@posthog/agent 2.3.261 → 2.3.267

package/dist/server/bin.cjs

@@ -896,6 +896,125 @@ var require_dist2 = __commonJS({
 var import_commander = require("commander");
 var import_v42 = require("zod/v4");
 
+// src/adapters/claude/session/models.ts
+var DEFAULT_MODEL = "opus";
+var GATEWAY_TO_SDK_MODEL = {
+  "claude-opus-4-5": "opus",
+  "claude-opus-4-6": "opus",
+  "claude-sonnet-4-5": "sonnet",
+  "claude-sonnet-4-6": "sonnet",
+  "claude-haiku-4-5": "haiku"
+};
+function toSdkModelId(modelId) {
+  return GATEWAY_TO_SDK_MODEL[modelId] ?? modelId;
+}
+var MODELS_WITH_1M_CONTEXT = /* @__PURE__ */ new Set([
+  "claude-opus-4-6",
+  "claude-sonnet-4-6"
+]);
+function supports1MContext(modelId) {
+  return MODELS_WITH_1M_CONTEXT.has(modelId);
+}
+var MODELS_WITH_EFFORT = /* @__PURE__ */ new Set([
+  "claude-opus-4-5",
+  "claude-opus-4-6",
+  "claude-sonnet-4-6"
+]);
+var MODELS_WITH_MAX_EFFORT = /* @__PURE__ */ new Set(["claude-opus-4-6"]);
+function supportsEffort(modelId) {
+  return MODELS_WITH_EFFORT.has(modelId);
+}
+function supportsMaxEffort(modelId) {
+  return MODELS_WITH_MAX_EFFORT.has(modelId);
+}
+var MODELS_TO_EXCLUDE_MCP_TOOLS = /* @__PURE__ */ new Set(["claude-haiku-4-5"]);
+function supportsMcpInjection(modelId) {
+  return !MODELS_TO_EXCLUDE_MCP_TOOLS.has(modelId);
+}
+function getEffortOptions(modelId) {
+  if (!supportsEffort(modelId)) return null;
+  const options = [
+    { value: "low", name: "Low" },
+    { value: "medium", name: "Medium" },
+    { value: "high", name: "High" }
+  ];
+  if (supportsMaxEffort(modelId)) {
+    options.push({ value: "max", name: "Max" });
+  }
+  return options;
+}
+var MODEL_CONTEXT_HINT_PATTERN = /\[(\d+m)\]$/i;
+function tokenizeModelPreference(model) {
+  const lower = model.trim().toLowerCase();
+  const contextHint = lower.match(MODEL_CONTEXT_HINT_PATTERN)?.[1]?.toLowerCase();
+  const normalized = lower.replace(MODEL_CONTEXT_HINT_PATTERN, " $1 ");
+  const rawTokens = normalized.split(/[^a-z0-9]+/).filter(Boolean);
+  const tokens = rawTokens.map((token) => {
+    if (token === "opusplan") return "opus";
+    if (token === "best" || token === "default") return "";
+    return token;
+  }).filter((token) => token && token !== "claude").filter((token) => /[a-z]/.test(token) || token.endsWith("m"));
+  return { tokens, contextHint };
+}
+function scoreModelMatch(model, tokens, contextHint) {
+  const haystack = `${model.value} ${model.name ?? ""}`.toLowerCase();
+  let score = 0;
+  for (const token of tokens) {
+    if (haystack.includes(token)) {
+      score += token === contextHint ? 3 : 1;
+    }
+  }
+  return score;
+}
+function resolveModelPreference(preference, options) {
+  const trimmed2 = preference.trim();
+  if (!trimmed2) return null;
+  const lower = trimmed2.toLowerCase();
+  const directMatch = options.find(
+    (o) => o.value === trimmed2 || o.value.toLowerCase() === lower || o.name && o.name.toLowerCase() === lower
+  );
+  if (directMatch) return directMatch.value;
+  const includesMatch = options.find((o) => {
+    const value = o.value.toLowerCase();
+    const display = (o.name ?? "").toLowerCase();
+    return value.includes(lower) || display.includes(lower) || lower.includes(value);
+  });
+  if (includesMatch) return includesMatch.value;
+  const { tokens, contextHint } = tokenizeModelPreference(trimmed2);
+  if (tokens.length === 0) return null;
+  let bestMatch = null;
+  let bestScore = 0;
+  for (const model of options) {
+    const score = scoreModelMatch(model, tokens, contextHint);
+    if (0 < score && (!bestMatch || bestScore < score)) {
+      bestMatch = model;
+      bestScore = score;
+    }
+  }
+  return bestMatch?.value ?? null;
+}
+
+// src/adapters/codex/models.ts
+var CODEX_REASONING_EFFORT_OPTIONS = [
+  { value: "low", name: "Low" },
+  { value: "medium", name: "Medium" },
+  { value: "high", name: "High" }
+];
+function getReasoningEffortOptions(_modelId) {
+  return CODEX_REASONING_EFFORT_OPTIONS;
+}
+
