@pixelbyte-software/pixcode 1.48.6 → 1.49.1

package/scripts/smoke/git-install-update.mjs

@@ -65,20 +65,51 @@ assert.match(
 
 assert.match(
   updater,
-  /npm[\s\S]*install[\s\S]*--no-audit[\s\S]*--no-fund/,
-  'Safe updater should reinstall dependencies after updating source files.',
+  /shouldRunNpmInstall/,
+  'Safe updater should decide whether dependency reconciliation is needed from changed files.',
 );
 
 assert.match(
   updater,
-  /npm[\s\S]*run[\s\S]*build/,
-  'Safe updater should rebuild source installs after updating source files.',
+  /Dependencies unchanged; skipping npm install\./,
+  'Safe updater should skip npm install when package manifests did not change.',
 );
 
-const tempRoot = fs.mkdtempSync(path.join(os.tmpdir(), 'pixcode-git-update-'));
-const origin = path.join(tempRoot, 'origin.git');
-const source = path.join(tempRoot, 'source');
-const install = path.join(tempRoot, 'install');
+assert.match(
+  updater,
+  /shouldRunBuild/,
+  'Safe updater should decide whether source rebuild is needed from changed files.',
+);
+
+assert.match(
+  updater,
+  /Build inputs unchanged; skipping build\./,
+  'Safe updater should skip build when only non-runtime files changed.',
+);
+
+function makeTempRepo(name) {
+  const tempRoot = fs.mkdtempSync(path.join(os.tmpdir(), `pixcode-git-update-${name}-`));
+  const origin = path.join(tempRoot, 'origin.git');
+  const source = path.join(tempRoot, 'source');
+  const install = path.join(tempRoot, 'install');
+
+  fs.mkdirSync(source, { recursive: true });
+  run('git', ['init', '--bare', origin], tempRoot);
+  run('git', ['init', '-b', 'main'], source);
+  writePackage(source, '1.0.0');
+  fs.mkdirSync(path.join(source, 'src'), { recursive: true });
+  fs.writeFileSync(path.join(source, 'src', 'app.js'), 'old\n');
+  fs.writeFileSync(path.join(source, 'README.md'), 'old docs\n');
+  fs.writeFileSync(path.join(source, 'tracked.txt'), 'old\n');
+  run('git', ['add', '.'], source);
+  run('git', ['commit', '-m', 'initial'], source);
+  run('git', ['remote', 'add', 'origin', origin], source);
+  run('git', ['push', '-u', 'origin', 'main'], source);
+  run('git', ['symbolic-ref', 'HEAD', 'refs/heads/main'], origin);
+  run('git', ['clone', origin, install], tempRoot);
+
+  return { origin, source, install };
+}
 
 function run(command, args, cwd) {
   const result = spawnSync(command, args, {
@@ -99,22 +130,24 @@ function run(command, args, cwd) {
     `${command} ${args.join(' ')} failed\nstdout:\n${result.stdout}\nstderr:\n${result.stderr}`,
   );
 
-  return result.stdout.trim();
+  return `${result.stdout}${result.stderr}`.trim();
 }
 
-function writePackage(version) {
+function writePackage(root, version, dependencies = {}) {
   fs.writeFileSync(
-    path.join(source, 'package.json'),
+    path.join(root, 'package.json'),
     JSON.stringify({
       name: 'pixcode-update-smoke',
       version,
       scripts: {
+        preinstall: 'node -e "require(\\"node:fs\\").writeFileSync(\\"install-ran.txt\\", \\"install\\")"',
         build: 'node -e "require(\\"node:fs\\").writeFileSync(\\"built.txt\\", \\"built\\")"',
       },
+      dependencies,
     }, null, 2),
   );
   fs.writeFileSync(
-    path.join(source, 'package-lock.json'),
+    path.join(root, 'package-lock.json'),
     JSON.stringify({
       name: 'pixcode-update-smoke',
       version,
@@ -130,47 +163,93 @@ function writePackage(version) {
   );
 }
 
