tide-commander 1.97.0 → 1.99.0

package/dist/src/packages/server/routes/skills.js

@@ -0,0 +1,193 @@
+/**
+ * Skills Routes
+ * REST API endpoints for skill CRUD (custom and builtin-readable).
+ *
+ * Mirrors the WebSocket skill handlers in functionality but provides a
+ * stable HTTP surface for one-shot registration by other services or
+ * automation that doesn't want to maintain a WS subscription.
+ */
+import { Router } from 'express';
+import { skillService } from '../services/index.js';
+import { createLogger, generateSlug } from '../utils/index.js';
+const log = createLogger('SkillsRoute');
+const router = Router();
+let broadcastFn = null;
+export function setBroadcast(fn) {
+    broadcastFn = fn;
+}
+function broadcast(type, payload) {
+    if (!broadcastFn)
+        return;
+    broadcastFn({ type, payload });
+}
+function validateUpsertBody(body) {
+    if (!body || typeof body !== 'object')
+        return { error: 'Request body must be a JSON object' };
+    const b = body;
+    if (typeof b.name !== 'string' || !b.name.trim())
+        return { error: 'name is required (string)' };
+    if (typeof b.description !== 'string')
+        return { error: 'description is required (string)' };
+    if (typeof b.content !== 'string')
+        return { error: 'content is required (string)' };
+    if (b.allowedTools !== undefined && (!Array.isArray(b.allowedTools) || b.allowedTools.some(t => typeof t !== 'string'))) {
+        return { error: 'allowedTools must be a string array' };
+    }
+    if (b.model !== undefined && typeof b.model !== 'string')
+        return { error: 'model must be a string' };
+    if (b.context !== undefined && b.context !== 'fork' && b.context !== 'inline')
+        return { error: "context must be 'fork' or 'inline'" };
+    if (b.enabled !== undefined && typeof b.enabled !== 'boolean')
+        return { error: 'enabled must be boolean' };
+    if (b.slug !== undefined && typeof b.slug !== 'string')
+        return { error: 'slug must be a string' };
+    return { body: b };
+}
+function normalizeSlug(slug) {
+    // Run through the canonical slug helper so callers can't sneak unsafe characters
+    // into the persisted file. generateSlug is idempotent on already-safe input.
+    return generateSlug(slug);
+}
+// ----------------------------------------------------------------------------
+// GET /api/skills — list all
+// ----------------------------------------------------------------------------
+router.get('/', (_req, res) => {
+    try {
+        res.json({ skills: skillService.getAllSkills() });
+    }
+    catch (err) {
+        log.error(' Failed to list skills:', err);
+        res.status(500).json({ error: err.message });
+    }
+});
+// ----------------------------------------------------------------------------
+// GET /api/skills/:slug — single
+// ----------------------------------------------------------------------------
+router.get('/:slug', (req, res) => {
+    try {
+        const slug = normalizeSlug(String(req.params.slug));
+        const skill = skillService.getSkillBySlug(slug);
+        if (!skill)
+            return res.status(404).json({ error: `Skill not found: ${slug}` });
+        res.json(skill);
+    }
+    catch (err) {
+        log.error(' Failed to fetch skill:', err);
+        res.status(500).json({ error: err.message });
+    }
+});
+// ----------------------------------------------------------------------------
+// Upsert helper shared by PUT /:slug and POST /
+// ----------------------------------------------------------------------------
+function upsertSkill(slug, body, res) {
+    const existing = skillService.getSkillBySlug(slug);
+    if (!existing) {
+        const created = skillService.createSkill({
+            slug,
+            name: body.name,
+            description: body.description,
+            content: body.content,
+            allowedTools: body.allowedTools,
+            model: body.model,
+            context: body.context,
+            assignedAgentIds: body.assignedAgentIds,
+            assignedAgentClasses: body.assignedAgentClasses,
+            enabled: body.enabled,
+        });
+        broadcast('skill_created', created);
+        log.log(` Created skill via HTTP: ${created.slug} (${created.id})`);
+        res.status(201).json(created);
+        return;
+    }
+    if (existing.builtin) {
+        res.status(409).json({ error: `slug '${slug}' is owned by a builtin skill` });
+        return;
+    }
+    const updates = {
+        name: body.name,
+        description: body.description,
