npm - ummaya - Versions diffs - 0.2.4 → 0.2.5 - Mend

ummaya 0.2.4 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (477) hide show

package/README.md +15 -2
package/bin/ummaya +10 -1
package/npm-shrinkwrap.json +253 -2
package/package.json +5 -1
package/prompts/manifest.yaml +1 -1
package/prompts/system_v1.md +1 -0
package/pyproject.toml +26 -2
package/specs/2803-document-production-hardening/contracts/document-tools.schema.json +1043 -0
package/src/ummaya/_canonical/__init__.py +2 -0
package/src/ummaya/engine/engine.py +29 -132
package/src/ummaya/evidence/__init__.py +21 -2
package/src/ummaya/evidence/dataset_contract.py +193 -0
package/src/ummaya/evidence/document_authoring_cases.py +33 -0
package/src/ummaya/evidence/document_harness.py +313 -0
package/src/ummaya/evidence/document_viewer_ux.py +391 -0
package/src/ummaya/evidence/gates.py +70 -0
package/src/ummaya/evidence/json_types.py +20 -0
package/src/ummaya/evidence/models.py +88 -1
package/src/ummaya/evidence/output_payload.py +89 -0
package/src/ummaya/evidence/payload_documents.py +233 -0
package/src/ummaya/evidence/route_contracts.py +224 -0
package/src/ummaya/evidence/route_helpers.py +150 -0
package/src/ummaya/evidence/runner.py +81 -212
package/src/ummaya/evidence/source_provenance.py +246 -0
package/src/ummaya/evidence/source_provenance_redaction.py +176 -0
package/src/ummaya/evidence/tool_layer.py +39 -0
package/src/ummaya/evidence/tool_layer_models.py +151 -0
package/src/ummaya/ipc/adapter_manifest_emitter.py +26 -10
package/src/ummaya/ipc/document_intent_normalization.py +185 -0
package/src/ummaya/ipc/frame_schema.py +5 -5
package/src/ummaya/ipc/route_diagnostics.py +73 -0
package/src/ummaya/ipc/stdio.py +1109 -477
package/src/ummaya/llm/client.py +102 -3
package/src/ummaya/llm/config.py +8 -3
package/src/ummaya/primitives/__init__.py +6 -2
package/src/ummaya/primitives/delegation.py +1 -1
package/src/ummaya/primitives/document.py +28 -0
package/src/ummaya/settings.py +0 -3
package/src/ummaya/tools/discovery_bridge.py +17 -1
package/src/ummaya/tools/documents/__init__.py +297 -0
package/src/ummaya/tools/documents/adapter_registry.py +487 -0
package/src/ummaya/tools/documents/archive_container_probe.py +167 -0
package/src/ummaya/tools/documents/artifact_store.py +454 -0
package/src/ummaya/tools/documents/authoring.py +283 -0
package/src/ummaya/tools/documents/baselines.py +114 -0
package/src/ummaya/tools/documents/capability.py +331 -0
package/src/ummaya/tools/documents/contracts.py +112 -0
package/src/ummaya/tools/documents/conversion.py +521 -0
package/src/ummaya/tools/documents/diff.py +275 -0
package/src/ummaya/tools/documents/engines.py +163 -0
package/src/ummaya/tools/documents/evaluation.py +291 -0
package/src/ummaya/tools/documents/explicit_values.py +108 -0
package/src/ummaya/tools/documents/fixtures.py +174 -0
package/src/ummaya/tools/documents/format_completion_audit.py +471 -0
package/src/ummaya/tools/documents/formats/__init__.py +2 -0
package/src/ummaya/tools/documents/formats/archive.py +528 -0
package/src/ummaya/tools/documents/formats/base.py +41 -0
package/src/ummaya/tools/documents/formats/code_file.py +211 -0
package/src/ummaya/tools/documents/formats/data_file.py +272 -0
package/src/ummaya/tools/documents/formats/hwp.py +284 -0
package/src/ummaya/tools/documents/formats/hwpx.py +1837 -0
package/src/ummaya/tools/documents/formats/odf.py +435 -0
package/src/ummaya/tools/documents/formats/ooxml.py +1030 -0
package/src/ummaya/tools/documents/formats/passive.py +766 -0
package/src/ummaya/tools/documents/formats/pdf.py +702 -0
package/src/ummaya/tools/documents/formats/text_web.py +268 -0
package/src/ummaya/tools/documents/hwp_conversion_probe.py +178 -0
package/src/ummaya/tools/documents/hwp_direct_candidate.py +141 -0
package/src/ummaya/tools/documents/inspection.py +289 -0
package/src/ummaya/tools/documents/intake.py +1079 -0
package/src/ummaya/tools/documents/legacy_office_promotion_probe.py +366 -0
package/src/ummaya/tools/documents/models.py +1598 -0
package/src/ummaya/tools/documents/odf_promotion_probe.py +167 -0
package/src/ummaya/tools/documents/orchestrator.py +96 -0
package/src/ummaya/tools/documents/passive_capability_probe.py +251 -0
package/src/ummaya/tools/documents/patch.py +170 -0
package/src/ummaya/tools/documents/pdfa_conformance.py +284 -0
package/src/ummaya/tools/documents/pdfa_promotion_probe.py +198 -0
package/src/ummaya/tools/documents/permissions.py +110 -0
package/src/ummaya/tools/documents/planner.py +616 -0
package/src/ummaya/tools/documents/registry.py +2733 -0
package/src/ummaya/tools/documents/render.py +978 -0
package/src/ummaya/tools/documents/render_comparison.py +113 -0
package/src/ummaya/tools/documents/render_comparison_models.py +74 -0
package/src/ummaya/tools/documents/render_comparison_regions.py +73 -0
package/src/ummaya/tools/documents/render_comparison_style.py +161 -0
package/src/ummaya/tools/documents/reread.py +157 -0
package/src/ummaya/tools/documents/runtime_authoring.py +244 -0
package/src/ummaya/tools/documents/runtime_authoring_bundle.py +76 -0
package/src/ummaya/tools/documents/scorecard.py +184 -0
package/src/ummaya/tools/documents/socratic_planner.py +193 -0
package/src/ummaya/tools/documents/style.py +48 -0
package/src/ummaya/tools/documents/tool_defs.py +523 -0
package/src/ummaya/tools/documents/validate.py +347 -0
package/src/ummaya/tools/executor.py +29 -0
package/src/ummaya/tools/live_proxy.py +0 -3
package/src/ummaya/tools/models.py +5 -1
package/src/ummaya/tools/register_all.py +8 -0
package/src/ummaya/tools/registry.py +10 -1
package/src/ummaya/tools/routing/__init__.py +59 -0
package/src/ummaya/tools/routing/builder.py +105 -0
package/src/ummaya/tools/routing/cards.py +29 -0
package/src/ummaya/tools/routing/decision_service.py +534 -0
package/src/ummaya/tools/routing/decision_types.py +74 -0
package/src/ummaya/tools/routing/feasibility.py +122 -0
package/src/ummaya/tools/routing/intent.py +17 -0
package/src/ummaya/tools/routing/intent_extractor.py +207 -0
package/src/ummaya/tools/routing/intent_patterns.py +160 -0
package/src/ummaya/tools/routing/intent_public_data.py +150 -0
package/src/ummaya/tools/routing/intent_types.py +48 -0
package/src/ummaya/tools/routing/lint.py +78 -0
package/src/ummaya/tools/routing/metadata.py +174 -0
