npm - tide-commander - Versions diffs - 1.97.0 → 1.98.0 - Mend

tide-commander 1.97.0 → 1.98.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (69) hide show

package/dist/src/packages/server/routes/skills.js ADDED Viewed

@@ -0,0 +1,193 @@
+/**
+ * Skills Routes
+ * REST API endpoints for skill CRUD (custom and builtin-readable).
+ *
+ * Mirrors the WebSocket skill handlers in functionality but provides a
+ * stable HTTP surface for one-shot registration by other services or
+ * automation that doesn't want to maintain a WS subscription.
+ */
+import { Router } from 'express';
+import { skillService } from '../services/index.js';
+import { createLogger, generateSlug } from '../utils/index.js';
+const log = createLogger('SkillsRoute');
+const router = Router();
+let broadcastFn = null;
+export function setBroadcast(fn) {
+    broadcastFn = fn;
+}
+function broadcast(type, payload) {
+    if (!broadcastFn)
+        return;
+    broadcastFn({ type, payload });
+}
+function validateUpsertBody(body) {
+    if (!body || typeof body !== 'object')
+        return { error: 'Request body must be a JSON object' };
+    const b = body;
+    if (typeof b.name !== 'string' || !b.name.trim())
+        return { error: 'name is required (string)' };
+    if (typeof b.description !== 'string')
+        return { error: 'description is required (string)' };
+    if (typeof b.content !== 'string')
+        return { error: 'content is required (string)' };
+    if (b.allowedTools !== undefined && (!Array.isArray(b.allowedTools) || b.allowedTools.some(t => typeof t !== 'string'))) {
+        return { error: 'allowedTools must be a string array' };
+    }
+    if (b.model !== undefined && typeof b.model !== 'string')
+        return { error: 'model must be a string' };
+    if (b.context !== undefined && b.context !== 'fork' && b.context !== 'inline')
+        return { error: "context must be 'fork' or 'inline'" };
+    if (b.enabled !== undefined && typeof b.enabled !== 'boolean')
+        return { error: 'enabled must be boolean' };
+    if (b.slug !== undefined && typeof b.slug !== 'string')
+        return { error: 'slug must be a string' };
+    return { body: b };
+}
+function normalizeSlug(slug) {
+    // Run through the canonical slug helper so callers can't sneak unsafe characters
+    // into the persisted file. generateSlug is idempotent on already-safe input.
+    return generateSlug(slug);
+}
+// ----------------------------------------------------------------------------
+// GET /api/skills — list all
+// ----------------------------------------------------------------------------
+router.get('/', (_req, res) => {
+    try {
+        res.json({ skills: skillService.getAllSkills() });
+    }
+    catch (err) {
+        log.error(' Failed to list skills:', err);
+        res.status(500).json({ error: err.message });
+    }
+});
+// ----------------------------------------------------------------------------
+// GET /api/skills/:slug — single
+// ----------------------------------------------------------------------------
+router.get('/:slug', (req, res) => {
+    try {
+        const slug = normalizeSlug(String(req.params.slug));
+        const skill = skillService.getSkillBySlug(slug);
+        if (!skill)
+            return res.status(404).json({ error: `Skill not found: ${slug}` });
+        res.json(skill);
+    }
+    catch (err) {
+        log.error(' Failed to fetch skill:', err);
+        res.status(500).json({ error: err.message });
+    }
+});
+// ----------------------------------------------------------------------------
+// Upsert helper shared by PUT /:slug and POST /
+// ----------------------------------------------------------------------------
+function upsertSkill(slug, body, res) {
+    const existing = skillService.getSkillBySlug(slug);
+    if (!existing) {
+        const created = skillService.createSkill({
+            slug,
+            name: body.name,
+            description: body.description,
+            content: body.content,
+            allowedTools: body.allowedTools,
+            model: body.model,
+            context: body.context,
+            assignedAgentIds: body.assignedAgentIds,
+            assignedAgentClasses: body.assignedAgentClasses,
