@posthog/agent 2.3.259 → 2.3.263

package/dist/server/bin.cjs

@@ -5683,7 +5683,7 @@ var import_hono = require("hono");
 // package.json
 var package_default = {
   name: "@posthog/agent",
-  version: "2.3.259",
+  version: "2.3.263",
   repository: "https://github.com/PostHog/code",
   description: "TypeScript agent framework wrapping Claude Agent SDK with Git-based task execution for PostHog",
   exports: {
@@ -5844,7 +5844,9 @@ var POSTHOG_NOTIFICATIONS = {
   /** Marks a boundary for log compaction */
   COMPACT_BOUNDARY: "_posthog/compact_boundary",
   /** Token usage update for a session turn */
-  USAGE_UPDATE: "_posthog/usage_update"
+  USAGE_UPDATE: "_posthog/usage_update",
+  /** Response to a relayed permission request (plan approval, question) */
+  PERMISSION_RESPONSE: "_posthog/permission_response"
 };
 function isNotification(method, notification) {
   if (!method) return false;
@@ -8281,6 +8283,11 @@ async function canUseTool(context) {
   if (planFileResult) {
     return planFileResult;
   }
+  if (session.permissionMode === "plan") {
+    const message = `This tool is not available in plan mode. Write your plan to a file in ${getClaudePlansDir()} and call ExitPlanMode when ready.`;
+    await emitToolDenial(context, message);
+    return { behavior: "deny", message, interrupt: false };
+  }
   return handleDefaultPermissionFlow(context);
 }
 
@@ -12219,13 +12226,27 @@ var userMessageParamsSchema = import_v4.z.object({
     import_v4.z.array(import_v4.z.record(import_v4.z.string(), import_v4.z.unknown())).min(1, "Content is required")
   ])
 });
+var permissionResponseParamsSchema = import_v4.z.object({
+  requestId: import_v4.z.string().min(1, "requestId is required"),
+  optionId: import_v4.z.string().min(1, "optionId is required"),
+  customInput: import_v4.z.string().optional(),
+  answers: import_v4.z.record(import_v4.z.string(), import_v4.z.string()).optional()
+});
+var setConfigOptionParamsSchema = import_v4.z.object({
+  configId: import_v4.z.string().min(1, "configId is required"),
+  value: import_v4.z.string().min(1, "value is required")
+});
 var commandParamsSchemas = {
   user_message: userMessageParamsSchema,
   "posthog/user_message": userMessageParamsSchema,
   cancel: import_v4.z.object({}).optional(),
   "posthog/cancel": import_v4.z.object({}).optional(),
   close: import_v4.z.object({}).optional(),
-  "posthog/close": import_v4.z.object({}).optional()
+  "posthog/close": import_v4.z.object({}).optional(),
+  permission_response: permissionResponseParamsSchema,
+  "posthog/permission_response": permissionResponseParamsSchema,
+  set_config_option: setConfigOptionParamsSchema,
+  "posthog/set_config_option": setConfigOptionParamsSchema
 };
 function validateCommandParams(method, params) {
   const schema = commandParamsSchemas[method] ?? commandParamsSchemas[method.replace("posthog/", "")];
@@ -12342,6 +12363,7 @@ var AgentServer = class _AgentServer {
   // causing a second session to be created and duplicate Slack messages to be sent.
   initializationPromise = null;
   pendingEvents = [];
+  pendingPermissions = /* @__PURE__ */ new Map();
   detachSseController(controller) {
     if (this.session?.sseController === controller) {
       this.session.sseController = null;
@@ -12379,6 +12401,9 @@ var AgentServer = class _AgentServer {
   getEffectiveMode(payload) {
     return payload.mode ?? this.config.mode;
   }
+  getSessionPermissionMode() {
+    return this.session?.permissionMode ?? "default";
+  }
   createApp() {
     const app = new import_hono.Hono();
     app.get("/health", (c) => {
@@ -12423,6 +12448,7 @@ var AgentServer = class _AgentServer {
             await this.initializeSession(payload, sseController);
           } else {
             this.session.sseController = sseController;
+            this.session.hasDesktopConnected = true;
             this.replayPendingEvents();
           }
           this.sendSseEvent(sseController, {
@@ -12612,12 +12638,9 @@ var AgentServer = class _AgentServer {
           prompt,
           ...this.detectedPrUrl && {
             _meta: {
-              prContext: `IMPORTANT \u2014 OVERRIDE PREVIOUS INSTRUCTIONS ABOUT CREATING BRANCHES/PRs.
