string): CreateApprovalResult;
+    /**
+     * Approve a pending request by presenting the signed JWT token.
+     *
+     * Verifies the token signature and expiry, locates the corresponding
+     * approval record, confirms it is still in 'pending' status, and
+     * transitions it to 'approved'.
+     *
+     * Throws an Error for invalid tokens, expired approvals, or approvals
+     * that have already been resolved.
+     */
+    approve(token: string, approverId: string, approverApiKeyId?: string): Promise<ApprovalResult>;
+    /**
+     * Deny a pending request by presenting the signed JWT token along with a
+     * reason for denial.
+     *
+     * Verifies the token signature and expiry, locates the corresponding
+     * approval record, confirms it is still in 'pending' status, and
+     * transitions it to 'denied'.
+     *
+     * Throws an Error for invalid tokens, expired approvals, or approvals
+     * that have already been resolved.
+     */
+    deny(token: string, approverId: string, reason: string, _approverApiKeyId?: string): Promise<ApprovalResult>;
+    /**
+     * Resolve an approval by its ID (for admin panel use where the raw token is
+     * not available). Validates the approval is still pending and not expired.
+     */
+    resolveById(approvalId: string, approverId: string, approved: boolean, reason?: string, approverApiKeyId?: string): Promise<ApprovalResult>;
+    /**
+     * Check if an approval exists and return its current status.
+     * Automatically marks the approval as 'expired' if it has passed its TTL.
+     */
+    getApproval(approvalId: string): PendingApproval | null;
+    /**
+     * Look up an approval by the original tool_call_id. This is useful when an
+     * agent retries a tool call and needs to find the approval that was created
+     * for the original attempt.
+     *
+     * Automatically marks the approval as 'expired' if it has passed its TTL.
+     */
+    getApprovalByToolCallId(toolCallId: string): PendingApproval | null;
+    /**
+     * Find an existing approved approval for the same task+actor+tool combination.
+     * Used to bypass re-approval when an agent retries after a previous approval.
+     */
+    findApprovedForTask(taskId: string, actorId: string, toolName: string, capability: string): PendingApproval | null;
+    /**
+     * Get all currently pending approvals, optionally filtered by workspace.
+     * Expires any approvals that are past their TTL before returning results.
+     */
+    getPendingApprovals(workspaceId?: string): PendingApproval[];
+    /**
+     * Verify and decode a JWT approval token.
+     * Returns the decoded payload on success, or an error message on failure.
+     */
+    private verifyToken;
+    /**
+     * Common logic shared by approve() and deny(): verify the token, look up
+     * the approval record, and validate that it can still be resolved.
+     *
+     * Returns the mutable PendingApproval record so the caller can update its
+     * status fields directly.
+     *
+     * Throws an Error if:
+     *   - The token is invalid or has an expired signature
+     *   - No approval record is found for the token
+     *   - The approval has already been resolved (approved/denied)
+     *   - The approval has expired (past TTL)
+     */
+    private resolveTokenToApproval;
+    /**
+     * Create a sanitized summary of the tool call arguments that is safe to
+     * display to an approver. Strips query parameters (may contain tokens or
+     * secrets), omits headers entirely, and only indicates whether a body is
+     * present without revealing its contents.
+     */
+    private sanitizeArgs;
+    /**
+     * Scan all pending approvals and mark any that have passed their TTL as
+     * 'expired'. Returns the number of approvals that were expired.
+     */
+    cleanup(): number;
+    /**
+     * Wait for all pending store writes to complete.
+     */
+    flush(): Promise<void>;
+    /**
+     * Clear all approval state. Intended for use in tests only.