-fs.mkdirSync(source, { recursive: true });
-run('git', ['init', '--bare', origin], tempRoot);
-run('git', ['init', '-b', 'main'], source);
-writePackage('1.0.0');
-fs.writeFileSync(path.join(source, 'tracked.txt'), 'old\n');
-run('git', ['add', '.'], source);
-run('git', ['commit', '-m', 'initial'], source);
-run('git', ['remote', 'add', 'origin', origin], source);
-run('git', ['push', '-u', 'origin', 'main'], source);
-run('git', ['symbolic-ref', 'HEAD', 'refs/heads/main'], origin);
-run('git', ['clone', origin, install], tempRoot);
-
-writePackage('1.0.1');
-fs.writeFileSync(path.join(source, 'tracked.txt'), 'new\n');
-run('git', ['add', '.'], source);
-run('git', ['commit', '-m', 'update'], source);
-run('git', ['push', 'origin', 'main'], source);
-
-fs.writeFileSync(path.join(install, 'tracked.txt'), 'local dirty change\n');
-fs.writeFileSync(path.join(install, 'untracked.txt'), 'local untracked change\n');
-run(process.execPath, [updaterPath], install);
-
-assert.equal(
-  JSON.parse(fs.readFileSync(path.join(install, 'package.json'), 'utf8')).version,
-  '1.0.1',
-  'Safe updater should fast-forward the install checkout.',
-);
-assert.equal(
-  fs.readFileSync(path.join(install, 'tracked.txt'), 'utf8'),
-  'new\n',
-  'Safe updater should apply the remote tracked file after stashing local edits.',
-);
-assert.match(
-  run('git', ['stash', 'list'], install),
-  /pixcode-auto-update-/,
-  'Safe updater should leave local dirty files recoverable in git stash.',
-);
-assert.equal(
-  fs.readFileSync(path.join(install, 'built.txt'), 'utf8'),
-  'built',
-  'Safe updater should run the repository build after installing dependencies.',
-);
+{
+  const { source, install } = makeTempRepo('deps');
+
+  fs.mkdirSync(path.join(source, 'local-dep'), { recursive: true });
+  fs.writeFileSync(
+    path.join(source, 'local-dep', 'package.json'),
+    JSON.stringify({ name: 'pixcode-smoke-local-dep', version: '1.0.0' }, null, 2),
+  );
+  writePackage(source, '1.0.1', { 'pixcode-smoke-local-dep': 'file:./local-dep' });
+  fs.writeFileSync(path.join(source, 'tracked.txt'), 'new\n');
+  run('git', ['add', '.'], source);
+  run('git', ['commit', '-m', 'dependency update'], source);
+  run('git', ['push', 'origin', 'main'], source);
+
+  fs.writeFileSync(path.join(install, 'tracked.txt'), 'local dirty change\n');
+  fs.writeFileSync(path.join(install, 'untracked.txt'), 'local untracked change\n');
+  run(process.execPath, [updaterPath], install);
+
+  assert.equal(
+    JSON.parse(fs.readFileSync(path.join(install, 'package.json'), 'utf8')).version,
+    '1.0.1',
+    'Safe updater should fast-forward the install checkout.',
+  );
+  assert.equal(
+    fs.readFileSync(path.join(install, 'tracked.txt'), 'utf8'),
+    'new\n',
+    'Safe updater should apply the remote tracked file after stashing local edits.',
+  );
+  assert.match(
+    run('git', ['stash', 'list'], install),
+    /pixcode-auto-update-/,
+    'Safe updater should leave local dirty files recoverable in git stash.',
+  );
+  assert.equal(
+    fs.readFileSync(path.join(install, 'install-ran.txt'), 'utf8'),
+    'install',
+    'Dependency updates should run npm install.',
+  );
+  assert.equal(
+    fs.readFileSync(path.join(install, 'built.txt'), 'utf8'),
+    'built',
+    'Safe updater should run the repository build after dependency updates.',
+  );
+}
+
+{
+  const { source, install } = makeTempRepo('source');
+
+  fs.writeFileSync(path.join(source, 'src', 'app.js'), 'new source\n');
+  run('git', ['add', '.'], source);
+  run('git', ['commit', '-m', 'source update'], source);
+  run('git', ['push', 'origin', 'main'], source);
+
+  run(process.execPath, [updaterPath], install);
+
+  assert.equal(
+    fs.existsSync(path.join(install, 'install-ran.txt')),
+    false,
+    'Source-only updates should skip npm install.',
+  );
+  assert.equal(
+    fs.readFileSync(path.join(install, 'built.txt'), 'utf8'),
+    'built',
+    'Source-only updates should produce a fresh build output.',
+  );
+}
+
+{
+  const { source, install } = makeTempRepo('docs');
+
+  fs.writeFileSync(path.join(source, 'README.md'), 'new docs\n');
+  run('git', ['add', '.'], source);
+  run('git', ['commit', '-m', 'docs update'], source);
+  run('git', ['push', 'origin', 'main'], source);
+
+  run(process.execPath, [updaterPath], install);
+
+  assert.equal(
+    fs.existsSync(path.join(install, 'install-ran.txt')),
+    false,
+    'Docs-only updates should skip npm install.',
+  );
+  assert.equal(
+    fs.existsSync(path.join(install, 'built.txt')),
+    false,
+    'Docs-only updates should not create build output.',
+  );
+}
 
