@otto-assistant/otto 0.7.17 → 0.7.19

package/dist/commands/permissions.js

@@ -49,6 +49,153 @@ function takePendingPermissionContext(contextHash) {
     pendingPermissionContexts.delete(contextHash);
     return ctx;
 }
+/**
+ * Render rich tool context from permission metadata for Discord/Telegram.
+ * Shows what the agent is actually trying to do — the command, file path,
+ * URL, content preview, etc. — so the user can make an informed decision.
+ */
+function renderPermissionContext(permission) {
+    const tool = permission.permission.toLowerCase();
+    const meta = permission.metadata ?? {};
+    // Read a string value from metadata, trying multiple key names
+    const getStr = (keys, fallback = '') => {
+        for (const key of keys) {
+            const val = meta[key];
+            if (typeof val === 'string' && val.length > 0)
+                return val;
+        }
+        return fallback;
+    };
+    const truncate = (s, maxLen = 500) => s.length > maxLen ? s.slice(0, maxLen - 1) + '…' : s;
+    const clipBlock = (s, limit) => s.length > limit ? s.slice(0, limit - 1) + '…' : s;
+    switch (tool) {
+        case 'bash':
+        case 'shell':
+        case 'shell_command':
+        case 'cmd':
+        case 'terminal': {
+            const command = getStr(['command', 'cmd', 'script']);
+            const description = getStr(['description']);
+            if (!command && !description)
+                return '';
+            const parts = [];
+            if (description)
+                parts.push(`> *${clipBlock(description, 200)}*`);
+            if (command)
+                parts.push(`\`\`\`bash\n${clipBlock(command, 800)}\n\`\`\``);
+            return parts.join('\n');
+        }
+        case 'edit':
+        case 'multiedit':
+        case 'str_replace':
+        case 'str_replace_based_edit_tool':
+        case 'apply_patch': {
+            const filePath = getStr(['path', 'file_path', 'filename', 'filePath', 'file']);
+            const oldString = getStr(['old_string', 'oldString', 'changes', 'diff']);
+            const newString = getStr(['new_string', 'newString']);
+            if (!filePath && !oldString && !newString)
+                return '';
+            const parts = [];
+            if (filePath)
+                parts.push(`**File:** \`${filePath}\``);
+            if (oldString) {
+                parts.push(`**Replace:**\n\`\`\`diff\n- ${clipBlock(oldString, 400)}\n+ ${clipBlock(newString || '', 400)}\n\`\`\``);
+            }
+            else if (newString) {
+                parts.push(`**New content:**\n\`\`\`\n${clipBlock(newString, 600)}\n\`\`\``);
+            }
+            return parts.join('\n');
+        }
+        case 'write':
+        case 'create':
+        case 'file_write': {
+            const filePath = getStr(['path', 'file_path', 'filename', 'filePath', 'file']);
+            const content = getStr(['content', 'text', 'data']);
+            if (!filePath && !content)
+                return '';
+            const parts = [];
+            if (filePath)
+                parts.push(`**File:** \`${filePath}\``);
+            if (content) {
+                parts.push(`\`\`\`\n${clipBlock(content, 600)}\n\`\`\``);
+            }
+            return parts.join('\n');
+        }
+        case 'webfetch':
+        case 'fetch':
+        case 'curl':
+        case 'wget': {
+            const url = getStr(['url', 'uri', 'endpoint']);
+            const method = getStr(['method']) || 'GET';
+            if (!url)
+                return '';
+            return `**URL:** \`${method.toUpperCase()}\` ${url}`;
+        }
+        case 'read': {
+            const filePath = getStr(['filePath', 'file_path', 'path', 'file', 'filename']);
+            const parentDir = getStr(['parentDir', 'parent_dir', 'directory']);
+            if (!filePath && !parentDir)
+                return '';
+            const parts = [];
+            if (filePath)
+                parts.push(`**Reading:** \`${filePath}\``);
+            if (parentDir)
+                parts.push(`**Directory:** \`${parentDir}\``);
+            return parts.join('\n');
+        }
+        case 'list':
+        case 'ls': {
+            const listPath = getStr(['path', 'directory', 'filePath']);
+            if (!listPath)
+                return '';
+            return `**Listing:** \`${listPath}\``;
+        }
+        case 'glob': {
+            const pattern = getStr(['pattern', 'glob']);
+            if (!pattern)
+                return '';
+            return `**Pattern:** \`${pattern}\``;
+        }
+        case 'grep': {
+            const pattern = getStr(['pattern', 'query']);
+            if (!pattern)
+                return '';
+            return `**Search:** \`${pattern}\``;
+        }
+        case 'external_directory': {
+            const filepath = getStr(['filepath', 'path', 'directory']);
+            const parentDir = getStr(['parentDir', 'parent_dir']);
+            const parts = [];
+            if (filepath)
+                parts.push(`**Path:** \`${filepath}\``);
+            if (parentDir)
+                parts.push(`**Parent:** \`${parentDir}\``);
+            return parts.join('\n');
+        }
+        case 'task':
+        case 'subagent': {
+            const description = getStr(['description', 'prompt']);
+            if (!description)
+                return '';
+            return `> ${clipBlock(description, 300)}`;
+        }
+        default: {
+            // Generic: show description or first meaningful metadata field
+            const description = getStr(['description', 'action', 'operation', 'command']);
+            if (description)
+                return `> *${clipBlock(description, 300)}*`;
+            const relevantKeys = Object.keys(meta).filter((k) => !['sessionID', 'id', 'type'].includes(k));
+            if (relevantKeys.length > 0) {
+                const preview = relevantKeys
+                    .slice(0, 3)
+                    .map((k) => `${k}: ${String(meta[k]).slice(0, 60)}`)
+                    .join('\n');
+                return `\`\`\`\n${clipBlock(preview, 400)}\n\`\`\``;
+            }
+            return '';
+        }
+    }
+}
 /**
  * Show permission buttons for a permission request.
  * Displays 3 buttons in a row: Accept, Accept Always, Deny.
@@ -108,11 +255,13 @@ export async function showPermissionButtons({ thread, permission, directory, per
     const externalDirLine = permission.permission === 'external_directory'
         ? `Agent is accessing files outside the project. [Learn more](https://opencode.ai/docs/permissions/#external-directories)\n`
         : '';
+    const contextStr = renderPermissionContext(permission);
     const fullContent = `⚠️ **Permission Required**\n` +
         subtaskLine +
         `**Type:** \`${permission.permission}\`\n` +
         externalDirLine +
-        (patternStr ? `**Pattern:** \`${patternStr}\`` : '');
+        (patternStr ? `**Pattern:** \`${patternStr}\`\n` : '') +
+        (contextStr ? `\n${contextStr}` : '');
     const permissionMessage = await thread.send({
         content: fullContent.slice(0, 1900),
         components: [actionRow],
@@ -133,12 +282,14 @@ function updatePermissionMessage({ context, status, }) {
         const externalDirLine = context.permission.permission === 'external_directory'
             ? 'Agent is accessing files outside the project. [Learn more](https://opencode.ai/docs/permissions/#external-directories)\n'
             : '';
+        const contextStr = renderPermissionContext(context.permission);
         return message.edit({
             content: `⚠️ **Permission Required**\n` +
                 `**Type:** \`${context.permission.permission}\`\n` +
                 externalDirLine +
                 (patternStr ? `**Pattern:** \`${patternStr}\`\n` : '') +
-                status,
+                (contextStr ? `\n${contextStr}\n` : '') +
+                `\n${status}`,
             components: [],
         });
     })