+     */
+    clear(): void;
+}
+//# sourceMappingURL=manager.d.ts.map

package/dist/src/approval/manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../../src/approval/manager.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEjD,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAWtD,MAAM,WAAW,eAAe;IAC9B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;IACjB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,MAAM,CAAC;IACxB,YAAY,EAAE,MAAM,CAAC;IACrB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,UAAU,EAAE,MAAM,CAAC;IACnB,MAAM,EAAE,SAAS,GAAG,UAAU,GAAG,QAAQ,GAAG,SAAS,CAAC;IACtD,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,eAAe,CAAC;IAC1B,KAAK,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,OAAO,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,qBAAa,eAAe;IAC1B,OAAO,CAAC,MAAM,CAAiB;IAC/B,OAAO,CAAC,KAAK,CAAgB;IAC7B,OAAO,CAAC,OAAO,CAAyB;IACxC,OAAO,CAAC,wBAAwB,CAAU;IAC1C,oFAAoF;IACpF,OAAO,CAAC,iBAAiB,CAAqB;IAC9C;;;;OAIG;IACH,OAAO,CAAC,UAAU,CAA6B;gBAEnC,MAAM,EAAE,cAAc,EAAE,KAAK,CAAC,EAAE,aAAa,EAAE,OAAO,CAAC,EAAE;QAAE,0BAA0B,CAAC,EAAE,OAAO,CAAA;KAAE;IAS7G;;;;OAIG;IACH,cAAc,CAAC,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,EAAE,kBAAkB,CAAC,EAAE,MAAM,GAAG,oBAAoB;IA0DzI;;;;;;;;;OASG;IACG,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,gBAAgB,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAgFpG;;;;;;;;;;OAUG;IACG,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,iBAAiB,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IA+DlH;;;OAGG;IACG,WAAW,CAAC,UAAU,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,gBAAgB,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IA2EjJ;;;OAGG;IACH,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,eAAe,GAAG,IAAI;IAYvD;;;;;;OAMG;IACH,uBAAuB,CAAC,UAAU,EAAE,MAAM,GAAG,eAAe,GAAG,IAAI;IAWnE;;;OAGG;IACH,mBAAmB,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,eAAe,GAAG,IAAI;IAOlH;;;OAGG;IACH,mBAAmB,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,eAAe,EAAE;IAkB5D;;;OAGG;IACH,OAAO,CAAC,WAAW;IAUnB;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,sBAAsB;IAiC9B;;;;;OAKG;IACH,OAAO,CAAC,YAAY;IAsBpB;;;OAGG;IACH,OAAO,IAAI,MAAM;IAejB;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAI5B;;OAEG;IACH,KAAK,IAAI,IAAI;CAKd"}

package/dist/src/approval/manager.js

@@ -0,0 +1,511 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApprovalManager = void 0;
+const crypto = __importStar(require("crypto"));
+const jwt = __importStar(require("jsonwebtoken"));
+const crypto_1 = require("crypto");
+const webhook_1 = require("./webhook");
+const memory_1 = require("../storage/memory");
+/** SHA-256 hash a string and return the hex digest */
+function hashToken(token) {
+    return crypto.createHash('sha256').update(token).digest('hex');
+}
+/** Maximum number of used token hashes to track (prevents unbounded memory growth) */
+const MAX_USED_TOKENS = 100000;
+class ApprovalManager {
+    constructor(config, store, options) {
+        /** Track approval IDs currently being processed to prevent concurrent resolution */
+        this.inFlightApprovals = new Set();
+        /**
+         * Track used approval tokens (token hash -> usage timestamp) to prevent replay attacks.
+         * This is defense-in-depth; the primary defense against replay is the approval status
+         * check in the store (which persists across restarts).
+         */
+        this.usedTokens = new Map();
+        this.config = config;
+        this.store = store ?? new memory_1.InMemoryApprovalStore();
+        this.webhook = config.webhook_url
+            ? new webhook_1.ApprovalWebhook(config.webhook_url, config.webhook_headers)
+            : null;
+        this.requireDifferentIdentity = options?.require_different_identity ?? true;
+    }
+    /**
+     * Create a pending approval for a tool call that received a REQUIRE_APPROVAL
+     * decision from the policy engine. Generates a signed JWT token that must be
+     * presented when approving or denying the request.
