@hasna/accounts 0.1.12 → 0.1.14

package/README.md

@@ -97,8 +97,8 @@ Implementation details: [docs/IMPLEMENT.md](docs/IMPLEMENT.md).
 | `accounts login <name> --tool <tool>` | Launch the tool's login flow in an isolated profile dir. |
 | `accounts apply <name> --tool claude` | Apply profile auth to live Claude paths (requires snapshot; Claude-only). |
 | `accounts pick` | Interactive picker; default applies. `--env`, `--no-act`. |
-| `accounts switch <name> --tool <tool>` | Switch profile and print a restart/resume command. Add `--resume`; add `--launch` to run it. |
-| `accounts switch <name> --tool <tool> --supervisor` | Ask a running `accounts run <tool>` supervisor to restart under that profile. |
+| `accounts switch <name> --tool <tool>` | Switch profile and print a restart/resume command. Add `--resume`, `--launch`, or `--permissions <preset>`. |
+| `accounts switch <name> --tool <tool> --supervisor` | Ask a running `accounts run <tool>` supervisor to restart under that profile. Supports `--permissions <preset>`. |
 | `accounts use <name> --tool <tool>` | Mark profile active; prints apply/env hints. |
 | `accounts list` (`ls`) | List profiles (`●` active, `◉` applied, `●◉` both). |
 | `accounts show <name> --tool <tool>` | Profile details including active/applied flags. |
@@ -106,8 +106,8 @@ Implementation details: [docs/IMPLEMENT.md](docs/IMPLEMENT.md).
 | `accounts active [tool]` | Print active profile name (scripting). |
 | `accounts applied [tool]` | Print applied profile name (scripting). |
 | `accounts env [name] --tool <tool>` | Print one or more `export ...` lines for the profile. |
-| `accounts launch <name> --tool <tool>` | Launch tool once with profile env. |
-| `accounts run <tool> [args...]` | Run a tool under the supervisor so MCP/CLI can switch and restart it. |
+| `accounts launch <name> --tool <tool>` | Launch tool once with profile env. Supports `--permissions <preset>`. |
+| `accounts run <tool> [args...]` | Run a tool under the supervisor so MCP/CLI can switch and restart it. Supports `--permissions <preset>`. |
 | `accounts supervisor status [tool]` | Show running supervisors. |
 | `accounts supervisor switch <name> --tool <tool>` | Switch a running supervisor to another profile. |
 | `accounts supervisor stop <tool>` | Stop a running supervisor and its child process. |
@@ -159,11 +159,18 @@ Human equivalent:
 ```bash
 accounts switch account001 --tool claude --resume
 accounts switch account001 --tool claude --resume --launch
+accounts switch account001 --tool claude --resume --permissions dangerous
 accounts switch account001 --tool claude --supervisor
 accounts switch codex-work --tool codex --resume
 accounts switch ops --tool opencode --resume
 ```
 
+`--permissions <preset>` maps a permission mode to the tool's own flags. For
+example, `--permissions dangerous` launches Claude/Takumi with
+`--dangerously-skip-permissions`, Codex with
+`--dangerously-bypass-approvals-and-sandbox`, and Gemini/Hermes/Kimi with their
+YOLO mode flags. Unsupported tools fail with a list of configured presets.
+
 ## Shell hook (optional)
 
 ```bash
@@ -233,6 +240,7 @@ For Grok Build, prefer `accounts launch` or `accounts shell`; exporting `HOME`
 globally is intentionally not recommended.
 
 Custom tools can join supervised resume switching with `accounts tools add ... --resume-arg <arg>`.
+They can also define permission presets with `--permission-arg preset=--flag`.
 
 ## Library
 

package/dist/cli.js

@@ -41977,6 +41977,7 @@ var toolDefSchema = exports_external.object({
   loginArgs: exports_external.array(exports_external.string()).optional(),
   loginHint: exports_external.string().optional(),
   resumeArgs: exports_external.array(exports_external.string()).optional(),
+  permissionArgs: exports_external.record(exports_external.array(exports_external.string())).optional(),
   accountFile: exports_external.string().optional(),
   emailPath: exports_external.array(exports_external.string()).optional()
 });
@@ -42304,6 +42305,15 @@ var BUILTIN_TOOLS = [
     bin: "claude",
     loginHint: "run /login inside Claude, then /exit when done",
     resumeArgs: ["--continue"],
+    permissionArgs: {
+      dangerous: ["--dangerously-skip-permissions"],
+      "allow-dangerous": ["--allow-dangerously-skip-permissions"],
+      bypass: ["--permission-mode", "bypassPermissions"],
+      auto: ["--permission-mode", "auto"],
+      "accept-edits": ["--permission-mode", "acceptEdits"],
+      "dont-ask": ["--permission-mode", "dontAsk"],
+      plan: ["--permission-mode", "plan"]
+    },
     accountFile: ".claude.json",
     emailPath: ["oauthAccount", "emailAddress"]
   },
@@ -42315,7 +42325,10 @@ var BUILTIN_TOOLS = [
     bin: "codex",
     loginArgs: ["login"],
     loginHint: "complete the Codex login flow for this CODEX_HOME",
-    resumeArgs: ["resume", "--last"]
+    resumeArgs: ["resume", "--last"],
+    permissionArgs: {
+      dangerous: ["--dangerously-bypass-approvals-and-sandbox"]
+    }
   },
   {
     id: "takumi",
@@ -42325,6 +42338,15 @@ var BUILTIN_TOOLS = [
     bin: "takumi",
     loginHint: "complete Takumi auth in this TAKUMI_CONFIG_DIR",
     resumeArgs: ["--continue"],
+    permissionArgs: {
+      dangerous: ["--dangerously-skip-permissions"],
+      "allow-dangerous": ["--allow-dangerously-skip-permissions"],
+      bypass: ["--permission-mode", "bypassPermissions"],
+      auto: ["--permission-mode", "auto"],
+      "accept-edits": ["--permission-mode", "acceptEdits"],
+      "dont-ask": ["--permission-mode", "dontAsk"],
+      plan: ["--permission-mode", "plan"]
+    },
     accountFile: ".claude.json",
     emailPath: ["oauthAccount", "emailAddress"]
   },
@@ -42334,7 +42356,13 @@ var BUILTIN_TOOLS = [
     envVar: "GEMINI_CONFIG_DIR",
     defaultDir: join3(homedir3(), ".gemini"),
     bin: "gemini",
-    loginHint: "complete Gemini auth in this GEMINI_CONFIG_DIR"
+    loginHint: "complete Gemini auth in this GEMINI_CONFIG_DIR",
+    permissionArgs: {
+      dangerous: ["--yolo"],
+      yolo: ["--yolo"],
+      "auto-edit": ["--approval-mode", "auto_edit"],
+      plan: ["--approval-mode", "plan"]
+    }
   },
   {
     id: "opencode",
@@ -42373,7 +42401,11 @@ var BUILTIN_TOOLS = [
     envVar: "HERMES_HOME",
     defaultDir: join3(homedir3(), ".hermes"),
     bin: "hermes",
-    loginHint: "complete Hermes auth in this HERMES_HOME"
+    loginHint: "complete Hermes auth in this HERMES_HOME",
+    permissionArgs: {
+      dangerous: ["--yolo"],
+      yolo: ["--yolo"]
+    }
   },
   {
     id: "kimi",
@@ -42382,7 +42414,13 @@ var BUILTIN_TOOLS = [
     defaultDir: join3(homedir3(), ".kimi-code"),
     bin: "kimi",
     loginArgs: ["login"],
-    loginHint: "complete kimi login for this KIMI_CODE_HOME"
+    loginHint: "complete kimi login for this KIMI_CODE_HOME",
+    permissionArgs: {
+      dangerous: ["--yolo"],
+      yolo: ["--yolo"],
+      auto: ["--auto"],
+      plan: ["--plan"]
+    }
   },
   {
     id: "grok",
@@ -42395,6 +42433,43 @@ var BUILTIN_TOOLS = [
   }
 ];
 var DEFAULT_TOOL = "claude";
+var PERMISSION_ALIASES = new Map([
+  ["danger", "dangerous"],
+  ["dangerously-skip-permissions", "dangerous"],
+  ["skip-permissions", "dangerous"],
+  ["skip", "dangerous"],
+  ["bypasspermissions", "bypass"],
+  ["bypass-permissions", "bypass"],
+  ["acceptedits", "accept-edits"],
+  ["accept-edit", "accept-edits"],
+  ["autoedit", "auto-edit"],
+  ["auto-edits", "auto-edit"],
+  ["auto_edit", "auto-edit"],
+  ["dontask", "dont-ask"],
+  ["dont-ask-permissions", "dont-ask"]
+]);
+function normalizePermissionPreset(value) {
