@hienlh/ppm 0.7.41 → 0.8.1

package/src/providers/claude-agent-sdk.ts

@@ -106,7 +106,9 @@ export class ClaudeAgentSdkProvider implements AIProvider {
     if (!event || typeof event !== "object") return null;
     const e = event as Record<string, unknown>;
     if (e.type === "result" && e.subtype === "error_during_execution") {
-      const msg = String(e.error ?? e.error_message ?? e.message ?? "");
+      // SDK uses `errors: string[]` array for error details
+      const errorsArr = Array.isArray(e.errors) ? (e.errors as string[]).join(" ") : "";
+      const msg = errorsArr || String(e.error ?? "");
       if (msg.includes("429") || msg.toLowerCase().includes("rate limit") || msg.toLowerCase().includes("overloaded")) return 429;
       if (msg.includes("401") || msg.toLowerCase().includes("unauthorized") || msg.toLowerCase().includes("invalid api key")) return 401;
     }
@@ -151,7 +153,15 @@ export class ClaudeAgentSdkProvider implements AIProvider {
     if (opts.providerConfig.effort) args.push("--effort", opts.providerConfig.effort);
 
     // Permission mode
-    args.push("--permission-mode", "bypassPermissions", "--dangerously-skip-permissions");
+    args.push("--permission-mode", opts.providerConfig.permission_mode ?? "bypassPermissions");
+    if ((opts.providerConfig.permission_mode ?? "bypassPermissions") === "bypassPermissions") {
+      args.push("--dangerously-skip-permissions");
+    }
+
+    // System prompt — CLI uses --append-system-prompt flag
+    if (opts.providerConfig.system_prompt) {
+      args.push("--append-system-prompt", opts.providerConfig.system_prompt);
+    }
 
     // On Windows, `claude` is a .cmd wrapper (npm global) — Bun.spawn can't resolve .cmd
     // files directly. Use `cmd /c` to let the Windows shell find it via PATH.
@@ -391,7 +401,7 @@ export class ClaudeAgentSdkProvider implements AIProvider {
   async *sendMessage(
     sessionId: string,
     message: string,
-    opts?: { forkSession?: boolean },
+    opts?: import("./provider.interface.ts").SendMessageOpts & { forkSession?: boolean },
   ): AsyncIterable<ChatEvent> {
     if (!this.activeSessions.has(sessionId)) {
       await this.resumeSession(sessionId);
@@ -411,58 +421,104 @@ export class ClaudeAgentSdkProvider implements AIProvider {
     const shouldFork = !!forkSourceId && isFirstMessage;
     if (forkSourceId) this.forkSources.delete(sessionId);
 
+    // Resolve permission mode early — canUseTool needs isBypass
+    const providerConfig = this.getProviderConfig();
+    const permissionMode = opts?.permissionMode || providerConfig.permission_mode || "bypassPermissions";
+    const isBypass = permissionMode === "bypassPermissions";
+    const systemPromptOpt = providerConfig.system_prompt
+      ? { type: "custom" as const, value: providerConfig.system_prompt }
+      : { type: "preset" as const, preset: "claude_code" as const };
+
+    // Build allowedTools based on permission mode.
+    // SDK auto-approves everything in allowedTools (skips canUseTool callback).
+    // In non-bypass modes, only pre-approve read-only tools so write/execute tools
+    // go through the permission evaluation chain → canUseTool callback.
+    const readOnlyTools = ["Read", "Glob", "Grep", "WebSearch", "WebFetch", "ToolSearch"];
+    const writeTools = ["Write", "Edit", "Bash", "Agent", "Skill", "TodoWrite", "AskUserQuestion"];
+    const allowedTools = isBypass
+      ? [...readOnlyTools, ...writeTools]
+      : readOnlyTools;
+
     /**
      * Approval events to yield from the generator.
-     * canUseTool pushes events here; the main loop yields them.
+     * PreToolUse hook pushes events here; the main loop yields them.
      */
     const approvalEvents: ChatEvent[] = [];
     let approvalNotify: (() => void) | undefined;
 
