@posthog/agent 2.3.171 → 2.3.172

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@posthog/agent",
-  "version": "2.3.171",
+  "version": "2.3.172",
   "repository": "https://github.com/PostHog/code",
   "description": "TypeScript agent framework wrapping Claude Agent SDK with Git-based task execution for PostHog",
   "exports": {

package/src/adapters/codex/codex-agent.ts

@@ -36,6 +36,11 @@ import {
 } from "@agentclientprotocol/sdk";
 import packageJson from "../../../package.json" with { type: "json" };
 import { POSTHOG_NOTIFICATIONS } from "../../acp-extensions";
+import {
+  CODEX_NATIVE_MODES,
+  type CodexNativeMode,
+  type PermissionMode,
+} from "../../execution-mode";
 import type { ProcessSpawnedCallback } from "../../types";
 import { Logger } from "../../utils/logger";
 import {
@@ -80,6 +85,13 @@ type CodexSession = BaseSession & {
   settingsManager: CodexSettingsManager;
 };
 
+function toPermissionMode(mode?: string): PermissionMode {
+  if (mode && (CODEX_NATIVE_MODES as readonly string[]).includes(mode)) {
+    return mode as CodexNativeMode;
+  }
+  return "auto";
+}
+
 export class CodexAcpAgent extends BaseAcpAgent {
   readonly adapterName = "codex";
   declare session: CodexSession;
@@ -125,7 +137,7 @@ export class CodexAcpAgent extends BaseAcpAgent {
           this.sessionState ?? {
             sessionId: "",
             cwd: "",
-            modeId: "default",
+            modeId: "auto",
             configOptions: [],
             accumulatedUsage: {
               inputTokens: 0,
@@ -133,6 +145,7 @@ export class CodexAcpAgent extends BaseAcpAgent {
               cachedReadTokens: 0,
               cachedWriteTokens: 0,
             },
+            permissionMode: "auto",
             cancelled: false,
           },
         ),
@@ -182,6 +195,7 @@ export class CodexAcpAgent extends BaseAcpAgent {
       taskId: meta?.taskId ?? meta?.persistence?.taskId,
       modeId: response.modes?.currentModeId ?? "default",
       modelId: response.models?.currentModelId,
+      permissionMode: toPermissionMode(meta?.permissionMode),
     });
     this.sessionId = response.sessionId;
     this.sessionState.configOptions = response.configOptions ?? [];
@@ -353,9 +367,16 @@ export class CodexAcpAgent extends BaseAcpAgent {
   async setSessionMode(
     params: SetSessionModeRequest,
   ): Promise<SetSessionModeResponse> {
-    const response = await this.codexConnection.setSessionMode(params);
+    const permissionMode = toPermissionMode(params.modeId);
+
+    const response = await this.codexConnection.setSessionMode({
+      ...params,
+      modeId: permissionMode,
+    });
+
     if (this.sessionState) {
-      this.sessionState.modeId = params.modeId;
+      this.sessionState.modeId = permissionMode;
+      this.sessionState.permissionMode = permissionMode;
     }
     return response ?? {};
   }

package/src/adapters/codex/codex-client.ts

@@ -23,11 +23,13 @@ import type {
   TerminalHandle,
   TerminalOutputRequest,
   TerminalOutputResponse,
+  ToolKind,
   WaitForTerminalExitRequest,
   WaitForTerminalExitResponse,
   WriteTextFileRequest,
   WriteTextFileResponse,
 } from "@agentclientprotocol/sdk";
+import type { PermissionMode } from "../../execution-mode";
 import type { Logger } from "../../utils/logger";
 import type { CodexSessionState } from "./session-state";
 
@@ -36,6 +38,32 @@ export interface CodexClientCallbacks {
   onUsageUpdate?: (update: Record<string, unknown>) => void;
 }
 
