npm - toolgate - Versions diffs - 1.0.0 - Mend

toolgate 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,342 @@
+# 🛡️ ToolGate
+**Optimistic execution middleware for autonomous agents.**
+Let your agent run freely — reads execute instantly, every other action (writes, deletes, sends, deploys) is silently intercepted, recorded, and held for human approval. The agent never knows the difference.
+```
+Agent calls tool ──▶ ToolGate classifies ──▶ READ?  ──▶ Execute for real
+                                            │
+                                            └──▶ ACTION? ──▶ Return phantom result
+                                                              Save params to queue
+                                                              ┊
+                                            Agent finishes ──▶ Human reviews all actions
+                                                              ┊
+                                                              Approve ──▶ Execute for real
+                                                              Reject  ──▶ Discard
+                                                              Edit    ──▶ Execute with new params
+```
+## Install
+```bash
+npm install toolgate
+```
+## Quick Start — 5 Lines
+```typescript
+import { ToolGate, cliApproval } from "toolgate";
+// Your real tool executor (what the agent normally calls)
+async function execute(tool: string, params: Record<string, unknown>) {
+  // call your APIs, MCP servers, SDKs, whatever
+}
+const gate = new ToolGate(execute, {
+  agentName: "my-agent",
+  onApprovalNeeded: cliApproval, // interactive terminal approval
+});
+// Give your agent gate.proxy instead of the real executor
+await myAgent.run({
+  tools: gate.proxy,
+  task: "Organize my inbox and draft replies",
+});
+// When done, finalize — triggers the approval flow
+await gate.finalize();
+```
+That's it. Your agent runs as normal. Reads pass through. Actions are queued. You approve at the end.
+## How Classification Works
+ToolGate uses a multi-layer classifier to determine if a tool call is a **read** (passthrough) or an **action** (intercept):
+1. **Explicit overrides** — `readTools: ["getUser"]` / `actionTools: ["deleteUser"]`
+2. **Custom classifier** — provide your own function
+3. **Name pattern matching** — `get*`, `list*`, `search*` → read. `create*`, `send*`, `delete*` → action
+4. **MCP description analysis** — parses tool descriptions for read vs. mutate signals
+5. **HTTP method hints** — if params contain `method: "GET"` → read, `method: "POST"` → action
+6. **Safe default** — unknown tools are intercepted (never accidentally executes a write)
+## Explicit Tool Lists
+```typescript
+const gate = new ToolGate(execute, {
+  readTools: ["getEmails", "searchContacts", "listFiles"],
+  actionTools: ["sendEmail", "deleteFile", "createIssue"],
+});
+```
+## Custom Classifier
+```typescript
+const gate = new ToolGate(execute, {
+  classifier: (toolName, params) => {
+    if (toolName.startsWith("db.query")) {
+      return { intent: "read", isPassthrough: true, confidence: 1, reason: "DB query" };
+    }
+    // fall through to default
+    return classifyTool(toolName, params);
+  },
+});
+```
+## MCP Integration
+ToolGate auto-classifies MCP tools by analyzing their names and descriptions:
+```typescript
+import { mcpToolGate, autoConfigFromMCP } from "toolgate";
+// Option 1: Provide tool definitions upfront
+const gate = mcpToolGate(mcpExecutor, {
+  mcpServers: [
+    {
+      name: "gmail",
+      url: "https://gmail.mcp.example.com/sse",
+      tools: [
+        { name: "gmail_listMessages", description: "List messages in the inbox" },
+        { name: "gmail_sendMessage", description: "Send a new email message" },
