npm - ummaya - Versions diffs - 0.2.3 → 0.2.5 - Mend

ummaya 0.2.3 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (534) hide show

package/README.md +17 -3
package/bin/ummaya +10 -1
package/npm-shrinkwrap.json +253 -2
package/package.json +5 -1
package/prompts/manifest.yaml +2 -2
package/prompts/session_guidance_v1.md +3 -1
package/prompts/system_v1.md +9 -7
package/pyproject.toml +26 -7
package/specs/2803-document-production-hardening/contracts/document-tools.schema.json +1043 -0
package/src/ummaya/_canonical/__init__.py +2 -0
package/src/ummaya/context/builder.py +17 -11
package/src/ummaya/engine/engine.py +30 -113
package/src/ummaya/engine/query.py +20 -0
package/src/ummaya/evidence/__init__.py +44 -0
package/src/ummaya/evidence/__main__.py +7 -0
package/src/ummaya/evidence/dataset_contract.py +193 -0
package/src/ummaya/evidence/document_authoring_cases.py +33 -0
package/src/ummaya/evidence/document_harness.py +313 -0
package/src/ummaya/evidence/document_viewer_ux.py +391 -0
package/src/ummaya/evidence/gates.py +70 -0
package/src/ummaya/evidence/json_types.py +20 -0
package/src/ummaya/evidence/models.py +145 -0
package/src/ummaya/evidence/output_payload.py +89 -0
package/src/ummaya/evidence/payload_documents.py +233 -0
package/src/ummaya/evidence/route_contracts.py +224 -0
package/src/ummaya/evidence/route_helpers.py +150 -0
package/src/ummaya/evidence/runner.py +177 -0
package/src/ummaya/evidence/source_provenance.py +246 -0
package/src/ummaya/evidence/source_provenance_redaction.py +176 -0
package/src/ummaya/evidence/task_registry.py +264 -0
package/src/ummaya/evidence/tool_layer.py +39 -0
package/src/ummaya/evidence/tool_layer_models.py +151 -0
package/src/ummaya/ipc/adapter_manifest_emitter.py +26 -10
package/src/ummaya/ipc/document_intent_normalization.py +185 -0
package/src/ummaya/ipc/frame_schema.py +52 -5
package/src/ummaya/ipc/route_diagnostics.py +73 -0
package/src/ummaya/ipc/stdio.py +2282 -417
package/src/ummaya/llm/client.py +234 -59
package/src/ummaya/llm/config.py +8 -3
package/src/ummaya/llm/reasoning.py +84 -0
package/src/ummaya/primitives/__init__.py +6 -2
package/src/ummaya/primitives/delegation.py +1 -1
package/src/ummaya/primitives/document.py +28 -0
package/src/ummaya/settings.py +0 -3
package/src/ummaya/tools/discovery_bridge.py +34 -2
package/src/ummaya/tools/documents/__init__.py +297 -0
package/src/ummaya/tools/documents/adapter_registry.py +487 -0
package/src/ummaya/tools/documents/archive_container_probe.py +167 -0
package/src/ummaya/tools/documents/artifact_store.py +454 -0
package/src/ummaya/tools/documents/authoring.py +283 -0
package/src/ummaya/tools/documents/baselines.py +114 -0
package/src/ummaya/tools/documents/capability.py +331 -0
package/src/ummaya/tools/documents/contracts.py +112 -0
package/src/ummaya/tools/documents/conversion.py +521 -0
package/src/ummaya/tools/documents/diff.py +275 -0
package/src/ummaya/tools/documents/engines.py +163 -0
package/src/ummaya/tools/documents/evaluation.py +291 -0
package/src/ummaya/tools/documents/explicit_values.py +108 -0
package/src/ummaya/tools/documents/fixtures.py +174 -0
package/src/ummaya/tools/documents/format_completion_audit.py +471 -0
package/src/ummaya/tools/documents/formats/__init__.py +2 -0
package/src/ummaya/tools/documents/formats/archive.py +528 -0
package/src/ummaya/tools/documents/formats/base.py +41 -0
package/src/ummaya/tools/documents/formats/code_file.py +211 -0
package/src/ummaya/tools/documents/formats/data_file.py +272 -0
package/src/ummaya/tools/documents/formats/hwp.py +284 -0
package/src/ummaya/tools/documents/formats/hwpx.py +1837 -0
package/src/ummaya/tools/documents/formats/odf.py +435 -0
package/src/ummaya/tools/documents/formats/ooxml.py +1030 -0
package/src/ummaya/tools/documents/formats/passive.py +766 -0
package/src/ummaya/tools/documents/formats/pdf.py +702 -0
package/src/ummaya/tools/documents/formats/text_web.py +268 -0
package/src/ummaya/tools/documents/hwp_conversion_probe.py +178 -0
package/src/ummaya/tools/documents/hwp_direct_candidate.py +141 -0
package/src/ummaya/tools/documents/inspection.py +289 -0
package/src/ummaya/tools/documents/intake.py +1079 -0
package/src/ummaya/tools/documents/legacy_office_promotion_probe.py +366 -0
package/src/ummaya/tools/documents/models.py +1598 -0
package/src/ummaya/tools/documents/odf_promotion_probe.py +167 -0
package/src/ummaya/tools/documents/orchestrator.py +96 -0
package/src/ummaya/tools/documents/passive_capability_probe.py +251 -0
package/src/ummaya/tools/documents/patch.py +170 -0
package/src/ummaya/tools/documents/pdfa_conformance.py +284 -0
package/src/ummaya/tools/documents/pdfa_promotion_probe.py +198 -0
package/src/ummaya/tools/documents/permissions.py +110 -0
package/src/ummaya/tools/documents/planner.py +616 -0
package/src/ummaya/tools/documents/registry.py +2733 -0
package/src/ummaya/tools/documents/render.py +978 -0
package/src/ummaya/tools/documents/render_comparison.py +113 -0
package/src/ummaya/tools/documents/render_comparison_models.py +74 -0
package/src/ummaya/tools/documents/render_comparison_regions.py +73 -0
package/src/ummaya/tools/documents/render_comparison_style.py +161 -0
package/src/ummaya/tools/documents/reread.py +157 -0
package/src/ummaya/tools/documents/runtime_authoring.py +244 -0
package/src/ummaya/tools/documents/runtime_authoring_bundle.py +76 -0
package/src/ummaya/tools/documents/scorecard.py +184 -0
package/src/ummaya/tools/documents/socratic_planner.py +193 -0
package/src/ummaya/tools/documents/style.py +48 -0
package/src/ummaya/tools/documents/tool_defs.py +523 -0
package/src/ummaya/tools/documents/validate.py +347 -0
package/src/ummaya/tools/executor.py +61 -12
package/src/ummaya/tools/geocoding/kakao_client.py +1 -2
package/src/ummaya/tools/kma/apihub_catalog.py +984 -1
package/src/ummaya/tools/kma/apihub_structured_adapter.py +86 -6
package/src/ummaya/tools/kma/apihub_url_adapter.py +593 -0
package/src/ummaya/tools/kma/apihub_url_catalog.py +296 -0
package/src/ummaya/tools/live_proxy.py +0 -3
package/src/ummaya/tools/location_adapters.py +8 -6
package/src/ummaya/tools/manifest_metadata.py +16 -3