 console.log('git install update smoke passed');

package/scripts/smoke/pixcode-workbench-1-48.mjs

@@ -17,7 +17,12 @@ const app = read('src/App.tsx');
 const serverIndex = read('server/index.js');
 const hermesRoutes = read('server/modules/orchestration/hermes/hermes.routes.ts');
 const shellTerminal = read('src/components/shell/hooks/useShellTerminal.ts');
+const shellConnection = read('src/components/shell/hooks/useShellConnection.ts');
+const geminiCli = read('server/gemini-cli.js');
+const qwenCli = read('server/qwen-code-cli.js');
+const agentSettings = read('src/components/settings/view/tabs/agents-settings/AgentsSettingsTab.tsx');
 const gitPanelHeader = read('src/components/git-panel/view/GitPanelHeader.tsx');
+const themeContext = read('src/contexts/ThemeContext.jsx');
 
 assert.match(
   preferenceHook,
@@ -52,13 +57,30 @@ assert.match(workbench, /onClose=\{closeTerminal\}/, 'Closing the workbench term
 assert.match(workbench, /WorkbenchCliPanelToolbar/, 'CLI terminal should keep history and new-session actions visible.');
 assert.match(workbench, /WORKBENCH_CLI_STATE_STORAGE_KEY/, 'CLI terminal should remember per-project open state across workspace switches.');
 assert.match(workbench, /function WorkbenchBottomTerminal/, 'Terminal activity should render as a bottom plain-shell panel.');
+assert.match(workbench, /BOTTOM_TERMINAL_MIN_HEIGHT/, 'Bottom terminal should support height resizing.');
+assert.match(workbench, /isBottomTerminalMinimized/, 'Bottom terminal should support minimizing without closing.');
 assert.match(workbench, /isPlainShell/, 'Bottom terminal should open the selected project folder without starting the selected AI CLI.');
-assert.match(workbench, /startHermesAgent/, 'Right CLI panel should launch Hermes Agent in the active project.');
+assert.match(workbench, /HERMES_AGENT_START_COMMAND/, 'Hermes Agent should launch from the bottom terminal through a server-side sentinel.');
+assert.doesNotMatch(workbench, /Project-scoped agent terminal\. Installs Hermes when missing/, 'Right CLI panel should not show the old Hermes card.');
+assert.doesNotMatch(workbench, /vscodeWorkbench\.hermes\.docsShort|HERMES_AGENT_DOCS_URL/, 'Hermes terminal header should not include a docs shortcut.');
+assert.match(workbench, /shrinkCliPanel/, 'Right CLI panel should expose a shrink action.');
+assert.match(workbench, /expandCliPanel/, 'Right CLI panel should expose an expand action.');
+assert.match(workbench, /vscodeWorkbench\.welcome\.openProject/, 'Workbench welcome should expose a simple Open Project action.');
+assert.match(workbench, /vscodeWorkbench\.welcome\.cloneProject/, 'Workbench welcome should expose a simple Clone action.');
+assert.match(workbench, /vscodeWorkbench\.welcome\.startHermes/, 'Workbench welcome should expose a Hermes start action.');
+assert.match(workbench, /DarkModeToggle/, 'Workbench welcome should expose a dark-mode toggle.');
+assert.match(themeContext, /return true;/, 'Pixcode should default new installs to dark mode.');
