salmon-loop 0.3.1 → 0.4.1

package/dist/core/tools/permissions/permission-rules.js

@@ -2,6 +2,7 @@ import { text } from '../../../locales/index.js';
 import { normalizeDiff, validateDiff } from '../../patch/diff.js';
 import { ArtifactStore } from '../../sub-agent/artifacts/store.js';
 import { normalizeRepoRelativePath } from '../../utils/path.js';
+import { isRecord } from '../../utils/serialize.js';
 const DEFAULT_TOOL_ALIASES = {
     bash: 'Bash',
     read: 'Read',
@@ -218,57 +219,66 @@ function compilePathMatcher(specifier) {
         matches: (repoRelativePath) => re.test(normalizeRepoRelativePath(repoRelativePath)),
     };
 }
+const TOOL_CATEGORY = {
+    Bash: 'bash',
+    bash: 'bash',
+    'shell.exec': 'bash',
+    'test.run': 'bash',
+    Edit: 'edit',
+    edit: 'edit',
+    'proposal.apply': 'edit',
+    Read: 'path',
+    read: 'path',
+    LS: 'path',
+    ls: 'path',
+    'fs.read': 'path',
+    'code.read': 'path',
+    'git.cat': 'path',
+    'fs.list': 'path',
+    'fs.list_directory': 'path',
+    'fs.list_files': 'path',
+    'artifact.read': 'path',
+};
+function resolveToolCategory(tool) {
+    if (TOOL_CATEGORY[tool])
+        return TOOL_CATEGORY[tool];
+    if (isAliasToolName(tool)) {
+        const alias = DEFAULT_TOOL_ALIASES[tool.toLowerCase()];
+        return TOOL_CATEGORY[alias];
+    }
+    return undefined;
+}
 function compileRule(effect, parsed) {
-    const tool = parsed.tool;
-    const specifier = parsed.specifier;
-    const asAlias = typeof tool === 'string' && isAliasToolName(tool) ? tool : null;
-    const shouldTreatAsBash = tool === 'Bash' ||
-        tool === 'bash' ||
-        tool === 'shell.exec' ||
-        tool === 'test.run' ||
-        asAlias === 'Bash';
-    const shouldTreatAsEdit = tool === 'Edit' || tool === 'edit' || tool === 'proposal.apply' || asAlias === 'Edit';
-    const shouldTreatAsPath = tool === 'Read' ||
-        tool === 'read' ||
-        tool === 'LS' ||
-        tool === 'ls' ||
-        tool === 'fs.read' ||
-        tool === 'code.read' ||
-        tool === 'git.cat' ||
-        tool === 'fs.list' ||
-        tool === 'fs.list_directory' ||
-        tool === 'fs.list_files' ||
-        tool === 'artifact.read' ||
-        asAlias === 'Read' ||
-        asAlias === 'LS';
-    if (shouldTreatAsBash) {
+    const { tool, raw, specifier } = parsed;
+    const category = resolveToolCategory(tool);
+    if (category === 'bash') {
         return {
             effect,
             tool,
-            raw: parsed.raw,
+            raw,
             specifier,
             compiled: { kind: 'bash', matcher: compileBashMatcher(specifier) },
         };
     }
-    if (shouldTreatAsEdit) {
+    if (category === 'edit') {
         return {
             effect,
             tool,
-            raw: parsed.raw,
+            raw,
             specifier,
             compiled: { kind: 'edit', matcher: compilePathMatcher(specifier) },
         };
     }
-    if (shouldTreatAsPath) {
+    if (category === 'path') {
         return {
             effect,
             tool,
-            raw: parsed.raw,
+            raw,
             specifier,
             compiled: { kind: 'path', matcher: compilePathMatcher(specifier) },
         };
     }
-    return { effect, tool, raw: parsed.raw, specifier, compiled: { kind: 'tool_any' } };
+    return { effect, tool, raw, specifier, compiled: { kind: 'tool_any' } };
 }
 function buildVisibleToolNamesFromAllow(allowRules) {
     const visible = new Set();
@@ -357,81 +367,37 @@ async function loadProposalChangedFiles(handle) {
         return null;
     }
 }
-function matchAllowRule(rule, toolName, args) {
+function matchRule(rule, toolName, args) {
     if (!toolMatchesRuleTool(toolName, rule.tool))
         return false;
-    if (rule.compiled.kind === 'tool_any')
-        return true;
-    if (rule.compiled.kind === 'bash') {
-        const cmd = extractCommandArg(toolName, args);
-        if (!cmd)
-            return false;
-        return rule.compiled.matcher.matches(cmd);
-    }
-    if (rule.compiled.kind === 'path') {
-        const p = extractPrimaryPathArg(toolName, args);
-        if (!p)
-            return false;
-        return rule.compiled.matcher.matches(p);
-    }
-    if (rule.compiled.kind === 'edit') {
-        // Edit allow rules are handled by an async path-aware matcher.