package/src/ummaya/tools/models.py +5 -1
package/src/ummaya/tools/mvp_surface.py +2 -2
package/src/ummaya/tools/nmc/emergency_search.py +8 -6
package/src/ummaya/tools/register_all.py +17 -0
package/src/ummaya/tools/registry.py +10 -1
package/src/ummaya/tools/resolve_location.py +4 -4
package/src/ummaya/tools/routing/__init__.py +59 -0
package/src/ummaya/tools/routing/builder.py +105 -0
package/src/ummaya/tools/routing/cards.py +29 -0
package/src/ummaya/tools/routing/decision_service.py +534 -0
package/src/ummaya/tools/routing/decision_types.py +74 -0
package/src/ummaya/tools/routing/feasibility.py +122 -0
package/src/ummaya/tools/routing/intent.py +17 -0
package/src/ummaya/tools/routing/intent_extractor.py +207 -0
package/src/ummaya/tools/routing/intent_patterns.py +160 -0
package/src/ummaya/tools/routing/intent_public_data.py +150 -0
package/src/ummaya/tools/routing/intent_types.py +48 -0
package/src/ummaya/tools/routing/lint.py +78 -0
package/src/ummaya/tools/routing/metadata.py +174 -0
package/src/ummaya/tools/routing/projection.py +340 -0
package/src/ummaya/tools/routing/retrieval_policy.py +629 -0
package/src/ummaya/tools/routing/schema.py +81 -0
package/src/ummaya/tools/routing/types.py +96 -0
package/src/ummaya/tools/routing_index.py +2 -2
package/src/ummaya/tools/search.py +40 -106
package/src/ummaya/tools/verified_data_go_kr/_manifest.py +115 -25
package/src/ummaya/tools/verified_data_go_kr/airkorea_air_quality.py +109 -4
package/src/ummaya/tools/verified_data_go_kr/nmc_aed_site.py +108 -2
package/src/ummaya/tools/verified_data_go_kr/pps_bid_public_info.py +174 -9
package/src/ummaya/tools/verified_data_go_kr/tago_bus_arrival.py +66 -3
package/src/ummaya/tools/verified_data_go_kr/tago_bus_location.py +12 -2
package/src/ummaya/tools/verified_data_go_kr/tago_bus_route.py +8 -2
package/src/ummaya/tools/verified_data_go_kr/tago_bus_route_station.py +114 -0
package/src/ummaya/tools/verified_data_go_kr/tago_bus_station.py +14 -3
package/src/ummaya/tools/verify_canonical_map.py +21 -0
package/tests/fixtures/documents/public_forms/baselines.yaml +113 -0
package/tui/package.json +1 -2
package/tui/src/.cc-byte-identical-whitelist.yaml +266 -0
package/tui/src/QueryEngine.ts +12 -4
package/tui/src/bridge/inboundAttachments.ts +3 -3
package/tui/src/cli/handlers/auth.ts +4 -13
package/tui/src/cli/handlers/mcp.tsx +3 -3
package/tui/src/cli/print.ts +69 -18
package/tui/src/cli/update.ts +13 -13
package/tui/src/commands/copy/index.ts +1 -1
package/tui/src/commands/cost/cost.ts +2 -2
package/tui/src/commands/init-verifiers.ts +5 -5
package/tui/src/commands/init.ts +30 -30
package/tui/src/commands/insights.ts +44 -44
package/tui/src/commands/install-github-app/install-github-app.tsx +2 -2
package/tui/src/commands/install-github-app/setupGitHubActions.ts +3 -3
package/tui/src/commands/install-github-app/types.ts +8 -30
package/tui/src/commands/install.tsx +5 -5
package/tui/src/commands/mcp/addCommand.ts +5 -5
package/tui/src/commands/mcp/xaaIdpCommand.ts +2 -2
package/tui/src/commands/plugin/ManageMarketplaces.tsx +2 -2
package/tui/src/commands/plugin/types.ts +6 -28
package/tui/src/commands/plugin/unifiedTypes.ts +4 -26
package/tui/src/commands/reasoning/index.ts +13 -0
package/tui/src/commands/reasoning/reasoning.tsx +177 -0
package/tui/src/commands/rename/generateSessionName.ts +1 -1
package/tui/src/commands/thinkback/thinkback.tsx +3 -3
package/tui/src/commands.ts +2 -0
package/tui/src/components/Feedback.tsx +1 -1
package/tui/src/components/LogoV2/EmergencyTip.tsx +11 -2
package/tui/src/components/LogoV2/WelcomeV2.tsx +1 -3
package/tui/src/components/Messages.tsx +2 -1
package/tui/src/components/ScrollKeybindingHandler.tsx +6 -6
package/tui/src/components/Spinner/types.ts +6 -28
package/tui/src/components/Spinner.tsx +2 -2
package/tui/src/components/agents/generateAgent.ts +1 -1
package/tui/src/components/agents/new-agent-creation/types.ts +4 -26
package/tui/src/components/config/EnvSecretIsolatedEditor.tsx +1 -1
package/tui/src/components/design-system/LoadingState.tsx +2 -2
package/tui/src/components/mcp/types.ts +16 -38
package/tui/src/components/messages/AssistantToolUseMessage.tsx +3 -2
package/tui/src/components/messages/UserCrossSessionMessage.ts +16 -4
package/tui/src/components/messages/UserForkBoilerplateMessage.ts +16 -4
package/tui/src/components/messages/UserGitHubWebhookMessage.ts +16 -4
package/tui/src/components/messages/UserToolResultMessage/utils.tsx +3 -2
package/tui/src/components/permissions/MonitorPermissionRequest/MonitorPermissionRequest.ts +9 -4
package/tui/src/components/permissions/ReviewArtifactPermissionRequest/ReviewArtifactPermissionRequest.ts +9 -4
package/tui/src/components/primitive/DocumentSocraticReviewBlock.tsx +129 -0
package/tui/src/components/primitive/DocumentToolResultCard.tsx +224 -0
package/tui/src/components/primitive/documentSocraticReview.ts +215 -0
package/tui/src/components/primitive/index.tsx +43 -1
package/tui/src/components/primitive/types.ts +137 -0
package/tui/src/components/ui/option.ts +4 -26
package/tui/src/constants/common.ts +0 -2
package/tui/src/constants/prompts.ts +4 -3
package/tui/src/constants/querySource.ts +4 -26
package/tui/src/entrypoints/sdk/controlTypes.ts +26 -48
package/tui/src/entrypoints/sdk/coreTypes.generated.ts +3 -25
package/tui/src/entrypoints/sdk/runtimeTypes.ts +38 -60
package/tui/src/entrypoints/sdk/sdkUtilityTypes.ts +4 -26
package/tui/src/entrypoints/sdk/settingsTypes.generated.ts +3 -25
package/tui/src/entrypoints/sdk/toolTypes.ts +3 -25
package/tui/src/hooks/toolPermission/handlers/interactiveHandler.ts +10 -0
package/tui/src/hooks/useApiKeyVerification.ts +1 -1
package/tui/src/hooks/useVirtualScroll.ts +1 -1
package/tui/src/ink/ink.tsx +33 -14
package/tui/src/ink/reconciler.ts +2 -3
package/tui/src/ink/render-to-screen.ts +30 -10
package/tui/src/ipc/bridge.ts +62 -15
package/tui/src/ipc/bridgeSingleton.ts +5 -1
package/tui/src/ipc/codec.ts +29 -3
package/tui/src/ipc/frames.generated.ts +407 -312
package/tui/src/ipc/llmClient.ts +279 -76
package/tui/src/ipc/llmTypes.ts +16 -1
package/tui/src/ipc/schema/frame.schema.json +1 -3475
