shortcutxl 0.3.39 → 0.3.40

package/CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## [0.3.40]
+
+- **Runtime permissions** — New `/permissions` command to review and change what file and shell tools can do. Approve individual workspaces, grant narrower read or read/write exceptions to files and folders outside them, and toggle spreadsheet auto-approve per settings profile.
+- **Skip runtime and spreadsheet permissions** — Explicit `/permissions skip-runtime-permissions` (and matching `--skip-runtime-permissions` / `--skip-spreadsheet-permissions` CLI flags) for when you intentionally want those permission boundaries disabled.
+
 ## [0.3.39]
 
 - **Claude Opus 4.7** - Added Claude Opus 4.7 as a selectable Shortcut model with a 1M-token context window.

package/dist/app/agent-session.d.ts

@@ -14,6 +14,8 @@
  */
 import type { ImageContent, Model, TextContent } from '@mariozechner/pi-ai';
 import type { Agent, AgentEvent, AgentMessage, AgentState, ThinkingLevel, ToolDefinition } from '../core/index.js';
+import type { RuntimePermissionPolicy } from '../core/permission-policy.js';
+import type { SessionAutoApproveState } from './approvals/session-auto-approve.js';
 import type { ContextUsage, ExtensionSessionSetupStore, InputSource } from './extensions/index.js';
 import { ExtensionRunner } from './extensions/index.js';
 import { type FileUploadData } from './file-uploads.js';
@@ -26,7 +28,6 @@ import { type ForkResult, type NavigateTreeResult } from './session/branch-manag
 import { type CompactionCompleteFn, type CompactionResult } from './session/compaction/index.js';
 import { type ExtensionBindings } from './session/extension-lifecycle.js';
 import { type ModelCycleResult } from './session/session-models.js';
-import type { SessionObservability } from './session/session-observability.js';
 import { type SessionStats } from './session/session-stats.js';
 import type { ProductSessionStore } from './session/session-store-types.js';
 import { type ToolInfo } from './session/tool-registry.js';
@@ -70,9 +71,6 @@ export type AgentSessionEvent = AgentEvent | {
     type: 'tool_summary';
     toolCallId: string;
     summary: string;
-} | {
-    type: 'run_stats';
-    stats: import('../server-sse-only/extended-state-types.js').RunStats;
 };
 /** Listener function for agent session events */
 export type AgentSessionEventListener = (event: AgentSessionEvent) => void;
@@ -80,6 +78,7 @@ export interface AgentSessionConfig {
     agent: Agent;
     sessionManager: ProductSessionStore;
     settingsManager: SettingsManager;
+    approvalState: SessionAutoApproveState;
     cwd: string;
     /** Resource loader for skills, prompts, context files, and internal prompt injection */
     resourceLoader: ResourceLoader;
@@ -92,6 +91,8 @@ export interface AgentSessionConfig {
     }>;
     /** Exact tool names to register initially */
     initialToolNames?: string[];
+    /** Optional initial mode name used to seed runtime permission policy. */
+    initialModeName?: string;
     /** Model registry for API key resolution and model discovery */
     modelRegistry: ModelRegistry;
     /** Mutable ref used by Agent to access the current ExtensionRunner */
@@ -108,14 +109,18 @@ export interface AgentSessionConfig {
         maxToolUses?: number;
         maxTokens?: number;
     };
-    /** Extended state store for SSE-only mode (LangGraph-parity fields). */
-    extendedStateStore?: import('../server-sse-only/extended-state-store.js').ExtendedStateStore;
     /** When true, generate follow-up suggestions after each agent turn. Disabled in print/no-session modes. */