+// src/adapters/reasoning-effort.ts
+function getReasoningEffortOptions2(adapter, modelId) {
+  const options = adapter === "codex" ? getReasoningEffortOptions(modelId) : getEffortOptions(modelId);
+  return options;
+}
+function isSupportedReasoningEffort(adapter, modelId, value) {
+  return getReasoningEffortOptions2(adapter, modelId)?.some(
+    (option) => option.value === value
+  ) ?? false;
+}
+
 // src/server/agent-server.ts
 var import_sdk5 = require("@agentclientprotocol/sdk");
 var import_node_server = require("@hono/node-server");
@@ -5683,7 +5802,7 @@ var import_hono = require("hono");
 // package.json
 var package_default = {
   name: "@posthog/agent",
-  version: "2.3.261",
+  version: "2.3.267",
   repository: "https://github.com/PostHog/code",
   description: "TypeScript agent framework wrapping Claude Agent SDK with Git-based task execution for PostHog",
   exports: {
@@ -5731,6 +5850,10 @@ var package_default = {
       types: "./dist/adapters/claude/session/models.d.ts",
       import: "./dist/adapters/claude/session/models.js"
     },
+    "./adapters/reasoning-effort": {
+      types: "./dist/adapters/reasoning-effort.d.ts",
+      import: "./dist/adapters/reasoning-effort.js"
+    },
     "./execution-mode": {
       types: "./dist/execution-mode.d.ts",
       import: "./dist/execution-mode.js"
@@ -5844,7 +5967,9 @@ var POSTHOG_NOTIFICATIONS = {
   /** Marks a boundary for log compaction */
   COMPACT_BOUNDARY: "_posthog/compact_boundary",
   /** Token usage update for a session turn */
-  USAGE_UPDATE: "_posthog/usage_update"
+  USAGE_UPDATE: "_posthog/usage_update",
+  /** Response to a relayed permission request (plan approval, question) */
+  PERMISSION_RESPONSE: "_posthog/permission_response"
 };
 function isNotification(method, notification) {
   if (!method) return false;
@@ -6113,6 +6238,7 @@ function unreachable(value, logger) {
 
 // src/gateway-models.ts
 var DEFAULT_GATEWAY_MODEL = "claude-opus-4-6";
+var DEFAULT_CODEX_MODEL = "gpt-5.4";
 var BLOCKED_MODELS = /* @__PURE__ */ new Set(["gpt-5-mini", "openai/gpt-5-mini"]);
 var CACHE_TTL = 10 * 60 * 1e3;
 var gatewayModelsCache = null;
@@ -8281,6 +8407,11 @@ async function canUseTool(context) {
   if (planFileResult) {
     return planFileResult;
   }
+  if (session.permissionMode === "plan") {
+    const message = `This tool is not available in plan mode. Write your plan to a file in ${getClaudePlansDir()} and call ExitPlanMode when ready.`;
+    await emitToolDenial(context, message);
+    return { behavior: "deny", message, interrupt: false };
+  }
   return handleDefaultPermissionFlow(context);
 }
 
@@ -8339,104 +8470,6 @@ function parseMcpServers(params) {
   return mcpServers;
 }
 
-// src/adapters/claude/session/models.ts
-var DEFAULT_MODEL = "opus";
-var GATEWAY_TO_SDK_MODEL = {
-  "claude-opus-4-5": "opus",
-  "claude-opus-4-6": "opus",
-  "claude-sonnet-4-5": "sonnet",
-  "claude-sonnet-4-6": "sonnet",
-  "claude-haiku-4-5": "haiku"
-};
-function toSdkModelId(modelId) {
-  return GATEWAY_TO_SDK_MODEL[modelId] ?? modelId;
-}
-var MODELS_WITH_1M_CONTEXT = /* @__PURE__ */ new Set([
-  "claude-opus-4-6",
-  "claude-sonnet-4-6"
-]);
-function supports1MContext(modelId) {
-  return MODELS_WITH_1M_CONTEXT.has(modelId);
-}
-var MODELS_WITH_EFFORT = /* @__PURE__ */ new Set([
-  "claude-opus-4-5",
-  "claude-opus-4-6",
-  "claude-sonnet-4-6"
-]);
-var MODELS_WITH_MAX_EFFORT = /* @__PURE__ */ new Set(["claude-opus-4-6"]);
-function supportsEffort(modelId) {
-  return MODELS_WITH_EFFORT.has(modelId);
-}
-function supportsMaxEffort(modelId) {
-  return MODELS_WITH_MAX_EFFORT.has(modelId);
-}
-var MODELS_TO_EXCLUDE_MCP_TOOLS = /* @__PURE__ */ new Set(["claude-haiku-4-5"]);
-function supportsMcpInjection(modelId) {
-  return !MODELS_TO_EXCLUDE_MCP_TOOLS.has(modelId);
-}
-function getEffortOptions(modelId) {
-  if (!supportsEffort(modelId)) return null;
-  const options = [
-    { value: "low", name: "Low" },
-    { value: "medium", name: "Medium" },