-You already have an open pull request: ${this.detectedPrUrl}
-You MUST:
-1. Check out the existing PR branch with \`gh pr checkout ${this.detectedPrUrl}\`
-2. Make changes, commit, and push to that branch
-You MUST NOT create a new branch, close the existing PR, or create a new PR.`
+              // Keep the live-session PR override aligned with the startup
+              // prompt policy so non-Slack runs remain review-first.
+              prContext: this.buildDetectedPrContext(this.detectedPrUrl)
             }
           }
         });
@@ -12665,6 +12688,43 @@ You MUST NOT create a new branch, close the existing PR, or create a new PR.`
         await this.cleanupSession();
         return { closed: true };
       }
+      case "posthog/set_config_option":
+      case "set_config_option": {
+        const configId = params.configId;
+        const value = params.value;
+        this.logger.info("Set config option requested", { configId, value });
+        const result = await this.session.clientConnection.setSessionConfigOption({
+          sessionId: this.session.acpSessionId,
+          configId,
+          value
+        });
+        return {
+          configOptions: result.configOptions
+        };
+      }
+      case POSTHOG_NOTIFICATIONS.PERMISSION_RESPONSE:
+      case "permission_response": {
+        const requestId = params.requestId;
+        const optionId = params.optionId;
+        const customInput = params.customInput;
+        const answers = params.answers;
+        this.logger.info("Permission response received", {
+          requestId,
+          optionId
+        });
+        const resolved = this.resolvePermission(
+          requestId,
+          optionId,
+          customInput,
+          answers
+        );
+        if (!resolved) {
+          throw new Error(
+            `No pending permission request found for id: ${requestId}`
+          );
+        }
+        return { resolved: true };
+      }
       default:
         throw new Error(`Unknown method: ${method}`);
     }
@@ -12783,6 +12843,8 @@ You MUST NOT create a new branch, close the existing PR, or create a new PR.`
     if (prUrl) {
       this.detectedPrUrl = prUrl;
     }
+    const runState = preTaskRun?.state;
+    const initialPermissionMode = typeof runState?.initial_permission_mode === "string" ? runState.initial_permission_mode : "bypassPermissions";
     const sessionResponse = await clientConnection.newSession({
       cwd: this.config.repositoryPath ?? "/tmp/workspace",
       mcpServers: this.config.mcpServers ?? [],
@@ -12792,6 +12854,7 @@ You MUST NOT create a new branch, close the existing PR, or create a new PR.`
         systemPrompt: this.buildSessionSystemPrompt(prUrl),
         allowedDomains: this.config.allowedDomains,
         jsonSchema: preTask?.json_schema ?? null,
+        permissionMode: initialPermissionMode,
         ...this.config.claudeCode?.plugins?.length && {
           claudeCode: {
             options: {
@@ -12814,7 +12877,9 @@ You MUST NOT create a new branch, close the existing PR, or create a new PR.`
       treeTracker,
       sseController,
       deviceInfo,
-      logWriter
+      logWriter,
+      permissionMode: initialPermissionMode,
+      hasDesktopConnected: sseController !== null
     };
     this.logger = new Logger({
       debug: true,
@@ -12828,6 +12893,7 @@ You MUST NOT create a new branch, close the existing PR, or create a new PR.`
     this.logger.info(
       `Agent version: ${this.config.version ?? package_default.version}`
     );
+    this.logger.info(`Initial permission mode: ${initialPermissionMode}`);
     this.posthogAPI.updateTaskRun(payload.task_id, payload.run_id, {
       status: "in_progress"
     }).catch(
@@ -13077,13 +13143,38 @@ ${toolSummary}`);
     }
     return { append: cloudAppend };
   }
+  getCloudInteractionOrigin() {
+    return process.env.POSTHOG_CODE_INTERACTION_ORIGIN ?? process.env.CODE_INTERACTION_ORIGIN ?? process.env.TWIG_INTERACTION_ORIGIN;
+  }
+  /**
+   * Slack-origin cloud runs auto-publish by default. Every other origin is
+   * review-first unless the user explicitly asks, and createPr=false always
+   * disables publishing.