package/src/ummaya/tools/routing/projection.py +340 -0
package/src/ummaya/tools/routing/retrieval_policy.py +629 -0
package/src/ummaya/tools/routing/schema.py +81 -0
package/src/ummaya/tools/routing/types.py +96 -0
package/src/ummaya/tools/routing_index.py +2 -2
package/src/ummaya/tools/search.py +34 -746
package/tests/fixtures/documents/public_forms/baselines.yaml +113 -0
package/tui/package.json +1 -1
package/tui/src/.cc-byte-identical-whitelist.yaml +266 -0
package/tui/src/QueryEngine.ts +12 -8
package/tui/src/bridge/inboundAttachments.ts +3 -3
package/tui/src/cli/handlers/auth.ts +3 -12
package/tui/src/cli/print.ts +7 -7
package/tui/src/commands/insights.ts +1 -1
package/tui/src/commands/install-github-app/types.ts +8 -30
package/tui/src/commands/plugin/types.ts +6 -28
package/tui/src/commands/plugin/unifiedTypes.ts +4 -26
package/tui/src/commands/rename/generateSessionName.ts +1 -1
package/tui/src/components/Feedback.tsx +1 -1
package/tui/src/components/LogoV2/EmergencyTip.tsx +11 -2
package/tui/src/components/LogoV2/WelcomeV2.tsx +1 -3
package/tui/src/components/ScrollKeybindingHandler.tsx +6 -6
package/tui/src/components/Spinner/types.ts +6 -28
package/tui/src/components/agents/generateAgent.ts +1 -1
package/tui/src/components/agents/new-agent-creation/types.ts +4 -26
package/tui/src/components/config/EnvSecretIsolatedEditor.tsx +1 -1
package/tui/src/components/mcp/types.ts +16 -38
package/tui/src/components/messages/AssistantToolUseMessage.tsx +3 -2
package/tui/src/components/messages/UserCrossSessionMessage.ts +16 -4
package/tui/src/components/messages/UserForkBoilerplateMessage.ts +16 -4
package/tui/src/components/messages/UserGitHubWebhookMessage.ts +16 -4
package/tui/src/components/messages/UserToolResultMessage/utils.tsx +3 -2
package/tui/src/components/permissions/MonitorPermissionRequest/MonitorPermissionRequest.ts +9 -4
package/tui/src/components/permissions/ReviewArtifactPermissionRequest/ReviewArtifactPermissionRequest.ts +9 -4
package/tui/src/components/primitive/DocumentSocraticReviewBlock.tsx +129 -0
package/tui/src/components/primitive/DocumentToolResultCard.tsx +224 -0
package/tui/src/components/primitive/documentSocraticReview.ts +215 -0
package/tui/src/components/primitive/index.tsx +43 -1
package/tui/src/components/primitive/types.ts +137 -0
package/tui/src/components/ui/option.ts +4 -26
package/tui/src/constants/common.ts +0 -2
package/tui/src/constants/prompts.ts +4 -3
package/tui/src/constants/querySource.ts +4 -26
package/tui/src/entrypoints/sdk/controlTypes.ts +26 -48
package/tui/src/entrypoints/sdk/coreTypes.generated.ts +3 -25
package/tui/src/entrypoints/sdk/runtimeTypes.ts +38 -60
package/tui/src/entrypoints/sdk/sdkUtilityTypes.ts +4 -26
package/tui/src/entrypoints/sdk/settingsTypes.generated.ts +3 -25
package/tui/src/entrypoints/sdk/toolTypes.ts +3 -25
package/tui/src/hooks/toolPermission/handlers/interactiveHandler.ts +10 -0
package/tui/src/hooks/useApiKeyVerification.ts +1 -1
package/tui/src/hooks/useVirtualScroll.ts +1 -1
package/tui/src/ink/ink.tsx +33 -14
package/tui/src/ink/reconciler.ts +2 -3
package/tui/src/ink/render-to-screen.ts +30 -10
package/tui/src/ipc/bridge.ts +62 -15
package/tui/src/ipc/bridgeSingleton.ts +5 -1
package/tui/src/ipc/codec.ts +3 -3
package/tui/src/ipc/frames.generated.ts +12 -12
package/tui/src/ipc/llmClient.ts +151 -27
package/tui/src/ipc/schema/frame.schema.json +1 -1
package/tui/src/keybindings/defaultBindings.ts +4 -0
package/tui/src/main.tsx +29 -11
package/tui/src/native-ts/file-index/index.ts +33 -3
package/tui/src/observability/surface.ts +2 -2
package/tui/src/probes/toolRegistryProbe.tsx +3 -1
package/tui/src/projectOnboardingState.ts +7 -6
package/tui/src/query/chatMessageTypes.ts +18 -0
package/tui/src/query/chatMessagesBuilder.ts +1 -1
package/tui/src/query/deps.ts +1 -1
package/tui/src/query/messageGuards.ts +106 -0
package/tui/src/query/publicDataTerminalRepair.ts +384 -0
package/tui/src/query/run.ts +1075 -0
package/tui/src/query/supportBoundary.ts +168 -0
package/tui/src/query/toolResultErrors.ts +103 -0
package/tui/src/query/toolRunner.ts +687 -0
package/tui/src/query/unavailableToolRepair.ts +118 -0
package/tui/src/query.ts +9 -2186
package/tui/src/screens/REPL.tsx +40 -29
package/tui/src/services/api/adapterManifest.ts +4 -0
package/tui/src/services/api/backendChat/events.ts +117 -0
package/tui/src/services/api/backendChat/finalMessage.ts +40 -0
package/tui/src/services/api/backendChat/frame.ts +9 -0
package/tui/src/services/api/backendChat/streaming.ts +430 -0
package/tui/src/services/api/backendChat/types.ts +62 -0
package/tui/src/services/api/backendChat.ts +1 -0
package/tui/src/services/api/client.ts +65 -2
package/tui/src/services/api/errorUtils.ts +5 -5
package/tui/src/services/api/errors.ts +1 -1
package/tui/src/services/api/logging.ts +1 -1
package/tui/src/services/api/ummaya/evidence.ts +194 -0
package/tui/src/services/api/ummaya/messages.ts +255 -0
package/tui/src/services/api/ummaya/nonStreaming.ts +66 -0
package/tui/src/services/api/ummaya/provider.ts +200 -0
package/tui/src/services/api/ummaya/reasoning.ts +24 -0
package/tui/src/services/api/ummaya/request.ts +200 -0
package/tui/src/services/api/ummaya/selectionContext.ts +240 -0
package/tui/src/services/api/ummaya/streaming.ts +365 -0
package/tui/src/services/api/ummaya/streamingPayload.ts +129 -0
package/tui/src/services/api/ummaya/streamingReader.ts +40 -0
package/tui/src/services/api/ummaya/toolSelection.ts +217 -0
package/tui/src/services/api/ummaya/types.ts +110 -0
package/tui/src/services/api/ummaya/usage.ts +30 -0
package/tui/src/services/api/ummaya.ts +26 -418
package/tui/src/services/api/withRetry.ts +1 -1
package/tui/src/services/awaySummary.ts +2 -2
package/tui/src/services/claudeAiLimits.ts +1 -1
package/tui/src/services/compact/autoCompact.ts +1 -1
package/tui/src/services/compact/compact.ts +1 -1
package/tui/src/services/lsp/types.ts +8 -30
package/tui/src/services/tips/types.ts +6 -28
package/tui/src/services/tokenEstimation.ts +1 -1
package/tui/src/services/toolRegistry/bootGuard.ts +5 -5
package/tui/src/services/toolUseSummary/toolUseSummaryGenerator.ts +1 -1
package/tui/src/services/tools/toolExecution.ts +94 -1
package/tui/src/store/pendingPermissionSlot.ts +1 -1
package/tui/src/store/session-store.ts +10 -36
