npm - @dunnewold-labs/mr-manager - Versions diffs - 0.4.52 → 0.4.55 - Mend

@dunnewold-labs/mr-manager 0.4.52 → 0.4.55

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.mjs +182 -26
package/package.json +1 -1

package/dist/index.mjs CHANGED Viewed

@@ -185,7 +185,7 @@ import { fileURLToPath } from "url";
 // cli/package.json
 var package_default = {
   name: "@dunnewold-labs/mr-manager",
-  version: "0.4.52",
+  version: "0.4.55",
   description: "Mr. Manager - Task and project management CLI",
   bin: {
     mr: "./dist/index.mjs"
@@ -1151,6 +1151,118 @@ function getAvailableAgentFallbackChain(agent, availability) {
   return getAgentFallbackChain(agent).filter((candidate) => availability[candidate] !== false);
 }
+// lib/permissions.ts
+var DEFAULT_HEADLESS_MODE = "bypass";
+var ENV_VAR = "MR_HEADLESS_PERMISSION_MODE";
+var DESTRUCTIVE_BASH_DENY = [
+  // Privilege escalation.
+  "Bash(sudo:*)",
+  "Bash(su:*)",
+  // Recursive deletes of broad / out-of-repo roots.
+  "Bash(rm -rf /:*)",
+  "Bash(rm -rf /*:*)",
+  "Bash(rm -fr /:*)",
+  "Bash(rm -rf ~:*)",
+  "Bash(rm -rf ~/:*)",
+  "Bash(rm -rf $HOME:*)",
+  "Bash(rm -rf ..:*)",
+  // Filesystem / device destruction.
+  "Bash(mkfs:*)",
+  "Bash(dd:*)",
+  // Mass permission/ownership changes from root.
+  "Bash(chmod -R 777 /:*)",
+  "Bash(chown -R:*)",
+  // Force-push (history rewrite / remote clobber).
+  "Bash(git push --force:*)",
+  "Bash(git push -f:*)",
+  "Bash(git push origin --force:*)",
+  "Bash(git push origin -f:*)",
+  // Remote pipe-to-shell (curl|sh / wget|bash).
+  "Bash(curl:* | sh)",
+  "Bash(curl:* | bash)",
+  "Bash(wget:* | sh)",
+  "Bash(wget:* | bash)"
+];
+var OUT_OF_REPO_WRITE_DENY = [
+  "Write(/etc/**)",
+  "Edit(/etc/**)",
+  "Write(//usr/**)",
+  "Edit(//usr/**)",
+  "Write(~/.ssh/**)",
+  "Edit(~/.ssh/**)",
+  "Write(~/.aws/**)",
+  "Edit(~/.aws/**)"
+];
+var READ_ONLY_EXTRA_DENY = ["Edit", "Write", "MultiEdit", "NotebookEdit"];
+function resolveHeadlessMode(config) {
+  const fromEnv = process.env[ENV_VAR]?.trim().toLowerCase();
+  if (fromEnv === "auto" || fromEnv === "bypass") return fromEnv;
+  const fromConfig = config?.headlessPermissionMode?.trim().toLowerCase();
+  if (fromConfig === "auto" || fromConfig === "bypass") return fromConfig;
+  if (config?.claudePermissionMode != null && config.headlessPermissionMode == null) {
+    return "bypass";
+  }
+  return DEFAULT_HEADLESS_MODE;
+}
+function claudeDenyList(runKind) {
+  const base = [...DESTRUCTIVE_BASH_DENY, ...OUT_OF_REPO_WRITE_DENY];
+  if (runKind === "review" || runKind === "scan") {
+    return [...base, ...READ_ONLY_EXTRA_DENY];
+  }
+  return base;
+}
+function resolvePermissionArgs(agent, runKind, mode) {
+  if (runKind === "plan") {
+    if (agent === "claude") {
+      return { args: ["--permission-mode", "plan"], effectiveMode: "plan", mappedToBypassForLackOfSandbox: false };
+    }
+    return resolvePermissionArgs(agent, "execute", mode);
+  }
+  if (mode === "bypass") {
+    return { args: bypassArgs(agent, runKind), effectiveMode: "bypass", mappedToBypassForLackOfSandbox: false };
+  }
+  switch (agent) {
+    case "claude": {
+      const deny = claudeDenyList(runKind);
+      return {
+        args: ["--permission-mode", "acceptEdits", "--disallowedTools", deny.join(",")],
+        effectiveMode: "auto",
+        mappedToBypassForLackOfSandbox: false
+      };
+    }
+    case "codex": {
