@posthog/agent 2.3.171 → 2.3.173

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@posthog/agent",
-  "version": "2.3.171",
+  "version": "2.3.173",
   "repository": "https://github.com/PostHog/code",
   "description": "TypeScript agent framework wrapping Claude Agent SDK with Git-based task execution for PostHog",
   "exports": {

package/src/acp-extensions.ts

@@ -64,4 +64,7 @@ export const POSTHOG_NOTIFICATIONS = {
 
   /** Marks a boundary for log compaction */
   COMPACT_BOUNDARY: "_posthog/compact_boundary",
+
+  /** Token usage update for a session turn */
+  USAGE_UPDATE: "_posthog/usage_update",
 } as const;

package/src/adapters/claude/claude-agent.ts

@@ -44,6 +44,7 @@ import {
 } from "@anthropic-ai/claude-agent-sdk";
 import { v7 as uuidv7 } from "uuid";
 import packageJson from "../../../package.json" with { type: "json" };
+import { POSTHOG_NOTIFICATIONS } from "../../acp-extensions";
 import { unreachable, withTimeout } from "../../utils/common";
 import { Logger } from "../../utils/logger";
 import { Pushable } from "../../utils/streams";
@@ -442,16 +443,19 @@ export class ClaudeAcpAgent extends BaseAcpAgent {
               });
             }
 
-            await this.client.extNotification("_posthog/usage_update", {
-              sessionId: params.sessionId,
-              used: {
-                inputTokens: message.usage.input_tokens,
-                outputTokens: message.usage.output_tokens,
-                cachedReadTokens: message.usage.cache_read_input_tokens,
-                cachedWriteTokens: message.usage.cache_creation_input_tokens,
+            await this.client.extNotification(
+              POSTHOG_NOTIFICATIONS.USAGE_UPDATE,
+              {
+                sessionId: params.sessionId,
+                used: {
+                  inputTokens: message.usage.input_tokens,
+                  outputTokens: message.usage.output_tokens,
+                  cachedReadTokens: message.usage.cache_read_input_tokens,
+                  cachedWriteTokens: message.usage.cache_creation_input_tokens,
+                },
+                cost: message.total_cost_usd,
               },
-              cost: message.total_cost_usd,
-            });
+            );
 
             const usage: Usage = {
               inputTokens: this.session.accumulatedUsage.inputTokens,

package/src/adapters/codex/codex-agent.ts

@@ -12,7 +12,6 @@
 import {
   type AgentSideConnection,
   type AuthenticateRequest,
-  type CancelNotification,
   ClientSideConnection,
   type ForkSessionRequest,
   type ForkSessionResponse,
@@ -36,6 +35,10 @@ import {
 } from "@agentclientprotocol/sdk";
 import packageJson from "../../../package.json" with { type: "json" };
 import { POSTHOG_NOTIFICATIONS } from "../../acp-extensions";
+import {
+  CODE_EXECUTION_MODES,
+  type CodeExecutionMode,
+} from "../../execution-mode";
 import type { ProcessSpawnedCallback } from "../../types";
 import { Logger } from "../../utils/logger";
 import {
@@ -80,12 +83,26 @@ type CodexSession = BaseSession & {
   settingsManager: CodexSettingsManager;
 };
 
+function toCodeExecutionMode(mode?: string): CodeExecutionMode {
+  if (mode && (CODE_EXECUTION_MODES as readonly string[]).includes(mode)) {
+    return mode as CodeExecutionMode;
+  }
+  return "default";
+}
+
+const CODEX_NATIVE_MODE: Record<CodeExecutionMode, string> = {
+  default: "default",
+  acceptEdits: "default",
+  plan: "plan",
+  bypassPermissions: "default",
+};
+
 export class CodexAcpAgent extends BaseAcpAgent {
   readonly adapterName = "codex";
   declare session: CodexSession;
   private codexProcess: CodexProcess;
-  private codexConnection!: ClientSideConnection;
-  private sessionState!: CodexSessionState;
+  private codexConnection: ClientSideConnection;
+  private sessionState: CodexSessionState;
 
   constructor(client: AgentSideConnection, options: CodexAcpAgentOptions) {
     super(client);
@@ -114,28 +131,14 @@ export class CodexAcpAgent extends BaseAcpAgent {
       cancelled: false,
     };
 