+  const normalized = value.trim().replace(/^--/, "").replaceAll("_", "-").toLowerCase();
+  return PERMISSION_ALIASES.get(normalized) ?? normalized;
+}
+function permissionArgsFor(tool, permissions) {
+  if (!permissions)
+    return [];
+  const preset = normalizePermissionPreset(permissions);
+  if (preset === "default" || preset === "none" || preset === "off")
+    return [];
+  const args = tool.permissionArgs?.[preset];
+  if (!args) {
+    const supported = Object.keys(tool.permissionArgs ?? {}).sort();
+    const suffix = supported.length > 0 ? ` Supported permissions: ${supported.join(", ")}.` : " No permission presets are configured.";
+    throw new AccountsError(`tool "${tool.id}" does not support permissions "${permissions}".${suffix}`);
+  }
+  return args;
+}
+function mergeToolArgs(tool, args, opts = {}) {
+  const permissionArgs = permissionArgsFor(tool, opts.permissions).filter((arg) => !args.includes(arg));
+  return [...permissionArgs, ...args];
+}
 var BUILTIN_IDS = new Set(BUILTIN_TOOLS.map((t) => t.id));
 function isBuiltinTool(id) {
   return BUILTIN_IDS.has(id);
@@ -42760,6 +42835,22 @@ function readKeychainAccount() {
     return;
   }
 }
+function bufferText(value) {
+  if (typeof value === "string")
+    return value;
+  if (value instanceof Uint8Array)
+    return new TextDecoder().decode(value);
+  return;
+}
+function keychainWriteFailureMessage(err) {
+  const record = err && typeof err === "object" ? err : {};
+  const stderr = bufferText(record.stderr);
+  const stdout = bufferText(record.stdout);
+  const detail = (stderr || stdout || "").split(/\r?\n/).map((line) => line.trim()).filter(Boolean).at(-1);
+  if (detail)
+    return detail;
+  return typeof record.status === "number" ? `security exited with status ${record.status}` : "security command failed";
+}
 function writeClaudeKeychain(cred) {
   if (!keychainSupported()) {
     throw new AccountsError("macOS keychain is only available on darwin");
@@ -42773,7 +42864,7 @@ function writeClaudeKeychain(cred) {
       stdio: ["ignore", "pipe", "pipe"]
     });
   } catch (err) {
-    throw new AccountsError(`keychain write failed: ${err.message}`);
+    throw new AccountsError(`keychain write failed: ${keychainWriteFailureMessage(err)}`);
   }
 }
 
@@ -43441,7 +43532,8 @@ function commandLine(env2, command) {
   return `${formatEnvAssignments(env2)} ${command.map(shellQuote).join(" ")}`.trim();
 }
 function commandFor(tool, opts) {
-  return [tool.bin, ...opts.resume ? tool.resumeArgs ?? [] : [], ...opts.args ?? []];
+  const args = [...opts.resume ? tool.resumeArgs ?? [] : [], ...opts.args ?? []];
+  return [tool.bin, ...mergeToolArgs(tool, args, { permissions: opts.permissions })];
 }
 function switchProfile(name, opts = {}) {
   const profile = getProfile(name, opts.tool);
@@ -43470,6 +43562,7 @@ function switchProfile(name, opts = {}) {
     exports: formatExportLines(env2),
     command,
     commandLine: commandLine(env2, command),
+    ...opts.permissions ? { permissions: normalizePermissionPreset(opts.permissions) } : {},
     restartRequired,
     message
   };
@@ -43795,7 +43888,8 @@ async function runSupervisedTool(initialProfile, tool, initialArgs = [], opts =
         tool: tool.id,
         mode: request.mode ?? "auto",
         resume: request.resume ?? true,
-        args: request.args ?? []
+        args: request.args ?? [],
+        permissions: request.permissions
       });
       log(`accounts supervisor: switching ${tool.id} to ${result.profile.name}`);
       setTimeout(() => void restartWith(result), 0);
@@ -43887,6 +43981,20 @@ function printStorageSyncResult(result, json) {
   console.log(source_default.green(`pushed ${result.pushed}, pulled ${result.pulled}`));
   console.log(source_default.dim(`key: ${result.key}`));
 }
+function parsePermissionArgs(entries) {
+  const permissionArgs = {};
+  for (const entry of entries ?? []) {
+    const idx = entry.indexOf("=");
+    if (idx <= 0)
+      die(`invalid --permission-arg ${entry}; expected PRESET=ARG`);
+    const preset = normalizePermissionPreset(entry.slice(0, idx));
+    const arg = entry.slice(idx + 1);
+    if (!arg)
+      die(`invalid --permission-arg ${entry}; expected PRESET=ARG`);
+    (permissionArgs[preset] ??= []).push(arg);
+  }
+  return permissionArgs;
+}
 program2.name("accounts").description("Manage and switch between multiple Claude Code (and other AI tool) profiles/accounts.").version(getVersion());
 program2.command("add").argument("<name>", "profile name (lowercase, hyphenated)").description("create a new profile with an isolated config dir").option("-t, --tool <tool>", "tool the profile is for", DEFAULT_TOOL).option("-e, --email <email>", "account email (auto-detected when omitted)").option("-d, --dir <path>", "config dir to use (default: managed dir under ~/.hasna/accounts)").option("--description <text>", "free-text description").action(action((name, opts) => {
   const p = addProfile({ name, tool: opts.tool, email: opts.email, dir: opts.dir, description: opts.description });
@@ -44017,12 +44125,20 @@ program2.command("applied").argument("[tool]", "tool id (default: claude)").desc
     die(`no applied profile for "${tool}". Run \`accounts apply <name>\` first.`);
   console.log(p.name);
 }));
-program2.command("switch").argument("<name>", "profile name").argument("[args...]", "extra args passed when printing/launching the tool").description("switch to a profile and print a restart/resume command; use --launch to run it").option("-t, --tool <tool>", "tool when the profile name exists for multiple tools").option("--mode <mode>", "switch mode: auto, apply, env, active", "auto").option("--resume", "include the tool's resume/continue args in the handoff command").option("--launch", "launch the tool after switching").option("--supervisor", "ask a running accounts supervisor to restart the tool").option("--json", "output JSON").action(action(async (name, args, opts) => {
+program2.command("switch").argument("<name>", "profile name").argument("[args...]", "extra args passed when printing/launching the tool").description("switch to a profile and print a restart/resume command; use --launch to run it").option("-t, --tool <tool>", "tool when the profile name exists for multiple tools").option("--mode <mode>", "switch mode: auto, apply, env, active", "auto").option("--resume", "include the tool's resume/continue args in the handoff command").option("--permissions <preset>", "tool-specific permission preset, e.g. dangerous").option("--launch", "launch the tool after switching").option("--supervisor", "ask a running accounts supervisor to restart the tool").option("--json", "output JSON").action(action(async (name, args, opts) => {
   if (opts.supervisor && opts.launch)
     die("--supervisor and --launch cannot be used together");
   if (opts.supervisor) {
     const profile = getProfile(name, opts.tool);
-    const response = await sendSupervisorRequest(profile.tool, { type: "switch_profile", name: profile.name, tool: profile.tool, mode: opts.mode, resume: opts.resume ?? true, args }, { allowMissing: true });
+    const response = await sendSupervisorRequest(profile.tool, {
+      type: "switch_profile",
+      name: profile.name,
+      tool: profile.tool,
+      mode: opts.mode,
+      resume: opts.resume ?? true,
+      args,
+      permissions: opts.permissions
+    }, { allowMissing: true });
     if (!response) {
       die(`no running accounts supervisor for ${getTool(profile.tool).label}. Start one with \`accounts run ${profile.tool}\`.`);
     }
@@ -44038,7 +44154,13 @@ program2.command("switch").argument("<name>", "profile name").argument("[args...