-    { value: "high", name: "High" }
-  ];
-  if (supportsMaxEffort(modelId)) {
-    options.push({ value: "max", name: "Max" });
-  }
-  return options;
-}
-var MODEL_CONTEXT_HINT_PATTERN = /\[(\d+m)\]$/i;
-function tokenizeModelPreference(model) {
-  const lower = model.trim().toLowerCase();
-  const contextHint = lower.match(MODEL_CONTEXT_HINT_PATTERN)?.[1]?.toLowerCase();
-  const normalized = lower.replace(MODEL_CONTEXT_HINT_PATTERN, " $1 ");
-  const rawTokens = normalized.split(/[^a-z0-9]+/).filter(Boolean);
-  const tokens = rawTokens.map((token) => {
-    if (token === "opusplan") return "opus";
-    if (token === "best" || token === "default") return "";
-    return token;
-  }).filter((token) => token && token !== "claude").filter((token) => /[a-z]/.test(token) || token.endsWith("m"));
-  return { tokens, contextHint };
-}
-function scoreModelMatch(model, tokens, contextHint) {
-  const haystack = `${model.value} ${model.name ?? ""}`.toLowerCase();
-  let score = 0;
-  for (const token of tokens) {
-    if (haystack.includes(token)) {
-      score += token === contextHint ? 3 : 1;
-    }
-  }
-  return score;
-}
-function resolveModelPreference(preference, options) {
-  const trimmed2 = preference.trim();
-  if (!trimmed2) return null;
-  const lower = trimmed2.toLowerCase();
-  const directMatch = options.find(
-    (o) => o.value === trimmed2 || o.value.toLowerCase() === lower || o.name && o.name.toLowerCase() === lower
-  );
-  if (directMatch) return directMatch.value;
-  const includesMatch = options.find((o) => {
-    const value = o.value.toLowerCase();
-    const display = (o.name ?? "").toLowerCase();
-    return value.includes(lower) || display.includes(lower) || lower.includes(value);
-  });
-  if (includesMatch) return includesMatch.value;
-  const { tokens, contextHint } = tokenizeModelPreference(trimmed2);
-  if (tokens.length === 0) return null;
-  let bestMatch = null;
-  let bestScore = 0;
-  for (const model of options) {
-    const score = scoreModelMatch(model, tokens, contextHint);
-    if (0 < score && (!bestMatch || bestScore < score)) {
-      bestMatch = model;
-      bestScore = score;
-    }
-  }
-  return bestMatch?.value ?? null;
-}
-
 // src/adapters/claude/session/options.ts
 var import_node_child_process2 = require("child_process");
 var fs4 = __toESM(require("fs"), 1);
@@ -10085,6 +10118,9 @@ function buildConfigArgs(options) {
   if (options.model) {
     args.push("-c", `model="${options.model}"`);
   }
+  if (options.reasoningEffort) {
+    args.push("-c", `model_reasoning_effort="${options.reasoningEffort}"`);
+  }
   if (options.instructions) {
     const escaped = options.instructions.replace(/\\/g, "\\\\").replace(/\n/g, "\\n").replace(/\r/g, "\\r").replace(/"/g, '\\"');
     args.push("-c", `instructions="${escaped}"`);
@@ -12219,13 +12255,27 @@ var userMessageParamsSchema = import_v4.z.object({
     import_v4.z.array(import_v4.z.record(import_v4.z.string(), import_v4.z.unknown())).min(1, "Content is required")
   ])
 });
+var permissionResponseParamsSchema = import_v4.z.object({
+  requestId: import_v4.z.string().min(1, "requestId is required"),
+  optionId: import_v4.z.string().min(1, "optionId is required"),
+  customInput: import_v4.z.string().optional(),
+  answers: import_v4.z.record(import_v4.z.string(), import_v4.z.string()).optional()
+});
+var setConfigOptionParamsSchema = import_v4.z.object({
+  configId: import_v4.z.string().min(1, "configId is required"),
+  value: import_v4.z.string().min(1, "value is required")
+});
 var commandParamsSchemas = {
   user_message: userMessageParamsSchema,
   "posthog/user_message": userMessageParamsSchema,
   cancel: import_v4.z.object({}).optional(),
   "posthog/cancel": import_v4.z.object({}).optional(),
   close: import_v4.z.object({}).optional(),
-  "posthog/close": import_v4.z.object({}).optional()
+  "posthog/close": import_v4.z.object({}).optional(),
+  permission_response: permissionResponseParamsSchema,