package/tui/src/keybindings/defaultBindings.ts +4 -0
package/tui/src/main.tsx +32 -11
package/tui/src/native-ts/file-index/index.ts +33 -3
package/tui/src/observability/surface.ts +2 -2
package/tui/src/probes/toolRegistryProbe.tsx +3 -1
package/tui/src/projectOnboardingState.ts +7 -6
package/tui/src/query/chatMessageTypes.ts +18 -0
package/tui/src/query/chatMessagesBuilder.ts +1 -1
package/tui/src/query/deps.ts +1 -1
package/tui/src/query/messageGuards.ts +106 -0
package/tui/src/query/publicDataTerminalRepair.ts +384 -0
package/tui/src/query/run.ts +1075 -0
package/tui/src/query/supportBoundary.ts +168 -0
package/tui/src/query/toolResultErrors.ts +103 -0
package/tui/src/query/toolRunner.ts +687 -0
package/tui/src/query/unavailableToolRepair.ts +118 -0
package/tui/src/query.ts +9 -1721
package/tui/src/screens/REPL.tsx +42 -31
package/tui/src/services/api/adapterManifest.ts +4 -0
package/tui/src/services/api/backendChat/events.ts +117 -0
package/tui/src/services/api/backendChat/finalMessage.ts +40 -0
package/tui/src/services/api/backendChat/frame.ts +9 -0
package/tui/src/services/api/backendChat/streaming.ts +430 -0
package/tui/src/services/api/backendChat/types.ts +62 -0
package/tui/src/services/api/backendChat.ts +1 -0
package/tui/src/services/api/client.ts +98 -14
package/tui/src/services/api/errorUtils.ts +5 -5
package/tui/src/services/api/errors.ts +1 -1
package/tui/src/services/api/logging.ts +1 -1
package/tui/src/services/api/ummaya/evidence.ts +194 -0
package/tui/src/services/api/ummaya/messages.ts +255 -0
package/tui/src/services/api/ummaya/nonStreaming.ts +66 -0
package/tui/src/services/api/ummaya/provider.ts +200 -0
package/tui/src/services/api/ummaya/reasoning.ts +24 -0
package/tui/src/services/api/ummaya/request.ts +200 -0
package/tui/src/services/api/ummaya/selectionContext.ts +240 -0
package/tui/src/services/api/ummaya/streaming.ts +365 -0
package/tui/src/services/api/ummaya/streamingPayload.ts +129 -0
package/tui/src/services/api/ummaya/streamingReader.ts +40 -0
package/tui/src/services/api/ummaya/toolSelection.ts +217 -0
package/tui/src/services/api/ummaya/types.ts +110 -0
package/tui/src/services/api/ummaya/usage.ts +30 -0
package/tui/src/services/api/ummaya.ts +26 -364
package/tui/src/services/api/withRetry.ts +1 -1
package/tui/src/services/awaySummary.ts +2 -2
package/tui/src/services/claudeAiLimits.ts +1 -1
package/tui/src/services/compact/autoCompact.ts +1 -1
package/tui/src/services/compact/compact.ts +1 -1
package/tui/src/services/lsp/types.ts +8 -30
package/tui/src/services/tips/types.ts +6 -28
package/tui/src/services/tokenEstimation.ts +1 -1
package/tui/src/services/toolRegistry/bootGuard.ts +5 -5
package/tui/src/services/toolUseSummary/toolUseSummaryGenerator.ts +1 -1
package/tui/src/services/tools/toolExecution.ts +94 -1
package/tui/src/skills/bundled/stuck.ts +12 -12
package/tui/src/state/AppStateStore.ts +7 -0
package/tui/src/store/pendingPermissionSlot.ts +1 -1
package/tui/src/store/session-store.ts +10 -36
package/tui/src/stubs/any-stub.ts +15 -10
package/tui/src/stubs/color-diff-napi.ts +37 -23
package/tui/src/stubs/globals.d.ts +3 -3
package/tui/src/stubs/macro-preload.ts +23 -12
package/tui/src/tools/AdapterTool/AdapterTool.ts +1239 -163
package/tui/src/tools/AdapterTool/routeDiagnostics.ts +75 -0
package/tui/src/tools/AgentTool/AgentTool.tsx +84 -1371
package/tui/src/tools/AgentTool/agentToolHandoff.ts +114 -0
package/tui/src/tools/AgentTool/agentToolPartialResult.ts +16 -0
package/tui/src/tools/AgentTool/agentToolProgress.ts +32 -0
package/tui/src/tools/AgentTool/agentToolResolver.ts +161 -0
package/tui/src/tools/AgentTool/agentToolResult.ts +163 -0
package/tui/src/tools/AgentTool/agentToolUtils.ts +14 -686
package/tui/src/tools/AgentTool/asyncAgentLifecycle.ts +208 -0
package/tui/src/tools/AgentTool/asyncLifecycle.ts +153 -0
package/tui/src/tools/AgentTool/backgroundedCompletion.ts +126 -0
package/tui/src/tools/AgentTool/backgroundedLifecycle.ts +174 -0
package/tui/src/tools/AgentTool/foregroundBackground.ts +83 -0
package/tui/src/tools/AgentTool/foregroundDrain.tsx +133 -0
package/tui/src/tools/AgentTool/foregroundFinalize.ts +98 -0
package/tui/src/tools/AgentTool/foregroundLifecycle.tsx +237 -0
package/tui/src/tools/AgentTool/foregroundProgress.tsx +169 -0
package/tui/src/tools/AgentTool/foregroundTask.ts +89 -0
package/tui/src/tools/AgentTool/forkSubagent.ts +1 -12
package/tui/src/tools/AgentTool/forkSubagentGate.ts +34 -0
package/tui/src/tools/AgentTool/launchRouting.ts +203 -0
package/tui/src/tools/AgentTool/lifecycle.ts +244 -0
package/tui/src/tools/AgentTool/mcpRouting.ts +73 -0
package/tui/src/tools/AgentTool/orchestrationSupport.ts +70 -0
package/tui/src/tools/AgentTool/permissions.ts +39 -0
package/tui/src/tools/AgentTool/promptSetup.ts +181 -0
package/tui/src/tools/AgentTool/remoteRouting.ts +62 -0
package/tui/src/tools/AgentTool/resultMapping.ts +116 -0
package/tui/src/tools/AgentTool/resumeAgent.ts +39 -107
package/tui/src/tools/AgentTool/resumeAgentHelpers.ts +140 -0
package/tui/src/tools/AgentTool/runAgent.ts +1 -1
package/tui/src/tools/AgentTool/runtimeConfig.ts +57 -0
package/tui/src/tools/AgentTool/schemas.ts +196 -0
package/tui/src/tools/AgentTool/sourceVerificationPropagation.ts +263 -0
package/tui/src/tools/AgentTool/worktreeLifecycle.ts +105 -0
package/tui/src/tools/AskUserQuestionTool/AskUserQuestionTool.tsx +174 -202
package/tui/src/tools/BashTool/BashTool.tsx +71 -1072
package/tui/src/tools/BashTool/bashCommandHelpers.ts +12 -12
package/tui/src/tools/BashTool/bashPermissions/astPreflight.ts +173 -0
package/tui/src/tools/BashTool/bashPermissions/classifierChecks.ts +199 -0
package/tui/src/tools/BashTool/bashPermissions/compoundGuards.ts +53 -0
package/tui/src/tools/BashTool/bashPermissions/constants.ts +99 -0
package/tui/src/tools/BashTool/bashPermissions/index.ts +38 -0
package/tui/src/tools/BashTool/bashPermissions/legacyMisparsing.ts +62 -0
package/tui/src/tools/BashTool/bashPermissions/main.ts +135 -0
package/tui/src/tools/BashTool/bashPermissions/normalizedCommands.ts +33 -0
package/tui/src/tools/BashTool/bashPermissions/operatorFlow.ts +98 -0