     }
     return;
   }
-  const result = switchProfile(name, { tool: opts.tool, mode: opts.mode, resume: opts.resume, args });
+  const result = switchProfile(name, {
+    tool: opts.tool,
+    mode: opts.mode,
+    resume: opts.resume,
+    args,
+    permissions: opts.permissions
+  });
   if (opts.json) {
     console.log(JSON.stringify(result, null, 2));
   } else {
@@ -44084,13 +44206,14 @@ program2.command("env").argument("[name]", "profile name (defaults to the active
   const tool = getTool(profile.tool);
   console.log(formatExportLines(profileEnv(profile, tool)));
 }));
-program2.command("launch").argument("<name>", "profile name").argument("[args...]", "extra args passed to the tool binary").description("launch the tool's binary with the profile's config dir active").option("-t, --tool <tool>", "tool when the profile name exists for multiple tools").action(action((name, args, opts) => {
+program2.command("launch").argument("<name>", "profile name").argument("[args...]", "extra args passed to the tool binary").description("launch the tool's binary with the profile's config dir active").option("-t, --tool <tool>", "tool when the profile name exists for multiple tools").option("--permissions <preset>", "tool-specific permission preset, e.g. dangerous").action(action((name, args, opts) => {
   const profile = getProfile(name, opts.tool);
   const tool = getTool(profile.tool);
   const env2 = profileEnv(profile, tool);
+  const launchArgs = mergeToolArgs(tool, args, { permissions: opts.permissions });
   useProfile(name, tool.id);
-  console.log(source_default.dim(`→ ${formatEnvAssignments(env2)} ${tool.bin} ${args.join(" ")}`));
-  const res = spawnSync2(tool.bin, args, {
+  console.log(source_default.dim(`→ ${formatEnvAssignments(env2)} ${tool.bin} ${launchArgs.join(" ")}`));
+  const res = spawnSync2(tool.bin, launchArgs, {
     stdio: "inherit",
     env: { ...process.env, ...env2 }
   });
@@ -44098,9 +44221,11 @@ program2.command("launch").argument("<name>", "profile name").argument("[args...
     die(`failed to launch ${tool.bin}: ${res.error.message}`);
   process.exit(res.status ?? 0);
 }));
-program2.command("run").argument("<target>", "tool id to supervise (claude, codex, opencode...) or a profile name").argument("[args...]", "extra args passed to the tool binary").description("run a tool under the accounts supervisor so MCP can switch/restart it").option("-p, --profile <name>", "profile to run when target is a tool id").option("-t, --tool <tool>", "tool when target is a profile name").option("--resume", "start with the tool's resume/continue args").action(action(async (target, args, opts) => {
+program2.command("run").argument("<target>", "tool id to supervise (claude, codex, opencode...) or a profile name").argument("[args...]", "extra args passed to the tool binary").description("run a tool under the accounts supervisor so MCP can switch/restart it").option("-p, --profile <name>", "profile to run when target is a tool id").option("-t, --tool <tool>", "tool when target is a profile name").option("--resume", "start with the tool's resume/continue args").option("--permissions <preset>", "tool-specific permission preset, e.g. dangerous").action(action(async (target, args, opts) => {
   const plan = resolveSupervisorLaunch(target, { profile: opts.profile, tool: opts.tool });
-  const runArgs = [...opts.resume ? plan.tool.resumeArgs ?? [] : [], ...args];
+  const runArgs = mergeToolArgs(plan.tool, [...opts.resume ? plan.tool.resumeArgs ?? [] : [], ...args], {
+    permissions: opts.permissions
+  });
   console.error(source_default.green(`✓ accounts supervisor running ${plan.tool.label} as ${source_default.bold(plan.profile.name)}`));
   console.error(source_default.dim(`  control: accounts supervisor status ${plan.tool.id}`));
   console.error(source_default.dim(`  switch:  accounts switch <profile> --tool ${plan.tool.id} --supervisor`));
@@ -44133,9 +44258,17 @@ supervisor.command("status").argument("[tool]", "tool id").description("show run
     console.log(source_default.dim(`  ${state2.command.join(" ")}`));
   }
 }));
-supervisor.command("switch").argument("<name>", "profile name").argument("[args...]", "extra args passed after resume/continue args").description("switch a running supervisor to another profile").option("-t, --tool <tool>", "tool when the profile name exists for multiple tools").option("--mode <mode>", "switch mode: auto, apply, env, active", "auto").option("--no-resume", "restart without the tool's resume/continue args").option("--json", "output JSON").action(action(async (name, args, opts) => {
+supervisor.command("switch").argument("<name>", "profile name").argument("[args...]", "extra args passed after resume/continue args").description("switch a running supervisor to another profile").option("-t, --tool <tool>", "tool when the profile name exists for multiple tools").option("--mode <mode>", "switch mode: auto, apply, env, active", "auto").option("--no-resume", "restart without the tool's resume/continue args").option("--permissions <preset>", "tool-specific permission preset, e.g. dangerous").option("--json", "output JSON").action(action(async (name, args, opts) => {
   const profile = getProfile(name, opts.tool);
-  const response = await sendSupervisorRequest(profile.tool, { type: "switch_profile", name: profile.name, tool: profile.tool, mode: opts.mode, resume: opts.resume !== false, args }, { allowMissing: true });
+  const response = await sendSupervisorRequest(profile.tool, {
+    type: "switch_profile",
+    name: profile.name,
+    tool: profile.tool,
+    mode: opts.mode,
+    resume: opts.resume !== false,
+    args,
+    permissions: opts.permissions
+  }, { allowMissing: true });
   if (!response)
     die(`no running accounts supervisor for ${getTool(profile.tool).label}`);
   if (!response.ok)
@@ -44271,10 +44404,12 @@ tools.command("list", { isDefault: true }).description("list supported tools (bu
   for (const t of all) {
     const tag = isBuiltinTool(t.id) ? source_default.dim("built-in") : source_default.magenta("custom");
     const envNames = [t.envVar, ...Object.keys(t.extraEnv ?? {})].join(", ");
-    console.log(`${source_default.cyan(t.id.padEnd(10))} ${t.label.padEnd(16)} ${source_default.dim(envNames)} → ${source_default.dim(t.defaultDir)}  ${tag}`);
+    const permissions = Object.keys(t.permissionArgs ?? {});
+    const permissionsHint = permissions.length > 0 ? source_default.dim(` permissions: ${permissions.sort().join(",")}`) : "";
+    console.log(`${source_default.cyan(t.id.padEnd(10))} ${t.label.padEnd(16)} ${source_default.dim(envNames)} → ${source_default.dim(t.defaultDir)}  ${tag}${permissionsHint}`);
   }
 }));
-tools.command("add").argument("<id>", "tool id, e.g. cursor").description("register a custom tool/app so profiles can target it").requiredOption("--label <label>", 'display name, e.g. "Cursor"').requiredOption("--env-var <VAR>", "env var that points the tool at its config dir").requiredOption("--bin <bin>", "binary to launch").option("--default-dir <path>", "default config dir (default: ~/.<id>)").option("--extra-env <VAR=VALUE...>", "additional env var templates; supports {profileDir}, {profileName}, {toolId}").option("--login-arg <arg...>", "arguments for `accounts login <profile> --tool <id>`").option("--resume-arg <arg...>", "arguments for supervised resume/restart, e.g. --continue").option("--account-file <file>", "file inside the config dir holding the email").option("--email-path <path>", "dot-path to the email inside that file (e.g. account.email)").action(action((id, opts) => {