+            enabled: body.enabled,
+        });
+        broadcast('skill_created', created);
+        log.log(` Created skill via HTTP: ${created.slug} (${created.id})`);
+        res.status(201).json(created);
+        return;
+    }
+    if (existing.builtin) {
+        res.status(409).json({ error: `slug '${slug}' is owned by a builtin skill` });
+        return;
+    }
+    const updates = {
+        name: body.name,
+        description: body.description,
+        content: body.content,
+        slug,
+    };
+    if (body.allowedTools !== undefined)
+        updates.allowedTools = body.allowedTools;
+    if (body.model !== undefined)
+        updates.model = body.model;
+    if (body.context !== undefined)
+        updates.context = body.context;
+    if (body.assignedAgentIds !== undefined)
+        updates.assignedAgentIds = body.assignedAgentIds;
+    if (body.assignedAgentClasses !== undefined)
+        updates.assignedAgentClasses = body.assignedAgentClasses;
+    if (body.enabled !== undefined)
+        updates.enabled = body.enabled;
+    const updated = skillService.updateSkill(existing.id, updates);
+    if (!updated) {
+        res.status(500).json({ error: `Failed to update skill ${slug}` });
+        return;
+    }
+    broadcast('skill_updated', updated);
+    log.log(` Updated skill via HTTP: ${updated.slug} (${updated.id})`);
+    res.status(200).json(updated);
+}
+// ----------------------------------------------------------------------------
+// PUT /api/skills/:slug — upsert by slug in URL
+// ----------------------------------------------------------------------------
+router.put('/:slug', (req, res) => {
+    try {
+        const urlSlug = normalizeSlug(String(req.params.slug));
+        const v = validateUpsertBody(req.body);
+        if ('error' in v)
+            return res.status(400).json({ error: v.error });
+        if (v.body.slug !== undefined && normalizeSlug(v.body.slug) !== urlSlug) {
+            return res.status(400).json({ error: `URL slug '${urlSlug}' does not match body slug '${v.body.slug}'` });
+        }
+        upsertSkill(urlSlug, v.body, res);
+    }
+    catch (err) {
+        log.error(' Failed to upsert skill:', err);
+        res.status(500).json({ error: err.message });
+    }
+});
+// ----------------------------------------------------------------------------
+// POST /api/skills — upsert with slug from body (or derived from name)
+// ----------------------------------------------------------------------------
+router.post('/', (req, res) => {
+    try {
+        const v = validateUpsertBody(req.body);
+        if ('error' in v)
+            return res.status(400).json({ error: v.error });
+        const slug = v.body.slug ? normalizeSlug(v.body.slug) : generateSlug(v.body.name);
+        if (!slug)
+            return res.status(400).json({ error: 'slug could not be derived from name' });
+        upsertSkill(slug, v.body, res);
+    }
+    catch (err) {
+        log.error(' Failed to upsert skill:', err);
+        res.status(500).json({ error: err.message });
+    }
+});
+// ----------------------------------------------------------------------------
+// DELETE /api/skills/:slug — delete custom skill (409 if builtin)
+// ----------------------------------------------------------------------------
+router.delete('/:slug', (req, res) => {
+    try {
+        const slug = normalizeSlug(String(req.params.slug));
+        const skill = skillService.getSkillBySlug(slug);
+        if (!skill)
+            return res.status(404).json({ error: `Skill not found: ${slug}` });
+        if (skill.builtin)
+            return res.status(409).json({ error: `Cannot delete builtin skill '${slug}'` });
+        const ok = skillService.deleteSkill(skill.id);
+        if (!ok)
+            return res.status(500).json({ error: `Failed to delete skill ${slug}` });
+        broadcast('skill_deleted', { id: skill.id });
+        log.log(` Deleted skill via HTTP: ${slug} (${skill.id})`);
+        res.status(204).end();
+    }
+    catch (err) {
+        log.error(' Failed to delete skill:', err);
+        res.status(500).json({ error: err.message });
+    }
+});
+export default router;

