npm - @doingdev/opencode-claude-manager-plugin - Versions diffs - 0.1.61 → 0.1.62 - Mend

@doingdev/opencode-claude-manager-plugin 0.1.61 → 0.1.62

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/dist/manager/team-orchestrator.js +1 -0
package/dist/plugin/agents/browser-qa.js +4 -0
package/dist/src/manager/team-orchestrator.js +1 -0
package/dist/src/plugin/agents/browser-qa.js +4 -0
package/dist/src/types/contracts.d.ts +7 -0
package/dist/test/claude-agent-sdk-adapter.test.js +39 -0
package/dist/test/team-orchestrator.test.js +53 -0
package/dist/types/contracts.d.ts +7 -0
package/package.json +1 -1

package/dist/manager/team-orchestrator.js CHANGED Viewed

@@ -122,6 +122,7 @@ export class TeamOrchestrator {
                 persistSession: true,
                 includePartialMessages: true,
                 permissionMode: 'acceptEdits',
+                allowedTools: workerCaps?.sessionAllowedTools,
                 restrictWriteTools: input.mode === 'explore' || (workerCaps?.restrictWriteTools ?? false),
                 model: input.model,
                 effort: (workerCaps?.restrictWriteTools ?? false)

package/dist/plugin/agents/browser-qa.js CHANGED Viewed

@@ -12,6 +12,10 @@ export function buildWorkerCapabilities(prompts) {
             plannerEligible: false,
             isRuntimeUnavailableResponse: (text) => text.trimStart().startsWith('PLAYWRIGHT_UNAVAILABLE:'),
             runtimeUnavailableTitle: '❌ Playwright unavailable',
+            // Pre-approve the Playwriter toolchain at the SDK level so headless sessions
+            // never stall waiting for interactive confirmation. Write tools remain blocked
+            // by restrictWriteTools and the canUseTool write-filter.
+            sessionAllowedTools: ['Skill', 'Bash', 'Read', 'Grep', 'Glob', 'LS', 'ListDirectory'],
         },
     };
 }

package/dist/src/manager/team-orchestrator.js CHANGED Viewed

@@ -122,6 +122,7 @@ export class TeamOrchestrator {
                 persistSession: true,
                 includePartialMessages: true,
                 permissionMode: 'acceptEdits',
+                allowedTools: workerCaps?.sessionAllowedTools,
                 restrictWriteTools: input.mode === 'explore' || (workerCaps?.restrictWriteTools ?? false),
                 model: input.model,
                 effort: (workerCaps?.restrictWriteTools ?? false)

package/dist/src/plugin/agents/browser-qa.js CHANGED Viewed

@@ -12,6 +12,10 @@ export function buildWorkerCapabilities(prompts) {
             plannerEligible: false,
             isRuntimeUnavailableResponse: (text) => text.trimStart().startsWith('PLAYWRIGHT_UNAVAILABLE:'),
             runtimeUnavailableTitle: '❌ Playwright unavailable',
+            // Pre-approve the Playwriter toolchain at the SDK level so headless sessions
+            // never stall waiting for interactive confirmation. Write tools remain blocked
+            // by restrictWriteTools and the canUseTool write-filter.
+            sessionAllowedTools: ['Skill', 'Bash', 'Read', 'Grep', 'Glob', 'LS', 'ListDirectory'],
         },
     };
 }

package/dist/src/types/contracts.d.ts CHANGED Viewed

@@ -206,6 +206,13 @@ export interface WorkerCapabilities {
     isRuntimeUnavailableResponse?: (finalText: string) => boolean;
     /** Metadata title for the runtime-unavailable event. */
     runtimeUnavailableTitle?: string;
+    /**
+     * Explicit SDK-level pre-approval list for this worker's inner Claude Code session.
+     * Tools in this list bypass interactive confirmation prompts (they are still subject to
+     * the `canUseTool` write-restriction and approval-policy filters).
+     * Absent = falls back to `['Skill']` via the default adapter behaviour.
+     */
+    sessionAllowedTools?: string[];
 }
 export interface GitDiffResult {
     hasDiff: boolean;

package/dist/test/claude-agent-sdk-adapter.test.js CHANGED Viewed

@@ -498,6 +498,45 @@ describe('ClaudeAgentSdkAdapter', () => {
         const gitLogResult = await capturedCanUseTool('Bash', { command: 'git log --oneline -10' }, {});
         expect(gitLogResult.behavior).toBe('allow');
     });
+    it('allows Playwriter-style bash commands when restrictWriteTools is true', async () => {
+        let capturedCanUseTool;
+        const adapter = new ClaudeAgentSdkAdapter({
+            query: (params) => {
+                capturedCanUseTool = params.options?.canUseTool;
+                return createFakeQuery([
+                    {
+                        type: 'result',
+                        subtype: 'success',
+                        session_id: 'ses_playwriter',
+                        is_error: false,
+                        result: 'ok',
+                        num_turns: 1,
+                        total_cost_usd: 0,
+                    },
+                ]);
+            },
+            listSessions: async () => [],
+            getSessionMessages: async () => [],
+        });
+        await adapter.runSession({
+            cwd: '/tmp/project',
+            prompt: 'Run Playwriter tests',
+            restrictWriteTools: true,
+        });
+        expect(capturedCanUseTool).toBeDefined();
+        // Non-destructive Playwriter commands must be allowed
+        const playwriterResult = await capturedCanUseTool('Bash', { command: 'playwriter session new' }, {});
+        expect(playwriterResult.behavior).toBe('allow');
+        const npxResult = await capturedCanUseTool('Bash', { command: 'npx playwriter session new' }, {});
+        expect(npxResult.behavior).toBe('allow');
+        const listResult = await capturedCanUseTool('Bash', { command: 'playwriter session list' }, {});
+        expect(listResult.behavior).toBe('allow');
+        // Destructive commands must still be denied
+        const rmResult = await capturedCanUseTool('Bash', { command: 'rm -rf /tmp/screenshots' }, {});
+        expect(rmResult.behavior).toBe('deny');
+        const redirectResult = await capturedCanUseTool('Bash', { command: 'echo "data" > out.txt' }, {});
+        expect(redirectResult.behavior).toBe('deny');
+    });
     it('allows write tools when restrictWriteTools is false', async () => {
         let capturedCanUseTool;
         const adapter = new ClaudeAgentSdkAdapter({

