connectonion 0.5.8__py3-none-any.whl

connectonion/useful_plugins/eval.py

@@ -0,0 +1,139 @@
+"""
+Purpose: Evaluation plugin for testing and debugging agent prompts and tools
+LLM-Note:
+  Dependencies: imports from [pathlib, typing, events.after_user_input, events.on_complete, llm_do] | imported by [useful_plugins/__init__.py] | uses prompt files [prompt_files/eval_expected.md, prompt_files/react_evaluate.md] | tested by [tests/unit/test_eval_plugin.py]
+  Data flow: after_user_input → generate_expected() creates expected outcome using llm_do() → stores in agent.current_session['expected'] | on_complete → evaluate_result() compares actual vs expected using llm_do() → stores evaluation in agent.current_session['evaluation']
+  State/Effects: modifies agent.current_session['expected'] and ['evaluation'] | makes LLM calls for expectation generation and evaluation | no file I/O | no network besides LLM
+  Integration: exposes eval plugin list with [generate_expected, evaluate_result] handlers | used via Agent(plugins=[eval]) | combines with re_act for full debugging
+  Performance: 2 LLM calls per task (generate + evaluate) | adds latency but enables automated testing
+  Errors: no explicit error handling | LLM failures propagate | skips if expected already set by re_act
+
+Eval plugin - Debug and test AI agent prompts and tools.
+
+Generates expected outcomes and evaluates if tasks completed correctly.
+Use this during development to test if your prompts and tools work as intended.
+
+Usage:
+    from connectonion import Agent
+    from connectonion.useful_plugins import eval
+
+    # For debugging/testing
+    agent = Agent("assistant", tools=[...], plugins=[eval])
+
+    # Combined with re_act for full debugging
+    from connectonion.useful_plugins import re_act, eval
+    agent = Agent("assistant", tools=[...], plugins=[re_act, eval])
+"""
+
+from pathlib import Path
+from typing import TYPE_CHECKING, List, Dict
+from ..events import after_user_input, on_complete
+from ..llm_do import llm_do
+
+if TYPE_CHECKING:
+    from ..agent import Agent
+
+# Prompts
+EXPECTED_PROMPT = Path(__file__).parent.parent / "prompt_files" / "eval_expected.md"
+EVALUATE_PROMPT = Path(__file__).parent.parent / "prompt_files" / "react_evaluate.md"
+
+
+@after_user_input
+def generate_expected(agent: 'Agent') -> None:
+    """Generate expected outcome for the task.
+
+    Only generates if not already set (e.g., by re_act's plan_task).
+    """
+    # Skip if expected already set by another plugin (e.g., re_act)
+    if agent.current_session.get('expected'):
+        return
+
+    user_prompt = agent.current_session.get('user_prompt', '')
+    if not user_prompt:
+        return
+
+    tool_names = agent.tools.names() if agent.tools else []
+    tools_str = ", ".join(tool_names) if tool_names else "no tools"
+
+    prompt = f"""User request: {user_prompt}
+
+Available tools: {tools_str}
+
+What should happen to complete this task? (1-2 sentences)"""
+
+    expected = llm_do(
+        prompt,
+        model="co/gemini-2.5-flash",
+        temperature=0.2,
+        system_prompt=EXPECTED_PROMPT
+    )
+
+    agent.current_session['expected'] = expected
+
+
+def _summarize_trace(trace: List[Dict]) -> str:
+    """Summarize what actions were taken."""
+    actions = []
+    for entry in trace:
+        if entry['type'] == 'tool_execution':
+            status = entry['status']
+            tool = entry['tool_name']
+            if status == 'success':
+                result = str(entry.get('result', ''))[:100]
+                actions.append(f"- {tool}: {result}")
+            else:
+                actions.append(f"- {tool}: failed ({entry.get('error', 'unknown')})")
+    return "\n".join(actions) if actions else "No tools were used."
+
+
+@on_complete
+def evaluate_completion(agent: 'Agent') -> None:
+    """Evaluate if the task completed correctly."""
+    user_prompt = agent.current_session.get('user_prompt', '')
+    if not user_prompt:
+        return
+
+    trace = agent.current_session.get('trace', [])
+    actions_summary = _summarize_trace(trace)
+    result = agent.current_session.get('result', 'No response generated.')
