feat: add exec approvals editor in control ui and mac app

src/gateway/protocol/index.ts

@@ -56,6 +56,11 @@ import {
   CronStatusParamsSchema,
   type CronUpdateParams,
   CronUpdateParamsSchema,
+  type ExecApprovalsGetParams,
+  ExecApprovalsGetParamsSchema,
+  type ExecApprovalsSetParams,
+  ExecApprovalsSetParamsSchema,
+  type ExecApprovalsSnapshot,
   ErrorCodes,
   type ErrorShape,
   ErrorShapeSchema,
@@ -230,6 +235,12 @@ export const validateCronUpdateParams = ajv.compile<CronUpdateParams>(CronUpdate
 export const validateCronRemoveParams = ajv.compile<CronRemoveParams>(CronRemoveParamsSchema);
 export const validateCronRunParams = ajv.compile<CronRunParams>(CronRunParamsSchema);
 export const validateCronRunsParams = ajv.compile<CronRunsParams>(CronRunsParamsSchema);
+export const validateExecApprovalsGetParams = ajv.compile<ExecApprovalsGetParams>(
+  ExecApprovalsGetParamsSchema,
+);
+export const validateExecApprovalsSetParams = ajv.compile<ExecApprovalsSetParams>(
+  ExecApprovalsSetParamsSchema,
+);
 export const validateLogsTailParams = ajv.compile<LogsTailParams>(LogsTailParamsSchema);
 export const validateChatHistoryParams = ajv.compile(ChatHistoryParamsSchema);
 export const validateChatSendParams = ajv.compile(ChatSendParamsSchema);
@@ -388,6 +399,9 @@ export type {
   CronRunParams,
   CronRunsParams,
   CronRunLogEntry,
+  ExecApprovalsGetParams,
+  ExecApprovalsSetParams,
+  ExecApprovalsSnapshot,
   LogsTailParams,
   LogsTailResult,
   PollParams,

src/gateway/protocol/schema.ts

@@ -4,6 +4,7 @@ export * from "./schema/channels.js";
 export * from "./schema/config.js";
 export * from "./schema/cron.js";
 export * from "./schema/error-codes.js";
+export * from "./schema/exec-approvals.js";
 export * from "./schema/frames.js";
 export * from "./schema/logs-chat.js";
 export * from "./schema/nodes.js";

src/gateway/protocol/schema/exec-approvals.ts

@@ -0,0 +1,72 @@
+import { Type } from "@sinclair/typebox";
+
+import { NonEmptyString } from "./primitives.js";
+
+export const ExecApprovalsAllowlistEntrySchema = Type.Object(
+  {
+    pattern: Type.String(),
+    lastUsedAt: Type.Optional(Type.Integer({ minimum: 0 })),
+    lastUsedCommand: Type.Optional(Type.String()),
+    lastResolvedPath: Type.Optional(Type.String()),
+  },
+  { additionalProperties: false },
+);
+
+export const ExecApprovalsDefaultsSchema = Type.Object(
+  {
+    security: Type.Optional(Type.String()),
+    ask: Type.Optional(Type.String()),
+    askFallback: Type.Optional(Type.String()),
+    autoAllowSkills: Type.Optional(Type.Boolean()),
+  },
+  { additionalProperties: false },
+);
+
+export const ExecApprovalsAgentSchema = Type.Object(
+  {
+    security: Type.Optional(Type.String()),
+    ask: Type.Optional(Type.String()),
+    askFallback: Type.Optional(Type.String()),
+    autoAllowSkills: Type.Optional(Type.Boolean()),
+    allowlist: Type.Optional(Type.Array(ExecApprovalsAllowlistEntrySchema)),
+  },
+  { additionalProperties: false },
+);
+
+export const ExecApprovalsFileSchema = Type.Object(
+  {
+    version: Type.Literal(1),
+    socket: Type.Optional(
+      Type.Object(
+        {
+          path: Type.Optional(Type.String()),
+          token: Type.Optional(Type.String()),
+        },
+        { additionalProperties: false },
+      ),
+    ),
+    defaults: Type.Optional(ExecApprovalsDefaultsSchema),
+    agents: Type.Optional(Type.Record(Type.String(), ExecApprovalsAgentSchema)),
+  },
+  { additionalProperties: false },
+);
+
+export const ExecApprovalsSnapshotSchema = Type.Object(
+  {
+    path: NonEmptyString,
+    exists: Type.Boolean(),
+    hash: NonEmptyString,
+    file: ExecApprovalsFileSchema,
+  },
+  { additionalProperties: false },
+);
+
+export const ExecApprovalsGetParamsSchema = Type.Object({}, { additionalProperties: false });
+
+export const ExecApprovalsSetParamsSchema = Type.Object(
+  {
+    file: ExecApprovalsFileSchema,
+    baseHash: Type.Optional(NonEmptyString),
+  },
+  { additionalProperties: false },
+);

src/gateway/protocol/schema/protocol-schemas.ts

@@ -47,6 +47,11 @@ import {
   CronStatusParamsSchema,
   CronUpdateParamsSchema,
 } from "./cron.js";
+import {
+  ExecApprovalsGetParamsSchema,
+  ExecApprovalsSetParamsSchema,
+  ExecApprovalsSnapshotSchema,
+} from "./exec-approvals.js";
 import {
   ConnectParamsSchema,
   ErrorShapeSchema,
@@ -170,6 +175,9 @@ export const ProtocolSchemas: Record<string, TSchema> = {
   CronRunLogEntry: CronRunLogEntrySchema,
   LogsTailParams: LogsTailParamsSchema,
   LogsTailResult: LogsTailResultSchema,
+  ExecApprovalsGetParams: ExecApprovalsGetParamsSchema,
+  ExecApprovalsSetParams: ExecApprovalsSetParamsSchema,
+  ExecApprovalsSnapshot: ExecApprovalsSnapshotSchema,
   ChatHistoryParams: ChatHistoryParamsSchema,
   ChatSendParams: ChatSendParamsSchema,
   ChatAbortParams: ChatAbortParamsSchema,

src/gateway/protocol/schema/types.ts

@@ -45,6 +45,11 @@ import type {
   CronStatusParamsSchema,
   CronUpdateParamsSchema,
 } from "./cron.js";
+import type {
+  ExecApprovalsGetParamsSchema,
+  ExecApprovalsSetParamsSchema,
+  ExecApprovalsSnapshotSchema,
+} from "./exec-approvals.js";
 import type {
   ConnectParamsSchema,
   ErrorShapeSchema,
@@ -163,6 +168,9 @@ export type CronRunsParams = Static<typeof CronRunsParamsSchema>;
 export type CronRunLogEntry = Static<typeof CronRunLogEntrySchema>;
 export type LogsTailParams = Static<typeof LogsTailParamsSchema>;
 export type LogsTailResult = Static<typeof LogsTailResultSchema>;
+export type ExecApprovalsGetParams = Static<typeof ExecApprovalsGetParamsSchema>;
+export type ExecApprovalsSetParams = Static<typeof ExecApprovalsSetParamsSchema>;
+export type ExecApprovalsSnapshot = Static<typeof ExecApprovalsSnapshotSchema>;
 export type ChatAbortParams = Static<typeof ChatAbortParamsSchema>;
 export type ChatInjectParams = Static<typeof ChatInjectParamsSchema>;
 export type ChatEvent = Static<typeof ChatEventSchema>;