+    this.sessionState = createSessionState("", cwd);
+
     // Create the ClientSideConnection to codex-acp.
     // The Client handler delegates all requests from codex-acp to the upstream
     // PostHog Code client via our AgentSideConnection.
     this.codexConnection = new ClientSideConnection(
       (_agent) =>
-        createCodexClient(
-          this.client,
-          this.logger,
-          this.sessionState ?? {
-            sessionId: "",
-            cwd: "",
-            modeId: "default",
-            configOptions: [],
-            accumulatedUsage: {
-              inputTokens: 0,
-              outputTokens: 0,
-              cachedReadTokens: 0,
-              cachedWriteTokens: 0,
-            },
-            cancelled: false,
-          },
-        ),
+        createCodexClient(this.client, this.logger, this.sessionState),
       codexStream,
     );
   }
@@ -182,6 +185,7 @@ export class CodexAcpAgent extends BaseAcpAgent {
       taskId: meta?.taskId ?? meta?.persistence?.taskId,
       modeId: response.modes?.currentModeId ?? "default",
       modelId: response.models?.currentModelId,
+      permissionMode: toCodeExecutionMode(meta?.permissionMode),
     });
     this.sessionId = response.sessionId;
     this.sessionState.configOptions = response.configOptions ?? [];
@@ -205,9 +209,11 @@ export class CodexAcpAgent extends BaseAcpAgent {
 
   async loadSession(params: LoadSessionRequest): Promise<LoadSessionResponse> {
     const response = await this.codexConnection.loadSession(params);
+    const meta = params._meta as NewSessionMeta | undefined;
 
-    // Update session state
-    this.sessionState = createSessionState(params.sessionId, params.cwd);
+    this.sessionState = createSessionState(params.sessionId, params.cwd, {
+      permissionMode: toCodeExecutionMode(meta?.permissionMode),
+    });
     this.sessionId = params.sessionId;
     this.sessionState.configOptions = response.configOptions ?? [];
 
@@ -224,11 +230,15 @@ export class CodexAcpAgent extends BaseAcpAgent {
       mcpServers: params.mcpServers ?? [],
     });
 
-    this.sessionState = createSessionState(params.sessionId, params.cwd);
+    const meta = params._meta as NewSessionMeta | undefined;
+    this.sessionState = createSessionState(params.sessionId, params.cwd, {
+      taskRunId: meta?.taskRunId,
+      taskId: meta?.taskId ?? meta?.persistence?.taskId,
+      permissionMode: toCodeExecutionMode(meta?.permissionMode),
+    });
     this.sessionId = params.sessionId;
     this.sessionState.configOptions = loadResponse.configOptions ?? [];
 
-    const meta = params._meta as NewSessionMeta | undefined;
     if (meta?.taskRunId) {
       await this.client.extNotification(POSTHOG_NOTIFICATIONS.SDK_SESSION, {
         taskRunId: meta.taskRunId,
@@ -254,7 +264,12 @@ export class CodexAcpAgent extends BaseAcpAgent {
       _meta: params._meta,
     });
 
-    this.sessionState = createSessionState(newResponse.sessionId, params.cwd);
+    const meta = params._meta as NewSessionMeta | undefined;
+    this.sessionState = createSessionState(newResponse.sessionId, params.cwd, {
+      taskRunId: meta?.taskRunId,
+      taskId: meta?.taskId ?? meta?.persistence?.taskId,
+      permissionMode: toCodeExecutionMode(meta?.permissionMode),
+    });
     this.sessionId = newResponse.sessionId;
     this.sessionState.configOptions = newResponse.configOptions ?? [];
 
@@ -270,31 +285,21 @@ export class CodexAcpAgent extends BaseAcpAgent {
   async unstable_listSessions(
     params: ListSessionsRequest,
   ): Promise<ListSessionsResponse> {
-    return this.codexConnection.listSessions(params);
+    return this.listSessions(params);
   }
 
   async prompt(params: PromptRequest): Promise<PromptResponse> {
-    if (this.sessionState) {
-      this.sessionState.cancelled = false;
-      this.sessionState.interruptReason = undefined;
-      resetUsage(this.sessionState);
-    }
+    this.session.cancelled = false;
+    this.session.interruptReason = undefined;
+    resetUsage(this.sessionState);
 
     const response = await this.codexConnection.prompt(params);
 
-    if (this.sessionState && response.usage) {
-      // Accumulate token usage from the prompt response
-      this.sessionState.accumulatedUsage.inputTokens +=
-        response.usage.inputTokens ?? 0;
-      this.sessionState.accumulatedUsage.outputTokens +=
-        response.usage.outputTokens ?? 0;
-      this.sessionState.accumulatedUsage.cachedReadTokens +=
-        response.usage.cachedReadTokens ?? 0;
-      this.sessionState.accumulatedUsage.cachedWriteTokens +=
-        response.usage.cachedWriteTokens ?? 0;
-    }
+    // Usage is already accumulated via sessionUpdate notifications in
+    // codex-client.ts. Do NOT also add response.usage here or tokens
+    // get double-counted.
 