+      return { args: ["-s", "workspace-write"], effectiveMode: "auto", mappedToBypassForLackOfSandbox: false };
+    }
+    case "antigravity":
+      return { args: ["--dangerously-skip-permissions"], effectiveMode: "bypass", mappedToBypassForLackOfSandbox: true };
+    default:
+      return { args: bypassArgs(agent, runKind), effectiveMode: "bypass", mappedToBypassForLackOfSandbox: true };
+  }
+}
+function bypassArgs(agent, _runKind) {
+  switch (agent) {
+    case "codex":
+      return ["-s", "danger-full-access"];
+    case "antigravity":
+    case "claude":
+    default:
+      return ["--dangerously-skip-permissions"];
+  }
+}
+function describePermissionMode(res) {
+  if (res.mappedToBypassForLackOfSandbox) {
+    return "bypass (no scoped sandbox for this agent \u2014 full access)";
+  }
+  switch (res.effectiveMode) {
+    case "auto":
+      return "auto (scoped: acceptEdits + destructive-command deny-list)";
+    case "plan":
+      return "plan (read-only)";
+    case "bypass":
+      return "bypass (--dangerously-skip-permissions \u2014 full access)";
+  }
+}
 // lib/task-workflow.ts
 function normalizeWhitespace(value) {
   return value.replace(/\s+/g, " ").trim();
@@ -1874,14 +1986,23 @@ function mergePrViaCli(prUrl, repoDir, vcs = "github") {
     });
   });
 }
-function buildPrototypeSection(protoRefs, workingDir) {
+function buildPrototypeSection(protoRefs, workingDir, mode = "build") {
   if (protoRefs.length === 0) return "";
-  const sections = [
+  const sections = mode === "prd" ? [
     ``,
     `## Referenced Prototypes`,
     ``,
-    `The following prototype designs have been linked to this task as reference. Use them to guide the implementation.`,
-    `Read the referenced files when you need to see the HTML content.`,
+    `The following prototype designs have been linked to this task. They represent the intended product UI. **Read every referenced HTML file in full** (paths below) and base the PRD's UI/functional requirements on what they show: page/screen structure, layout, every component and element, all the states depicted (empty/loading/error/populated, hover/active/disabled, etc.), navigation, and the interactions the design implies. Enumerate these as concrete requirements so the implementation phase builds the complete prototype, not just a restyle.`,
+    ``
+  ] : [
+    ``,
+    `## Referenced Prototypes`,
+    ``,
+    `The following prototype designs have been linked to this task. They are not loose visual inspiration \u2014 they are the intended product. Your job is to BUILD what each prototype shows: its full page/screen structure, layout, all the UI components and elements, every state shown (empty/loading/error/populated, hover/active/disabled, etc.), navigation, and the interactions and behaviors the design implies. Do not stop at restyling or "rethemeing" existing UI \u2014 implement the complete structure and functionality, wired to real data and logic where the rest of the task requires it.`,
+    ``,
+    `**Before you start implementing, read every referenced HTML file in full** (paths are given below). Do not skip this \u2014 the HTML is the source of truth for what to build. Inspect the markup to enumerate the components, sections, and states you need to create.`,
+    ``,
+    `Where the prototype and the task PRD/notes conflict, the PRD/notes win; otherwise treat the prototype as the spec for the UI.`,
     ``
   ];
   for (const ref of protoRefs) {