+        { name: "gmail_trashMessage", description: "Move a message to trash" },
+      ],
+    },
+  ],
+});
+// Option 2: Auto-discover from running MCP servers
+const config = await autoConfigFromMCP([
+  { name: "gmail", url: "https://gmail.mcp.example.com/sse" },
+  { name: "github", url: "https://github.mcp.example.com/sse" },
+]);
+const gate = new ToolGate(mcpExecutor, config);
+```
+## Wrapping an Existing Tool Map
+If your agent uses a `{ toolName: function }` map:
+```typescript
+const realTools = {
+  getUser: async (p) => db.users.find(p.id),
+  createUser: async (p) => db.users.insert(p),
+  sendEmail: async (p) => mailer.send(p),
+};
+const gate = new ToolGate(
+  async (name, params) => realTools[name](params),
+  { agentName: "user-manager" }
+);
+// Or use the convenience wrapper:
+const proxiedTools = gate.wrapTools(realTools);
+await agent.run({ tools: proxiedTools });
+await gate.finalize();
+```
+## Phantom Responses
+When an action is intercepted, the agent receives a convincing phantom response so it continues working normally:
+| Intent   | Default Phantom Response                              |
+|----------|-------------------------------------------------------|
+| `create` | `{ success: true, id: "phantom_abc123" }`             |
+| `update` | `{ success: true, message: "Updated successfully" }`  |
+| `delete` | `{ success: true, message: "Deleted successfully" }`  |
+| `send`   | `{ success: true, messageId: "msg_xyz789" }`          |
+Custom phantom responses:
+```typescript
+const gate = new ToolGate(execute, {
+  phantomResponse: (tool) => {
+    if (tool.name === "createIssue") {
+      return { id: 99999, url: "https://github.com/org/repo/issues/99999", title: tool.params.title };
+    }
+    return { ok: true };
+  },
+});
+```
+## Approval Methods
+### 1. CLI (built-in)
+```typescript
+import { cliApproval } from "toolgate";
+const gate = new ToolGate(execute, { onApprovalNeeded: cliApproval });
+```
+### 2. Programmatic
+```typescript
+const gate = new ToolGate(execute);
+await agent.run({ tools: gate.proxy });
+const request = await gate.finalize();
+// Inspect what the agent wants to do
+console.log(gate.summary());
+// Approve everything
+await gate.approveAll();
+// Or reject everything
+await gate.rejectAll();
+// Or decide per-action
+await gate.executeApproval({
+  sessionId: gate.sessionId,
+  approvedAt: Date.now(),
+  decisions: new Map([
+    ["action-id-1", { action: "approve" }],
+    ["action-id-2", { action: "reject" }],
+    ["action-id-3", { action: "edit", actionId: "action-id-3", newParams: { to: "corrected@example.com" } }],
+  ]),
+});
+```
+### 3. Dashboard (Next.js + Supabase)
+See the **Dashboard** section below.
+## Supabase Persistence
+Pass your Supabase credentials and sessions are automatically persisted:
+```typescript
+const gate = new ToolGate(execute, {
+  supabaseUrl: process.env.SUPABASE_URL,
+  supabaseKey: process.env.SUPABASE_ANON_KEY,
+  agentName: "inbox-agent",
+});
+```
+## Inspection
+```typescript
+gate.reads;          // all reads that were executed
+gate.pending;        // all intercepted actions
+gate.currentSession; // full session snapshot
+gate.summary();      // pretty-printed CLI summary
+```
+---
+# Dashboard Setup
+The dashboard is a Next.js app that shows all ToolGate sessions in real time.
+## 1. Supabase Setup
+1. Create a project at [supabase.com](https://supabase.com)
+2. Go to **SQL Editor** and run the contents of `sql/schema.sql` (included in this repo)
+3. Copy your **Project URL** and **anon public key** from Settings → API
+## 2. Dashboard Setup
+```bash
+cd dashboard
+cp .env.example .env.local
+# Edit .env.local with your Supabase URL and key
+npm install
+npm run dev
+```
+Open `http://localhost:3000`. Sessions appear in real time as your agents run.