-    if (this.sessionState?.taskRunId) {
+    if (this.sessionState.taskRunId) {
       const { accumulatedUsage } = this.sessionState;
 
       await this.client.extNotification(POSTHOG_NOTIFICATIONS.TURN_COMPLETE, {
@@ -314,7 +319,7 @@ export class CodexAcpAgent extends BaseAcpAgent {
       });
 
       if (response.usage) {
-        await this.client.extNotification("_posthog/usage_update", {
+        await this.client.extNotification(POSTHOG_NOTIFICATIONS.USAGE_UPDATE, {
           sessionId: params.sessionId,
           used: {
             inputTokens: response.usage.inputTokens ?? 0,
@@ -331,32 +336,24 @@ export class CodexAcpAgent extends BaseAcpAgent {
   }
 
   protected async interrupt(): Promise<void> {
-    if (this.sessionState) {
-      this.sessionState.cancelled = true;
-    }
     await this.codexConnection.cancel({
       sessionId: this.sessionId,
     });
   }
 
-  async cancel(params: CancelNotification): Promise<void> {
-    if (this.sessionState) {
-      this.sessionState.cancelled = true;
-      const meta = params._meta as { interruptReason?: string } | undefined;
-      if (meta?.interruptReason) {
-        this.sessionState.interruptReason = meta.interruptReason;
-      }
-    }
-    await this.codexConnection.cancel(params);
-  }
-
   async setSessionMode(
     params: SetSessionModeRequest,
   ): Promise<SetSessionModeResponse> {
-    const response = await this.codexConnection.setSessionMode(params);
-    if (this.sessionState) {
-      this.sessionState.modeId = params.modeId;
-    }
+    const requestedMode = toCodeExecutionMode(params.modeId);
+    const nativeMode = CODEX_NATIVE_MODE[requestedMode];
+
+    const response = await this.codexConnection.setSessionMode({
+      ...params,
+      modeId: nativeMode,
+    });
+
+    this.sessionState.modeId = nativeMode;
+    this.sessionState.permissionMode = requestedMode;
     return response ?? {};
   }
 
@@ -364,7 +361,7 @@ export class CodexAcpAgent extends BaseAcpAgent {
     params: SetSessionConfigOptionRequest,
   ): Promise<SetSessionConfigOptionResponse> {
     const response = await this.codexConnection.setSessionConfigOption(params);
-    if (this.sessionState && response.configOptions) {
+    if (response.configOptions) {
       this.sessionState.configOptions = response.configOptions;
     }
     return response;
@@ -376,6 +373,7 @@ export class CodexAcpAgent extends BaseAcpAgent {
 
   async closeSession(): Promise<void> {
     this.logger.info("Closing Codex session", { sessionId: this.sessionId });
+    this.session.abortController.abort();
     this.session.settingsManager.dispose();
     try {
       this.codexProcess.kill();

package/src/adapters/codex/codex-client.ts

@@ -23,11 +23,13 @@ import type {
   TerminalHandle,
   TerminalOutputRequest,
   TerminalOutputResponse,
+  ToolKind,
   WaitForTerminalExitRequest,
   WaitForTerminalExitResponse,
   WriteTextFileRequest,
   WriteTextFileResponse,
 } from "@agentclientprotocol/sdk";
+import type { CodeExecutionMode } from "../../execution-mode";
 import type { Logger } from "../../utils/logger";
 import type { CodexSessionState } from "./session-state";
 
@@ -36,6 +38,33 @@ export interface CodexClientCallbacks {
   onUsageUpdate?: (update: Record<string, unknown>) => void;
 }
 
+const AUTO_APPROVED_KINDS: Record<CodeExecutionMode, Set<ToolKind>> = {
+  default: new Set(["read", "search", "fetch", "think"]),
+  acceptEdits: new Set(["read", "edit", "search", "fetch", "think"]),
+  plan: new Set(["read", "search", "fetch", "think"]),
+  bypassPermissions: new Set([
+    "read",
+    "edit",
+    "delete",
+    "move",
+    "search",
+    "execute",
+    "think",
+    "fetch",
+    "switch_mode",
+    "other",
+  ]),
+};
+
+function shouldAutoApprove(
+  mode: CodeExecutionMode,
+  kind: ToolKind | null | undefined,
+): boolean {
+  if (mode === "bypassPermissions") return true;
+  if (!kind) return false;
+  return AUTO_APPROVED_KINDS[mode]?.has(kind) ?? false;
+}
+
 /**
  * Creates an ACP Client that delegates all requests from codex-acp
  * to the upstream PostHog Code client (via AgentSideConnection).
@@ -46,16 +75,31 @@ export function createCodexClient(
   sessionState: CodexSessionState,
   callbacks?: CodexClientCallbacks,
 ): Client {
-  // Track terminal handles for delegation
   const terminalHandles = new Map<string, TerminalHandle>();
 
