npm - @dunnewold-labs/mr-manager - Versions diffs - 0.4.53 → 0.4.55 - Mend

@dunnewold-labs/mr-manager 0.4.53 → 0.4.55

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.mjs +152 -19
package/package.json +1 -1

package/dist/index.mjs CHANGED Viewed

@@ -185,7 +185,7 @@ import { fileURLToPath } from "url";
 // cli/package.json
 var package_default = {
   name: "@dunnewold-labs/mr-manager",
-  version: "0.4.53",
+  version: "0.4.55",
   description: "Mr. Manager - Task and project management CLI",
   bin: {
     mr: "./dist/index.mjs"
@@ -1151,6 +1151,118 @@ function getAvailableAgentFallbackChain(agent, availability) {
   return getAgentFallbackChain(agent).filter((candidate) => availability[candidate] !== false);
 }
+// lib/permissions.ts
+var DEFAULT_HEADLESS_MODE = "bypass";
+var ENV_VAR = "MR_HEADLESS_PERMISSION_MODE";
+var DESTRUCTIVE_BASH_DENY = [
+  // Privilege escalation.
+  "Bash(sudo:*)",
+  "Bash(su:*)",
+  // Recursive deletes of broad / out-of-repo roots.
+  "Bash(rm -rf /:*)",
+  "Bash(rm -rf /*:*)",
+  "Bash(rm -fr /:*)",
+  "Bash(rm -rf ~:*)",
+  "Bash(rm -rf ~/:*)",
+  "Bash(rm -rf $HOME:*)",
+  "Bash(rm -rf ..:*)",
+  // Filesystem / device destruction.
+  "Bash(mkfs:*)",
+  "Bash(dd:*)",
+  // Mass permission/ownership changes from root.
+  "Bash(chmod -R 777 /:*)",
+  "Bash(chown -R:*)",
+  // Force-push (history rewrite / remote clobber).
+  "Bash(git push --force:*)",
+  "Bash(git push -f:*)",
+  "Bash(git push origin --force:*)",
+  "Bash(git push origin -f:*)",
+  // Remote pipe-to-shell (curl|sh / wget|bash).
+  "Bash(curl:* | sh)",
+  "Bash(curl:* | bash)",
+  "Bash(wget:* | sh)",
+  "Bash(wget:* | bash)"
+];
+var OUT_OF_REPO_WRITE_DENY = [
+  "Write(/etc/**)",
+  "Edit(/etc/**)",
+  "Write(//usr/**)",
+  "Edit(//usr/**)",
+  "Write(~/.ssh/**)",
+  "Edit(~/.ssh/**)",
+  "Write(~/.aws/**)",
+  "Edit(~/.aws/**)"
+];
+var READ_ONLY_EXTRA_DENY = ["Edit", "Write", "MultiEdit", "NotebookEdit"];
+function resolveHeadlessMode(config) {
+  const fromEnv = process.env[ENV_VAR]?.trim().toLowerCase();
+  if (fromEnv === "auto" || fromEnv === "bypass") return fromEnv;
+  const fromConfig = config?.headlessPermissionMode?.trim().toLowerCase();
+  if (fromConfig === "auto" || fromConfig === "bypass") return fromConfig;
+  if (config?.claudePermissionMode != null && config.headlessPermissionMode == null) {
+    return "bypass";
+  }
+  return DEFAULT_HEADLESS_MODE;
+}
+function claudeDenyList(runKind) {
+  const base = [...DESTRUCTIVE_BASH_DENY, ...OUT_OF_REPO_WRITE_DENY];
+  if (runKind === "review" || runKind === "scan") {
+    return [...base, ...READ_ONLY_EXTRA_DENY];
+  }
+  return base;
+}
+function resolvePermissionArgs(agent, runKind, mode) {
+  if (runKind === "plan") {
+    if (agent === "claude") {
+      return { args: ["--permission-mode", "plan"], effectiveMode: "plan", mappedToBypassForLackOfSandbox: false };
+    }
+    return resolvePermissionArgs(agent, "execute", mode);
+  }
+  if (mode === "bypass") {
+    return { args: bypassArgs(agent, runKind), effectiveMode: "bypass", mappedToBypassForLackOfSandbox: false };
+  }
+  switch (agent) {
+    case "claude": {
+      const deny = claudeDenyList(runKind);
+      return {
+        args: ["--permission-mode", "acceptEdits", "--disallowedTools", deny.join(",")],
+        effectiveMode: "auto",
+        mappedToBypassForLackOfSandbox: false
+      };
+    }
+    case "codex": {
+      return { args: ["-s", "workspace-write"], effectiveMode: "auto", mappedToBypassForLackOfSandbox: false };
+    }
+    case "antigravity":
+      return { args: ["--dangerously-skip-permissions"], effectiveMode: "bypass", mappedToBypassForLackOfSandbox: true };
+    default:
+      return { args: bypassArgs(agent, runKind), effectiveMode: "bypass", mappedToBypassForLackOfSandbox: true };
+  }
+}