package/dist/src/packages/server/routes/trigger-routes.js CHANGED Viewed

@@ -15,12 +15,14 @@
  *   GET    /api/triggers/:id/events         - Get trigger fire history
  */
 import { Router } from 'express';
+import * as crypto from 'crypto';
 import * as triggerService from '../services/trigger-service.js';
 import * as cronService from '../services/cron-service.js';
 import { createLogger } from '../utils/logger.js';
-import { detectWebhookProvider, verifyHmacSignature, getWebhookHmacPayload, GITHUB_SIGNATURE_HEADER, BITBUCKET_SIGNATURE_HEADER, BITBUCKET_EVENT_HEADER, } from './webhook-signatures.js';
+import { detectWebhookProvider, verifyHmacSignature, getWebhookHmacPayload, GITHUB_SIGNATURE_HEADER, BITBUCKET_SIGNATURE_HEADER, BITBUCKET_EVENT_HEADER, JIRA_SIGNATURE_HEADER, } from './webhook-signatures.js';
 import { WebhookDedupeCache } from './webhook-dedupe.js';
 import { isBitbucketAuthorLoop } from './bitbucket-author-loop.js';
+import { jiraTriggerHandler } from '../integrations/jira/jira-trigger-handler.js';
 const log = createLogger('TriggerRoutes');
 const router = Router();
 // Process-wide dedupe cache for webhook deliveries. Bitbucket retries reuse
@@ -105,33 +107,34 @@ router.post('/webhook/:triggerId', async (req, res) => {
         res.status(400).json({ error: 'Trigger is disabled' });
         return;
     }
-    // Both `webhook` and `bitbucket` route through this handler — the signature,
-    // dedupe, and author-loop helpers are header-driven (auto-detect Bitbucket
-    // vs GitHub via X-Event-Key vs X-GitHub-Event), so they work for either type.
-    if (trigger.type !== 'webhook' && trigger.type !== 'bitbucket') {
+    if (trigger.type !== 'webhook' && trigger.type !== 'bitbucket' && trigger.type !== 'jira') {
         res.status(400).json({ error: 'Not a webhook-receivable trigger', triggerType: trigger.type });
         return;
     }
-    // Validate HMAC secret if configured
+    // Jira fails closed when no secret is configured: classic Cloud webhooks are
+    // unsigned, so the `?secret=<shared>` query-string is the only auth path —
+    // leaving it empty would let anyone fire the trigger by URL guess.
+    if (trigger.type === 'jira' && !trigger.config.secret) {
+        log.warn(`Webhook trigger ${triggerId} rejected: Jira trigger has no secret configured`);
+        res.status(401).json({ error: 'Jira trigger requires a configured secret' });
+        return;
+    }
     if (trigger.config.secret) {
         const provider = detectWebhookProvider(req.headers);
         const githubSig = req.headers[GITHUB_SIGNATURE_HEADER];
         const bitbucketSig = req.headers[BITBUCKET_SIGNATURE_HEADER];
+        const jiraSig = req.headers[JIRA_SIGNATURE_HEADER];
         const plainSecret = req.headers['x-webhook-secret'];
-        // Pick the signature whose header matches the detected provider — falls back
-        // to whichever HMAC header is present, then to the plain X-Webhook-Secret.
+        const querySecret = typeof req.query.secret === 'string' ? req.query.secret : undefined;
         const hmacSig = provider === 'bitbucket' ? bitbucketSig
             : provider === 'github' ? githubSig
-                : (githubSig || bitbucketSig);
-        if (!hmacSig && !plainSecret) {
+                : provider === 'jira' ? jiraSig
+                    : (githubSig || bitbucketSig || jiraSig);
+        if (!hmacSig && !plainSecret && !querySecret) {
             res.status(401).json({ error: 'Missing signature' });
             return;
         }
         if (hmacSig) {
-            // GitHub and Bitbucket Cloud both use HMAC-SHA256 with the `sha256=` prefix.
-            // Hash the raw request bytes captured by the webhook-scoped JSON parser
-            // (see app.ts) — re-serializing req.body would risk a false reject on
-            // key reordering / whitespace differences.