package/tui/src/stubs/any-stub.ts +15 -10
package/tui/src/stubs/color-diff-napi.ts +37 -23
package/tui/src/stubs/globals.d.ts +3 -3
package/tui/src/stubs/macro-preload.ts +23 -12
package/tui/src/tools/AdapterTool/AdapterTool.ts +1207 -714
package/tui/src/tools/AdapterTool/routeDiagnostics.ts +75 -0
package/tui/src/tools/AgentTool/AgentTool.tsx +84 -1371
package/tui/src/tools/AgentTool/agentToolHandoff.ts +114 -0
package/tui/src/tools/AgentTool/agentToolPartialResult.ts +16 -0
package/tui/src/tools/AgentTool/agentToolProgress.ts +32 -0
package/tui/src/tools/AgentTool/agentToolResolver.ts +161 -0
package/tui/src/tools/AgentTool/agentToolResult.ts +163 -0
package/tui/src/tools/AgentTool/agentToolUtils.ts +14 -686
package/tui/src/tools/AgentTool/asyncAgentLifecycle.ts +208 -0
package/tui/src/tools/AgentTool/asyncLifecycle.ts +153 -0
package/tui/src/tools/AgentTool/backgroundedCompletion.ts +126 -0
package/tui/src/tools/AgentTool/backgroundedLifecycle.ts +174 -0
package/tui/src/tools/AgentTool/foregroundBackground.ts +83 -0
package/tui/src/tools/AgentTool/foregroundDrain.tsx +133 -0
package/tui/src/tools/AgentTool/foregroundFinalize.ts +98 -0
package/tui/src/tools/AgentTool/foregroundLifecycle.tsx +237 -0
package/tui/src/tools/AgentTool/foregroundProgress.tsx +169 -0
package/tui/src/tools/AgentTool/foregroundTask.ts +89 -0
package/tui/src/tools/AgentTool/forkSubagent.ts +1 -12
package/tui/src/tools/AgentTool/forkSubagentGate.ts +34 -0
package/tui/src/tools/AgentTool/launchRouting.ts +203 -0
package/tui/src/tools/AgentTool/lifecycle.ts +244 -0
package/tui/src/tools/AgentTool/mcpRouting.ts +73 -0
package/tui/src/tools/AgentTool/orchestrationSupport.ts +70 -0
package/tui/src/tools/AgentTool/permissions.ts +39 -0
package/tui/src/tools/AgentTool/promptSetup.ts +181 -0
package/tui/src/tools/AgentTool/remoteRouting.ts +62 -0
package/tui/src/tools/AgentTool/resultMapping.ts +116 -0
package/tui/src/tools/AgentTool/resumeAgent.ts +39 -107
package/tui/src/tools/AgentTool/resumeAgentHelpers.ts +140 -0
package/tui/src/tools/AgentTool/runAgent.ts +1 -1
package/tui/src/tools/AgentTool/runtimeConfig.ts +57 -0
package/tui/src/tools/AgentTool/schemas.ts +196 -0
package/tui/src/tools/AgentTool/sourceVerificationPropagation.ts +263 -0
package/tui/src/tools/AgentTool/worktreeLifecycle.ts +105 -0
package/tui/src/tools/AskUserQuestionTool/AskUserQuestionTool.tsx +174 -202
package/tui/src/tools/BashTool/BashTool.tsx +71 -1072
package/tui/src/tools/BashTool/bashCommandHelpers.ts +12 -12
package/tui/src/tools/BashTool/bashPermissions/astPreflight.ts +173 -0
package/tui/src/tools/BashTool/bashPermissions/classifierChecks.ts +199 -0
package/tui/src/tools/BashTool/bashPermissions/compoundGuards.ts +53 -0
package/tui/src/tools/BashTool/bashPermissions/constants.ts +99 -0
package/tui/src/tools/BashTool/bashPermissions/index.ts +38 -0
package/tui/src/tools/BashTool/bashPermissions/legacyMisparsing.ts +62 -0
package/tui/src/tools/BashTool/bashPermissions/main.ts +135 -0
package/tui/src/tools/BashTool/bashPermissions/normalizedCommands.ts +33 -0
package/tui/src/tools/BashTool/bashPermissions/operatorFlow.ts +98 -0
package/tui/src/tools/BashTool/bashPermissions/permissionChecks.ts +200 -0
package/tui/src/tools/BashTool/bashPermissions/prefixSuggestions.ts +88 -0
package/tui/src/tools/BashTool/bashPermissions/promptClassifierRules.ts +125 -0
package/tui/src/tools/BashTool/bashPermissions/ruleDelegates.ts +19 -0
package/tui/src/tools/BashTool/bashPermissions/ruleMatching.ts +145 -0
package/tui/src/tools/BashTool/bashPermissions/sandboxAutoAllow.ts +75 -0
package/tui/src/tools/BashTool/bashPermissions/subcommandFlow.ts +205 -0
package/tui/src/tools/BashTool/bashPermissions/subcommandGuards.ts +73 -0
package/tui/src/tools/BashTool/bashPermissions/subcommandResultHelpers.ts +116 -0
package/tui/src/tools/BashTool/bashPermissions/types.ts +26 -0
package/tui/src/tools/BashTool/bashPermissions/wrapperStripping.ts +139 -0
package/tui/src/tools/BashTool/bashPermissions.ts +26 -2621
package/tui/src/tools/BashTool/call.ts +202 -0
package/tui/src/tools/BashTool/callLoader.ts +35 -0
package/tui/src/tools/BashTool/commandClassification.ts +151 -0
package/tui/src/tools/BashTool/commandClassificationLoader.ts +40 -0
package/tui/src/tools/BashTool/cwdReset.ts +33 -0
package/tui/src/tools/BashTool/lineTruncation.ts +11 -0
package/tui/src/tools/BashTool/modeValidation.ts +13 -1
package/tui/src/tools/BashTool/outputPersistence.ts +42 -0
package/tui/src/tools/BashTool/permissionClassification.ts +66 -0
package/tui/src/tools/BashTool/permissionLoader.ts +44 -0
package/tui/src/tools/BashTool/resultLoader.ts +29 -0
package/tui/src/tools/BashTool/resultMapping.ts +83 -0
package/tui/src/tools/BashTool/sandboxPolicy.ts +79 -0
package/tui/src/tools/BashTool/schemas.ts +65 -0
package/tui/src/tools/BashTool/sedEditExecution.ts +59 -0
package/tui/src/tools/BashTool/shellExecution.tsx +245 -0
package/tui/src/tools/BashTool/shellOutputUtils.ts +85 -0
package/tui/src/tools/BashTool/shellPermissionGauntlet.ts +97 -0
package/tui/src/tools/BashTool/uiLoader.ts +37 -0
package/tui/src/tools/BriefTool/upload.ts +1 -1
package/tui/src/tools/CalculatorTool/parser.ts +2 -2
package/tui/src/tools/DocumentPrimitive/DocumentPrimitive.ts +262 -0
package/tui/src/tools/DocumentPrimitive/dispatchNormalization.ts +270 -0
package/tui/src/tools/DocumentPrimitive/documentDestinationPath.ts +18 -0
package/tui/src/tools/DocumentPrimitive/documentMutationGuard.ts +22 -0
package/tui/src/tools/DocumentPrimitive/documentPatchNormalization.ts +248 -0
package/tui/src/tools/DocumentPrimitive/documentSourceVerification.ts +245 -0
package/tui/src/tools/DocumentPrimitive/documentSourceVerificationFields.ts +103 -0
package/tui/src/tools/DocumentPrimitive/modelVisibleOutput.ts +40 -0
package/tui/src/tools/DocumentPrimitive/prompt.ts +35 -0
package/tui/src/tools/FileEditTool/FileEditTool.ts +9 -507
package/tui/src/tools/FileEditTool/call.ts +228 -0
package/tui/src/tools/FileEditTool/validateInput.ts +196 -0
package/tui/src/tools/FileReadTool/imageProcessor.ts +13 -0
package/tui/src/tools/FileWriteTool/FileWriteTool.ts +7 -300
package/tui/src/tools/FileWriteTool/call.ts +223 -0
package/tui/src/tools/FileWriteTool/validateInput.ts +80 -0