+function bypassArgs(agent, _runKind) {
+  switch (agent) {
+    case "codex":
+      return ["-s", "danger-full-access"];
+    case "antigravity":
+    case "claude":
+    default:
+      return ["--dangerously-skip-permissions"];
+  }
+}
+function describePermissionMode(res) {
+  if (res.mappedToBypassForLackOfSandbox) {
+    return "bypass (no scoped sandbox for this agent \u2014 full access)";
+  }
+  switch (res.effectiveMode) {
+    case "auto":
+      return "auto (scoped: acceptEdits + destructive-command deny-list)";
+    case "plan":
+      return "plan (read-only)";
+    case "bypass":
+      return "bypass (--dangerously-skip-permissions \u2014 full access)";
+  }
+}
 // lib/task-workflow.ts
 function normalizeWhitespace(value) {
   return value.replace(/\s+/g, " ").trim();
@@ -2851,41 +2963,46 @@ function buildRefinementPrompt(proto, parentFiles, repoDir, options = {}) {
   ].join("\n");
 }
 function buildAgentArgs(agent, prompt2, mode, sessionId, name, resumeSession = false, systemPrompt, maxTurns, claudeModel) {
+  const headlessMode = resolveHeadlessMode(loadConfig());
+  const runKind = mode === "plan" ? "plan" : "execute";
   if (agent === "codex") {
+    const permission2 = resolvePermissionArgs("codex", runKind, headlessMode);
     const args = [];
     if (mode === "execute") {
       args.push("-a", "never");
     }
     args.push("exec");
     if (mode === "execute") {
-      args.push("-s", "danger-full-access");
+      args.push(...permission2.args);
     }
     const fullPrompt = systemPrompt ? `${prompt2}
 ${systemPrompt}` : prompt2;
     args.push(fullPrompt);
-    return { bin: "codex", args };
+    return { bin: "codex", args, permission: permission2 };
   }
   if (agent === "antigravity") {
+    const permission2 = resolvePermissionArgs("antigravity", runKind, headlessMode);
     const fullPrompt = systemPrompt ? `${prompt2}
 ${systemPrompt}` : prompt2;
     const args = ["-p", fullPrompt];
     if (mode === "execute") {
-      args.push("--dangerously-skip-permissions");
+      args.push(...permission2.args);
     }
-    return { bin: AGENT_BINARIES.antigravity, args };
+    return { bin: AGENT_BINARIES.antigravity, args, permission: permission2 };
   }
+  const permission = resolvePermissionArgs("claude", runKind, headlessMode);
   const sessionArgs = sessionId ? resumeSession ? ["--resume", sessionId] : ["--session-id", sessionId] : [];
   const nameArgs = name ? ["--name", name] : [];
   const systemArgs = systemPrompt ? ["--append-system-prompt", systemPrompt] : [];
   const turnsArgs = maxTurns ? ["--max-turns", String(maxTurns)] : [];
   const modelArgs = claudeModel ? ["--model", claudeModel] : [];
-  if (mode === "plan") {
-    return { bin: "claude", args: [...sessionArgs, ...nameArgs, ...systemArgs, ...turnsArgs, ...modelArgs, "--permission-mode", "plan", "-p", prompt2] };
-  }
-  const permissionArgs = ["--dangerously-skip-permissions"];
-  return { bin: "claude", args: [...sessionArgs, ...nameArgs, ...systemArgs, ...turnsArgs, ...modelArgs, ...permissionArgs, "-p", prompt2] };
+  return {
+    bin: "claude",
+    args: [...sessionArgs, ...nameArgs, ...systemArgs, ...turnsArgs, ...modelArgs, ...permission.args, "-p", prompt2],
+    permission
+  };
 }
 var AGENT_BINARIES = {
   claude: "claude",
@@ -2968,7 +3085,13 @@ function askYesNo(question) {
 function spawnAgent(agent, repoDir, prompt2, prefix, onActivity, sessionId, name, resumeSession = false, onSpawnError, systemPrompt, maxTurns, claudeModel, onOutputBytes) {
   const jobLabel = name ?? "unknown";
   console.log(`${timestamp()} ${prefix} ${paint("dim", tokenLogLine("agent", jobLabel, prompt2, systemPrompt))}`);
-  const { bin, args } = buildAgentArgs(agent, prompt2, "execute", sessionId, name, resumeSession, systemPrompt, maxTurns, claudeModel);