+     */
+    createApproval(toolCall, scope, reason, ttlSeconds, requestingApiKeyId) {
+        const approvalId = (0, crypto_1.randomUUID)();
+        const ttl = ttlSeconds || this.config.default_ttl_seconds;
+        const now = new Date();
+        const expiresAt = new Date(now.getTime() + ttl * 1000);
+        // Create JWT token containing approval metadata
+        const token = jwt.sign({
+            approval_id: approvalId,
+            tool_call_id: toolCall.tool_call_id,
+            task_id: toolCall.task_id,
+            workspace_id: toolCall.workspace_id,
+            scope,
+        }, this.config.token_secret, { expiresIn: ttl });
+        // Hash the token before storing (never persist the raw JWT)
+        const tokenHash = hashToken(token);
+        // Create sanitized args summary (strip sensitive fields)
+        const argsSummary = this.sanitizeArgs(toolCall);
+        // Hash the requesting API key ID to prevent storing raw keys
+        const requestingKeyHash = requestingApiKeyId
+            ? hashToken(requestingApiKeyId)
+            : undefined;
+        const approval = {
+            approval_id: approvalId,
+            tool_call_id: toolCall.tool_call_id,
+            task_id: toolCall.task_id,
+            workspace_id: toolCall.workspace_id,
+            actor_id: toolCall.actor.id,
+            requesting_api_key_id: requestingKeyHash,
+            tool_name: toolCall.tool.name,
+            tool_capability: toolCall.tool.capability,
+            args_summary: argsSummary,
+            scope,
+            reason,
+            token_hash: tokenHash,
+            status: 'pending',
+            created_at: now.toISOString(),
+            expires_at: expiresAt.toISOString(),
+        };
+        this.store.save(approvalId, approval);
+        this.store.indexToken(tokenHash, approvalId);
+        if (this.webhook) {
+            this.webhook.notify('approval_requested', approval);
+        }
+        return { approval, token };
+    }
+    /**
+     * Approve a pending request by presenting the signed JWT token.
+     *
+     * Verifies the token signature and expiry, locates the corresponding
+     * approval record, confirms it is still in 'pending' status, and
+     * transitions it to 'approved'.
+     *
+     * Throws an Error for invalid tokens, expired approvals, or approvals
+     * that have already been resolved.
+     */
+    async approve(token, approverId, approverApiKeyId) {
+        const tokenHash = hashToken(token);
+        // Token replay prevention: check if this token was already used
+        if (this.usedTokens.has(tokenHash)) {
+            throw new Error('Approval token has already been used');
+        }
+        const approval = this.resolveTokenToApproval(token);
+        // In-process lock: prevent concurrent resolution of the same approval
+        if (this.inFlightApprovals.has(approval.approval_id)) {
+            throw new Error(`Approval "${approval.approval_id}" is already being processed by another request`);
+        }
+        this.inFlightApprovals.add(approval.approval_id);
+        try {
+            // Prevent self-approval via API key comparison (cryptographic identity)
+            if (approval.requesting_api_key_id && approverApiKeyId) {
+                const approverKeyHash = hashToken(approverApiKeyId);
+                if (approverKeyHash === approval.requesting_api_key_id) {
+                    console.warn(`[ApprovalManager] Self-approval attempt blocked: approver=${approverId}, approval=${approval.approval_id}, workspace=${approval.workspace_id}`);
+                    throw new Error('Self-approval is not allowed. A different API key must approve this request.');
+                }
+            }
+            else if (this.requireDifferentIdentity && (!approval.requesting_api_key_id || !approverApiKeyId)) {
+                // Without cryptographic identity on both sides, deny self-approval entirely
+                throw new Error('Self-approval not allowed without cryptographic identity (API key required)');
+            }
+            // Actor-level self-approval check: prevent same actor from approving their own request
+            if (approval.actor_id && approverId && approval.actor_id === approverId) {
+                console.warn(`[ApprovalManager] Self-approval attempt blocked (actor match): actor=${approverId}, approval=${approval.approval_id}, workspace=${approval.workspace_id}`);
+                throw new Error('Self-approval is not allowed. A different user must approve this request.');
+            }
+            // Build updated approval object (do NOT mutate the original before CAS)
+            const updated = {
+                ...approval,
+                status: 'approved',
+                resolved_at: new Date().toISOString(),
+                resolved_by: approverId,
+            };
+            // Atomic CAS: use compareAndSetStatus if available to prevent race conditions
+            // where two concurrent approve() calls both resolve the same pending approval
+            if (this.store.compareAndSetStatus) {
+                const swapped = await this.store.compareAndSetStatus(approval.approval_id, 'pending', updated);
+                if (!swapped) {
+                    throw new Error(`Approval "${approval.approval_id}" was already resolved by another request`);
+                }
+            }
+            else {
+                this.store.save(approval.approval_id, updated);
+            }
+            // Mark token as used to prevent replay
+            this.usedTokens.set(tokenHash, Date.now());
+            if (this.usedTokens.size > MAX_USED_TOKENS) {
+                const evictCount = Math.floor(MAX_USED_TOKENS * 0.1);
+                let deleted = 0;
+                for (const key of this.usedTokens.keys()) {
+                    if (deleted >= evictCount)
+                        break;
+                    this.usedTokens.delete(key);
+                    deleted++;
+                }
+            }
+            if (this.webhook) {
+                this.webhook.notify('approval_approved', updated);
+            }
+            return {
+                approved: true,
+                approval_id: approval.approval_id,
+                resolved_by: approverId,
+            };
+        }
+        finally {
+            this.inFlightApprovals.delete(approval.approval_id);
+        }
+    }
+    /**
+     * Deny a pending request by presenting the signed JWT token along with a
+     * reason for denial.