package/tui/src/tools/ListMcpResourcesTool/ListMcpResourcesTool.ts +19 -3
package/tui/src/tools/LookupPrimitive/LookupPrimitive.ts +25 -32
package/tui/src/tools/LookupPrimitive/prompt.ts +0 -2
package/tui/src/tools/MCPTool/trustPolicy.ts +118 -0
package/tui/src/tools/McpAuthTool/McpAuthTool.ts +21 -3
package/tui/src/tools/NotebookEditTool/NotebookEditTool.ts +7 -326
package/tui/src/tools/NotebookEditTool/call.ts +254 -0
package/tui/src/tools/NotebookEditTool/notebookModel.ts +51 -0
package/tui/src/tools/NotebookEditTool/validateInput.ts +142 -0
package/tui/src/tools/PowerShellTool/PowerShellTool.tsx +46 -937
package/tui/src/tools/PowerShellTool/acceptEditsCommandValidation.ts +162 -0
package/tui/src/tools/PowerShellTool/call.ts +179 -0
package/tui/src/tools/PowerShellTool/callLoader.ts +37 -0
package/tui/src/tools/PowerShellTool/commandClassification.ts +86 -0
package/tui/src/tools/PowerShellTool/modeValidation.ts +25 -332
package/tui/src/tools/PowerShellTool/outputPersistence.ts +42 -0
package/tui/src/tools/PowerShellTool/permissionClassification.ts +28 -0
package/tui/src/tools/PowerShellTool/resultLoader.ts +31 -0
package/tui/src/tools/PowerShellTool/resultMapping.ts +75 -0
package/tui/src/tools/PowerShellTool/schemas.ts +40 -0
package/tui/src/tools/PowerShellTool/shellExecution.tsx +258 -0
package/tui/src/tools/PowerShellTool/symlinkModeValidation.ts +44 -0
package/tui/src/tools/PowerShellTool/uiLoader.ts +37 -0
package/tui/src/tools/PowerShellTool/validation.ts +39 -0
package/tui/src/tools/ReadMcpResourceTool/ReadMcpResourceTool.ts +19 -3
package/tui/src/tools/ResolveLocationPrimitive/ResolveLocationPrimitive.ts +1 -11
package/tui/src/tools/ResolveLocationPrimitive/prompt.ts +2 -6
package/tui/src/tools/SkillTool/SkillTool.ts +2 -2
package/tui/src/tools/SubmitPrimitive/SubmitPrimitive.ts +27 -10
package/tui/src/tools/TaskCreateTool/TaskCreateTool.ts +16 -2
package/tui/src/tools/TaskGetTool/TaskGetTool.ts +23 -3
package/tui/src/tools/TaskListTool/TaskListTool.ts +22 -4
package/tui/src/tools/TaskOutputTool/TaskOutputTool.tsx +46 -547
package/tui/src/tools/TaskOutputTool/lookup.ts +216 -0
package/tui/src/tools/TaskOutputTool/render.tsx +257 -0
package/tui/src/tools/TaskOutputTool/schemas.ts +55 -0
package/tui/src/tools/TaskOutputTool/serialization.ts +36 -0
package/tui/src/tools/TaskStopTool/TaskStopTool.ts +10 -0
package/tui/src/tools/TaskUpdateTool/TaskUpdateTool.ts +14 -364
package/tui/src/tools/TaskUpdateTool/completion.ts +62 -0
package/tui/src/tools/TaskUpdateTool/schemas.ts +62 -0
package/tui/src/tools/TaskUpdateTool/serialization.ts +46 -0
package/tui/src/tools/TaskUpdateTool/statusUpdate.ts +247 -0
package/tui/src/tools/TodoWriteTool/TodoWriteTool.ts +21 -2
package/tui/src/tools/ToolSearchTool/ToolSearchTool.ts +21 -302
package/tui/src/tools/ToolSearchTool/ccSupportTools.ts +223 -0
package/tui/src/tools/ToolSearchTool/descriptionCache.ts +50 -0
package/tui/src/tools/ToolSearchTool/keywordSearch.ts +216 -0
package/tui/src/tools/ToolSearchTool/prompt.ts +10 -4
package/tui/src/tools/ToolSearchTool/resultMapping.ts +30 -0
package/tui/src/tools/ToolSearchTool/schemas.ts +30 -0
package/tui/src/tools/ToolSearchTool/searchPool.ts +47 -0
package/tui/src/tools/ToolSearchTool/supportIntentHints.ts +140 -0
package/tui/src/tools/TranslateTool/TranslateTool.ts +1 -1
package/tui/src/tools/VerifyPrimitive/VerifyPrimitive.ts +2 -1
package/tui/src/tools/WebFetchTool/WebFetchTool.ts +43 -138
package/tui/src/tools/WebFetchTool/call.ts +227 -0
package/tui/src/tools/WebFetchTool/resolvedAddressSafety.ts +78 -0
package/tui/src/tools/WebFetchTool/sourceVerification.ts +204 -0
package/tui/src/tools/WebFetchTool/types.ts +23 -0
package/tui/src/tools/WebFetchTool/urlSafety.ts +181 -0
package/tui/src/tools/WebFetchTool/utils.ts +1 -1
package/tui/src/tools/WebSearchTool/UI.tsx +0 -1
package/tui/src/tools/WebSearchTool/WebSearchTool.ts +9 -313
package/tui/src/tools/WebSearchTool/call.ts +33 -0
package/tui/src/tools/WebSearchTool/responseMapping.ts +190 -0
package/tui/src/tools/WebSearchTool/resultBlock.ts +47 -0
package/tui/src/tools/WebSearchTool/schemas.ts +47 -0
package/tui/src/tools/WebSearchTool/toolSchema.ts +12 -0
package/tui/src/tools/WorkspaceToolAdapter/WorkspaceToolAdapter.ts +79 -0
package/tui/src/tools/WorkspaceToolAdapter/allowedRootPolicy.ts +85 -0
package/tui/src/tools/WorkspaceToolAdapter/documentFormatGuards.ts +73 -0
package/tui/src/tools/WorkspaceToolAdapter/inputNormalization.ts +105 -0
package/tui/src/tools/WorkspaceToolAdapter/mcpExposurePolicy.ts +64 -0
package/tui/src/tools/WorkspaceToolAdapter/toolDefFactory.ts +215 -0
package/tui/src/tools/WorkspaceToolAdapter/toolNames.ts +6 -0
package/tui/src/tools/WorkspaceToolAdapter/workspacePolicy.ts +15 -0
package/tui/src/tools/_shared/dispatchPrimitive.ts +6 -6
package/tui/src/tools/_shared/documentChangeToPatch.ts +125 -0
package/tui/src/tools/_shared/documentDispatchArguments.ts +87 -0
package/tui/src/tools/_shared/documentPrimitiveTimeout.ts +13 -0
package/tui/src/tools/_shared/documentToolResultRender.ts +98 -0
package/tui/src/tools/_shared/pendingCallRegistry.ts +1 -6
package/tui/src/tools/_shared/rootPrimitiveInput.ts +1 -0
package/tui/src/tools/_shared/toolChoiceRepair/documentCompletionPatterns.ts +58 -0
package/tui/src/tools/_shared/toolChoiceRepair/documentCompletionPrompt.ts +271 -0
package/tui/src/tools/_shared/toolChoiceRepair/documentRepair.ts +452 -0
package/tui/src/tools/_shared/toolChoiceRepair/messageAccess.ts +80 -0
package/tui/src/tools/_shared/toolChoiceRepair/publicDataRepair.ts +92 -0
package/tui/src/tools/_shared/toolChoiceRepair/supportRepair.ts +135 -0
package/tui/src/tools/_shared/toolChoiceRepair.ts +55 -860
package/tui/src/tools/shared/mockDisclaimer.ts +1 -1
package/tui/src/tools.ts +39 -190
package/tui/src/types/fileSuggestion.ts +4 -26
package/tui/src/types/generated/events_mono/claude_code/v1/claude_code_internal_event.ts +186 -148
package/tui/src/types/generated/events_mono/common/v1/auth.ts +25 -11
package/tui/src/types/generated/events_mono/growthbook/v1/growthbook_experiment_event.ts +47 -30
package/tui/src/types/generated/google/protobuf/timestamp.ts +21 -7
package/tui/src/types/message.ts +80 -102
package/tui/src/types/messageQueueTypes.ts +6 -28
package/tui/src/types/notebook.ts +16 -38
package/tui/src/types/statusLine.ts +4 -26