     enableSuggestions?: boolean;
     /** When true, allow tool summaries on this session surface. Disabled in print/subagent flows. */
     enableToolSummaries?: boolean;
-    /** Optional client logging sink for session lifecycle observability. */
-    observability?: SessionObservability;
+    observability?: {
+        setSessionId?: (sessionId: string) => void;
+        info?: (input: {
+            module: string;
+            event: string;
+            data?: Record<string, unknown>;
+        }) => void;
+    };
 }
 export type { ExtensionBindings } from './session/extension-lifecycle.js';
 /** Options for AgentSession.prompt() */
@@ -135,6 +140,7 @@ export declare class AgentSession {
     readonly agent: Agent;
     readonly sessionManager: ProductSessionStore;
     readonly settingsManager: SettingsManager;
+    readonly approvalState: SessionAutoApproveState;
     private _unsubscribeAgent?;
     private _eventListeners;
     private _agentEventQueue;
@@ -158,8 +164,6 @@ export declare class AgentSession {
     /** Session-scoped file upload metadata. */
     private _fileUploads;
     private _collabClient;
-    private _runStartMessageCount;
-    private _runStartTimestamp;
     private _sheetPool;
     private _collabAwareness;
     private _collabSync;
@@ -167,20 +171,18 @@ export declare class AgentSession {
     /** Fire-and-forget tool-call summary generation. */
     private _summaryEmitter;
     private _toolSummaryDiagnostics;
+    private _observability?;
     private _tools;
     private _models;
     private _extensions;
-    private _extendedStateStore?;
     private _compactionActions;
     private _compactionTriggerDeps;
     private _errorRecoveryActions;
-    private readonly _observability?;
     constructor(config: AgentSessionConfig);
     /** Model registry for API key resolution and model discovery */
     get modelRegistry(): ModelRegistry;
     getToolSummaryDiagnostics(): ToolSummaryDiagnostic[];
-    /** Extended state store (SSE-only mode). May be undefined if not configured. */
-    get extendedStateStore(): import("../server-sse-only/extended-state-store.js").ExtendedStateStore | undefined;
+    get permissionPolicy(): RuntimePermissionPolicy;
     /** Emit an event to all listeners */
     private _emit;
     /**
@@ -239,7 +241,6 @@ export declare class AgentSession {
     awaitPendingSuggestions(): Promise<void>;
     /** Full agent state */
     get state(): AgentState;
-    /** Current model (may be overridden by ExtendedStateStore.modelOverride for credit downgrade) */
     get model(): Model<any> | undefined;
     /** Current thinking level */
     get thinkingLevel(): ThinkingLevel;
@@ -253,7 +254,6 @@ export declare class AgentSession {
     get fileUploads(): readonly FileUploadData[];
     /**
      * Merge new file uploads into session state, deduplicating by name.
-     * Also syncs to the extended state store when available (SSE-only mode).
      */
     addFileUploads(files: FileUploadData[]): void;
     /**
@@ -272,7 +272,7 @@ export declare class AgentSession {
      * Changes take effect on the next agent turn.
      */
     replaceToolsByName(toolNames: string[]): void;
-    applyMode(toolNames: string[], systemPrompt: string): void;
+    applyMode(toolNames: string[], systemPrompt: string, modeName?: string): void;
     /** Whether compaction (manual or auto) is currently running */
     get isCompacting(): boolean;
     /** Set a pending context refresh query (consumed after the current agent loop ends). */