package/tui/src/tools/BashTool/bashPermissions/permissionChecks.ts +200 -0
package/tui/src/tools/BashTool/bashPermissions/prefixSuggestions.ts +88 -0
package/tui/src/tools/BashTool/bashPermissions/promptClassifierRules.ts +125 -0
package/tui/src/tools/BashTool/bashPermissions/ruleDelegates.ts +19 -0
package/tui/src/tools/BashTool/bashPermissions/ruleMatching.ts +145 -0
package/tui/src/tools/BashTool/bashPermissions/sandboxAutoAllow.ts +75 -0
package/tui/src/tools/BashTool/bashPermissions/subcommandFlow.ts +205 -0
package/tui/src/tools/BashTool/bashPermissions/subcommandGuards.ts +73 -0
package/tui/src/tools/BashTool/bashPermissions/subcommandResultHelpers.ts +116 -0
package/tui/src/tools/BashTool/bashPermissions/types.ts +26 -0
package/tui/src/tools/BashTool/bashPermissions/wrapperStripping.ts +139 -0
package/tui/src/tools/BashTool/bashPermissions.ts +26 -2621
package/tui/src/tools/BashTool/call.ts +202 -0
package/tui/src/tools/BashTool/callLoader.ts +35 -0
package/tui/src/tools/BashTool/commandClassification.ts +151 -0
package/tui/src/tools/BashTool/commandClassificationLoader.ts +40 -0
package/tui/src/tools/BashTool/cwdReset.ts +33 -0
package/tui/src/tools/BashTool/lineTruncation.ts +11 -0
package/tui/src/tools/BashTool/modeValidation.ts +13 -1
package/tui/src/tools/BashTool/outputPersistence.ts +42 -0
package/tui/src/tools/BashTool/permissionClassification.ts +66 -0
package/tui/src/tools/BashTool/permissionLoader.ts +44 -0
package/tui/src/tools/BashTool/resultLoader.ts +29 -0
package/tui/src/tools/BashTool/resultMapping.ts +83 -0
package/tui/src/tools/BashTool/sandboxPolicy.ts +79 -0
package/tui/src/tools/BashTool/schemas.ts +65 -0
package/tui/src/tools/BashTool/sedEditExecution.ts +59 -0
package/tui/src/tools/BashTool/shellExecution.tsx +245 -0
package/tui/src/tools/BashTool/shellOutputUtils.ts +85 -0
package/tui/src/tools/BashTool/shellPermissionGauntlet.ts +97 -0
package/tui/src/tools/BashTool/uiLoader.ts +37 -0
package/tui/src/tools/BriefTool/upload.ts +1 -1
package/tui/src/tools/CalculatorTool/parser.ts +2 -2
package/tui/src/tools/DocumentPrimitive/DocumentPrimitive.ts +262 -0
package/tui/src/tools/DocumentPrimitive/dispatchNormalization.ts +270 -0
package/tui/src/tools/DocumentPrimitive/documentDestinationPath.ts +18 -0
package/tui/src/tools/DocumentPrimitive/documentMutationGuard.ts +22 -0
package/tui/src/tools/DocumentPrimitive/documentPatchNormalization.ts +248 -0
package/tui/src/tools/DocumentPrimitive/documentSourceVerification.ts +245 -0
package/tui/src/tools/DocumentPrimitive/documentSourceVerificationFields.ts +103 -0
package/tui/src/tools/DocumentPrimitive/modelVisibleOutput.ts +40 -0
package/tui/src/tools/DocumentPrimitive/prompt.ts +35 -0
package/tui/src/tools/FileEditTool/FileEditTool.ts +9 -507
package/tui/src/tools/FileEditTool/call.ts +228 -0
package/tui/src/tools/FileEditTool/validateInput.ts +196 -0
package/tui/src/tools/FileReadTool/imageProcessor.ts +13 -0
package/tui/src/tools/FileWriteTool/FileWriteTool.ts +7 -300
package/tui/src/tools/FileWriteTool/call.ts +223 -0
package/tui/src/tools/FileWriteTool/validateInput.ts +80 -0
package/tui/src/tools/ListMcpResourcesTool/ListMcpResourcesTool.ts +19 -3
package/tui/src/tools/LookupPrimitive/LookupPrimitive.ts +48 -29
package/tui/src/tools/LookupPrimitive/prompt.ts +6 -7
package/tui/src/tools/MCPTool/trustPolicy.ts +118 -0
package/tui/src/tools/McpAuthTool/McpAuthTool.ts +21 -3
package/tui/src/tools/NotebookEditTool/NotebookEditTool.ts +7 -326
package/tui/src/tools/NotebookEditTool/call.ts +254 -0
package/tui/src/tools/NotebookEditTool/notebookModel.ts +51 -0
package/tui/src/tools/NotebookEditTool/validateInput.ts +142 -0
package/tui/src/tools/PowerShellTool/PowerShellTool.tsx +46 -937
package/tui/src/tools/PowerShellTool/acceptEditsCommandValidation.ts +162 -0
package/tui/src/tools/PowerShellTool/call.ts +179 -0
package/tui/src/tools/PowerShellTool/callLoader.ts +37 -0
package/tui/src/tools/PowerShellTool/commandClassification.ts +86 -0
package/tui/src/tools/PowerShellTool/modeValidation.ts +25 -332
package/tui/src/tools/PowerShellTool/outputPersistence.ts +42 -0
package/tui/src/tools/PowerShellTool/permissionClassification.ts +28 -0
package/tui/src/tools/PowerShellTool/resultLoader.ts +31 -0
package/tui/src/tools/PowerShellTool/resultMapping.ts +75 -0
package/tui/src/tools/PowerShellTool/schemas.ts +40 -0
package/tui/src/tools/PowerShellTool/shellExecution.tsx +258 -0
package/tui/src/tools/PowerShellTool/symlinkModeValidation.ts +44 -0
package/tui/src/tools/PowerShellTool/uiLoader.ts +37 -0
package/tui/src/tools/PowerShellTool/validation.ts +39 -0
package/tui/src/tools/ReadMcpResourceTool/ReadMcpResourceTool.ts +19 -3
package/tui/src/tools/ResolveLocationPrimitive/ResolveLocationPrimitive.ts +30 -19
package/tui/src/tools/ResolveLocationPrimitive/prompt.ts +2 -6
package/tui/src/tools/SkillTool/SkillTool.ts +2 -2
package/tui/src/tools/SubmitPrimitive/SubmitPrimitive.ts +51 -18
package/tui/src/tools/TaskCreateTool/TaskCreateTool.ts +16 -2
package/tui/src/tools/TaskGetTool/TaskGetTool.ts +23 -3
package/tui/src/tools/TaskListTool/TaskListTool.ts +22 -4
package/tui/src/tools/TaskOutputTool/TaskOutputTool.tsx +46 -547
package/tui/src/tools/TaskOutputTool/lookup.ts +216 -0
package/tui/src/tools/TaskOutputTool/render.tsx +257 -0
package/tui/src/tools/TaskOutputTool/schemas.ts +55 -0
package/tui/src/tools/TaskOutputTool/serialization.ts +36 -0
package/tui/src/tools/TaskStopTool/TaskStopTool.ts +10 -0
package/tui/src/tools/TaskUpdateTool/TaskUpdateTool.ts +14 -364
package/tui/src/tools/TaskUpdateTool/completion.ts +62 -0
package/tui/src/tools/TaskUpdateTool/schemas.ts +62 -0
package/tui/src/tools/TaskUpdateTool/serialization.ts +46 -0
package/tui/src/tools/TaskUpdateTool/statusUpdate.ts +247 -0
package/tui/src/tools/TodoWriteTool/TodoWriteTool.ts +21 -2
package/tui/src/tools/ToolSearchTool/ToolSearchTool.ts +21 -302
package/tui/src/tools/ToolSearchTool/ccSupportTools.ts +223 -0
package/tui/src/tools/ToolSearchTool/descriptionCache.ts +50 -0
package/tui/src/tools/ToolSearchTool/keywordSearch.ts +216 -0
package/tui/src/tools/ToolSearchTool/prompt.ts +10 -4
