patchwork-os 0.2.0-alpha.34 → 0.2.0-alpha.36

package/dist/approvalQueue.js

@@ -1,6 +1,37 @@
-import { randomBytes, randomUUID, timingSafeEqual } from "node:crypto";
+import { createHash, randomBytes, randomUUID, timingSafeEqual, } from "node:crypto";
+/**
+ * Stable canonical JSON used to compute the `inflightKey`. Sorts object
+ * keys at every level so logically-identical params with different key
+ * order hash the same. Returns "[uncloneable]" if input contains circular
+ * references — those won't dedup, but the queue still works.
+ */
+function canonicalJson(value) {
+    const seen = new WeakSet();
+    const stringify = (v) => {
+        if (v === null || typeof v !== "object")
+            return v;
+        if (seen.has(v))
+            return "[circular]";
+        seen.add(v);
+        if (Array.isArray(v))
+            return v.map(stringify);
+        const obj = v;
+        const out = {};
+        for (const k of Object.keys(obj).sort())
+            out[k] = stringify(obj[k]);
+        return out;
+    };
+    try {
+        return JSON.stringify(stringify(value));
+    }
+    catch {
+        return "[uncloneable]";
+    }
+}
 export class ApprovalQueue {
     entries = new Map();
+    /** inflightKey → callId, for dedup lookup on `request()`. */
+    inflight = new Map();
     ttlMs;
     listeners = new Set();
     constructor(opts = {}) {
@@ -22,6 +53,34 @@ export class ApprovalQueue {
         }
     }
     request(input, opts = {}) {
+        // Dedup: if an identical (sessionId, toolName, params) request is already
+        // queued, return its existing promise instead of allocating a fresh
+        // callId + push notification. Prevents a buggy/malicious agent that
+        // spams the same call N times from generating N prompts.
+        const inflightKey = createHash("sha256")
+            .update(input.sessionId ?? "")
+            .update("\0")
+            .update(input.toolName)
+            .update("\0")
+            .update(canonicalJson(input.params))
+            .digest("hex");
+        const existingCallId = this.inflight.get(inflightKey);
+        if (existingCallId) {
+            const existing = this.entries.get(existingCallId);
+            if (existing) {
+                const promise = new Promise((res) => {
+                    existing.pendingPromises.push(res);
+                });
+                return {
+                    callId: existing.callId,
+                    approvalToken: existing.approvalToken,
+                    promise,
+                };
+            }
+            // Stale inflight entry pointing at a callId that no longer exists —
+            // fall through and create a fresh request.
+            this.inflight.delete(inflightKey);
+        }
         const callId = randomUUID();
         const requestedAt = Date.now();
         const approvalToken = opts.withToken
@@ -36,7 +95,10 @@ export class ApprovalQueue {
             if (!entry)
                 return;
             this.entries.delete(callId);
+            this.inflight.delete(entry.inflightKey);
             entry.resolve("expired");
+            for (const r of entry.pendingPromises)
+                r("expired");
             this.notify();
         }, this.ttlMs);
         if (typeof timer === "object" && "unref" in timer)
@@ -47,8 +109,11 @@ export class ApprovalQueue {
             resolve: resolveFn,
             timer,
             approvalToken,
+            inflightKey,
+            pendingPromises: [],
             ...input,
         });
+        this.inflight.set(inflightKey, callId);
         this.notify();
         return { callId, approvalToken, promise };
     }
@@ -85,6 +150,7 @@ export class ApprovalQueue {
             sessionId: e.sessionId,
             summary: e.summary,
             riskSignals: e.riskSignals,
+            personalSignals: e.personalSignals,
             // approvalToken intentionally omitted from list — never expose to untrusted callers
         }));
     }
@@ -96,8 +162,17 @@ export class ApprovalQueue {
         for (const entry of this.entries.values()) {
             clearTimeout(entry.timer);
             entry.resolve("expired");
+            // Wake up any duplicate callers who joined this entry via dedup —
+            // their promises would otherwise hang forever after shutdown /
+            // resetApprovalQueueForTests.
+            for (const r of entry.pendingPromises)
+                r("expired");
         }
         this.entries.clear();
+        // Drain dedup map. Stale entries are self-healing on the next request,
+        // but leaving them around leaks memory across shutdown cycles and is
+        // the wrong invariant for `clear()`.