package/dist/app/approvals/session-auto-approve.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Session-scoped auto-approve state.
+ *
+ * The persisted settings layer owns only the default value for new sessions.
+ * The live toggle state belongs to the session and is shared by approval UIs,
+ * mode switching, and remote-control flows.
+ */
+export interface AutoApproveDefaultsStore {
+    getAutoApproveDefault(): boolean;
+    setAutoApproveDefault(value: boolean): void;
+    getSessionAutoApproveDefault?(): boolean;
+}
+export interface AutoApproveState {
+    getAutoApprove(): boolean;
+    setAutoApprove(value: boolean): void;
+}
+export declare class SessionAutoApproveState implements AutoApproveState, AutoApproveDefaultsStore {
+    private autoApprove;
+    private readonly defaults;
+    constructor(defaults: AutoApproveDefaultsStore);
+    getAutoApprove(): boolean;
+    setAutoApprove(value: boolean): void;
+    getAutoApproveDefault(): boolean;
+    setAutoApproveDefault(value: boolean): void;
+}
+//# sourceMappingURL=session-auto-approve.d.ts.map

package/dist/app/approvals/tool-approval.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Generic pre-execution approval gate for tools.
+ *
+ * Wraps a ToolDefinition with a user-approval prompt before executing.
+ */
+import type { TSchema } from '@sinclair/typebox';
+import type { ToolDefinition, ToolExecutionContext } from '../../core/core-types.js';
+import { type ApprovalChoice, type ApprovalGate, type ApprovalRequest } from './types.js';
+export declare function withPreApproval<T extends TSchema, D>(tool: ToolDefinition<T>, approval: ApprovalGate<D>, buildRequest: (params: Record<string, unknown>, ctx: ToolExecutionContext | undefined) => ApprovalRequest<D> | Promise<ApprovalRequest<D>>, options?: {
+    isContentSafe?: (params: Record<string, unknown>, ctx: ToolExecutionContext | undefined) => boolean | Promise<boolean>;
+    onRequested?: (request: ApprovalRequest<D>) => void;
+    onAccepted?: (request: ApprovalRequest<D>, choice: ApprovalChoice) => void;
+    onRejected?: (request: ApprovalRequest<D>) => void;
+    isApprovedChoiceAllowed?: (request: ApprovalRequest<D>, choice: ApprovalChoice) => boolean | Promise<boolean>;
+    describeApprovedChoice?: (request: ApprovalRequest<D>, choice: ApprovalChoice) => string | undefined;
+    applyApprovalContext?: (ctx: ToolExecutionContext | undefined, params: Record<string, unknown>, request: ApprovalRequest<D>, choice: ApprovalChoice) => ToolExecutionContext | undefined | Promise<ToolExecutionContext | undefined>;
+}): ToolDefinition<T>;
+//# sourceMappingURL=tool-approval.d.ts.map

package/dist/app/approvals/types.d.ts

@@ -9,6 +9,9 @@ import type { ExtensionContext } from '../extensions/index.js';
 export declare const APPROVAL: {
     readonly ACCEPT: "Accept";
     readonly ACCEPT_ALL: "Accept All";
+    readonly ALLOW_ONCE: "Allow Once";
+    readonly ALLOW_FILE: "Always Allow File";
+    readonly ALLOW_FOLDER: "Always Allow Folder";
     readonly REJECT: "Reject";
 };
 export type ApprovalChoice = (typeof APPROVAL)[keyof typeof APPROVAL];
@@ -35,4 +38,18 @@ export interface ApprovalQueueInfo {
     current: number;
     total: number;
 }
+export interface FileAccessApprovalData {
+    path: string;
+    access: 'read' | 'write';
+    workspaceRoots: string[];
+    allowPersistentGrant: boolean;
+    fileGrantPath: string;
+    folderGrantPath: string;
+}
+export interface BashApprovalData {
+    command: string;
+    description?: string;
+    /** Connection names whose credentials will be injected. */
+    connections?: string[];
+}
 //# sourceMappingURL=types.d.ts.map

package/dist/app/constants.d.ts

@@ -14,10 +14,6 @@ export declare const SHORTCUT_API_URL: string;
 export declare function getShortcutForkTraceDir(): string | undefined;
 /** WebSocket URL for the collab signaling server. */
 export declare const COLLAB_SERVER_URL: string;
-/**
- * Free-tier fallback model used when the user has exhausted their credits.
- */
-export declare const FREE_MODEL_ID = "claude-sonnet-4-6-20250514";
 /** uv release version pinned to a known-good Astral release. */
 export declare const UV_VERSION = "0.7.2";
 /** Python version installed via uv on macOS. */

package/dist/app/credits/credit-gate.d.ts

@@ -4,11 +4,6 @@
  * Checks whether the user has remaining credits (or an unlimited plan)
  * and caches the result for a configurable TTL to avoid hammering the API.
  *
- * Caller wires into ExtendedStateStore:
- * ```
- * const result = await creditGate.check(accessToken);
- * extendedStateStore.set('isOutOfCredits', !result.hasCredits);
- * ```
  */
 export interface CreditCheckResult {
     hasCredits: boolean;