+  "posthog/permission_response": permissionResponseParamsSchema,
+  set_config_option: setConfigOptionParamsSchema,
+  "posthog/set_config_option": setConfigOptionParamsSchema
 };
 function validateCommandParams(method, params) {
   const schema = commandParamsSchemas[method] ?? commandParamsSchemas[method.replace("posthog/", "")];
@@ -12325,6 +12375,14 @@ function createTappedWritableStream2(underlying, onMessage, logger) {
     }
   });
 }
+function getTaskRunStateString(taskRun, key) {
+  const state = taskRun?.state;
+  if (!state || typeof state !== "object") {
+    return null;
+  }
+  const value = state[key];
+  return typeof value === "string" ? value : null;
+}
 var AgentServer = class _AgentServer {
   config;
   logger;
@@ -12342,6 +12400,7 @@ var AgentServer = class _AgentServer {
   // causing a second session to be created and duplicate Slack messages to be sent.
   initializationPromise = null;
   pendingEvents = [];
+  pendingPermissions = /* @__PURE__ */ new Map();
   detachSseController(controller) {
     if (this.session?.sseController === controller) {
       this.session.sseController = null;
@@ -12376,9 +12435,15 @@ var AgentServer = class _AgentServer {
     });
     this.app = this.createApp();
   }
+  getRuntimeAdapter() {
+    return this.config.runtimeAdapter ?? "claude";
+  }
   getEffectiveMode(payload) {
     return payload.mode ?? this.config.mode;
   }
+  getSessionPermissionMode() {
+    return this.session?.permissionMode ?? "default";
+  }
   createApp() {
     const app = new import_hono.Hono();
     app.get("/health", (c) => {
@@ -12423,6 +12488,7 @@ var AgentServer = class _AgentServer {
             await this.initializeSession(payload, sseController);
           } else {
             this.session.sseController = sseController;
+            this.session.hasDesktopConnected = true;
             this.replayPendingEvents();
           }
           this.sendSseEvent(sseController, {
@@ -12662,6 +12728,43 @@ var AgentServer = class _AgentServer {
         await this.cleanupSession();
         return { closed: true };
       }
+      case "posthog/set_config_option":
+      case "set_config_option": {
+        const configId = params.configId;
+        const value = params.value;
+        this.logger.info("Set config option requested", { configId, value });
+        const result = await this.session.clientConnection.setSessionConfigOption({
+          sessionId: this.session.acpSessionId,
+          configId,
+          value
+        });
+        return {
+          configOptions: result.configOptions
+        };
+      }
+      case POSTHOG_NOTIFICATIONS.PERMISSION_RESPONSE:
+      case "permission_response": {
+        const requestId = params.requestId;
+        const optionId = params.optionId;
+        const customInput = params.customInput;
+        const answers = params.answers;
+        this.logger.info("Permission response received", {
+          requestId,
+          optionId
+        });
+        const resolved = this.resolvePermission(
+          requestId,
+          optionId,
+          customInput,
+          answers
+        );
+        if (!resolved) {
+          throw new Error(
+            `No pending permission request found for id: ${requestId}`
+          );
+        }
+        return { resolved: true };
+      }
       default:
         throw new Error(`Unknown method: ${method}`);
     }
@@ -12701,6 +12804,30 @@ var AgentServer = class _AgentServer {
       name: process.env.HOSTNAME || "cloud-sandbox"
     };
     this.configureEnvironment();
+    const [preTaskRun, preTask] = await Promise.all([
+      this.posthogAPI.getTaskRun(payload.task_id, payload.run_id).catch((err) => {
+        this.logger.warn("Failed to fetch task run for session context", {
+          taskId: payload.task_id,
+          runId: payload.run_id,
+          error: err
+        });
+        return null;
+      }),
+      this.posthogAPI.getTask(payload.task_id).catch((err) => {