+        content: body.content,
+        slug,
+    };
+    if (body.allowedTools !== undefined)
+        updates.allowedTools = body.allowedTools;
+    if (body.model !== undefined)
+        updates.model = body.model;
+    if (body.context !== undefined)
+        updates.context = body.context;
+    if (body.assignedAgentIds !== undefined)
+        updates.assignedAgentIds = body.assignedAgentIds;
+    if (body.assignedAgentClasses !== undefined)
+        updates.assignedAgentClasses = body.assignedAgentClasses;
+    if (body.enabled !== undefined)
+        updates.enabled = body.enabled;
+    const updated = skillService.updateSkill(existing.id, updates);
+    if (!updated) {
+        res.status(500).json({ error: `Failed to update skill ${slug}` });
+        return;
+    }
+    broadcast('skill_updated', updated);
+    log.log(` Updated skill via HTTP: ${updated.slug} (${updated.id})`);
+    res.status(200).json(updated);
+}
+// ----------------------------------------------------------------------------
+// PUT /api/skills/:slug — upsert by slug in URL
+// ----------------------------------------------------------------------------
+router.put('/:slug', (req, res) => {
+    try {
+        const urlSlug = normalizeSlug(String(req.params.slug));
+        const v = validateUpsertBody(req.body);
+        if ('error' in v)
+            return res.status(400).json({ error: v.error });
+        if (v.body.slug !== undefined && normalizeSlug(v.body.slug) !== urlSlug) {
+            return res.status(400).json({ error: `URL slug '${urlSlug}' does not match body slug '${v.body.slug}'` });
+        }
+        upsertSkill(urlSlug, v.body, res);
+    }
+    catch (err) {
+        log.error(' Failed to upsert skill:', err);
+        res.status(500).json({ error: err.message });
+    }
+});
+// ----------------------------------------------------------------------------
+// POST /api/skills — upsert with slug from body (or derived from name)
+// ----------------------------------------------------------------------------
+router.post('/', (req, res) => {
+    try {
+        const v = validateUpsertBody(req.body);
+        if ('error' in v)
+            return res.status(400).json({ error: v.error });
+        const slug = v.body.slug ? normalizeSlug(v.body.slug) : generateSlug(v.body.name);
+        if (!slug)
+            return res.status(400).json({ error: 'slug could not be derived from name' });
+        upsertSkill(slug, v.body, res);
+    }
+    catch (err) {
+        log.error(' Failed to upsert skill:', err);
+        res.status(500).json({ error: err.message });
+    }
+});
+// ----------------------------------------------------------------------------
+// DELETE /api/skills/:slug — delete custom skill (409 if builtin)
+// ----------------------------------------------------------------------------
+router.delete('/:slug', (req, res) => {
+    try {
+        const slug = normalizeSlug(String(req.params.slug));
+        const skill = skillService.getSkillBySlug(slug);
+        if (!skill)
+            return res.status(404).json({ error: `Skill not found: ${slug}` });
+        if (skill.builtin)
+            return res.status(409).json({ error: `Cannot delete builtin skill '${slug}'` });
+        const ok = skillService.deleteSkill(skill.id);
+        if (!ok)
+            return res.status(500).json({ error: `Failed to delete skill ${slug}` });
+        broadcast('skill_deleted', { id: skill.id });
+        log.log(` Deleted skill via HTTP: ${slug} (${skill.id})`);
+        res.status(204).end();
+    }
+    catch (err) {
+        log.error(' Failed to delete skill:', err);
+        res.status(500).json({ error: err.message });
+    }
+});
+export default router;

package/dist/src/packages/server/routes/system.js

@@ -0,0 +1,156 @@
+/**
+ * System Routes
+ * Endpoints for inspecting / updating the running Tide Commander install.
+ */
+import { Router } from 'express';
+import { createLogger } from '../utils/logger.js';
+import { fetchLatestNpmVersion, getVersionRelation } from '../../shared/version.js';
+import { getInstallInfo, isAutoUpdateSupported, runNpmGlobalUpdate, } from '../services/self-update-service.js';
+const log = createLogger('SystemRoutes');
+const router = Router();
+const PACKAGE_NAME = 'tide-commander';
+// Guard: only one self-update may run at a time
+let updateInProgress = false;
+/**
+ * GET /api/system/install-info
+ *
+ * Returns enough info for the UI to decide whether to render the "Update now"
+ * button and which command to suggest if auto-update isn't supported.
