zero-config-cli-bridge 2.0.0 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/approval.d.ts +23 -9
- package/dist/approval.d.ts.map +1 -1
- package/dist/approval.js +181 -37
- package/dist/approval.js.map +1 -1
- package/dist/index.js +51 -9
- package/dist/index.js.map +1 -1
- package/dist/schema.d.ts.map +1 -1
- package/dist/schema.js +18 -4
- package/dist/schema.js.map +1 -1
- package/dist/security.d.ts +1 -1
- package/dist/security.js +1 -1
- package/package.json +1 -1
package/dist/approval.d.ts
CHANGED
|
@@ -1,15 +1,29 @@
|
|
|
1
1
|
/**
|
|
2
|
-
*
|
|
2
|
+
* Non-blocking HITL gate for headless MCP environments.
|
|
3
3
|
*
|
|
4
|
-
*
|
|
5
|
-
*
|
|
4
|
+
* Immediately returns { approvalId, url } so the agent can show the URL in
|
|
5
|
+
* the chat UI. The HTTP approval server keeps running in the background.
|
|
6
|
+
* The human clicks the URL at their own pace; no MCP response is held open.
|
|
6
7
|
*
|
|
7
|
-
*
|
|
8
|
-
*
|
|
9
|
-
* stdin/stdout are redirected, exactly as sudo(8) and ssh(1) do.
|
|
8
|
+
* Call waitForApproval(approvalId) in a second tool invocation (after the
|
|
9
|
+
* human has signalled approval) to obtain the final true/false decision.
|
|
10
10
|
*
|
|
11
|
-
*
|
|
12
|
-
*
|
|
11
|
+
* Browser open is attempted as a convenience but failure is non-fatal —
|
|
12
|
+
* the URL is always returned to the agent regardless of browser state.
|
|
13
13
|
*/
|
|
14
|
-
export declare function
|
|
14
|
+
export declare function startApproval(preview: string): Promise<{
|
|
15
|
+
approvalId: string;
|
|
16
|
+
url: string;
|
|
17
|
+
}>;
|
|
18
|
+
/**
|
|
19
|
+
* Awaits the human's click decision for a previously started approval.
|
|
20
|
+
*
|
|
21
|
+
* Returns:
|
|
22
|
+
* 'approved' — human clicked ✓ Approve
|
|
23
|
+
* 'denied' — human clicked ✗ Deny (or timeout elapsed)
|
|
24
|
+
* 'unknown' — approvalId not found (expired, already consumed, or invalid)
|
|
25
|
+
*
|
|
26
|
+
* Removes the slot from the registry after returning.
|
|
27
|
+
*/
|
|
28
|
+
export declare function waitForApproval(approvalId: string): Promise<'approved' | 'denied' | 'unknown'>;
|
|
15
29
|
//# sourceMappingURL=approval.d.ts.map
|
package/dist/approval.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"approval.d.ts","sourceRoot":"","sources":["../src/approval.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"approval.d.ts","sourceRoot":"","sources":["../src/approval.ts"],"names":[],"mappings":"AAuHA;;;;;;;;;;;;GAYG;AACH,wBAAsB,aAAa,CACjC,OAAO,EAAE,MAAM,GACd,OAAO,CAAC;IAAE,UAAU,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,CAAC,CAoE9C;AAED;;;;;;;;;GASG;AACH,wBAAsB,eAAe,CACnC,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,UAAU,GAAG,QAAQ,GAAG,SAAS,CAAC,CAM5C"}
|
package/dist/approval.js
CHANGED
|
@@ -1,48 +1,192 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import {
|
|
1
|
+
import { createServer } from 'http';
|
|
2
|
+
import { exec } from 'child_process';
|
|
3
|
+
import { randomBytes } from 'crypto';
|
|
4
|
+
import { readFileSync } from 'fs';
|
|
5
|
+
const APPROVAL_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes — deny on timeout
|
|
6
|
+
function detectPlatform() {
|
|
7
|
+
if (process.platform === 'darwin')
|
|
8
|
+
return 'mac';
|
|
9
|
+
if (process.platform === 'win32')
|
|
10
|
+
return 'windows';
|
|
11
|
+
try {
|
|
12
|
+
const v = readFileSync('/proc/version', 'utf-8').toLowerCase();
|
|
13
|
+
if (v.includes('microsoft') || v.includes('wsl'))
|
|
14
|
+
return 'wsl';
|
|
15
|
+
}
|
|
16
|
+
catch { /* not Linux or /proc unavailable */ }
|
|
17
|
+
return 'linux';
|
|
18
|
+
}
|
|
19
|
+
function openBrowser(url) {
|
|
20
|
+
const p = detectPlatform();
|
|
21
|
+
// Best-effort only — failure is non-fatal; URL is returned to agent anyway.