+    expected = agent.current_session.get('expected', '')
+
+    # Build prompt based on whether expected is available
+    if expected:
+        prompt = f"""User's original request: {user_prompt}
+
+Expected: {expected}
+
+Actions taken:
+{actions_summary}
+
+Agent's response:
+{result}
+
+Is this task truly complete? What was achieved or what's missing?"""
+    else:
+        prompt = f"""User's original request: {user_prompt}
+
+Actions taken:
+{actions_summary}
+
+Agent's response:
+{result}
+
+Is this task truly complete? What was achieved or what's missing?"""
+
+    agent.logger.print("[dim]/evaluating...[/dim]")
+
+    evaluation = llm_do(
+        prompt,
+        model="co/gemini-2.5-flash",
+        temperature=0.2,
+        system_prompt=EVALUATE_PROMPT
+    )
+
+    agent.current_session['evaluation'] = evaluation
+    agent.logger.print(f"[dim]✓ {evaluation}[/dim]")
+
+
+# Bundle as plugin
+eval = [generate_expected, evaluate_completion]

connectonion/useful_plugins/gmail_plugin.py

@@ -0,0 +1,162 @@
+"""
+Purpose: Human-in-the-loop approval plugin for Gmail send operations with email preview
+LLM-Note:
+  Dependencies: imports from [datetime, typing, events.before_each_tool, events.after_each_tool, tui.pick, rich.console, rich.panel, rich.text] | imported by [useful_plugins/__init__.py] | tested by [tests/unit/test_gmail_plugin.py]
+  Data flow: before_each_tool → check_email_approval() checks if tool is Gmail.send/reply → displays email preview with Rich panel → pick() prompts for user approval → raises ValueError to cancel if rejected
+  State/Effects: blocks on user input | displays Rich-formatted email preview | raises exception to cancel tool execution | no file I/O | no network
+  Integration: exposes gmail_plugin list with [check_email_approval, log_email] handlers | used via Agent(plugins=[gmail_plugin]) | works with Gmail tool
+  Performance: instant display | blocks on user input | no LLM calls
+  Errors: raises ValueError on rejection | keyboard interrupts handled gracefully
+
+Gmail plugin - Approval and CRM sync for Gmail operations.
+
+Usage:
+    from connectonion import Agent, Gmail
+    from connectonion.useful_plugins import gmail_plugin
+
+    gmail = Gmail()
+    agent = Agent("assistant", tools=[gmail], plugins=[gmail_plugin])
+"""
+
+from datetime import datetime
+from typing import TYPE_CHECKING
+from ..events import before_each_tool, after_each_tool
+from ..tui import pick
+from rich.console import Console
+from rich.panel import Panel
+from rich.text import Text
+
+if TYPE_CHECKING:
+    from ..agent import Agent
+
+_console = Console()
+
+# Gmail class method names that send emails
+SEND_METHODS = ('send', 'reply')
+
+
+@before_each_tool
+def check_email_approval(agent: 'Agent') -> None:
+    """Ask user approval before sending emails via Gmail.
+
+    Raises:
+        ValueError: If user rejects the email
+    """
+    pending = agent.current_session.get('pending_tool')
+    if not pending:
+        return
+
+    tool_name = pending['name']
+    if tool_name not in SEND_METHODS:
+        return
+
+    args = pending['arguments']
+
+    # Skip if all emails auto-approved
+    if agent.current_session.get('gmail_approve_all', False):
+        return
+
+    preview = Text()
+
+    if tool_name == 'send':
+        to = args.get('to', '')
+        subject = args.get('subject', '')
+        body = args.get('body', '')
+        cc = args.get('cc', '')
+        bcc = args.get('bcc', '')
+
+        # Skip if this recipient was auto-approved
+        approved_recipients = agent.current_session.get('gmail_approved_recipients', set())
+        if to in approved_recipients:
+            return
+
+        preview.append("To: ", style="bold cyan")
+        preview.append(f"{to}\n")
+        if cc:
+            preview.append("CC: ", style="bold cyan")
+            preview.append(f"{cc}\n")
+        if bcc:
+            preview.append("BCC: ", style="bold cyan")
+            preview.append(f"{bcc}\n")
+        preview.append("Subject: ", style="bold cyan")
+        preview.append(f"{subject}\n\n")
+        body_preview = body[:500] + "..." if len(body) > 500 else body
+        preview.append(body_preview)
+
+        action = "Email"
+        recipient_key = to
+
+    elif tool_name == 'reply':
+        email_id = args.get('email_id', '')
+        body = args.get('body', '')
+