+tools.command("add").argument("<id>", "tool id, e.g. cursor").description("register a custom tool/app so profiles can target it").requiredOption("--label <label>", 'display name, e.g. "Cursor"').requiredOption("--env-var <VAR>", "env var that points the tool at its config dir").requiredOption("--bin <bin>", "binary to launch").option("--default-dir <path>", "default config dir (default: ~/.<id>)").option("--extra-env <VAR=VALUE...>", "additional env var templates; supports {profileDir}, {profileName}, {toolId}").option("--login-arg <arg...>", "arguments for `accounts login <profile> --tool <id>`").option("--resume-arg <arg...>", "arguments for supervised resume/restart, e.g. --continue").option("--permission-arg <preset=arg...>", "tool permission preset args, e.g. dangerous=--yolo").option("--account-file <file>", "file inside the config dir holding the email").option("--email-path <path>", "dot-path to the email inside that file (e.g. account.email)").action(action((id, opts) => {
   const extraEnv = {};
   for (const entry of opts.extraEnv ?? []) {
     const idx = entry.indexOf("=");
@@ -44282,6 +44417,7 @@ tools.command("add").argument("<id>", "tool id, e.g. cursor").description("regis
       die(`invalid --extra-env ${entry}; expected VAR=VALUE`);
     extraEnv[entry.slice(0, idx)] = entry.slice(idx + 1);
   }
+  const permissionArgs = parsePermissionArgs(opts.permissionArg);
   const def = {
     id,
     label: opts.label,
@@ -44291,6 +44427,7 @@ tools.command("add").argument("<id>", "tool id, e.g. cursor").description("regis
     ...Object.keys(extraEnv).length > 0 ? { extraEnv } : {},
     ...opts.loginArg ? { loginArgs: opts.loginArg } : {},
     ...opts.resumeArg ? { resumeArgs: opts.resumeArg } : {},
+    ...Object.keys(permissionArgs).length > 0 ? { permissionArgs } : {},
     ...opts.accountFile ? { accountFile: opts.accountFile } : {},
     ...opts.emailPath ? { emailPath: opts.emailPath.split(".") } : {}
   };

package/dist/index.d.ts

@@ -1,6 +1,6 @@
 export * from "./types.js";
 export { loadStore, saveStore, storePath, accountsHome, profilesDir } from "./storage.js";
-export { BUILTIN_TOOLS, DEFAULT_TOOL, getTool, listTools, isBuiltinTool, addCustomTool, removeCustomTool, } from "./lib/tools.js";
+export { BUILTIN_TOOLS, DEFAULT_TOOL, getTool, listTools, isBuiltinTool, addCustomTool, removeCustomTool, mergeToolArgs, normalizePermissionPreset, permissionArgsFor, } from "./lib/tools.js";
 export { profileEnv, formatEnvAssignments, formatExportLines } from "./lib/env.js";
 export { detectEmail } from "./lib/detect.js";
 export { expandPath, listProfiles, findProfile, getProfile, addProfile, removeProfile, renameProfile, updateProfile, redetectEmail, useProfile, currentProfile, } from "./lib/profiles.js";

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,cAAc,YAAY,CAAC;AAC3B,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC1F,OAAO,EACL,aAAa,EACb,YAAY,EACZ,OAAO,EACP,SAAS,EACT,aAAa,EACb,aAAa,EACb,gBAAgB,GACjB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,UAAU,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACnF,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EACL,UAAU,EACV,YAAY,EACZ,WAAW,EACX,UAAU,EACV,UAAU,EACV,aAAa,EACb,aAAa,EACb,aAAa,EACb,aAAa,EACb,UAAU,EACV,cAAc,GACf,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClF,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAC/E,YAAY,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,YAAY,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,uBAAuB,EACvB,iBAAiB,EACjB,qBAAqB,EACrB,aAAa,EACb,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EACV,oBAAoB,EACpB,uBAAuB,EACvB,oBAAoB,EACpB,iBAAiB,EACjB,kBAAkB,EAClB,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC/F,OAAO,EACL,2BAA2B,EAC3B,yBAAyB,EACzB,4BAA4B,EAC5B,yBAAyB,EACzB,eAAe,EACf,cAAc,EACd,gCAAgC,EAChC,kCAAkC,EAClC,+BAA+B,EAC/B,wBAAwB,GACzB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAClD,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,cAAc,YAAY,CAAC;AAC3B,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC1F,OAAO,EACL,aAAa,EACb,YAAY,EACZ,OAAO,EACP,SAAS,EACT,aAAa,EACb,aAAa,EACb,gBAAgB,EAChB,aAAa,EACb,yBAAyB,EACzB,iBAAiB,GAClB,MAAM,gBAAgB,CAAC;AACxB,OAAO,EAAE,UAAU,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AACnF,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EACL,UAAU,EACV,YAAY,EACZ,WAAW,EACX,UAAU,EACV,UAAU,EACV,aAAa,EACb,aAAa,EACb,aAAa,EACb,aAAa,EACb,UAAU,EACV,cAAc,GACf,MAAM,mBAAmB,CAAC;AAC3B,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClF,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAC/E,YAAY,EAAE,aAAa,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAC;AAC/C,YAAY,EAAE,mBAAmB,EAAE,MAAM,gBAAgB,CAAC;AAC1D,OAAO,EAAE,aAAa,EAAE,MAAM,iBAAiB,CAAC;AAChD,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAC/E,OAAO,EACL,oBAAoB,EACpB,mBAAmB,EACnB,uBAAuB,EACvB,iBAAiB,EACjB,qBAAqB,EACrB,aAAa,EACb,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAC7B,YAAY,EACV,oBAAoB,EACpB,uBAAuB,EACvB,oBAAoB,EACpB,iBAAiB,EACjB,kBAAkB,EAClB,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAC5C,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAC7D,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,QAAQ,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC/F,OAAO,EACL,2BAA2B,EAC3B,yBAAyB,EACzB,4BAA4B,EAC5B,yBAAyB,EACzB,eAAe,EACf,cAAc,EACd,gCAAgC,EAChC,kCAAkC,EAClC,+BAA+B,EAC/B,wBAAwB,GACzB,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AAClD,OAAO,EAAE,kBAAkB,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/index.js

@@ -3999,6 +3999,7 @@ var toolDefSchema = exports_external.object({
   loginArgs: exports_external.array(exports_external.string()).optional(),
   loginHint: exports_external.string().optional(),
   resumeArgs: exports_external.array(exports_external.string()).optional(),
+  permissionArgs: exports_external.record(exports_external.array(exports_external.string())).optional(),
   accountFile: exports_external.string().optional(),
   emailPath: exports_external.array(exports_external.string()).optional()
 });
@@ -4174,6 +4175,15 @@ var BUILTIN_TOOLS = [
     bin: "claude",
     loginHint: "run /login inside Claude, then /exit when done",
     resumeArgs: ["--continue"],
+    permissionArgs: {
+      dangerous: ["--dangerously-skip-permissions"],
+      "allow-dangerous": ["--allow-dangerously-skip-permissions"],
+      bypass: ["--permission-mode", "bypassPermissions"],
+      auto: ["--permission-mode", "auto"],
+      "accept-edits": ["--permission-mode", "acceptEdits"],
+      "dont-ask": ["--permission-mode", "dontAsk"],
+      plan: ["--permission-mode", "plan"]
+    },
     accountFile: ".claude.json",
     emailPath: ["oauthAccount", "emailAddress"]
   },
@@ -4185,7 +4195,10 @@ var BUILTIN_TOOLS = [
     bin: "codex",
     loginArgs: ["login"],
     loginHint: "complete the Codex login flow for this CODEX_HOME",
-    resumeArgs: ["resume", "--last"]
+    resumeArgs: ["resume", "--last"],
+    permissionArgs: {
+      dangerous: ["--dangerously-bypass-approvals-and-sandbox"]
+    }
   },
   {
     id: "takumi",
@@ -4195,6 +4208,15 @@ var BUILTIN_TOOLS = [
     bin: "takumi",
     loginHint: "complete Takumi auth in this TAKUMI_CONFIG_DIR",
     resumeArgs: ["--continue"],
+    permissionArgs: {
+      dangerous: ["--dangerously-skip-permissions"],
+      "allow-dangerous": ["--allow-dangerously-skip-permissions"],
+      bypass: ["--permission-mode", "bypassPermissions"],
+      auto: ["--permission-mode", "auto"],
+      "accept-edits": ["--permission-mode", "acceptEdits"],
+      "dont-ask": ["--permission-mode", "dontAsk"],
+      plan: ["--permission-mode", "plan"]
+    },
     accountFile: ".claude.json",
     emailPath: ["oauthAccount", "emailAddress"]
   },
@@ -4204,7 +4226,13 @@ var BUILTIN_TOOLS = [
