@posthog/agent 2.3.261 → 2.3.267

package/src/server/agent-server.ts

@@ -18,6 +18,8 @@ import {
   type InProcessAcpConnection,
 } from "../adapters/acp-connection";
 import { selectRecentTurns } from "../adapters/claude/session/jsonl-hydration";
+import type { CodeExecutionMode } from "../execution-mode";
+import { DEFAULT_CODEX_MODEL } from "../gateway-models";
 import { PostHogAPIClient } from "../posthog-api";
 import {
   type ConversationTurn,
@@ -161,6 +163,24 @@ interface ActiveSession {
   sseController: SseController | null;
   deviceInfo: DeviceInfo;
   logWriter: SessionLogWriter;
+  /** Current permission mode, tracked for relay decisions */
+  permissionMode: CodeExecutionMode;
+  /** Whether a desktop client has ever connected via SSE during this session */
+  hasDesktopConnected: boolean;
+}
+
+function getTaskRunStateString(
+  taskRun: TaskRun | null,
+  key: string,
+): string | null {
+  const state = taskRun?.state;
+
+  if (!state || typeof state !== "object") {
+    return null;
+  }
+
+  const value = (state as Record<string, unknown>)[key];
+  return typeof value === "string" ? value : null;
 }
 
 export class AgentServer {
@@ -180,6 +200,15 @@ export class AgentServer {
   // causing a second session to be created and duplicate Slack messages to be sent.
   private initializationPromise: Promise<void> | null = null;
   private pendingEvents: Record<string, unknown>[] = [];
+  private pendingPermissions = new Map<
+    string,
+    {
+      resolve: (response: {
+        outcome: { outcome: "selected"; optionId: string };
+        _meta?: Record<string, unknown>;
+      }) => void;
+    }
+  >();
 
   private detachSseController(controller: SseController): void {
     if (this.session?.sseController === controller) {
@@ -228,10 +257,18 @@ export class AgentServer {
     this.app = this.createApp();
   }
 
+  private getRuntimeAdapter(): "claude" | "codex" {
+    return this.config.runtimeAdapter ?? "claude";
+  }
+
   private getEffectiveMode(payload: JwtPayload): AgentMode {
     return payload.mode ?? this.config.mode;
   }
 
+  private getSessionPermissionMode(): CodeExecutionMode {
+    return this.session?.permissionMode ?? "default";
+  }
+
   private createApp(): Hono {
     const app = new Hono();
 
@@ -285,6 +322,7 @@ export class AgentServer {
             await this.initializeSession(payload, sseController);
           } else {
             this.session.sseController = sseController;
+            this.session.hasDesktopConnected = true;
             this.replayPendingEvents();
           }
 
@@ -579,6 +617,51 @@ export class AgentServer {
         return { closed: true };
       }
 
+      case "posthog/set_config_option":
+      case "set_config_option": {
+        const configId = params.configId as string;
+        const value = params.value as string;
+
+        this.logger.info("Set config option requested", { configId, value });
+
+        const result =
+          await this.session.clientConnection.setSessionConfigOption({
+            sessionId: this.session.acpSessionId,
+            configId,
+            value,
+          });
+
+        return {
+          configOptions: result.configOptions,
+        };
+      }
+
+      case POSTHOG_NOTIFICATIONS.PERMISSION_RESPONSE:
+      case "permission_response": {
+        const requestId = params.requestId as string;
+        const optionId = params.optionId as string;
+        const customInput = params.customInput as string | undefined;
+        const answers = params.answers as Record<string, string> | undefined;
+
+        this.logger.info("Permission response received", {
+          requestId,
+          optionId,
+        });
+
+        const resolved = this.resolvePermission(
+          requestId,
+          optionId,
+          customInput,
+          answers,
+        );
+        if (!resolved) {
+          throw new Error(
+            `No pending permission request found for id: ${requestId}`,
+          );
+        }
+        return { resolved: true };
+      }
+
       default:
         throw new Error(`Unknown method: ${method}`);
     }
@@ -638,6 +721,39 @@ export class AgentServer {
 
     this.configureEnvironment();
 
