npm - @hellcoder/companion - Versions diffs - 0.96.0 - Mend

@hellcoder/companion 0.96.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (242) hide show

package/bin/cli.ts +168 -0
package/bin/ctl.ts +528 -0
package/bin/generate-token.ts +28 -0
package/dist/apple-touch-icon.png +0 -0
package/dist/assets/AgentsPage-DCFhrJ28.js +13 -0
package/dist/assets/CronManager-EGwLJONv.js +1 -0
package/dist/assets/IntegrationsPage-CTMRnbQS.js +1 -0
package/dist/assets/LinearOAuthSettingsPage-CgQFMIgr.js +1 -0
package/dist/assets/LinearSettingsPage-C9nok1qi.js +1 -0
package/dist/assets/Playground-BV3k0RbV.js +109 -0
package/dist/assets/PromptsPage-CFojqNKP.js +4 -0
package/dist/assets/RunsPage-DUJ1QUSa.js +1 -0
package/dist/assets/SandboxManager-CrVQ-VU_.js +8 -0
package/dist/assets/SettingsPage-D1fPCL19.js +1 -0
package/dist/assets/TailscalePage-D06cyvyC.js +1 -0
package/dist/assets/index-BhUa1e6X.css +1 -0
package/dist/assets/index-DkqeP-R9.js +134 -0
package/dist/assets/sw-register-BibwRdvC.js +1 -0
package/dist/assets/workbox-window.prod.es5-BIl4cyR9.js +2 -0
package/dist/favicon.svg +8 -0
package/dist/fonts/MesloLGSNerdFontMono-Bold.woff2 +0 -0
package/dist/fonts/MesloLGSNerdFontMono-Regular.woff2 +0 -0
package/dist/icon-192.png +0 -0
package/dist/icon-512.png +0 -0
package/dist/index.html +20 -0
package/dist/logo-codex.svg +14 -0
package/dist/logo-docker.svg +4 -0
package/dist/logo.svg +14 -0
package/dist/manifest.json +24 -0
package/dist/sw.js +2 -0
package/package.json +104 -0
package/server/agent-cron-migrator.test.ts +610 -0
package/server/agent-cron-migrator.ts +85 -0
package/server/agent-executor.test.ts +1108 -0
package/server/agent-executor.ts +346 -0
package/server/agent-store.test.ts +588 -0
package/server/agent-store.ts +185 -0
package/server/agent-types.ts +138 -0
package/server/ai-validation-settings.test.ts +128 -0
package/server/ai-validation-settings.ts +35 -0
package/server/ai-validator.test.ts +387 -0
package/server/ai-validator.ts +271 -0
package/server/auth-manager.test.ts +83 -0
package/server/auth-manager.ts +150 -0
package/server/auto-namer.test.ts +252 -0
package/server/auto-namer.ts +78 -0
package/server/backend-adapter.test.ts +38 -0
package/server/backend-adapter.ts +54 -0
package/server/cache-headers.test.ts +98 -0
package/server/cache-headers.ts +61 -0
package/server/claude-adapter.test.ts +1363 -0
package/server/claude-adapter.ts +889 -0
package/server/claude-container-auth.test.ts +44 -0
package/server/claude-container-auth.ts +30 -0
package/server/claude-protocol-contract.test.ts +71 -0
package/server/claude-protocol-drift.test.ts +78 -0
package/server/claude-session-discovery.test.ts +132 -0
package/server/claude-session-discovery.ts +157 -0
package/server/claude-session-history.test.ts +158 -0
package/server/claude-session-history.ts +410 -0
package/server/cli-launcher.test.ts +1343 -0
package/server/cli-launcher.ts +1298 -0
package/server/cli.test.ts +16 -0
package/server/codex-adapter.test.ts +5545 -0
package/server/codex-adapter.ts +3062 -0
package/server/codex-container-auth.test.ts +50 -0
package/server/codex-container-auth.ts +24 -0
package/server/codex-home.test.ts +61 -0
package/server/codex-home.ts +26 -0
package/server/codex-protocol-contract.test.ts +96 -0
package/server/codex-protocol-drift.test.ts +123 -0
package/server/codex-ws-proxy.cjs +226 -0
package/server/commands-discovery.test.ts +179 -0
package/server/commands-discovery.ts +81 -0
package/server/constants.ts +7 -0
package/server/container-manager.test.ts +1211 -0
package/server/container-manager.ts +1053 -0
package/server/cron-scheduler.test.ts +957 -0
package/server/cron-scheduler.ts +243 -0
package/server/cron-store.test.ts +422 -0
package/server/cron-store.ts +148 -0
package/server/cron-types.ts +63 -0
package/server/env-manager.test.ts +268 -0