package/tui/src/tools/ToolSearchTool/resultMapping.ts +30 -0
package/tui/src/tools/ToolSearchTool/schemas.ts +30 -0
package/tui/src/tools/ToolSearchTool/searchPool.ts +47 -0
package/tui/src/tools/ToolSearchTool/supportIntentHints.ts +140 -0
package/tui/src/tools/TranslateTool/TranslateTool.ts +1 -1
package/tui/src/tools/VerifyPrimitive/VerifyPrimitive.ts +27 -10
package/tui/src/tools/WebFetchTool/WebFetchTool.ts +43 -138
package/tui/src/tools/WebFetchTool/call.ts +227 -0
package/tui/src/tools/WebFetchTool/resolvedAddressSafety.ts +78 -0
package/tui/src/tools/WebFetchTool/sourceVerification.ts +204 -0
package/tui/src/tools/WebFetchTool/types.ts +23 -0
package/tui/src/tools/WebFetchTool/urlSafety.ts +181 -0
package/tui/src/tools/WebFetchTool/utils.ts +1 -1
package/tui/src/tools/WebSearchTool/UI.tsx +0 -1
package/tui/src/tools/WebSearchTool/WebSearchTool.ts +9 -313
package/tui/src/tools/WebSearchTool/call.ts +33 -0
package/tui/src/tools/WebSearchTool/responseMapping.ts +190 -0
package/tui/src/tools/WebSearchTool/resultBlock.ts +47 -0
package/tui/src/tools/WebSearchTool/schemas.ts +47 -0
package/tui/src/tools/WebSearchTool/toolSchema.ts +12 -0
package/tui/src/tools/WorkspaceToolAdapter/WorkspaceToolAdapter.ts +79 -0
package/tui/src/tools/WorkspaceToolAdapter/allowedRootPolicy.ts +85 -0
package/tui/src/tools/WorkspaceToolAdapter/documentFormatGuards.ts +73 -0
package/tui/src/tools/WorkspaceToolAdapter/inputNormalization.ts +105 -0
package/tui/src/tools/WorkspaceToolAdapter/mcpExposurePolicy.ts +64 -0
package/tui/src/tools/WorkspaceToolAdapter/toolDefFactory.ts +215 -0
package/tui/src/tools/WorkspaceToolAdapter/toolNames.ts +6 -0
package/tui/src/tools/WorkspaceToolAdapter/workspacePolicy.ts +15 -0
package/tui/src/tools/_shared/citizenUserText.ts +49 -0
package/tui/src/tools/_shared/dispatchPrimitive.ts +6 -6
package/tui/src/tools/_shared/documentChangeToPatch.ts +125 -0
package/tui/src/tools/_shared/documentDispatchArguments.ts +87 -0
package/tui/src/tools/_shared/documentPrimitiveTimeout.ts +13 -0
package/tui/src/tools/_shared/documentToolResultRender.ts +98 -0
package/tui/src/tools/_shared/locationInputRepair.ts +112 -0
package/tui/src/tools/_shared/pendingCallRegistry.ts +1 -6
package/tui/src/tools/_shared/rootPrimitiveInput.ts +68 -0
package/tui/src/tools/_shared/toolChoiceRepair/documentCompletionPatterns.ts +58 -0
package/tui/src/tools/_shared/toolChoiceRepair/documentCompletionPrompt.ts +271 -0
package/tui/src/tools/_shared/toolChoiceRepair/documentRepair.ts +452 -0
package/tui/src/tools/_shared/toolChoiceRepair/messageAccess.ts +80 -0
package/tui/src/tools/_shared/toolChoiceRepair/publicDataRepair.ts +92 -0
package/tui/src/tools/_shared/toolChoiceRepair/supportRepair.ts +135 -0
package/tui/src/tools/_shared/toolChoiceRepair.ts +61 -0
package/tui/src/tools/shared/mockDisclaimer.ts +1 -1
package/tui/src/tools.ts +39 -190
package/tui/src/types/fileSuggestion.ts +4 -26
package/tui/src/types/generated/events_mono/claude_code/v1/claude_code_internal_event.ts +186 -148
package/tui/src/types/generated/events_mono/common/v1/auth.ts +25 -11
package/tui/src/types/generated/events_mono/growthbook/v1/growthbook_experiment_event.ts +47 -30
package/tui/src/types/generated/google/protobuf/timestamp.ts +21 -7
package/tui/src/types/message.ts +80 -102
package/tui/src/types/messageQueueTypes.ts +6 -28
package/tui/src/types/notebook.ts +16 -38
package/tui/src/types/statusLine.ts +4 -26
package/tui/src/types/tools.ts +24 -46
package/tui/src/types/utils.ts +6 -28
package/tui/src/upstreamproxy/relay.ts +7 -3
package/tui/src/upstreamproxy/upstreamproxy.ts +1 -1
package/tui/src/utils/assistantMessageFactories.ts +9 -3
package/tui/src/utils/attachments.ts +1 -1
package/tui/src/utils/auth.ts +129 -139
package/tui/src/utils/bash/ast.ts +23 -23
package/tui/src/utils/bash/bashParser.ts +5 -5
package/tui/src/utils/billing.ts +1 -1
package/tui/src/utils/collapseReadSearch.ts +3 -3
package/tui/src/utils/cronTasks.ts +1 -1
package/tui/src/utils/execFileNoThrow.ts +1 -1
package/tui/src/utils/filePersistence/types.ts +16 -38
package/tui/src/utils/forkedAgent.ts +1 -1
package/tui/src/utils/gracefulShutdown.ts +4 -4
package/tui/src/utils/heapDumpService.ts +12 -8
package/tui/src/utils/hooks/apiQueryHookHelper.ts +1 -1
package/tui/src/utils/hooks/execPromptHook.ts +1 -1
package/tui/src/utils/hooks/skillImprovement.ts +1 -1
package/tui/src/utils/kExaoneReasoning.ts +138 -0
package/tui/src/utils/mcp/dateTimeParser.ts +1 -1
package/tui/src/utils/messages.ts +19 -0
package/tui/src/utils/migrateSessions.ts +3 -3
package/tui/src/utils/model/model.ts +6 -6
package/tui/src/utils/multiToolLayout.ts +13 -0
package/tui/src/utils/permissions/yoloClassifier.ts +1 -1
package/tui/src/utils/plugins/headlessPluginInstall.ts +1 -1
package/tui/src/utils/plugins/mcpPluginIntegration.ts +1 -1
package/tui/src/utils/plugins/mcpbHandler.ts +1 -1
package/tui/src/utils/plugins/pluginLoader.ts +8 -8
package/tui/src/utils/processUserInput/processSlashCommand.tsx +2 -2
package/tui/src/utils/processUserInput/processUserInput.ts +26 -0
package/tui/src/utils/protectedNamespace.ts +5 -3
package/tui/src/utils/rawJsonToolCall.ts +242 -0
package/tui/src/utils/ripgrep.ts +16 -7
package/tui/src/utils/sessionTitle.ts +1 -1
package/tui/src/utils/settings/applySettingsChange.ts +4 -0
package/tui/src/utils/settings/permissionValidation.ts +14 -2
package/tui/src/utils/settings/types.ts +9 -3
package/tui/src/utils/shell/prefix.ts +1 -1
package/tui/src/utils/sideQuery.ts +1 -1
package/tui/src/utils/stats.ts +1 -1
package/tui/src/utils/systemThemeWatcher.ts +13 -3
package/tui/src/utils/teleport.tsx +1 -1
package/uv.lock +394 -22
package/assets/copilot-gate-logo.svg +0 -58
package/assets/govon-logo.svg +0 -40
package/src/ummaya/eval/__init__.py +0 -5
package/src/ummaya/eval/retrieval.py +0 -713
package/tui/src/services/api/claude.ts +0 -3510
package/tui/src/utils/messageStream.ts +0 -186

package/src/ummaya/tools/documents/pdfa_conformance.py ADDED Viewed

@@ -0,0 +1,284 @@
+# SPDX-License-Identifier: Apache-2.0
+"""Optional local PDF/A export and conformance validation bridge."""