     envVar: "GEMINI_CONFIG_DIR",
     defaultDir: join2(homedir2(), ".gemini"),
     bin: "gemini",
-    loginHint: "complete Gemini auth in this GEMINI_CONFIG_DIR"
+    loginHint: "complete Gemini auth in this GEMINI_CONFIG_DIR",
+    permissionArgs: {
+      dangerous: ["--yolo"],
+      yolo: ["--yolo"],
+      "auto-edit": ["--approval-mode", "auto_edit"],
+      plan: ["--approval-mode", "plan"]
+    }
   },
   {
     id: "opencode",
@@ -4243,7 +4271,11 @@ var BUILTIN_TOOLS = [
     envVar: "HERMES_HOME",
     defaultDir: join2(homedir2(), ".hermes"),
     bin: "hermes",
-    loginHint: "complete Hermes auth in this HERMES_HOME"
+    loginHint: "complete Hermes auth in this HERMES_HOME",
+    permissionArgs: {
+      dangerous: ["--yolo"],
+      yolo: ["--yolo"]
+    }
   },
   {
     id: "kimi",
@@ -4252,7 +4284,13 @@ var BUILTIN_TOOLS = [
     defaultDir: join2(homedir2(), ".kimi-code"),
     bin: "kimi",
     loginArgs: ["login"],
-    loginHint: "complete kimi login for this KIMI_CODE_HOME"
+    loginHint: "complete kimi login for this KIMI_CODE_HOME",
+    permissionArgs: {
+      dangerous: ["--yolo"],
+      yolo: ["--yolo"],
+      auto: ["--auto"],
+      plan: ["--plan"]
+    }
   },
   {
     id: "grok",
@@ -4265,6 +4303,43 @@ var BUILTIN_TOOLS = [
   }
 ];
 var DEFAULT_TOOL = "claude";
+var PERMISSION_ALIASES = new Map([
+  ["danger", "dangerous"],
+  ["dangerously-skip-permissions", "dangerous"],
+  ["skip-permissions", "dangerous"],
+  ["skip", "dangerous"],
+  ["bypasspermissions", "bypass"],
+  ["bypass-permissions", "bypass"],
+  ["acceptedits", "accept-edits"],
+  ["accept-edit", "accept-edits"],
+  ["autoedit", "auto-edit"],
+  ["auto-edits", "auto-edit"],
+  ["auto_edit", "auto-edit"],
+  ["dontask", "dont-ask"],
+  ["dont-ask-permissions", "dont-ask"]
+]);
+function normalizePermissionPreset(value) {
+  const normalized = value.trim().replace(/^--/, "").replaceAll("_", "-").toLowerCase();
+  return PERMISSION_ALIASES.get(normalized) ?? normalized;
+}
+function permissionArgsFor(tool, permissions) {
+  if (!permissions)
+    return [];
+  const preset = normalizePermissionPreset(permissions);
+  if (preset === "default" || preset === "none" || preset === "off")
+    return [];
+  const args = tool.permissionArgs?.[preset];
+  if (!args) {
+    const supported = Object.keys(tool.permissionArgs ?? {}).sort();
+    const suffix = supported.length > 0 ? ` Supported permissions: ${supported.join(", ")}.` : " No permission presets are configured.";
+    throw new AccountsError(`tool "${tool.id}" does not support permissions "${permissions}".${suffix}`);
+  }
+  return args;
+}
+function mergeToolArgs(tool, args, opts = {}) {
+  const permissionArgs = permissionArgsFor(tool, opts.permissions).filter((arg) => !args.includes(arg));
+  return [...permissionArgs, ...args];
+}
 var BUILTIN_IDS = new Set(BUILTIN_TOOLS.map((t) => t.id));
 function isBuiltinTool(id) {
   return BUILTIN_IDS.has(id);
@@ -4406,6 +4481,22 @@ function readKeychainAccount() {
     return;
   }
 }
+function bufferText(value) {
+  if (typeof value === "string")
+    return value;
+  if (value instanceof Uint8Array)
+    return new TextDecoder().decode(value);
+  return;
+}
+function keychainWriteFailureMessage(err) {
+  const record = err && typeof err === "object" ? err : {};
+  const stderr = bufferText(record.stderr);
+  const stdout = bufferText(record.stdout);
+  const detail = (stderr || stdout || "").split(/\r?\n/).map((line) => line.trim()).filter(Boolean).at(-1);
+  if (detail)
+    return detail;
+  return typeof record.status === "number" ? `security exited with status ${record.status}` : "security command failed";
+}
 function writeClaudeKeychain(cred) {
   if (!keychainSupported()) {
     throw new AccountsError("macOS keychain is only available on darwin");
@@ -4419,7 +4510,7 @@ function writeClaudeKeychain(cred) {
       stdio: ["ignore", "pipe", "pipe"]
     });
   } catch (err) {
-    throw new AccountsError(`keychain write failed: ${err.message}`);
+    throw new AccountsError(`keychain write failed: ${keychainWriteFailureMessage(err)}`);
   }
 }
 
@@ -5032,7 +5123,8 @@ function commandLine(env, command) {
   return `${formatEnvAssignments(env)} ${command.map(shellQuote).join(" ")}`.trim();
 }
 function commandFor(tool, opts) {
-  return [tool.bin, ...opts.resume ? tool.resumeArgs ?? [] : [], ...opts.args ?? []];
+  const args = [...opts.resume ? tool.resumeArgs ?? [] : [], ...opts.args ?? []];
+  return [tool.bin, ...mergeToolArgs(tool, args, { permissions: opts.permissions })];
 }
 function switchProfile(name, opts = {}) {
   const profile = getProfile(name, opts.tool);
@@ -5061,6 +5153,7 @@ function switchProfile(name, opts = {}) {
     exports: formatExportLines(env),
     command,
     commandLine: commandLine(env, command),
+    ...opts.permissions ? { permissions: normalizePermissionPreset(opts.permissions) } : {},
     restartRequired,
     message
   };
@@ -5385,7 +5478,8 @@ async function runSupervisedTool(initialProfile, tool, initialArgs = [], opts =
         tool: tool.id,
         mode: request.mode ?? "auto",
         resume: request.resume ?? true,
-        args: request.args ?? []
+        args: request.args ?? [],
+        permissions: request.permissions
       });
       log(`accounts supervisor: switching ${tool.id} to ${result.profile.name}`);
       setTimeout(() => void restartWith(result), 0);
@@ -5553,6 +5647,9 @@ export {
   profileHasAuth,
   profileEnv,
   pickProfile,
+  permissionArgsFor,
+  normalizePermissionPreset,
+  mergeToolArgs,
   loadStore,
   listTools,
   listSupervisorStates,

package/dist/lib/keychain.d.ts

@@ -8,6 +8,7 @@ export interface KeychainCredential {
 export declare function assertAllowedKeychainCredential(cred: KeychainCredential): void;
 /** Read Claude Code OAuth payload from macOS login keychain. */
 export declare function readClaudeKeychain(): KeychainCredential | undefined;
+export declare function keychainWriteFailureMessage(err: unknown): string;
 /** Write Claude Code credentials into the login keychain (replaces existing entry). */
 export declare function writeClaudeKeychain(cred: KeychainCredential): void;
 //# sourceMappingURL=keychain.d.ts.map

package/dist/lib/keychain.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"keychain.d.ts","sourceRoot":"","sources":["../../src/lib/keychain.ts"],"names":[],"mappings":"AAKA,wBAAgB,iBAAiB,IAAI,OAAO,CAE3C;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;CAChB;AAID,yFAAyF;AACzF,wBAAgB,+BAA+B,CAAC,IAAI,EAAE,kBAAkB,GAAG,IAAI,CAU9E;AAED,gEAAgE;AAChE,wBAAgB,kBAAkB,IAAI,kBAAkB,GAAG,SAAS,CAgBnE;AAgBD,uFAAuF;AACvF,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,kBAAkB,GAAG,IAAI,CAqBlE"}
+{"version":3,"file":"keychain.d.ts","sourceRoot":"","sources":["../../src/lib/keychain.ts"],"names":[],"mappings":"AAKA,wBAAgB,iBAAiB,IAAI,OAAO,CAE3C;AAED,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;CAChB;AAID,yFAAyF;AACzF,wBAAgB,+BAA+B,CAAC,IAAI,EAAE,kBAAkB,GAAG,IAAI,CAU9E;AAED,gEAAgE;AAChE,wBAAgB,kBAAkB,IAAI,kBAAkB,GAAG,SAAS,CAgBnE;AAsBD,wBAAgB,2BAA2B,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,CAWhE;AAED,uFAAuF;AACvF,wBAAgB,mBAAmB,CAAC,IAAI,EAAE,kBAAkB,GAAG,IAAI,CAqBlE"}

package/dist/lib/supervisor.d.ts

@@ -21,6 +21,7 @@ export type SupervisorRequest = {
     mode?: SwitchMode;
     resume?: boolean;
     args?: string[];
+    permissions?: string;
 } | {
     type: "stop";
 };