package/dist/app/extensions/runner.d.ts

@@ -61,6 +61,7 @@ export declare class ExtensionRunner {
     private deductChildUsageFn;
     private getMessagesFn;
     private getToolsFn;
+    private getPermissionPolicyFn;
     private newSessionHandler;
     private forkHandler;
     private navigateTreeHandler;
@@ -69,8 +70,7 @@ export declare class ExtensionRunner {
     private shutdownHandler;
     private commandDiagnostics;
     private sessionState?;
-    private extendedState?;
-    constructor(extensions: Extension[], runtime: ExtensionRuntime, cwd: string, sessionManager: ExtensionSessionView, modelRegistry: ModelRegistry, sessionState?: SessionState, extendedState?: import('../../server-sse-only/extended-state-store.js').ExtendedStateStore);
+    constructor(extensions: Extension[], runtime: ExtensionRuntime, cwd: string, sessionManager: ExtensionSessionView, modelRegistry: ModelRegistry, sessionState?: SessionState);
     bindCore(actions: ExtensionActions, contextActions: ExtensionContextActions): void;
     bindCommandContext(actions?: ExtensionCommandContextActions): void;
     setUIContext(uiContext?: ExtensionUIContext): void;

package/dist/app/extensions/types.d.ts

@@ -11,7 +11,7 @@ import type { AssistantMessage, AssistantMessageEvent, ImageContent, Message, Mo
 import type { TSchema } from '@sinclair/typebox';
 import type { ModelRegistry } from '../../app/providers/model-registry.js';
 import type { CompactionPreparation, CompactionResult } from '../../app/session/compaction/index.js';
-import type { AgentMessage, AgentState, AgentToolResult, AgentToolUpdateCallback, ToolDefinition, ToolExecutionContext } from '../../core/core-types.js';
+import type { AgentMessage, AgentState, AgentToolResult, AgentToolUpdateCallback, RuntimePermissionPolicy, ToolDefinition, ToolExecutionContext } from '../../core/core-types.js';
 import type { CustomMessage } from '../messages.js';
 import type { BashOperations, BashResult } from '../tools/bash-types.js';
 export type { AgentToolResult, AgentToolUpdateCallback, ToolDefinition };
@@ -505,6 +505,7 @@ export interface ExtensionContextActions {
     }) => void;
     getMessages: () => AgentMessage[];
     getTools: () => readonly ToolDefinition[];
+    getPermissionPolicy: () => RuntimePermissionPolicy;
 }
 /**
  * Actions for ExtensionCommandContext (ctx.* in command handlers).

package/dist/app/index.d.ts

@@ -1,5 +1,6 @@
 export type { AgentDefinition } from './agent-definition.js';
 export { AgentSession, LoginRequiredError, parseSkillBlock, type AgentSessionConfig, type AgentSessionEvent, type AgentSessionEventListener, type ModelCycleResult, type ParsedSkillBlock, type PromptOptions, type SessionStats } from './agent-session.js';
+export { SessionAutoApproveState } from './approvals/session-auto-approve.js';
 export { AuthStorage, FileAuthStorageBackend, InMemoryAuthStorageBackend, type AuthCredential, type AuthStorageBackend, type OAuthCredential } from './auth/auth-storage.js';
 export { startProactiveRefresh } from './auth/refresh-timer.js';
 export { createTextHash, formatInlineCitation, formatInlineCitations, getCitationId, getSourceKey, mergeCitations, processAnthropicCitations, type AnthropicCharLocationCitation, type AnthropicCitation, type AnthropicContentBlock, type AnthropicPageLocationCitation, type AnthropicTextBlock, type AnthropicWebSearchResultLocationCitation, type Citation, type DocumentCitation, type DraftCitation, type DraftDocumentCitation, type DraftWebCitation, type ProcessCitationsResult, type WebCitation } from './citations.js';
@@ -31,11 +32,11 @@ export { listAllSessions, listSessions } from './session/session-catalog.js';
 export type { SessionInfo, SessionListProgress } from './session/session-catalog.js';
 export { continueRecentSessionManager, createInMemorySessionManager, createSessionManager, forkSessionManager, openSessionManager } from './session/session-factory.js';
 export { SessionManager } from './session/session-manager.js';
-export type { SessionObservability } from './session/session-observability.js';
 export { FileSessionPersistenceBackend } from './session/session-persistence-backend.js';
 export type { SessionPersistenceBackend } from './session/session-persistence-backend.js';
 export type { SessionEntry, SessionHeader, SessionInfoEntry, SessionMessageEntry } from './session/session-schema.js';
 export type { BranchSessionStore, ModelSessionStore, PersistenceSessionStore, ProductSessionStore, SessionInfoStore } from './session/session-store-types.js';
+export type { SessionObservability } from './session/session-observability.js';
 export { SettingsManager, type CompactionSettings, type ImageSettings, type PackageSource, type RetrySettings } from './settings-manager.js';
 export type { StartupInfoEntry } from './startup-info.js';
 export { downloadSkillsWithApproval, syncSkillsConservatively } from './sync/skills-download.js';