+        this.inflight.clear();
     }
     resolveEntry(callId, decision) {
         const entry = this.entries.get(callId);
@@ -105,7 +180,11 @@ export class ApprovalQueue {
             return false;
         clearTimeout(entry.timer);
         this.entries.delete(callId);
+        this.inflight.delete(entry.inflightKey);
         entry.resolve(decision);
+        // Wake up any duplicate callers who joined this entry via dedup.
+        for (const r of entry.pendingPromises)
+            r(decision);
         this.notify();
         return true;
     }

package/dist/approvalQueue.js.map

@@ -1 +1 @@
-{"version":3,"file":"approvalQueue.js","sourceRoot":"","sources":["../src/approvalQueue.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAyCvE,MAAM,OAAO,aAAa;IACP,OAAO,GAAG,IAAI,GAAG,EAAiB,CAAC;IACnC,KAAK,CAAS;IACd,SAAS,GAAG,IAAI,GAAG,EAAc,CAAC;IAEnD,YAAY,OAA2B,EAAE;QACvC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC;IACxC,CAAC;IAED,8EAA8E;IAC9E,SAAS,CAAC,EAAc;QACtB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACvB,OAAO,GAAG,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACzC,CAAC;IAEO,MAAM;QACZ,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAChC,IAAI,CAAC;gBACH,EAAE,EAAE,CAAC;YACP,CAAC;YAAC,MAAM,CAAC;gBACP,4BAA4B;YAC9B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,CACL,KAAsD,EACtD,OAAgC,EAAE;QAMlC,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;QAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC/B,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS;YAClC,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;YACjC,CAAC,CAAC,SAAS,CAAC;QACd,IAAI,SAAyC,CAAC;QAC9C,MAAM,OAAO,GAAG,IAAI,OAAO,CAAmB,CAAC,GAAG,EAAE,EAAE;YACpD,SAAS,GAAG,GAAG,CAAC;QAClB,CAAC,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACvC,IAAI,CAAC,KAAK;gBAAE,OAAO;YACnB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAC5B,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACzB,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QACf,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,IAAI,KAAK;YAAE,KAAK,CAAC,KAAK,EAAE,CAAC;QAEjE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE;YACvB,MAAM;YACN,WAAW;YACX,OAAO,EAAE,SAAS;YAClB,KAAK;YACL,aAAa;YACb,GAAG,KAAK;SACT,CAAC,CAAC;QACH,IAAI,CAAC,MAAM,EAAE,CAAC;QACd,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC;IAC5C,CAAC;IAED;;;;OAIG;IACH,aAAa,CAAC,MAAc,EAAE,KAAa;QACzC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK,EAAE,aAAa;YAAE,OAAO,KAAK,CAAC;QACxC,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAC1D,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC5C,6DAA6D;QAC7D,KAAK,CAAC,aAAa,GAAG,SAAS,CAAC;QAChC,IAAI,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QACtD,OAAO,eAAe,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;IAED,OAAO,CAAC,MAAc;QACpB,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,CAAC,MAAc;QACnB,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI;QACF,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC5C,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,WAAW,EAAE,CAAC,CAAC,WAAW;YAC1B,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,WAAW,EAAE,CAAC,CAAC,WAAW;YAC1B,oFAAoF;SACrF,CAAC,CAAC,CAAC;IACN,CAAC;IAED,IAAI;QACF,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3B,CAAC;IAED,sEAAsE;IACtE,KAAK;QACH,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1C,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAC1B,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAC3B,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;IAEO,YAAY,CAAC,MAAc,EAAE,QAA0B;QAC7D,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK;YAAE,OAAO,KAAK,CAAC;QACzB,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC1B,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC5B,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACxB,IAAI,CAAC,MAAM,EAAE,CAAC;QACd,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,mEAAmE;AACnE,IAAI,SAAoC,CAAC;AACzC,MAAM,UAAU,gBAAgB;IAC9B,IAAI,CAAC,SAAS;QAAE,SAAS,GAAG,IAAI,aAAa,EAAE,CAAC;IAChD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,sBAAsB;AACtB,MAAM,UAAU,0BAA0B;IACxC,SAAS,EAAE,KAAK,EAAE,CAAC;IACnB,SAAS,GAAG,SAAS,CAAC;AACxB,CAAC"}