package/dist/lib/supervisor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"supervisor.d.ts","sourceRoot":"","sources":["../../src/lib/supervisor.ts"],"names":[],"mappings":"AAAA,OAAO,EAA4B,KAAK,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAMjF,OAAO,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAKpD,OAAO,EAAiB,KAAK,UAAU,EAAE,KAAK,YAAY,EAAE,MAAM,aAAa,CAAC;AAGhF,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,CAAC,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,MAAM,iBAAiB,GACzB;IAAE,IAAI,EAAE,QAAQ,CAAA;CAAE,GAClB;IACE,IAAI,EAAE,gBAAgB,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB,GACD;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC;AAErB,MAAM,MAAM,kBAAkB,GAC1B;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,KAAK,EAAE,eAAe,CAAA;CAAE,GACpC;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,YAAY,CAAC;IAAC,KAAK,EAAE,eAAe,CAAC;IAAC,cAAc,EAAE,MAAM,CAAA;CAAE,GAChG;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,QAAQ,EAAE,IAAI,CAAC;IAAC,KAAK,EAAE,eAAe,CAAA;CAAE,GACpD;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;AAEjC,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,OAAO,CAAC;IACd,UAAU,EAAE,MAAM,GAAG,SAAS,CAAC;CAChC;AAED,MAAM,WAAW,oBAAoB;IACnC,KAAK,CAAC,EAAE,YAAY,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;CACjC;AAED,MAAM,WAAW,uBAAuB;IACtC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAID,wBAAgB,aAAa,IAAI,MAAM,CAEtC;AAED,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAE1D;AAED,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAM3D;AAqBD,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS,CAQ/E;AAED,wBAAgB,oBAAoB,IAAI,eAAe,EAAE,CAQxD;AA6BD,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,MAAM,EACd,IAAI,GAAE;IAAE,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAO,GAC7C,oBAAoB,CAuBtB;AA0CD,wBAAsB,qBAAqB,CACzC,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,iBAAiB,EAC1B,IAAI,GAAE,uBAA4B,GACjC,OAAO,CAAC,kBAAkB,GAAG,SAAS,CAAC,CAoDzC;AAED,wBAAsB,iBAAiB,CACrC,cAAc,EAAE,OAAO,EACvB,IAAI,EAAE,OAAO,EACb,WAAW,GAAE,MAAM,EAAO,EAC1B,IAAI,GAAE,oBAAyB,GAC9B,OAAO,CAAC,MAAM,CAAC,CAmLjB"}
+{"version":3,"file":"supervisor.d.ts","sourceRoot":"","sources":["../../src/lib/supervisor.ts"],"names":[],"mappings":"AAAA,OAAO,EAA4B,KAAK,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAMjF,OAAO,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAKpD,OAAO,EAAiB,KAAK,UAAU,EAAE,KAAK,YAAY,EAAE,MAAM,aAAa,CAAC;AAGhF,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,CAAC,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,MAAM,iBAAiB,GACzB;IAAE,IAAI,EAAE,QAAQ,CAAA;CAAE,GAClB;IACE,IAAI,EAAE,gBAAgB,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,GACD;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC;AAErB,MAAM,MAAM,kBAAkB,GAC1B;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,KAAK,EAAE,eAAe,CAAA;CAAE,GACpC;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,IAAI,CAAC;IAAC,MAAM,EAAE,YAAY,CAAC;IAAC,KAAK,EAAE,eAAe,CAAC;IAAC,cAAc,EAAE,MAAM,CAAA;CAAE,GAChG;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,QAAQ,EAAE,IAAI,CAAC;IAAC,KAAK,EAAE,eAAe,CAAA;CAAE,GACpD;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC;AAEjC,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,OAAO,CAAC;IACd,UAAU,EAAE,MAAM,GAAG,SAAS,CAAC;CAChC;AAED,MAAM,WAAW,oBAAoB;IACnC,KAAK,CAAC,EAAE,YAAY,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;CACjC;AAED,MAAM,WAAW,uBAAuB;IACtC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,OAAO,CAAC;CACxB;AAID,wBAAgB,aAAa,IAAI,MAAM,CAEtC;AAED,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAE1D;AAED,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAM3D;AAqBD,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,MAAM,GAAG,eAAe,GAAG,SAAS,CAQ/E;AAED,wBAAgB,oBAAoB,IAAI,eAAe,EAAE,CAQxD;AA6BD,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,MAAM,EACd,IAAI,GAAE;IAAE,OAAO,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAO,GAC7C,oBAAoB,CAuBtB;AA0CD,wBAAsB,qBAAqB,CACzC,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,iBAAiB,EAC1B,IAAI,GAAE,uBAA4B,GACjC,OAAO,CAAC,kBAAkB,GAAG,SAAS,CAAC,CAoDzC;AAED,wBAAsB,iBAAiB,CACrC,cAAc,EAAE,OAAO,EACvB,IAAI,EAAE,OAAO,EACb,WAAW,GAAE,MAAM,EAAO,EAC1B,IAAI,GAAE,oBAAyB,GAC9B,OAAO,CAAC,MAAM,CAAC,CAoLjB"}

package/dist/lib/switch.d.ts

@@ -5,6 +5,7 @@ export interface SwitchOptions {
     mode?: SwitchMode;
     resume?: boolean;
     args?: string[];
+    permissions?: string;
 }
 export interface SwitchResult {
     profile: Profile;
@@ -15,6 +16,7 @@ export interface SwitchResult {
     exports: string;
     command: string[];
     commandLine: string;
+    permissions?: string;
     restartRequired: boolean;
     message: string;
 }

package/dist/lib/switch.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"switch.d.ts","sourceRoot":"","sources":["../../src/lib/switch.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAOpD,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,OAAO,GAAG,KAAK,GAAG,QAAQ,CAAC;AAE7D,MAAM,WAAW,aAAa;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;CACjB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,OAAO,CAAC;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAeD,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,GAAE,aAAkB,GAAG,YAAY,CAmClF"}
+{"version":3,"file":"switch.d.ts","sourceRoot":"","sources":["../../src/lib/switch.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,aAAa,CAAC;AAOpD,MAAM,MAAM,UAAU,GAAG,MAAM,GAAG,OAAO,GAAG,KAAK,GAAG,QAAQ,CAAC;AAE7D,MAAM,WAAW,aAAa;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,UAAU,CAAC;IAClB,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,OAAO,CAAC;IACjB,IAAI,EAAE,OAAO,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,EAAE,OAAO,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,EAAE,OAAO,CAAC;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAgBD,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,GAAE,aAAkB,GAAG,YAAY,CAoClF"}

package/dist/lib/tools.d.ts

@@ -6,6 +6,12 @@ import { type ToolDef } from "../types.js";
  */
 export declare const BUILTIN_TOOLS: ToolDef[];
 export declare const DEFAULT_TOOL = "claude";
+export interface ToolArgOptions {
+    permissions?: string;
+}
+export declare function normalizePermissionPreset(value: string): string;
+export declare function permissionArgsFor(tool: ToolDef, permissions?: string): string[];
+export declare function mergeToolArgs(tool: ToolDef, args: string[], opts?: ToolArgOptions): string[];
 export declare function isBuiltinTool(id: string): boolean;
 /** All tools: built-ins plus any user-registered ones (custom wins on id clash). */
 export declare function listTools(): ToolDef[];

package/dist/lib/tools.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../../src/lib/tools.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,OAAO,EAAgC,MAAM,aAAa,CAAC;AAGzE;;;;GAIG;AACH,eAAO,MAAM,aAAa,EAAE,OAAO,EAkGlC,CAAC;AAEF,eAAO,MAAM,YAAY,WAAW,CAAC;AAIrC,wBAAgB,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAEjD;AAED,oFAAoF;AACpF,wBAAgB,SAAS,IAAI,OAAO,EAAE,CAMrC;AAED,wBAAgB,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAS3C;AAED,kEAAkE;AAClE,wBAAgB,aAAa,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAanD;AAED,kEAAkE;AAClE,wBAAgB,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI,CAWjD"}
+{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../../src/lib/tools.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,OAAO,EAAgC,MAAM,aAAa,CAAC;AAGzE;;;;GAIG;AACH,eAAO,MAAM,aAAa,EAAE,OAAO,EAuIlC,CAAC;AAEF,eAAO,MAAM,YAAY,WAAW,CAAC;AAErC,MAAM,WAAW,cAAc;IAC7B,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAkBD,wBAAgB,yBAAyB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAG/D;AAED,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,OAAO,EAAE,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAW/E;AAED,wBAAgB,aAAa,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,IAAI,GAAE,cAAmB,GAAG,MAAM,EAAE,CAGhG;AAID,wBAAgB,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAEjD;AAED,oFAAoF;AACpF,wBAAgB,SAAS,IAAI,OAAO,EAAE,CAMrC;AAED,wBAAgB,OAAO,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAS3C;AAED,kEAAkE;AAClE,wBAAgB,aAAa,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAanD;AAED,kEAAkE;AAClE,wBAAgB,gBAAgB,CAAC,EAAE,EAAE,MAAM,GAAG,IAAI,CAWjD"}