             const { payload, usedFallback } = getWebhookHmacPayload(req);
             if (usedFallback) {
                 log.warn(`Webhook trigger ${triggerId}: rawBody unavailable, falling back to JSON.stringify — signature may not match`);
@@ -144,11 +147,14 @@ router.post('/webhook/:triggerId', async (req, res) => {
             }
         }
         else {
-            // Direct comparison for X-Webhook-Secret
-            if (plainSecret !== trigger.config.secret) {
+            const candidate = plainSecret ?? querySecret ?? '';
+            if (!constantTimeEqual(candidate, trigger.config.secret)) {
                 res.status(401).json({ error: 'Invalid secret' });
                 return;
             }
+            if (querySecret && trigger.type === 'jira') {
+                log.warn(`Webhook trigger ${triggerId}: Jira ?secret= fallback used (no HMAC) — Cloud classic webhooks are unsigned, prefer Cloud Signed Webhooks when possible`);
+            }
         }
     }
     // Idempotency: short-circuit Bitbucket retry deliveries (same X-Request-UUID
@@ -173,12 +179,36 @@ router.post('/webhook/:triggerId', async (req, res) => {
         res.json({ skipped: 'author-loop-guard' });
         return;
     }
-    // Extract fields from payload
     const variables = {
         'trigger.name': trigger.name,
         timestamp: new Date().toISOString(),
         payload: JSON.stringify(req.body),
     };
+    if (trigger.type === 'jira') {
+        const event = {
+            source: 'jira',
+            type: (req.body && typeof req.body === 'object' && 'webhookEvent' in req.body
+                ? String(req.body.webhookEvent ?? 'jira')
+                : 'jira'),
+            data: normalizeJiraPayload(req.body),
+            timestamp: Date.now(),
+        };
+        if (!jiraTriggerHandler.structuralMatch(trigger, event)) {
+            res.json({ fired: false, reason: 'structural-mismatch' });
+            return;
+        }
+        Object.assign(variables, jiraTriggerHandler.extractVariables(trigger, event));
+        try {
+            await triggerService.fireTrigger(triggerId, variables, { rawPayload: event.data });
+            res.json({ fired: true });
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : 'Failed to fire trigger';
+            log.error(`Webhook trigger ${triggerId} failed:`, err);
+            res.status(500).json({ error: message });
+        }
+        return;
+    }
     // `extractFields` is declared on WebhookTrigger.config but is conceptually
     // generic: same-shape JSON-path extraction works for any header-receivable
     // type. Read through the union via a structural cast (mirrors the fallback
@@ -301,4 +331,31 @@ function getNestedValue(obj, path) {
     }
     return current;
 }
+function constantTimeEqual(a, b) {
+    const ab = Buffer.from(a);
+    const bb = Buffer.from(b);
+    if (ab.length !== bb.length)
+        return false;
+    return crypto.timingSafeEqual(ab, bb);
+}
+/**
+ * Reshape Jira Server / Data Center payloads into the Cloud shape the trigger
+ * handler reads. Server fires events like `issue_updated` via
+ * `issue_event_type_name`; Cloud uses `webhookEvent: "jira:issue_updated"`.
+ * Cloud nests the issue under `issue`; Server does too, so no key rewrite —
+ * we just synthesize a `webhookEvent` when missing so the handler's filter
+ * by event type works against both variants without per-shape branching.
+ */
+function normalizeJiraPayload(body) {
+    if (!body || typeof body !== 'object')
+        return {};
+    const src = body;
+    if (src.webhookEvent || !src.issue_event_type_name)
+        return src;
+    const eventName = String(src.issue_event_type_name);
+    const synthesized = eventName.startsWith('comment_')
+        ? eventName
+        : `jira:${eventName.startsWith('issue_') ? eventName : `issue_${eventName}`}`;
+    return { ...src, webhookEvent: synthesized };
+}
 export default router;