     /**
-     * canUseTool: only fires for AskUserQuestion (bypassPermissions auto-approves other tools).
-     * Pauses SDK execution, yields approval_request to FE, waits for user response.
+     * Helper: send approval request to FE and wait for response.
+     */
+    const waitForApproval = (toolName: string, input: unknown): Promise<{ approved: boolean; data?: unknown }> => {
+      const requestId = crypto.randomUUID();
+      const APPROVAL_TIMEOUT_MS = 5 * 60_000;
+      const promise = new Promise<{ approved: boolean; data?: unknown }>((resolve) => {
+        this.pendingApprovals.set(requestId, { resolve });
+        setTimeout(() => {
+          if (this.pendingApprovals.has(requestId)) {
+            this.pendingApprovals.delete(requestId);
+            resolve({ approved: false });
+          }
+        }, APPROVAL_TIMEOUT_MS);
+      });
+      approvalEvents.push({ type: "approval_request", requestId, tool: toolName, input });
+      approvalNotify?.();
+      return promise;
+    };
+
+    /**
+     * canUseTool: handles AskUserQuestion (always surfaces to FE regardless of mode).
+     * Tool permission for Write/Edit/Bash is handled by the PreToolUse hook below.
      */
     const canUseTool = async (toolName: string, input: unknown) => {
-      // Non-AskUserQuestion tools: auto-approve (shouldn't reach here with bypassPermissions)
-      if (toolName !== "AskUserQuestion") {
-        return { behavior: "allow" as const, updatedInput: input };
+      console.log(`[sdk] canUseTool called: tool=${toolName} permissionMode=${permissionMode}`);
+      if (toolName === "AskUserQuestion") {
+        const result = await waitForApproval(toolName, input);
+        if (result.approved && result.data) {
+          return {
+            behavior: "allow" as const,
+            updatedInput: { ...(input as Record<string, unknown>), answers: result.data },
+          };
+        }
+        return { behavior: "deny" as const, message: "User skipped the question" };
       }
+      return { behavior: "allow" as const, updatedInput: input };
+    };
 
-      const requestId = crypto.randomUUID();
+    /**
+     * PreToolUse hook: runs FIRST in SDK evaluation order (Hooks → Deny → PermMode → Allow → canUseTool).
+     * User settings hooks (scout-block, etc.) return exit 0 → SDK treats as "allow", preventing canUseTool.
+     * This in-process hook handles permission mode decisions before external hooks auto-approve.
+     */
+    const preToolUseHook = async (hookInput: any) => {
+      const toolName = hookInput?.tool_name as string | undefined;
+      if (!toolName) return {};
+      console.log(`[sdk] preToolUseHook: tool=${toolName} permissionMode=${permissionMode} isBypass=${isBypass}`);
 
-      const APPROVAL_TIMEOUT_MS = 5 * 60_000; // 5min — extended for FE reconnect
-      const approvalPromise = new Promise<{ approved: boolean; data?: unknown }>(
-        (resolve) => {
-          this.pendingApprovals.set(requestId, { resolve });
-          // Auto-deny after timeout if FE doesn't respond
-          setTimeout(() => {
-            if (this.pendingApprovals.has(requestId)) {
-              this.pendingApprovals.delete(requestId);
-              resolve({ approved: false });
-            }
-          }, APPROVAL_TIMEOUT_MS);
-        },
-      );
+      // Bypass mode: allow everything
+      if (isBypass) return {};
 
-      // Queue event for the generator to yield to FE
-      approvalEvents.push({
-        type: "approval_request",
-        requestId,
-        tool: toolName,
-        input,
-      });
-      approvalNotify?.();
+      // Read-only tools: always allow
+      if (readOnlyTools.includes(toolName)) return {};
 
-      // Wait for FE to send back answers (or timeout)
-      const result = await approvalPromise;
+      // AskUserQuestion: handled by canUseTool callback
+      if (toolName === "AskUserQuestion") return {};
 
-      if (result.approved && result.data) {
-        return {
-          behavior: "allow" as const,
-          updatedInput: { ...(input as Record<string, unknown>), answers: result.data },
-        };
+      // Non-bypass mode: ask FE for approval on write/execute tools
+      const result = await waitForApproval(toolName, hookInput?.tool_input);
+      if (result.approved) {
+        return { hookSpecificOutput: { permissionDecision: "allow" } };
       }
-      return { behavior: "deny" as const, message: "User skipped the question" };
+      return { hookSpecificOutput: { permissionDecision: "deny", message: "User denied tool execution" } };
+    };
+
+    // Hooks config: add our permission hook for non-bypass modes
+    const permissionHooks = isBypass ? undefined : {
+      PreToolUse: [{
+        matcher: ".*",  // Match all tools — our hook checks internally
+        hooks: [preToolUseHook],
+        timeout: 300,  // 5min for user approval
+      }],
     };
 