package/dist/mcp.js

@@ -16634,6 +16634,7 @@ var toolDefSchema = exports_external.object({
   loginArgs: exports_external.array(exports_external.string()).optional(),
   loginHint: exports_external.string().optional(),
   resumeArgs: exports_external.array(exports_external.string()).optional(),
+  permissionArgs: exports_external.record(exports_external.array(exports_external.string())).optional(),
   accountFile: exports_external.string().optional(),
   emailPath: exports_external.array(exports_external.string()).optional()
 });
@@ -16808,6 +16809,15 @@ var BUILTIN_TOOLS = [
     bin: "claude",
     loginHint: "run /login inside Claude, then /exit when done",
     resumeArgs: ["--continue"],
+    permissionArgs: {
+      dangerous: ["--dangerously-skip-permissions"],
+      "allow-dangerous": ["--allow-dangerously-skip-permissions"],
+      bypass: ["--permission-mode", "bypassPermissions"],
+      auto: ["--permission-mode", "auto"],
+      "accept-edits": ["--permission-mode", "acceptEdits"],
+      "dont-ask": ["--permission-mode", "dontAsk"],
+      plan: ["--permission-mode", "plan"]
+    },
     accountFile: ".claude.json",
     emailPath: ["oauthAccount", "emailAddress"]
   },
@@ -16819,7 +16829,10 @@ var BUILTIN_TOOLS = [
     bin: "codex",
     loginArgs: ["login"],
     loginHint: "complete the Codex login flow for this CODEX_HOME",
-    resumeArgs: ["resume", "--last"]
+    resumeArgs: ["resume", "--last"],
+    permissionArgs: {
+      dangerous: ["--dangerously-bypass-approvals-and-sandbox"]
+    }
   },
   {
     id: "takumi",
@@ -16829,6 +16842,15 @@ var BUILTIN_TOOLS = [
     bin: "takumi",
     loginHint: "complete Takumi auth in this TAKUMI_CONFIG_DIR",
     resumeArgs: ["--continue"],
+    permissionArgs: {
+      dangerous: ["--dangerously-skip-permissions"],
+      "allow-dangerous": ["--allow-dangerously-skip-permissions"],
+      bypass: ["--permission-mode", "bypassPermissions"],
+      auto: ["--permission-mode", "auto"],
+      "accept-edits": ["--permission-mode", "acceptEdits"],
+      "dont-ask": ["--permission-mode", "dontAsk"],
+      plan: ["--permission-mode", "plan"]
+    },
     accountFile: ".claude.json",
     emailPath: ["oauthAccount", "emailAddress"]
   },
@@ -16838,7 +16860,13 @@ var BUILTIN_TOOLS = [
     envVar: "GEMINI_CONFIG_DIR",
     defaultDir: join2(homedir2(), ".gemini"),
     bin: "gemini",
-    loginHint: "complete Gemini auth in this GEMINI_CONFIG_DIR"
+    loginHint: "complete Gemini auth in this GEMINI_CONFIG_DIR",
+    permissionArgs: {
+      dangerous: ["--yolo"],
+      yolo: ["--yolo"],
+      "auto-edit": ["--approval-mode", "auto_edit"],
+      plan: ["--approval-mode", "plan"]
+    }
   },
   {
     id: "opencode",
@@ -16877,7 +16905,11 @@ var BUILTIN_TOOLS = [
     envVar: "HERMES_HOME",
     defaultDir: join2(homedir2(), ".hermes"),
     bin: "hermes",
-    loginHint: "complete Hermes auth in this HERMES_HOME"
+    loginHint: "complete Hermes auth in this HERMES_HOME",
+    permissionArgs: {
+      dangerous: ["--yolo"],
+      yolo: ["--yolo"]
+    }
   },
   {
     id: "kimi",
@@ -16886,7 +16918,13 @@ var BUILTIN_TOOLS = [
     defaultDir: join2(homedir2(), ".kimi-code"),
     bin: "kimi",
     loginArgs: ["login"],
-    loginHint: "complete kimi login for this KIMI_CODE_HOME"
+    loginHint: "complete kimi login for this KIMI_CODE_HOME",
+    permissionArgs: {
+      dangerous: ["--yolo"],
+      yolo: ["--yolo"],
+      auto: ["--auto"],
+      plan: ["--plan"]
+    }
   },
   {
     id: "grok",
@@ -16898,6 +16936,43 @@ var BUILTIN_TOOLS = [
     loginHint: "complete grok login in this process-scoped HOME; prefer launch/shell over exporting HOME globally"
   }
 ];
+var PERMISSION_ALIASES = new Map([
+  ["danger", "dangerous"],
+  ["dangerously-skip-permissions", "dangerous"],
+  ["skip-permissions", "dangerous"],
+  ["skip", "dangerous"],
+  ["bypasspermissions", "bypass"],
+  ["bypass-permissions", "bypass"],
+  ["acceptedits", "accept-edits"],
+  ["accept-edit", "accept-edits"],
+  ["autoedit", "auto-edit"],
+  ["auto-edits", "auto-edit"],
+  ["auto_edit", "auto-edit"],
+  ["dontask", "dont-ask"],
+  ["dont-ask-permissions", "dont-ask"]
+]);
+function normalizePermissionPreset(value) {
+  const normalized = value.trim().replace(/^--/, "").replaceAll("_", "-").toLowerCase();
+  return PERMISSION_ALIASES.get(normalized) ?? normalized;
+}
+function permissionArgsFor(tool, permissions) {
+  if (!permissions)
+    return [];
+  const preset = normalizePermissionPreset(permissions);
+  if (preset === "default" || preset === "none" || preset === "off")
+    return [];
+  const args = tool.permissionArgs?.[preset];
+  if (!args) {
+    const supported = Object.keys(tool.permissionArgs ?? {}).sort();
+    const suffix = supported.length > 0 ? ` Supported permissions: ${supported.join(", ")}.` : " No permission presets are configured.";
+    throw new AccountsError(`tool "${tool.id}" does not support permissions "${permissions}".${suffix}`);
+  }
+  return args;
+}
+function mergeToolArgs(tool, args, opts = {}) {
+  const permissionArgs = permissionArgsFor(tool, opts.permissions).filter((arg) => !args.includes(arg));
+  return [...permissionArgs, ...args];
+}
 var BUILTIN_IDS = new Set(BUILTIN_TOOLS.map((t) => t.id));
 function listTools() {
   const custom3 = loadStore().tools;
@@ -17054,6 +17129,22 @@ function readKeychainAccount() {
     return;
   }
 }
+function bufferText(value) {
+  if (typeof value === "string")
+    return value;
+  if (value instanceof Uint8Array)
+    return new TextDecoder().decode(value);
+  return;
+}
+function keychainWriteFailureMessage(err) {
+  const record3 = err && typeof err === "object" ? err : {};
+  const stderr = bufferText(record3.stderr);
+  const stdout = bufferText(record3.stdout);
+  const detail = (stderr || stdout || "").split(/\r?\n/).map((line) => line.trim()).filter(Boolean).at(-1);
+  if (detail)
+    return detail;
+  return typeof record3.status === "number" ? `security exited with status ${record3.status}` : "security command failed";
+}
 function writeClaudeKeychain(cred) {
   if (!keychainSupported()) {
     throw new AccountsError("macOS keychain is only available on darwin");
@@ -17067,7 +17158,7 @@ function writeClaudeKeychain(cred) {
       stdio: ["ignore", "pipe", "pipe"]
     });
   } catch (err) {
-    throw new AccountsError(`keychain write failed: ${err.message}`);
+    throw new AccountsError(`keychain write failed: ${keychainWriteFailureMessage(err)}`);
   }
 }
 
@@ -17388,7 +17479,8 @@ function commandLine(env, command) {
   return `${formatEnvAssignments(env)} ${command.map(shellQuote).join(" ")}`.trim();
 }
 function commandFor(tool, opts) {
-  return [tool.bin, ...opts.resume ? tool.resumeArgs ?? [] : [], ...opts.args ?? []];
+  const args = [...opts.resume ? tool.resumeArgs ?? [] : [], ...opts.args ?? []];
+  return [tool.bin, ...mergeToolArgs(tool, args, { permissions: opts.permissions })];
 }
 function switchProfile(name, opts = {}) {
   const profile = getProfile(name, opts.tool);
@@ -17417,6 +17509,7 @@ function switchProfile(name, opts = {}) {
     exports: formatExportLines(env),
     command,
     commandLine: commandLine(env, command),
+    ...opts.permissions ? { permissions: normalizePermissionPreset(opts.permissions) } : {},
     restartRequired,
     message
   };
@@ -17526,7 +17619,7 @@ function ok(data) {