package/dist/src/packages/server/routes/webhook-signatures.js CHANGED Viewed

@@ -2,12 +2,18 @@
  * Webhook signature verification for incoming HMAC-SHA256 webhooks.
  *
  * Detects provider by header presence:
- *   - GitHub-style:    `X-GitHub-Event` + `X-Hub-Signature-256`
- *   - Bitbucket Cloud: `X-Event-Key`    + `X-Hub-Signature` (note: different header)
+ *   - GitHub-style:    `X-GitHub-Event`                 + `X-Hub-Signature-256`
+ *   - Bitbucket Cloud: `X-Event-Key`                    + `X-Hub-Signature`
+ *   - Jira (Cloud signed / Server signed plugins):
+ *                      `X-Atlassian-Webhook-Identifier` + `X-Hub-Signature`
  *
- * Both providers use the same algorithm (HMAC-SHA256, hex-encoded, with the
+ * All providers use the same algorithm (HMAC-SHA256, hex-encoded, with the
  * `sha256=` prefix); only the header name differs. The trigger's per-instance
- * secret is reused across both — the trigger config doesn't distinguish.
+ * secret is reused across all — the trigger config doesn't distinguish.
+ *
+ * Jira Cloud's classic admin webhooks don't sign payloads. For that case the
+ * caller falls back to a `?secret=<shared>` query-string check rather than
+ * HMAC; the helpers here cover the signed paths only.
  *
  * Body source: HMAC is computed over the *raw* request bytes captured by the
  * scoped `express.json({ verify })` middleware in app.ts. Re-serializing via
@@ -20,18 +26,25 @@
 import * as crypto from 'crypto';
 export const GITHUB_SIGNATURE_HEADER = 'x-hub-signature-256';
 export const BITBUCKET_SIGNATURE_HEADER = 'x-hub-signature';
+export const JIRA_SIGNATURE_HEADER = 'x-hub-signature';
 export const GITHUB_EVENT_HEADER = 'x-github-event';
 export const BITBUCKET_EVENT_HEADER = 'x-event-key';
+export const JIRA_WEBHOOK_ID_HEADER = 'x-atlassian-webhook-identifier';
 /**
- * Detect provider by event-key header. Bitbucket sends `X-Event-Key`,
- * GitHub sends `X-GitHub-Event`. Either header can appear in lowercase
- * via Node's normalization. Returns null when neither is present.
+ * Detect provider by identifying header. Bitbucket sends `X-Event-Key`,
+ * GitHub sends `X-GitHub-Event`, Jira sends `X-Atlassian-Webhook-Identifier`.
+ * Headers arrive lowercased via Node's normalization. Bitbucket wins over
+ * Jira when both are somehow present (Jira-from-Bitbucket is implausible;
+ * either way the HMAC step still gates dispatch). Returns null when no
+ * identifying header is present.
  */
 export function detectWebhookProvider(headers) {
     if (headers[BITBUCKET_EVENT_HEADER])
         return 'bitbucket';
     if (headers[GITHUB_EVENT_HEADER])
         return 'github';
+    if (headers[JIRA_WEBHOOK_ID_HEADER])
+        return 'jira';
     return null;
 }
 /**

