npm - @canonmsg/codex-plugin - Versions diffs - 0.5.0 → 0.6.1 - Mend

@canonmsg/codex-plugin 0.5.0 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/adapter.d.ts +1 -1
package/dist/adapter.js +9 -3
package/dist/host-runtime.d.ts +20 -4
package/dist/host-runtime.js +36 -29
package/dist/host.js +78 -15
package/dist/permission-mode.d.ts +31 -0
package/dist/permission-mode.js +59 -0
package/package.json +3 -2

package/dist/adapter.d.ts CHANGED Viewed

@@ -63,7 +63,7 @@ export declare class CodexConversationAdapter {
     setModel(model: string | null): void;
     isRunning(): boolean;
     interrupt(): Promise<void>;
-    runTurn(prompt: string, onEvent: (event: CodexEvent) => void, onLog?: (line: string) => void): Promise<CodexTurnResult>;
+    runTurn(prompt: string, onEvent: (event: CodexEvent) => void, onLog?: (line: string) => void, imagePaths?: readonly string[]): Promise<CodexTurnResult>;
     private buildArgs;
     private clearActiveProcess;
 }

package/dist/adapter.js CHANGED Viewed

@@ -47,11 +47,11 @@ export class CodexConversationAdapter {
                 this.child.kill('SIGKILL');
         }, 5_000);
     }
-    async runTurn(prompt, onEvent, onLog) {
+    async runTurn(prompt, onEvent, onLog, imagePaths = []) {
         if (this.child) {
             throw new Error('A Codex turn is already in progress for this conversation');
         }
-        const args = this.buildArgs(prompt);
+        const args = this.buildArgs(prompt, imagePaths);
         const child = spawn(this.codexBin, args, {
             cwd: this.cwd,
             stdio: ['ignore', 'pipe', 'pipe'],
@@ -141,7 +141,7 @@ export class CodexConversationAdapter {
             });
         });
     }
-    buildArgs(prompt) {
+    buildArgs(prompt, imagePaths = []) {
         if (this.threadId) {
             const args = ['exec', 'resume', '--json', '--skip-git-repo-check'];
             if (this.model) {
@@ -159,6 +159,9 @@ export class CodexConversationAdapter {
             if (this.bypassApprovalsAndSandbox) {
                 args.push('--dangerously-bypass-approvals-and-sandbox');
             }
+            for (const imagePath of imagePaths) {
+                args.push('-i', imagePath);
+            }
             args.push(this.threadId, prompt);
             return args;
         }
@@ -190,6 +193,9 @@ export class CodexConversationAdapter {
         if (execMode.bypassApprovalsAndSandbox) {
             args.push('--dangerously-bypass-approvals-and-sandbox');
         }
+        for (const imagePath of imagePaths) {
+            args.push('-i', imagePath);
+        }
         args.push(prompt);
         return args;
     }

package/dist/host-runtime.d.ts CHANGED Viewed

@@ -28,9 +28,6 @@ export interface HostInboundParticipantContext {
 type HostInboundMessage = {
     text?: string | null;
     contentType?: CanonMessage['contentType'] | null;
-    audioUrl?: string | null;
-    audioDurationMs?: number | null;
-    imageUrl?: string | null;
     attachments?: CanonMessage['attachments'];
     senderType?: CanonMessage['senderType'];
     mentions?: string[] | null;
@@ -49,7 +46,26 @@ export declare function buildCanonHostPrompt(input: {
     workSessions?: MessageCreatedPayload['workSessions'];
     buildInboundContextLines: (context: HostInboundParticipantContext) => string[];
 }): string;
-export declare function renderCanonHostInboundContent(message: HostInboundMessage): string;
+/**
+ * Render the **text portion** of an inbound Canon message. Images are
+ * referenced by short placeholders — their actual bytes are delivered to the
+ * host as native vision/media inputs (Codex `-i <file>`, Anthropic image
+ * blocks). URLs are intentionally *not* inlined, since the harness never
+ * needs to refetch and earlier `[Image: <url>]` inlining caused vision
+ * models to see a string about an image instead of the image itself.
+ *
+ * `materialized` may be passed so non-image attachments can reference a
+ * local path the agent can Read. Without it we fall back to an unadorned
+ * placeholder; the vision path still works because image args carry the
+ * file path directly.
+ */
+export declare function renderCanonHostInboundContent(message: HostInboundMessage, materialized?: ReadonlyArray<{
+    kind: 'image' | 'audio' | 'file';
+    path: string;
+    fileName?: string;
+    durationMs?: number;
+    index: number;
+}>): string;
 export declare function buildHydratedInboundContext(input: {
     agentId: string;
     conversation: CanonConversation | null;