+## 3. Use Together
+```typescript
+import { ToolGate } from "toolgate";
+const gate = new ToolGate(execute, {
+  agentName: "deploy-bot",
+  supabaseUrl: "https://xxx.supabase.co",
+  supabaseKey: "eyJ...",
+});
+gate.describe("Deploy v2.3.1 to production");
+await agent.run({ tools: gate.proxy });
+await gate.finalize();
+// Now open the dashboard — the session is there with approve/reject/edit buttons
+```
+---
+# Full Example: Autonomous Email Agent
+```typescript
+import { ToolGate, cliApproval } from "toolgate";
+// Simulated tool executor
+async function execute(tool: string, params: Record<string, unknown>) {
+  switch (tool) {
+    case "listEmails":    return [{ id: 1, from: "boss@co.com", subject: "Q3 Report" }];
+    case "readEmail":     return { id: 1, body: "Please review the Q3 numbers." };
+    case "sendEmail":     return { messageId: "real_123" };
+    case "archiveEmail":  return { success: true };
+    default:              return { error: "unknown tool" };
+  }
+}
+const gate = new ToolGate(execute, {
+  agentName: "email-assistant",
+  onApprovalNeeded: cliApproval,
+});
+gate.describe("Read inbox, draft replies, archive processed emails");
+// Simulate what an autonomous agent would do:
+const emails = await gate.proxy("listEmails", {});           // ✅ READ — executes
+const detail = await gate.proxy("readEmail", { id: 1 });     // ✅ READ — executes
+const sent   = await gate.proxy("sendEmail", {               // 🛑 SEND — intercepted
+  to: "boss@co.com",
+  subject: "Re: Q3 Report",
+  body: "Reviewed — numbers look solid. Ship it.",
+});
+const archived = await gate.proxy("archiveEmail", { id: 1 }); // 🛑 DELETE — intercepted
+// Agent thinks both worked. Now finalize:
+await gate.finalize();
+// → CLI shows: 2 reads executed, 2 actions pending approval
+// → You approve/reject/edit each one
+```
+---
+# API Reference
+### `new ToolGate(executor, config?)`
+| Config Field      | Type                                         | Description                              |
+|-------------------|----------------------------------------------|------------------------------------------|
+| `classifier`      | `(name, params) => ToolClassification`       | Custom classification function           |
+| `readTools`       | `string[]`                                   | Always-passthrough tool names            |
+| `actionTools`     | `string[]`                                   | Always-intercept tool names              |
+| `phantomResponse` | `(tool: ToolCall) => unknown`                | Custom phantom result generator          |
+| `onApprovalNeeded`| `(req: ApprovalRequest) => Promise<Result>`  | Callback when agent finishes             |
+| `supabaseUrl`     | `string`                                     | Supabase project URL                     |
+| `supabaseKey`     | `string`                                     | Supabase anon key                        |
+| `agentName`       | `string`                                     | Display name for the agent               |
+| `mcpServers`      | `MCPServerDef[]`                             | MCP server + tool definitions            |
+### Instance Methods
+| Method               | Returns                    | Description                                  |
+|----------------------|----------------------------|----------------------------------------------|
+| `.proxy`             | `RealExecutor`             | The proxied executor to give to your agent   |
+| `.wrapTools(map)`    | Same tool map shape        | Wraps a `{ name: fn }` tool map              |
+| `.describe(text)`    | `this`                     | Set task description                         |
+| `.finalize()`        | `Promise<ApprovalRequest>` | End session, trigger approval                |
+| `.approveAll()`      | `Promise<Map>`             | Approve + execute all pending actions        |
+| `.rejectAll()`       | `void`                     | Reject all pending actions                   |
+| `.executeApproval()` | `Promise<Map>`             | Execute with per-action decisions            |
+| `.summary()`         | `string`                   | Pretty-printed session summary               |
+## License
+MIT

package/dist/index.d.mts ADDED Viewed

@@ -0,0 +1,165 @@
+type ToolIntent = "read" | "write" | "delete" | "create" | "update" | "execute" | "send" | "unknown";
+interface ToolClassification {