package/server/env-manager.ts +161 -0
package/server/event-bus-types.ts +64 -0
package/server/event-bus.test.ts +244 -0
package/server/event-bus.ts +124 -0
package/server/execution-store.test.ts +307 -0
package/server/execution-store.ts +170 -0
package/server/fs-utils.ts +15 -0
package/server/git-utils.test.ts +938 -0
package/server/git-utils.ts +421 -0
package/server/github-pr.test.ts +498 -0
package/server/github-pr.ts +379 -0
package/server/image-pull-manager.test.ts +303 -0
package/server/image-pull-manager.ts +279 -0
package/server/index.ts +396 -0
package/server/linear-agent-bridge.test.ts +1157 -0
package/server/linear-agent-bridge.ts +629 -0
package/server/linear-agent.test.ts +473 -0
package/server/linear-agent.ts +479 -0
package/server/linear-cache.test.ts +136 -0
package/server/linear-cache.ts +113 -0
package/server/linear-connections.test.ts +350 -0
package/server/linear-connections.ts +231 -0
package/server/linear-credential-migration.test.ts +337 -0
package/server/linear-credential-migration.ts +63 -0
package/server/linear-oauth-connections-migration.test.ts +268 -0
package/server/linear-oauth-connections.test.ts +365 -0
package/server/linear-oauth-connections.ts +294 -0
package/server/linear-project-manager.test.ts +162 -0
package/server/linear-project-manager.ts +111 -0
package/server/linear-prompt-builder.test.ts +74 -0
package/server/linear-prompt-builder.ts +61 -0
package/server/linear-staging.test.ts +276 -0
package/server/linear-staging.ts +142 -0
package/server/logger.test.ts +393 -0
package/server/logger.ts +259 -0
package/server/metrics-collector.test.ts +413 -0
package/server/metrics-collector.ts +350 -0
package/server/metrics-types.ts +108 -0
package/server/middleware/managed-auth.test.ts +264 -0
package/server/middleware/managed-auth.ts +195 -0
package/server/novnc-proxy.test.ts +333 -0
package/server/novnc-proxy.ts +99 -0
package/server/path-resolver.test.ts +552 -0
package/server/path-resolver.ts +186 -0
package/server/paths.test.ts +31 -0
package/server/paths.ts +11 -0
package/server/pr-poller.test.ts +191 -0
package/server/pr-poller.ts +162 -0
package/server/prompt-manager.test.ts +211 -0
package/server/prompt-manager.ts +211 -0
package/server/protocol/claude-upstream/README.md +19 -0
package/server/protocol/claude-upstream/sdk.d.ts.txt +1943 -0
package/server/protocol/codex-upstream/ClientNotification.ts.txt +5 -0
package/server/protocol/codex-upstream/ClientRequest.ts.txt +60 -0
package/server/protocol/codex-upstream/README.md +18 -0
package/server/protocol/codex-upstream/ServerNotification.ts.txt +41 -0
package/server/protocol/codex-upstream/ServerRequest.ts.txt +16 -0
package/server/protocol/codex-upstream/v2/DynamicToolCallParams.ts.txt +6 -0
package/server/protocol/codex-upstream/v2/DynamicToolCallResponse.ts.txt +6 -0
package/server/protocol-monitor.ts +50 -0
package/server/recorder.test.ts +454 -0
package/server/recorder.ts +374 -0
package/server/recording-hub/compat-validator.test.ts +150 -0
package/server/recording-hub/compat-validator.ts +284 -0
package/server/recording-hub/diagnostics.test.ts +140 -0
package/server/recording-hub/diagnostics.ts +299 -0
package/server/recording-hub/hub-config.test.ts +44 -0
package/server/recording-hub/hub-config.ts +19 -0
package/server/recording-hub/hub-routes.test.ts +417 -0
package/server/recording-hub/hub-routes.ts +236 -0
package/server/recording-hub/hub-store.test.ts +262 -0
package/server/recording-hub/hub-store.ts +265 -0
package/server/recording-hub/replay-adapter.test.ts +294 -0
package/server/recording-hub/replay-adapter.ts +207 -0
package/server/relay-client.test.ts +337 -0
package/server/relay-client.ts +320 -0
package/server/replay.test.ts +200 -0
package/server/replay.ts +78 -0
package/server/routes/agent-routes.test.ts +1400 -0
package/server/routes/agent-routes.ts +409 -0