package/dist/app/observability/client-logging/client-logger.d.ts

@@ -0,0 +1,57 @@
+import { ShortcutClientLogContextStore } from './context.js';
+import { type ShortcutClientLogModule, type ShortcutClientLogTransport } from './types.js';
+export interface ShortcutClientLoggerOptions {
+    transport: ShortcutClientLogTransport;
+    context?: ShortcutClientLogContextStore;
+    flushIntervalMs?: number;
+    maxBufferSize?: number;
+    now?: () => Date;
+    setIntervalFn?: typeof setInterval;
+    clearIntervalFn?: typeof clearInterval;
+}
+export interface EmitShortcutClientLogInput {
+    module: ShortcutClientLogModule;
+    event: string;
+    data?: Record<string, unknown>;
+    duration?: number;
+}
+/**
+ * Runtime-owned client logger for ShortcutXL observability.
+ *
+ * This package intentionally knows nothing about PostHog, browser super properties,
+ * or compatibility with unrelated clients. It owns one contract only:
+ * batched client-shortcutxl log rows sent to /api/logs.
+ */
+export declare class ShortcutClientLogger {
+    private readonly transport;
+    private readonly context;
+    private readonly flushIntervalMs;
+    private readonly maxBufferSize;
+    private readonly now;
+    private readonly setIntervalFn;
+    private readonly clearIntervalFn;
+    private buffer;
+    private flushTimer;
+    private pendingFlush;
+    private destroyed;
+    private enabled;
+    constructor(options: ShortcutClientLoggerOptions);
+    setUserId(userId: string): void;
+    clearUserId(): void;
+    setSessionId(sessionId: string): void;
+    clearSessionId(): void;
+    setBuildInfo(input: {
+        commit?: string;
+        version?: string;
+    }): void;
+    setEnabled(enabled: boolean): void;
+    disable(): Promise<void>;
+    info(input: EmitShortcutClientLogInput): void;
+    warn(input: EmitShortcutClientLogInput): void;
+    error(input: EmitShortcutClientLogInput): void;
+    private emit;
+    private startPeriodicFlush;
+    flush(): Promise<void>;
+    destroy(): Promise<void>;
+}
+//# sourceMappingURL=client-logger.d.ts.map

package/dist/app/observability/client-logging/context.d.ts

@@ -0,0 +1,26 @@
+import type { ShortcutClientLogContext } from './types.js';
+/**
+ * Mutable runtime-owned log context.
+ *
+ * Owns only stable correlation fields that should be inherited by emitted log rows.
+ * Event-specific payloads stay outside this store.
+ */
+export declare class ShortcutClientLogContextStore {
+    private context;
+    setUserId(userId: string): void;
+    clearUserId(): void;
+    setSessionId(sessionId: string): void;
+    clearSessionId(): void;
+    setRequestId(requestId: string): void;
+    clearRequestId(): void;
+    setRunId(runId: string): void;
+    clearRunId(): void;
+    setFileId(fileId: string): void;
+    clearFileId(): void;
+    setBuildInfo(input: {
+        commit?: string;
+        version?: string;
+    }): void;
+    getSnapshot(): ShortcutClientLogContext;
+}
+//# sourceMappingURL=context.d.ts.map