package/dist/host-runtime.js CHANGED Viewed

@@ -32,38 +32,45 @@ export function buildCanonHostPrompt(input) {
         input.content,
     ].join('\n');
 }
-export function renderCanonHostInboundContent(message) {
-    let content = message.text || '';
-    const attachment = message.attachments?.[0];
-    if (attachment?.kind === 'audio' && attachment.url) {
-        const duration = attachment.durationMs ? ` (${Math.round(attachment.durationMs / 1000)}s)` : '';
-        content = content
-            ? `[Voice message${duration}: ${attachment.url}]\n${content}`
-            : `[Voice message${duration}: ${attachment.url}]`;
-    }
-    else if (attachment?.kind === 'image' && attachment.url) {
-        content = content
-            ? `[Image: ${attachment.url}]\n${content}`
-            : `[Image: ${attachment.url}]`;
-    }
-    else if (attachment?.kind === 'file' && attachment.url) {
-        const label = attachment.fileName || 'File';
-        content = content
-            ? `[File: ${label} ${attachment.url}]\n${content}`
-            : `[File: ${label} ${attachment.url}]`;
+/**
+ * Render the **text portion** of an inbound Canon message. Images are
+ * referenced by short placeholders — their actual bytes are delivered to the
+ * host as native vision/media inputs (Codex `-i <file>`, Anthropic image
+ * blocks). URLs are intentionally *not* inlined, since the harness never
+ * needs to refetch and earlier `[Image: <url>]` inlining caused vision
+ * models to see a string about an image instead of the image itself.
+ *
+ * `materialized` may be passed so non-image attachments can reference a
+ * local path the agent can Read. Without it we fall back to an unadorned
+ * placeholder; the vision path still works because image args carry the
+ * file path directly.
+ */
+export function renderCanonHostInboundContent(message, materialized) {
+    const body = message.text || '';
+    const placeholders = [];
+    const attachments = message.attachments ?? [];
+    for (let i = 0; i < attachments.length; i += 1) {
+        const att = attachments[i];
+        const mat = materialized?.find((m) => m.index === i) ?? null;
+        placeholders.push(describeAttachment(att, mat));
     }
-    else if (message.contentType === 'audio' && message.audioUrl) {
-        const duration = message.audioDurationMs ? ` (${Math.round(message.audioDurationMs / 1000)}s)` : '';
-        content = content
-            ? `[Voice message${duration}: ${message.audioUrl}]\n${content}`
-            : `[Voice message${duration}: ${message.audioUrl}]`;
+    const rendered = [...placeholders, body].filter(Boolean).join('\n');
+    return rendered || '[Empty message]';
+}
+function describeAttachment(attachment, materialized) {
+    if (attachment.kind === 'image') {
+        return '[Image attached]';
     }
-    else if (message.contentType === 'image' && message.imageUrl) {
-        content = content
-            ? `[Image: ${message.imageUrl}]\n${content}`
-            : `[Image: ${message.imageUrl}]`;
+    if (attachment.kind === 'audio') {
+        const durationMs = materialized?.durationMs ?? attachment.durationMs;
+        const duration = durationMs ? ` (${Math.round(durationMs / 1000)}s)` : '';
+        const ref = materialized?.path ? ` ${materialized.path}` : '';
+        return `[Voice message${duration}${ref}]`;
     }
-    return content || '[Empty message]';
+    // file
+    const label = materialized?.fileName ?? attachment.fileName ?? 'File';
+    const ref = materialized?.path ? ` ${materialized.path}` : '';
+    return `[File: ${label}${ref}]`;
 }
 export function buildHydratedInboundContext(input) {
     const history = buildParticipationHistorySnapshot(input.page?.messages ?? [], input.agentId);