+    const [preTaskRun, preTask] = await Promise.all([
+      this.posthogAPI
+        .getTaskRun(payload.task_id, payload.run_id)
+        .catch((err) => {
+          this.logger.warn("Failed to fetch task run for session context", {
+            taskId: payload.task_id,
+            runId: payload.run_id,
+            error: err,
+          });
+          return null;
+        }),
+      this.posthogAPI.getTask(payload.task_id).catch((err) => {
+        this.logger.warn("Failed to fetch task for session context", {
+          taskId: payload.task_id,
+          error: err,
+        });
+        return null;
+      }),
+    ]);
+
+    const prUrl = getTaskRunStateString(preTaskRun, "slack_notified_pr_url");
+
+    if (prUrl) {
+      this.detectedPrUrl = prUrl;
+    }
+
+    const runtimeAdapter = this.getRuntimeAdapter();
+    const sessionSystemPrompt = this.buildSessionSystemPrompt(prUrl);
+    const codexInstructions =
+      runtimeAdapter === "codex"
+        ? this.buildCodexInstructions(sessionSystemPrompt)
+        : undefined;
+
     const posthogAPI = new PostHogAPIClient({
       apiUrl: this.config.apiUrl,
       projectId: this.config.projectId,
@@ -661,10 +777,23 @@ export class AgentServer {
     });
 
     const acpConnection = createAcpConnection({
+      adapter: runtimeAdapter,
       taskRunId: payload.run_id,
       taskId: payload.task_id,
       deviceType: deviceInfo.type,
       logWriter,
+      logger: this.logger,
+      codexOptions:
+        runtimeAdapter === "codex"
+          ? {
+              cwd: this.config.repositoryPath ?? "/tmp/workspace",
+              apiBaseUrl: process.env.OPENAI_BASE_URL,
+              apiKey: this.config.apiKey,
+              model: this.config.model ?? DEFAULT_CODEX_MODEL,
+              reasoningEffort: this.config.reasoningEffort,
+              instructions: codexInstructions,
+            }
+          : undefined,
       onStructuredOutput: async (output) => {
         await this.posthogAPI.setTaskRunOutput(
           payload.task_id,
@@ -709,50 +838,34 @@ export class AgentServer {
       clientCapabilities: {},
     });
 
-    const [preTaskRun, preTask] = await Promise.all([
-      this.posthogAPI
-        .getTaskRun(payload.task_id, payload.run_id)
-        .catch((err) => {
-          this.logger.warn("Failed to fetch task run for session context", {
-            taskId: payload.task_id,
-            runId: payload.run_id,
-            error: err,
-          });
-          return null;
-        }),
-      this.posthogAPI.getTask(payload.task_id).catch((err) => {
-        this.logger.warn("Failed to fetch task for session context", {
-          taskId: payload.task_id,
-          error: err,
-        });
-        return null;
-      }),
-    ]);
-
-    const prUrl =
-      typeof (preTaskRun?.state as Record<string, unknown>)
-        ?.slack_notified_pr_url === "string"
-        ? ((preTaskRun?.state as Record<string, unknown>)
-            .slack_notified_pr_url as string)
-        : null;
-
-    if (prUrl) {
-      this.detectedPrUrl = prUrl;
-    }
-
+    const runState = preTaskRun?.state as Record<string, unknown> | undefined;
+    // Cloud runs default to bypassPermissions (auto-approve everything).
+    // Only PostHog Code sets initial_permission_mode explicitly (e.g., "plan").
+    const initialPermissionMode: CodeExecutionMode =
+      typeof runState?.initial_permission_mode === "string"
+        ? (runState.initial_permission_mode as CodeExecutionMode)
+        : "bypassPermissions";
     const sessionResponse = await clientConnection.newSession({
       cwd: this.config.repositoryPath ?? "/tmp/workspace",
       mcpServers: this.config.mcpServers ?? [],
       _meta: {
         sessionId: payload.run_id,
         taskRunId: payload.run_id,
-        systemPrompt: this.buildSessionSystemPrompt(prUrl),
+        systemPrompt: sessionSystemPrompt,
+        ...(this.config.model && { model: this.config.model }),
         allowedDomains: this.config.allowedDomains,
         jsonSchema: preTask?.json_schema ?? null,
+        permissionMode: initialPermissionMode,
         ...(this.config.claudeCode?.plugins?.length && {
           claudeCode: {
             options: {
-              plugins: this.config.claudeCode.plugins,
+              ...(this.config.claudeCode?.plugins?.length && {
+                plugins: this.config.claudeCode.plugins,
+              }),
+              ...(runtimeAdapter === "claude" &&
+                this.config.reasoningEffort && {
+                  effort: this.config.reasoningEffort,
+                }),
             },
           },
         }),
@@ -774,6 +887,8 @@ export class AgentServer {
       sseController,
       deviceInfo,
       logWriter,
+      permissionMode: initialPermissionMode,
+      hasDesktopConnected: sseController !== null,
     };
 