+    intent: ToolIntent;
+    isPassthrough: boolean;
+    confidence: number;
+    reason: string;
+}
+interface ToolCall {
+    id: string;
+    name: string;
+    params: Record<string, unknown>;
+    timestamp: number;
+    classification: ToolClassification;
+}
+interface ExecutedRead extends ToolCall {
+    result: unknown;
+}
+interface PendingAction extends ToolCall {
+    phantomResult: unknown;
+    approved?: boolean;
+    editedParams?: Record<string, unknown>;
+}
+type SessionStatus = "running" | "pending_approval" | "approved" | "rejected" | "partial";
+interface Session {
+    id: string;
+    agentName: string;
+    taskDescription: string;
+    startedAt: number;
+    completedAt?: number;
+    status: SessionStatus;
+    reads: ExecutedRead[];
+    pendingActions: PendingAction[];
+    metadata?: Record<string, unknown>;
+}
+interface ApprovalRequest {
+    sessionId: string;
+    agentName: string;
+    taskDescription: string;
+    reads: ExecutedRead[];
+    pendingActions: PendingAction[];
+    createdAt: number;
+}
+type ActionDecision = {
+    action: "approve";
+} | {
+    action: "reject";
+} | {
+    action: "edit";
+    actionId: string;
+    newParams: Record<string, unknown>;
+};
+interface ApprovalResult {
+    sessionId: string;
+    decisions: Map<string, ActionDecision>;
+    approvedAt: number;
+}
+interface ToolGateConfig {
+    /** Custom classifier — override the built-in heuristic */
+    classifier?: (toolName: string, params: Record<string, unknown>) => ToolClassification;
+    /** Explicit read tool names (always passthrough) */
+    readTools?: string[];
+    /** Explicit write/action tool names (always intercept) */
+    actionTools?: string[];
+    /** What to return to the agent when an action is intercepted */
+    phantomResponse?: (tool: ToolCall) => unknown;
+    /** Called when session completes and needs approval */
+    onApprovalNeeded?: (request: ApprovalRequest) => Promise<ApprovalResult>;
+    /** Supabase URL for dashboard persistence (optional) */
+    supabaseUrl?: string;
+    /** Supabase anon key (optional) */
+    supabaseKey?: string;
+    /** Agent display name */
+    agentName?: string;
+    /** MCP server definitions for auto-classification */
+    mcpServers?: MCPServerDef[];
+}
+interface MCPToolDef {
+    name: string;
+    description: string;
+    inputSchema?: Record<string, unknown>;
+}
+interface MCPServerDef {
+    name: string;
+    url: string;
+    tools?: MCPToolDef[];
+}
+type RealExecutor = (toolName: string, params: Record<string, unknown>) => Promise<unknown>;
+declare class ToolGate {
+    private config;
+    private executor;
+    private session;
+    private mcpToolIndex;
+    private readSet;
+    private actionSet;
+    private persistence;
+    constructor(executor: RealExecutor, config?: ToolGateConfig);
+    /** Set a human-readable description for this task/session */
+    describe(taskDescription: string): this;
+    /** The proxy function you hand to the agent instead of the real executor */
+    get proxy(): RealExecutor;
+    /** Wrap an existing tool map (name → function) into a proxied tool map */
+    wrapTools<T extends Record<string, (...args: any[]) => Promise<unknown>>>(tools: T): T;
+    /** Core: classify and either passthrough or intercept */
+    private handle;
+    private classify;
+    private defaultPhantom;
+    /** Call when agent is done. Returns the approval request. */
+    finalize(): Promise<ApprovalRequest>;
+    /** Execute approved actions for real */
+    executeApproval(result: ApprovalResult): Promise<Map<string, unknown>>;
+    /** Approve all pending actions at once */
+    approveAll(): Promise<Map<string, unknown>>;
+    /** Reject all pending actions */
+    rejectAll(): Promise<void>;
+    get sessionId(): string;
+    get reads(): ExecutedRead[];
+    get pending(): PendingAction[];
+    get currentSession(): Session;
+    /** Pretty-print a summary for CLI / logging */
+    summary(): string;
+}
+/**
+ * Interactive CLI approval flow.
+ * Pass this as `onApprovalNeeded` in ToolGateConfig to get a
+ * terminal-based approval UI.
+ */
+declare function cliApproval(request: ApprovalRequest): Promise<ApprovalResult>;
+declare function classifyTool(toolName: string, params: Record<string, unknown>, mcpToolDef?: MCPToolDef): ToolClassification;
+/**
+ * Create a ToolGate specifically for MCP-based agents.