package/dist/session-handler/thread-session-runtime.js

@@ -1000,7 +1000,12 @@ export class ThreadSessionRuntime {
             })();
             logger.log(`[EVENT] type=${event.type} eventSessionId=${eventSessionId || 'none'} activeSessionId=${sessionId || 'none'} ${this.formatRunStateForLog()}${eventDetails}`);
         }
-        const isGlobalEvent = event.type === 'tui.toast.show';
+        // permission.asked and question.asked must always reach the handler
+        // so they get forwarded to Discord/Telegram even when the requesting
+        // session is a subagent whose metadata has been cleared from the buffer.
+        const isGlobalEvent = event.type === 'tui.toast.show' ||
+            event.type === 'permission.asked' ||
+            event.type === 'question.asked';
         const isScopedToastEvent = Boolean(toastSessionId);
         // Drop events that don't match current session (stale events from
         // previous sessions), unless it's a global event or a subtask session.
@@ -1818,8 +1823,11 @@ export class ThreadSessionRuntime {
         const isMainSession = permission.sessionID === sessionId;
         const isSubtaskSession = Boolean(subtaskInfo);
         if (!isMainSession && !isSubtaskSession) {
-            logger.log(`[PERMISSION IGNORED] Permission for unknown session (expected: ${sessionId} or subtask, got: ${permission.sessionID})`);
-            return;
+            logger.log(`[PERMISSION] Permission for non-main session (expected: ${sessionId} or subtask, got: ${permission.sessionID}) — forwarding to Discord`);
+            // Do not return — still show buttons for the Discord thread.
+            // The session mismatch usually happens when the event buffer has
+            // been cleared and a subagent's permission.asked arrives without
+            // subtask metadata in the buffer. The user needs to see these.
         }
         // Auto-deny external_directory permissions for paths that do not exist
         // on the filesystem. There is no point asking the user to approve access

package/package.json

@@ -7,7 +7,7 @@
   },
   "module": "index.ts",
   "type": "module",
-  "version": "0.7.17",
+  "version": "0.7.19",
   "scripts": {
     "dev": "tsx src/bin.ts",
     "prepublishOnly": "pnpm build",

package/src/commands/permissions.ts

@@ -92,6 +92,152 @@ function takePendingPermissionContext(contextHash: string): PendingPermissionCon
   return ctx
 }
 