     let assistantContent = "";
@@ -470,7 +526,6 @@ export class ClaudeAgentSdkProvider implements AIProvider {
     let resultNumTurns: number | undefined;
     let resultContextWindowPct: number | undefined;
     try {
-      const providerConfig = this.getProviderConfig();
       // Resolve SDK's actual session ID for resume (may differ from PPM's UUID)
       // For fork: use the source session's SDK id
       const sdkId = shouldFork ? getSdkSessionId(forkSourceId!) : getSdkSessionId(sessionId);
@@ -480,13 +535,25 @@ export class ClaudeAgentSdkProvider implements AIProvider {
 
       // Account-based auth injection (multi-account mode)
       // Fallback to existing env (ANTHROPIC_API_KEY) when no accounts configured.
-      const account = accountSelector.isEnabled() ? accountSelector.next() : null;
+      const accountsEnabled = accountSelector.isEnabled();
+      const account = accountsEnabled ? accountSelector.next() : null;
+      if (accountsEnabled && !account) {
+        // All accounts in DB but none usable
+        const reason = accountSelector.lastFailReason;
+        const hint = reason === "all_decrypt_failed"
+          ? "Account tokens were encrypted with a different machine key. Re-add your accounts in Settings, or copy ~/.ppm/account.key from the original machine."
+          : "All accounts are disabled or in cooldown. Check Settings → Accounts.";
+        console.error(`[sdk] session=${sessionId} account auth failed (${reason}): ${hint}`);
+        yield { type: "error" as const, message: `Authentication failed: ${hint}` };
+        yield { type: "done" as const, sessionId, resultSubtype: "error_auth" };
+        return;
+      }
       if (account) {
         console.log(`[sdk] Using account ${account.id} (${account.email ?? "no-email"})`);
         yield { type: "account_info" as const, accountId: account.id, accountLabel: account.label ?? account.email ?? "Unknown" };
       }
       const queryEnv = this.buildQueryEnv(meta.projectPath, account);
-      console.log(`[sdk] query: session=${sessionId} sdkId=${sdkId} isFirst=${isFirstMessage} fork=${shouldFork} cwd=${effectiveCwd} platform=${process.platform} accountMode=${!!account}`);
+      console.log(`[sdk] query: session=${sessionId} sdkId=${sdkId} isFirst=${isFirstMessage} fork=${shouldFork} cwd=${effectiveCwd} platform=${process.platform} accountMode=${!!account} permissionMode=${permissionMode} isBypass=${isBypass}`);
 
       // TODO: Remove when TS SDK fixes Windows stdin pipe buffering (see queryDirectCli() JSDoc for tracking issues)
       // On Windows, SDK query() hangs because Bun subprocess stdin pipe never flushes to child process.
@@ -528,17 +595,14 @@ export class ClaudeAgentSdkProvider implements AIProvider {
             resume: (isFirstMessage && !shouldFork) ? undefined : sdkId,
             ...(shouldFork && { forkSession: true }),
             cwd: effectiveCwd,
-            systemPrompt: { type: "preset", preset: "claude_code" },
+            systemPrompt: systemPromptOpt,
             settingSources: ["user", "project"],
             env: queryEnv,
             settings: { permissions: { allow: [], deny: [] } },
-            allowedTools: [
-              "Read", "Write", "Edit", "Bash", "Glob", "Grep",
-              "WebSearch", "WebFetch", "AskUserQuestion",
-              "Agent", "Skill", "TodoWrite", "ToolSearch",
-            ],
-            permissionMode: "bypassPermissions",
-            allowDangerouslySkipPermissions: true,
+            allowedTools,
+            permissionMode,
+            allowDangerouslySkipPermissions: isBypass,
+            ...(permissionHooks && { hooks: permissionHooks }),
             ...(providerConfig.model && { model: providerConfig.model }),
             ...(providerConfig.effort && { effort: providerConfig.effort }),
             maxTurns: providerConfig.max_turns ?? 100,
@@ -583,17 +647,14 @@ export class ClaudeAgentSdkProvider implements AIProvider {
                   resume: undefined,
                   ...(shouldFork && { forkSession: true }),
                   cwd: effectiveCwd,
-                  systemPrompt: { type: "preset", preset: "claude_code" },
+                  systemPrompt: systemPromptOpt,
                   settingSources: ["user", "project"],
                   env: queryEnv,
                   settings: { permissions: { allow: [], deny: [] } },
-                  allowedTools: [
-                    "Read", "Write", "Edit", "Bash", "Glob", "Grep",
-                    "WebSearch", "WebFetch", "AskUserQuestion",
-                    "Agent", "Skill", "TodoWrite", "ToolSearch",
-                  ],
-                  permissionMode: "bypassPermissions",
-                  allowDangerouslySkipPermissions: true,
+                  allowedTools,
+                  permissionMode,
+                  allowDangerouslySkipPermissions: isBypass,
+                  ...(permissionHooks && { hooks: permissionHooks }),
                   ...(providerConfig.model && { model: providerConfig.model }),
                   ...(providerConfig.effort && { effort: providerConfig.effort }),
                   maxTurns: providerConfig.max_turns ?? 100,
@@ -727,6 +788,20 @@ export class ClaudeAgentSdkProvider implements AIProvider {
 