 assert.match(workbench, /openNewCliSessionPicker/, 'CLI terminal plus should return to provider selection before starting a fresh session.');
 assert.match(workbench, /terminateCurrentCliSession\(selectedProvider\)/, 'CLI terminal plus should terminate the existing provider PTY before showing selection.');
 assert.match(workbench, /forceNewSession=\{terminalLaunch\.forceNewSession\}/, 'Fresh CLI sessions should bypass the cached default PTY.');
 assert.match(serverIndex, /\/api\/shell\/sessions\/terminate/, 'Backend should expose an authenticated endpoint to terminate cached provider PTYs immediately.');
 assert.match(serverIndex, /isPlainShell && !initialCommand/, 'Backend should spawn an interactive plain shell when no terminal command is provided.');
+assert.match(serverIndex, /pixcode:hermes:start/, 'Backend should expand Hermes terminal sentinels on the server host.');
+assert.doesNotMatch(serverIndex, /iex \(irm https:\/\/raw\.githubusercontent\.com\/NousResearch\/hermes-agent\/main\/scripts\/install\.ps1\)/, 'Windows Hermes install should avoid the old inline iex pattern.');
+assert.doesNotMatch(serverIndex, /scriptblock\]::Create\(\(irm https:\/\/raw\.githubusercontent\.com\/NousResearch\/hermes-agent\/main\/scripts\/install\.ps1\)\)/, 'Windows Hermes install should avoid scriptblock Invoke-RestMethod eval patterns.');
+assert.match(serverIndex, /Invoke-WebRequest[\s\S]+install\.ps1[\s\S]+-OutFile/, 'Windows Hermes install should download the installer to a file before running it.');
+assert.match(serverIndex, /Resolve-HermesCommand|resolveHermesCommand/, 'Hermes start/install should resolve an existing hermes binary before installing.');
+assert.match(serverIndex, /buildProviderShellCommand/, 'Provider terminal launch should centralize provider-specific permission flags.');
 assert.doesNotMatch(shellTerminal, /new WebglAddon\(\)/, 'Workbench terminal should use the stable xterm renderer.');
 assert.match(workbench, /setActivityPanel\('explorer'\)/, 'Selecting a project should return the side panel to Explorer.');
 assert.match(gitPanelHeader, /compact/, 'Workbench Source Control should have compact icon-only controls.');
@@ -80,7 +102,20 @@ assert.doesNotMatch(workbench, /tabs\.orchestration/, 'Workbench menus should no
 assert.match(serverIndex, /app\.use\('\/hermes', createHermesTaskRouter\(\)\)/, 'Internal task router should be mounted behind Hermes.');
 assert.doesNotMatch(serverIndex, /app\.use\('\/a2a'/, 'Server should not expose the old A2A route.');
 assert.match(hermesRoutes, /createHermesRouter/, 'Hermes should have a dedicated orchestration API router.');
+assert.match(hermesRoutes, /terminal-launches/, 'Hermes MCP should be able to request visible Pixcode CLI terminal launches.');
+assert.match(hermesRoutes, /install-status/, 'Hermes settings and terminal UI should have an install-status endpoint.');
 assert.match(serverIndex, /forceNewSession/, 'Shell backend should support explicit fresh-session launches from the workbench.');
 assert.match(serverIndex, /killProviderPtySessions/, 'Shell backend should terminate old provider PTYs when a fresh CLI session is requested.');
 