|
|
22
|
+
const cmd = p === 'mac' ? `open '${url}'` :
|
|
23
|
+
p === 'windows' ? `start "" "${url}"` :
|
|
24
|
+
p === 'wsl' ? `explorer.exe '${url}'` :
|
|
25
|
+
`xdg-open '${url}' || sensible-browser '${url}'`;
|
|
26
|
+
exec(cmd, (err) => {
|
|
27
|
+
if (err) {
|
|
28
|
+
process.stderr.write(`\x1b[33mCould not open browser automatically.\x1b[0m\n`);
|
|
29
|
+
}
|
|
30
|
+
});
|
|
31
|
+
}
|
|
32
|
+
// ── Port discovery ──────────────────────────────────────────────────────────
|
|
33
|
+
function findFreePort() {
|
|
34
|
+
return new Promise((resolve, reject) => {
|
|
35
|
+
const s = createServer();
|
|
36
|
+
s.listen(0, '127.0.0.1', () => {
|
|
37
|
+
const addr = s.address();
|
|
38
|
+
const port = typeof addr === 'object' && addr ? addr.port : null;
|
|
39
|
+
s.close(() => {
|
|
40
|
+
if (port)
|
|
41
|
+
resolve(port);
|
|
42
|
+
else
|
|
43
|
+
reject(new Error('Could not determine free port'));
|
|
44
|
+
});
|
|
45
|
+
});
|
|
46
|
+
s.on('error', reject);
|
|
47
|
+
});
|
|
48
|
+
}
|
|
49
|
+
// ── Approval UI ─────────────────────────────────────────────────────────────
|
|
50
|
+
function approvalPage(preview, token) {
|
|
51
|
+
const safe = preview.replace(/&/g, '&').replace(/</g, '<');
|
|
52
|
+
return `<!DOCTYPE html>
|
|
53
|
+
<html lang="en">
|
|
54
|
+
<head>
|
|
55
|
+
<meta charset="utf-8">
|
|
56
|
+
<title>Agent Approval Required</title>
|
|
57
|
+
<style>
|
|
58
|
+
body { font-family: system-ui, -apple-system, sans-serif; max-width: 640px;
|
|
59
|
+
margin: 60px auto; padding: 0 24px; color: #1e293b; }
|
|
60
|
+
h1 { color: #b45309; margin-bottom: 8px; }
|
|
61
|
+
p { color: #475569; line-height: 1.6; }
|
|
62
|
+
pre { background: #f1f5f9; border: 1px solid #cbd5e1; border-radius: 8px;
|
|
63
|
+
padding: 16px; font-size: 13px; overflow-x: auto; white-space: pre-wrap; }
|
|
64
|
+
.row { display: flex; gap: 12px; margin-top: 28px; }
|
|
65
|
+
button { flex: 1; padding: 14px; font-size: 15px; font-weight: 600;
|
|
66
|
+
border: none; border-radius: 8px; cursor: pointer; transition: opacity .15s; }
|
|
67
|
+
button:hover { opacity: .82; }
|
|
68
|
+
.ok { background: #16a34a; color: #fff; }
|
|
69
|
+
.no { background: #dc2626; color: #fff; }
|
|
70
|
+
</style>
|
|
71
|
+
</head>
|
|
72
|
+
<body>
|
|
73
|
+
<h1>⚠️ Agent Approval Required</h1>
|
|
74
|
+
<p>An AI agent is requesting permission to execute a <strong>write operation</strong>
|
|
75
|
+
using your local GitHub credentials:</p>
|
|
76
|
+
<pre>${safe}</pre>
|
|
77
|
+
<p>Approve only if you initiated this action and understand its consequences.</p>
|
|
78
|
+
<div class="row">
|
|
79
|
+
<form method="POST" action="/approve/${token}" style="flex:1">
|
|
80
|
+
<button class="ok" type="submit">✓ Approve</button>
|
|
81
|
+
</form>
|
|
82
|
+
<form method="POST" action="/deny/${token}" style="flex:1">
|
|
83
|
+
<button class="no" type="submit">✗ Deny</button>
|
|
84
|
+
</form>
|
|
85
|
+
</div>
|
|
86
|
+
</body>
|
|
87
|
+
</html>`;
|
|
88
|
+
}
|
|
89
|
+
function donePage(approved) {
|
|
90
|
+
const [icon, color, msg] = approved
|
|
91
|
+
? ['✓', '#16a34a', 'Approved — the agent will now execute the operation.']
|
|
92
|
+
: ['✗', '#dc2626', 'Denied — operation was cancelled.'];
|
|
93
|
+
return `<!DOCTYPE html><html><head><meta charset="utf-8"><title>Done</title></head>
|
|
94
|
+
<body style="font-family:system-ui;text-align:center;padding:60px;color:${color}">
|
|
95
|
+
<h1 style="font-size:64px;margin:0">${icon}</h1>
|
|
96
|
+
<p style="font-size:20px">${msg}</p>
|
|
97
|
+
<p style="color:#64748b">You can close this tab.</p>
|
|
98
|
+
</body></html>`;
|
|
99
|
+
}
|
|
100
|
+
// Keyed by approvalId (opaque hex string handed to the agent).
|
|
101
|
+
const slots = new Map();
|
|
102
|
+
// ── Public API ──────────────────────────────────────────────────────────────
|
|
3
103
|
/**
|
|
4
|
-
*
|
|
104
|
+
* Non-blocking HITL gate for headless MCP environments.
|
|
5
105
|
*
|
|
6
|
-
*
|
|
7
|
-
*
|
|
106
|
+
* Immediately returns { approvalId, url } so the agent can show the URL in
|
|
107
|
+
* the chat UI. The HTTP approval server keeps running in the background.
|
|
108
|
+
* The human clicks the URL at their own pace; no MCP response is held open.
|
|
8
109
|
*
|
|
9
|
-
*
|
|
10
|
-
*
|
|
11
|
-
* stdin/stdout are redirected, exactly as sudo(8) and ssh(1) do.
|
|
110
|
+
* Call waitForApproval(approvalId) in a second tool invocation (after the
|
|
111
|
+
* human has signalled approval) to obtain the final true/false decision.
|
|
12
112
|
*
|
|
13
|
-
*
|
|
14
|
-
*
|
|
113
|
+
* Browser open is attempted as a convenience but failure is non-fatal —
|
|
114
|
+
* the URL is always returned to the agent regardless of browser state.
|
|
15
115
|
*/
|
|
16
|
-
export async function
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
116
|
+
export async function startApproval(preview) {
|
|
117
|
+
const token = randomBytes(24).toString('hex');
|
|
118
|
+
const approvalId = randomBytes(12).toString('hex');
|
|
119
|
+
const port = await findFreePort();
|
|
120
|
+
const url = `http://127.0.0.1:${port}/${token}`;
|
|
121
|
+
let resolveApproval;
|
|
122
|
+
const promise = new Promise((res) => { resolveApproval = res; });
|
|
123
|
+
let settled = false;
|
|
124
|
+
const settle = (approved, res) => {
|
|
125
|
+
if (settled)
|
|
126
|
+
return;
|
|
127
|
+
settled = true;
|
|
128
|
+
if (res) {
|
|
129
|
+
res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
|
|
130
|
+
res.end(donePage(approved));
|
|
25
131
|
}
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
132
|
+
setTimeout(() => httpServer.close(), 500);
|
|
133
|
+
process.stderr.write(approved
|
|
134
|
+
? '\x1b[32m✓ Approved — agent will execute write operation.\x1b[0m\n\n'
|
|
135
|
+
: '\x1b[31m✗ Denied — write operation cancelled.\x1b[0m\n\n');
|
|
136
|
+
resolveApproval(approved);
|
|
137
|
+
};
|
|
138
|
+
const httpServer = createServer((req, res) => {
|
|
139
|
+
if (req.method === 'GET' && req.url === `/${token}`) {
|
|
140
|
+
res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
|
|
141
|
+
res.end(approvalPage(preview, token));
|
|
29
142
|
return;
|
|
30
143
|
}
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
144
|
+
if (req.method === 'POST' && req.url === `/approve/${token}`) {
|
|
145
|
+
settle(true, res);
|
|
146
|
+
return;
|
|
147
|
+
}
|
|
148
|
+
if (req.method === 'POST' && req.url === `/deny/${token}`) {
|
|
149
|
+
settle(false, res);
|
|
150
|
+
return;
|
|
151
|
+
}
|
|
152
|
+
res.writeHead(404);
|
|
153
|
+
res.end();
|
|
154
|
+
});
|
|
155
|
+
// Await bind so the port is guaranteed open before we return the URL.