         // Full assistant message
         if (msg.type === "assistant") {
+          // SDK assistant messages can carry an error field for auth/billing/rate-limit failures
+          const assistantError = (msg as any).error as string | undefined;
+          if (assistantError) {
+            const errorHints: Record<string, string> = {
+              authentication_failed: "API authentication failed. Check your account credentials in Settings → Accounts.",
+              billing_error: "Billing error on this account. Check your subscription status.",
+              rate_limit: "Rate limited by the API. Please wait and try again.",
+              invalid_request: "Invalid request sent to the API.",
+              server_error: "Anthropic API server error. Try again shortly.",
+            };
+            const hint = errorHints[assistantError] ?? `API error: ${assistantError}`;
+            console.error(`[sdk] session=${sessionId} assistant error: ${assistantError}`);
+            yield { type: "error", message: hint };
+          }
           const content = (msg as any).message?.content;
           if (Array.isArray(content)) {
             for (const block of content) {
@@ -828,9 +903,11 @@ export class ClaudeAgentSdkProvider implements AIProvider {
 
           // Surface non-success subtypes as errors so FE can display them
           if (subtype && subtype !== "success") {
-            // Extract error detail from SDK result — check multiple possible fields
-            const sdkError = result.error ?? result.error_message ?? result.message ?? result.reason ?? "";
-            const sdkDetail = typeof sdkError === "string" ? sdkError : JSON.stringify(sdkError);
+            // SDK error results use `errors: string[]` array (not singular `error`)
+            const errorsArr = Array.isArray(result.errors) ? result.errors : [];
+            const sdkDetail = errorsArr.length > 0
+              ? errorsArr.join("\n")
+              : (typeof result.error === "string" ? result.error : "");
             // Log full result for debugging (truncated at 2000 chars)
             console.error(`[sdk] result error: subtype=${subtype} turns=${result.num_turns ?? 0} detail=${sdkDetail || "(none)"}`);
             console.error(`[sdk] result full dump: ${JSON.stringify(result).slice(0, 2000)}`);
@@ -840,13 +917,35 @@ export class ClaudeAgentSdkProvider implements AIProvider {
               error_during_execution: "Agent encountered an error during execution.",
             };
             const baseMsg = errorMessages[subtype] ?? `Agent stopped: ${subtype}`;
-            const fullMsg = sdkDetail ? `${baseMsg}\n${sdkDetail}` : baseMsg;
+            // Add specific hints for common network/auth errors
+            const detailLower = sdkDetail.toLowerCase();
+            let hint = "";
+            if (detailLower.includes("connectionrefused") || detailLower.includes("connection refused") || detailLower.includes("econnrefused")) {
+              hint = "\n\nHint: Cannot reach Anthropic API. If running in WSL, check DNS/proxy settings (e.g. `curl -s https://api.anthropic.com` from WSL terminal).";
+            } else if (detailLower.includes("unable to connect")) {
+              hint = "\n\nHint: Network connectivity issue. Check your internet connection and firewall/proxy settings.";
+            } else if (detailLower.includes("401") || detailLower.includes("unauthorized") || detailLower.includes("invalid api key")) {
+              hint = "\n\nHint: Authentication failed. Try re-adding your account in Settings → Accounts.";
+            }
+            const fullMsg = sdkDetail ? `${baseMsg}\n${sdkDetail}${hint}` : baseMsg;
             yield {
               type: "error",
               message: fullMsg,
             };
           }
 
