@posthog/agent 2.3.261 → 2.3.267

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@posthog/agent",
-  "version": "2.3.261",
+  "version": "2.3.267",
   "repository": "https://github.com/PostHog/code",
   "description": "TypeScript agent framework wrapping Claude Agent SDK with Git-based task execution for PostHog",
   "exports": {
@@ -48,6 +48,10 @@
       "types": "./dist/adapters/claude/session/models.d.ts",
       "import": "./dist/adapters/claude/session/models.js"
     },
+    "./adapters/reasoning-effort": {
+      "types": "./dist/adapters/reasoning-effort.d.ts",
+      "import": "./dist/adapters/reasoning-effort.js"
+    },
     "./execution-mode": {
       "types": "./dist/execution-mode.d.ts",
       "import": "./dist/execution-mode.js"
@@ -82,8 +86,8 @@
     "tsx": "^4.20.6",
     "typescript": "^5.5.0",
     "vitest": "^2.1.8",
-    "@posthog/git": "1.0.0",
-    "@posthog/shared": "1.0.0"
+    "@posthog/shared": "1.0.0",
+    "@posthog/git": "1.0.0"
   },
   "dependencies": {
     "@agentclientprotocol/sdk": "0.16.1",

package/src/acp-extensions.ts

@@ -63,6 +63,9 @@ export const POSTHOG_NOTIFICATIONS = {
 
   /** Token usage update for a session turn */
   USAGE_UPDATE: "_posthog/usage_update",
+
+  /** Response to a relayed permission request (plan approval, question) */
+  PERMISSION_RESPONSE: "_posthog/permission_response",
 } as const;
 
 type NotificationMethod =

package/src/adapters/claude/permissions/permission-handlers.ts

@@ -490,11 +490,17 @@ export async function canUseTool(
     return planFileResult;
   }
 
-  // if (session.permissionMode === "dontAsk") {
-  //   const message = "Tool not pre-approved. Denied by dontAsk mode.";
-  //   await emitToolDenial(context, message);
-  //   return { behavior: "deny", message, interrupt: false };
-  // }
+  // In plan mode, deny tools that aren't in the allowed set. The agent must
+  // write its plan to ~/.claude/plans/ and call ExitPlanMode before it can
+  // use write or bash tools. Without this guard, cloud runs auto-approve
+  // restricted tools and the agent skips planning entirely.
+  if (session.permissionMode === "plan") {
+    const message =
+      "This tool is not available in plan mode. Write your plan " +
+      `to a file in ${getClaudePlansDir()} and call ExitPlanMode when ready.`;
+    await emitToolDenial(context, message);
+    return { behavior: "deny", message, interrupt: false };
+  }
 
   return handleDefaultPermissionFlow(context);
 }

package/src/adapters/codex/models.ts

@@ -0,0 +1,16 @@
+interface ReasoningEffortOption {
+  value: string;
+  name: string;
+}
+
+const CODEX_REASONING_EFFORT_OPTIONS: ReasoningEffortOption[] = [
+  { value: "low", name: "Low" },
+  { value: "medium", name: "Medium" },
+  { value: "high", name: "High" },
+];
+
+export function getReasoningEffortOptions(
+  _modelId: string,
+): ReasoningEffortOption[] {
+  return CODEX_REASONING_EFFORT_OPTIONS;
+}

package/src/adapters/codex/spawn.ts

@@ -11,6 +11,7 @@ export interface CodexProcessOptions {
   apiBaseUrl?: string;
   apiKey?: string;
   model?: string;
+  reasoningEffort?: string;
   instructions?: string;
   binaryPath?: string;
   logger?: Logger;
@@ -52,6 +53,10 @@ function buildConfigArgs(options: CodexProcessOptions): string[] {
     args.push("-c", `model="${options.model}"`);
   }
 
+  if (options.reasoningEffort) {
+    args.push("-c", `model_reasoning_effort="${options.reasoningEffort}"`);
+  }
+
   if (options.instructions) {
     const escaped = options.instructions
       .replace(/\\/g, "\\\\")

package/src/adapters/reasoning-effort.ts

@@ -0,0 +1,35 @@
+import { getEffortOptions as getClaudeEffortOptions } from "./claude/session/models";
+import { getReasoningEffortOptions as getCodexReasoningEffortOptions } from "./codex/models";
+
+export type RuntimeAdapter = "claude" | "codex";
+
+export type SupportedReasoningEffort = "low" | "medium" | "high" | "max";
+
+export interface ReasoningEffortOption {
+  value: SupportedReasoningEffort;
+  name: string;
+}
+
+export function getReasoningEffortOptions(
+  adapter: RuntimeAdapter,
+  modelId: string,
+): ReasoningEffortOption[] | null {
+  const options =
+    adapter === "codex"
+      ? getCodexReasoningEffortOptions(modelId)
+      : getClaudeEffortOptions(modelId);
+
+  return options as ReasoningEffortOption[] | null;
+}
+
+export function isSupportedReasoningEffort(
+  adapter: RuntimeAdapter,
+  modelId: string,
+  value: string,
+): value is SupportedReasoningEffort {
+  return (
+    getReasoningEffortOptions(adapter, modelId)?.some(
+      (option) => option.value === value,
+    ) ?? false
+  );
+}

package/src/server/agent-server.test.ts

@@ -21,6 +21,17 @@ interface TestableServer {
   detectedPrUrl: string | null;
   buildCloudSystemPrompt(prUrl?: string | null): string;
   buildDetectedPrContext(prUrl: string): string;
+  buildSessionSystemPrompt(prUrl?: string | null): string | { append: string };
+  buildCodexInstructions(systemPrompt: string | { append: string }): string;
+  getRuntimeAdapter(): "claude" | "codex";
+}
+
+let nextTestPort = 20000;
+
+function getNextTestPort(): number {
+  const port = nextTestPort;
+  nextTestPort += 1;
+  return port;
 }
 