|
|
156
|
+
await new Promise((resolve, reject) => {
|
|
157
|
+
httpServer.listen(port, '127.0.0.1', resolve);
|
|
158
|
+
httpServer.on('error', reject);
|
|
46
159
|
});
|
|
160
|
+
process.stderr.write(`\n\x1b[33m━━━ APPROVAL REQUIRED ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\x1b[0m\n` +
|
|
161
|
+
`\x1b[1m${preview}\x1b[0m\n\n` +
|
|
162
|
+
`Approval URL:\n \x1b[36m${url}\x1b[0m\n` +
|
|
163
|
+
`Server port: ${port} token found: true\n`);
|
|
164
|
+
openBrowser(url);
|
|
165
|
+
setTimeout(() => {
|
|
166
|
+
if (!settled) {
|
|
167
|
+
process.stderr.write('\x1b[31mApproval timed out — denied by default.\x1b[0m\n');
|
|
168
|
+
settle(false);
|
|
169
|
+
}
|
|
170
|
+
}, APPROVAL_TIMEOUT_MS);
|
|
171
|
+
slots.set(approvalId, { promise, url });
|
|
172
|
+
return { approvalId, url };
|
|
173
|
+
}
|
|
174
|
+
/**
|
|
175
|
+
* Awaits the human's click decision for a previously started approval.
|
|
176
|
+
*
|
|
177
|
+
* Returns:
|
|
178
|
+
* 'approved' — human clicked ✓ Approve
|
|
179
|
+
* 'denied' — human clicked ✗ Deny (or timeout elapsed)
|
|
180
|
+
* 'unknown' — approvalId not found (expired, already consumed, or invalid)
|
|
181
|
+
*
|
|
182
|
+
* Removes the slot from the registry after returning.
|
|
183
|
+
*/
|
|
184
|
+
export async function waitForApproval(approvalId) {
|
|
185
|
+
const slot = slots.get(approvalId);
|
|
186
|
+
if (!slot)
|
|
187
|
+
return 'unknown';
|
|
188
|
+
const approved = await slot.promise;
|
|
189
|
+
slots.delete(approvalId);
|
|
190
|
+
return approved ? 'approved' : 'denied';
|
|
47
191
|
}
|
|
48
192
|
//# sourceMappingURL=approval.js.map
|
package/dist/approval.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"approval.js","sourceRoot":"","sources":["../src/approval.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"approval.js","sourceRoot":"","sources":["../src/approval.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAmC,MAAM,MAAM,CAAC;AACrE,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AACrC,OAAO,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACrC,OAAO,EAAE,YAAY,EAAE,MAAM,IAAI,CAAC;AAElC,MAAM,mBAAmB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,8BAA8B;AAMzE,SAAS,cAAc;IACrB,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ;QAAE,OAAO,KAAK,CAAC;IAChD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO;QAAE,OAAO,SAAS,CAAC;IACnD,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,YAAY,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;QAC/D,IAAI,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;IACjE,CAAC;IAAC,MAAM,CAAC,CAAC,oCAAoC,CAAC,CAAC;IAChD,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,MAAM,CAAC,GAAG,cAAc,EAAE,CAAC;IAC3B,4EAA4E;IAC5E,MAAM,GAAG,GACP,CAAC,KAAK,KAAK,CAAK,CAAC,CAAC,SAAS,GAAG,GAAG,CAAC,CAAC;QACnC,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,aAAa,GAAG,GAAG,CAAC,CAAC;YACvC,CAAC,KAAK,KAAK,CAAK,CAAC,CAAC,iBAAiB,GAAG,GAAG,CAAC,CAAC;gBACzB,aAAa,GAAG,0BAA0B,GAAG,GAAG,CAAC;IACrE,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,EAAE;QAChB,IAAI,GAAG,EAAE,CAAC;YACR,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QACjF,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,+EAA+E;AAE/E,SAAS,YAAY;IACnB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,CAAC,GAAG,YAAY,EAAE,CAAC;QACzB,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;YAC5B,MAAM,IAAI,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC;YACzB,MAAM,IAAI,GAAG,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;YACjE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;gBACX,IAAI,IAAI;oBAAE,OAAO,CAAC,IAAI,CAAC,CAAC;;oBACnB,MAAM,CAAC,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC,CAAC;YAC1D,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QACH,CAAC,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACxB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,+EAA+E;AAE/E,SAAS,YAAY,CAAC,OAAe,EAAE,KAAa;IAClD,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAClE,OAAO;;;;;;;;;;;;;;;;;;;;;;;;SAwBA,IAAI;;;2CAG8B,KAAK;;;wCAGR,KAAK;;;;;QAKrC,CAAC;AACT,CAAC;AAED,SAAS,QAAQ,CAAC,QAAiB;IACjC,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,GAAG,QAAQ;QACjC,CAAC,CAAC,CAAC,GAAG,EAAE,SAAS,EAAE,sDAAsD,CAAC;QAC1E,CAAC,CAAC,CAAC,GAAG,EAAE,SAAS,EAAE,mCAAmC,CAAC,CAAC;IAC1D,OAAO;0EACiE,KAAK;sCACzC,IAAI;4BACd,GAAG;;eAEhB,CAAC;AAChB,CAAC;AASD,+DAA+D;AAC/D,MAAM,KAAK,GAAG,IAAI,GAAG,EAAwB,CAAC;AAE9C,+EAA+E;AAE/E;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,OAAe;IAEf,MAAM,KAAK,GAAQ,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnD,MAAM,UAAU,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACnD,MAAM,IAAI,GAAS,MAAM,YAAY,EAAE,CAAC;IACxC,MAAM,GAAG,GAAU,oBAAoB,IAAI,IAAI,KAAK,EAAE,CAAC;IAEvD,IAAI,eAA6C,CAAC;IAClD,MAAM,OAAO,GAAG,IAAI,OAAO,CAAU,CAAC,GAAG,EAAE,EAAE,GAAG,eAAe,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAE1E,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