     this.logger = new Logger({
@@ -791,6 +906,7 @@ export class AgentServer {
     this.logger.info(
       `Agent version: ${this.config.version ?? packageJson.version}`,
     );
+    this.logger.info(`Initial permission mode: ${initialPermissionMode}`);
 
     // Signal in_progress so the UI can start polling for updates
     this.posthogAPI
@@ -1121,6 +1237,14 @@ export class AgentServer {
     return { append: cloudAppend };
   }
 
+  private buildCodexInstructions(
+    systemPrompt: string | { append: string },
+  ): string {
+    return typeof systemPrompt === "string"
+      ? systemPrompt
+      : systemPrompt.append;
+  }
+
   private getCloudInteractionOrigin(): string | undefined {
     return (
       process.env.POSTHOG_CODE_INTERACTION_ORIGIN ??
@@ -1429,12 +1553,10 @@ ${attributionInstructions}
       requestPermission: async (
         params: RequestPermissionRequest,
       ): Promise<RequestPermissionResponse> => {
-        // Background mode: always auto-approve permissions
-        // Interactive mode: also auto-approve for now (user can monitor via SSE)
-        // Future: interactive mode could pause and wait for user approval via SSE
         this.logger.debug("Permission request", {
           mode,
           interactionOrigin,
+          kind: params.toolCall?.kind,
           options: params.options,
         });
 
@@ -1444,8 +1566,11 @@ ${attributionInstructions}
         const selectedOptionId =
           allowOption?.optionId ?? params.options[0].optionId;
 
+        const codeToolKind = params.toolCall?._meta?.codeToolKind;
+        const isPlanApproval = params.toolCall?.kind === "switch_mode";
+
+        // Relay questions to Slack when interaction originated there
         if (interactionOrigin === "slack") {
-          const codeToolKind = params.toolCall?._meta?.codeToolKind;
           if (codeToolKind === "question") {
             return this.buildSlackQuestionRelayResponse(
               payload,
@@ -1454,6 +1579,27 @@ ${attributionInstructions}
           }
         }
 