+assert.match(settingsTypes, /'hermes'/, 'Settings Agents should support Hermes Agent as a first-class agent.');
+assert.match(agentSettings, /'hermes'/, 'Settings Agents should list Hermes Agent.');
+assert.match(workbench, /hermesInstallStatus/, 'Workbench should hide Hermes install actions when Hermes is already installed.');
+assert.match(shellConnection, /cursor-tools-settings/, 'Cursor shell launches should read Cursor permission settings, not Claude settings.');
+assert.match(shellConnection, /permissionMode/, 'Shell websocket init should send provider permission mode to the backend.');
+assert.match(serverIndex, /--dangerously-bypass-approvals-and-sandbox/, 'Codex terminal bypass mode should use the Codex CLI bypass flag.');
+assert.match(serverIndex, /--yolo/, 'Gemini and Qwen terminal bypass mode should use --yolo.');
+assert.match(serverIndex, /--dangerously-skip-permissions/, 'Claude/OpenCode terminal bypass mode should pass the provider bypass flag.');
+assert.match(geminiCli, /permissionMode === 'bypassPermissions'[\s\S]+--yolo|--yolo[\s\S]+permissionMode === 'bypassPermissions'/, 'Gemini chat route should map Pixcode bypassPermissions to --yolo.');
+assert.match(qwenCli, /permissionMode === 'bypassPermissions'[\s\S]+--yolo|--yolo[\s\S]+permissionMode === 'bypassPermissions'/, 'Qwen chat route should map Pixcode bypassPermissions to --yolo.');
+
 console.log('pixcode workbench 1.48 smoke passed');

package/scripts/smoke/vscode-workbench-polish.mjs

@@ -51,6 +51,15 @@ assert.match(
   'Workbench center should show a project landing page instead of a blank editor when no project is selected.',
 );
 
+for (const token of [
+  'vscodeWorkbench.welcome.openProject',
+  'vscodeWorkbench.welcome.cloneProject',
+  'vscodeWorkbench.welcome.startHermes',
+  'DarkModeToggle',
+]) {
+  assert.match(workbench, new RegExp(token.replaceAll('.', '\\.')), `Workbench welcome should include ${token}.`);
+}
+
 assert.match(
   workbench,
   /function WorkbenchCliPanel/,
@@ -244,6 +253,10 @@ assert.match(
   'Terminal activity should open a VS Code-style bottom terminal instead of the provider CLI picker.',
 );
 
+for (const token of ['BOTTOM_TERMINAL_MIN_HEIGHT', 'isBottomTerminalMinimized', 'shrinkCliPanel', 'expandCliPanel']) {
+  assert.match(workbench, new RegExp(token), `Workbench should include ${token}.`);
+}
+
 assert.match(
   workbench,
   /isPlainShell/,
@@ -252,8 +265,14 @@ assert.match(
 
 assert.match(
   workbench,
-  /startHermesAgent/,
-  'Right CLI panel should offer Hermes Agent as a project-scoped control agent.',
+  /HERMES_AGENT_START_COMMAND/,
+  'Hermes Agent should launch through the bottom terminal with a server-side command sentinel.',
+);
+
+assert.doesNotMatch(
+  workbench,
+  /Project-scoped agent terminal\. Installs Hermes when missing/,
+  'Right CLI picker should not show the old Hermes install card.',
 );
 