,MAAM,MAAM,GAAG,CAAC,QAAiB,EAAE,GAAoB,EAAE,EAAE;QACzD,IAAI,OAAO;YAAE,OAAO;QACpB,OAAO,GAAG,IAAI,CAAC;QACf,IAAI,GAAG,EAAE,CAAC;YACR,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,CAAC,CAAC;YACnE,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC9B,CAAC;QACD,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,GAAG,CAAC,CAAC;QAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,QAAQ;YACN,CAAC,CAAC,qEAAqE;YACvE,CAAC,CAAC,0DAA0D,CAC/D,CAAC;QACF,eAAe,CAAC,QAAQ,CAAC,CAAC;IAC5B,CAAC,CAAC;IAEF,MAAM,UAAU,GAAG,YAAY,CAAC,CAAC,GAAoB,EAAE,GAAmB,EAAE,EAAE;QAC5E,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,GAAG,CAAC,GAAG,KAAK,IAAI,KAAK,EAAE,EAAE,CAAC;YACpD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,CAAC,CAAC;YACnE,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;YACtC,OAAO;QACT,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,GAAG,KAAK,YAAY,KAAK,EAAE,EAAE,CAAC;YAC7D,MAAM,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAClB,OAAO;QACT,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,GAAG,KAAK,SAAS,KAAK,EAAE,EAAE,CAAC;YAC1D,MAAM,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;YACnB,OAAO;QACT,CAAC;QACD,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACnB,GAAG,CAAC,GAAG,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;IAEH,sEAAsE;IACtE,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1C,UAAU,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;QAC9C,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,MAAM,CAAC,KAAK,CAClB,6EAA6E;QAC7E,UAAU,OAAO,aAAa;QAC9B,4BAA4B,GAAG,WAAW;QAC1C,gBAAgB,IAAI,sBAAsB,CAC3C,CAAC;IAEF,WAAW,CAAC,GAAG,CAAC,CAAC;IAEjB,UAAU,CAAC,GAAG,EAAE;QACd,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,0DAA0D,CAAC,CAAC;YACjF,MAAM,CAAC,KAAK,CAAC,CAAC;QAChB,CAAC;IACH,CAAC,EAAE,mBAAmB,CAAC,CAAC;IAExB,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC;IACxC,OAAO,EAAE,UAAU,EAAE,GAAG,EAAE,CAAC;AAC7B,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CACnC,UAAkB;IAElB,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACnC,IAAI,CAAC,IAAI;QAAE,OAAO,SAAS,CAAC;IAC5B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;IACpC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IACzB,OAAO,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC;AAC1C,CAAC"}
|
package/dist/index.js
CHANGED
|
@@ -5,7 +5,7 @@ import { CallToolRequestSchema, ListToolsRequestSchema, } from '@modelcontextpro
|
|
|
5
5
|
import { executeCommand } from './executor.js';
|
|
6
6
|
import { getOperationTier, validateArgs } from './security.js';
|
|
7
7
|
import { buildToolDefinitions, buildGhArgs, buildCommandPreview } from './schema.js';
|
|
8
|
-
import {
|
|
8
|
+
import { startApproval, waitForApproval } from './approval.js';
|
|
9
9
|
const MAX_JSON_ITEMS = 30;
|
|
10
10
|
const MAX_SERIALISED_CHARS = 200_000;
|
|
11
11
|
/**
|
|
@@ -66,7 +66,7 @@ function errorEnvelope(message) {
|
|
|
66
66
|
// Tool registry populated synchronously at startup — no subprocess overhead.
|
|
67
67
|
const tools = buildToolDefinitions();
|
|
68
68
|
const toolRegistry = new Map(tools.map((t) => [t.name, t]));
|
|
69
|
-
const server = new Server({ name: 'zero-config-cli-bridge', version: '2.
|
|
69
|
+
const server = new Server({ name: 'zero-config-cli-bridge', version: '2.2.0' }, { capabilities: { tools: {} } });
|
|
70
70
|
server.setRequestHandler(ListToolsRequestSchema, async () => ({
|
|
71
71
|
tools: Array.from(toolRegistry.values()).map(({ name, description, inputSchema }) => ({
|
|
72
72
|
name,
|
|
@@ -80,10 +80,14 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
80
80
|
const tool = toolRegistry.get(toolName);
|
|
81
81
|
if (!tool)
|
|
82
82
|
return errorEnvelope(`Unknown tool "${toolName}".`);
|
|
83
|
+
// Extract _approvalId before validation/execution — it is a meta-arg, not a gh flag.
|
|
84
|
+
const approvalId = typeof args['_approvalId'] === 'string' ? args['_approvalId'] : null;
|
|
85
|
+
const ghArgs = { ...args };
|
|
86
|
+
delete ghArgs['_approvalId'];
|
|
83
87
|
// Security: verify subcommand is in allow-list and get its tier
|
|
84
88
|
let tier;
|
|
85
89
|
try {
|
|
86
|
-
validateArgs(
|
|
90
|
+
validateArgs(ghArgs);
|
|
87
91
|
tier = getOperationTier(tool.subcommand.join(' '));
|
|
88
92
|
}
|
|
89
93
|
catch (err) {
|
|
@@ -93,19 +97,57 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
|
|
|
93
97
|
if (tier === 3) {
|
|
94
98
|
return errorEnvelope('Irreversible operations are not permitted.');
|
|
95
99
|
}
|
|
96
|
-
// Tier 2:
|
|
100
|
+
// Tier 2: two-phase human approval
|
|
97
101
|
if (tier === 2) {
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
102
|
+
if (!approvalId) {
|
|
103
|
+
// ── Phase 1: start approval server, return URL immediately ──────────
|
|
104
|
+
// The agent shows this URL to the user in the chat UI.
|
|
105
|
+
// The MCP call returns right away — no blocking.