package/tui/src/types/tools.ts +24 -46
package/tui/src/types/utils.ts +6 -28
package/tui/src/upstreamproxy/relay.ts +7 -3
package/tui/src/upstreamproxy/upstreamproxy.ts +1 -1
package/tui/src/utils/assistantMessageFactories.ts +9 -3
package/tui/src/utils/auth.ts +129 -139
package/tui/src/utils/bash/ast.ts +23 -23
package/tui/src/utils/bash/bashParser.ts +5 -5
package/tui/src/utils/billing.ts +1 -1
package/tui/src/utils/collapseReadSearch.ts +3 -3
package/tui/src/utils/cronTasks.ts +1 -1
package/tui/src/utils/execFileNoThrow.ts +1 -1
package/tui/src/utils/filePersistence/types.ts +16 -38
package/tui/src/utils/forkedAgent.ts +1 -1
package/tui/src/utils/gracefulShutdown.ts +4 -4
package/tui/src/utils/heapDumpService.ts +12 -8
package/tui/src/utils/hooks/apiQueryHookHelper.ts +1 -1
package/tui/src/utils/hooks/execPromptHook.ts +1 -1
package/tui/src/utils/hooks/skillImprovement.ts +1 -1
package/tui/src/utils/mcp/dateTimeParser.ts +1 -1
package/tui/src/utils/messages.ts +18 -0
package/tui/src/utils/migrateSessions.ts +3 -3
package/tui/src/utils/model/model.ts +6 -6
package/tui/src/utils/permissions/yoloClassifier.ts +1 -1
package/tui/src/utils/plugins/headlessPluginInstall.ts +1 -1
package/tui/src/utils/plugins/mcpPluginIntegration.ts +1 -1
package/tui/src/utils/plugins/mcpbHandler.ts +1 -1
package/tui/src/utils/plugins/pluginLoader.ts +8 -8
package/tui/src/utils/protectedNamespace.ts +5 -3
package/tui/src/utils/rawJsonToolCall.ts +242 -0
package/tui/src/utils/ripgrep.ts +16 -7
package/tui/src/utils/sessionTitle.ts +1 -1
package/tui/src/utils/settings/permissionValidation.ts +14 -2
package/tui/src/utils/shell/prefix.ts +1 -1
package/tui/src/utils/sideQuery.ts +1 -1
package/tui/src/utils/systemThemeWatcher.ts +13 -3
package/tui/src/utils/teleport.tsx +1 -1
package/uv.lock +400 -14
package/tui/src/services/api/claude.ts +0 -3540
package/tui/src/tools/_shared/directPublicDataGuard.ts +0 -362
package/tui/src/tools/_shared/kmaAnalysisGuard.ts +0 -197
package/tui/src/tools/_shared/kmaAviationGuard.ts +0 -70
package/tui/src/tools/_shared/nmcAedGuard.ts +0 -234
package/tui/src/tools/_shared/protectedCheckGuard.ts +0 -207
package/tui/src/tools/_shared/textToolCallGuard.ts +0 -91

package/tui/src/tools/DocumentPrimitive/documentDestinationPath.ts ADDED Viewed

@@ -0,0 +1,18 @@
+// SPDX-License-Identifier: Apache-2.0
+const LOCAL_DOCUMENT_PATH_RE =
+  /(?:~|\/)[^\s"'<>]+?\.(?:hwpx|hwp|docx|pdf|xlsx|pptx|odt|ods|odp|doc|xls|ppt|csv|txt|md|json|xml|html)/giu
+export function lastLocalDocumentPath(text: string): string | undefined {
+  let latest: string | undefined
+  for (const match of text.matchAll(LOCAL_DOCUMENT_PATH_RE)) {
+    const rawPath = match[0]?.trim()
+    if (rawPath === undefined || rawPath === '') continue
+    latest = trimTrailingPunctuation(rawPath)
+  }
+  return latest
+}
+function trimTrailingPunctuation(path: string): string {
+  return path.replace(/[),.;:，。]+$/u, '')
+}

package/tui/src/tools/DocumentPrimitive/documentMutationGuard.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import type { ValidationResult } from '../../Tool.js'
+import {
+  getFsImplementation,
+  resolveDeepestExistingAncestorSync,
+} from '../../utils/fsOperations.js'
+import { documentDerivativeMutationValidation } from '../WorkspaceToolAdapter/documentFormatGuards.js'
+export function documentDerivativeMutationValidationForResolvedTarget(
+  filePath: string,
+): ValidationResult | null {
+  const directValidation = documentDerivativeMutationValidation(filePath)
+  if (directValidation !== null) return directValidation
+  if (filePath.startsWith('\\\\') || filePath.startsWith('//')) return null
+  const resolvedPath = resolveDeepestExistingAncestorSync(
+    getFsImplementation(),
+    filePath,
+  )
+  if (resolvedPath === undefined || resolvedPath === filePath) return null
+  return documentDerivativeMutationValidation(resolvedPath)
+}

package/tui/src/tools/DocumentPrimitive/documentPatchNormalization.ts ADDED Viewed

@@ -0,0 +1,248 @@
+// SPDX-License-Identifier: Apache-2.0
+import { createHash } from 'node:crypto'
+import {
+  enforceDocumentSourceApprovalForDispatch,
+  normalizeDocumentSourceSupportedPatchesForDispatch,
+} from './documentSourceVerification.js'
+const APPROVAL_TOKEN_RE = /승인|\bapprove\b/giu
+const APPROVAL_WORD_RE = /승인|\bapprove\b/iu
+const ISSUED_DRAFT_ID_RE = /^draft-[a-f0-9]{24}$/u
+const DRAFT_SHA256_RE = /^[a-f0-9]{64}$/u
+const DECISION_SPLIT_RE =
+  /[.!?。]+|\b(?:but|however|nevertheless|instead|rather|and)\b|(?:하지만|그러나|그렇지만|다만|지만)/iu
+const EXPLICIT_ENGLISH_APPROVAL_SEGMENT_RE =
+  /^(?:yes[,.]?\s+)?i\s+approve(?:\s+(?:this|the|that|current|revised|updated|final|draft|version|document|text|content|answer|change|changes))*[.!]?$/iu
+const EXPLICIT_KOREAN_APPROVAL_SEGMENT_RE =
+  /^(?:(?:지금|현재|이번|방금|수정한|이|그)\s*)?(?:(?:초안|문안|내용|답변|문서)\s*(?:은|는|을|를)?\s*)?승인(?:해|합니다|할게|하겠습니다)[.!。]?$/u
+const ENGLISH_NEGATION_PREFIX_RE =
+  /\b(?:do\s+not|don't|didn't|isn't|cannot|can't|won't|haven't|hasn't|hadn't|never|unable\s+to|refuse\s+to|decline\s+to|not\b)/iu
+const KOREAN_NEGATION_PREFIX_RE = /(?:불\s*|미\s*)$/u
+const KOREAN_NEGATION_SUFFIX_RE =
+  /^\s*(?:은|을|이|가|도|만|으로)?\s*(?:하지|않|안|못|거부|거절|반려|보류|취소|처리하지|보지|간주하지|할\s*수\s*없|아님|없)/u
+const EXPLICIT_REJECTION_RE =
+  /(?:\bno\b|\breject(?:ed)?\b|\bdisapprove(?:d)?\b|\bunapproved\b|\bdo\s+not\s+treat\s+(?:that|this|it)\s+as\s+approval\b|아니|불\s*승인|미\s*승인|거절|거부|반려|보류|취소|승인(?:으로)?\s*처리하지)/giu
+type StringPatch = {
+  readonly targetPath: string
+  readonly value: string
+}
+type ApprovedDraftFields = {
+  readonly draftId: string
+  readonly draftSha256: string
+}
+export function normalizeDocumentMutationPayloadsForDispatch(
+  args: Record<string, unknown>,
+  userText: string | undefined,
+): Record<string, unknown> {
+  const sourceNormalization = normalizeDocumentSourceSupportedPatchesForDispatch(
+    normalizeDocumentStylePayloadsForDispatch(
+      normalizeDocumentPatchPayloadsForDispatch(args),
+    ),
+    userText,
+  )
+  return enforceDocumentSourceApprovalForDispatch(
+    normalizeApprovedDraftPayloadForDispatch(sourceNormalization.args, userText),
+    sourceNormalization,
+  )
+}
+function normalizeDocumentPatchPayloadsForDispatch(
+  args: Record<string, unknown>,
+): Record<string, unknown> {