+        # Skip if replies auto-approved
+        if agent.current_session.get('gmail_approve_replies', False):
+            return
+
+        preview.append("Reply to thread: ", style="bold cyan")
+        preview.append(f"{email_id}\n\n")
+        body_preview = body[:500] + "..." if len(body) > 500 else body
+        preview.append(body_preview)
+
+        action = "Reply"
+        recipient_key = None
+
+    _console.print()
+    _console.print(Panel(preview, title=f"[yellow]{action} to Send[/yellow]", border_style="yellow"))
+
+    options = ["Yes, send it"]
+    if tool_name == 'send' and recipient_key:
+        options.append(f"Auto approve emails to '{recipient_key}'")
+    if tool_name == 'reply':
+        options.append("Auto approve all replies this session")
+    options.append("Auto approve all emails this session")
+
+    choice = pick(f"Send this {action.lower()}?", options, other=True, console=_console)
+
+    if choice == "Yes, send it":
+        return
+    if choice.startswith("Auto approve emails to"):
+        if 'gmail_approved_recipients' not in agent.current_session:
+            agent.current_session['gmail_approved_recipients'] = set()
+        agent.current_session['gmail_approved_recipients'].add(recipient_key)
+        return
+    if choice == "Auto approve all replies this session":
+        agent.current_session['gmail_approve_replies'] = True
+        return
+    if choice == "Auto approve all emails this session":
+        agent.current_session['gmail_approve_all'] = True
+        return
+    # User typed custom feedback via "Other"
+    raise ValueError(f"User feedback: {choice}")
+
+
+@after_each_tool
+def sync_crm_after_send(agent: 'Agent') -> None:
+    """Update CRM data after each email send - last_contact, clear next_contact_date."""
+    trace = agent.current_session['trace'][-1]
+    if trace['type'] != 'tool_execution':
+        return
+    if trace['tool_name'] not in SEND_METHODS:
+        return
+    if trace['status'] != 'success':
+        return
+
+    to = trace['arguments'].get('to', '')
+    if not to:
+        return
+
+    # Access Gmail instance via agent.tools.gmail
+    gmail = agent.tools.gmail
+    today = datetime.now().strftime('%Y-%m-%d')
+    result = gmail.update_contact(to, last_contact=today, next_contact_date='')
+
+    if 'Updated' in result:
+        _console.print(f"[dim]CRM updated: {to}[/dim]")
+
+
+# Bundle as plugin
+gmail_plugin = [
+    check_email_approval,
+    sync_crm_after_send,
+]

connectonion/useful_plugins/image_result_formatter.py

@@ -0,0 +1,127 @@
+"""
+Purpose: Automatically format base64 image tool results for multimodal LLM consumption
+LLM-Note:
+  Dependencies: imports from [re, typing, events.after_tools] | imported by [useful_plugins/__init__.py] | tested by [tests/unit/test_image_result_formatter.py]
+  Data flow: after_tools event → scans tool result messages for base64 images → detects data URL or raw base64 patterns → converts tool result message content to OpenAI vision API format with image_url type → allows LLM to visually interpret screenshots/images
+  State/Effects: modifies agent.current_session['messages'] in place | replaces text content with image content blocks | no file I/O | no network
+  Integration: exposes image_result_formatter plugin list with [format_images] handler | used via Agent(plugins=[image_result_formatter]) | works with screenshot tools, image generators
+  Performance: O(n) message scanning | regex pattern matching | no LLM calls
+  Errors: silent skip if no base64 images detected | malformed base64 may cause LLM confusion
+
+Image Result Formatter Plugin - Automatically formats base64 image results for model consumption.
+
+When a tool returns a base64 encoded image (screenshot, generated image, etc.), this plugin
+detects it and converts the tool result message to image format that LLMs can properly
+interpret visually instead of treating it as text.
+
+Usage:
+    from connectonion import Agent
+    from connectonion.useful_plugins import image_result_formatter
+
+    agent = Agent("assistant", tools=[take_screenshot], plugins=[image_result_formatter])
+"""
+
+import re
+from typing import TYPE_CHECKING
+from ..events import after_tools
+
+if TYPE_CHECKING:
+    from ..agent import Agent
+
+
+def _is_base64_image(text: str) -> tuple[bool, str, str]:
+    """
+    Check if text contains base64 image data.