+          // Detect empty/suspicious success — SDK returned "success" but no real assistant content
+          if ((!subtype || subtype === "success") && (result.num_turns ?? 0) === 0 && !assistantContent) {
+            // SDK success result has `result: string` containing final text
+            const resultText = typeof result.result === "string" ? result.result : "";
+            console.warn(`[sdk] session=${sessionId} result success but 0 turns, no assistant content, result="${resultText.slice(0, 200)}"`);
+            console.warn(`[sdk] result dump: ${JSON.stringify(result).slice(0, 2000)}`);
+            const hint = resultText
+              ? `Claude returned: "${resultText}"\nThis may indicate a session or connection issue. Try creating a new chat session.`
+              : "Claude returned no response (0 turns). This usually means the API connection failed silently. Check that `claude` CLI works in your terminal, or try creating a new chat session.";
+            yield { type: "error", message: hint };
+          }
+
           // Store subtype and numTurns for the done event
           resultSubtype = subtype;
           resultNumTurns = result.num_turns as number | undefined;
@@ -894,17 +993,14 @@ export class ClaudeAgentSdkProvider implements AIProvider {
             prompt: message,
             options: {
               cwd: effectiveCwd,
-              systemPrompt: { type: "preset", preset: "claude_code" },
+              systemPrompt: systemPromptOpt,
               settingSources: ["user", "project"],
               env: queryEnv,
               settings: { permissions: { allow: [], deny: [] } },
-              allowedTools: [
-                "Read", "Write", "Edit", "Bash", "Glob", "Grep",
-                "WebSearch", "WebFetch", "AskUserQuestion",
-                "Agent", "Skill", "TodoWrite", "ToolSearch",
-              ],
-              permissionMode: "bypassPermissions",
-              allowDangerouslySkipPermissions: true,
+              allowedTools,
+              permissionMode,
+              allowDangerouslySkipPermissions: isBypass,
+              ...(permissionHooks && { hooks: permissionHooks }),
               ...(providerConfig.model && { model: providerConfig.model }),
               maxTurns: providerConfig.max_turns ?? 100,
               canUseTool,
@@ -917,7 +1013,8 @@ export class ClaudeAgentSdkProvider implements AIProvider {
             if (retryMsg.type === "result") {
               const r = retryMsg as any;
               if (r.subtype && r.subtype !== "success") {
-                yield { type: "error", message: r.error ?? `Agent stopped: ${r.subtype}` };
+                const retryErrors = Array.isArray(r.errors) ? r.errors.join("\n") : "";
+                yield { type: "error", message: retryErrors || `Agent stopped: ${r.subtype}` };
               }
               resultSubtype = r.subtype;
               resultNumTurns = r.num_turns;

package/src/providers/mock-provider.ts

@@ -66,6 +66,7 @@ export class MockProvider implements AIProvider {
   async *sendMessage(
     sessionId: string,
     message: string,
+    _opts?: import("./provider.interface.ts").SendMessageOpts,
   ): AsyncIterable<ChatEvent> {
     const session = this.sessions.get(sessionId);
     if (!session) {

package/src/providers/provider.interface.ts

@@ -7,4 +7,5 @@ export type {
   ChatMessage,
   ToolApprovalHandler,
   UsageInfo,
+  SendMessageOpts,
 } from "../types/chat.ts";

package/src/server/routes/git.ts

@@ -57,12 +57,13 @@ gitRoutes.get("/file-diff", async (c) => {
   }
 });
 
-/** GET /git/graph?max=200 */
+/** GET /git/graph?max=200&skip=0 */
 gitRoutes.get("/graph", async (c) => {
   try {
     const projectPath = c.get("projectPath");
     const max = parseInt(c.req.query("max") ?? "200", 10);
-    const data = await gitService.graphData(projectPath, max);
+    const skip = parseInt(c.req.query("skip") ?? "0", 10);
+    const data = await gitService.graphData(projectPath, max, skip);
     return c.json(ok(data));
   } catch (e) {
     return c.json(err((e as Error).message), 500);
@@ -93,6 +94,19 @@ gitRoutes.get("/pr-url", async (c) => {
   }
 });
 