+        // Relay permission requests to the desktop app when:
+        // - Questions: always relay (need human answers regardless of mode)
+        // - Plan approvals: always relay
+        // - Edit/bash in "default" mode: relay for manual approval
+        // Other modes auto-approve. No client connected → auto-approve.
+        {
+          const isQuestion = codeToolKind === "question";
+          const sessionPermissionMode = this.getSessionPermissionMode();
+          const needsRelay =
+            isQuestion || isPlanApproval || sessionPermissionMode === "default";
+
+          if (needsRelay && this.session?.hasDesktopConnected) {
+            this.logger.info("Relaying permission to connected client", {
+              kind: params.toolCall?.kind,
+              isQuestion,
+              sessionPermissionMode,
+            });
+            return this.relayPermissionToClient(params);
+          }
+        }
+
         if (this.shouldBlockPublishPermission(params)) {
           return {
             outcome: { outcome: "cancelled" },
@@ -1481,6 +1627,19 @@ ${attributionInstructions}
         sessionId: string;
         update?: Record<string, unknown>;
       }) => {
+        // Track permission mode changes for relay decisions
+        if (
+          params.update?.sessionUpdate === "current_mode_update" &&
+          typeof params.update?.currentModeId === "string" &&
+          this.session
+        ) {
+          this.session.permissionMode = params.update
+            .currentModeId as CodeExecutionMode;
+          this.logger.info("Permission mode updated", {
+            mode: params.update.currentModeId,
+          });
+        }
+
         // session/update notifications flow through the tapped stream (like local transport)
         // Only handle tree state capture for file changes here
         if (params.update?.sessionUpdate === "tool_call_update") {
@@ -1730,6 +1889,16 @@ ${attributionInstructions}
       this.logger.error("Failed to flush session logs", error);
     }
 
+    // Drain pending permissions before ACP cleanup to avoid deadlocks —
+    // cleanup may await operations that are blocked on a permission response.
+    for (const [, pending] of this.pendingPermissions) {
+      pending.resolve({
+        outcome: { outcome: "selected", optionId: "reject" },
+        _meta: { customInput: "Session is shutting down." },
+      });
+    }
+    this.pendingPermissions.clear();
+
     try {
       await this.session.acpConnection.cleanup();
     } catch (error) {
@@ -1823,4 +1992,55 @@ ${attributionInstructions}
       this.detachSseController(controller);
     }
   }
+
+  /**
+   * Relay a permission request (e.g., plan approval) to the connected desktop
+   * app via SSE and wait for a response via the `/command` endpoint.
+   *
+   * The promise waits indefinitely — if SSE is disconnected, the event is
+   * buffered by broadcastEvent and replayed when the client reconnects. Session
+   * cleanup force-resolves all pending permissions, so there is no leak.
+   */
+  private relayPermissionToClient(params: {
+    options: Array<{ kind: string; optionId: string; name?: string }>;
+    toolCall?: Record<string, unknown> | null;
+  }): Promise<{
+    outcome: { outcome: "selected"; optionId: string };
+    _meta?: Record<string, unknown>;
+  }> {
+    const requestId = crypto.randomUUID();
+
+    this.broadcastEvent({
+      type: "permission_request",
+      requestId,
+      options: params.options,
+      toolCall: params.toolCall,
+    });
+
+    return new Promise((resolve) => {
+      this.pendingPermissions.set(requestId, { resolve });
+    });
+  }
+
+  private resolvePermission(
+    requestId: string,
+    optionId: string,
+    customInput?: string,
+    answers?: Record<string, string>,
+  ): boolean {
+    const pending = this.pendingPermissions.get(requestId);
+    if (!pending) return false;
+
+    this.pendingPermissions.delete(requestId);
+
+    const meta: Record<string, unknown> = {};
+    if (customInput) meta.customInput = customInput;
+    if (answers) meta.answers = answers;
+
+    pending.resolve({
+      outcome: { outcome: "selected" as const, optionId },
+      ...(Object.keys(meta).length > 0 ? { _meta: meta } : {}),
+    });
+    return true;
+  }
 }

package/src/server/bin.ts

@@ -1,6 +1,7 @@
 #!/usr/bin/env node
 import { Command } from "commander";
 import { z } from "zod/v4";
+import { isSupportedReasoningEffort } from "../adapters/reasoning-effort";
 import { AgentServer } from "./agent-server";
 import { claudeCodeConfigSchema, mcpServersSchema } from "./schemas";
 