+
+    Returns:
+        (is_image, mime_type, base64_data)
+    """
+    if not isinstance(text, str):
+        return False, "", ""
+
+    # Check for data URL format: data:image/png;base64,iVBORw0KGgo...
+    data_url_pattern = r'data:image/(png|jpeg|jpg|gif|webp);base64,([A-Za-z0-9+/=]+)'
+    match = re.search(data_url_pattern, text)
+
+    if match:
+        image_type = match.group(1)
+        base64_data = match.group(2)
+        mime_type = f"image/{image_type}"
+        return True, mime_type, base64_data
+
+    # Check if entire result is base64 (common for screenshot tools)
+    # Base64 strings are typically long and contain only valid base64 characters
+    if len(text) > 100 and re.match(r'^[A-Za-z0-9+/=\s]+$', text):
+        # Likely a base64 image, default to PNG
+        return True, "image/png", text.strip()
+
+    return False, "", ""
+
+
+def _format_image_result(agent: 'Agent') -> None:
+    """
+    Format base64 image in tool result to proper multimodal message format.
+
+    When a tool returns base64 image data, this converts the tool message
+    to multimodal format (text + image) so the LLM can properly see and
+    analyze the image visually.
+
+    Uses OpenAI vision format:
+    content: [
+        {"type": "text", "text": "Tool 'tool_name' returned an image. See below."},
+        {"type": "image_url", "image_url": "data:image/png;base64,..."}
+    ]
+    """
+    trace = agent.current_session['trace'][-1]
+
+    if trace['type'] != 'tool_execution' or trace['status'] != 'success':
+        return
+
+    result = trace['result']
+    tool_call_id = trace.get('call_id')  # Fixed: trace uses 'call_id' not 'tool_call_id'
+    tool_name = trace.get('tool_name', 'unknown')
+
+    # Check if result contains base64 image
+    is_image, mime_type, base64_data = _is_base64_image(result)
+
+    if not is_image:
+        return
+
+    # Find the tool result message and modify it
+    # Keep tool message with shortened text + insert user message with image
+    # This works around OpenAI's requirement (tool_calls must have tool responses)
+    # while also providing image in user message (only format that supports images)
+    messages = agent.current_session['messages']
+
+    for i in range(len(messages) - 1, -1, -1):
+        msg = messages[i]
+
+        if msg['role'] == 'tool' and msg.get('tool_call_id') == tool_call_id:
+            # Shorten the tool message content (remove base64 to save tokens)
+            messages[i]['content'] = f"Screenshot captured (image provided below)"
+
+            # Insert a user message with the image right after the tool message
+            messages.insert(i + 1, {
+                "role": "user",
+                "content": [
+                    {
+                        "type": "text",
+                        "text": f"Tool '{tool_name}' returned an image result. See image below."
+                    },
+                    {
+                        "type": "image_url",
+                        "image_url": {"url": f"data:{mime_type};base64,{base64_data}"}
+                    }
+                ]
+            })
+
+            agent.logger.print(f"[dim]🖼️  Formatted '{tool_name}' result as image[/dim]")
+            break
+
+    # Update trace result to short message (avoids token overflow in other plugins like ReAct)
+    trace['result'] = f"🖼️ Tool '{tool_name}' returned image ({mime_type})"
+
+
+# Plugin is an event list
+# Uses after_tools because message modification can only happen after all tools finish
+image_result_formatter = [after_tools(_format_image_result)]

connectonion/useful_plugins/re_act.py

@@ -0,0 +1,78 @@
+"""
+Purpose: ReAct (Reasoning + Acting) plugin that adds planning and reflection to agent execution
+LLM-Note:
+  Dependencies: imports from [pathlib, typing, events.after_user_input, llm_do, useful_events_handlers.reflect] | imported by [useful_plugins/__init__.py] | uses prompt file [prompt_files/react_plan.md] | tested by [tests/unit/test_re_act_plugin.py]
+  Data flow: after_user_input → plan_task() generates a plan using llm_do() → stores in agent.current_session['plan'] → after_tools → reflect() from useful_events_handlers evaluates results → generates reflection for next step
+  State/Effects: modifies agent.current_session['plan'] and ['expected'] | makes LLM calls for planning and reflection | no file I/O | no network besides LLM
+  Integration: exposes re_act plugin list with [plan_task, reflect] event handlers | used via Agent(plugins=[re_act]) | works with eval plugin for debugging
+  Performance: 1-2 LLM calls per turn (plan + reflect) | adds latency but improves agent reasoning
+  Errors: no explicit error handling | LLM failures propagate | silent skip if no user_prompt
+
+ReAct plugin - Reasoning and Acting pattern for AI agents.