package/dist/app/observability/client-logging/index.d.ts

@@ -0,0 +1,8 @@
+export { ShortcutClientLogger, type EmitShortcutClientLogInput } from './client-logger.js';
+export { ShortcutClientLogContextStore } from './context.js';
+export { attachShortcutSessionEventLogging } from './session-events.js';
+export { getTelemetryToggleLog } from './settings-events.js';
+export { getXllStartupLog, type StartupXllStatus } from './startup-events.js';
+export { HttpShortcutClientLogTransport, type HttpShortcutClientLogTransportOptions } from './transport.js';
+export { SHORTCUT_CLIENT_LOG_MODULES, SHORTCUT_CLIENT_LOG_SOURCE, type ShortcutClientLogBatch, type ShortcutClientLogContext, type ShortcutClientLogEntry, type ShortcutClientLogLevel, type ShortcutClientLogModule, type ShortcutClientLogSource, type ShortcutClientLogTransport } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/app/observability/client-logging/session-events.d.ts

@@ -0,0 +1,4 @@
+import type { AgentSession } from '../../agent-session.js';
+import type { ShortcutClientLogger } from './client-logger.js';
+export declare function attachShortcutSessionEventLogging(session: Pick<AgentSession, 'sessionId' | 'subscribe'>, logger: Pick<ShortcutClientLogger, 'setSessionId' | 'info' | 'warn' | 'error'>): () => void;
+//# sourceMappingURL=session-events.d.ts.map

package/dist/app/observability/client-logging/settings-events.d.ts

@@ -0,0 +1,5 @@
+export declare function getTelemetryToggleLog(enabled: boolean): {
+    module: 'settings';
+    event: 'telemetry_enabled' | 'telemetry_disabled';
+};
+//# sourceMappingURL=settings-events.d.ts.map

package/dist/app/observability/client-logging/startup-events.d.ts

@@ -0,0 +1,18 @@
+export type StartupXllStatus = {
+    kind: 'ok';
+    updated: number;
+} | {
+    kind: 'source-missing';
+    missingPaths: string[];
+} | {
+    kind: 'install-failed';
+} | {
+    kind: 'degraded';
+    updated: number;
+};
+export declare function getXllStartupLog(requiresLocalXllRuntime: boolean, status: StartupXllStatus): {
+    module: 'xll';
+    event: 'xll_connected' | 'xll_connection_failed';
+    data?: Record<string, unknown>;
+} | null;
+//# sourceMappingURL=startup-events.d.ts.map

package/dist/app/observability/client-logging/transport.d.ts

@@ -0,0 +1,15 @@
+import type { ShortcutClientLogBatch, ShortcutClientLogTransport } from './types.js';
+export interface HttpShortcutClientLogTransportOptions {
+    endpoint?: string;
+    fetchImpl?: typeof fetch;
+}
+/**
+ * Thin HTTP transport for shipping ShortcutXL client logs to the shared logging ingress.
+ */
+export declare class HttpShortcutClientLogTransport implements ShortcutClientLogTransport {
+    private readonly endpoint;
+    private readonly fetchImpl;
+    constructor(options?: HttpShortcutClientLogTransportOptions);
+    send(batch: ShortcutClientLogBatch): Promise<void>;
+}
+//# sourceMappingURL=transport.d.ts.map

package/dist/app/observability/client-logging/types.d.ts

@@ -0,0 +1,31 @@
+export declare const SHORTCUT_CLIENT_LOG_SOURCE: "client-shortcutxl";
+export declare const SHORTCUT_CLIENT_LOG_MODULES: readonly ["auth", "session", "agent", "tool", "excel", "xll", "trace_upload", "network", "settings", "ui", "lifecycle"];
+export type ShortcutClientLogSource = typeof SHORTCUT_CLIENT_LOG_SOURCE;
+export type ShortcutClientLogLevel = 'info' | 'warn' | 'error';
+export type ShortcutClientLogModule = (typeof SHORTCUT_CLIENT_LOG_MODULES)[number];
+export interface ShortcutClientLogContext {
+    user_id?: string;
+    session_id?: string;
+    request_id?: string;
+    run_id?: string;
+    file_id?: string;
+    commit?: string;
+    version?: string;
+}
+export interface ShortcutClientLogEntry extends ShortcutClientLogContext {
+    source: ShortcutClientLogSource;
+    level: ShortcutClientLogLevel;
+    event: string;
+    module: ShortcutClientLogModule;
+    created_at: string;
+    duration?: number;
+    data?: Record<string, unknown>;
+}
+export interface ShortcutClientLogBatch {
+    client_time: string;
+    entries: ShortcutClientLogEntry[];
+}
+export interface ShortcutClientLogTransport {
+    send(batch: ShortcutClientLogBatch): Promise<void>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/app/observability/index.d.ts

