Refactor builtin file tools beyond workspace scope

Replace workspace-scoped builtin file tools with general-purpose file-* tools that accept relative, absolute, and ~/ paths. Relative paths still resolve against the configured workdir. File operations within the workdir are auto-approved. File operations outside the workdir now emit file permission metadata and require user approval, with support for once, session, and persistent grants. Add a shared filesystem layer for text-focused read/write/edit/list/search operations, including binary-file safeguards for text reads. parseFile and LLMParse continue to read file buffers for document/image parsing. Update copilot prompts, background/live-note agents, knowledge workflows, and renderer labels/UI to use the new file-* tool surface and permission details. Add package-local Vitest setup for @x/core with colocated filesystem unit tests covering path resolution, canonical permission paths, binary detection, read/write/edit behavior, glob, and grep.
2026-05-25 18:55:19 +02:00 · 2026-05-25 16:21:40 +05:30 · 2026-05-25 16:21:40 +05:30 · 31e35e00b8
commit 31e35e00b8
parent f1d3b7b825
41 changed files with 1777 additions and 615 deletions
--- a/apps/x/packages/shared/src/runs.ts
+++ b/apps/x/packages/shared/src/runs.ts
@ -83,9 +83,23 @@ export const AskHumanResponseEvent = BaseRunEvent.extend({
    response: z.string(),
 });

+export const ToolPermissionMetadata = z.discriminatedUnion("kind", [
+    z.object({
+        kind: z.literal("command"),
+        commandNames: z.array(z.string()),
+    }),
+    z.object({
+        kind: z.literal("file"),
+        operation: z.enum(["read", "list", "search", "write", "delete"]),
+        paths: z.array(z.string()),
+        pathPrefix: z.string(),
+    }),
+]);
+
 export const ToolPermissionRequestEvent = BaseRunEvent.extend({
    type: z.literal("tool-permission-request"),
    toolCall: ToolCallPart,
+    permission: ToolPermissionMetadata.optional(),
 });

 export const ToolPermissionResponseEvent = BaseRunEvent.extend({