+
+Implements the ReAct (Reason + Act) pattern:
+1. After user input: Plan what to do
+2. After tool execution: Reflect on results and plan next step
+
+For evaluation/debugging, use the separate `eval` plugin.
+
+Usage:
+    from connectonion import Agent
+    from connectonion.useful_plugins import re_act
+
+    agent = Agent("assistant", tools=[...], plugins=[re_act])
+
+    # With evaluation for debugging:
+    from connectonion.useful_plugins import re_act, eval
+    agent = Agent("assistant", tools=[...], plugins=[re_act, eval])
+"""
+
+from pathlib import Path
+from typing import TYPE_CHECKING
+from ..events import after_user_input
+from ..llm_do import llm_do
+from ..useful_events_handlers.reflect import reflect
+
+if TYPE_CHECKING:
+    from ..agent import Agent
+
+# Prompts
+PLAN_PROMPT = Path(__file__).parent.parent / "prompt_files" / "react_plan.md"
+
+
+@after_user_input
+def plan_task(agent: 'Agent') -> None:
+    """Plan the task after receiving user input."""
+    user_prompt = agent.current_session.get('user_prompt', '')
+    if not user_prompt:
+        return
+
+    tool_names = agent.tools.names() if agent.tools else []
+    tools_str = ", ".join(tool_names) if tool_names else "no tools"
+
+    prompt = f"""User request: {user_prompt}
+
+Available tools: {tools_str}
+
+Brief plan (1-2 sentences): what to do first?"""
+
+    agent.logger.print("[dim]/planning...[/dim]")
+
+    plan = llm_do(
+        prompt,
+        model="co/gemini-2.5-flash",
+        temperature=0.2,
+        system_prompt=PLAN_PROMPT
+    )
+
+    # Store plan as expected outcome (used by eval plugin if present)
+    agent.current_session['expected'] = plan
+
+    agent.current_session['messages'].append({
+        'role': 'assistant',
+        'content': f"💭 {plan}"
+    })
+
+
+# Bundle as plugin: plan (after_user_input) + reflect (after_tools)
+re_act = [plan_task, reflect]

connectonion/useful_plugins/shell_approval.py

@@ -0,0 +1,159 @@
+"""
+Purpose: Human-in-the-loop approval plugin for shell commands with safe command bypass
+LLM-Note:
+  Dependencies: imports from [re, typing, events.before_each_tool, tui.pick, rich.console] | imported by [useful_plugins/__init__.py] | tested by [tests/unit/test_shell_approval.py]
+  Data flow: before_each_tool event → checks if tool is Shell.run → matches command against SAFE_PATTERNS (ls, cat, grep, git status, etc.) → if not safe, displays command with pick() for user approval → raises exception to cancel if rejected
+  State/Effects: blocks on user input | displays Rich-formatted command preview | raises exception to cancel tool execution | no file I/O | no network
+  Integration: exposes shell_approval plugin list with [approve_shell] handler | used via Agent(plugins=[shell_approval]) | works with Shell tool
+  Performance: O(n) regex pattern matching | blocks on user input | instant for safe commands
+  Errors: raises ToolCancelled exception on rejection | keyboard interrupts handled gracefully
+
+Shell Approval plugin - Asks user approval for shell commands.
+
+All shell commands require approval EXCEPT safe read-only commands
+like ls, grep, cat, git status, etc.