+ */
+router.get('/install-info', async (_req, res) => {
+    try {
+        const info = getInstallInfo();
+        const latestVersion = await fetchLatestNpmVersion(PACKAGE_NAME);
+        const relation = latestVersion
+            ? getVersionRelation(info.currentVersion, latestVersion)
+            : 'unknown';
+        const updateAvailable = relation === 'behind';
+        res.json({
+            isGlobalInstall: info.isGlobalInstall,
+            packageManager: info.packageManager,
+            installRoot: info.installRoot,
+            currentVersion: info.currentVersion,
+            latestVersion,
+            updateAvailable,
+            autoUpdateSupported: isAutoUpdateSupported(info),
+            suggestedManualCommand: info.suggestedManualCommand,
+            reason: info.reason,
+            updateInProgress,
+        });
+    }
+    catch (err) {
+        const message = err.message;
+        log.error(`Failed to get install info: ${message}`);
+        res.status(500).json({ error: message });
+    }
+});
+/**
+ * POST /api/system/self-update
+ *
+ * Streams the output of `npm install -g tide-commander@latest` via SSE.
+ *
+ * SSE events:
+ *   - start    { message }
+ *   - stdout   { chunk }
+ *   - stderr   { chunk }
+ *   - done     { success, exitCode, newVersion, requiresRestart }
+ *   - error    { message, permissionDenied, suggestedManualCommand }
+ *
+ * On success the server schedules its own exit so the next launch picks up
+ * the new binary. The user must relaunch tide-commander manually.
+ */
+router.post('/self-update', async (_req, res) => {
+    const info = getInstallInfo();
+    if (!info.isGlobalInstall) {
+        res.status(400).json({
+            error: 'Auto-update is only available when running from a global install.',
+            reason: info.reason,
+        });
+        return;
+    }
+    if (!isAutoUpdateSupported(info)) {
+        res.status(400).json({
+            error: `Auto-update is not supported for package manager: ${info.packageManager}`,
+            suggestedManualCommand: info.suggestedManualCommand,
+        });
+        return;
+    }
+    if (updateInProgress) {
+        res.status(409).json({ error: 'An update is already in progress.' });
+        return;
+    }
+    updateInProgress = true;
+    res.setHeader('Content-Type', 'text/event-stream');
+    res.setHeader('Cache-Control', 'no-cache, no-transform');
+    res.setHeader('Connection', 'keep-alive');
+    res.setHeader('X-Accel-Buffering', 'no');
+    res.flushHeaders?.();
+    const send = (event, data) => {
+        res.write(`event: ${event}\n`);
+        res.write(`data: ${JSON.stringify(data)}\n\n`);
+    };
+    // Keepalive comment every 15s in case the install takes a while
+    const keepalive = setInterval(() => {
+        try {
+            res.write(`: keepalive ${Date.now()}\n\n`);
+        }
+        catch {
+            // socket closed
+        }
+    }, 15000);
+    send('start', { message: `Running npm install -g ${PACKAGE_NAME}@latest...` });
+    try {
+        const result = await runNpmGlobalUpdate({
+            onStdout: (chunk) => send('stdout', { chunk }),
+            onStderr: (chunk) => send('stderr', { chunk }),
+        });
+        clearInterval(keepalive);
+        if (result.exitCode === 0) {
+            const newVersion = (await fetchLatestNpmVersion(PACKAGE_NAME)) ?? null;
+            send('done', {
+                success: true,
+                exitCode: 0,
+                newVersion,
+                requiresRestart: true,
+                message: 'Update installed. Please restart Tide Commander from your terminal.',
+            });
+            res.end();
+            // Give the client ~1.5s to render the success message before we exit.
+            // The user must manually restart with `tide-commander` from the terminal.