+   */
+  shouldAutoPublishCloudChanges() {
+    return this.getCloudInteractionOrigin() === "slack" && this.config.createPr !== false;
+  }
+  buildDetectedPrContext(prUrl) {
+    if (!this.shouldAutoPublishCloudChanges()) {
+      return `An open pull request already exists: ${prUrl}
+Use that PR as context if it is helpful, but stop with local changes ready for review.
+Do NOT create commits, push to the PR branch, update the pull request, create a new branch, or create a new pull request unless the user explicitly asks.`;
+    }
+    return `IMPORTANT \u2014 OVERRIDE PREVIOUS INSTRUCTIONS ABOUT CREATING BRANCHES/PRs.
+You already have an open pull request: ${prUrl}
+You MUST:
+1. Check out the existing PR branch with \`gh pr checkout ${prUrl}\`
+2. Make changes, commit, and push to that branch
+You MUST NOT create a new branch, close the existing PR, or create a new PR.`;
+  }
   buildCloudSystemPrompt(prUrl) {
     const taskId = this.config.taskId;
+    const shouldAutoCreatePr = this.shouldAutoPublishCloudChanges();
     const attributionInstructions = `
 ## Attribution
 Do NOT use Claude Code's default attribution (no "Co-Authored-By" trailers, no "Generated with [Claude Code]" lines).
 
-Instead, add the following trailers to EVERY commit message (after a blank line at the end):
+If you create a commit, add the following trailers to the commit message (after a blank line at the end):
   Generated-By: PostHog Code
   Task-Id: ${taskId}
 
@@ -13098,6 +13189,20 @@ EOF
 )"
 \`\`\``;
     if (prUrl) {
+      if (!shouldAutoCreatePr) {
+        return `
+# Cloud Task Execution
+
+This task already has an open pull request: ${prUrl}
+
+Do the requested work, but stop with local changes ready for review.
+
+Important:
+- Do NOT create new commits, push to the branch, or update the pull request unless the user explicitly asks.
+- Do NOT create a new branch or a new pull request.
+${attributionInstructions}
+`;
+      }
       return `
 # Cloud Task Execution
 
@@ -13131,6 +13236,17 @@ When the user asks for code changes or software engineering tasks:
 Important:
 - Do NOT create branches, commits, or pull requests in this mode.
 - Prefer using MCP tools to answer questions with real data over giving generic advice.
+`;
+    }
+    if (!shouldAutoCreatePr) {
+      return `
+# Cloud Task Execution
+
+Do the requested work, but stop with local changes ready for review.
+
+Important:
+- Do NOT create a branch, commit, push, or open a pull request unless the user explicitly asks.
+${attributionInstructions}
 `;
     }
     return `
@@ -13239,32 +13355,73 @@ ${attributionInstructions}
       LLM_GATEWAY_URL: gatewayUrl
     });
   }
+  buildSlackQuestionRelayResponse(payload, toolMeta2) {
+    this.relaySlackQuestion(payload, toolMeta2);
+    return {
+      outcome: { outcome: "cancelled" },
+      _meta: {
+        message: "This question has been relayed to the Slack thread where this task originated. The user will reply there. Do NOT re-ask the question or pick an answer yourself. Simply let the user know you are waiting for their reply."