@@ -1889,8 +2010,13 @@ function buildPrototypeSection(protoRefs, workingDir) {
     const files = proto.files ?? [];
     const selected = ref.selectedVariants ?? Array.from({ length: proto.variantCount }, (_, i) => i);
     const selectedFiles = files.filter((_, i) => selected.includes(i));
+    const fidelity = (proto.fidelity ?? "high").toLowerCase();
+    const isLowFi = fidelity === "low" || fidelity === "low_fidelity";
+    const fidelityNote = isLowFi ? `This is a LOW-FIDELITY wireframe. Build the full structure, layout, components, and behavior it shows, but do NOT copy its placeholder visual style (greys, boxes, sketchy borders) \u2014 apply the project's real design system / existing styling conventions.` : `This is a HIGH-FIDELITY design. Treat it as the definitive brief for both structure/behavior AND look-and-feel \u2014 match its layout, spacing, colors, typography, and component styling faithfully.`;
     sections.push(`### ${proto.title}`);
     sections.push(``);
+    sections.push(fidelityNote);
+    sections.push(``);
     if (selectedFiles.length === 0) {
       sections.push(`(No variant files available)`);
       sections.push(``);
@@ -1905,7 +2031,7 @@ function buildPrototypeSection(protoRefs, workingDir) {
       try {
         writeFileSync3(tmpPath, file.content, "utf-8");
         sections.push(`#### ${variantLabel}: ${file.name}`);
-        sections.push(`File: \`${tmpPath}\` \u2014 read this file to see the full HTML content.`);
+        sections.push(`File: \`${tmpPath}\` \u2014 read this file in full before implementing; it is the source of truth for what to build.`);
       } catch {
         sections.push(`#### ${variantLabel}: ${file.name}`);
         sections.push(`\`\`\`html`);
@@ -2171,7 +2297,7 @@ ${task.notes}` : "";
     `Complete all steps autonomously without asking for confirmation. Exit with code 0 when done.`
   ].join("\n");
 }
-function buildPrdPrompt(task, repoDir, existingPrd, feedbackUpdates = []) {
+function buildPrdPrompt(task, repoDir, existingPrd, feedbackUpdates = [], protoRefs = []) {
   const notes = task.notes ? `
 Task notes:
@@ -2223,6 +2349,7 @@ ${task.notes}` : "";
     `Title: ${task.title}`,
     `ID: ${task.id}${notes}`,
     feedbackSection,
+    buildPrototypeSection(protoRefs, repoDir, "prd"),
     `## Instructions`,
     ``,
     ...revisionInstructions,
@@ -2836,41 +2963,46 @@ function buildRefinementPrompt(proto, parentFiles, repoDir, options = {}) {
   ].join("\n");
 }
 function buildAgentArgs(agent, prompt2, mode, sessionId, name, resumeSession = false, systemPrompt, maxTurns, claudeModel) {
+  const headlessMode = resolveHeadlessMode(loadConfig());
+  const runKind = mode === "plan" ? "plan" : "execute";
   if (agent === "codex") {
+    const permission2 = resolvePermissionArgs("codex", runKind, headlessMode);
     const args = [];
     if (mode === "execute") {
       args.push("-a", "never");
     }
     args.push("exec");
     if (mode === "execute") {
-      args.push("-s", "danger-full-access");
+      args.push(...permission2.args);
     }
     const fullPrompt = systemPrompt ? `${prompt2}
 ${systemPrompt}` : prompt2;
     args.push(fullPrompt);
-    return { bin: "codex", args };
+    return { bin: "codex", args, permission: permission2 };
   }
   if (agent === "antigravity") {
+    const permission2 = resolvePermissionArgs("antigravity", runKind, headlessMode);
     const fullPrompt = systemPrompt ? `${prompt2}