@@ -0,0 +1,2 @@
+export * from './client-logging/index.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/app/permissions/approval-surface.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Approval-surface helpers.
+ *
+ * Approval gating is a runtime-owned concern: headful surfaces may prompt,
+ * headless surfaces must deterministically allow or deny.
+ */
+import type { RuntimeApprovalSurface } from '../../core/permission-policy.js';
+export interface ApprovalSurfaceContext {
+    hasUI?: boolean;
+}
+export interface ApprovalExecutionDecisionInput {
+    surface: RuntimeApprovalSurface;
+    gateAvailable?: boolean;
+    isSafe: boolean;
+    isAutoApproved: boolean;
+    alwaysRequireExplicitApproval: boolean;
+    denyOnHeadlessApproval?: boolean;
+}
+export type ApprovalExecutionDecision = 'allow' | 'prompt' | 'deny';
+/** Determines whether the current execution context can display approval UI. */
+export declare function getApprovalSurface(ctx: ApprovalSurfaceContext | undefined): RuntimeApprovalSurface;
+/** Resolves an approval-gated execution request into allow, prompt, or deny. */
+export declare function resolveApprovalExecutionDecision(input: ApprovalExecutionDecisionInput): ApprovalExecutionDecision;
+//# sourceMappingURL=approval-surface.d.ts.map

package/dist/app/permissions/capability-catalog.d.ts

@@ -0,0 +1,17 @@
+/**
+ * App-owned mapping from concrete tool names to shared runtime capabilities.
+ *
+ * This file is intentionally small: the core layer owns capability identity,
+ * while the app layer owns which built-in tools declare each capability.
+ */
+import { type RuntimeCapabilityId } from '../../core/permission-policy.js';
+export interface RuntimeCapabilityDefinition {
+    id: RuntimeCapabilityId;
+    toolNames: readonly string[];
+}
+export declare const RUNTIME_CAPABILITY_CATALOG: readonly RuntimeCapabilityDefinition[];
+/** Returns the capability set declared by the current runtime tool selection. */
+export declare function getDeclaredCapabilityIds(toolNames: readonly string[]): RuntimeCapabilityId[];
+/** Convenience predicate for small capability-gated compiler decisions. */
+export declare function hasCapability(capabilityIds: readonly RuntimeCapabilityId[], capabilityId: RuntimeCapabilityId): boolean;
+//# sourceMappingURL=capability-catalog.d.ts.map

package/dist/app/permissions/compiler.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Builds the effective runtime-owned permission policy for the active tool set.
+ *
+ * The compiler is intentionally deterministic and conservative: mode presets
+ * define the broad behavior, and declared capabilities only widen the surfaces
+ * that are actually available in the current registry.
+ */
+import type { RuntimePermissionPolicy } from '../../core/permission-policy.js';
+export interface EffectivePermissionPolicyInput {
+    toolNames: readonly string[];
+    modeName?: string;
+    workspaceRoots?: string[];
+    persistentApprovals?: RuntimePermissionPolicy['filesystem']['persistentApprovals'];
+    dangerouslySkipRuntimePermissions?: boolean;
+    dangerouslySkipSpreadsheetPermissions?: boolean;
+}
+export declare function buildEffectivePermissionPolicy(input: EffectivePermissionPolicyInput): RuntimePermissionPolicy;
+export declare function createDefaultPermissionPolicy(): RuntimePermissionPolicy;
+//# sourceMappingURL=compiler.d.ts.map