+  if (!Array.isArray(args.patches)) return args
+  return {
+    ...args,
+    patches: args.patches.map(normalizeDocumentPatchPayloadForDispatch),
+  }
+}
+function normalizeDocumentPatchPayloadForDispatch(patch: unknown): unknown {
+  const record = recordFrom(patch)
+  if (record === undefined || !Object.hasOwn(record, 'content')) return patch
+  const { content, ...withoutContent } = record
+  if (Object.hasOwn(withoutContent, 'value')) return withoutContent
+  return {
+    ...withoutContent,
+    value: content,
+  }
+}
+function normalizeDocumentStylePayloadsForDispatch(
+  args: Record<string, unknown>,
+): Record<string, unknown> {
+  if (!Array.isArray(args.styles)) return args
+  const styles = args.styles.filter(style => {
+    const record = recordFrom(style)
+    return record === undefined || Object.keys(record).length > 0
+  })
+  if (styles.length > 0) return styles.length === args.styles.length ? args : { ...args, styles }
+  const { styles: _styles, ...withoutStyles } = args
+  return withoutStyles
+}
+function normalizeApprovedDraftPayloadForDispatch(
+  args: Record<string, unknown>,
+  userText: string | undefined,
+): Record<string, unknown> {
+  const callerApproval = approvedDraftFieldsFromArgs(args)
+  const normalizedArgs = withoutApprovedDraftFields(args)
+  if (userText === undefined) return normalizedArgs
+  if (!hasAffirmativeApproval(userText)) return normalizedArgs
+  if (callerApproval !== undefined) {
+    return {
+      ...normalizedArgs,
+      approved_draft_id: callerApproval.draftId,
+      approved_draft_sha256: callerApproval.draftSha256,
+    }
+  }
+  const patches = stringPatchesFromArgs(normalizedArgs)
+  if (patches === undefined || patches.length === 0) return normalizedArgs
+  const approval = authoringApprovalForPatches(patches)
+  return {
+    ...normalizedArgs,
+    approved_draft_id: approval.draftId,
+    approved_draft_sha256: approval.draftSha256,
+  }
+}
+function withoutApprovedDraftFields(args: Record<string, unknown>): Record<string, unknown> {
+  const {
+    approved_draft_id: _approvedDraftId,
+    approved_draft_sha256: _approvedDraftSha256,
+    ...withoutApproval
+  } = args
+  return withoutApproval
+}
+function approvedDraftFieldsFromArgs(
+  args: Record<string, unknown>,
+): ApprovedDraftFields | undefined {
+  const draftId = stringField(args, 'approved_draft_id')
+  const draftSha256 = stringField(args, 'approved_draft_sha256')
+  if (draftId === undefined || draftSha256 === undefined) return undefined
+  if (!ISSUED_DRAFT_ID_RE.test(draftId)) return undefined
+  if (!DRAFT_SHA256_RE.test(draftSha256)) return undefined
+  return { draftId, draftSha256 }
+}
+function hasAffirmativeApproval(userText: string): boolean {
+  const decisions = decisionSegments(userText).flatMap(approvalDecisionFromSegment)
+  return decisions.at(-1) === true
+}
+function decisionSegments(userText: string): readonly string[] {
+  return userText
+    .split(DECISION_SPLIT_RE)
+    .map(segment => segment.trim())
+    .filter(segment => segment !== '')
+}
+function approvalDecisionFromSegment(segment: string): readonly boolean[] {
+  const decisions: Array<{ readonly index: number; readonly approved: boolean }> = []
+  for (const match of segment.matchAll(APPROVAL_TOKEN_RE)) {
+    const approvalToken = match[0]
+    const index = match.index
+    if (index !== undefined && isNegatedApprovalToken(segment, index, approvalToken.length)) {
+      decisions.push({ index, approved: false })
+    }
+  }
+  for (const match of segment.matchAll(EXPLICIT_REJECTION_RE)) {
+    const index = match.index
+    if (index !== undefined) {
+      decisions.push({ index, approved: false })
+    }
+  }
+  if (decisions.length === 0 && isExplicitApprovalSegment(segment)) {
+    decisions.push({ index: 0, approved: true })
+  }
+  return decisions
+    .sort((left, right) => left.index - right.index)
+    .map(decision => decision.approved)
+}
+function isExplicitApprovalSegment(segment: string): boolean {
+  const trimmedSegment = segment.trim()
+  return EXPLICIT_ENGLISH_APPROVAL_SEGMENT_RE.test(trimmedSegment) ||
+    EXPLICIT_KOREAN_APPROVAL_SEGMENT_RE.test(trimmedSegment)
+}
+function isNegatedApprovalToken(
+  segment: string,
+  index: number,
+  tokenLength: number,
+): boolean {
+  const beforeToken = segment.slice(0, index)
+  const afterToken = segment.slice(index + tokenLength)
+  return ENGLISH_NEGATION_PREFIX_RE.test(beforeToken) ||
+    KOREAN_NEGATION_PREFIX_RE.test(beforeToken) ||
+    KOREAN_NEGATION_SUFFIX_RE.test(afterToken)
+}
+function stringPatchesFromArgs(args: Record<string, unknown>): readonly StringPatch[] | undefined {
+  if (!Array.isArray(args.patches)) return []
+  const patches: StringPatch[] = []
+  for (const patch of args.patches) {
+    const record = recordFrom(patch)
+    if (record === undefined) return undefined
+    const targetPath = stringField(record, 'target_path')
+    const value = stringField(record, 'value')
+    if (targetPath === undefined || value === undefined) return undefined
+    patches.push({ targetPath, value })
+  }
+  return patches
+}
+function authoringApprovalForPatches(
+  patches: readonly StringPatch[],
+): { readonly draftId: string; readonly draftSha256: string } {
+  if (patches.length === 1) {
+    const patch = patches[0]
+    if (patch !== undefined) {
+      const draftSha256 = sha256Hex(patch.value)
+      return {
+        draftId: issuedAuthoringDraftId(patch.targetPath, draftSha256),
+        draftSha256,
+      }
+    }
+  }
+  const draftSha256 = sha256Hex(
+    patches
+      .map(patch => `${patch.targetPath}\0${sha256Hex(patch.value)}`)
+      .join('\0'),
+  )
+  return {
+    draftId: issuedAuthoringDraftId(authoringBundleTargetPath(patches), draftSha256),
+    draftSha256,
+  }
+}
+function issuedAuthoringDraftId(targetPath: string, draftSha256: string): string {
+  return `draft-${sha256Hex(`${targetPath}\0${draftSha256}`).slice(0, 24)}`
+}
+function authoringBundleTargetPath(patches: readonly StringPatch[]): string {
+  const targetPaths = patches.map(patch => patch.targetPath).join('\0')
+  return `bundle:${sha256Hex(targetPaths).slice(0, 24)}`
+}
+function stringField(
+  record: Record<string, unknown>,
+  key: string,
+): string | undefined {