 ${systemPrompt}` : prompt2;
     const args = ["-p", fullPrompt];
     if (mode === "execute") {
-      args.push("--dangerously-skip-permissions");
+      args.push(...permission2.args);
     }
-    return { bin: AGENT_BINARIES.antigravity, args };
+    return { bin: AGENT_BINARIES.antigravity, args, permission: permission2 };
   }
+  const permission = resolvePermissionArgs("claude", runKind, headlessMode);
   const sessionArgs = sessionId ? resumeSession ? ["--resume", sessionId] : ["--session-id", sessionId] : [];
   const nameArgs = name ? ["--name", name] : [];
   const systemArgs = systemPrompt ? ["--append-system-prompt", systemPrompt] : [];
   const turnsArgs = maxTurns ? ["--max-turns", String(maxTurns)] : [];
   const modelArgs = claudeModel ? ["--model", claudeModel] : [];
-  if (mode === "plan") {
-    return { bin: "claude", args: [...sessionArgs, ...nameArgs, ...systemArgs, ...turnsArgs, ...modelArgs, "--permission-mode", "plan", "-p", prompt2] };
-  }
-  const permissionArgs = ["--dangerously-skip-permissions"];
-  return { bin: "claude", args: [...sessionArgs, ...nameArgs, ...systemArgs, ...turnsArgs, ...modelArgs, ...permissionArgs, "-p", prompt2] };
+  return {
+    bin: "claude",
+    args: [...sessionArgs, ...nameArgs, ...systemArgs, ...turnsArgs, ...modelArgs, ...permission.args, "-p", prompt2],
+    permission
+  };
 }
 var AGENT_BINARIES = {
   claude: "claude",
@@ -2953,7 +3085,13 @@ function askYesNo(question) {
 function spawnAgent(agent, repoDir, prompt2, prefix, onActivity, sessionId, name, resumeSession = false, onSpawnError, systemPrompt, maxTurns, claudeModel, onOutputBytes) {
   const jobLabel = name ?? "unknown";
   console.log(`${timestamp()} ${prefix} ${paint("dim", tokenLogLine("agent", jobLabel, prompt2, systemPrompt))}`);
-  const { bin, args } = buildAgentArgs(agent, prompt2, "execute", sessionId, name, resumeSession, systemPrompt, maxTurns, claudeModel);
+  const { bin, args, permission } = buildAgentArgs(agent, prompt2, "execute", sessionId, name, resumeSession, systemPrompt, maxTurns, claudeModel);
+  const permLine = `${timestamp()} ${prefix} ${paint("dim", `permission: ${describePermissionMode(permission)}`)}`;
+  if (permission.mappedToBypassForLackOfSandbox) {
+    logWarn(prefix, `permission: ${describePermissionMode(permission)}`);
+  } else {
+    console.log(permLine);
+  }
   const child = spawn4(bin, args, { cwd: repoDir, stdio: ["ignore", "pipe", "pipe"] });
   child.on("error", (err) => {
     logError(prefix, `Failed to spawn ${agent}: ${err.message}`);
@@ -3489,13 +3627,21 @@ var watchCommand = new Command9("watch").description(
       }
     } catch {
     }
+    let protoRefs = [];
+    try {
+      protoRefs = await api.get(`/api/tasks/${task.id}/prototypes`);
+      if (protoRefs.length > 0) {
+        logInfo(prefix, `${paint("cyan", String(protoRefs.length))} linked prototype(s)`);
+      }
+    } catch {
+    }
     const isRevision = !!(existingPlanResource && feedbackUpdates.length > 0);
     await postTaskUpdate(
       task.id,
       isRevision ? "Agent dispatched in plan mode \u2014 revising PRD based on feedback" : "Agent dispatched in plan mode \u2014 generating PRD",
       "system"
     );
-    const prompt2 = buildPrdPrompt(task, repoDir, existingPlanResource?.content, feedbackUpdates);
+    const prompt2 = buildPrdPrompt(task, repoDir, existingPlanResource?.content, feedbackUpdates, protoRefs);