+            log.log('Update succeeded — scheduling server exit in 1500ms to release the old binary.');
+            setTimeout(() => {
+                log.log('Exiting after successful update. Restart manually with: tide-commander');
+                process.exit(0);
+            }, 1500);
+        }
+        else {
+            const errMsg = result.permissionDenied
+                ? 'Permission denied while installing globally. Re-run from a terminal with the appropriate permissions (e.g. sudo npm install -g tide-commander@latest), or fix your npm prefix to a user-owned directory.'
+                : `npm install exited with code ${result.exitCode}.`;
+            send('error', {
+                message: errMsg,
+                exitCode: result.exitCode,
+                permissionDenied: result.permissionDenied,
+                suggestedManualCommand: info.suggestedManualCommand,
+            });
+            send('done', {
+                success: false,
+                exitCode: result.exitCode,
+                newVersion: null,
+                requiresRestart: false,
+            });
+            res.end();
+            updateInProgress = false;
+        }
+    }
+    catch (err) {
+        clearInterval(keepalive);
+        const message = err.message;
+        log.error(`Self-update failed: ${message}`);
+        send('error', { message, permissionDenied: false, suggestedManualCommand: info.suggestedManualCommand });
+        send('done', { success: false, exitCode: -1, newVersion: null, requiresRestart: false });
+        res.end();
+        updateInProgress = false;
+    }
+});
+export default router;

package/dist/src/packages/server/routes/trigger-routes.js

@@ -15,12 +15,14 @@
  *   GET    /api/triggers/:id/events         - Get trigger fire history
  */
 import { Router } from 'express';
+import * as crypto from 'crypto';
 import * as triggerService from '../services/trigger-service.js';
 import * as cronService from '../services/cron-service.js';
 import { createLogger } from '../utils/logger.js';
-import { detectWebhookProvider, verifyHmacSignature, getWebhookHmacPayload, GITHUB_SIGNATURE_HEADER, BITBUCKET_SIGNATURE_HEADER, BITBUCKET_EVENT_HEADER, } from './webhook-signatures.js';
+import { detectWebhookProvider, verifyHmacSignature, getWebhookHmacPayload, GITHUB_SIGNATURE_HEADER, BITBUCKET_SIGNATURE_HEADER, BITBUCKET_EVENT_HEADER, JIRA_SIGNATURE_HEADER, } from './webhook-signatures.js';
 import { WebhookDedupeCache } from './webhook-dedupe.js';
 import { isBitbucketAuthorLoop } from './bitbucket-author-loop.js';
+import { jiraTriggerHandler } from '../integrations/jira/jira-trigger-handler.js';
 const log = createLogger('TriggerRoutes');
 const router = Router();
 // Process-wide dedupe cache for webhook deliveries. Bitbucket retries reuse
@@ -105,33 +107,34 @@ router.post('/webhook/:triggerId', async (req, res) => {
         res.status(400).json({ error: 'Trigger is disabled' });
         return;
     }
-    // Both `webhook` and `bitbucket` route through this handler — the signature,
-    // dedupe, and author-loop helpers are header-driven (auto-detect Bitbucket
-    // vs GitHub via X-Event-Key vs X-GitHub-Event), so they work for either type.
-    if (trigger.type !== 'webhook' && trigger.type !== 'bitbucket') {
+    if (trigger.type !== 'webhook' && trigger.type !== 'bitbucket' && trigger.type !== 'jira') {
         res.status(400).json({ error: 'Not a webhook-receivable trigger', triggerType: trigger.type });
         return;
     }
-    // Validate HMAC secret if configured
+    // Jira fails closed when no secret is configured: classic Cloud webhooks are
+    // unsigned, so the `?secret=<shared>` query-string is the only auth path —
+    // leaving it empty would let anyone fire the trigger by URL guess.
+    if (trigger.type === 'jira' && !trigger.config.secret) {
+        log.warn(`Webhook trigger ${triggerId} rejected: Jira trigger has no secret configured`);
+        res.status(401).json({ error: 'Jira trigger requires a configured secret' });
+        return;
+    }
     if (trigger.config.secret) {
         const provider = detectWebhookProvider(req.headers);
         const githubSig = req.headers[GITHUB_SIGNATURE_HEADER];
         const bitbucketSig = req.headers[BITBUCKET_SIGNATURE_HEADER];
+        const jiraSig = req.headers[JIRA_SIGNATURE_HEADER];
         const plainSecret = req.headers['x-webhook-secret'];
-        // Pick the signature whose header matches the detected provider — falls back
-        // to whichever HMAC header is present, then to the plain X-Webhook-Secret.