+     *
+     * Verifies the token signature and expiry, locates the corresponding
+     * approval record, confirms it is still in 'pending' status, and
+     * transitions it to 'denied'.
+     *
+     * Throws an Error for invalid tokens, expired approvals, or approvals
+     * that have already been resolved.
+     */
+    async deny(token, approverId, reason, _approverApiKeyId) {
+        const tokenHash = hashToken(token);
+        // Token replay prevention: check if this token was already used
+        if (this.usedTokens.has(tokenHash)) {
+            throw new Error('Approval token has already been used');
+        }
+        const approval = this.resolveTokenToApproval(token);
+        // In-process lock: prevent concurrent resolution of the same approval
+        if (this.inFlightApprovals.has(approval.approval_id)) {
+            throw new Error(`Approval "${approval.approval_id}" is already being processed by another request`);
+        }
+        this.inFlightApprovals.add(approval.approval_id);
+        try {
+            // Build updated approval object (do NOT mutate the original before CAS)
+            const updated = {
+                ...approval,
+                status: 'denied',
+                resolved_at: new Date().toISOString(),
+                resolved_by: approverId,
+                denial_reason: reason,
+            };
+            // Atomic CAS: use compareAndSetStatus if available to prevent race conditions
+            if (this.store.compareAndSetStatus) {
+                const swapped = await this.store.compareAndSetStatus(approval.approval_id, 'pending', updated);
+                if (!swapped) {
+                    throw new Error(`Approval "${approval.approval_id}" was already resolved by another request`);
+                }
+            }
+            else {
+                this.store.save(approval.approval_id, updated);
+            }
+            // Mark token as used to prevent replay
+            this.usedTokens.set(tokenHash, Date.now());
+            if (this.usedTokens.size > MAX_USED_TOKENS) {
+                const evictCount = Math.floor(MAX_USED_TOKENS * 0.1);
+                let deleted = 0;
+                for (const key of this.usedTokens.keys()) {
+                    if (deleted >= evictCount)
+                        break;
+                    this.usedTokens.delete(key);
+                    deleted++;
+                }
+            }
+            if (this.webhook) {
+                this.webhook.notify('approval_denied', updated);
+            }
+            return {
+                approved: false,
+                approval_id: approval.approval_id,
+                resolved_by: approverId,
+                denial_reason: reason,
+            };
+        }
+        finally {
+            this.inFlightApprovals.delete(approval.approval_id);
+        }
+    }
+    /**
+     * Resolve an approval by its ID (for admin panel use where the raw token is
+     * not available). Validates the approval is still pending and not expired.