+/** POST /git/fetch { remote? } */
+gitRoutes.post("/fetch", async (c) => {
+  try {
+    const projectPath = c.get("projectPath");
+    const body = await c.req.json<{ remote?: string }>().catch(() => ({ remote: undefined }));
+    const { remote } = body;
+    await gitService.fetch(projectPath, remote);
+    return c.json(ok({ fetched: true }));
+  } catch (e) {
+    return c.json(err((e as Error).message), 500);
+  }
+});
+
 /** POST /git/discard { files } — discard unstaged changes (checkout tracked, clean untracked) */
 gitRoutes.post("/discard", async (c) => {
   try {

package/src/server/ws/chat.ts

@@ -30,6 +30,8 @@ interface SessionEntry {
   catchUpText: string;
   /** Reference to the running stream promise — prevents GC */
   streamPromise?: Promise<void>;
+  /** Sticky permission mode for this session */
+  permissionMode?: string;
 }
 
 /** Tracks active sessions — persists even when FE disconnects */
@@ -78,7 +80,7 @@ function startCleanupTimer(sessionId: string): void {
  * Standalone streaming loop — decoupled from WS message handler.
  * Runs independently so WS close does NOT kill the Claude query.
  */
-async function runStreamLoop(sessionId: string, providerId: string, content: string): Promise<void> {
+async function runStreamLoop(sessionId: string, providerId: string, content: string, permissionMode?: string): Promise<void> {
   const entry = activeSessions.get(sessionId);
   if (!entry) {
     console.error(`[chat] session=${sessionId} runStreamLoop: no entry — aborting`);
@@ -138,7 +140,7 @@ async function runStreamLoop(sessionId: string, providerId: string, content: str
       safeSend(sessionId, { type: "streaming_status", status: "connecting", elapsed });
     }, 5_000);
 
-    for await (const event of chatService.sendMessage(providerId, sessionId, content)) {
+    for await (const event of chatService.sendMessage(providerId, sessionId, content, { permissionMode })) {
       if (abortController.signal.aborted) break;
       eventCount++;
       const ev = event as any;
@@ -369,27 +371,47 @@ export const chatWebSocket = {
       entry0.ws = ws;
     }
 
-    const entry = activeSessions.get(sessionId);
-    const providerId = entry?.providerId ?? providerRegistry.getDefault().id;
+    let entry = activeSessions.get(sessionId);
+
+    // Auto-create entry if missing — handles: message before open (Bun race), or session cleaned up
+    if (!entry) {
+      const { projectName: pn } = ws.data;
+      const session = chatService.getSession(sessionId);
+      const pid = session?.providerId ?? providerRegistry.getDefault().id;
+      let pp: string | undefined;
+      if (pn) { try { pp = resolveProjectPath(pn); } catch { /* ignore */ } }
+      const pi = setInterval(() => {
+        try { ws.send(JSON.stringify({ type: "ping" })); } catch { /* ws may be closed */ }
+      }, PING_INTERVAL_MS);
+      activeSessions.set(sessionId, {
+        providerId: pid, ws, projectPath: pp, projectName: pn,
+        pingInterval: pi, isStreaming: false, needsCatchUp: false, catchUpText: "",
+      });
+      entry = activeSessions.get(sessionId)!;
+      console.log(`[chat] session=${sessionId} auto-created entry in message handler`);
+    }
+
+    const providerId = entry.providerId ?? providerRegistry.getDefault().id;
 
     // Client-initiated handshake — FE sends "ready" after onopen.
     // Re-send status so tunnel connections (Cloudflare) that missed the
     // open-handler message still get connected/status confirmation.
     if (parsed.type === "ready") {
-      if (entry) {
-        ws.send(JSON.stringify({
-          type: "status",
-          sessionId,
-          isStreaming: entry.isStreaming,
-          pendingApproval: entry.pendingApprovalEvent ?? null,
-        }));
-      } else {
-        ws.send(JSON.stringify({ type: "connected", sessionId }));
-      }
+      ws.send(JSON.stringify({
+        type: "status",
+        sessionId,
+        isStreaming: entry.isStreaming,
+        pendingApproval: entry.pendingApprovalEvent ?? null,
+      }));
       return;
     }
 
     if (parsed.type === "message") {
+      // Store permission mode — sticky for this session
+      if (parsed.permissionMode) {
+        entry.permissionMode = parsed.permissionMode;
+      }
+
       // Send immediate feedback BEFORE any async work — prevents "stuck thinking"
       // when resumeSession is slow (e.g. sdkListSessions spawns subprocess on first call)
       safeSend(sessionId, { type: "streaming_status", status: "connecting", elapsed: 0 });
@@ -405,12 +427,12 @@ export const chatWebSocket = {
           logSessionEvent(sessionId, "PERF", `resumeSession took ${elapsed}ms`);
         }
       }
-      if (entry?.projectPath && provider && "ensureProjectPath" in provider) {
+      if (entry.projectPath && provider && "ensureProjectPath" in provider) {
         (provider as any).ensureProjectPath(sessionId, entry.projectPath);
       }
 