+      }
+    };
+  }
+  shouldBlockPublishPermission(params) {
+    if (this.config.createPr !== false) {
+      return false;
+    }
+    const meta = params.toolCall?._meta && typeof params.toolCall._meta === "object" && !Array.isArray(params.toolCall._meta) ? params.toolCall._meta : null;
+    const rawInput = params.toolCall?.rawInput && typeof params.toolCall.rawInput === "object" && !Array.isArray(params.toolCall.rawInput) ? params.toolCall.rawInput : null;
+    const toolName = typeof meta?.toolName === "string" ? meta.toolName : null;
+    const command = typeof rawInput?.command === "string" ? rawInput.command : null;
+    return Boolean(
+      toolName && (toolName === "Bash" || toolName.includes("bash")) && command && /\bgit\s+push\b|\bgh\s+pr\s+(create|edit|ready|merge)\b/.test(command)
+    );
+  }
   createCloudClient(payload) {
     const mode = this.getEffectiveMode(payload);
-    const interactionOrigin = process.env.CODE_INTERACTION_ORIGIN ?? process.env.TWIG_INTERACTION_ORIGIN;
+    const interactionOrigin = process.env.POSTHOG_CODE_INTERACTION_ORIGIN ?? process.env.CODE_INTERACTION_ORIGIN ?? process.env.TWIG_INTERACTION_ORIGIN;
     return {
       requestPermission: async (params) => {
         this.logger.debug("Permission request", {
           mode,
           interactionOrigin,
+          kind: params.toolCall?.kind,
           options: params.options
         });
         const allowOption = params.options.find(
           (o) => o.kind === "allow_once" || o.kind === "allow_always"
         );
         const selectedOptionId = allowOption?.optionId ?? params.options[0].optionId;
+        const codeToolKind = params.toolCall?._meta?.codeToolKind;
+        const isPlanApproval = params.toolCall?.kind === "switch_mode";
         if (interactionOrigin === "slack") {
-          const codeToolKind = params.toolCall?._meta?.codeToolKind;
           if (codeToolKind === "question") {
-            this.relaySlackQuestion(payload, params.toolCall?._meta);
-            return {
-              outcome: { outcome: "cancelled" },
-              _meta: {
-                message: "This question has been relayed to the Slack thread where this task originated. The user will reply there. Do NOT re-ask the question or pick an answer yourself. Simply let the user know you are waiting for their reply."
-              }
-            };
+            return this.buildSlackQuestionRelayResponse(
+              payload,
+              params.toolCall?._meta
+            );
+          }
+        }
+        {
+          const isQuestion = codeToolKind === "question";
+          const sessionPermissionMode = this.getSessionPermissionMode();
+          const needsRelay = isQuestion || isPlanApproval || sessionPermissionMode === "default";
+          if (needsRelay && this.session?.hasDesktopConnected) {
+            this.logger.info("Relaying permission to connected client", {
+              kind: params.toolCall?.kind,
+              isQuestion,
+              sessionPermissionMode
+            });
+            return this.relayPermissionToClient(params);
           }
         }
+        if (this.shouldBlockPublishPermission(params)) {
+          return {
+            outcome: { outcome: "cancelled" },
+            _meta: {
+              message: "This run is configured to stop before publishing. Do not push commits or create/update pull requests unless the user explicitly asks."