+        this.logger.warn("Failed to fetch task for session context", {
+          taskId: payload.task_id,
+          error: err
+        });
+        return null;
+      })
+    ]);
+    const prUrl = getTaskRunStateString(preTaskRun, "slack_notified_pr_url");
+    if (prUrl) {
+      this.detectedPrUrl = prUrl;
+    }
+    const runtimeAdapter = this.getRuntimeAdapter();
+    const sessionSystemPrompt = this.buildSessionSystemPrompt(prUrl);
+    const codexInstructions = runtimeAdapter === "codex" ? this.buildCodexInstructions(sessionSystemPrompt) : void 0;
     const posthogAPI = new PostHogAPIClient({
       apiUrl: this.config.apiUrl,
       projectId: this.config.projectId,
@@ -12719,10 +12846,20 @@ var AgentServer = class _AgentServer {
       logger: new Logger({ debug: true, prefix: "[SessionLogWriter]" })
     });
     const acpConnection = createAcpConnection({
+      adapter: runtimeAdapter,
       taskRunId: payload.run_id,
       taskId: payload.task_id,
       deviceType: deviceInfo.type,
       logWriter,
+      logger: this.logger,
+      codexOptions: runtimeAdapter === "codex" ? {
+        cwd: this.config.repositoryPath ?? "/tmp/workspace",
+        apiBaseUrl: process.env.OPENAI_BASE_URL,
+        apiKey: this.config.apiKey,
+        model: this.config.model ?? DEFAULT_CODEX_MODEL,
+        reasoningEffort: this.config.reasoningEffort,
+        instructions: codexInstructions
+      } : void 0,
       onStructuredOutput: async (output) => {
         await this.posthogAPI.setTaskRunOutput(
           payload.task_id,
@@ -12759,40 +12896,28 @@ var AgentServer = class _AgentServer {
       protocolVersion: import_sdk5.PROTOCOL_VERSION,
       clientCapabilities: {}
     });
-    const [preTaskRun, preTask] = await Promise.all([
-      this.posthogAPI.getTaskRun(payload.task_id, payload.run_id).catch((err) => {
-        this.logger.warn("Failed to fetch task run for session context", {
-          taskId: payload.task_id,
-          runId: payload.run_id,
-          error: err
-        });
-        return null;
-      }),
-      this.posthogAPI.getTask(payload.task_id).catch((err) => {
-        this.logger.warn("Failed to fetch task for session context", {
-          taskId: payload.task_id,
-          error: err
-        });
-        return null;
-      })
-    ]);
-    const prUrl = typeof preTaskRun?.state?.slack_notified_pr_url === "string" ? (preTaskRun?.state).slack_notified_pr_url : null;
-    if (prUrl) {
-      this.detectedPrUrl = prUrl;
-    }
+    const runState = preTaskRun?.state;
+    const initialPermissionMode = typeof runState?.initial_permission_mode === "string" ? runState.initial_permission_mode : "bypassPermissions";
     const sessionResponse = await clientConnection.newSession({
       cwd: this.config.repositoryPath ?? "/tmp/workspace",
       mcpServers: this.config.mcpServers ?? [],
       _meta: {
         sessionId: payload.run_id,
         taskRunId: payload.run_id,
-        systemPrompt: this.buildSessionSystemPrompt(prUrl),
+        systemPrompt: sessionSystemPrompt,
+        ...this.config.model && { model: this.config.model },
         allowedDomains: this.config.allowedDomains,
         jsonSchema: preTask?.json_schema ?? null,
+        permissionMode: initialPermissionMode,
         ...this.config.claudeCode?.plugins?.length && {
           claudeCode: {
             options: {
-              plugins: this.config.claudeCode.plugins
+              ...this.config.claudeCode?.plugins?.length && {
+                plugins: this.config.claudeCode.plugins
+              },
+              ...runtimeAdapter === "claude" && this.config.reasoningEffort && {
+                effort: this.config.reasoningEffort
+              }
             }
           }
         }
@@ -12811,7 +12936,9 @@ var AgentServer = class _AgentServer {
       treeTracker,
       sseController,
       deviceInfo,
-      logWriter
+      logWriter,
+      permissionMode: initialPermissionMode,