package/dist/host.js CHANGED Viewed

@@ -3,11 +3,13 @@ import { setDefaultResultOrder } from 'node:dns';
 setDefaultResultOrder('ipv4first');
 import { randomUUID } from 'node:crypto';
 import { parseArgs } from 'node:util';
-import { buildConfiguredWorkspaceOptions, buildPublicWorkspaceOptions, ExecutionEnvironmentError, isEnabledFlag, CanonClient, CanonStream, clearSessionState, clearTurnState, DEFAULT_PARTICIPATION_HISTORY_FETCH_LIMIT, DEFAULT_RUNTIME_CAPABILITIES, FINAL_MESSAGE_HANDOFF_MS, getActiveProfile, initRTDBAuth, normalizeTurnMetadata, normalizeTurnState, prepareConversationEnvironment, releaseLock, releaseConversationEnvironment, resolveCanonAgent, rtdbRead, rtdbWrite, shouldTriggerAgentTurn, writeSessionState, writeTurnState, } from '@canonmsg/core';
+import { getCodexImagePath, materializeMessageMedia, } from '@canonmsg/agent-sdk';
+import { buildConfiguredWorkspaceOptions, buildPublicWorkspaceOptions, EXECUTION_ENVIRONMENT_MODES, ExecutionEnvironmentError, isEnabledFlag, CanonClient, CanonStream, clearSessionState, clearTurnState, DEFAULT_PARTICIPATION_HISTORY_FETCH_LIMIT, DEFAULT_RUNTIME_CAPABILITIES, FINAL_MESSAGE_HANDOFF_MS, getActiveProfile, initRTDBAuth, normalizeTurnMetadata, normalizeTurnState, prepareConversationEnvironment, releaseLock, releaseConversationEnvironment, resolveCanonAgent, rtdbRead, rtdbWrite, shouldTriggerAgentTurn, writeSessionState, writeTurnState, } from '@canonmsg/core';
 import { buildCanonHostPrompt, buildHydratedInboundContext, createConversationMetadataLoader, loadHostSessionConfig, publishHostAgentRuntime, renderCanonHostInboundContent, resolveHostWorkspaceCwd, } from './host-runtime.js';
 import { buildInboundContextLines, decideAutoReply, } from './inbound-policy.js';
 import { CodexConversationAdapter, } from './adapter.js';
 import { clearStoredThreadId, loadStoredThreadId, saveStoredThreadId, } from './session-store.js';
+import { deriveCodexPermissionEnvelope, mapCanonPermissionToCodex, } from './permission-mode.js';
 const MAX_SESSIONS = 12;
 const IDLE_TIMEOUT_MS = 30 * 60 * 1000;
 const HEARTBEAT_MS = 30_000;
@@ -41,7 +43,19 @@ async function publishAgentRuntime(agentId, runtime) {
     await publishHostAgentRuntime(agentId, 'codex', runtime);
 }
 async function loadSessionConfig(conversationId, agentId) {
-    return loadHostSessionConfig({ conversationId, agentId });
+    return loadHostSessionConfig({
+        conversationId,
+        agentId,
+        extraStringFields: ['permissionMode'],
+    });
+}
+const SESSION_EXECUTION_MODE_REQUIRED = 'Session execution mode required; please select a mode before starting the session.';
+function requireSessionExecutionMode(config) {
+    const mode = config?.executionMode;
+    if (!mode) {
+        throw new ExecutionEnvironmentError(SESSION_EXECUTION_MODE_REQUIRED, SESSION_EXECUTION_MODE_REQUIRED);
+    }
+    return mode;
 }
 function resolveWorkspaceCwd(config) {
     return resolveHostWorkspaceCwd({
@@ -57,8 +71,8 @@ function buildCanonPrompt(input) {
         ...input,
     });
 }
-function renderInboundContent(message) {
-    return renderCanonHostInboundContent(message);
+function renderInboundContent(message, materialized) {
+    return renderCanonHostInboundContent(message, materialized);
 }
 function summarizeCommand(command) {
     const trimmed = command.trim();
@@ -241,17 +255,29 @@ async function main() {
         }
         const creation = (async () => {
             const config = await loadSessionConfig(conversationId, agentId);
+            const sessionExecutionMode = requireSessionExecutionMode(config);
+            if (sessionExecutionMode === 'worktree' && !allowWorktrees) {
+                throw new ExecutionEnvironmentError('This host does not allow worktree sessions (launched without --enable-worktrees).', 'This Canon host was started without worktree isolation enabled. Choose "Lock the workspace" or restart the host with --enable-worktrees.');
+            }
             const workspaceCwd = resolveWorkspaceCwd(config);
             const environment = prepareConversationEnvironment({
                 agentId,
                 conversationId,
                 workspaceCwd,
-                allowWorktrees,
+                allowWorktrees: sessionExecutionMode === 'worktree',
             });
             try {
                 const sessionCwd = environment.cwd;
                 const sessionModel = config?.model ?? (typeof args.model === 'string' ? args.model : undefined);
                 const storedThreadId = loadStoredThreadId(agentId, conversationId, sessionCwd);
+                if (config?.permissionMode
+                    && !codexPermissionEnvelope.availablePermissionModes.some((option) => option.value === config.permissionMode)) {
+                    throw new ExecutionEnvironmentError(`Permission mode "${config.permissionMode}" is not supported by this Codex host.`, 'This Canon host was started with stricter approval settings. Choose one of the advertised permission modes or restart the host with more permissive flags.');
+                }
+                const approvalOverride = mapCanonPermissionToCodex(config?.permissionMode);
+                const defaultSandbox = (typeof args.sandbox === 'string' ? args.sandbox : null);
+                const defaultFullAuto = Boolean(args['full-auto']);
+                const defaultBypass = Boolean(args['dangerously-bypass-approvals-and-sandbox']);
                 const session = {
                     conversationId,
                     cwd: sessionCwd,
@@ -261,15 +287,17 @@ async function main() {
                         threadId: storedThreadId,
                         codexBin: typeof args['codex-bin'] === 'string' ? args['codex-bin'] : 'codex',
                         model: sessionModel ?? null,
-                        sandbox: (typeof args.sandbox === 'string' ? args.sandbox : null),
+                        sandbox: approvalOverride ? approvalOverride.sandbox : defaultSandbox,
                         approvalPolicy: (typeof args['ask-for-approval'] === 'string'
                             ? args['ask-for-approval']
                             : null),
                         codexProfile: typeof args['codex-profile'] === 'string' ? args['codex-profile'] : null,
                         addDirs: args['add-dir'] ?? [],
                         configOverrides: args.config ?? [],
-                        fullAuto: Boolean(args['full-auto']),
-                        bypassApprovalsAndSandbox: Boolean(args['dangerously-bypass-approvals-and-sandbox']),
+                        fullAuto: approvalOverride ? approvalOverride.fullAuto : defaultFullAuto,
+                        bypassApprovalsAndSandbox: approvalOverride