+            }
+          };
+        }
         return {
           outcome: {
             outcome: "selected",
@@ -13276,6 +13433,12 @@ ${attributionInstructions}
         this.logger.debug("Extension notification", { method, params });
       },
       sessionUpdate: async (params) => {
+        if (params.update?.sessionUpdate === "current_mode_update" && typeof params.update?.currentModeId === "string" && this.session) {
+          this.session.permissionMode = params.update.currentModeId;
+          this.logger.info("Permission mode updated", {
+            mode: params.update.currentModeId
+          });
+        }
         if (params.update?.sessionUpdate === "tool_call_update") {
           const meta = params.update?._meta?.claudeCode;
           const toolName = meta?.toolName;
@@ -13454,6 +13617,13 @@ ${attributionInstructions}
     } catch (error) {
       this.logger.error("Failed to flush session logs", error);
     }
+    for (const [, pending] of this.pendingPermissions) {
+      pending.resolve({
+        outcome: { outcome: "selected", optionId: "reject" },
+        _meta: { customInput: "Session is shutting down." }
+      });
+    }
+    this.pendingPermissions.clear();
     try {
       await this.session.acpConnection.cleanup();
     } catch (error) {
@@ -13531,6 +13701,39 @@ ${attributionInstructions}
       this.detachSseController(controller);
     }
   }
+  /**
+   * Relay a permission request (e.g., plan approval) to the connected desktop
+   * app via SSE and wait for a response via the `/command` endpoint.
+   *
+   * The promise waits indefinitely — if SSE is disconnected, the event is
+   * buffered by broadcastEvent and replayed when the client reconnects. Session
+   * cleanup force-resolves all pending permissions, so there is no leak.
+   */
+  relayPermissionToClient(params) {
+    const requestId = crypto.randomUUID();
+    this.broadcastEvent({
+      type: "permission_request",
+      requestId,
+      options: params.options,
+      toolCall: params.toolCall
+    });
+    return new Promise((resolve4) => {
+      this.pendingPermissions.set(requestId, { resolve: resolve4 });
+    });
+  }
+  resolvePermission(requestId, optionId, customInput, answers) {
+    const pending = this.pendingPermissions.get(requestId);
+    if (!pending) return false;
+    this.pendingPermissions.delete(requestId);
+    const meta = {};
+    if (customInput) meta.customInput = customInput;
+    if (answers) meta.answers = answers;
+    pending.resolve({
+      outcome: { outcome: "selected", optionId },
+      ...Object.keys(meta).length > 0 ? { _meta: meta } : {}
+    });
+    return true;
+  }
 };
 
 // src/server/bin.ts
@@ -13549,6 +13752,12 @@ var envSchema = import_v42.z.object({
   }).regex(/^\d+$/, "POSTHOG_PROJECT_ID must be a numeric string").transform((val) => parseInt(val, 10))
 });
 var program = new import_commander.Command();
+function parseBooleanOption(raw, flag) {
+  if (raw === void 0) return void 0;
+  if (raw === "true") return true;
+  if (raw === "false") return false;
+  program.error(`${flag} must be either "true" or "false"`);
+}
 function parseJsonOption(raw, schema, flag) {
   if (!raw) return void 0;
   let parsed;
@@ -13572,7 +13781,7 @@ program.name("agent-server").description("PostHog cloud agent server - runs in s
 ).option("--repositoryPath <path>", "Path to the repository").requiredOption("--taskId <id>", "Task ID").requiredOption("--runId <id>", "Task run ID").option(
   "--mcpServers <json>",
   "MCP servers config as JSON array (ACP McpServer[] format)"
-).option("--baseBranch <branch>", "Base branch for PR creation").option(
+).option("--createPr <boolean>", "Whether this run may publish changes").option("--baseBranch <branch>", "Base branch for PR creation").option(
   "--claudeCodeConfig <json>",
   "Claude Code config as JSON (systemPrompt, systemPromptAppend, plugins)"
 ).option(
@@ -13588,6 +13797,7 @@ ${errors}`);
   }
   const env = envResult.data;
   const mode = options.mode === "background" ? "background" : "interactive";
+  const createPr = parseBooleanOption(options.createPr, "--createPr");
   const mcpServers = parseJsonOption(
     options.mcpServers,
     mcpServersSchema,
@@ -13609,6 +13819,7 @@ ${errors}`);
     mode,
     taskId: options.taskId,
     runId: options.runId,
+    createPr,
     mcpServers,
     baseBranch: options.baseBranch,
     claudeCode,