+        const querySecret = typeof req.query.secret === 'string' ? req.query.secret : undefined;
         const hmacSig = provider === 'bitbucket' ? bitbucketSig
             : provider === 'github' ? githubSig
-                : (githubSig || bitbucketSig);
-        if (!hmacSig && !plainSecret) {
+                : provider === 'jira' ? jiraSig
+                    : (githubSig || bitbucketSig || jiraSig);
+        if (!hmacSig && !plainSecret && !querySecret) {
             res.status(401).json({ error: 'Missing signature' });
             return;
         }
         if (hmacSig) {
-            // GitHub and Bitbucket Cloud both use HMAC-SHA256 with the `sha256=` prefix.
-            // Hash the raw request bytes captured by the webhook-scoped JSON parser
-            // (see app.ts) — re-serializing req.body would risk a false reject on
-            // key reordering / whitespace differences.
             const { payload, usedFallback } = getWebhookHmacPayload(req);
             if (usedFallback) {
                 log.warn(`Webhook trigger ${triggerId}: rawBody unavailable, falling back to JSON.stringify — signature may not match`);
@@ -144,11 +147,14 @@ router.post('/webhook/:triggerId', async (req, res) => {
             }
         }
         else {
-            // Direct comparison for X-Webhook-Secret
-            if (plainSecret !== trigger.config.secret) {
+            const candidate = plainSecret ?? querySecret ?? '';
+            if (!constantTimeEqual(candidate, trigger.config.secret)) {
                 res.status(401).json({ error: 'Invalid secret' });
                 return;
             }
+            if (querySecret && trigger.type === 'jira') {
+                log.warn(`Webhook trigger ${triggerId}: Jira ?secret= fallback used (no HMAC) — Cloud classic webhooks are unsigned, prefer Cloud Signed Webhooks when possible`);
+            }
         }
     }
     // Idempotency: short-circuit Bitbucket retry deliveries (same X-Request-UUID
@@ -173,12 +179,36 @@ router.post('/webhook/:triggerId', async (req, res) => {
         res.json({ skipped: 'author-loop-guard' });
         return;
     }
-    // Extract fields from payload
     const variables = {
         'trigger.name': trigger.name,
         timestamp: new Date().toISOString(),
         payload: JSON.stringify(req.body),
     };
+    if (trigger.type === 'jira') {
+        const event = {
+            source: 'jira',
+            type: (req.body && typeof req.body === 'object' && 'webhookEvent' in req.body
+                ? String(req.body.webhookEvent ?? 'jira')
+                : 'jira'),
+            data: normalizeJiraPayload(req.body),
+            timestamp: Date.now(),
+        };
+        if (!jiraTriggerHandler.structuralMatch(trigger, event)) {
+            res.json({ fired: false, reason: 'structural-mismatch' });
+            return;
+        }
+        Object.assign(variables, jiraTriggerHandler.extractVariables(trigger, event));
+        try {
+            await triggerService.fireTrigger(triggerId, variables, { rawPayload: event.data });
+            res.json({ fired: true });
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : 'Failed to fire trigger';
+            log.error(`Webhook trigger ${triggerId} failed:`, err);
+            res.status(500).json({ error: message });
+        }
+        return;
+    }
     // `extractFields` is declared on WebhookTrigger.config but is conceptually
     // generic: same-shape JSON-path extraction works for any header-receivable
     // type. Read through the union via a structural cast (mirrors the fallback
@@ -301,4 +331,31 @@ function getNestedValue(obj, path) {
     }
     return current;
 }
+function constantTimeEqual(a, b) {
+    const ab = Buffer.from(a);
+    const bb = Buffer.from(b);
+    if (ab.length !== bb.length)
+        return false;
+    return crypto.timingSafeEqual(ab, bb);
+}
+/**
+ * Reshape Jira Server / Data Center payloads into the Cloud shape the trigger
+ * handler reads. Server fires events like `issue_updated` via
+ * `issue_event_type_name`; Cloud uses `webhookEvent: "jira:issue_updated"`.