+{"version":3,"file":"approvalQueue.js","sourceRoot":"","sources":["../src/approvalQueue.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,UAAU,EACV,WAAW,EACX,UAAU,EACV,eAAe,GAChB,MAAM,aAAa,CAAC;AA2DrB;;;;;GAKG;AACH,SAAS,aAAa,CAAC,KAAc;IACnC,MAAM,IAAI,GAAG,IAAI,OAAO,EAAU,CAAC;IACnC,MAAM,SAAS,GAAG,CAAC,CAAU,EAAW,EAAE;QACxC,IAAI,CAAC,KAAK,IAAI,IAAI,OAAO,CAAC,KAAK,QAAQ;YAAE,OAAO,CAAC,CAAC;QAClD,IAAI,IAAI,CAAC,GAAG,CAAC,CAAW,CAAC;YAAE,OAAO,YAAY,CAAC;QAC/C,IAAI,CAAC,GAAG,CAAC,CAAW,CAAC,CAAC;QACtB,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,MAAM,GAAG,GAAG,CAA4B,CAAC;QACzC,MAAM,GAAG,GAA4B,EAAE,CAAC;QACxC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE;YAAE,GAAG,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACpE,OAAO,GAAG,CAAC;IACb,CAAC,CAAC;IACF,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,eAAe,CAAC;IACzB,CAAC;AACH,CAAC;AAED,MAAM,OAAO,aAAa;IACP,OAAO,GAAG,IAAI,GAAG,EAAiB,CAAC;IACpD,6DAA6D;IAC5C,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAC;IACrC,KAAK,CAAS;IACd,SAAS,GAAG,IAAI,GAAG,EAAc,CAAC;IAEnD,YAAY,OAA2B,EAAE;QACvC,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC;IACxC,CAAC;IAED,8EAA8E;IAC9E,SAAS,CAAC,EAAc;QACtB,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACvB,OAAO,GAAG,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACzC,CAAC;IAEO,MAAM;QACZ,KAAK,MAAM,EAAE,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;YAChC,IAAI,CAAC;gBACH,EAAE,EAAE,CAAC;YACP,CAAC;YAAC,MAAM,CAAC;gBACP,4BAA4B;YAC9B,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,CACL,KAAsD,EACtD,OAAgC,EAAE;QAMlC,0EAA0E;QAC1E,oEAAoE;QACpE,oEAAoE;QACpE,yDAAyD;QACzD,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,CAAC;aACrC,MAAM,CAAC,KAAK,CAAC,SAAS,IAAI,EAAE,CAAC;aAC7B,MAAM,CAAC,IAAI,CAAC;aACZ,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC;aACtB,MAAM,CAAC,IAAI,CAAC;aACZ,MAAM,CAAC,aAAa,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;aACnC,MAAM,CAAC,KAAK,CAAC,CAAC;QACjB,MAAM,cAAc,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACtD,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YAClD,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,OAAO,GAAG,IAAI,OAAO,CAAmB,CAAC,GAAG,EAAE,EAAE;oBACpD,QAAQ,CAAC,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;gBACrC,CAAC,CAAC,CAAC;gBACH,OAAO;oBACL,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,aAAa,EAAE,QAAQ,CAAC,aAAa;oBACrC,OAAO;iBACR,CAAC;YACJ,CAAC;YACD,oEAAoE;YACpE,2CAA2C;YAC3C,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QACpC,CAAC;QAED,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;QAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAC/B,MAAM,aAAa,GAAG,IAAI,CAAC,SAAS;YAClC,CAAC,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;YACjC,CAAC,CAAC,SAAS,CAAC;QACd,IAAI,SAAyC,CAAC;QAC9C,MAAM,OAAO,GAAG,IAAI,OAAO,CAAmB,CAAC,GAAG,EAAE,EAAE;YACpD,SAAS,GAAG,GAAG,CAAC;QAClB,CAAC,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YACvC,IAAI,CAAC,KAAK;gBAAE,OAAO;YACnB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;YAC5B,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;YACxC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACzB,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,eAAe;gBAAE,CAAC,CAAC,SAAS,CAAC,CAAC;YACpD,IAAI,CAAC,MAAM,EAAE,CAAC;QAChB,CAAC,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC;QACf,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,OAAO,IAAI,KAAK;YAAE,KAAK,CAAC,KAAK,EAAE,CAAC;QAEjE,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE;YACvB,MAAM;YACN,WAAW;YACX,OAAO,EAAE,SAAS;YAClB,KAAK;YACL,aAAa;YACb,WAAW;YACX,eAAe,EAAE,EAAE;YACnB,GAAG,KAAK;SACT,CAAC,CAAC;QACH,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM,EAAE,CAAC;QACd,OAAO,EAAE,MAAM,EAAE,aAAa,EAAE,OAAO,EAAE,CAAC;IAC5C,CAAC;IAED;;;;OAIG;IACH,aAAa,CAAC,MAAc,EAAE,KAAa;QACzC,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK,EAAE,aAAa;YAAE,OAAO,KAAK,CAAC;QACxC,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAC1D,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QAC5C,6DAA6D;QAC7D,KAAK,CAAC,aAAa,GAAG,SAAS,CAAC;QAChC,IAAI,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM;YAAE,OAAO,KAAK,CAAC;QACtD,OAAO,eAAe,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;IAED,OAAO,CAAC,MAAc;QACpB,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAC/C,CAAC;IAED,MAAM,CAAC,MAAc;QACnB,OAAO,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI;QACF,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC5C,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,IAAI,EAAE,CAAC,CAAC,IAAI;YACZ,WAAW,EAAE,CAAC,CAAC,WAAW;YAC1B,SAAS,EAAE,CAAC,CAAC,SAAS;YACtB,OAAO,EAAE,CAAC,CAAC,OAAO;YAClB,WAAW,EAAE,CAAC,CAAC,WAAW;YAC1B,eAAe,EAAE,CAAC,CAAC,eAAe;YAClC,oFAAoF;SACrF,CAAC,CAAC,CAAC;IACN,CAAC;IAED,IAAI;QACF,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;IAC3B,CAAC;IAED,sEAAsE;IACtE,KAAK;QACH,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1C,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAC1B,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YACzB,kEAAkE;YAClE,+DAA+D;YAC/D,8BAA8B;YAC9B,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,eAAe;gBAAE,CAAC,CAAC,SAAS,CAAC,CAAC;QACtD,CAAC;QACD,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;QACrB,uEAAuE;QACvE,qEAAqE;QACrE,qCAAqC;QACrC,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;IACxB,CAAC;IAEO,YAAY,CAAC,MAAc,EAAE,QAA0B;QAC7D,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK;YAAE,OAAO,KAAK,CAAC;QACzB,YAAY,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC1B,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC5B,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACxC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACxB,iEAAiE;QACjE,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,eAAe;YAAE,CAAC,CAAC,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,MAAM,EAAE,CAAC;QACd,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAED,mEAAmE;AACnE,IAAI,SAAoC,CAAC;AACzC,MAAM,UAAU,gBAAgB;IAC9B,IAAI,CAAC,SAAS;QAAE,SAAS,GAAG,IAAI,aAAa,EAAE,CAAC;IAChD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,sBAAsB;AACtB,MAAM,UAAU,0BAA0B;IACxC,SAAS,EAAE,KAAK,EAAE,CAAC;IACnB,SAAS,GAAG,SAAS,CAAC;AACxB,CAAC"}

package/dist/approvalSignals.d.ts

@@ -0,0 +1,124 @@
+/**
+ * approvalSignals — passive risk personalization for the approval queue.
+ *
+ * Computes user-specific signals based on past approval / activity history.
+ * These supplement (not replace) the policy-engine `riskSignals` which are
+ * computed from the call's CONTENT (params shape, destructive flags, etc.).
+ *
+ * Personal signals describe the user's RELATIONSHIP to this tool/call:
+ * "you approved this 27 times" is a different signal class from "this
+ * command contains rm -rf". Both should reach the approval modal.
+ *
+ * Catalog (from docs/strategic/2026-05-02/memory-ecosystem-report.md §5):
+ * three of the twelve heuristics shipped here. Heuristics 4-12 follow.
+ *
+ *   1. "You approved similar actions N times" — past allow on same tool
+ *   2. "You rejected this tool before" — past deny on same tool
+ *   3. "First use of this connector" — connector namespace ∩ activity log
+ *   5. "Last called T days ago" — gap since most recent call (heuristic 4
+ *      from the catalog is satisfied by the first_connector_use kind above)
+ *   7. "Risk tier escalation" — current tier exceeds the user's typical
+ *      approved tier across recent decisions
+ *   6. "Mirrors a recipe step you trust" — primary param matches a step
+ *      from a successful past recipe run
+ *   8. "Often runs alongside X" — co-occurrence pairing in recent activity
+ *   9. "Workspace mismatch" — call from a workspace that has never
+ *      approved this tool before
+ *  10. "Time-of-day anomaly" — call hour outside the user's usual window
+ *      for this tool (opt-in: gate via `enableTimeOfDayAnomaly`)
+ *  11. "Param novelty" — primary param (command/url/pattern) prefix never
+ *      seen on prior approvals of this tool
+ *  12. "Cooldown breach" — same tool fired N+ times in a short window
+ *
+ * The signals are **transparent**: every signal has a `source` enum so a
+ * future "why is this signal here?" UI can link back to the rows that
+ * produced it. We do not infer; we count and match. No model, no
+ * fine-tuning. Honesty is the value proposition.