+      hasDesktopConnected: sseController !== null
     };
     this.logger = new Logger({
       debug: true,
@@ -12825,6 +12952,7 @@ var AgentServer = class _AgentServer {
     this.logger.info(
       `Agent version: ${this.config.version ?? package_default.version}`
     );
+    this.logger.info(`Initial permission mode: ${initialPermissionMode}`);
     this.posthogAPI.updateTaskRun(payload.task_id, payload.run_id, {
       status: "in_progress"
     }).catch(
@@ -13074,6 +13202,9 @@ ${toolSummary}`);
     }
     return { append: cloudAppend };
   }
+  buildCodexInstructions(systemPrompt) {
+    return typeof systemPrompt === "string" ? systemPrompt : systemPrompt.append;
+  }
   getCloudInteractionOrigin() {
     return process.env.POSTHOG_CODE_INTERACTION_ORIGIN ?? process.env.CODE_INTERACTION_ORIGIN ?? process.env.TWIG_INTERACTION_ORIGIN;
   }
@@ -13315,14 +13446,16 @@ ${attributionInstructions}
         this.logger.debug("Permission request", {
           mode,
           interactionOrigin,
+          kind: params.toolCall?.kind,
           options: params.options
         });
         const allowOption = params.options.find(
           (o) => o.kind === "allow_once" || o.kind === "allow_always"
         );
         const selectedOptionId = allowOption?.optionId ?? params.options[0].optionId;
+        const codeToolKind = params.toolCall?._meta?.codeToolKind;
+        const isPlanApproval = params.toolCall?.kind === "switch_mode";
         if (interactionOrigin === "slack") {
-          const codeToolKind = params.toolCall?._meta?.codeToolKind;
           if (codeToolKind === "question") {
             return this.buildSlackQuestionRelayResponse(
               payload,
@@ -13330,6 +13463,19 @@ ${attributionInstructions}
             );
           }
         }
+        {
+          const isQuestion = codeToolKind === "question";
+          const sessionPermissionMode = this.getSessionPermissionMode();
+          const needsRelay = isQuestion || isPlanApproval || sessionPermissionMode === "default";
+          if (needsRelay && this.session?.hasDesktopConnected) {
+            this.logger.info("Relaying permission to connected client", {
+              kind: params.toolCall?.kind,
+              isQuestion,
+              sessionPermissionMode
+            });
+            return this.relayPermissionToClient(params);
+          }
+        }
         if (this.shouldBlockPublishPermission(params)) {
           return {
             outcome: { outcome: "cancelled" },
@@ -13349,6 +13495,12 @@ ${attributionInstructions}
         this.logger.debug("Extension notification", { method, params });
       },
       sessionUpdate: async (params) => {
+        if (params.update?.sessionUpdate === "current_mode_update" && typeof params.update?.currentModeId === "string" && this.session) {
+          this.session.permissionMode = params.update.currentModeId;
+          this.logger.info("Permission mode updated", {
+            mode: params.update.currentModeId
+          });
+        }
         if (params.update?.sessionUpdate === "tool_call_update") {
           const meta = params.update?._meta?.claudeCode;
           const toolName = meta?.toolName;
@@ -13527,6 +13679,13 @@ ${attributionInstructions}
     } catch (error) {
       this.logger.error("Failed to flush session logs", error);
     }
+    for (const [, pending] of this.pendingPermissions) {
+      pending.resolve({
+        outcome: { outcome: "selected", optionId: "reject" },
+        _meta: { customInput: "Session is shutting down." }
+      });
+    }
+    this.pendingPermissions.clear();
     try {
       await this.session.acpConnection.cleanup();
     } catch (error) {
@@ -13604,6 +13763,39 @@ ${attributionInstructions}
       this.detachSseController(controller);
     }
   }
+  /**
+   * Relay a permission request (e.g., plan approval) to the connected desktop
+   * app via SSE and wait for a response via the `/command` endpoint.