package/dist/src/packages/server/services/agent-prompt-service.js ADDED Viewed

@@ -0,0 +1,100 @@
+/**
+ * Agent Prompt Service
+ *
+ * Bridges the MCP permission-prompt-tool flow to the Tide Commander UI.
+ * When a bypass-mode Claude agent invokes AskUserQuestion or ExitPlanMode the
+ * MCP server (src/packages/server/claude/permission-prompt-server.mjs) POSTs
+ * here; we hold the request, broadcast it to the UI, and resolve the waiting
+ * promise once the user clicks Approve / picks an answer (or on timeout).
+ *
+ * Mirrors permission-service.ts intentionally — the data flow is the same.
+ */
+import { createLogger } from '../utils/logger.js';
+const log = createLogger('AgentPrompt');
+const pending = new Map();
+const listeners = new Set();
+const resolvedListeners = new Set();
+// Plan/clarification prompts can sit for a while in interactive review — give
+// the user 10 minutes before falling back to a deny.
+const DEFAULT_TIMEOUT_MS = 10 * 60 * 1000;
+export function subscribe(listener) {
+    listeners.add(listener);
+    return () => listeners.delete(listener);
+}
+export function subscribeResolved(listener) {
+    resolvedListeners.add(listener);
+    return () => resolvedListeners.delete(listener);
+}
+function broadcast(prompt) {
+    listeners.forEach((l) => l(prompt));
+}
+function broadcastResolved(requestId, approved) {
+    resolvedListeners.forEach((l) => l(requestId, approved));
+}
+/**
+ * Create a prompt and wait for the user's response (or timeout).
+ * Called by the agent-prompt HTTP route on behalf of the MCP server.
+ */
+export async function createPrompt(args) {
+    const prompt = {
+        id: args.id,
+        agentId: args.agentId,
+        tool: args.tool,
+        input: args.input,
+        status: 'pending',
+        timestamp: Date.now(),
+    };
+    log.log(`Prompt created: ${args.id} tool=${args.tool} agent=${args.agentId}`);
+    return new Promise((resolve) => {
+        const timeout = setTimeout(() => {
+            log.log(`Prompt ${args.id} timed out — denying`);
+            pending.delete(args.id);
+            broadcastResolved(args.id, false);
+            resolve({ requestId: args.id, approved: false, reason: 'Prompt timed out' });
+        }, DEFAULT_TIMEOUT_MS);
+        pending.set(args.id, { prompt, resolve, timeout });
+        broadcast(prompt);
+    });
+}
+/**
+ * Deliver a user response. Called by the UI via HTTP POST or WS message.
+ */
+export function respondToPrompt(response) {
+    const entry = pending.get(response.requestId);
+    if (!entry) {
+        log.log(`No pending prompt for ${response.requestId}`);
+        return false;
+    }
+    clearTimeout(entry.timeout);
+    pending.delete(response.requestId);
+    entry.prompt.status = 'answered';
+    log.log(`Prompt ${response.requestId} answered approved=${response.approved}`);
+    broadcastResolved(response.requestId, response.approved);
+    entry.resolve(response);
+    return true;
+}
+export function getPendingPrompts() {
+    return Array.from(pending.values()).map((p) => p.prompt);
+}
+export function getPendingPromptsForAgent(agentId) {
+    return Array.from(pending.values())
+        .filter((p) => p.prompt.agentId === agentId)
+        .map((p) => p.prompt);
+}
+/**
+ * Cancel all pending prompts for an agent (used when an agent is stopped).
+ */
+export function cancelPromptsForAgent(agentId) {
+    const cancelled = [];
+    for (const [id, entry] of pending) {
+        if (entry.prompt.agentId === agentId) {
+            log.log(`Cancelling prompt ${id} for stopped agent ${agentId}`);
+            clearTimeout(entry.timeout);
+            pending.delete(id);
+            broadcastResolved(id, false);
+            entry.resolve({ requestId: id, approved: false, reason: 'Agent was stopped' });
+            cancelled.push(id);
+        }
+    }
+    return cancelled;
+}

package/dist/src/packages/server/services/index.js CHANGED Viewed

@@ -6,6 +6,7 @@ export * as agentService from './agent-service.js';
 export * as claudeService from './claude-service.js';
 export * as runtimeService from './runtime-service.js';
 export * as permissionService from './permission-service.js';
+export * as agentPromptService from './agent-prompt-service.js';
 export * as bossService from './boss-service.js';
 export * as skillService from './skill-service.js';
 export * as customClassService from './custom-class-service.js';