+ *
+ * Privacy: signals are computed locally over local logs. They flow into
+ * the approval queue's PendingApproval shape, which is exposed via
+ * GET /approvals (bearer-auth-gated) and the SSE stream (same auth).
+ * Nothing leaves the machine.
+ */
+import type { ActivityLog } from "./activityLog.js";
+import type { RiskTier } from "./riskTier.js";
+export interface PersonalSignal {
+    kind: "prior_approvals" | "prior_rejection" | "first_connector_use" | "first_tool_use" | "stale_tool_use" | "tier_escalation" | "cooccurrence_pattern" | "cooldown_breach" | "workspace_mismatch" | "time_of_day_anomaly" | "param_novelty" | "recipe_step_trust";
+    /** Human-facing label suitable for an approval modal line. */
+    label: string;
+    /** Severity controls visual weight. low = informational, high = warning. */
+    severity: "low" | "medium" | "high";
+    /** Source identifier so the UI can link the signal back to its evidence. */
+    source: "approval_history" | "activity_history" | "tool_registry" | "recipe_run_log";
+    /** Optional numeric backing the label, surfaced in tooltips / counts. */
+    count?: number;
+}
+/**
+ * Minimal querier surface for h6. Accepting the narrow interface (rather
+ * than the full `RecipeRunLog` class) lets tests inject canned runs
+ * without instantiating the disk-backed log, and keeps the dependency
+ * graph small.
+ */
+export interface RecipeRunQuerier {
+    query(q: {
+        status?: string;
+        limit?: number;
+    }): Array<{
+        recipeName: string;
+        status: string;
+        stepResults?: Array<{
+            id: string;
+            tool?: string;
+            status: "ok" | "skipped" | "error";
+            resolvedParams?: unknown;
+        }>;
+    }>;
+}
+/**
+ * Compute the personal-signal set for an incoming approval request.
+ *
+ * Pure function over the activity log; no I/O of its own. Tested in
+ * isolation by feeding a mock ActivityLog. The activityLog argument is
+ * passed positionally rather than wired through deps so the surface
+ * stays inspectable.
+ */
+export declare function computePersonalSignals(input: {
+    toolName: string;
+    activityLog: ActivityLog;
+    /**
+     * Risk tier of the *current* call, used by heuristic 7. Optional —
+     * pre-#126 callers and the test fixtures that omit it simply skip
+     * tier-escalation evaluation.
+     */
+    currentTier?: RiskTier;
+    /**
+     * Absolute workspace path of the *current* call, used by heuristic 9
+     * (workspace mismatch). Optional — when omitted, h9 is skipped.
+     * Approval-decision rows persisted before workspace was captured on
+     * the lifecycle metadata also degrade gracefully (treated as having
+     * no baseline).
+     */
+    currentWorkspace?: string;
+    /**
+     * Opt-in switch for heuristic 10 (time-of-day anomaly). The catalog
+     * flags this as medium-FP — noisy for power users with irregular
+     * schedules — so the default is off. Bridge wires it on when the
+     * user enables the corresponding setting.
+     */
+    enableTimeOfDayAnomaly?: boolean;
+    /**
+     * Params of the *current* call, used by heuristic 11 (param novelty).
+     * Optional — when omitted, h11 is skipped. The bridge passes the same
+     * (un-redacted) params used elsewhere in the approval flow; the
+     * heuristic extracts only the primary key (command / url / pattern)
+     * and never logs or returns the value.
+     */
+    currentParams?: Record<string, unknown>;
+    /**
+     * Optional recipe-run querier for heuristic 6 (recipe-step trust). When
+     * present, h6 scans recent successful runs for a step that matches
+     * this tool + the current call's primary param prefix and surfaces
+     * the recipe name. Skipped when omitted.
+     */
+    recipeRunLog?: RecipeRunQuerier;
+}): PersonalSignal[];