 // The Claude Agent SDK has an internal readMessages() loop that rejects with
@@ -112,14 +123,16 @@ JwIDAQAB
 
 describe("AgentServer HTTP Mode", () => {
   let repo: TestRepo;
-  let server: AgentServer;
+  let server: AgentServer | undefined;
   let mswServer: SetupServerApi;
   let appendLogCalls: unknown[][];
-  const port = 3099;
+  let port: number;
 
   beforeEach(async () => {
     repo = await createTestRepo("agent-server-http");
     appendLogCalls = [];
+    // Use a unique high port per test to avoid reuse and browser-blocked ports.
+    port = getNextTestPort();
     mswServer = setupServer(
       ...createPostHogHandlers({
         baseUrl: "http://localhost:8000",
@@ -132,12 +145,15 @@ describe("AgentServer HTTP Mode", () => {
   afterEach(async () => {
     if (server) {
       await server.stop();
+      server = undefined;
     }
     mswServer.close();
     await repo.cleanup();
   });
 
-  const createServer = () => {
+  const createServer = (
+    overrides: Partial<ConstructorParameters<typeof AgentServer>[0]> = {},
+  ) => {
     server = new AgentServer({
       port,
       jwtPublicKey: TEST_PUBLIC_KEY,
@@ -148,6 +164,7 @@ describe("AgentServer HTTP Mode", () => {
       mode: "interactive",
       taskId: "test-task-id",
       runId: "test-run-id",
+      ...overrides,
     });
     return server;
   };
@@ -176,7 +193,7 @@ describe("AgentServer HTTP Mode", () => {
 
       expect(response.status).toBe(200);
       expect(body).toEqual({ status: "ok", hasSession: true });
-    });
+    }, 30000);
   });
 
   describe("GET /events", () => {
@@ -188,7 +205,7 @@ describe("AgentServer HTTP Mode", () => {
 
       expect(response.status).toBe(401);
       expect(body.error).toBe("Missing authorization header");
-    });
+    }, 20000);
 
     it("returns 401 with invalid token", async () => {
       await createServer().start();
@@ -200,7 +217,7 @@ describe("AgentServer HTTP Mode", () => {
 
       expect(response.status).toBe(401);
       expect(body.code).toBe("invalid_signature");
-    });
+    }, 20000);
 
     it("accepts valid JWT and returns SSE stream", async () => {
       await createServer().start();
@@ -212,7 +229,7 @@ describe("AgentServer HTTP Mode", () => {
 
       expect(response.status).toBe(200);
       expect(response.headers.get("content-type")).toBe("text/event-stream");
-    });
+    }, 20000);
   });
 
   describe("POST /command", () => {
@@ -230,7 +247,7 @@ describe("AgentServer HTTP Mode", () => {
       });
 
       expect(response.status).toBe(401);
-    });
+    }, 20000);
 
     it("returns 400 when run_id does not match active session", async () => {
       await createServer().start();
@@ -252,7 +269,7 @@ describe("AgentServer HTTP Mode", () => {
       expect(response.status).toBe(400);
       const body = await response.json();
       expect(body.error).toBe("No active session for this run");
-    });
+    }, 20000);
 
     it("accepts structured user_message content", async () => {
       await createServer().start();
@@ -276,7 +293,7 @@ describe("AgentServer HTTP Mode", () => {
       expect(response.status).toBe(400);
       const body = await response.json();
       expect(body.error).toBe("No active session for this run");
-    });
+    }, 20000);
   });
 
   describe("404 handling", () => {
@@ -288,7 +305,7 @@ describe("AgentServer HTTP Mode", () => {
 
       expect(response.status).toBe(404);
       expect(body.error).toBe("Not found");
-    });
+    }, 20000);
   });
 
   describe("getInitialPromptOverride", () => {
@@ -335,6 +352,48 @@ describe("AgentServer HTTP Mode", () => {
     });
   });
 
+  describe("runtime adapter selection", () => {
+    it("defaults to claude when no runtime adapter is configured", () => {
+      const s = createServer();
+
+      expect((s as unknown as TestableServer).getRuntimeAdapter()).toBe(
+        "claude",
+      );
+    });
+
+    it("uses codex when the runtime adapter is configured", () => {
+      const s = createServer({ runtimeAdapter: "codex" });
+
+      expect((s as unknown as TestableServer).getRuntimeAdapter()).toBe(
+        "codex",
+      );
+    });
+
+    it("flattens append-style prompts into plain codex instructions", () => {
+      const s = createServer({
+        claudeCode: {
+          systemPrompt: {
+            type: "preset",
+            preset: "claude_code",
+            append: "User codex instructions",
+          },
+        },
+      });
+
+      const sessionPrompt = (
+        s as unknown as TestableServer
+      ).buildSessionSystemPrompt("https://github.com/PostHog/code/pull/1");
+
+      expect(typeof sessionPrompt).toBe("object");
+      expect(
+        (s as unknown as TestableServer).buildCodexInstructions(sessionPrompt),
+      ).toContain("User codex instructions");
+      expect(
+        (s as unknown as TestableServer).buildCodexInstructions(sessionPrompt),
+      ).toContain("Cloud Task Execution");
+    });
+  });
+
   describe("detectedPrUrl tracking", () => {
     it("stores PR URL when detectAndAttachPrUrl finds a match", () => {
       const s = createServer();