package/dist/test/team-orchestrator.test.js CHANGED Viewed

@@ -345,6 +345,59 @@ describe('TeamOrchestrator', () => {
         expect(error.message).toContain('BrowserQA is a browser QA specialist');
         expect(error.message).toContain('does not support implement mode');
     });
+    it('forwards sessionAllowedTools to runTask when worker has them configured', async () => {
+        tempRoot = await mkdtemp(join(tmpdir(), 'browserqa-allowed-'));
+        const runTask = vi.fn().mockResolvedValueOnce({
+            sessionId: 'ses_qa',
+            events: [],
+            finalText: 'Done.',
+            turns: 1,
+            totalCostUsd: 0.01,
+            inputTokens: 500,
+            outputTokens: 100,
+            contextWindowSize: 200_000,
+        });
+        const orchestrator = new TeamOrchestrator({ runTask }, new TeamStateStore('.state'), { appendEvents: vi.fn(async () => { }) }, 'Engineer prompt', 'Synthesis prompt', {
+            BrowserQA: {
+                ...BROWSER_QA_TEST_CAPS,
+                sessionAllowedTools: ['Skill', 'Bash', 'Read', 'Grep', 'Glob', 'LS', 'ListDirectory'],
+            },
+        });
+        await orchestrator.dispatchEngineer({
+            teamId: 'team-1',
+            cwd: tempRoot,
+            engineer: 'BrowserQA',
+            mode: 'explore',
+            message: 'Run Playwriter tests',
+        });
+        expect(runTask).toHaveBeenCalledOnce();
+        const taskInput = runTask.mock.calls[0]?.[0];
+        expect(taskInput.allowedTools).toEqual(expect.arrayContaining(['Skill', 'Bash', 'Read', 'Grep', 'Glob', 'LS', 'ListDirectory']));
+    });
+    it('passes undefined allowedTools for standard engineers without sessionAllowedTools', async () => {
+        tempRoot = await mkdtemp(join(tmpdir(), 'engineer-no-allowed-'));
+        const runTask = vi.fn().mockResolvedValueOnce({
+            sessionId: 'ses_tom',
+            events: [],
+            finalText: 'Done.',
+            turns: 1,
+            totalCostUsd: 0.01,
+            inputTokens: 500,
+            outputTokens: 100,
+            contextWindowSize: 200_000,
+        });
+        const orchestrator = new TeamOrchestrator({ runTask }, new TeamStateStore('.state'), { appendEvents: vi.fn(async () => { }) }, 'Engineer prompt', 'Synthesis prompt', { BrowserQA: BROWSER_QA_TEST_CAPS });
+        await orchestrator.dispatchEngineer({
+            teamId: 'team-1',
+            cwd: tempRoot,
+            engineer: 'Tom',
+            mode: 'explore',
+            message: 'Investigate something',
+        });
+        expect(runTask).toHaveBeenCalledOnce();
+        const taskInput = runTask.mock.calls[0]?.[0];
+        expect(taskInput.allowedTools).toBeUndefined();
+    });
     it('classifyError returns modeNotSupported for implement-mode rejection', () => {
         const result = TeamOrchestrator.classifyError(new Error('BrowserQA is a browser QA specialist and does not support implement mode. ' +
             'It can only verify and explore.'));

package/dist/types/contracts.d.ts CHANGED Viewed

@@ -206,6 +206,13 @@ export interface WorkerCapabilities {
     isRuntimeUnavailableResponse?: (finalText: string) => boolean;
     /** Metadata title for the runtime-unavailable event. */
     runtimeUnavailableTitle?: string;
+    /**
+     * Explicit SDK-level pre-approval list for this worker's inner Claude Code session.
+     * Tools in this list bypass interactive confirmation prompts (they are still subject to
+     * the `canUseTool` write-restriction and approval-policy filters).
+     * Absent = falls back to `['Skill']` via the default adapter behaviour.
+     */
+    sessionAllowedTools?: string[];
 }
 export interface GitDiffResult {
     hasDiff: boolean;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@doingdev/opencode-claude-manager-plugin",
-  "version": "0.1.61",
+  "version": "0.1.62",
   "description": "OpenCode plugin that orchestrates Claude Code sessions.",
   "keywords": [
     "opencode",