+                            ? approvalOverride.bypassApprovalsAndSandbox
+                            : defaultBypass,
                     }),
                     queue: [],
                     running: false,
@@ -303,8 +331,8 @@ async function main() {
             pendingSessionCreations.delete(conversationId);
         }
     }
-    function enqueuePrompt(session, prompt, intent = 'queue', toFront = false, sourceMessageId, markAccepted = false) {
-        const nextPrompt = { prompt, intent, sourceMessageId, markAccepted };
+    function enqueuePrompt(session, prompt, intent = 'queue', toFront = false, sourceMessageId, markAccepted = false, imagePaths = []) {
+        const nextPrompt = { prompt, intent, sourceMessageId, markAccepted, imagePaths };
         if (toFront) {
             session.queue.unshift(nextPrompt);
         }
@@ -316,7 +344,22 @@ async function main() {
         void runNextTurn(session);
     }
     async function enqueueInboundMessage(input) {
-        const content = renderInboundContent(input.message);
+        let materialized = [];
+        if (input.message.id) {
+            try {
+                materialized = await materializeMessageMedia({
+                    id: input.message.id,
+                    attachments: input.message.attachments ?? [],
+                }, { agentId, conversationId: input.conversationId });
+            }
+            catch (error) {
+                console.error(`[canon-codex] [${input.conversationId.slice(0, 8)}] Failed to materialize media:`, error instanceof Error ? error.message : error);
+            }
+        }
+        const imagePaths = materialized
+            .map((attachment) => getCodexImagePath(attachment))
+            .filter((path) => path !== null);
+        const content = renderInboundContent(input.message, materialized);
         const hydrated = await loadHydratedInboundContext({
             conversationId: input.conversationId,
             message: input.message,
@@ -360,14 +403,14 @@ async function main() {
             workSessions,
         });
         if (session.running && deliveryIntent === 'interrupt') {
-            enqueuePrompt(session, prompt, deliveryIntent, true, input.message.id, shouldMarkAccepted);
+            enqueuePrompt(session, prompt, deliveryIntent, true, input.message.id, shouldMarkAccepted, imagePaths);
             console.error(`[canon-codex] [${input.conversationId.slice(0, 8)}] Interrupting current turn for explicit human send-now`);
             await session.adapter.interrupt().catch(() => { });
             clearStreaming(input.conversationId);
             client.setTyping(input.conversationId, false).catch(() => { });
             return;
         }
-        enqueuePrompt(session, prompt, deliveryIntent, false, input.message.id, shouldMarkAccepted);
+        enqueuePrompt(session, prompt, deliveryIntent, false, input.message.id, shouldMarkAccepted, imagePaths);
     }
     async function runNextTurn(session) {
         if (session.running || session.closed)
@@ -393,6 +436,7 @@ async function main() {
             updatedAt: { '.sv': 'timestamp' },
         }).catch(() => { });
         try {
+            const turnImagePaths = nextTurn.imagePaths ?? [];
             const result = await session.adapter.runTurn(nextTurn.prompt, (event) => {
                 session.lastActivity = Date.now();
                 if (event.type === 'thread.started') {
@@ -426,7 +470,7 @@ async function main() {
                 }
             }, (line) => {
                 console.error(`[canon-codex] [${session.conversationId.slice(0, 8)}] ${line}`);
-            });
+            }, turnImagePaths);
             if (result.threadId) {
                 saveStoredThreadId(agentId, session.conversationId, session.cwd, result.threadId);
             }
@@ -503,10 +547,19 @@ async function main() {
     }
     let controlStopped = false;
     let streamConnected = false;
+    const hostAvailableExecutionModes = allowWorktrees
+        ? [...EXECUTION_ENVIRONMENT_MODES]
+        : ['locked'];
+    const codexPermissionEnvelope = deriveCodexPermissionEnvelope(args);
     let runtimeDescriptor = {
         defaultWorkspaceId: workspaceOptions[0]?.id,
         ...(typeof args.model === 'string' ? { defaultModel: args.model } : {}),
         availableWorkspaces: buildPublicWorkspaceOptions(workspaceOptions),
+        availableExecutionModes: hostAvailableExecutionModes,
+        availablePermissionModes: [...codexPermissionEnvelope.availablePermissionModes],
+        ...(codexPermissionEnvelope.defaultPermissionMode
+            ? { defaultPermissionMode: codexPermissionEnvelope.defaultPermissionMode }
+            : {}),
     };
     const publishRuntimeHeartbeat = async () => {
         if (!streamConnected)
@@ -550,12 +603,22 @@ async function main() {
             defaultWorkspaceId: workspaceOptions[0]?.id,
             ...(typeof args.model === 'string' ? { defaultModel: args.model } : {}),
             availableWorkspaces: buildPublicWorkspaceOptions(workspaceOptions),
+            availableExecutionModes: hostAvailableExecutionModes,
+            availablePermissionModes: [...codexPermissionEnvelope.availablePermissionModes],
+            ...(codexPermissionEnvelope.defaultPermissionMode
+                ? { defaultPermissionMode: codexPermissionEnvelope.defaultPermissionMode }
+                : {}),
         };
     }
     catch {
         runtimeDescriptor = {
             defaultWorkspaceId: workspaceOptions[0]?.id,
             availableWorkspaces: buildPublicWorkspaceOptions(workspaceOptions),
+            availableExecutionModes: hostAvailableExecutionModes,
+            availablePermissionModes: [...codexPermissionEnvelope.availablePermissionModes],
+            ...(codexPermissionEnvelope.defaultPermissionMode
+                ? { defaultPermissionMode: codexPermissionEnvelope.defaultPermissionMode }
+                : {}),
         };
     }
     try {
@@ -623,7 +686,7 @@ async function main() {
                                     writeState(session);
                                 }
                                 if (control.permissionMode) {
-                                    console.error(`[canon-codex] [${conversationId.slice(0, 8)}] permissionMode control is not mapped yet (${control.permissionMode})`);
+                                    console.error(`[canon-codex] [${conversationId.slice(0, 8)}] approval mode is session-creation-only; ignoring mid-session change request (${control.permissionMode})`);
                                 }
                                 if (control.effort) {
                                     console.error(`[canon-codex] [${conversationId.slice(0, 8)}] effort control is not mapped yet (${control.effort})`);