+
+Usage:
+    from connectonion import Agent
+    from connectonion.useful_plugins import shell_approval
+
+    agent = Agent("assistant", tools=[shell], plugins=[shell_approval])
+"""
+
+import re
+from typing import TYPE_CHECKING
+from ..events import before_each_tool
+from ..tui import pick
+from rich.console import Console
+
+if TYPE_CHECKING:
+    from ..agent import Agent
+
+_console = Console()
+
+# Safe read-only commands that don't need approval
+SAFE_PATTERNS = [
+    r'^ls\b',                     # list files
+    r'^ll\b',                     # list files (alias)
+    r'^cat\b',                    # read file
+    r'^head\b',                   # read file head
+    r'^tail\b',                   # read file tail
+    r'^less\b',                   # read file
+    r'^more\b',                   # read file
+    r'^grep\b',                   # search
+    r'^rg\b',                     # ripgrep search
+    r'^find\b',                   # find files
+    r'^fd\b',                     # fd find
+    r'^which\b',                  # find executable
+    r'^whereis\b',                # find executable
+    r'^type\b',                   # show type
+    r'^file\b',                   # file type
+    r'^stat\b',                   # file stats
+    r'^wc\b',                     # word count
+    r'^pwd\b',                    # print working dir
+    r'^echo\b',                   # echo (read-only)
+    r'^printf\b',                 # printf (read-only)
+    r'^date\b',                   # date
+    r'^whoami\b',                 # current user
+    r'^id\b',                     # user id
+    r'^env\b',                    # environment
+    r'^printenv\b',               # print environment
+    r'^uname\b',                  # system info
+    r'^hostname\b',               # hostname
+    r'^df\b',                     # disk free
+    r'^du\b',                     # disk usage
+    r'^free\b',                   # memory
+    r'^ps\b',                     # processes
+    r'^top\b',                    # top processes
+    r'^htop\b',                   # htop
+    r'^tree\b',                   # tree view
+    r'^git\s+status\b',           # git status
+    r'^git\s+log\b',              # git log
+    r'^git\s+diff\b',             # git diff
+    r'^git\s+show\b',             # git show
+    r'^git\s+branch\b',           # git branch (list)
+    r'^git\s+remote\b',           # git remote (list)
+    r'^git\s+tag\b',              # git tag (list)
+    r'^npm\s+list\b',             # npm list
+    r'^npm\s+ls\b',               # npm ls
+    r'^pip\s+list\b',             # pip list
+    r'^pip\s+show\b',             # pip show
+    r'^python\s+--version\b',     # python version
+    r'^node\s+--version\b',       # node version
+    r'^cargo\s+--version\b',      # cargo version
+]
+
+
+def _is_safe(command: str) -> bool:
+    """Check if command is a safe read-only command."""
+    cmd = command.strip()
+    for pattern in SAFE_PATTERNS:
+        if re.search(pattern, cmd):
+            return True
+    return False
+
+
+def _check_approval(agent: 'Agent') -> None:
+    """Check pending tool and ask for approval if not safe.
+
+    All shell commands require approval except safe read-only commands.
+
+    Raises:
+        ValueError: If user rejects the command
+    """
+    pending = agent.current_session.get('pending_tool')
+    if not pending:
+        return
+
+    # Only check bash/shell tools
+    tool_name = pending['name']
+    if tool_name not in ('bash', 'shell', 'run'):
+        return
+
+    # Get command from arguments
+    args = pending['arguments']
+    command = args.get('command', '')
+
+    # Get the base command (first word)
+    base_cmd = command.strip().split()[0] if command.strip() else ''
+
+    # Skip if this command type was auto-approved earlier
+    approved_cmds = agent.current_session.get('shell_approved_cmds', set())
+    if base_cmd in approved_cmds:
+        return
+
+    # Skip approval for safe read-only commands
+    if _is_safe(command):
+        return
+
+    # Show command in a visual box
+    from rich.panel import Panel
+    from rich.syntax import Syntax
+
+    _console.print()
+    syntax = Syntax(command, "bash", theme="monokai", word_wrap=True)
+    _console.print(Panel(syntax, title="[yellow]Shell Command[/yellow]", border_style="yellow"))
+
+    # Use pick for visual arrow-key selection
+    choice = pick("Execute this command?", [
+        "Yes, execute",
+        f"Auto approve '{base_cmd}' in this session",
+        "No, tell agent what I want"
+    ], console=_console)
+
+    if choice == "Yes, execute":
+        return  # Execute the command
+    elif choice.startswith("Auto approve"):
+        # Add this command type to approved set
+        if 'shell_approved_cmds' not in agent.current_session:
+            agent.current_session['shell_approved_cmds'] = set()
+        agent.current_session['shell_approved_cmds'].add(base_cmd)
+        return  # Execute the command
+    else:
+        # User wants to provide feedback
+        feedback = input("What do you want the agent to do instead? ")
+        raise ValueError(f"User feedback: {feedback}")
+
+
+# Plugin is an event list
+shell_approval = [before_each_tool(_check_approval)]