package/server/routes/cron-routes.test.ts +881 -0
package/server/routes/cron-routes.ts +103 -0
package/server/routes/env-routes.test.ts +383 -0
package/server/routes/env-routes.ts +95 -0
package/server/routes/fs-routes.test.ts +1198 -0
package/server/routes/fs-routes.ts +605 -0
package/server/routes/git-routes.test.ts +813 -0
package/server/routes/git-routes.ts +97 -0
package/server/routes/linear-agent-routes.test.ts +721 -0
package/server/routes/linear-agent-routes.ts +304 -0
package/server/routes/linear-connection-routes.test.ts +927 -0
package/server/routes/linear-connection-routes.ts +244 -0
package/server/routes/linear-oauth-connection-routes.test.ts +406 -0
package/server/routes/linear-oauth-connection-routes.ts +129 -0
package/server/routes/linear-routes.test.ts +1510 -0
package/server/routes/linear-routes.ts +953 -0
package/server/routes/metrics-routes.test.ts +103 -0
package/server/routes/metrics-routes.ts +13 -0
package/server/routes/prompt-routes.ts +67 -0
package/server/routes/sandbox-routes.test.ts +513 -0
package/server/routes/sandbox-routes.ts +127 -0
package/server/routes/settings-routes.ts +270 -0
package/server/routes/skills-routes.test.ts +690 -0
package/server/routes/skills-routes.ts +100 -0
package/server/routes/system-routes.test.ts +637 -0
package/server/routes/system-routes.ts +228 -0
package/server/routes/tailscale-routes.test.ts +176 -0
package/server/routes/tailscale-routes.ts +22 -0
package/server/routes.test.ts +4655 -0
package/server/routes.ts +1277 -0
package/server/sandbox-manager.test.ts +378 -0
package/server/sandbox-manager.ts +168 -0
package/server/service.test.ts +1419 -0
package/server/service.ts +718 -0
package/server/session-creation-service.test.ts +661 -0
package/server/session-creation-service.ts +473 -0
package/server/session-git-info.ts +104 -0
package/server/session-linear-issues.test.ts +118 -0
package/server/session-linear-issues.ts +88 -0
package/server/session-names.test.ts +94 -0
package/server/session-names.ts +67 -0
package/server/session-orchestrator.test.ts +1784 -0
package/server/session-orchestrator.ts +973 -0
package/server/session-state-machine.test.ts +606 -0
package/server/session-state-machine.ts +207 -0
package/server/session-store.test.ts +290 -0
package/server/session-store.ts +146 -0
package/server/session-types.ts +509 -0
package/server/settings-manager.test.ts +275 -0
package/server/settings-manager.ts +173 -0
package/server/tailscale-manager.test.ts +553 -0
package/server/tailscale-manager.ts +451 -0
package/server/terminal-manager.ts +240 -0
package/server/update-checker.test.ts +306 -0
package/server/update-checker.ts +197 -0
package/server/usage-limits.test.ts +536 -0
package/server/usage-limits.ts +225 -0
package/server/worktree-tracker.test.ts +243 -0
package/server/worktree-tracker.ts +84 -0
package/server/ws-auth.test.ts +59 -0
package/server/ws-auth.ts +41 -0
package/server/ws-bridge-browser-ingest.test.ts +272 -0
package/server/ws-bridge-browser-ingest.ts +72 -0
package/server/ws-bridge-browser.ts +112 -0
package/server/ws-bridge-cli-ingest.test.ts +302 -0
package/server/ws-bridge-cli-ingest.ts +81 -0
package/server/ws-bridge-codex.test.ts +1837 -0
package/server/ws-bridge-codex.ts +266 -0
package/server/ws-bridge-controls.test.ts +124 -0
package/server/ws-bridge-controls.ts +20 -0
package/server/ws-bridge-persist.test.ts +296 -0
package/server/ws-bridge-persist.ts +66 -0
package/server/ws-bridge-publish.test.ts +234 -0
package/server/ws-bridge-publish.ts +79 -0
package/server/ws-bridge-replay.test.ts +44 -0
package/server/ws-bridge-replay.ts +61 -0
package/server/ws-bridge-types.ts +106 -0
package/server/ws-bridge.test.ts +4777 -0
package/server/ws-bridge.ts +1279 -0

package/server/agent-store.ts ADDED Viewed

@@ -0,0 +1,185 @@
+import {
+  mkdirSync,
+  readdirSync,
+  readFileSync,
+  writeFileSync,