   return {
     async requestPermission(
       params: RequestPermissionRequest,
     ): Promise<RequestPermissionResponse> {
-      logger.debug("Relaying permission request to upstream", {
-        sessionId: params.sessionId,
-      });
+      const kind = params.toolCall?.kind as ToolKind | null | undefined;
+
+      if (shouldAutoApprove(sessionState.permissionMode, kind)) {
+        logger.debug("Auto-approving permission", {
+          mode: sessionState.permissionMode,
+          kind,
+          toolCallId: params.toolCall?.toolCallId,
+        });
+        const allowOption = params.options?.find(
+          (o) => o.kind === "allow_once" || o.kind === "allow_always",
+        );
+        return {
+          outcome: {
+            outcome: "selected",
+            optionId: allowOption?.optionId ?? "allow",
+          },
+        };
+      }
+
       return upstreamClient.requestPermission(params);
     },
 

package/src/adapters/codex/session-state.ts

@@ -4,6 +4,7 @@
  */
 
 import type { SessionConfigOption } from "@agentclientprotocol/sdk";
+import type { CodeExecutionMode } from "../../execution-mode";
 
 export interface CodexUsage {
   inputTokens: number;
@@ -21,8 +22,7 @@ export interface CodexSessionState {
   accumulatedUsage: CodexUsage;
   contextSize?: number;
   contextUsed?: number;
-  cancelled: boolean;
-  interruptReason?: string;
+  permissionMode: CodeExecutionMode;
   taskRunId?: string;
   taskId?: string;
 }
@@ -35,6 +35,7 @@ export function createSessionState(
     taskId?: string;
     modeId?: string;
     modelId?: string;
+    permissionMode?: CodeExecutionMode;
   },
 ): CodexSessionState {
   return {
@@ -49,7 +50,7 @@ export function createSessionState(
       cachedReadTokens: 0,
       cachedWriteTokens: 0,
     },
-    cancelled: false,
+    permissionMode: opts?.permissionMode ?? "default",
     taskRunId: opts?.taskRunId,
     taskId: opts?.taskId,
   };

package/src/adapters/codex/spawn.ts

@@ -46,6 +46,8 @@ function buildConfigArgs(options: CodexProcessOptions): string[] {
   if (options.instructions) {
     const escaped = options.instructions
       .replace(/\\/g, "\\\\")
+      .replace(/\n/g, "\\n")
+      .replace(/\r/g, "\\r")
       .replace(/"/g, '\\"');
     args.push("-c", `instructions="${escaped}"`);
   }

package/src/execution-mode.ts

@@ -1,7 +1,7 @@
 import { IS_ROOT } from "./utils/common";
 
 export interface ModeInfo {
-  id: CodeExecutionMode;
+  id: string;
   name: string;
   description: string;
 }
@@ -57,3 +57,39 @@ export function getAvailableModes(): ModeInfo[] {
     ? availableModes.filter((m) => m.id !== "bypassPermissions")
     : availableModes;
 }
+
+// --- Codex-native modes ---
+
+export const CODEX_NATIVE_MODES = ["auto", "read-only", "full-access"] as const;
+
+export type CodexNativeMode = (typeof CODEX_NATIVE_MODES)[number];
+
+/** Union of all permission mode IDs across adapters */
+export type PermissionMode = CodeExecutionMode | CodexNativeMode;
+
+const codexModes: ModeInfo[] = [
+  {
+    id: "read-only",
+    name: "Read Only",
+    description: "Read-only access, no file modifications",
+  },
+  {
+    id: "auto",
+    name: "Auto",
+    description: "Standard behavior, prompts for dangerous operations",
+  },
+];
+
+if (ALLOW_BYPASS) {
+  codexModes.push({
+    id: "full-access",
+    name: "Full Access",
+    description: "Auto-accept all permission requests",
+  });
+}
+
+export function getAvailableCodexModes(): ModeInfo[] {
+  return IS_ROOT
+    ? codexModes.filter((m) => m.id !== "full-access")
+    : codexModes;
+}