+from __future__ import annotations
+import hashlib
+import os
+import shutil
+import subprocess
+import tempfile
+from collections.abc import Mapping
+from dataclasses import dataclass
+from pathlib import Path
+from shutil import which
+from typing import Protocol
+PDFA_EXPORTER_ID = "ghostscript-pdfa2b-pdfwrite-exporter"
+PDFA_VALIDATOR_ID = "verapdf-pdfa-conformance-validator"
+PDFA_FLAVOUR = "2b"
+PDFA_TIMEOUT_SECONDS = 120
+class PdfaConformanceBridgeError(ValueError):
+    """Raised when PDF/A export or validation fails closed."""
+@dataclass(frozen=True)
+class PdfaConformanceReport:
+    """Local post-write PDF/A conformance result."""
+    exporter_id: str
+    validator_id: str
+    pdfa_flavour: str
+    sha256: str
+    byte_size: int
+    summary: str
+@dataclass(frozen=True)
+class PdfaExportResult:
+    """PDF/A payload plus the conformance report that approved it."""
+    payload: bytes
+    report: PdfaConformanceReport
+class PdfaConformanceBridge(Protocol):
+    """Bridge that turns a PDF payload into a validated PDF/A payload."""
+    bridge_id: str
+    def export_pdfa(self, payload: bytes) -> PdfaExportResult:
+        """Return validated PDF/A bytes or fail closed."""
+class LocalPdfaConformanceBridge:
+    """Ghostscript PDF/A export plus veraPDF post-write validation."""
+    bridge_id = "ghostscript-verapdf-pdfa2b-bridge"
+    def __init__(
+        self,
+        *,
+        ghostscript_executable: Path,
+        verapdf_executable: Path,
+        pdfa_def_path: Path,
+        srgb_icc_path: Path,
+        timeout_seconds: int = PDFA_TIMEOUT_SECONDS,
+    ) -> None:
+        self.ghostscript_executable = _validated_executable(
+            ghostscript_executable,
+            label="ghostscript_executable",
+        )
+        self.verapdf_executable = _validated_executable(
+            verapdf_executable,
+            label="verapdf_executable",
+        )
+        self.pdfa_def_path = _validated_file(pdfa_def_path, label="pdfa_def_path")
+        self.srgb_icc_path = _validated_file(srgb_icc_path, label="srgb_icc_path")
+        if timeout_seconds < 1 or timeout_seconds > 300:
+            raise ValueError("PDF/A bridge timeout_seconds must be between 1 and 300")
+        self.timeout_seconds = timeout_seconds
+    def export_pdfa(self, payload: bytes) -> PdfaExportResult:
+        """Export PDF bytes to PDF/A-2b and validate the output with veraPDF."""
+        if not payload.startswith(b"%PDF-"):
+            raise PdfaConformanceBridgeError("PDF/A export requires a PDF payload")
+        with tempfile.TemporaryDirectory(prefix="ummaya-pdfa-") as temp_root:
+            temp_dir = Path(temp_root)
+            input_path = temp_dir / "input.pdf"
+            output_path = temp_dir / "output.pdf"
+            pdfa_def_path = temp_dir / "PDFA_def.ps"
+            srgb_icc_path = temp_dir / "srgb.icc"
+            input_path.write_bytes(payload)
+            shutil.copy2(self.pdfa_def_path, pdfa_def_path)
+            shutil.copy2(self.srgb_icc_path, srgb_icc_path)
+            self._run_ghostscript(
+                input_path=input_path,
+                output_path=output_path,
+                cwd=temp_dir,
+            )
+            output_payload = output_path.read_bytes()
+            if not output_payload.startswith(b"%PDF-"):
+                raise PdfaConformanceBridgeError("PDF/A exporter did not produce a PDF payload")
+            report = self._validate_with_verapdf(output_path, output_payload)
+            return PdfaExportResult(payload=output_payload, report=report)
+    def _run_ghostscript(
+        self,
+        *,
+        input_path: Path,
+        output_path: Path,
+        cwd: Path,
+    ) -> None:
+        command = [
+            str(self.ghostscript_executable),
+            "--permit-file-read=srgb.icc",
+            "-dPDFA=2",
+            "-dBATCH",
+            "-dNOPAUSE",
+            "-dNOOUTERSAVE",
+            "-sColorConversionStrategy=RGB",
+            "-sDEVICE=pdfwrite",
+            "-dPDFACompatibilityPolicy=1",
+            f"-sOutputFile={output_path}",
+            "PDFA_def.ps",
+            str(input_path),
+        ]
+        completed = _run_local_command(
+            command,
+            cwd=cwd,
+            timeout_seconds=self.timeout_seconds,
+        )
+        if completed.returncode != 0:
+            raise PdfaConformanceBridgeError(
+                "Ghostscript PDF/A export failed: " + _process_output_summary(completed)
+            )
+        if not output_path.is_file() or output_path.stat().st_size == 0:
+            raise PdfaConformanceBridgeError("Ghostscript PDF/A export produced no output")
+    def _validate_with_verapdf(
+        self,
+        output_path: Path,
+        output_payload: bytes,
+    ) -> PdfaConformanceReport:
+        command = [
+            str(self.verapdf_executable),
+            "--format",
+            "text",
+            "--flavour",
+            PDFA_FLAVOUR,
+            str(output_path),
+        ]
+        completed = _run_local_command(
+            command,
+            cwd=output_path.parent,
+            timeout_seconds=self.timeout_seconds,
+        )
+        summary = _process_output_summary(completed)
+        if completed.returncode != 0 or not completed.stdout.decode(
+            "utf-8",
+            errors="replace",
+        ).lstrip().startswith("PASS "):
+            raise PdfaConformanceBridgeError(
+                "veraPDF PDF/A conformance validation failed: " + summary
+            )
+        return PdfaConformanceReport(
+            exporter_id=PDFA_EXPORTER_ID,
+            validator_id=PDFA_VALIDATOR_ID,
+            pdfa_flavour=PDFA_FLAVOUR,
+            sha256=hashlib.sha256(output_payload).hexdigest(),
+            byte_size=len(output_payload),
+            summary=summary,
+        )
+def build_default_pdfa_conformance_bridge(
+    *,
+    env: Mapping[str, str] | None = None,
+) -> PdfaConformanceBridge | None:
+    """Build the local PDF/A bridge when Ghostscript and veraPDF are available."""