+  unlinkSync,
+  existsSync,
+} from "node:fs";
+import { join } from "node:path";
+import { COMPANION_HOME } from "./paths.js";
+import { randomBytes } from "node:crypto";
+import type { AgentConfig, AgentConfigCreateInput } from "./agent-types.js";
+// ─── Paths ──────────────────────────────────────────────────────────────────
+const AGENTS_DIR = join(COMPANION_HOME, "agents");
+function ensureDir(): void {
+  mkdirSync(AGENTS_DIR, { recursive: true });
+}
+function filePath(id: string): string {
+  return join(AGENTS_DIR, `${id}.json`);
+}
+// ─── Helpers ────────────────────────────────────────────────────────────────
+function slugify(name: string): string {
+  return name
+    .toLowerCase()
+    .replace(/\s+/g, "-")
+    .replace(/[^a-z0-9-]/g, "")
+    .replace(/-+/g, "-")
+    .replace(/^-|-$/g, "");
+}
+function generateWebhookSecret(): string {
+  return randomBytes(24).toString("hex");
+}
+/**
+ * Strip the legacy `triggers.chat` block from agents loaded from disk.
+ * The Chat SDK was removed but agents saved with the old schema may still
+ * have chat platform credentials on disk. Stripping on load prevents
+ * leaking those secrets via the API.
+ */
+function stripLegacyChatTrigger(agent: AgentConfig): AgentConfig {
+  if (!agent.triggers || !("chat" in agent.triggers)) return agent;
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  const { chat: _chat, ...rest } = agent.triggers as Record<string, unknown>;
+  return { ...agent, triggers: rest as AgentConfig["triggers"] };
+}
+// ─── CRUD ───────────────────────────────────────────────────────────────────
+export function listAgents(): AgentConfig[] {
+  ensureDir();
+  try {
+    const files = readdirSync(AGENTS_DIR).filter((f) => f.endsWith(".json"));
+    const agents: AgentConfig[] = [];
+    for (const file of files) {
+      try {
+        const raw = readFileSync(join(AGENTS_DIR, file), "utf-8");
+        agents.push(stripLegacyChatTrigger(JSON.parse(raw)));
+      } catch {
+        // Skip corrupt files
+      }
+    }
+    agents.sort((a, b) => a.name.localeCompare(b.name));
+    return agents;
+  } catch {
+    return [];
+  }
+}
+export function getAgent(id: string): AgentConfig | null {
+  ensureDir();
+  try {
+    const raw = readFileSync(filePath(id), "utf-8");
+    return stripLegacyChatTrigger(JSON.parse(raw) as AgentConfig);
+  } catch {
+    return null;
+  }
+}
+export function createAgent(data: AgentConfigCreateInput): AgentConfig {
+  if (!data.name || !data.name.trim()) throw new Error("Agent name is required");
+  if (!data.prompt || !data.prompt.trim()) throw new Error("Agent prompt is required");
+  const id = slugify(data.name.trim());
+  if (!id) throw new Error("Agent name must contain alphanumeric characters");
+  ensureDir();
+  if (existsSync(filePath(id))) {
+    throw new Error(`An agent with a similar name already exists ("${id}")`);
+  }
+  // Auto-generate webhook secret if webhook trigger is enabled but has no secret
+  const triggers = data.triggers ? { ...data.triggers } : undefined;
+  if (triggers?.webhook && !triggers.webhook.secret) {
+    triggers.webhook = { ...triggers.webhook, secret: generateWebhookSecret() };
+  }
+  const now = Date.now();
+  const agent: AgentConfig = {
+    ...data,
+    triggers,
+    id,
+    name: data.name.trim(),
+    prompt: data.prompt.trim(),
+    description: data.description?.trim() || "",
+    cwd: data.cwd?.trim() || "",
+    createdAt: now,
+    updatedAt: now,
+    totalRuns: 0,
+    consecutiveFailures: 0,
+  };
+  writeFileSync(filePath(id), JSON.stringify(agent, null, 2), "utf-8");
+  return agent;
+}
+export function updateAgent(
+  id: string,
+  updates: Partial<AgentConfig>,
+): AgentConfig | null {
+  ensureDir();
+  const existing = getAgent(id);
+  if (!existing) return null;