+     */
+    async resolveById(approvalId, approverId, approved, reason, approverApiKeyId) {
+        // In-process lock: prevent concurrent resolution of the same approval
+        if (this.inFlightApprovals.has(approvalId)) {
+            throw new Error(`Approval "${approvalId}" is already being processed by another request`);
+        }
+        this.inFlightApprovals.add(approvalId);
+        try {
+            const approval = this.store.getById(approvalId);
+            if (!approval) {
+                throw new Error('Approval not found');
+            }
+            if (approval.status === 'approved') {
+                throw new Error(`Approval "${approvalId}" has already been approved`);
+            }
+            if (approval.status === 'denied') {
+                throw new Error(`Approval "${approvalId}" has already been denied`);
+            }
+            if (approval.status === 'expired' || new Date() > new Date(approval.expires_at)) {
+                approval.status = 'expired';
+                throw new Error(`Approval "${approvalId}" has expired`);
+            }
+            // Prevent self-approval via API key comparison (cryptographic identity)
+            if (approved && approval.requesting_api_key_id && approverApiKeyId) {
+                const approverKeyHash = hashToken(approverApiKeyId);
+                if (approverKeyHash === approval.requesting_api_key_id) {
+                    console.warn(`[ApprovalManager] Self-approval attempt blocked: approver=${approverId}, approval=${approvalId}, workspace=${approval.workspace_id}`);
+                    throw new Error('Self-approval is not allowed. A different API key must approve this request.');
+                }
+            }
+            else if (approved && !approval.requesting_api_key_id && !approverApiKeyId) {
+                // Fallback: compare actor IDs when no API key is available (admin panel use)
+                if (approval.actor_id === approverId) {
+                    console.warn(`[ApprovalManager] Self-approval attempt blocked (actor match): actor=${approverId}, approval=${approvalId}, workspace=${approval.workspace_id}`);
+                    throw new Error('Self-approval is not allowed. A different user must approve this request.');
+                }
+            }
+            // Actor-level self-approval check for API key path too
+            if (approved && approval.actor_id && approverId && approval.actor_id === approverId) {
+                console.warn(`[ApprovalManager] Self-approval attempt blocked (actor match): actor=${approverId}, approval=${approvalId}, workspace=${approval.workspace_id}`);
+                throw new Error('Self-approval is not allowed. A different user must approve this request.');
+            }
+            // Build updated approval object (do NOT mutate the original before CAS)
+            const updated = approved
+                ? { ...approval, status: 'approved', resolved_at: new Date().toISOString(), resolved_by: approverId }
+                : { ...approval, status: 'denied', resolved_at: new Date().toISOString(), resolved_by: approverId, denial_reason: reason || 'Denied' };
+            // Atomic CAS: use compareAndSetStatus if available
+            if (this.store.compareAndSetStatus) {
+                const swapped = await this.store.compareAndSetStatus(approvalId, 'pending', updated);
+                if (!swapped) {
+                    throw new Error(`Approval "${approvalId}" was already resolved by another request`);
+                }
+            }
+            else {
+                this.store.save(approvalId, updated);
+            }
+            if (this.webhook) {
+                this.webhook.notify(approved ? 'approval_approved' : 'approval_denied', updated);
+            }
+            return {
+                approved,
+                approval_id: approvalId,
+                resolved_by: approverId,
+                denial_reason: approved ? undefined : reason,
+            };
+        }
+        finally {
+            this.inFlightApprovals.delete(approvalId);
+        }
+    }
+    /**
+     * Check if an approval exists and return its current status.
+     * Automatically marks the approval as 'expired' if it has passed its TTL.
+     */
+    getApproval(approvalId) {
+        const approval = this.store.getById(approvalId);
+        if (!approval)
+            return null;
+        // Check if expired
+        if (approval.status === 'pending' && new Date() > new Date(approval.expires_at)) {
+            approval.status = 'expired';
+        }
+        return approval;
+    }
+    /**
+     * Look up an approval by the original tool_call_id. This is useful when an
+     * agent retries a tool call and needs to find the approval that was created
+     * for the original attempt.
+     *
+     * Automatically marks the approval as 'expired' if it has passed its TTL.
+     */
+    getApprovalByToolCallId(toolCallId) {
+        const approval = this.store.getByToolCallId(toolCallId);
+        if (!approval)
+            return null;
+        // Check expiry
+        if (approval.status === 'pending' && new Date() > new Date(approval.expires_at)) {
+            approval.status = 'expired';
+        }
+        return approval;
+    }
+    /**
+     * Find an existing approved approval for the same task+actor+tool combination.
+     * Used to bypass re-approval when an agent retries after a previous approval.
+     */
+    findApprovedForTask(taskId, actorId, toolName, capability) {
+        if (this.store.findApproved) {
+            return this.store.findApproved(taskId, actorId, toolName, capability) || null;
+        }
+        return null;
+    }
+    /**
+     * Get all currently pending approvals, optionally filtered by workspace.