+  const { bin, args, permission } = buildAgentArgs(agent, prompt2, "execute", sessionId, name, resumeSession, systemPrompt, maxTurns, claudeModel);
+  const permLine = `${timestamp()} ${prefix} ${paint("dim", `permission: ${describePermissionMode(permission)}`)}`;
+  if (permission.mappedToBypassForLackOfSandbox) {
+    logWarn(prefix, `permission: ${describePermissionMode(permission)}`);
+  } else {
+    console.log(permLine);
+  }
   const child = spawn4(bin, args, { cwd: repoDir, stdio: ["ignore", "pipe", "pipe"] });
   child.on("error", (err) => {
     logError(prefix, `Failed to spawn ${agent}: ${err.message}`);
@@ -6119,18 +6242,26 @@ async function resolveReviewAgentChain(preferred2 = "claude") {
   }
   return getAvailableAgentFallbackChain(preferred2, availability);
 }
-function buildArgs(agent, prompt2) {
+function buildArgs(agent, prompt2, runKind) {
+  const mode = resolveHeadlessMode(loadConfig());
+  const permission = resolvePermissionArgs(agent, runKind, mode);
   if (agent === "codex") {
-    return ["-a", "never", "exec", "-s", "danger-full-access", prompt2];
+    return ["-a", "never", "exec", ...permission.args, prompt2];
   }
   if (agent === "antigravity") {
-    return ["-p", prompt2, "--dangerously-skip-permissions"];
+    return ["-p", prompt2, ...permission.args];
   }
-  return ["-p", "--dangerously-skip-permissions", prompt2];
+  return ["-p", ...permission.args, prompt2];
+}
+function logPermission(agent, runKind) {
+  const permission = resolvePermissionArgs(agent, runKind, resolveHeadlessMode(loadConfig()));
+  const label = permission.mappedToBypassForLackOfSandbox ? "warning" : "info";
+  console.error(`[review:${label}] ${agent} ${runKind} permission: ${describePermissionMode(permission)}`);
 }
 function runOnce(agent, prompt2, opts) {
   return new Promise((resolve9) => {
-    const child = spawn7(AGENT_BINARIES2[agent], buildArgs(agent, prompt2), {
+    logPermission(agent, opts.runKind);
+    const child = spawn7(AGENT_BINARIES2[agent], buildArgs(agent, prompt2, opts.runKind), {
       cwd: opts.cwd,
       stdio: opts.capture ? ["ignore", "pipe", "pipe"] : ["ignore", "inherit", "inherit"]
     });
@@ -6156,7 +6287,7 @@ async function runAgentCaptured(prompt2, opts) {
   }
   let lastError = "";
   for (const agent of opts.chain) {
-    const result = await runOnce(agent, prompt2, { cwd: opts.cwd, capture: true });
+    const result = await runOnce(agent, prompt2, { cwd: opts.cwd, capture: true, runKind: "review" });
     if (result.ok && result.output) {
       return { output: result.output, agent };
     }
@@ -6170,7 +6301,7 @@ async function runAgentInteractive(prompt2, opts) {
   }
   let lastError = "";
   for (const agent of opts.chain) {
-    const result = await runOnce(agent, prompt2, { cwd: opts.cwd, capture: false });
+    const result = await runOnce(agent, prompt2, { cwd: opts.cwd, capture: false, runKind: "execute" });
     if (result.ok) return { agent };
     lastError = result.spawnError ? `${agent} could not be spawned` : `${agent} exited non-zero`;
   }
@@ -7869,7 +8000,9 @@ async function fetchScanContext(opts) {
 }
 function runClaude(prompt2) {
   return new Promise((resolve9, reject) => {
-    const child = spawn8("claude", ["-p", "--dangerously-skip-permissions", prompt2], {
+    const permission = resolvePermissionArgs("claude", "scan", resolveHeadlessMode(loadConfig()));
+    console.error(`[scanner] permission: ${describePermissionMode(permission)}`);
+    const child = spawn8("claude", ["-p", ...permission.args, prompt2], {
       stdio: ["ignore", "pipe", "pipe"]
     });
     let output = "";

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@dunnewold-labs/mr-manager",
-  "version": "0.4.53",
+  "version": "0.4.55",
   "description": "Mr. Manager - Task and project management CLI",
   "bin": {
     "mr": "./dist/index.mjs"