 assert.match(

package/scripts/update-git-install.mjs

@@ -7,6 +7,28 @@ const repoRoot = process.cwd();
 const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
 const stashMessage = `pixcode-auto-update-${timestamp}`;
 const backupBranch = `pixcode-backup-before-update-${timestamp}`;
+const dependencyManifestFiles = new Set([
+  'package.json',
+  'package-lock.json',
+  'npm-shrinkwrap.json',
+]);
+const buildInputFiles = new Set([
+  'index.html',
+  'tsconfig.json',
+  'vite.config.js',
+  'vite.config.ts',
+  'tailwind.config.js',
+  'tailwind.config.ts',
+  'postcss.config.js',
+  'postcss.config.cjs',
+  'server/tsconfig.json',
+]);
+const buildInputPrefixes = [
+  'src/',
+  'server/',
+  'shared/',
+  'public/',
+];
 
 function log(message) {
   process.stdout.write(`${message}\n`);
@@ -63,6 +85,113 @@ async function getOutput(command, args, options = {}) {
   return result.stdout.trim();
 }
 
+function normalizeGitPath(filePath) {
+  return filePath.replace(/\\/g, '/').replace(/^\.\//, '');
+}
+
+function readJson(relativePath) {
+  try {
+    return JSON.parse(fs.readFileSync(path.join(repoRoot, relativePath), 'utf8'));
+  } catch {
+    return null;
+  }
+}
+
+function dependencySignature(packageJson) {
+  if (!packageJson || typeof packageJson !== 'object') return null;
+
+  return JSON.stringify({
+    dependencies: packageJson.dependencies || {},
+    devDependencies: packageJson.devDependencies || {},
+    optionalDependencies: packageJson.optionalDependencies || {},
+    peerDependencies: packageJson.peerDependencies || {},
+    bundledDependencies: packageJson.bundledDependencies || packageJson.bundleDependencies || [],
+  });
+}
+
+function lockfileSignature(lockfile) {
+  if (!lockfile || typeof lockfile !== 'object') return null;
+
+  const normalizedPackages = {};
+  if (lockfile.packages && typeof lockfile.packages === 'object') {
+    for (const [packagePath, packageInfo] of Object.entries(lockfile.packages)) {
+      if (!packageInfo || typeof packageInfo !== 'object') {
+        normalizedPackages[packagePath] = packageInfo;
+        continue;
+      }
+
+      if (packagePath === '') {
+        const {
+          version: _version,
+          ...rootPackageInfo
+        } = packageInfo;
+        normalizedPackages[packagePath] = rootPackageInfo;
+      } else {
+        normalizedPackages[packagePath] = packageInfo;
+      }
+    }
+  }
+
+  return JSON.stringify({
+    dependencies: lockfile.dependencies || {},
+    packages: normalizedPackages,
+  });
+}
+
+function shouldRunNpmInstall(changedFiles, previousPackageJson, nextPackageJson, previousLockfile, nextLockfile) {
+  const changedManifest = changedFiles.some((filePath) => dependencyManifestFiles.has(filePath));
+  if (!changedManifest) return false;
+
+  if (!previousPackageJson || !nextPackageJson) return true;
+
+  if (dependencySignature(previousPackageJson) !== dependencySignature(nextPackageJson)) {
+    return true;
+  }
+
+  if (changedFiles.some((filePath) => filePath === 'package-lock.json' || filePath === 'npm-shrinkwrap.json')) {
+    return lockfileSignature(previousLockfile) !== lockfileSignature(nextLockfile);
+  }
+
+  return false;
+}
+
+function shouldRunBuild(changedFiles, previousPackageJson, nextPackageJson, installNeeded) {
+  if (!nextPackageJson?.scripts?.build) return false;
+  if (installNeeded) return true;
+
+  if (previousPackageJson?.scripts?.build !== nextPackageJson.scripts.build) {
+    return true;
+  }
+
+  return changedFiles.some((filePath) => (
+    buildInputFiles.has(filePath)
+    || buildInputPrefixes.some((prefix) => filePath.startsWith(prefix))
+  ));
+}
+
+async function getChangedFiles(fromRef, toRef) {
+  const output = await getOutput('git', ['diff', '--name-only', fromRef, toRef]);
+  return output
+    .split('\n')
+    .map((filePath) => normalizeGitPath(filePath.trim()))
+    .filter(Boolean);
+}
+
+function logChangedFiles(changedFiles) {
+  if (changedFiles.length === 0) {
+    log('Changed files: none.');
+    return;
+  }
+
+  log(`Changed files: ${changedFiles.length}.`);
+  for (const filePath of changedFiles.slice(0, 25)) {
+    log(`  - ${filePath}`);
+  }
+  if (changedFiles.length > 25) {
+    log(`  ... and ${changedFiles.length - 25} more`);
+  }
+}
+
 async function main() {
   if (!fs.existsSync(path.join(repoRoot, '.git'))) {
     throw new Error(`Git metadata not found in ${repoRoot}`);
@@ -95,9 +224,20 @@ async function main() {
   }
 