|
|
106
|
+
const preview = buildCommandPreview(tool, ghArgs);
|
|
107
|
+
let approvalData;
|
|
108
|
+
try {
|
|
109
|
+
approvalData = await startApproval(preview);
|
|
110
|
+
}
|
|
111
|
+
catch (err) {
|
|
112
|
+
return errorEnvelope(`Failed to start approval server: ${err instanceof Error ? err.message : String(err)}`);
|
|
113
|
+
}
|
|
114
|
+
return envelopeResponse({
|
|
115
|
+
data: {
|
|
116
|
+
approvalId: approvalData.approvalId,
|
|
117
|
+
approvalUrl: approvalData.url,
|
|
118
|
+
},
|
|
119
|
+
meta: {
|
|
120
|
+
truncated: false,
|
|
121
|
+
pending: true,
|
|
122
|
+
note: `⚠️ Write operation requires human approval.\n` +
|
|
123
|
+
`Please ask the user to visit: ${approvalData.url}\n` +
|
|
124
|
+
`After they approve, call this tool again with the same arguments ` +
|
|
125
|
+
`plus _approvalId="${approvalData.approvalId}" to execute.`,
|
|
126
|
+
},
|
|
127
|
+
}, false);
|
|
128
|
+
}
|
|
129
|
+
// ── Phase 2: await the human's click, then execute if approved ───────
|
|
130
|
+
let status;
|
|
131
|
+
try {
|
|
132
|
+
status = await waitForApproval(approvalId);
|
|
133
|
+
}
|
|
134
|
+
catch (err) {
|
|
135
|
+
return errorEnvelope(`Approval check failed: ${err instanceof Error ? err.message : String(err)}`);
|
|
136
|
+
}
|
|
137
|
+
if (status === 'unknown') {
|
|
138
|
+
return errorEnvelope('Approval ID not found or already consumed. ' +
|
|
139
|
+
'Call this tool without _approvalId to request a new approval URL.');
|
|
140
|
+
}
|
|
141
|
+
if (status === 'denied') {
|
|
101
142
|
return errorEnvelope('Operation denied by human operator.');
|
|
102
143
|
}
|
|
144
|
+
// status === 'approved' — fall through to execution
|
|
103
145
|
}
|
|
104
146
|
// Execute — direct spawn, no shell
|
|
105
|
-
const
|
|
147
|
+
const finalArgs = buildGhArgs(tool, ghArgs);
|
|
106
148
|
let result;
|
|
107
149
|
try {
|
|
108
|
-
result = await executeCommand('gh',
|
|
150
|
+
result = await executeCommand('gh', finalArgs);
|
|
109
151
|
}
|
|
110
152
|
catch (err) {
|
|
111
153
|
return errorEnvelope(`Execution error: ${err instanceof Error ? err.message : String(err)}`);
|
package/dist/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC/D,OAAO,EAAE,oBAAoB,EAAE,WAAW,EAAE,mBAAmB,EAAkB,MAAM,aAAa,CAAC;AACrG,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC/C,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC/D,OAAO,EAAE,oBAAoB,EAAE,WAAW,EAAE,mBAAmB,EAAkB,MAAM,aAAa,CAAC;AACrG,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAE/D,MAAM,cAAc,GAAG,EAAE,CAAC;AAC1B,MAAM,oBAAoB,GAAG,OAAO,CAAC;AAarC;;;GAGG;AACH,SAAS,gBAAgB,CAAC,MAAc;IACtC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC;QACnB,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,aAAa,EAAE,CAAC,EAAE,EAAE,CAAC;IACpE,CAAC;IAED,IAAI,MAAe,CAAC;IACpB,IAAI,CAAC;QACH,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,IAAI,EAAE,IAAI;YACV,IAAI,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE;SACzF,CAAC;IACJ,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1B,MAAM,SAAS,GAAG,MAAM,CAAC,MAAM,GAAG,cAAc,CAAC;QACjD,MAAM,IAAI,GAAG,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QAClE,OAAO;YACL,IAAI;YACJ,IAAI,EAAE;gBACJ,SAAS;gBACT,aAAa,EAAE,IAAI,CAAC,MAAM;gBAC1B,GAAG,CAAC,SAAS;oBACX,CAAC,CAAC,EAAE,IAAI,EAAE,iBAAiB,cAAc,mDAAmD,EAAE;oBAC9F,CAAC,CAAC,EAAE,CAAC;aACR;SACF,CAAC;IACJ,CAAC;IAED,8DAA8D;IAC9D,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAC1C,IAAI,UAAU,CAAC,MAAM,GAAG,oBAAoB,EAAE,CAAC;QAC7C,OAAO;YACL,IAAI,EAAE,IAAI;YACV,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,uBAAuB,UAAU,CAAC,MAAM,UAAU,EAAE;SACrF,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,EAAE,CAAC;AACtD,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAc,EAAE,MAAc;IACtD,MAAM,KAAK,GAAG,CAAC,MAAM,IAAI,MAAM,IAAI,+BAA+B,CAAC,CAAC,IAAI,EAAE,CAAC;IAC3E,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,EAAE,CAAC;AAC3D,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAsB,EAAE,OAAgB;IAChE,OAAO;QACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC;QACpE,OAAO;KACR,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,OAAe;IACpC,OAAO,gBAAgB,CACrB,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,EAC1D,IAAI,CACL,CAAC;AACJ,CAAC;AAED,6EAA6E;AAC7E,MAAM,KAAK,GAAG,oBAAoB,EAAE,CAAC;AACrC,MAAM,YAAY,GAAG,IAAI,GAAG,CAAyB,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;AAEpF,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,wBAAwB,EAAE,OAAO,EAAE,OAAO,EAAE,EACpD,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAChC,CAAC;AAEF,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;IAC5D,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC,CAAC;QACpF,IAAI;QACJ,WAAW;QACX,WAAW;KACZ,CAAC,CAAC;CACJ,CAAC,CAAC,CAAC;AAEJ,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;IAChE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;IAC9D,MAAM,IAAI,GAAG,CAAC,OAAO,IAAI,EAAE,CAA4B,CAAC;IAExD,MAAM,IAAI,GAAG,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACxC,IAAI,CAAC,IAAI;QAAE,OAAO,aAAa,CAAC,iBAAiB,QAAQ,IAAI,CAAC,CAAC;IAE/D,qFAAqF;IACrF,MAAM,UAAU,GAAG,OAAO,IAAI,CAAC,aAAa,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACxF,MAAM,MAAM,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC;IAC3B,OAAO,MAAM,CAAC,aAAa,CAAC,CAAC;IAE7B,gEAAgE;IAChE,IAAI,IAAe,CAAC;IACpB,IAAI,CAAC;QACH,YAAY,CAAC,MAAM,CAAC,CAAC;QACrB,IAAI,GAAG,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACrD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,aAAa,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IACzE,CAAC;IAED,uEAAuE;IACvE,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;QACf,OAAO,aAAa,CAAC,4CAA4C,CAAC,CAAC;IACrE,CAAC;IAED,mCAAmC;IACnC,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;QACf,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,uEAAuE;YACvE,uDAAuD;YACvD,iDAAiD;YACjD,MAAM,OAAO,GAAG,mBAAmB,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