+ * Cloud nests the issue under `issue`; Server does too, so no key rewrite —
+ * we just synthesize a `webhookEvent` when missing so the handler's filter
+ * by event type works against both variants without per-shape branching.
+ */
+function normalizeJiraPayload(body) {
+    if (!body || typeof body !== 'object')
+        return {};
+    const src = body;
+    if (src.webhookEvent || !src.issue_event_type_name)
+        return src;
+    const eventName = String(src.issue_event_type_name);
+    const synthesized = eventName.startsWith('comment_')
+        ? eventName
+        : `jira:${eventName.startsWith('issue_') ? eventName : `issue_${eventName}`}`;
+    return { ...src, webhookEvent: synthesized };
+}
 export default router;

package/dist/src/packages/server/routes/webhook-signatures.js

@@ -2,12 +2,18 @@
  * Webhook signature verification for incoming HMAC-SHA256 webhooks.
  *
  * Detects provider by header presence:
- *   - GitHub-style:    `X-GitHub-Event` + `X-Hub-Signature-256`
- *   - Bitbucket Cloud: `X-Event-Key`    + `X-Hub-Signature` (note: different header)
+ *   - GitHub-style:    `X-GitHub-Event`                 + `X-Hub-Signature-256`
+ *   - Bitbucket Cloud: `X-Event-Key`                    + `X-Hub-Signature`
+ *   - Jira (Cloud signed / Server signed plugins):
+ *                      `X-Atlassian-Webhook-Identifier` + `X-Hub-Signature`
  *
- * Both providers use the same algorithm (HMAC-SHA256, hex-encoded, with the
+ * All providers use the same algorithm (HMAC-SHA256, hex-encoded, with the
  * `sha256=` prefix); only the header name differs. The trigger's per-instance
- * secret is reused across both — the trigger config doesn't distinguish.
+ * secret is reused across all — the trigger config doesn't distinguish.
+ *
+ * Jira Cloud's classic admin webhooks don't sign payloads. For that case the
+ * caller falls back to a `?secret=<shared>` query-string check rather than
+ * HMAC; the helpers here cover the signed paths only.
  *
  * Body source: HMAC is computed over the *raw* request bytes captured by the
  * scoped `express.json({ verify })` middleware in app.ts. Re-serializing via
@@ -20,18 +26,25 @@
 import * as crypto from 'crypto';
 export const GITHUB_SIGNATURE_HEADER = 'x-hub-signature-256';
 export const BITBUCKET_SIGNATURE_HEADER = 'x-hub-signature';
+export const JIRA_SIGNATURE_HEADER = 'x-hub-signature';
 export const GITHUB_EVENT_HEADER = 'x-github-event';
 export const BITBUCKET_EVENT_HEADER = 'x-event-key';
+export const JIRA_WEBHOOK_ID_HEADER = 'x-atlassian-webhook-identifier';
 /**
- * Detect provider by event-key header. Bitbucket sends `X-Event-Key`,
- * GitHub sends `X-GitHub-Event`. Either header can appear in lowercase
- * via Node's normalization. Returns null when neither is present.
+ * Detect provider by identifying header. Bitbucket sends `X-Event-Key`,
+ * GitHub sends `X-GitHub-Event`, Jira sends `X-Atlassian-Webhook-Identifier`.
+ * Headers arrive lowercased via Node's normalization. Bitbucket wins over
+ * Jira when both are somehow present (Jira-from-Bitbucket is implausible;
+ * either way the HMAC step still gates dispatch). Returns null when no
+ * identifying header is present.
  */
 export function detectWebhookProvider(headers) {
     if (headers[BITBUCKET_EVENT_HEADER])
         return 'bitbucket';
     if (headers[GITHUB_EVENT_HEADER])
         return 'github';
+    if (headers[JIRA_WEBHOOK_ID_HEADER])
+        return 'jira';
     return null;
 }
 /**

package/dist/src/packages/server/services/agent-prompt-service.js

@@ -0,0 +1,100 @@
+/**
+ * Agent Prompt Service
+ *
+ * Bridges the MCP permission-prompt-tool flow to the Tide Commander UI.