+ *
+ * Pass your MCP server definitions (with tool lists) and ToolGate will
+ * auto-classify every tool by analyzing its name + description.
+ *
+ * Usage:
+ *   const gate = mcpToolGate(mcpExecutor, {
+ *     mcpServers: [
+ *       { name: "gmail", url: "https://gmail.mcp.example.com/sse", tools: [...] },
+ *       { name: "github", url: "https://github.mcp.example.com/sse", tools: [...] },
+ *     ],
+ *   });
+ *
+ *   // Hand gate.proxy to your agent as the tool executor
+ *   await agent.run({ execute: gate.proxy });
+ *   const approval = await gate.finalize();
+ */
+declare function mcpToolGate(executor: RealExecutor, config?: ToolGateConfig): ToolGate;
+/**
+ * Fetch MCP tool definitions from a running MCP server.
+ * Calls the standard `tools/list` JSON-RPC method.
+ */
+declare function discoverMCPTools(serverUrl: string): Promise<MCPToolDef[]>;
+/**
+ * Auto-discover tools from all MCP servers and return a fully configured ToolGateConfig.
+ */
+declare function autoConfigFromMCP(servers: Array<{
+    name: string;
+    url: string;
+}>, overrides?: Partial<ToolGateConfig>): Promise<ToolGateConfig>;
+export { type ActionDecision, type ApprovalRequest, type ApprovalResult, type ExecutedRead, type MCPServerDef, type MCPToolDef, type PendingAction, type RealExecutor, type Session, type SessionStatus, type ToolCall, type ToolClassification, ToolGate, type ToolGateConfig, type ToolIntent, autoConfigFromMCP, classifyTool, cliApproval, discoverMCPTools, mcpToolGate };

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,165 @@
+type ToolIntent = "read" | "write" | "delete" | "create" | "update" | "execute" | "send" | "unknown";
+interface ToolClassification {
+    intent: ToolIntent;
+    isPassthrough: boolean;
+    confidence: number;
+    reason: string;
+}
+interface ToolCall {
+    id: string;
+    name: string;
+    params: Record<string, unknown>;
+    timestamp: number;
+    classification: ToolClassification;
+}
+interface ExecutedRead extends ToolCall {
+    result: unknown;
+}
+interface PendingAction extends ToolCall {
+    phantomResult: unknown;
+    approved?: boolean;
+    editedParams?: Record<string, unknown>;
+}
+type SessionStatus = "running" | "pending_approval" | "approved" | "rejected" | "partial";
+interface Session {
+    id: string;
+    agentName: string;
+    taskDescription: string;
+    startedAt: number;
+    completedAt?: number;
+    status: SessionStatus;
+    reads: ExecutedRead[];
+    pendingActions: PendingAction[];
+    metadata?: Record<string, unknown>;
+}
+interface ApprovalRequest {
+    sessionId: string;
+    agentName: string;
+    taskDescription: string;
+    reads: ExecutedRead[];
+    pendingActions: PendingAction[];
+    createdAt: number;
+}
+type ActionDecision = {
+    action: "approve";
+} | {
+    action: "reject";
+} | {
+    action: "edit";
+    actionId: string;
+    newParams: Record<string, unknown>;
+};
+interface ApprovalResult {
+    sessionId: string;
+    decisions: Map<string, ActionDecision>;
+    approvedAt: number;
+}
+interface ToolGateConfig {
+    /** Custom classifier — override the built-in heuristic */
+    classifier?: (toolName: string, params: Record<string, unknown>) => ToolClassification;
+    /** Explicit read tool names (always passthrough) */
+    readTools?: string[];
+    /** Explicit write/action tool names (always intercept) */
+    actionTools?: string[];
+    /** What to return to the agent when an action is intercepted */
+    phantomResponse?: (tool: ToolCall) => unknown;
+    /** Called when session completes and needs approval */
+    onApprovalNeeded?: (request: ApprovalRequest) => Promise<ApprovalResult>;
+    /** Supabase URL for dashboard persistence (optional) */
+    supabaseUrl?: string;
+    /** Supabase anon key (optional) */