+/**
+ * Render rich tool context from permission metadata for Discord/Telegram.
+ * Shows what the agent is actually trying to do — the command, file path,
+ * URL, content preview, etc. — so the user can make an informed decision.
+ */
+function renderPermissionContext(permission: PermissionRequest): string {
+  const tool = permission.permission.toLowerCase()
+  const meta = permission.metadata ?? {}
+
+  // Read a string value from metadata, trying multiple key names
+  const getStr = (keys: string[], fallback = ''): string => {
+    for (const key of keys) {
+      const val = meta[key]
+      if (typeof val === 'string' && val.length > 0) return val
+    }
+    return fallback
+  }
+
+  const truncate = (s: string, maxLen = 500): string =>
+    s.length > maxLen ? s.slice(0, maxLen - 1) + '…' : s
+
+  const clipBlock = (s: string, limit: number): string =>
+    s.length > limit ? s.slice(0, limit - 1) + '…' : s
+
+  switch (tool) {
+    case 'bash':
+    case 'shell':
+    case 'shell_command':
+    case 'cmd':
+    case 'terminal': {
+      const command = getStr(['command', 'cmd', 'script'])
+      const description = getStr(['description'])
+      if (!command && !description) return ''
+      const parts: string[] = []
+      if (description) parts.push(`> *${clipBlock(description, 200)}*`)
+      if (command) parts.push(`\`\`\`bash\n${clipBlock(command, 800)}\n\`\`\``)
+      return parts.join('\n')
+    }
+
+    case 'edit':
+    case 'multiedit':
+    case 'str_replace':
+    case 'str_replace_based_edit_tool':
+    case 'apply_patch': {
+      const filePath = getStr(['path', 'file_path', 'filename', 'filePath', 'file'])
+      const oldString = getStr(['old_string', 'oldString', 'changes', 'diff'])
+      const newString = getStr(['new_string', 'newString'])
+      if (!filePath && !oldString && !newString) return ''
+      const parts: string[] = []
+      if (filePath) parts.push(`**File:** \`${filePath}\``)
+      if (oldString) {
+        parts.push(`**Replace:**\n\`\`\`diff\n- ${clipBlock(oldString, 400)}\n+ ${clipBlock(newString || '', 400)}\n\`\`\``)
+      } else if (newString) {
+        parts.push(`**New content:**\n\`\`\`\n${clipBlock(newString, 600)}\n\`\`\``)
+      }
+      return parts.join('\n')
+    }
+
+    case 'write':
+    case 'create':
+    case 'file_write': {
+      const filePath = getStr(['path', 'file_path', 'filename', 'filePath', 'file'])
+      const content = getStr(['content', 'text', 'data'])
+      if (!filePath && !content) return ''
+      const parts: string[] = []
+      if (filePath) parts.push(`**File:** \`${filePath}\``)
+      if (content) {
+        parts.push(`\`\`\`\n${clipBlock(content, 600)}\n\`\`\``)
+      }
+      return parts.join('\n')
+    }
+
+    case 'webfetch':
+    case 'fetch':
+    case 'curl':
+    case 'wget': {
+      const url = getStr(['url', 'uri', 'endpoint'])
+      const method = getStr(['method']) || 'GET'
+      if (!url) return ''
+      return `**URL:** \`${method.toUpperCase()}\` ${url}`
+    }
+
+    case 'read': {
+      const filePath = getStr(['filePath', 'file_path', 'path', 'file', 'filename'])
+      const parentDir = getStr(['parentDir', 'parent_dir', 'directory'])
+      if (!filePath && !parentDir) return ''
+      const parts: string[] = []
+      if (filePath) parts.push(`**Reading:** \`${filePath}\``)
+      if (parentDir) parts.push(`**Directory:** \`${parentDir}\``)
+      return parts.join('\n')
+    }
+
+    case 'list':
+    case 'ls': {
+      const listPath = getStr(['path', 'directory', 'filePath'])
+      if (!listPath) return ''
+      return `**Listing:** \`${listPath}\``
+    }
+
+    case 'glob': {
+      const pattern = getStr(['pattern', 'glob'])
+      if (!pattern) return ''
+      return `**Pattern:** \`${pattern}\``
+    }
+
+    case 'grep': {
+      const pattern = getStr(['pattern', 'query'])
+      if (!pattern) return ''
+      return `**Search:** \`${pattern}\``
+    }
+
+    case 'external_directory': {
+      const filepath = getStr(['filepath', 'path', 'directory'])
+      const parentDir = getStr(['parentDir', 'parent_dir'])
+      const parts: string[] = []
+      if (filepath) parts.push(`**Path:** \`${filepath}\``)
+      if (parentDir) parts.push(`**Parent:** \`${parentDir}\``)
+      return parts.join('\n')
+    }
+
+    case 'task':
+    case 'subagent': {
+      const description = getStr(['description', 'prompt'])
+      if (!description) return ''
+      return `> ${clipBlock(description, 300)}`
+    }
+
+    default: {
+      // Generic: show description or first meaningful metadata field
+      const description = getStr(['description', 'action', 'operation', 'command'])
+      if (description) return `> *${clipBlock(description, 300)}*`
+      const relevantKeys = Object.keys(meta).filter(
+        (k) => !['sessionID', 'id', 'type'].includes(k),
+      )
+      if (relevantKeys.length > 0) {
+        const preview = relevantKeys
+          .slice(0, 3)
+          .map((k) => `${k}: ${String(meta[k]).slice(0, 60)}`)
+          .join('\n')
+        return `\`\`\`\n${clipBlock(preview, 400)}\n\`\`\``
+      }
+      return ''
+    }
+  }
+}
+
 /**
  * Show permission buttons for a permission request.
  * Displays 3 buttons in a row: Accept, Accept Always, Deny.
@@ -178,12 +324,14 @@ export async function showPermissionButtons({
     permission.permission === 'external_directory'
       ? `Agent is accessing files outside the project. [Learn more](https://opencode.ai/docs/permissions/#external-directories)\n`
       : ''
+  const contextStr = renderPermissionContext(permission)
   const fullContent =
     `⚠️ **Permission Required**\n` +
     subtaskLine +
     `**Type:** \`${permission.permission}\`\n` +
     externalDirLine +
-    (patternStr ? `**Pattern:** \`${patternStr}\`` : '')
+    (patternStr ? `**Pattern:** \`${patternStr}\`\n` : '') +
+    (contextStr ? `\n${contextStr}` : '')
   const permissionMessage = await thread.send({
     content: fullContent.slice(0, 1900),
     components: [actionRow],
@@ -215,13 +363,15 @@ function updatePermissionMessage({
         context.permission.permission === 'external_directory'
           ? 'Agent is accessing files outside the project. [Learn more](https://opencode.ai/docs/permissions/#external-directories)\n'
           : ''
+      const contextStr = renderPermissionContext(context.permission)
       return message.edit({
         content:
           `⚠️ **Permission Required**\n` +
           `**Type:** \`${context.permission.permission}\`\n` +
           externalDirLine +
           (patternStr ? `**Pattern:** \`${patternStr}\`\n` : '') +
-          status,
+          (contextStr ? `\n${contextStr}\n` : '') +
+          `\n${status}`,
         components: [],
       })
     })