+  const newName = updates.name?.trim() || existing.name;
+  const newId = slugify(newName);
+  if (!newId) throw new Error("Agent name must contain alphanumeric characters");
+  // If name changed, check for slug collision with a different agent
+  if (newId !== id && existsSync(filePath(newId))) {
+    throw new Error(`An agent with a similar name already exists ("${newId}")`);
+  }
+  const agent: AgentConfig = {
+    ...existing,
+    ...updates,
+    id: newId,
+    name: newName,
+    updatedAt: Date.now(),
+    // Preserve immutable fields
+    createdAt: existing.createdAt,
+  };
+  // If id changed, delete old file
+  if (newId !== id) {
+    try {
+      unlinkSync(filePath(id));
+    } catch {
+      /* ok */
+    }
+  }
+  writeFileSync(filePath(newId), JSON.stringify(agent, null, 2), "utf-8");
+  return agent;
+}
+export function deleteAgent(id: string): boolean {
+  ensureDir();
+  if (!existsSync(filePath(id))) return false;
+  try {
+    unlinkSync(filePath(id));
+    return true;
+  } catch {
+    return false;
+  }
+}
+/** Generate a new webhook secret for an agent */
+export function regenerateWebhookSecret(id: string): AgentConfig | null {
+  const agent = getAgent(id);
+  if (!agent) return null;
+  const triggers = agent.triggers || {};
+  triggers.webhook = {
+    enabled: triggers.webhook?.enabled ?? false,
+    secret: generateWebhookSecret(),
+  };
+  return updateAgent(id, { triggers });
+}

package/server/agent-types.ts ADDED Viewed

@@ -0,0 +1,138 @@
+// ─── Agent Types ─────────────────────────────────────────────────────────────
+export interface McpServerConfigAgent {
+  type: "stdio" | "sse" | "http";
+  command?: string;
+  args?: string[];
+  url?: string;
+  env?: Record<string, string>;
+}
+export interface AgentConfig {
+  /** Unique slug-based ID (derived from name) */
+  id: string;
+  /** Schema version for forward compat */
+  version: 1;
+  /** Human-readable name */
+  name: string;
+  /** Short description of what this agent does */
+  description: string;
+  /** Emoji or icon identifier */
+  icon?: string;
+  // ── Session Config ──
+  /** "claude" or "codex" */
+  backendType: "claude" | "codex";
+  /** Model to use (e.g. "claude-sonnet-4-6") */
+  model: string;
+  /** Permission mode — "bypassPermissions" for Claude auto mode */
+  permissionMode: string;
+  /** Working directory path, or "temp" for an auto-created temp dir */
+  cwd: string;
+  /** Optional environment slug (references ~/.companion/envs/) */
+  envSlug?: string;
+  /** Extra environment variables */
+  env?: Record<string, string>;
+  /** Tool allowlist (empty = all tools) */
+  allowedTools?: string[];
+  /** Codex-specific: internet access */
+  codexInternetAccess?: boolean;
+  // ── Prompt ──
+  /** Prompt template. Use {{input}} as placeholder for trigger-provided input */
+  prompt: string;
+  // ── MCP Servers ──
+  /** MCP server configs to set on the session after CLI connects */
+  mcpServers?: Record<string, McpServerConfigAgent>;
+  // ── Skills ──
+  /** Skill slugs to attach (from ~/.claude/skills/) */
+  skills?: string[];
+  // ── Docker ──
+  /** Optional Docker container configuration */
+  container?: {
+    image?: string;
+    ports?: number[];
+    volumes?: string[];
+    initScript?: string;
+  };
+  // ── Git ──
+  branch?: string;
+  createBranch?: boolean;
+  useWorktree?: boolean;
+  // ── Triggers ──
+  triggers?: {
+    /** Webhook trigger config */
+    webhook?: {
+      enabled: boolean;
+      /** Auto-generated secret token for URL auth */
+      secret: string;
+    };
+    /** Cron/schedule trigger config */
+    schedule?: {
+      enabled: boolean;
+      /** Cron expression or ISO datetime */
+      expression: string;
+      /** true = recurring cron, false = one-shot */
+      recurring: boolean;
+    };