+    supabaseKey?: string;
+    /** Agent display name */
+    agentName?: string;
+    /** MCP server definitions for auto-classification */
+    mcpServers?: MCPServerDef[];
+}
+interface MCPToolDef {
+    name: string;
+    description: string;
+    inputSchema?: Record<string, unknown>;
+}
+interface MCPServerDef {
+    name: string;
+    url: string;
+    tools?: MCPToolDef[];
+}
+type RealExecutor = (toolName: string, params: Record<string, unknown>) => Promise<unknown>;
+declare class ToolGate {
+    private config;
+    private executor;
+    private session;
+    private mcpToolIndex;
+    private readSet;
+    private actionSet;
+    private persistence;
+    constructor(executor: RealExecutor, config?: ToolGateConfig);
+    /** Set a human-readable description for this task/session */
+    describe(taskDescription: string): this;
+    /** The proxy function you hand to the agent instead of the real executor */
+    get proxy(): RealExecutor;
+    /** Wrap an existing tool map (name → function) into a proxied tool map */
+    wrapTools<T extends Record<string, (...args: any[]) => Promise<unknown>>>(tools: T): T;
+    /** Core: classify and either passthrough or intercept */
+    private handle;
+    private classify;
+    private defaultPhantom;
+    /** Call when agent is done. Returns the approval request. */
+    finalize(): Promise<ApprovalRequest>;
+    /** Execute approved actions for real */
+    executeApproval(result: ApprovalResult): Promise<Map<string, unknown>>;
+    /** Approve all pending actions at once */
+    approveAll(): Promise<Map<string, unknown>>;
+    /** Reject all pending actions */
+    rejectAll(): Promise<void>;
+    get sessionId(): string;
+    get reads(): ExecutedRead[];
+    get pending(): PendingAction[];
+    get currentSession(): Session;
+    /** Pretty-print a summary for CLI / logging */
+    summary(): string;
+}
+/**
+ * Interactive CLI approval flow.
+ * Pass this as `onApprovalNeeded` in ToolGateConfig to get a
+ * terminal-based approval UI.
+ */
+declare function cliApproval(request: ApprovalRequest): Promise<ApprovalResult>;
+declare function classifyTool(toolName: string, params: Record<string, unknown>, mcpToolDef?: MCPToolDef): ToolClassification;
+/**
+ * Create a ToolGate specifically for MCP-based agents.
+ *
+ * Pass your MCP server definitions (with tool lists) and ToolGate will
+ * auto-classify every tool by analyzing its name + description.
+ *
+ * Usage:
+ *   const gate = mcpToolGate(mcpExecutor, {
+ *     mcpServers: [
+ *       { name: "gmail", url: "https://gmail.mcp.example.com/sse", tools: [...] },
+ *       { name: "github", url: "https://github.mcp.example.com/sse", tools: [...] },
+ *     ],
+ *   });
+ *
+ *   // Hand gate.proxy to your agent as the tool executor
+ *   await agent.run({ execute: gate.proxy });
+ *   const approval = await gate.finalize();
+ */
+declare function mcpToolGate(executor: RealExecutor, config?: ToolGateConfig): ToolGate;
+/**
+ * Fetch MCP tool definitions from a running MCP server.
+ * Calls the standard `tools/list` JSON-RPC method.
+ */
+declare function discoverMCPTools(serverUrl: string): Promise<MCPToolDef[]>;
+/**
+ * Auto-discover tools from all MCP servers and return a fully configured ToolGateConfig.
+ */
+declare function autoConfigFromMCP(servers: Array<{
+    name: string;
+    url: string;
+}>, overrides?: Partial<ToolGateConfig>): Promise<ToolGateConfig>;
+export { type ActionDecision, type ApprovalRequest, type ApprovalResult, type ExecutedRead, type MCPServerDef, type MCPToolDef, type PendingAction, type RealExecutor, type Session, type SessionStatus, type ToolCall, type ToolClassification, ToolGate, type ToolGateConfig, type ToolIntent, autoConfigFromMCP, classifyTool, cliApproval, discoverMCPTools, mcpToolGate };