-        return toolName === 'proposal.apply';
+    switch (rule.compiled.kind) {
+        case 'tool_any':
+            return true;
+        case 'bash': {
+            const cmd = extractCommandArg(toolName, args);
+            return cmd ? rule.compiled.matcher.matches(cmd) : false;
+        }
+        case 'path': {
+            const p = extractPrimaryPathArg(toolName, args);
+            return p ? rule.compiled.matcher.matches(p) : false;
+        }
+        case 'edit':
+            // Edit rules require async file-level matching; sync check is a gate.
+            return toolName === 'proposal.apply';
     }
-    return false;
 }
-async function matchAllowEditRule(rule, args) {
+async function matchEditRule(rule, args, filePredicate) {
     if (rule.compiled.kind !== 'edit')
         return false;
-    const matcher = rule.compiled.matcher;
-    if (!args || typeof args !== 'object' || Array.isArray(args))
+    if (!isRecord(args))
         return false;
     const handle = args.handle;
     if (typeof handle !== 'string' || !handle.trim())
         return false;
     const changedFiles = await loadProposalChangedFiles(handle);
-    if (!changedFiles)
-        return false;
-    if (changedFiles.length === 0)
+    if (!changedFiles || changedFiles.length === 0)
         return false;
-    return changedFiles.every((p) => matcher.matches(p));
-}
-async function matchDenyEditRule(rule, args) {
-    if (rule.compiled.kind !== 'edit')
-        return false;
-    const matcher = rule.compiled.matcher;
-    if (!args || typeof args !== 'object' || Array.isArray(args))
-        return false;
-    const handle = args.handle;
-    if (typeof handle !== 'string' || !handle.trim())
-        return false;
-    const changedFiles = await loadProposalChangedFiles(handle);
-    if (!changedFiles)
-        return false;
-    return changedFiles.some((p) => matcher.matches(p));
-}
-function matchDenyRule(rule, toolName, args) {
-    if (!toolMatchesRuleTool(toolName, rule.tool))
-        return false;
-    if (rule.compiled.kind === 'tool_any')
-        return true;
-    if (rule.compiled.kind === 'bash') {
-        const cmd = extractCommandArg(toolName, args);
-        if (!cmd)
-            return false;
-        return rule.compiled.matcher.matches(cmd);
-    }
-    if (rule.compiled.kind === 'path') {
-        const p = extractPrimaryPathArg(toolName, args);
-        if (!p)
-            return false;
-        return rule.compiled.matcher.matches(p);
-    }
-    if (rule.compiled.kind === 'edit') {
-        // Deny edit rules are handled by an async path-aware matcher.
-        return toolName === 'proposal.apply';
-    }
-    return false;
+    return filePredicate(changedFiles, rule.compiled.matcher);
 }
 export async function decidePermissionForToolCall(options) {
     const rules = options.rules;
@@ -442,17 +408,10 @@ export async function decidePermissionForToolCall(options) {
     }
     // Deny rules win.