+    /** Linear Agent Interaction SDK trigger (per-agent OAuth app) */
+    linear?: {
+      enabled: boolean;
+      /** Reference to a LinearOAuthConnection by ID (new model) */
+      oauthConnectionId?: string;
+      /** @deprecated OAuth app client ID from Linear — use oauthConnectionId instead */
+      oauthClientId?: string;
+      /** @deprecated OAuth app client secret — use oauthConnectionId instead */
+      oauthClientSecret?: string;
+      /** @deprecated Webhook signing secret — use oauthConnectionId instead */
+      webhookSecret?: string;
+      /** @deprecated OAuth access token — use oauthConnectionId instead */
+      accessToken?: string;
+      /** @deprecated OAuth refresh token — use oauthConnectionId instead */
+      refreshToken?: string;
+    };
+  };
+  // ── Tracking ──
+  enabled: boolean;
+  createdAt: number;
+  updatedAt: number;
+  lastRunAt?: number;
+  lastSessionId?: string;
+  totalRuns: number;
+  consecutiveFailures: number;
+}
+/** Input for creating an agent (without auto-generated fields) */
+export type AgentConfigCreateInput = Omit<
+  AgentConfig,
+  "id" | "createdAt" | "updatedAt" | "totalRuns" | "consecutiveFailures" | "lastRunAt" | "lastSessionId"
+>;
+/** The portable/shareable JSON format (no internal tracking fields) */
+export type AgentConfigExport = Omit<
+  AgentConfig,
+  "id" | "createdAt" | "updatedAt" | "totalRuns" | "consecutiveFailures" | "lastRunAt" | "lastSessionId" | "enabled"
+>;
+export interface AgentExecution {
+  /** The session ID created for this execution */
+  sessionId: string;
+  /** The agent ID that triggered this */
+  agentId: string;
+  /** Trigger type that initiated this execution */
+  triggerType: "manual" | "webhook" | "schedule" | "linear";
+  /** When the execution started */
+  startedAt: number;
+  /** When the execution completed */
+  completedAt?: number;
+  /** Whether the execution succeeded */
+  success?: boolean;
+  /** Error message if it failed */
+  error?: string;
+}

package/server/ai-validation-settings.test.ts ADDED Viewed

@@ -0,0 +1,128 @@
+import { mkdtempSync, rmSync } from "node:fs";
+import { join } from "node:path";
+import { tmpdir } from "node:os";
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import {
+  _resetForTest,
+  updateSettings,
+} from "./settings-manager.js";
+import { getEffectiveAiValidation } from "./ai-validation-settings.js";
+import type { SessionState } from "./session-types.js";
+let tempDir: string;
+let settingsPath: string;
+/** Minimal SessionState with only the fields needed for testing */
+function makeSessionState(overrides: Partial<SessionState> = {}): SessionState {
+  return {
+    session_id: "test-session",
+    model: "",
+    cwd: "",
+    tools: [],
+    permissionMode: "default",
+    claude_code_version: "",
+    mcp_servers: [],
+    agents: [],
+    slash_commands: [],
+    skills: [],
+    total_cost_usd: 0,
+    num_turns: 0,
+    context_used_percent: 0,
+    is_compacting: false,
+    git_branch: "",
+    is_worktree: false,
+    is_containerized: false,
+    repo_root: "",
+    git_ahead: 0,
+    git_behind: 0,
+    total_lines_added: 0,
+    total_lines_removed: 0,
+    ...overrides,
+  };
+}
+beforeEach(() => {
+  tempDir = mkdtempSync(join(tmpdir(), "ai-validation-settings-test-"));
+  settingsPath = join(tempDir, "settings.json");
+  _resetForTest(settingsPath);
+});
+afterEach(() => {
+  rmSync(tempDir, { recursive: true, force: true });
+  _resetForTest();
+});
+describe("getEffectiveAiValidation", () => {
+  it("returns global defaults when session fields are undefined", () => {
+    // Global defaults: enabled=false, autoApprove=true, autoDeny=false
+    const session = makeSessionState();
+    const result = getEffectiveAiValidation(session);
+    expect(result.enabled).toBe(false);