YAClD,IAAI,YAAiD,CAAC;YACtD,IAAI,CAAC;gBACH,YAAY,GAAG,MAAM,aAAa,CAAC,OAAO,CAAC,CAAC;YAC9C,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,aAAa,CAClB,oCAAoC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CACvF,CAAC;YACJ,CAAC;YACD,OAAO,gBAAgB,CACrB;gBACE,IAAI,EAAE;oBACJ,UAAU,EAAE,YAAY,CAAC,UAAU;oBACnC,WAAW,EAAE,YAAY,CAAC,GAAG;iBAC9B;gBACD,IAAI,EAAE;oBACJ,SAAS,EAAE,KAAK;oBAChB,OAAO,EAAE,IAAI;oBACb,IAAI,EACF,+CAA+C;wBAC/C,iCAAiC,YAAY,CAAC,GAAG,IAAI;wBACrD,mEAAmE;wBACnE,qBAAqB,YAAY,CAAC,UAAU,eAAe;iBAC9D;aACF,EACD,KAAK,CACN,CAAC;QACJ,CAAC;QAED,wEAAwE;QACxE,IAAI,MAAyC,CAAC;QAC9C,IAAI,CAAC;YACH,MAAM,GAAG,MAAM,eAAe,CAAC,UAAU,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,aAAa,CAClB,0BAA0B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAC7E,CAAC;QACJ,CAAC;QAED,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,OAAO,aAAa,CAClB,6CAA6C;gBAC7C,mEAAmE,CACpE,CAAC;QACJ,CAAC;QACD,IAAI,MAAM,KAAK,QAAQ,EAAE,CAAC;YACxB,OAAO,aAAa,CAAC,qCAAqC,CAAC,CAAC;QAC9D,CAAC;QACD,oDAAoD;IACtD,CAAC;IAED,mCAAmC;IACnC,MAAM,SAAS,GAAG,WAAW,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC5C,IAAI,MAAM,CAAC;IACX,IAAI,CAAC;QACH,MAAM,GAAG,MAAM,cAAc,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IACjD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,aAAa,CAAC,oBAAoB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IAC/F,CAAC;IAED,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,gBAAgB,CAAC,gBAAgB,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,EAAE,IAAI,CAAC,CAAC;IAChF,CAAC;IAED,OAAO,gBAAgB,CAAC,gBAAgB,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,CAAC;AAClE,CAAC,CAAC,CAAC;AAEH,KAAK,UAAU,IAAI;IACjB,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;AAClC,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC;IAC9C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
|
package/dist/schema.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../src/schema.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE;QACX,IAAI,EAAE,QAAQ,CAAC;QACf,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,WAAW,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QAClE,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;KACrB,CAAC;IACF,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,IAAI,EAAE,aAAa,CAAC;IACpB,wDAAwD;IACxD,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AAwBD,wBAAgB,oBAAoB,IAAI,cAAc,EAAE,
|
|
1
|
+
{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../src/schema.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE;QACX,IAAI,EAAE,QAAQ,CAAC;QACf,UAAU,EAAE,MAAM,CAAC,MAAM,EAAE;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,WAAW,EAAE,MAAM,CAAA;SAAE,CAAC,CAAC;QAClE,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;KACrB,CAAC;IACF,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,IAAI,EAAE,aAAa,CAAC;IACpB,wDAAwD;IACxD,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AAwBD,wBAAgB,oBAAoB,IAAI,cAAc,EAAE,CAwHvD;AAED;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,EAAE,CAkDzF;AAED,wEAAwE;AACxE,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAE/F"}
|
package/dist/schema.js
CHANGED
|
@@ -57,11 +57,18 @@ export function buildToolDefinitions() {
|
|
|
57
57
|
},
|
|
58
58
|
},
|
|
59
59
|
},
|
|
60
|
-
// ── Tier 2: Write (requires human
|
|
60
|
+
// ── Tier 2: Write (requires two-phase human approval) ───────────────────
|
|
61
|
+
//
|
|
62
|
+
// Phase 1 (no _approvalId): returns { approvalId, approvalUrl } immediately.
|
|
63
|
+
// → Show approvalUrl to the user and ask them to click it.
|
|
64
|
+
// Phase 2 (with _approvalId): awaits the click, then executes if approved.
|
|
65
|
+
// → Call this tool again with the same args plus _approvalId.
|
|
61
66
|
{
|
|
62
67
|
name: 'gh_issue_create',
|
|
63
68
|
description: 'Create a GitHub issue. ' +
|
|
64
|
-
'⚠️ WRITE OPERATION —
|
|
69
|
+
'⚠️ WRITE OPERATION — requires two-phase human approval. ' +
|
|
70
|
+
'First call (no _approvalId) returns an approvalUrl to show the user. ' +
|
|
71
|
+
'Second call (with _approvalId) executes after the user approves. ' +
|
|
65
72
|
'Uses local `gh` authentication. Requires title.',
|
|
66
73
|
subcommand: ['issue', 'create'],
|
|
67
74
|
tier: 2,
|
|
@@ -74,6 +81,7 @@ export function buildToolDefinitions() {
|
|
|
74
81
|
repo: { type: 'string', description: 'OWNER/REPO. Omit to use current directory.' },
|
|
75
82
|
label: { type: 'string', description: 'Label name to apply.' },
|
|
76
83
|
assignee: { type: 'string', description: 'Assignee login.' },
|
|
84
|
+
_approvalId: { type: 'string', description: 'Approval token from Phase 1 response. Omit on first call.' },
|
|
77
85
|
},
|
|
78
86
|
required: ['title'],
|
|
79
87
|
},
|
|
@@ -81,7 +89,9 @@ export function buildToolDefinitions() {
|
|
|
81
89
|
{
|
|
82
90
|
name: 'gh_pr_create',
|
|
83
91
|
description: 'Create a GitHub pull request. ' +
|
|
84
|
-
'⚠️ WRITE OPERATION —
|
|
92
|
+
'⚠️ WRITE OPERATION — requires two-phase human approval. ' +
|
|
93
|
+
'First call (no _approvalId) returns an approvalUrl to show the user. ' +
|
|
94
|
+
'Second call (with _approvalId) executes after the user approves. ' +
|
|
85
95
|
'Uses local `gh` authentication. Requires title.',
|
|
86
96
|
subcommand: ['pr', 'create'],
|
|
87
97
|
tier: 2,
|
|
@@ -95,6 +105,7 @@ export function buildToolDefinitions() {
|
|
|
95
105
|
head: { type: 'string', description: 'Head branch (default: current branch).' },
|
|
96
106
|
repo: { type: 'string', description: 'OWNER/REPO. Omit to use current directory.' },
|
|
97
107
|
draft: { type: 'boolean', description: 'Open as draft PR.' },
|
|
108
|
+
_approvalId: { type: 'string', description: 'Approval token from Phase 1 response. Omit on first call.' },
|
|
98
109
|
},
|
|
99
110
|
required: ['title'],
|
|
100
111
|
},
|
|
@@ -102,7 +113,9 @@ export function buildToolDefinitions() {
|
|
|
102
113
|
{
|
|
103
114
|