     for (const rule of rules.deny) {
-        if (rule.compiled.kind === 'edit') {
-            if (options.toolName === 'proposal.apply' && (await matchDenyEditRule(rule, options.args))) {
-                return {
-                    kind: 'deny',
-                    reason: text.tools.permissionRuleDenied(rule.raw),
-                    rule: { effect: 'deny', raw: rule.raw, tool: rule.tool },
-                };
-            }
-            continue;
-        }
-        if (matchDenyRule(rule, options.toolName, options.args)) {
+        const isDeny = rule.compiled.kind === 'edit'
+            ? await matchEditRule(rule, options.args, (files, matcher) => files.some((p) => matcher.matches(p)))
+            : matchRule(rule, options.toolName, options.args);
+        if (isDeny) {
             return {
                 kind: 'deny',
                 reason: text.tools.permissionRuleDenied(rule.raw),
@@ -461,17 +420,10 @@ export async function decidePermissionForToolCall(options) {
         }
     }
     for (const rule of rules.allow) {
-        if (rule.compiled.kind === 'edit') {
-            if (options.toolName === 'proposal.apply' && (await matchAllowEditRule(rule, options.args))) {
-                return {
-                    kind: 'allow',
-                    reason: rule.raw,
-                    rule: { effect: 'allow', raw: rule.raw, tool: rule.tool },
-                };
-            }
-            continue;
-        }
-        if (matchAllowRule(rule, options.toolName, options.args)) {
+        const isAllow = rule.compiled.kind === 'edit'
+            ? await matchEditRule(rule, options.args, (files, matcher) => files.every((p) => matcher.matches(p)))
+            : matchRule(rule, options.toolName, options.args);
+        if (isAllow) {
             return {
                 kind: 'allow',
                 reason: rule.raw,

package/dist/core/tools/plugins/loader.js

@@ -3,6 +3,7 @@ import { pathToFileURL } from 'node:url';
 import { syncFs as fs } from '../../adapters/fs/node-fs.js';
 import { getLogger } from '../../observability/logger.js';
 import { Phase } from '../../types/runtime.js';
+import { errorMessage } from '../../utils/error.js';
 const FORBIDDEN_PHASES = new Set([
     Phase.PLAN,
     Phase.PATCH,
@@ -25,7 +26,7 @@ export async function registerPluginTools(registry, plugins) {
             }
         }
         catch (error) {
-            getLogger().warn(`Plugin ${plugin.id} path ${entryPoint} is not accessible: ${error instanceof Error ? error.message : String(error)}`);
+            getLogger().warn(`Plugin ${plugin.id} path ${entryPoint} is not accessible: ${errorMessage(error)}`);
             continue;
         }
         const moduleUrl = pathToFileURL(entryPoint).href;
@@ -35,7 +36,7 @@ export async function registerPluginTools(registry, plugins) {
             manifest = (mod.default ?? mod);
         }
         catch (error) {
-            getLogger().error(`Failed to import plugin ${plugin.id} from ${entryPoint}: ${error instanceof Error ? error.message : String(error)}`);
+            getLogger().error(`Failed to import plugin ${plugin.id} from ${entryPoint}: ${errorMessage(error)}`);
             continue;
         }
         const registerFn = manifest?.register;
@@ -52,7 +53,7 @@ export async function registerPluginTools(registry, plugins) {
             tools = await registerFn();
         }
         catch (error) {
-            getLogger().error(`Plugin ${pluginId} register() failed: ${error instanceof Error ? error.message : String(error)}`);
+            getLogger().error(`Plugin ${pluginId} register() failed: ${errorMessage(error)}`);
             continue;
         }
         if (!Array.isArray(tools)) {

package/dist/core/tools/router.js

@@ -2,6 +2,8 @@ import * as crypto from 'crypto';
 import { z } from 'zod';
 import { LIMITS } from '../config/limits.js';
 import { getLogger } from '../observability/logger.js';
+import { isRecord } from '../utils/serialize.js';
+import { unwrapZodSchema } from '../utils/zod.js';
 import { decidePermissionForToolCall } from './permissions/permission-rules.js';
 export class ToolRouter {
     registry;
@@ -14,32 +16,7 @@ export class ToolRouter {
     authorizationMode;
     permissionRules;
     unwrapForHint(schema) {
-        let current = schema;
-        for (let depth = 0; depth < 20; depth++) {
-            const ZodEffects = z.ZodEffects;
-            if (typeof ZodEffects === 'function' && current instanceof ZodEffects) {
-                current = current._def.schema;
-                continue;
-            }
-            if (current instanceof z.ZodPipe) {
-                current = current._def.out;
-                continue;
-            }
-            if (current instanceof z.ZodOptional) {
-                current = current._def.innerType;
-                continue;
-            }
-            if (current instanceof z.ZodNullable) {
-                current = current._def.innerType;
-                continue;
-            }
-            if (current instanceof z.ZodDefault) {
-                current = current._def.innerType;
-                continue;
-            }
-            break;
-        }
-        return current;
+        return unwrapZodSchema(schema);
     }
     buildInputHint(spec) {
         if (!spec.inputSchema)
@@ -115,7 +92,7 @@ export class ToolRouter {
                 const message = hint
                     ? `${inputCheck.message} (${hint})`
                     : inputCheck.message || 'Invalid input';
-                throw { code: 'INVALID_INPUT', message };
+                throw Object.assign(new Error(message), { code: 'INVALID_INPUT' });
             }
             const normalizedArgs = inputCheck.value ?? envelope.args;
             const normalizedEnvelope = normalizedArgs === envelope.args ? envelope : { ...envelope, args: normalizedArgs };
@@ -178,7 +155,9 @@ export class ToolRouter {
                         },
                     });
                     // Provide a stable token for challenge-response UIs.