+const AUTO_APPROVED_KINDS: Partial<Record<PermissionMode, Set<ToolKind>>> = {
+  auto: new Set(["read", "search", "fetch", "think"]),
+  "read-only": new Set(["read", "search", "fetch", "think"]),
+  "full-access": new Set([
+    "read",
+    "edit",
+    "delete",
+    "move",
+    "search",
+    "execute",
+    "think",
+    "fetch",
+    "switch_mode",
+    "other",
+  ]),
+};
+
+function shouldAutoApprove(
+  mode: PermissionMode,
+  kind: ToolKind | null | undefined,
+): boolean {
+  if (mode === "full-access") return true;
+  if (!kind) return false;
+  return AUTO_APPROVED_KINDS[mode]?.has(kind) ?? false;
+}
+
 /**
  * Creates an ACP Client that delegates all requests from codex-acp
  * to the upstream PostHog Code client (via AgentSideConnection).
@@ -46,16 +74,31 @@ export function createCodexClient(
   sessionState: CodexSessionState,
   callbacks?: CodexClientCallbacks,
 ): Client {
-  // Track terminal handles for delegation
   const terminalHandles = new Map<string, TerminalHandle>();
 
   return {
     async requestPermission(
       params: RequestPermissionRequest,
     ): Promise<RequestPermissionResponse> {
-      logger.debug("Relaying permission request to upstream", {
-        sessionId: params.sessionId,
-      });
+      const kind = params.toolCall?.kind as ToolKind | null | undefined;
+
+      if (shouldAutoApprove(sessionState.permissionMode, kind)) {
+        logger.debug("Auto-approving permission", {
+          mode: sessionState.permissionMode,
+          kind,
+          toolCallId: params.toolCall?.toolCallId,
+        });
+        const allowOption = params.options?.find(
+          (o) => o.kind === "allow_once" || o.kind === "allow_always",
+        );
+        return {
+          outcome: {
+            outcome: "selected",
+            optionId: allowOption?.optionId ?? "allow",
+          },
+        };
+      }
+
       return upstreamClient.requestPermission(params);
     },
 

package/src/adapters/codex/session-state.ts

@@ -4,6 +4,7 @@
  */
 
 import type { SessionConfigOption } from "@agentclientprotocol/sdk";
+import type { PermissionMode } from "../../execution-mode";
 
 export interface CodexUsage {
   inputTokens: number;
@@ -21,6 +22,7 @@ export interface CodexSessionState {
   accumulatedUsage: CodexUsage;
   contextSize?: number;
   contextUsed?: number;
+  permissionMode: PermissionMode;
   cancelled: boolean;
   interruptReason?: string;
   taskRunId?: string;
@@ -35,12 +37,13 @@ export function createSessionState(
     taskId?: string;
     modeId?: string;
     modelId?: string;
+    permissionMode?: PermissionMode;
   },
 ): CodexSessionState {
   return {
     sessionId,
     cwd,
-    modeId: opts?.modeId ?? "default",
+    modeId: opts?.modeId ?? "auto",
     modelId: opts?.modelId,
     configOptions: [],
     accumulatedUsage: {
@@ -49,6 +52,7 @@ export function createSessionState(
       cachedReadTokens: 0,
       cachedWriteTokens: 0,
     },
+    permissionMode: opts?.permissionMode ?? "auto",
     cancelled: false,
     taskRunId: opts?.taskRunId,
     taskId: opts?.taskId,

package/src/execution-mode.ts

@@ -1,7 +1,7 @@
 import { IS_ROOT } from "./utils/common";
 
 export interface ModeInfo {
-  id: CodeExecutionMode;
+  id: string;
   name: string;
   description: string;
 }
@@ -57,3 +57,39 @@ export function getAvailableModes(): ModeInfo[] {
     ? availableModes.filter((m) => m.id !== "bypassPermissions")
     : availableModes;
 }
+
+// --- Codex-native modes ---
+
+export const CODEX_NATIVE_MODES = ["auto", "read-only", "full-access"] as const;
+
+export type CodexNativeMode = (typeof CODEX_NATIVE_MODES)[number];
+
+/** Union of all permission mode IDs across adapters */
+export type PermissionMode = CodeExecutionMode | CodexNativeMode;
+
+const codexModes: ModeInfo[] = [
+  {
+    id: "read-only",
+    name: "Read Only",
+    description: "Read-only access, no file modifications",
+  },
+  {
+    id: "auto",
+    name: "Auto",
+    description: "Standard behavior, prompts for dangerous operations",
+  },
+];
+
+if (ALLOW_BYPASS) {
+  codexModes.push({
+    id: "full-access",
+    name: "Full Access",
+    description: "Auto-accept all permission requests",
+  });
+}
+
+export function getAvailableCodexModes(): ModeInfo[] {
+  return IS_ROOT
+    ? codexModes.filter((m) => m.id !== "full-access")
+    : codexModes;
+}