+    active_env = os.environ if env is None else env
+    ghostscript = _find_executable("gs", active_env=active_env)
+    verapdf = _find_executable("verapdf", active_env=active_env)
+    if ghostscript is None or verapdf is None:
+        return None
+    assets = discover_ghostscript_pdfa_assets(ghostscript)
+    if assets is None:
+        return None
+    pdfa_def_path, srgb_icc_path = assets
+    return LocalPdfaConformanceBridge(
+        ghostscript_executable=ghostscript,
+        verapdf_executable=verapdf,
+        pdfa_def_path=pdfa_def_path,
+        srgb_icc_path=srgb_icc_path,
+    )
+def discover_ghostscript_pdfa_assets(
+    ghostscript_executable: Path,
+) -> tuple[Path, Path] | None:
+    """Return Ghostscript's PDF/A prefix and sRGB ICC profile paths if present."""
+    executable = ghostscript_executable.expanduser().resolve(strict=False)
+    for parent in executable.parents:
+        pdfa_def_path = parent / "share" / "ghostscript" / "lib" / "PDFA_def.ps"
+        srgb_icc_path = parent / "share" / "ghostscript" / "iccprofiles" / "srgb.icc"
+        if pdfa_def_path.is_file() and srgb_icc_path.is_file():
+            return pdfa_def_path.resolve(strict=False), srgb_icc_path.resolve(strict=False)
+    return None
+def _find_executable(
+    executable_name: str,
+    *,
+    active_env: Mapping[str, str],
+) -> Path | None:
+    path_env = active_env.get("PATH")
+    if not path_env:
+        return None
+    found = which(executable_name, path=path_env)
+    if found is None:
+        return None
+    candidate = Path(found).expanduser().resolve(strict=False)
+    if not candidate.exists() or not candidate.is_file() or not os.access(candidate, os.X_OK):
+        return None
+    return candidate
+def _validated_executable(path: Path, *, label: str) -> Path:
+    resolved = path.expanduser().resolve(strict=False)
+    if not resolved.is_absolute():
+        raise ValueError(f"{label} must be absolute")
+    if not resolved.exists() or not resolved.is_file() or not os.access(resolved, os.X_OK):
+        raise ValueError(f"{label} must be an executable file: {resolved}")
+    return resolved
+def _validated_file(path: Path, *, label: str) -> Path:
+    resolved = path.expanduser().resolve(strict=False)
+    if not resolved.is_absolute():
+        raise ValueError(f"{label} must be absolute")
+    if not resolved.is_file():
+        raise ValueError(f"{label} must be an existing file: {resolved}")
+    return resolved
+def _run_local_command(
+    command: list[str],
+    *,
+    cwd: Path,
+    timeout_seconds: int,
+) -> subprocess.CompletedProcess[bytes]:
+    try:
+        return subprocess.run(  # noqa: S603 - executables are absolute and prevalidated.
+            command,
+            cwd=cwd,
+            stdin=subprocess.DEVNULL,
+            capture_output=True,
+            timeout=timeout_seconds,
+            check=False,
+        )
+    except subprocess.TimeoutExpired as exc:
+        raise PdfaConformanceBridgeError(
+            f"PDF/A bridge command timed out after {timeout_seconds}s"
+        ) from exc
+def _process_output_summary(completed: subprocess.CompletedProcess[bytes]) -> str:
+    stdout = _truncate_process_bytes(completed.stdout)
+    stderr = _truncate_process_bytes(completed.stderr)
+    if stdout and stderr:
+        return f"stdout={stdout!r}; stderr={stderr!r}"
+    if stdout:
+        return f"stdout={stdout!r}"
+    if stderr:
+        return f"stderr={stderr!r}"
+    return "no process output"
+def _truncate_process_bytes(payload: bytes, limit: int = 500) -> str:
+    text = payload.decode("utf-8", errors="replace").strip()
+    if len(text) <= limit:
+        return text
+    return f"{text[:limit]}..."

package/src/ummaya/tools/documents/pdfa_promotion_probe.py ADDED Viewed

@@ -0,0 +1,198 @@
+# SPDX-License-Identifier: Apache-2.0
+"""Local PDF/A conformance promotion diagnostics.
+PDF/A artifacts can be parsed, rendered, and AcroForm-filled through the PDF
+runtime boundary, but UMMAYA must not claim PDF/A-conformant output until a
+local conformance validator verifies the post-write artifact.
+"""
+from __future__ import annotations
+import os
+from collections.abc import Mapping, Sequence
+from pathlib import Path
+from shutil import which
+from typing import Literal
+from pydantic import BaseModel, ConfigDict, Field
+from ummaya.tools.documents.models import (
+    DocumentFormat,
+    DocumentFormatFamily,
+    KnownDocumentFormat,
+)
+from ummaya.tools.documents.pdfa_conformance import (
+    PDFA_EXPORTER_ID,
+    PDFA_FLAVOUR,
+    PDFA_VALIDATOR_ID,
+    discover_ghostscript_pdfa_assets,
+)
+PDFA_CANDIDATE_ID = "verapdf-pdfa-postwrite-gate"
+PDFA_READ_ADAPTER_ID = "pypdf-acroform-adapter"
+PDFA_SOURCE_REFS = (
+    "upstream:verapdf-home-pdfa-validation",
+    "upstream:verapdf-cli-validation",
+    "upstream:ghostscript-pdfa-pdfwrite",
+    "upstream:pypdf-pdfa-no-guarantee",
+    "upstream:pypdf-acroform-forms",
+)
+PDFA_RECOMMENDED_ARGS = (
+    "gs",
+    "--permit-file-read=srgb.icc",
+    "-dPDFA=2",
+    "-dBATCH",
+    "-dNOPAUSE",
+    "-dNOOUTERSAVE",
+    "-sColorConversionStrategy=RGB",
+    "-sDEVICE=pdfwrite",
+    "-dPDFACompatibilityPolicy=1",
+    "-sOutputFile={output}",
+    "PDFA_def.ps",
+    "{source}",
+    "&&",
+    "verapdf",
+    "--format",
+    "text",
+    "--flavour",
+    PDFA_FLAVOUR,
+    "{output}",
+)
+PdfaPromotionProbeStatus = Literal["blocked", "candidate_available"]
+class PdfaPromotionProbeReport(BaseModel):
+    """Current local availability of PDF/A conformance validation candidates."""
+    model_config = ConfigDict(frozen=True, extra="forbid")
+    candidate_id: str = Field(min_length=1)
+    known_format: KnownDocumentFormat
+    family: DocumentFormatFamily
+    status: PdfaPromotionProbeStatus
+    runtime_format: DocumentFormat
+    read_adapter_id: str = Field(min_length=1)
+    exporter_id: str = Field(min_length=1)
+    exporter_available: bool
+    exporter_executable: Path | None
+    pdfa_def_path: Path | None
+    srgb_icc_path: Path | None
+    validator_id: str = Field(min_length=1)
+    validator_available: bool
+    validator_executable: Path | None
+    recommended_args: tuple[str, ...]
+    reasons: tuple[str, ...]
+    required_gates: tuple[str, ...]
+    evidence_refs: tuple[str, ...]
+def probe_pdfa_promotion(
+    *,
+    env: Mapping[str, str] | None = None,
+    search_path: Sequence[str] | None = None,
+) -> PdfaPromotionProbeReport:
+    """Report PDF/A conformance-gate readiness without promoting output writes."""