name: 'gh_issue_comment',
|
|
104
115
|
description: 'Add a comment to a GitHub issue. ' +
|
|
105
|
-
'⚠️ WRITE OPERATION —
|
|
116
|
+
'⚠️ WRITE OPERATION — requires two-phase human approval. ' +
|
|
117
|
+
'First call (no _approvalId) returns an approvalUrl to show the user. ' +
|
|
118
|
+
'Second call (with _approvalId) executes after the user approves. ' +
|
|
106
119
|
'Uses local `gh` authentication. Requires issue number and body.',
|
|
107
120
|
subcommand: ['issue', 'comment'],
|
|
108
121
|
tier: 2,
|
|
@@ -113,6 +126,7 @@ export function buildToolDefinitions() {
|
|
|
113
126
|
issue: { type: 'number', description: 'Issue number (required).' },
|
|
114
127
|
body: { type: 'string', description: 'Comment text (required).' },
|
|
115
128
|
repo: { type: 'string', description: 'OWNER/REPO. Omit to use current directory.' },
|
|
129
|
+
_approvalId: { type: 'string', description: 'Approval token from Phase 1 response. Omit on first call.' },
|
|
116
130
|
},
|
|
117
131
|
required: ['issue', 'body'],
|
|
118
132
|
},
|
package/dist/schema.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"schema.js","sourceRoot":"","sources":["../src/schema.ts"],"names":[],"mappings":"AAgBA,0EAA0E;AAC1E,yEAAyE;AACzE,MAAM,WAAW,GAA6B;IAC5C,YAAY,EAAE;QACZ,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW;QACjD,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE,UAAU,EAAE,KAAK;QACrD,UAAU,EAAE,WAAW;KACxB;IACD,SAAS,EAAE;QACT,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW;QACjD,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE,UAAU,EAAE,KAAK;QACrD,aAAa,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,gBAAgB;KACtE;CACF,CAAC;AAEF,+EAA+E;AAC/E,MAAM,qBAAqB,GAA6B;IACtD,cAAc,EAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC;IACpD,WAAW,EAAM,CAAC,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,aAAa,CAAC;IAClF,eAAe,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC;CACjC,CAAC;AAEF,MAAM,UAAU,oBAAoB;IAClC,OAAO;QACL,2EAA2E;QAC3E;YACE,IAAI,EAAE,eAAe;YACrB,WAAW,EACT,yCAAyC;gBACzC,oDAAoD;YACtD,UAAU,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC;YAC7B,IAAI,EAAE,CAAC;YACP,UAAU,EAAE,WAAW,CAAC,YAAY,CAAC;YACrC,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,IAAI,EAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,6DAA6D,EAAE;oBACxG,KAAK,EAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4BAA4B,EAAE;oBACvE,KAAK,EAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sCAAsC,EAAE;oBACjF,KAAK,EAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,uBAAuB,EAAE;oBAClE,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2BAA2B,EAAE;iBACvE;aACF;SACF;QACD;YACE,IAAI,EAAE,YAAY;YAClB,WAAW,EACT,gDAAgD;gBAChD,oDAAoD;YACtD,UAAU,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC;YAC1B,IAAI,EAAE,CAAC;YACP,UAAU,EAAE,WAAW,CAAC,SAAS,CAAC;YAClC,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,IAAI,EAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,6DAA6D,EAAE;oBACxG,KAAK,EAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4BAA4B,EAAE;oBACvE,KAAK,EAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,yCAAyC,EAAE;oBACpF,IAAI,EAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wBAAwB,EAAE;oBACnE,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2BAA2B,EAAE;iBACvE;aACF;SACF;QAED,
|
|
1
|
+
{"version":3,"file":"schema.js","sourceRoot":"","sources":["../src/schema.ts"],"names":[],"mappings":"AAgBA,0EAA0E;AAC1E,yEAAyE;AACzE,MAAM,WAAW,GAA6B;IAC5C,YAAY,EAAE;QACZ,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW;QACjD,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE,UAAU,EAAE,KAAK;QACrD,UAAU,EAAE,WAAW;KACxB;IACD,SAAS,EAAE;QACT,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,WAAW;QACjD,QAAQ,EAAE,WAAW,EAAE,WAAW,EAAE,UAAU,EAAE,KAAK;QACrD,aAAa,EAAE,aAAa,EAAE,SAAS,EAAE,UAAU,EAAE,gBAAgB;KACtE;CACF,CAAC;AAEF,+EAA+E;AAC/E,MAAM,qBAAqB,GAA6B;IACtD,cAAc,EAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC;IACpD,WAAW,EAAM,CAAC,QAAQ,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,aAAa,EAAE,aAAa,CAAC;IAClF,eAAe,EAAE,CAAC,KAAK,EAAE,MAAM,CAAC;CACjC,CAAC;AAEF,MAAM,UAAU,oBAAoB;IAClC,OAAO;QACL,2EAA2E;QAC3E;YACE,IAAI,EAAE,eAAe;YACrB,WAAW,EACT,yCAAyC;gBACzC,oDAAoD;YACtD,UAAU,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC;YAC7B,IAAI,EAAE,CAAC;YACP,UAAU,EAAE,WAAW,CAAC,YAAY,CAAC;YACrC,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,IAAI,EAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,6DAA6D,EAAE;oBACxG,KAAK,EAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4BAA4B,EAAE;oBACvE,KAAK,EAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sCAAsC,EAAE;oBACjF,KAAK,EAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,uBAAuB,EAAE;oBAClE,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2BAA2B,EAAE;iBACvE;aACF;SACF;QACD;YACE,IAAI,EAAE,YAAY;YAClB,WAAW,EACT,gDAAgD;gBAChD,oDAAoD;YACtD,UAAU,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC;YAC1B,IAAI,EAAE,CAAC;YACP,UAAU,EAAE,WAAW,CAAC,SAAS,CAAC;YAClC,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,IAAI,EAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,6DAA6D,EAAE;oBACxG,KAAK,EAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4BAA4B,EAAE;oBACvE,KAAK,EAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,yCAAyC,EAAE;oBACpF,IAAI,EAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wBAAwB,EAAE;oBACnE,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2BAA2B,EAAE;iBACvE;aACF;SACF;QAED,2EAA2E;QAC3E,EAAE;QACF,6EAA6E;QAC7E,6DAA6D;QAC7D,2EAA2E;QAC3E,gEAAgE;QAChE;YACE,IAAI,EAAE,iBAAiB;YACvB,WAAW,EACT,yBAAyB;gBACzB,2DAA2D;gBAC3D,uEAAuE;gBACvE,mEAAmE;gBACnE,iDAAiD;YACnD,UAAU,EAAE,CAAC,OAAO,EAAE,QAAQ,CAAC;YAC/B,IAAI,EAAE,CAAC;YACP,UAAU,EAAE,qBAAqB,CAAC,cAAc,CAAC;YACjD,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,KAAK,EAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,yBAAyB,EAAE;oBACvE,IAAI,EAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