package/dist/app/permissions/effective-view.d.ts

@@ -0,0 +1,23 @@
+/**
+ * User-facing effective permission view.
+ *
+ * This is a read model over the compiled runtime policy for showing what the
+ * current session can do right now without exposing internal enforcement state.
+ */
+import type { RuntimeCapabilityId, RuntimePermissionPolicy } from '../../core/permission-policy.js';
+export interface EffectivePermissionCapabilityView {
+    capabilityId: RuntimeCapabilityId;
+    label: string;
+    status: 'enabled' | 'approval_required' | 'denied';
+    summary: string;
+}
+export interface EffectivePermissionView {
+    modeName?: string;
+    dangerouslySkipRuntimePermissions: boolean;
+    headlessApprovalsDenied: boolean;
+    headlessSpreadsheetApprovalsDenied: boolean;
+    capabilities: EffectivePermissionCapabilityView[];
+}
+export declare function buildEffectivePermissionView(policy: RuntimePermissionPolicy): EffectivePermissionView;
+export declare function formatEffectivePermissionView(view: EffectivePermissionView): string;
+//# sourceMappingURL=effective-view.d.ts.map

package/dist/app/permissions/filesystem-policy.d.ts

@@ -0,0 +1,25 @@
+import type { ApprovedFilesystemAccessGrant } from '../../core/core-types.js';
+import type { RuntimeFilesystemPermissionPolicy } from '../../core/permission-policy.js';
+import type { SessionState } from '../../core/session-state.js';
+export interface FilesystemAccessDecision {
+    outcome: 'allow' | 'require_approval' | 'deny';
+    canonicalPath: string;
+    canonicalWorkspaceRoots: string[];
+    allowPersistentGrant?: boolean;
+    fileGrantPath?: string;
+    folderGrantPath?: string;
+    reason?: string;
+}
+export declare function getFilesystemAccessDecision(options: {
+    path: string;
+    policy: RuntimeFilesystemPermissionPolicy;
+    access: 'read' | 'write';
+}): Promise<FilesystemAccessDecision>;
+export declare function enforceFilesystemPolicy(options: {
+    path: string;
+    policy: RuntimeFilesystemPermissionPolicy;
+    access: 'read' | 'write';
+    sessionState?: SessionState;
+    approvalGrants?: ApprovedFilesystemAccessGrant[];
+}): Promise<void>;
+//# sourceMappingURL=filesystem-policy.d.ts.map

package/dist/app/permissions/permissions-command.d.ts

@@ -0,0 +1,17 @@
+/**
+ * /permissions slash command handler.
+ *
+ * The persisted permissioning JSON is the source of truth. This module owns the
+ * interactive command flow for viewing and editing that schema so the startup
+ * router can remain a thin dispatcher.
+ */
+import type { SettingsManager } from '../settings-manager.js';
+type ShowStatus = (msg: string) => void;
+type Select = (title: string, options: string[]) => Promise<string | undefined>;
+type Input = (title: string, placeholder?: string) => Promise<string | undefined>;
+/**
+ * Handle the /permissions slash command against the current settings state.
+ */
+export declare function handlePermissionsCommand(command: string, showStatus: ShowStatus, select: Select, input: Input, settingsManager: SettingsManager, cwd: string): Promise<boolean>;
+export {};
+//# sourceMappingURL=permissions-command.d.ts.map

package/dist/app/permissions/policy.d.ts

@@ -0,0 +1,9 @@
+/**
+ * App-owned adapter from tool registry state into the shared permission
+ * compiler. The compiler owns the resulting policy shape.
+ */
+import type { RuntimePermissionPolicy } from '../../core/permission-policy.js';
+import { createDefaultPermissionPolicy } from './compiler.js';
+export declare function deriveModePermissionPolicy(toolNames: readonly string[], modeName?: string, workspaceRoots?: string[], persistentApprovals?: RuntimePermissionPolicy['filesystem']['persistentApprovals'], dangerouslySkipRuntimePermissions?: boolean, dangerouslySkipSpreadsheetPermissions?: boolean): RuntimePermissionPolicy;
+export { createDefaultPermissionPolicy };
+//# sourceMappingURL=policy.d.ts.map

package/dist/app/permissions/require-policy.d.ts

@@ -0,0 +1,4 @@
+import type { ToolExecutionContext } from '../../core/core-types.js';
+import type { RuntimePermissionPolicy } from '../../core/permission-policy.js';
+export declare function requirePermissionPolicy(ctx: ToolExecutionContext | undefined, toolName: string): RuntimePermissionPolicy;
+//# sourceMappingURL=require-policy.d.ts.map