-                    result.error.confirmToken = auth.challenge;
+                    if (isRecord(result.error)) {
+                        result.error.confirmToken = auth.challenge;
+                    }
                     this.audit.onEnd(result);
                     return result;
                 }
@@ -199,7 +178,7 @@ export class ToolRouter {
             // 5. Output Validation & Sanitize: Result validation and sensitive summary
             const sanitized = this.sanitizer.sanitizeOutput(spec, rawOutput);
             if (!sanitized.ok) {
-                throw { code: 'INVALID_OUTPUT', message: sanitized.message };
+                throw Object.assign(new Error(sanitized.message), { code: 'INVALID_OUTPUT' });
             }
             // 6. Return Standard Result (ok)
             const durationMs = Date.now() - startedAt;
@@ -222,28 +201,18 @@ export class ToolRouter {
             let errorMeta;
             if (e instanceof Error) {
                 errorMessage = e.message;
-                if ('code' in e && typeof e.code === 'string') {
-                    errorCode = e.code;
-                }
-                if ('interrupt' in e) {
-                    errorMeta = { ...(errorMeta ?? {}), interrupt: e.interrupt };
-                }
-                if ('inputRequired' in e) {
-                    errorMeta = { ...(errorMeta ?? {}), inputRequired: e.inputRequired };
-                }
             }
-            else if (e && typeof e === 'object') {
-                if ('message' in e && typeof e.message === 'string') {
-                    errorMessage = e.message;
-                }
-                if ('code' in e && typeof e.code === 'string') {
-                    errorCode = e.code;
+            const errObj = isRecord(e) ? e : null;
+            if (errObj) {
+                if (typeof errObj.message === 'string')
+                    errorMessage = errObj.message;
+                if (typeof errObj.code === 'string')
+                    errorCode = errObj.code;
+                if ('interrupt' in errObj) {
+                    errorMeta = { ...(errorMeta ?? {}), interrupt: errObj.interrupt };
                 }
-                if ('interrupt' in e) {
-                    errorMeta = { ...(errorMeta ?? {}), interrupt: e.interrupt };
-                }
-                if ('inputRequired' in e) {
-                    errorMeta = { ...(errorMeta ?? {}), inputRequired: e.inputRequired };
+                if ('inputRequired' in errObj) {
+                    errorMeta = { ...(errorMeta ?? {}), inputRequired: errObj.inputRequired };
                 }
             }
             const result = this.createErrorResult(envelope, startedAt, errorCode === 'TIMEOUT' ? 'timeout' : 'error', errorCode, errorMessage, errorMeta);
@@ -315,7 +284,7 @@ export class ToolRouter {
             source: spec.source,
             phase: normalizedEnvelope.phase,
             riskLevel: spec.riskLevel,
-            sideEffects: (spec.sideEffects || []),
+            sideEffects: spec.sideEffects,
             argsSummary,
             argsHash,
             repoRoot: normalizedEnvelope.ctx.repoRoot,
@@ -333,7 +302,9 @@ export class ToolRouter {
                     source: 'user',
                 },
             });
-            toolResult.error.confirmToken = deferred.challenge;
+            if (isRecord(toolResult.error)) {
+                toolResult.error.confirmToken = deferred.challenge;
+            }
             return {
                 kind: 'pending',
                 message: deferred.message,
@@ -450,7 +421,7 @@ export class ToolRouter {
             source: spec.source,
             phase: envelope.phase,
             riskLevel: spec.riskLevel,
-            sideEffects: (spec.sideEffects || []),
+            sideEffects: (spec.sideEffects ?? []),
             argsSummary,
             argsHash,
             repoRoot: envelope.ctx.repoRoot,
@@ -511,7 +482,7 @@ export class ToolRouter {
     }
     async getAuthorizationArgsSummary(envelope, spec) {
         const fallback = this.summarizeArgs(envelope.args);
-        const summarize = spec?.summarizeArgsForAuthorization;
+        const summarize = spec.summarizeArgsForAuthorization;
         if (typeof summarize !== 'function')
             return fallback;
         // Best-effort only. Avoid hanging authorization prompts on slow IO.