+ * When a bypass-mode Claude agent invokes AskUserQuestion or ExitPlanMode the
+ * MCP server (src/packages/server/claude/permission-prompt-server.mjs) POSTs
+ * here; we hold the request, broadcast it to the UI, and resolve the waiting
+ * promise once the user clicks Approve / picks an answer (or on timeout).
+ *
+ * Mirrors permission-service.ts intentionally — the data flow is the same.
+ */
+import { createLogger } from '../utils/logger.js';
+const log = createLogger('AgentPrompt');
+const pending = new Map();
+const listeners = new Set();
+const resolvedListeners = new Set();
+// Plan/clarification prompts can sit for a while in interactive review — give
+// the user 10 minutes before falling back to a deny.
+const DEFAULT_TIMEOUT_MS = 10 * 60 * 1000;
+export function subscribe(listener) {
+    listeners.add(listener);
+    return () => listeners.delete(listener);
+}
+export function subscribeResolved(listener) {
+    resolvedListeners.add(listener);
+    return () => resolvedListeners.delete(listener);
+}
+function broadcast(prompt) {
+    listeners.forEach((l) => l(prompt));
+}
+function broadcastResolved(requestId, approved) {
+    resolvedListeners.forEach((l) => l(requestId, approved));
+}
+/**
+ * Create a prompt and wait for the user's response (or timeout).
+ * Called by the agent-prompt HTTP route on behalf of the MCP server.
+ */
+export async function createPrompt(args) {
+    const prompt = {
+        id: args.id,
+        agentId: args.agentId,
+        tool: args.tool,
+        input: args.input,
+        status: 'pending',
+        timestamp: Date.now(),
+    };
+    log.log(`Prompt created: ${args.id} tool=${args.tool} agent=${args.agentId}`);
+    return new Promise((resolve) => {
+        const timeout = setTimeout(() => {
+            log.log(`Prompt ${args.id} timed out — denying`);
+            pending.delete(args.id);
+            broadcastResolved(args.id, false);
+            resolve({ requestId: args.id, approved: false, reason: 'Prompt timed out' });
+        }, DEFAULT_TIMEOUT_MS);
+        pending.set(args.id, { prompt, resolve, timeout });
+        broadcast(prompt);
+    });
+}
+/**
+ * Deliver a user response. Called by the UI via HTTP POST or WS message.
+ */
+export function respondToPrompt(response) {
+    const entry = pending.get(response.requestId);
+    if (!entry) {
+        log.log(`No pending prompt for ${response.requestId}`);
+        return false;
+    }
+    clearTimeout(entry.timeout);
+    pending.delete(response.requestId);
+    entry.prompt.status = 'answered';
+    log.log(`Prompt ${response.requestId} answered approved=${response.approved}`);
+    broadcastResolved(response.requestId, response.approved);
+    entry.resolve(response);
+    return true;
+}
+export function getPendingPrompts() {
+    return Array.from(pending.values()).map((p) => p.prompt);
+}
+export function getPendingPromptsForAgent(agentId) {
+    return Array.from(pending.values())
+        .filter((p) => p.prompt.agentId === agentId)
+        .map((p) => p.prompt);
+}
+/**
+ * Cancel all pending prompts for an agent (used when an agent is stopped).
+ */
+export function cancelPromptsForAgent(agentId) {
+    const cancelled = [];
+    for (const [id, entry] of pending) {
+        if (entry.prompt.agentId === agentId) {
+            log.log(`Cancelling prompt ${id} for stopped agent ${agentId}`);
+            clearTimeout(entry.timeout);
+            pending.delete(id);
+            broadcastResolved(id, false);
+            entry.resolve({ requestId: id, approved: false, reason: 'Agent was stopped' });
+            cancelled.push(id);
+        }
+    }
+    return cancelled;
+}

package/dist/src/packages/server/services/index.js

@@ -6,6 +6,7 @@ export * as agentService from './agent-service.js';
 export * as claudeService from './claude-service.js';
 export * as runtimeService from './runtime-service.js';
 export * as permissionService from './permission-service.js';
+export * as agentPromptService from './agent-prompt-service.js';
 export * as bossService from './boss-service.js';
 export * as skillService from './skill-service.js';
 export * as customClassService from './custom-class-service.js';