     const attemptOrder = await resolveAgentChain(agent);
     if (attemptOrder.length === 0) {
       logError(prefix, `No available agents found for fallback chain starting at ${agent}`);
@@ -6096,18 +6242,26 @@ async function resolveReviewAgentChain(preferred2 = "claude") {
   }
   return getAvailableAgentFallbackChain(preferred2, availability);
 }
-function buildArgs(agent, prompt2) {
+function buildArgs(agent, prompt2, runKind) {
+  const mode = resolveHeadlessMode(loadConfig());
+  const permission = resolvePermissionArgs(agent, runKind, mode);
   if (agent === "codex") {
-    return ["-a", "never", "exec", "-s", "danger-full-access", prompt2];
+    return ["-a", "never", "exec", ...permission.args, prompt2];
   }
   if (agent === "antigravity") {
-    return ["-p", prompt2, "--dangerously-skip-permissions"];
+    return ["-p", prompt2, ...permission.args];
   }
-  return ["-p", "--dangerously-skip-permissions", prompt2];
+  return ["-p", ...permission.args, prompt2];
+}
+function logPermission(agent, runKind) {
+  const permission = resolvePermissionArgs(agent, runKind, resolveHeadlessMode(loadConfig()));
+  const label = permission.mappedToBypassForLackOfSandbox ? "warning" : "info";
+  console.error(`[review:${label}] ${agent} ${runKind} permission: ${describePermissionMode(permission)}`);
 }
 function runOnce(agent, prompt2, opts) {
   return new Promise((resolve9) => {
-    const child = spawn7(AGENT_BINARIES2[agent], buildArgs(agent, prompt2), {
+    logPermission(agent, opts.runKind);
+    const child = spawn7(AGENT_BINARIES2[agent], buildArgs(agent, prompt2, opts.runKind), {
       cwd: opts.cwd,
       stdio: opts.capture ? ["ignore", "pipe", "pipe"] : ["ignore", "inherit", "inherit"]
     });
@@ -6133,7 +6287,7 @@ async function runAgentCaptured(prompt2, opts) {
   }
   let lastError = "";
   for (const agent of opts.chain) {
-    const result = await runOnce(agent, prompt2, { cwd: opts.cwd, capture: true });
+    const result = await runOnce(agent, prompt2, { cwd: opts.cwd, capture: true, runKind: "review" });
     if (result.ok && result.output) {
       return { output: result.output, agent };
     }
@@ -6147,7 +6301,7 @@ async function runAgentInteractive(prompt2, opts) {
   }
   let lastError = "";
   for (const agent of opts.chain) {
-    const result = await runOnce(agent, prompt2, { cwd: opts.cwd, capture: false });
+    const result = await runOnce(agent, prompt2, { cwd: opts.cwd, capture: false, runKind: "execute" });
     if (result.ok) return { agent };
     lastError = result.spawnError ? `${agent} could not be spawned` : `${agent} exited non-zero`;
   }
@@ -7846,7 +8000,9 @@ async function fetchScanContext(opts) {
 }
 function runClaude(prompt2) {
   return new Promise((resolve9, reject) => {
-    const child = spawn8("claude", ["-p", "--dangerously-skip-permissions", prompt2], {
+    const permission = resolvePermissionArgs("claude", "scan", resolveHeadlessMode(loadConfig()));
+    console.error(`[scanner] permission: ${describePermissionMode(permission)}`);
+    const child = spawn8("claude", ["-p", ...permission.args, prompt2], {
       stdio: ["ignore", "pipe", "pipe"]
     });
     let output = "";

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@dunnewold-labs/mr-manager",
-  "version": "0.4.52",
+  "version": "0.4.55",
   "description": "Mr. Manager - Task and project management CLI",
   "bin": {
     "mr": "./dist/index.mjs"