+    expect(result.autoApprove).toBe(true);
+    expect(result.autoDeny).toBe(false);
+    expect(result.anthropicApiKey).toBe("");
+  });
+  it("returns global defaults when session fields are null (explicit inherit)", () => {
+    const session = makeSessionState({
+      aiValidationEnabled: null,
+      aiValidationAutoApprove: null,
+      aiValidationAutoDeny: null,
+    });
+    const result = getEffectiveAiValidation(session);
+    expect(result.enabled).toBe(false);
+    expect(result.autoApprove).toBe(true);
+    expect(result.autoDeny).toBe(false);
+  });
+  it("session override wins over global when session fields are set", () => {
+    // Set global to enabled
+    updateSettings({ aiValidationEnabled: true, aiValidationAutoApprove: true, aiValidationAutoDeny: true });
+    // Session overrides all three to different values
+    const session = makeSessionState({
+      aiValidationEnabled: false,
+      aiValidationAutoApprove: false,
+      aiValidationAutoDeny: false,
+    });
+    const result = getEffectiveAiValidation(session);
+    expect(result.enabled).toBe(false);
+    expect(result.autoApprove).toBe(false);
+    expect(result.autoDeny).toBe(false);
+  });
+  it("session enabled=true overrides global enabled=false", () => {
+    // Global: disabled
+    const session = makeSessionState({ aiValidationEnabled: true });
+    const result = getEffectiveAiValidation(session);
+    expect(result.enabled).toBe(true);
+  });
+  it("mixed: session sets enabled, inherits autoApprove/autoDeny from global", () => {
+    updateSettings({ aiValidationAutoApprove: false, aiValidationAutoDeny: false });
+    const session = makeSessionState({
+      aiValidationEnabled: true,
+      aiValidationAutoApprove: null, // inherit global (false)
+      aiValidationAutoDeny: undefined, // inherit global (false)
+    });
+    const result = getEffectiveAiValidation(session);
+    expect(result.enabled).toBe(true);
+    expect(result.autoApprove).toBe(false);
+    expect(result.autoDeny).toBe(false);
+  });
+  it("anthropicApiKey always comes from global settings", () => {
+    updateSettings({ anthropicApiKey: "sk-test-key-123" });
+    const session = makeSessionState({ aiValidationEnabled: true });
+    const result = getEffectiveAiValidation(session);
+    expect(result.anthropicApiKey).toBe("sk-test-key-123");
+  });
+  it("returns empty API key when global has none, regardless of session settings", () => {
+    const session = makeSessionState({ aiValidationEnabled: true });
+    const result = getEffectiveAiValidation(session);
+    expect(result.anthropicApiKey).toBe("");
+  });
+});

package/server/ai-validation-settings.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import { getSettings } from "./settings-manager.js";
+import type { SessionState } from "./session-types.js";
+export interface EffectiveAiValidationSettings {
+  enabled: boolean;
+  autoApprove: boolean;
+  autoDeny: boolean;
+  anthropicApiKey: string;
+}
+/**
+ * Resolve effective AI validation settings for a session.
+ * Session-level overrides take priority; falls back to global settings.
+ * The anthropicApiKey is always from global settings.
+ */
+export function getEffectiveAiValidation(
+  sessionState: SessionState,
+): EffectiveAiValidationSettings {
+  const global = getSettings();
+  return {
+    enabled:
+      sessionState.aiValidationEnabled != null
+        ? sessionState.aiValidationEnabled
+        : global.aiValidationEnabled,
+    autoApprove:
+      sessionState.aiValidationAutoApprove != null
+        ? sessionState.aiValidationAutoApprove
+        : global.aiValidationAutoApprove,
+    autoDeny:
+      sessionState.aiValidationAutoDeny != null
+        ? sessionState.aiValidationAutoDeny
+        : global.aiValidationAutoDeny,
+    anthropicApiKey: global.anthropicApiKey,
+  };
+}