package/dist/src/packages/server/websocket/handler.js CHANGED Viewed

@@ -6,7 +6,7 @@ import { WebSocketServer, WebSocket } from 'ws';
 import { agentService, bossMessageService, customClassService, permissionService, runtimeService, skillService, triggerService, workflowService, } from '../services/index.js';
 import { loadAreas, loadBuildings } from '../data/index.js';
 import { logger } from '../utils/index.js';
-import { setNotificationBroadcast, setExecBroadcast, setFocusAgentBroadcast, setAgentsBroadcast, setTriggerBroadcast, setBuildingsBroadcast } from '../routes/index.js';
+import { setNotificationBroadcast, setExecBroadcast, setFocusAgentBroadcast, setAgentsBroadcast, setTriggerBroadcast, setBuildingsBroadcast, setSkillsBroadcast } from '../routes/index.js';
 import { validateWebSocketAuth, isAuthEnabled } from '../auth/index.js';
 import { incrementWsSent, incrementWsReceived, setWsClientsCount } from '../routes/perf.js';
 import { handleSpawnAgent, handleKillAgent, handleStopAgent, handleClearContext, handleRestoreSession, handleRequestSessionHistory, handleCollapseContext, handleRequestContextStats, handleMoveAgent, handleRemoveAgent, handleRenameAgent, handleUpdateAgentProperties, handleCreateDirectory, handleReattachAgent, } from './handlers/agent-handler.js';
@@ -302,6 +302,7 @@ export function init(server) {
     setAgentsBroadcast(broadcast);
     setTriggerBroadcast(broadcast);
     setBuildingsBroadcast(broadcast);
+    setSkillsBroadcast(broadcast);
     log.log('Handler initialized');
     return wss;
 }

package/dist/src/packages/server/websocket/listeners/agent-prompt-listeners.js ADDED Viewed

@@ -0,0 +1,13 @@
+import { agentPromptService } from '../../services/index.js';
+import { logger } from '../../utils/index.js';
+const log = logger.ws;
+export function setupAgentPromptListeners(ctx) {
+    agentPromptService.subscribe((prompt) => {
+        log.log(` Broadcasting agent_prompt_request: ${prompt.id} tool=${prompt.tool} agent=${prompt.agentId}`);
+        ctx.broadcast({ type: 'agent_prompt_request', payload: prompt });
+    });
+    agentPromptService.subscribeResolved((requestId, approved) => {
+        log.log(` Broadcasting agent_prompt_resolved: ${requestId} approved=${approved}`);
+        ctx.broadcast({ type: 'agent_prompt_resolved', payload: { requestId, approved } });
+    });
+}

package/dist/src/packages/server/websocket/listeners/index.js CHANGED Viewed

@@ -1,6 +1,7 @@
 import { agentService } from '../../services/index.js';
 import { setupBossListeners } from './boss-listeners.js';
 import { setupPermissionListeners } from './permission-listeners.js';
+import { setupAgentPromptListeners } from './agent-prompt-listeners.js';
 import { setupRuntimeListeners } from './runtime-listeners.js';
 import { setupSkillListeners } from './skill-listeners.js';
 export function setupServiceListeners(ctx) {
@@ -25,6 +26,7 @@ export function setupServiceListeners(ctx) {
     });
     setupRuntimeListeners(ctx);
     setupPermissionListeners(ctx);
+    setupAgentPromptListeners(ctx);
     setupBossListeners(ctx);
     setupSkillListeners(ctx);
 }

package/dist/src/packages/shared/whatsapp-types.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "tide-commander",
-  "version": "1.97.0",
+  "version": "1.98.0",
   "description": "Visual multi-agent orchestrator and manager for Claude Code with 3D/2D interface",
   "repository": {
     "type": "git",
@@ -25,7 +25,7 @@
     "docs:preview": "npm --prefix src/packages/landing run preview",
     "docs:install": "npm --prefix src/packages/landing install",
     "build": "npm run build:types && vite build && npm run build:server",
-    "build:server": "tsc -p tsconfig.server.json && cp -r src/packages/server/data/migrations dist/src/packages/server/data/",
+    "build:server": "tsc -p tsconfig.server.json && cp -r src/packages/server/data/migrations dist/src/packages/server/data/ && cp src/packages/server/claude/permission-prompt-server.mjs dist/src/packages/server/claude/",
     "preview": "vite preview",
     "setup": "tsx src/packages/server/setup.ts",
     "lint": "eslint src/",