+     * Expires any approvals that are past their TTL before returning results.
+     */
+    getPendingApprovals(workspaceId) {
+        const now = new Date();
+        const candidates = this.store.findPending(workspaceId);
+        const results = [];
+        for (const approval of candidates) {
+            // Expire any that are past TTL
+            if (approval.status === 'pending' && now > new Date(approval.expires_at)) {
+                approval.status = 'expired';
+                continue;
+            }
+            results.push(approval);
+        }
+        return results;
+    }
+    /**
+     * Verify and decode a JWT approval token.
+     * Returns the decoded payload on success, or an error message on failure.
+     */
+    verifyToken(token) {
+        try {
+            const payload = jwt.verify(token, this.config.token_secret);
+            return { valid: true, payload };
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : 'Invalid token';
+            return { valid: false, error: message };
+        }
+    }
+    /**
+     * Common logic shared by approve() and deny(): verify the token, look up
+     * the approval record, and validate that it can still be resolved.
+     *
+     * Returns the mutable PendingApproval record so the caller can update its
+     * status fields directly.
+     *
+     * Throws an Error if:
+     *   - The token is invalid or has an expired signature
+     *   - No approval record is found for the token
+     *   - The approval has already been resolved (approved/denied)
+     *   - The approval has expired (past TTL)
+     */
+    resolveTokenToApproval(token) {
+        // Step 1: Verify the JWT signature and expiry
+        const verification = this.verifyToken(token);
+        if (!verification.valid) {
+            throw new Error(`Invalid approval token: ${verification.error}`);
+        }
+        // Step 2: Look up the approval record by token hash
+        const tokenHash = hashToken(token);
+        const approval = this.store.getByToken(tokenHash);
+        if (!approval) {
+            throw new Error('Approval not found for the provided token');
+        }
+        const approvalId = approval.approval_id;
+        // Step 3: Check if the approval has already been resolved
+        if (approval.status === 'approved') {
+            throw new Error(`Approval "${approvalId}" has already been approved`);
+        }
+        if (approval.status === 'denied') {
+            throw new Error(`Approval "${approvalId}" has already been denied`);
+        }
+        // Step 4: Check if the approval has expired (belt-and-suspenders with JWT expiry)
+        if (approval.status === 'expired' || new Date() > new Date(approval.expires_at)) {
+            approval.status = 'expired';
+            throw new Error(`Approval "${approvalId}" has expired`);
+        }
+        return approval;
+    }
+    /**
+     * Create a sanitized summary of the tool call arguments that is safe to
+     * display to an approver. Strips query parameters (may contain tokens or
+     * secrets), omits headers entirely, and only indicates whether a body is
+     * present without revealing its contents.
+     */
+    sanitizeArgs(toolCall) {
+        const { method, url, body } = toolCall.args;
+        const parts = [];
+        if (method)
+            parts.push(`method=${method}`);
+        if (url) {
+            // Only include domain and path, not full URL (might contain sensitive query params)
+            try {
+                const parsed = new URL(url);
+                parts.push(`domain=${parsed.hostname}`);
+                parts.push(`path=${parsed.pathname}`);
+            }
+            catch {
+                parts.push(`url=[invalid]`);
+            }
+        }
+        if (body)
+            parts.push(`body=[present]`);
+        return parts.join(', ') || 'no args';
+    }
+    /**
+     * Scan all pending approvals and mark any that have passed their TTL as
+     * 'expired'. Returns the number of approvals that were expired.
+     */
+    cleanup() {
+        let cleaned = 0;
+        const now = new Date();
+        const pending = this.store.findPending();
+        for (const approval of pending) {
+            if (now > new Date(approval.expires_at)) {
+                approval.status = 'expired';
+                cleaned++;
+            }
+        }
+        return cleaned;
+    }
+    /**
+     * Wait for all pending store writes to complete.
+     */
+    async flush() {
+        if (this.store.flush)
+            await this.store.flush();
+    }
+    /**
+     * Clear all approval state. Intended for use in tests only.
+     */
+    clear() {
+        this.store.clear();
+        this.inFlightApprovals.clear();
+        this.usedTokens.clear();
+    }
+}
+exports.ApprovalManager = ApprovalManager;
+//# sourceMappingURL=manager.js.map