+  const value = record[key]
+  return typeof value === 'string' && value.trim() !== '' ? value : undefined
+}
+function sha256Hex(value: string): string {
+  return createHash('sha256').update(value, 'utf8').digest('hex')
+}
+function recordFrom(value: unknown): Record<string, unknown> | undefined {
+  return typeof value === 'object' && value !== null && !Array.isArray(value)
+    ? Object.fromEntries(Object.entries(value))
+    : undefined
+}

package/tui/src/tools/DocumentPrimitive/documentSourceVerification.ts ADDED Viewed

@@ -0,0 +1,245 @@
+// SPDX-License-Identifier: Apache-2.0
+import { detectPromptInjection } from '../WebFetchTool/sourceVerification.js'
+import {
+  hasApprovedDraft,
+  patchRequestsSourceSupport,
+  patchTargetPath,
+  recordFrom,
+  recordsFrom,
+  sha256Hex,
+  sourceSupportHasUnsafeUrl,
+  sourceVerificationRequested,
+  stringField,
+  withoutApprovalFields,
+  withoutPatches,
+} from './documentSourceVerificationFields.js'
+export const DOCUMENT_SOURCE_VERIFICATION_POLICY =
+  'source_supported_patch_requires_user_approval' as const
+type QuestionWaitingReason =
+  | 'missing_source_support'
+  | 'blocked_source_support'
+  | 'prompt_injection_source_support'
+  | 'stale_source_support'
+  | 'missing_user_approval'
+type QuestionWaitingField = {
+  readonly target_path: string
+  readonly reason: QuestionWaitingReason
+}
+type SourcePatchNormalization = {
+  readonly args: Record<string, unknown>
+  readonly sourceGovernedPatchCount: number
+  readonly sourceSupportedPatchCount: number
+}
+type SourceSupportEvaluation =
+  | {
+      readonly kind: 'supported'
+      readonly sourceSupport: Record<string, unknown>
+    }
+  | {
+      readonly kind: 'blocked'
+      readonly reason: QuestionWaitingReason
+    }
+const SHA256_RE = /^[a-f0-9]{64}$/u
+export function normalizeDocumentSourceSupportedPatchesForDispatch(
+  args: Record<string, unknown>,
+  userText: string | undefined,
+): SourcePatchNormalization {
+  if (!Array.isArray(args.patches)) {
+    return {
+      args,
+      sourceGovernedPatchCount: 0,
+      sourceSupportedPatchCount: 0,
+    }
+  }
+  const policyRequested = sourceVerificationRequested(args, userText)
+  const keptPatches: unknown[] = []
+  const questionWaitingFields: QuestionWaitingField[] = []
+  let sourceGovernedPatchCount = 0
+  let sourceSupportedPatchCount = 0
+  for (const patch of args.patches) {
+    const record = recordFrom(patch)
+    const patchRequiresSource = policyRequested || patchRequestsSourceSupport(record)
+    if (!patchRequiresSource) {
+      keptPatches.push(patch)
+      continue
+    }
+    sourceGovernedPatchCount += 1
+    const targetPath = patchTargetPath(record)
+    const evaluation = evaluateSourceSupport(record)
+    if (evaluation.kind === 'blocked') {
+      questionWaitingFields.push({
+        target_path: targetPath,
+        reason: evaluation.reason,
+      })
+      continue
+    }
+    sourceSupportedPatchCount += 1
+    keptPatches.push({
+      ...record,
+      source_support: evaluation.sourceSupport,
+    })
+  }
+  if (sourceGovernedPatchCount === 0) {
+    return {
+      args,
+      sourceGovernedPatchCount,
+      sourceSupportedPatchCount,
+    }
+  }
+  const nextArgs =
+    keptPatches.length > 0 ? { ...args, patches: keptPatches } : withoutPatches(args)
+  return {
+    args: withSourceVerificationMetadata(
+      nextArgs,
+      sourceSupportedPatchCount,
+      questionWaitingFields,
+    ),
+    sourceGovernedPatchCount,
+    sourceSupportedPatchCount,
+  }
+}
+export function enforceDocumentSourceApprovalForDispatch(
+  args: Record<string, unknown>,
+  normalization: SourcePatchNormalization,
+): Record<string, unknown> {
+  if (
+    normalization.sourceGovernedPatchCount === 0 ||
+    normalization.sourceSupportedPatchCount === 0 ||
+    hasApprovedDraft(args)
+  ) {
+    return failClosedIfNoPatches(args, normalization.sourceGovernedPatchCount)
+  }
+  const blockedFields = recordsFrom(args.patches).flatMap(patch => {
+    if (!patchRequestsSourceSupport(patch)) return []
+    return [
+      {
+        target_path: patchTargetPath(patch),
+        reason: 'missing_user_approval' as const,
+      },
+    ]
+  })
+  const keptPatches = recordsFrom(args.patches).filter(
+    patch => !patchRequestsSourceSupport(patch),
+  )
+  const withoutApproval = withoutApprovalFields(args)
+  const nextArgs =
+    keptPatches.length > 0
+      ? { ...withoutApproval, patches: keptPatches }
+      : withoutPatches(withoutApproval)
+  return failClosedIfNoPatches(
+    withSourceVerificationMetadata(nextArgs, 0, blockedFields),
+    normalization.sourceGovernedPatchCount,
+  )
+}
+function withSourceVerificationMetadata(
+  args: Record<string, unknown>,
+  sourceVerifiedPatchCount: number,
+  questionWaitingFields: readonly QuestionWaitingField[],
+): Record<string, unknown> {
+  const existingFields = Array.isArray(args.question_waiting_fields)
+    ? recordsFrom(args.question_waiting_fields)
+    : []
+  return {
+    ...args,
+    source_verification_policy: DOCUMENT_SOURCE_VERIFICATION_POLICY,
+    source_verified_patch_count: sourceVerifiedPatchCount,
+    question_waiting_fields: [...existingFields, ...questionWaitingFields],
+  }
+}
+function failClosedIfNoPatches(
+  args: Record<string, unknown>,
+  sourceGovernedPatchCount: number,
+): Record<string, unknown> {
+  if (sourceGovernedPatchCount === 0 || Array.isArray(args.patches)) {
+    return args
+  }
+  const {
+    approved_draft_id: _approvedDraftId,
+    approved_draft_sha256: _approvedDraftSha256,
+    destination_path: _destinationPath,
+    destination_display_name: _destinationDisplayName,
+    ...withoutMutation
+  } = args
+  return {
+    ...withoutMutation,
+    operation: 'inspect',
+  }
+}
+function evaluateSourceSupport(
+  patch: Record<string, unknown> | null,
+): SourceSupportEvaluation {
+  if (patch === null) return { kind: 'blocked', reason: 'missing_source_support' }
+  const value = stringField(patch, 'value')
+  if (value === undefined) return { kind: 'blocked', reason: 'missing_source_support' }
+  const support = recordFrom(patch.source_support) ?? recordFrom(patch.sourceSupport)
+  if (support === null) return { kind: 'blocked', reason: 'missing_source_support' }