+   *
+   * The promise waits indefinitely — if SSE is disconnected, the event is
+   * buffered by broadcastEvent and replayed when the client reconnects. Session
+   * cleanup force-resolves all pending permissions, so there is no leak.
+   */
+  relayPermissionToClient(params) {
+    const requestId = crypto.randomUUID();
+    this.broadcastEvent({
+      type: "permission_request",
+      requestId,
+      options: params.options,
+      toolCall: params.toolCall
+    });
+    return new Promise((resolve4) => {
+      this.pendingPermissions.set(requestId, { resolve: resolve4 });
+    });
+  }
+  resolvePermission(requestId, optionId, customInput, answers) {
+    const pending = this.pendingPermissions.get(requestId);
+    if (!pending) return false;
+    this.pendingPermissions.delete(requestId);
+    const meta = {};
+    if (customInput) meta.customInput = customInput;
+    if (answers) meta.answers = answers;
+    pending.resolve({
+      outcome: { outcome: "selected", optionId },
+      ...Object.keys(meta).length > 0 ? { _meta: meta } : {}
+    });
+    return true;
+  }
 };
 
 // src/server/bin.ts
@@ -13619,7 +13811,10 @@ var envSchema = import_v42.z.object({
   }).min(1, "POSTHOG_PERSONAL_API_KEY cannot be empty"),
   POSTHOG_PROJECT_ID: import_v42.z.string({
     error: "POSTHOG_PROJECT_ID is required for routing requests to the correct project"
-  }).regex(/^\d+$/, "POSTHOG_PROJECT_ID must be a numeric string").transform((val) => parseInt(val, 10))
+  }).regex(/^\d+$/, "POSTHOG_PROJECT_ID must be a numeric string").transform((val) => parseInt(val, 10)),
+  POSTHOG_CODE_RUNTIME_ADAPTER: import_v42.z.enum(["claude", "codex"]).optional(),
+  POSTHOG_CODE_MODEL: import_v42.z.string().optional(),
+  POSTHOG_CODE_REASONING_EFFORT: import_v42.z.enum(["low", "medium", "high", "max"]).optional()
 });
 var program = new import_commander.Command();
 function parseBooleanOption(raw, flag) {
@@ -13679,6 +13874,15 @@ ${errors}`);
     "--claudeCodeConfig"
   );
   const allowedDomains = options.allowedDomains ? options.allowedDomains.split(",").map((d) => d.trim()).filter(Boolean) : void 0;
+  if (env.POSTHOG_CODE_RUNTIME_ADAPTER && env.POSTHOG_CODE_MODEL && env.POSTHOG_CODE_REASONING_EFFORT && !isSupportedReasoningEffort(
+    env.POSTHOG_CODE_RUNTIME_ADAPTER,
+    env.POSTHOG_CODE_MODEL,
+    env.POSTHOG_CODE_REASONING_EFFORT
+  )) {
+    program.error(
+      `POSTHOG_CODE_REASONING_EFFORT '${env.POSTHOG_CODE_REASONING_EFFORT}' is not supported for ${env.POSTHOG_CODE_RUNTIME_ADAPTER} model '${env.POSTHOG_CODE_MODEL}'.`
+    );
+  }
   const server = new AgentServer({
     port: parseInt(options.port, 10),
     jwtPublicKey: env.JWT_PUBLIC_KEY,
@@ -13693,7 +13897,10 @@ ${errors}`);
     mcpServers,
     baseBranch: options.baseBranch,
     claudeCode,
-    allowedDomains
+    allowedDomains,
+    runtimeAdapter: env.POSTHOG_CODE_RUNTIME_ADAPTER,
+    model: env.POSTHOG_CODE_MODEL,
+    reasoningEffort: env.POSTHOG_CODE_REASONING_EFFORT
   });
   process.on("SIGINT", async () => {
     await server.stop();