@flue/cli 0.0.8 → 0.0.10

package/dist/flue.js

@@ -215,6 +215,7 @@ async function run() {
 		}
 	}
 	await preflight(workdir, modelStr);
+	await setPermissions(workdir);
 	const eventStream = startEventStream(workdir);
 	eventStreamAbort = eventStream;
 	const model = modelStr ? parseModel(modelStr) : void 0;
@@ -265,6 +266,36 @@ async function preflight(workdir, modelOverride) {
 		process.exit(1);
 	}
 }
+/**
+* Configure OpenCode to auto-approve all tool operations.
+* In headless/CI mode there's no human to respond to permission prompts,
+* so we must allow everything upfront. This mirrors what the Cloudflare
+* runner does via `'*': 'allow'` in its config.
+*
+* NOTE: We set each permission field explicitly here. The OpenCode config
+* also supports a wildcard `'*': 'allow'` key (used by the Cloudflare
+* runner with @ts-expect-error), but the typed Config schema doesn't
+* expose it. We should try wildcard support at some point to future-proof
+* against new permission types being added.
+*/
+async function setPermissions(workdir) {
+	const res = await fetch(`${OPENCODE_URL}/config?directory=${encodeURIComponent(workdir)}`, {
+		method: "PATCH",
+		headers: { "Content-Type": "application/json" },
+		body: JSON.stringify({ permission: {
+			edit: "allow",
+			bash: "allow",
+			webfetch: "allow",
+			doom_loop: "allow",
+			external_directory: "allow"
+		} })
+	});
+	if (!res.ok) {
+		const body = await res.text().catch(() => "");
+		console.error(`[flue] Error: failed to set permissions (HTTP ${res.status}).\n  Response: ${body}\n  Headless mode requires all permissions to be pre-approved.\n  The agent will hang on any permission prompt without this.`);
+		process.exit(1);
+	}
+}
 async function isOpenCodeRunning() {
 	try {
 		const controller = new AbortController();

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@flue/cli",
-	"version": "0.0.8",
+	"version": "0.0.10",
 	"type": "module",
 	"bin": {
 		"flue": "dist/flue.js"