 function fail(message) {
   return { content: [{ type: "text", text: JSON.stringify({ error: message }) }], isError: true };
 }
-var server = new Server({ name: "accounts", version: "0.1.12" }, { capabilities: { tools: {} } });
+var server = new Server({ name: "accounts", version: "0.1.14" }, { capabilities: { tools: {} } });
 server.setRequestHandler(ListToolsRequestSchema, async () => ({
   tools: [
     {
@@ -17559,6 +17652,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
           tool: { type: "string" },
           mode: { type: "string", enum: ["auto", "apply", "env", "active"] },
           resume: { type: "boolean" },
+          permissions: { type: "string" },
           args: { type: "array", items: { type: "string" } }
         },
         required: ["name"]
@@ -17592,13 +17686,15 @@ server.setRequestHandler(CallToolRequestSchema, async (req) => {
         const profile = getProfile(name, typeof args["tool"] === "string" ? args["tool"] : undefined);
         const resume = args["resume"] !== false;
         const switchArgs = Array.isArray(args["args"]) ? args["args"].filter((value) => typeof value === "string") : undefined;
+        const permissions = typeof args["permissions"] === "string" ? args["permissions"] : undefined;
         const supervisor = await sendSupervisorRequest(profile.tool, {
           type: "switch_profile",
           name: profile.name,
           tool: profile.tool,
           mode: typeof args["mode"] === "string" ? args["mode"] : "auto",
           resume,
-          args: switchArgs
+          args: switchArgs,
+          permissions
         }, { allowMissing: true });
         if (supervisor) {
           if (!supervisor.ok)
@@ -17613,7 +17709,8 @@ server.setRequestHandler(CallToolRequestSchema, async (req) => {
           tool: profile.tool,
           mode: typeof args["mode"] === "string" ? args["mode"] : "auto",
           resume,
-          args: switchArgs
+          args: switchArgs,
+          permissions
         });
         return ok({
           supervised: false,

package/dist/storage.js

@@ -4007,6 +4007,7 @@ var toolDefSchema = exports_external.object({
   loginArgs: exports_external.array(exports_external.string()).optional(),
   loginHint: exports_external.string().optional(),
   resumeArgs: exports_external.array(exports_external.string()).optional(),
+  permissionArgs: exports_external.record(exports_external.array(exports_external.string())).optional(),
   accountFile: exports_external.string().optional(),
   emailPath: exports_external.array(exports_external.string()).optional()
 });

package/dist/types.d.ts

@@ -12,6 +12,8 @@ export declare const toolDefSchema: z.ZodObject<{
     loginArgs: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     loginHint: z.ZodOptional<z.ZodString>;
     resumeArgs: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+    /** Tool-specific permission presets exposed through `--permissions <preset>`. */
+    permissionArgs: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString, "many">>>;
     accountFile: z.ZodOptional<z.ZodString>;
     emailPath: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
 }, "strip", z.ZodTypeAny, {
@@ -24,6 +26,7 @@ export declare const toolDefSchema: z.ZodObject<{
     loginArgs?: string[] | undefined;
     loginHint?: string | undefined;
     resumeArgs?: string[] | undefined;
+    permissionArgs?: Record<string, string[]> | undefined;
     accountFile?: string | undefined;
     emailPath?: string[] | undefined;
 }, {
@@ -36,6 +39,7 @@ export declare const toolDefSchema: z.ZodObject<{
     loginArgs?: string[] | undefined;
     loginHint?: string | undefined;
     resumeArgs?: string[] | undefined;
+    permissionArgs?: Record<string, string[]> | undefined;
     accountFile?: string | undefined;
     emailPath?: string[] | undefined;
 }>;
@@ -117,6 +121,8 @@ export declare const storeSchema: z.ZodObject<{
         loginArgs: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
         loginHint: z.ZodOptional<z.ZodString>;
         resumeArgs: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        /** Tool-specific permission presets exposed through `--permissions <preset>`. */
+        permissionArgs: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString, "many">>>;
         accountFile: z.ZodOptional<z.ZodString>;
         emailPath: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
     }, "strip", z.ZodTypeAny, {
@@ -129,6 +135,7 @@ export declare const storeSchema: z.ZodObject<{
         loginArgs?: string[] | undefined;
         loginHint?: string | undefined;
         resumeArgs?: string[] | undefined;
+        permissionArgs?: Record<string, string[]> | undefined;
         accountFile?: string | undefined;
         emailPath?: string[] | undefined;
     }, {
@@ -141,6 +148,7 @@ export declare const storeSchema: z.ZodObject<{
         loginArgs?: string[] | undefined;
         loginHint?: string | undefined;
         resumeArgs?: string[] | undefined;
+        permissionArgs?: Record<string, string[]> | undefined;
         accountFile?: string | undefined;
         emailPath?: string[] | undefined;
     }>, "many">>;
@@ -167,6 +175,7 @@ export declare const storeSchema: z.ZodObject<{
         loginArgs?: string[] | undefined;
         loginHint?: string | undefined;
         resumeArgs?: string[] | undefined;
+        permissionArgs?: Record<string, string[]> | undefined;
         accountFile?: string | undefined;
         emailPath?: string[] | undefined;
     }[];
@@ -193,6 +202,7 @@ export declare const storeSchema: z.ZodObject<{
         loginArgs?: string[] | undefined;
         loginHint?: string | undefined;
         resumeArgs?: string[] | undefined;
+        permissionArgs?: Record<string, string[]> | undefined;
         accountFile?: string | undefined;
         emailPath?: string[] | undefined;
     }[] | undefined;

package/dist/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AASxB,8BAA8B;AAC9B,eAAO,MAAM,iBAAiB,aAAa,CAAC;AAE5C,uEAAuE;AACvE,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAYxB,CAAC;AAEH;;;;;GAKG;AACH,MAAM,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAEpD,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;EAQxB,CAAC;AAEH,MAAM,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAEpD,eAAO,MAAM,WAAW;;IAEtB,mEAAmE;;IAEnE;;;OAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;IAGH,0EAA0E;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAE1E,CAAC;AAEH,MAAM,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AAEhD,qBAAa,aAAc,SAAQ,KAAK;gBAC1B,OAAO,EAAE,MAAM;CAI5B"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AASxB,8BAA8B;AAC9B,eAAO,MAAM,iBAAiB,aAAa,CAAC;AAE5C,uEAAuE;AACvE,eAAO,MAAM,aAAa;;;;;;;;;;IAUxB,iFAAiF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAIjF,CAAC;AAEH;;;;;GAKG;AACH,MAAM,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAEpD,eAAO,MAAM,aAAa;;;;;;;;;;;;;;;;;;;;;;;;EAQxB,CAAC;AAEH,MAAM,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,aAAa,CAAC,CAAC;AAEpD,eAAO,MAAM,WAAW;;IAEtB,mEAAmE;;IAEnE;;;OAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;IAGH,0EAA0E;;;;;;;;;;;QApC1E,iFAAiF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAsCjF,CAAC;AAEH,MAAM,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,WAAW,CAAC,CAAC;AAEhD,qBAAa,aAAc,SAAQ,KAAK;gBAC1B,OAAO,EAAE,MAAM;CAI5B"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hasna/accounts",
-  "version": "0.1.12",
+  "version": "0.1.14",
   "description": "Manage and switch between multiple Claude Code (and other AI coding tool) profiles/accounts locally — isolated config dirs, per-account email, one-command switching.",
   "type": "module",
   "main": "dist/index.js",