   const checkoutMain = await run('git', ['checkout', 'main'], { allowFailure: true, collectOutput: true });
+  let changedFiles = [];
+  let previousPackageJson = null;
+  let previousLockfile = null;
+
   if (checkoutMain.code !== 0) {
     log('Local main branch checkout failed; recreating main from origin/main.');
     await run('git', ['checkout', '-B', 'main', 'origin/main']);
+    changedFiles = ['package.json', 'src/__unknown__'];
+    log('Changed files could not be compared because local main was recreated; running safe reconciliation.');
+  } else {
+    previousPackageJson = readJson('package.json');
+    previousLockfile = readJson('package-lock.json') || readJson('npm-shrinkwrap.json');
+    changedFiles = await getChangedFiles('HEAD', 'origin/main');
+    logChangedFiles(changedFiles);
   }
 
   const isAncestor = await run('git', ['merge-base', '--is-ancestor', 'HEAD', 'origin/main'], {
@@ -118,13 +258,31 @@ async function main() {
   const packageVersion = JSON.parse(fs.readFileSync(path.join(repoRoot, 'package.json'), 'utf8')).version;
   log(`Repository updated to Pixcode ${packageVersion}.`);
 
-  await run('npm', ['install', '--no-audit', '--no-fund']);
-  const updatedPackageJson = JSON.parse(fs.readFileSync(path.join(repoRoot, 'package.json'), 'utf8'));
-  if (updatedPackageJson.scripts?.build) {
+  const updatedPackageJson = readJson('package.json');
+  const updatedLockfile = readJson('package-lock.json') || readJson('npm-shrinkwrap.json');
+  const installNeeded = shouldRunNpmInstall(
+    changedFiles,
+    previousPackageJson,
+    updatedPackageJson,
+    previousLockfile,
+    updatedLockfile,
+  );
+  const buildNeeded = shouldRunBuild(changedFiles, previousPackageJson, updatedPackageJson, installNeeded);
+
+  if (installNeeded) {
+    log('Installing dependencies because package manifests changed.');
+    await run('npm', ['install', '--no-audit', '--no-fund']);
+  } else {
+    log('Dependencies unchanged; skipping npm install.');
+  }
+
+  if (buildNeeded) {
     log('Building Pixcode source install.');
     await run('npm', ['run', 'build']);
   } else {
-    log('No build script found; skipping build.');
+    log(updatedPackageJson?.scripts?.build
+      ? 'Build inputs unchanged; skipping build.'
+      : 'No build script found; skipping build.');
   }
   log('Pixcode git install update completed.');
 }

package/server/gemini-cli.js

@@ -190,7 +190,13 @@ async function spawnGemini(command, options = {}, ws) {
     args.push('--output-format', 'stream-json');
 
     // Handle approval modes and allowed tools
-    if (settings.skipPermissions || options.skipPermissions || permissionMode === 'yolo') {
+    if (
+        settings.skipPermissions ||
+        options.skipPermissions ||
+        permissionMode === 'yolo' ||
+        permissionMode === 'bypassPermissions' ||
+        permissionMode === 'acceptEdits'
+    ) {
         args.push('--yolo');
     } else if (permissionMode === 'auto_edit') {
         args.push('--approval-mode', 'auto_edit');