,kBAAkB,EAAE;oBAChE,IAAI,EAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4CAA4C,EAAE;oBAC1F,KAAK,EAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sBAAsB,EAAE;oBACpE,QAAQ,EAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,iBAAiB,EAAE;oBAC/D,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2DAA2D,EAAE;iBAC1G;gBACD,QAAQ,EAAE,CAAC,OAAO,CAAC;aACpB;SACF;QACD;YACE,IAAI,EAAE,cAAc;YACpB,WAAW,EACT,gCAAgC;gBAChC,2DAA2D;gBAC3D,uEAAuE;gBACvE,mEAAmE;gBACnE,iDAAiD;YACnD,UAAU,EAAE,CAAC,IAAI,EAAE,QAAQ,CAAC;YAC5B,IAAI,EAAE,CAAC;YACP,UAAU,EAAE,qBAAqB,CAAC,WAAW,CAAC;YAC9C,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,KAAK,EAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,sBAAsB,EAAE;oBACpE,IAAI,EAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,EAAE;oBAC7D,IAAI,EAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,6CAA6C,EAAE;oBAC3F,IAAI,EAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,wCAAwC,EAAE;oBACtF,IAAI,EAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4CAA4C,EAAE;oBAC1F,KAAK,EAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,WAAW,EAAE,mBAAmB,EAAE;oBAClE,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2DAA2D,EAAE;iBAC1G;gBACD,QAAQ,EAAE,CAAC,OAAO,CAAC;aACpB;SACF;QACD;YACE,IAAI,EAAE,kBAAkB;YACxB,WAAW,EACT,mCAAmC;gBACnC,2DAA2D;gBAC3D,uEAAuE;gBACvE,mEAAmE;gBACnE,iEAAiE;YACnE,UAAU,EAAE,CAAC,OAAO,EAAE,SAAS,CAAC;YAChC,IAAI,EAAE,CAAC;YACP,UAAU,EAAE,qBAAqB,CAAC,eAAe,CAAC;YAClD,WAAW,EAAE;gBACX,IAAI,EAAE,QAAQ;gBACd,UAAU,EAAE;oBACV,KAAK,EAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,0BAA0B,EAAE;oBACxE,IAAI,EAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,0BAA0B,EAAE;oBACxE,IAAI,EAAS,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,4CAA4C,EAAE;oBAC1F,WAAW,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,WAAW,EAAE,2DAA2D,EAAE;iBAC1G;gBACD,QAAQ,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC;aAC5B;SACF;KACF,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,WAAW,CAAC,IAAoB,EAAE,IAA6B;IAC7E,MAAM,KAAK,GAAa,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAAC;IAE7C,yDAAyD;IACzD,IAAI,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAClD,KAAK,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;IACpD,CAAC;IAED,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,KAAK,eAAe;YAClB,IAAI,IAAI,CAAC,MAAM,CAAC;gBAAM,KAAK,CAAC,IAAI,CAAC,UAAU,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;YACnE,IAAI,IAAI,CAAC,OAAO,CAAC;gBAAK,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC;YACrE,IAAI,IAAI,CAAC,OAAO,CAAC;gBAAK,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC;YACrE,IAAI,IAAI,CAAC,OAAO,CAAC;gBAAK,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC;YACrE,IAAI,IAAI,CAAC,UAAU,CAAC;gBAAE,KAAK,CAAC,IAAI,CAAC,cAAc,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC,CAAC;YAC3E,MAAM;QAER,KAAK,YAAY;YACf,IAAI,IAAI,CAAC,MAAM,CAAC;gBAAM,KAAK,CAAC,IAAI,CAAC,UAAU,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;YACnE,IAAI,IAAI,CAAC,OAAO,CAAC;gBAAK,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC;YACrE,IAAI,IAAI,CAAC,OAAO,CAAC;gBAAK,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC;YACrE,IAAI,IAAI,CAAC,MAAM,CAAC;gBAAM,KAAK,CAAC,IAAI,CAAC,UAAU,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;YACnE,IAAI,IAAI,CAAC,UAAU,CAAC;gBAAE,KAAK,CAAC,IAAI,CAAC,cAAc,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC,CAAC;YAC3E,MAAM;QAER,KAAK,iBAAiB;YACpB,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC;YAC/C,IAAI,IAAI,CAAC,MAAM,CAAC;gBAAM,KAAK,CAAC,IAAI,CAAC,UAAU,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;YACnE,IAAI,IAAI,CAAC,MAAM,CAAC;gBAAM,KAAK,CAAC,IAAI,CAAC,UAAU,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;YACnE,IAAI,IAAI,CAAC,OAAO,CAAC;gBAAK,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC;YACrE,IAAI,IAAI,CAAC,UAAU,CAAC;gBAAE,KAAK,CAAC,IAAI,CAAC,cAAc,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,EAAE,CAAC,CAAC;YAC3E,MAAM;QAER,KAAK,cAAc;YACjB,KAAK,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC,CAAC;YAC/C,IAAI,IAAI,CAAC,MAAM,CAAC;gBAAG,KAAK,CAAC,IAAI,CAAC,UAAU,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;YAChE,IAAI,IAAI,CAAC,MAAM,CAAC;gBAAG,KAAK,CAAC,IAAI,CAAC,UAAU,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;YAChE,IAAI,IAAI,CAAC,MAAM,CAAC;gBAAG,KAAK,CAAC,IAAI,CAAC,UAAU,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;YAChE,IAAI,IAAI,CAAC,MAAM,CAAC;gBAAG,KAAK,CAAC,IAAI,CAAC,UAAU,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;YAChE,IAAI,IAAI,CAAC,OAAO,CAAC;gBAAE,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACzC,MAAM;QAER,KAAK,kBAAkB;YACrB,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;YAClC,KAAK,CAAC,IAAI,CAAC,UAAU,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;YAC7C,IAAI,IAAI,CAAC,MAAM,CAAC;gBAAE,KAAK,CAAC,IAAI,CAAC,UAAU,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC;YAC/D,MAAM;IACV,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED,wEAAwE;AACxE,MAAM,UAAU,mBAAmB,CAAC,IAAoB,EAAE,IAA6B;IACrF,OAAO,KAAK,GAAG,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACnD,CAAC"}
|
package/dist/security.d.ts
CHANGED
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
*
|
|
10
10
|
* Tiers:
|
|
11
11
|
* 0 READ — executes immediately, no approval
|
|
12
|
-
* 2 WRITE —
|
|
12
|
+
* 2 WRITE — two-phase: returns URL, then executes after human approves
|
|
13
13
|
* 3 IRREVERSIBLE — never executes; not exposed as tools
|
|
14
14
|
*/
|
|
15
15
|
export type OperationTier = 0 | 2 | 3;
|
package/dist/security.js
CHANGED
|
@@ -9,7 +9,7 @@
|
|
|
9
9
|
*
|
|
10
10
|
* Tiers:
|
|
11
11
|
* 0 READ — executes immediately, no approval
|
|
12
|
-
* 2 WRITE —
|
|
12
|
+
* 2 WRITE — two-phase: returns URL, then executes after human approves
|
|
13
13
|
* 3 IRREVERSIBLE — never executes; not exposed as tools
|
|
14
14
|
*/
|
|
15
15
|
const SUBCOMMAND_TIERS = new Map([
|