package/src/session-handler/thread-session-runtime.ts

@@ -1452,7 +1452,13 @@ export class ThreadSessionRuntime {
       )
     }
 
-    const isGlobalEvent = event.type === 'tui.toast.show'
+    // permission.asked and question.asked must always reach the handler
+    // so they get forwarded to Discord/Telegram even when the requesting
+    // session is a subagent whose metadata has been cleared from the buffer.
+    const isGlobalEvent =
+      event.type === 'tui.toast.show' ||
+      event.type === 'permission.asked' ||
+      event.type === 'question.asked'
     const isScopedToastEvent = Boolean(toastSessionId)
 
     // Drop events that don't match current session (stale events from
@@ -2490,9 +2496,12 @@ export class ThreadSessionRuntime {
 
     if (!isMainSession && !isSubtaskSession) {
       logger.log(
-        `[PERMISSION IGNORED] Permission for unknown session (expected: ${sessionId} or subtask, got: ${permission.sessionID})`,
+        `[PERMISSION] Permission for non-main session (expected: ${sessionId} or subtask, got: ${permission.sessionID}) — forwarding to Discord`,
       )
-      return
+      // Do not return — still show buttons for the Discord thread.
+      // The session mismatch usually happens when the event buffer has
+      // been cleared and a subagent's permission.asked arrives without
+      // subtask metadata in the buffer. The user needs to see these.
     }
 
     // Auto-deny external_directory permissions for paths that do not exist