+    active_env = os.environ if env is None else env
+    validator_executable = _find_verapdf_cli(active_env=active_env, search_path=search_path)
+    exporter_executable = _find_ghostscript_cli(active_env=active_env, search_path=search_path)
+    pdfa_assets = (
+        discover_ghostscript_pdfa_assets(exporter_executable)
+        if exporter_executable is not None
+        else None
+    )
+    pdfa_def_path = pdfa_assets[0] if pdfa_assets is not None else None
+    srgb_icc_path = pdfa_assets[1] if pdfa_assets is not None else None
+    validator_available = validator_executable is not None
+    exporter_available = exporter_executable is not None and pdfa_assets is not None
+    status: PdfaPromotionProbeStatus = (
+        "candidate_available" if validator_available and exporter_available else "blocked"
+    )
+    return PdfaPromotionProbeReport(
+        candidate_id=PDFA_CANDIDATE_ID,
+        known_format=KnownDocumentFormat.pdfa,
+        family=DocumentFormatFamily.pdf,
+        status=status,
+        runtime_format=DocumentFormat.pdf,
+        read_adapter_id=PDFA_READ_ADAPTER_ID,
+        exporter_id=PDFA_EXPORTER_ID,
+        exporter_available=exporter_available,
+        exporter_executable=exporter_executable,
+        pdfa_def_path=pdfa_def_path,
+        srgb_icc_path=srgb_icc_path,
+        validator_id=PDFA_VALIDATOR_ID,
+        validator_available=validator_available,
+        validator_executable=validator_executable,
+        recommended_args=PDFA_RECOMMENDED_ARGS,
+        reasons=_reasons(
+            validator_available=validator_available,
+            exporter_available=exporter_available,
+        ),
+        required_gates=(
+            "pdfa_runtime_pdf_alias_intake_gate",
+            "pdf_acroform_write_render_save_gate",
+            "ghostscript_pdfa2b_export_available",
+            "verapdf_cli_available",
+            "verapdf_postwrite_conformance_gate",
+            "pdfa_runtime_completion_promotion",
+        ),
+        evidence_refs=PDFA_SOURCE_REFS,
+    )
+def _find_verapdf_cli(
+    *,
+    active_env: Mapping[str, str],
+    search_path: Sequence[str] | None,
+) -> Path | None:
+    path_env = os.pathsep.join(search_path) if search_path is not None else active_env.get("PATH")
+    if not path_env:
+        return None
+    found = which("verapdf", path=path_env)
+    if found is None:
+        return None
+    executable = Path(found).expanduser().resolve(strict=False)
+    if not _is_executable_file(executable):
+        return None
+    return executable
+def _find_ghostscript_cli(
+    *,
+    active_env: Mapping[str, str],
+    search_path: Sequence[str] | None,
+) -> Path | None:
+    path_env = os.pathsep.join(search_path) if search_path is not None else active_env.get("PATH")
+    if not path_env:
+        return None
+    found = which("gs", path=path_env)
+    if found is None:
+        return None
+    executable = Path(found).expanduser().resolve(strict=False)
+    if not _is_executable_file(executable):
+        return None
+    return executable
+def _is_executable_file(path: Path) -> bool:
+    return path.exists() and path.is_file() and os.access(path, os.X_OK)
+def _reasons(*, validator_available: bool, exporter_available: bool) -> tuple[str, ...]:
+    reasons = [
+        "pdfa_runtime_aliases_pdf_adapter",
+        "pypdf_pdfa_conformance_not_claimed",
+    ]
+    if validator_available:
+        reasons.append("verapdf_cli_found")
+    else:
+        reasons.append("verapdf_cli_not_found")
+    if exporter_available:
+        reasons.append("ghostscript_pdfa_exporter_found")
+    else:
+        reasons.append("ghostscript_pdfa_exporter_not_found")
+    if validator_available and exporter_available:
+        reasons.append("pdfa_postwrite_conformance_gate_available")
+    else:
+        reasons.append("pdfa_conformance_write_not_promoted")
+    return tuple(reasons)

package/src/ummaya/tools/documents/permissions.py ADDED Viewed

@@ -0,0 +1,110 @@
+# SPDX-License-Identifier: Apache-2.0
+"""Document artifact permission payloads for local harness operations."""
+from __future__ import annotations
+from enum import StrEnum
+from pydantic import BaseModel, ConfigDict, Field, model_validator
+from ummaya.tools.documents.models import (
+    BlockedReason,
+    DocumentToolResult,
+    ToolResultStatus,
+)
+class DocumentArtifactPermissionKind(StrEnum):
+    """Permission boundary for one document harness tool call."""
+    read_local_artifact = "read_local_artifact"
+    write_derivative_artifact = "write_derivative_artifact"
+    validate_local_artifact = "validate_local_artifact"
+class DocumentArtifactPermissionPayload(BaseModel):
+    """Minimal PermissionRequest payload for document artifacts.
+    The payload intentionally carries artifact/report identifiers only. It does
+    not expose source paths or inline bytes to the model-facing permission layer.
+    """
+    model_config = ConfigDict(frozen=True, extra="forbid")
+    kind: DocumentArtifactPermissionKind
+    tool_id: str = Field(min_length=1)
+    correlation_id: str = Field(min_length=1)
+    artifact_id: str = Field(min_length=1)
+    derivative_artifact_id: str | None = Field(default=None, min_length=1)
+    validation_report_id: str | None = Field(default=None, min_length=1)
+    intended_change_class: str | None = Field(default=None, min_length=1, max_length=80)
+    validation_status: str | None = Field(default=None, min_length=1, max_length=80)
+    requires_approval: bool
+    @model_validator(mode="after")
+    def _enforce_approval_boundary(self) -> DocumentArtifactPermissionPayload:
+        if (
+            self.kind is DocumentArtifactPermissionKind.write_derivative_artifact
+            and not self.requires_approval
+        ):
+            raise ValueError("write_derivative_artifact permission requires approval")
+        if (
+            self.kind is not DocumentArtifactPermissionKind.write_derivative_artifact
+            and self.requires_approval
+        ):
+            raise ValueError("read and validation document permissions do not require approval")
+        return self
+def build_document_artifact_permission(
+    *,
+    kind: DocumentArtifactPermissionKind,
+    tool_id: str,
+    correlation_id: str,
+    artifact_id: str,
+    derivative_artifact_id: str | None = None,
+    validation_report_id: str | None = None,
+    intended_change_class: str | None = None,
+    validation_status: str | None = None,
+) -> DocumentArtifactPermissionPayload:
+    """Build the identifier-only permission payload for a document tool call."""
+    return DocumentArtifactPermissionPayload(
+        kind=kind,
+        tool_id=tool_id,
+        correlation_id=correlation_id,
+        artifact_id=artifact_id,
+        derivative_artifact_id=derivative_artifact_id,
+        validation_report_id=validation_report_id,
+        intended_change_class=intended_change_class,
+        validation_status=validation_status,
+        requires_approval=kind is DocumentArtifactPermissionKind.write_derivative_artifact,
+    )
+def document_permission_denied_result(
+    *,
+    tool_id: str,
+    correlation_id: str,
+    artifact_id: str,
+    derivative_artifact_id: str | None = None,
+) -> DocumentToolResult:
+    """Return a typed blocked result when the user denies a document write."""
+    artifact_refs = [artifact_id]
+    if derivative_artifact_id is not None:
+        artifact_refs.append(derivative_artifact_id)
+    return DocumentToolResult(
+        tool_id=tool_id,
+        correlation_id=correlation_id,
+        status=ToolResultStatus.blocked,
+        artifact_refs=artifact_refs,
+        text_summary="Document write permission was denied by the user.",
+        blocked_reason=BlockedReason.permission_denied,
+    )
+__all__ = [
+    "DocumentArtifactPermissionKind",
+    "DocumentArtifactPermissionPayload",
+    "build_document_artifact_permission",
+    "document_permission_denied_result",
+]