package/dist/permission-mode.d.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import type { CodexSandboxMode } from './adapter.js';
+export declare const CODEX_PERMISSION_OPTIONS: readonly [{
+    readonly value: "readonly";
+    readonly label: "Read-only";
+}, {
+    readonly value: "workspace";
+    readonly label: "Workspace-write";
+}, {
+    readonly value: "full-auto";
+    readonly label: "Full auto";
+}, {
+    readonly value: "bypass";
+    readonly label: "Bypass (dangerous)";
+}];
+export type CodexPermissionMode = (typeof CODEX_PERMISSION_OPTIONS)[number]['value'];
+export type CodexApprovalShape = {
+    sandbox: CodexSandboxMode | null;
+    fullAuto: boolean;
+    bypassApprovalsAndSandbox: boolean;
+};
+export type CodexPermissionEnvelope = {
+    defaultPermissionMode?: CodexPermissionMode;
+    availablePermissionModes: ReadonlyArray<(typeof CODEX_PERMISSION_OPTIONS)[number]>;
+};
+export declare function mapCanonPermissionToCodex(mode: string | null | undefined): CodexApprovalShape | null;
+export declare function deriveCodexPermissionEnvelope(args: {
+    'full-auto'?: unknown;
+    'dangerously-bypass-approvals-and-sandbox'?: unknown;
+    'ask-for-approval'?: unknown;
+    sandbox?: unknown;
+}): CodexPermissionEnvelope;