+  if (support.state === 'blocked' || support.blocked_or_used === 'blocked') {
+    return { kind: 'blocked', reason: 'blocked_source_support' }
+  }
+  if (support.state !== 'source_supported') {
+    return { kind: 'blocked', reason: 'missing_source_support' }
+  }
+  if (sourceSupportHasUnsafeUrl(support)) {
+    return { kind: 'blocked', reason: 'blocked_source_support' }
+  }
+  if (sourceSupportHasPromptInjection(support)) {
+    return { kind: 'blocked', reason: 'prompt_injection_source_support' }
+  }
+  const sourceSha256 = stringField(support, 'source_sha256')
+  const citationHandle = stringField(support, 'citation_handle')
+  if (
+    sourceSha256 === undefined ||
+    citationHandle === undefined ||
+    !SHA256_RE.test(sourceSha256)
+  ) {
+    return { kind: 'blocked', reason: 'missing_source_support' }
+  }
+  if (sourceSha256 !== sha256Hex(value)) {
+    return { kind: 'blocked', reason: 'stale_source_support' }
+  }
+  return {
+    kind: 'supported',
+    sourceSupport: sanitizeSourceSupport(support),
+  }
+}
+function sourceSupportHasPromptInjection(
+  sourceSupport: Record<string, unknown>,
+): boolean {
+  if (sourceSupport.prompt_injection === 'detected') return true
+  const sourceText = stringField(sourceSupport, 'source_text')
+  return sourceText !== undefined && detectPromptInjection(sourceText) === 'detected'
+}
+function sanitizeSourceSupport(
+  sourceSupport: Record<string, unknown>,
+): Record<string, unknown> {
+  return {
+    state: sourceSupport.state,
+    citation_handle: sourceSupport.citation_handle,
+    source_sha256: sourceSupport.source_sha256,
+    observed_at: sourceSupport.observed_at,
+    prompt_injection: sourceSupport.prompt_injection,
+  }
+}

package/tui/src/tools/DocumentPrimitive/documentSourceVerificationFields.ts ADDED Viewed

@@ -0,0 +1,103 @@
+// SPDX-License-Identifier: Apache-2.0
+import { createHash } from 'node:crypto'
+import { validatePublicWebFetchUrl } from '../WebFetchTool/urlSafety.js'
+const SOURCE_VERIFICATION_TEXT_RE =
+  /(근거|출처|검증|source[-\s]?support|source[-\s]?verification|citation|evidence)/iu
+const SOURCE_SUPPORT_URL_FIELDS = [
+  'source_url',
+  'sourceUrl',
+  'citation_url',
+  'citationUrl',
+] as const
+export function recordsFrom(value: unknown): readonly Record<string, unknown>[] {
+  if (!Array.isArray(value)) return []
+  return value.flatMap(item => {
+    const record = recordFrom(item)
+    return record === null ? [] : [record]
+  })
+}
+export function recordFrom(value: unknown): Record<string, unknown> | null {
+  return typeof value === 'object' && value !== null && !Array.isArray(value)
+    ? Object.fromEntries(Object.entries(value))
+    : null
+}
+export function stringField(
+  record: Record<string, unknown> | null,
+  key: string,
+): string | undefined {
+  if (record === null) return undefined
+  const value = record[key]
+  return typeof value === 'string' && value.trim() !== '' ? value : undefined
+}
+export function sha256Hex(value: string): string {
+  return createHash('sha256').update(value, 'utf8').digest('hex')
+}
+export function sourceVerificationRequested(
+  args: Record<string, unknown>,
+  userText: string | undefined,
+): boolean {
+  if (
+    args.requires_source_verification === true ||
+    args.source_verification_required === true
+  ) {
+    return true
+  }
+  const instruction = stringField(args, 'instruction')
+  const text = `${instruction ?? ''}\n${userText ?? ''}`
+  return SOURCE_VERIFICATION_TEXT_RE.test(text)
+}
+export function patchRequestsSourceSupport(
+  record: Record<string, unknown> | null,
+): boolean {
+  if (record === null) return false
+  return record.requires_source_verification === true ||
+    record.source_verification_required === true ||
+    record.source_support !== undefined ||
+    record.sourceSupport !== undefined
+}
+export function sourceSupportHasUnsafeUrl(
+  sourceSupport: Record<string, unknown>,
+): boolean {
+  for (const field of SOURCE_SUPPORT_URL_FIELDS) {
+    const value = stringField(sourceSupport, field)
+    if (value !== undefined && !validatePublicWebFetchUrl(value).ok) {
+      return true
+    }
+  }
+  return false
+}
+export function hasApprovedDraft(args: Record<string, unknown>): boolean {
+  return typeof args.approved_draft_id === 'string' &&
+    typeof args.approved_draft_sha256 === 'string'
+}
+export function withoutApprovalFields(
+  args: Record<string, unknown>,
+): Record<string, unknown> {
+  const {
+    approved_draft_id: _approvedDraftId,
+    approved_draft_sha256: _approvedDraftSha256,
+    ...withoutApproval
+  } = args
+  return withoutApproval
+}
+export function withoutPatches(args: Record<string, unknown>): Record<string, unknown> {
+  const { patches: _patches, ...withoutPatchPayload } = args
+  return withoutPatchPayload
+}
+export function patchTargetPath(record: Record<string, unknown> | null): string {
+  return stringField(record, 'target_path') ?? 'unknown'
+}

package/tui/src/tools/DocumentPrimitive/modelVisibleOutput.ts ADDED Viewed

@@ -0,0 +1,40 @@
+// SPDX-License-Identifier: Apache-2.0
+export function modelVisibleDocumentOutput(output: unknown): unknown {
+  return rewriteModelVisibleDocumentValue(output)
+}
+function rewriteModelVisibleDocumentValue(value: unknown): unknown {
+  if (Array.isArray(value)) {
+    return value.map(item => rewriteModelVisibleDocumentValue(item))
+  }
+  const record = recordFrom(value)
+  if (record === null) {
+    return value
+  }
+  const rewritten: Record<string, unknown> = {}
+  for (const [key, nested] of Object.entries(record)) {
+    rewritten[key] = rewriteModelVisibleDocumentValue(nested)
+  }
+  const displayLabel = nonEmptyString(rewritten.display_label)
+  if (displayLabel !== undefined && typeof rewritten.target_path === 'string') {
+    rewritten.target_path = displayLabel
+  }
+  return rewritten
+}
+function recordFrom(value: unknown): Record<string, unknown> | null {
+  return typeof value === 'object' && value !== null && !Array.isArray(value)
+    ? Object.fromEntries(Object.entries(value))
+    : null
+}
+function nonEmptyString(value: unknown): string | undefined {
+  if (typeof value !== 'string') {
+    return undefined
+  }
+  const trimmed = value.trim()
+  return trimmed === '' ? undefined : trimmed
+}