       // If already streaming, abort current query first and wait for cleanup
-      if (entry?.isStreaming && entry.abort) {
+      if (entry.isStreaming && entry.abort) {
         console.log(`[chat] session=${sessionId} aborting current query for new message`);
         entry.abort.abort();
         // Wait for stream loop to finish cleanup
@@ -421,16 +443,11 @@ export const chatWebSocket = {
 
       // Store promise reference on entry to prevent GC from collecting the async operation.
       // Use setTimeout(0) to detach from WS handler's async scope.
-      if (entry) {
-        entry.streamPromise = new Promise<void>((resolve) => {
-          setTimeout(() => {
-            runStreamLoop(sessionId, providerId, parsed.content).then(resolve, resolve);
-          }, 0);
-        });
-      } else {
-        console.warn(`[chat] session=${sessionId} no entry when starting stream loop — message may have arrived before open()`);
-        setTimeout(() => runStreamLoop(sessionId, providerId, parsed.content), 0);
-      }
+      entry.streamPromise = new Promise<void>((resolve) => {
+        setTimeout(() => {
+          runStreamLoop(sessionId, providerId, parsed.content, entry.permissionMode).then(resolve, resolve);
+        }, 0);
+      });
     } else if (parsed.type === "cancel") {
       const provider = providerRegistry.get(providerId);
       if (provider && "abortQuery" in provider && typeof (provider as any).abortQuery === "function") {

package/src/services/account-selector.service.ts

@@ -36,11 +36,20 @@ class AccountSelectorService {
     setConfigValue(MAX_RETRY_CONFIG_KEY, String(n));
   }
 
+  /** Reason for the last null return from next() */
+  private _lastFailReason: "none" | "no_active" | "all_decrypt_failed" = "none";
+
+  /** Why the last next() call returned null */
+  get lastFailReason(): "none" | "no_active" | "all_decrypt_failed" {
+    return this._lastFailReason;
+  }
+
   /**
    * Pick next available account (skips cooldown/disabled).
    * Returns null if no active accounts available.
    */
   next(): AccountWithTokens | null {
+    this._lastFailReason = "none";
     const now = Math.floor(Date.now() / 1000);
     const allAccounts = accountService.list();
 
@@ -53,7 +62,10 @@ class AccountSelectorService {
     }
 
     const active = accountService.list().filter((a) => a.status === "active");
-    if (active.length === 0) return null;
+    if (active.length === 0) {
+      this._lastFailReason = "no_active";
+      return null;
+    }
 
     let pickedId: string;
     if (this.getStrategy() === "fill-first") {
@@ -66,7 +78,11 @@ class AccountSelectorService {
       this.cursor = (this.cursor + 1) % active.length;
     }
     this._lastPickedId = pickedId;
-    return accountService.getWithTokens(pickedId);
+    const result = accountService.getWithTokens(pickedId);
+    if (!result) {
+      this._lastFailReason = "all_decrypt_failed";
+    }
+    return result;
   }
 
   /** Called when account receives 429 — apply exponential backoff */

package/src/services/chat.service.ts

@@ -5,6 +5,7 @@ import type {
   SessionInfo,
   ChatEvent,
   ChatMessage,
+  SendMessageOpts,
 } from "../providers/provider.interface.ts";
 import { MockProvider } from "../providers/mock-provider.ts";
 
@@ -70,13 +71,14 @@ class ChatService {
     providerId: string,
     sessionId: string,
     message: string,
+    opts?: SendMessageOpts,
   ): AsyncIterable<ChatEvent> {
     const provider = providerRegistry.get(providerId);
     if (!provider) {
       yield { type: "error", message: `Provider "${providerId}" not found` };
       return;
     }
-    yield* provider.sendMessage(sessionId, message);
+    yield* provider.sendMessage(sessionId, message, opts);
   }
 
   /** Look up a session across all providers (for WS handler) */