package/dist/permission-mode.js ADDED Viewed

@@ -0,0 +1,59 @@
+export const CODEX_PERMISSION_OPTIONS = [
+    { value: 'readonly', label: 'Read-only' },
+    { value: 'workspace', label: 'Workspace-write' },
+    { value: 'full-auto', label: 'Full auto' },
+    { value: 'bypass', label: 'Bypass (dangerous)' },
+];
+export function mapCanonPermissionToCodex(mode) {
+    switch (mode) {
+        case 'readonly':
+            return { sandbox: 'read-only', fullAuto: false, bypassApprovalsAndSandbox: false };
+        case 'workspace':
+            return { sandbox: 'workspace-write', fullAuto: false, bypassApprovalsAndSandbox: false };
+        case 'full-auto':
+            return { sandbox: 'workspace-write', fullAuto: true, bypassApprovalsAndSandbox: false };
+        case 'bypass':
+            return { sandbox: null, fullAuto: false, bypassApprovalsAndSandbox: true };
+        default:
+            return null;
+    }
+}
+function codexOptionsThrough(mode) {
+    const index = CODEX_PERMISSION_OPTIONS.findIndex((option) => option.value === mode);
+    return index >= 0 ? CODEX_PERMISSION_OPTIONS.slice(0, index + 1) : [];
+}
+function isLegacyFullAuto(args) {
+    return args['ask-for-approval'] === 'never'
+        && (args.sandbox === 'workspace-write' || args.sandbox == null);
+}
+export function deriveCodexPermissionEnvelope(args) {
+    if (args.sandbox === 'read-only') {
+        return {
+            defaultPermissionMode: 'readonly',
+            availablePermissionModes: codexOptionsThrough('readonly'),
+        };
+    }
+    if (args.sandbox === 'danger-full-access') {
+        return {
+            availablePermissionModes: args['dangerously-bypass-approvals-and-sandbox']
+                ? [...CODEX_PERMISSION_OPTIONS]
+                : codexOptionsThrough('full-auto'),
+        };
+    }
+    if (args['dangerously-bypass-approvals-and-sandbox']) {
+        return {
+            defaultPermissionMode: 'bypass',
+            availablePermissionModes: [...CODEX_PERMISSION_OPTIONS],
+        };
+    }
+    if (args['full-auto'] || isLegacyFullAuto(args)) {
+        return {
+            defaultPermissionMode: 'full-auto',
+            availablePermissionModes: codexOptionsThrough('full-auto'),
+        };
+    }
+    return {
+        defaultPermissionMode: 'workspace',
+        availablePermissionModes: codexOptionsThrough('workspace'),
+    };
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@canonmsg/codex-plugin",
-  "version": "0.5.0",
+  "version": "0.6.1",
   "description": "Canon host integration for Codex CLI",
   "type": "module",
   "main": "dist/host.js",
@@ -22,7 +22,8 @@
     "prepack": "npm run build"
   },
   "dependencies": {
-    "@canonmsg/core": "^0.7.0"
+    "@canonmsg/agent-sdk": "^0.8.1",
+    "@canonmsg/core": "^0.7.1"
   },
   "engines": {
     "node": ">=18.0.0"