@@ -26,6 +27,11 @@ const envSchema = z.object({
     })
     .regex(/^\d+$/, "POSTHOG_PROJECT_ID must be a numeric string")
     .transform((val) => parseInt(val, 10)),
+  POSTHOG_CODE_RUNTIME_ADAPTER: z.enum(["claude", "codex"]).optional(),
+  POSTHOG_CODE_MODEL: z.string().optional(),
+  POSTHOG_CODE_REASONING_EFFORT: z
+    .enum(["low", "medium", "high", "max"])
+    .optional(),
 });
 
 const program = new Command();
@@ -124,6 +130,21 @@ program
           .filter(Boolean)
       : undefined;
 
+    if (
+      env.POSTHOG_CODE_RUNTIME_ADAPTER &&
+      env.POSTHOG_CODE_MODEL &&
+      env.POSTHOG_CODE_REASONING_EFFORT &&
+      !isSupportedReasoningEffort(
+        env.POSTHOG_CODE_RUNTIME_ADAPTER,
+        env.POSTHOG_CODE_MODEL,
+        env.POSTHOG_CODE_REASONING_EFFORT,
+      )
+    ) {
+      program.error(
+        `POSTHOG_CODE_REASONING_EFFORT '${env.POSTHOG_CODE_REASONING_EFFORT}' is not supported for ${env.POSTHOG_CODE_RUNTIME_ADAPTER} model '${env.POSTHOG_CODE_MODEL}'.`,
+      );
+    }
+
     const server = new AgentServer({
       port: parseInt(options.port, 10),
       jwtPublicKey: env.JWT_PUBLIC_KEY,
@@ -139,6 +160,9 @@ program
       baseBranch: options.baseBranch,
       claudeCode,
       allowedDomains,
+      runtimeAdapter: env.POSTHOG_CODE_RUNTIME_ADAPTER,
+      model: env.POSTHOG_CODE_MODEL,
+      reasoningEffort: env.POSTHOG_CODE_REASONING_EFFORT,
     });
 
     process.on("SIGINT", async () => {

package/src/server/schemas.test.ts

@@ -132,4 +132,56 @@ describe("validateCommandParams", () => {
 
     expect(result.success).toBe(false);
   });
+
+  it("accepts valid permission_response", () => {
+    const result = validateCommandParams("permission_response", {
+      requestId: "abc-123",
+      optionId: "acceptEdits",
+    });
+
+    expect(result.success).toBe(true);
+  });
+
+  it("accepts permission_response with customInput", () => {
+    const result = validateCommandParams("permission_response", {
+      requestId: "abc-123",
+      optionId: "reject_with_feedback",
+      customInput: "Please change the approach",
+    });
+
+    expect(result.success).toBe(true);
+  });
+
+  it("rejects permission_response without requestId", () => {
+    const result = validateCommandParams("permission_response", {
+      optionId: "acceptEdits",
+    });
+
+    expect(result.success).toBe(false);
+  });
+
+  it("rejects permission_response without optionId", () => {
+    const result = validateCommandParams("permission_response", {
+      requestId: "abc-123",
+    });
+
+    expect(result.success).toBe(false);
+  });
+
+  it("accepts valid set_config_option", () => {
+    const result = validateCommandParams("set_config_option", {
+      configId: "mode",
+      value: "plan",
+    });
+
+    expect(result.success).toBe(true);
+  });
+
+  it("rejects set_config_option without configId", () => {
+    const result = validateCommandParams("set_config_option", {
+      value: "plan",
+    });
+
+    expect(result.success).toBe(false);
+  });
 });

package/src/server/schemas.ts

@@ -48,6 +48,18 @@ export const userMessageParamsSchema = z.object({
   ]),
 });
 
+export const permissionResponseParamsSchema = z.object({
+  requestId: z.string().min(1, "requestId is required"),
+  optionId: z.string().min(1, "optionId is required"),
+  customInput: z.string().optional(),
+  answers: z.record(z.string(), z.string()).optional(),
+});
+
+export const setConfigOptionParamsSchema = z.object({
+  configId: z.string().min(1, "configId is required"),
+  value: z.string().min(1, "value is required"),
+});
+
 export const commandParamsSchemas = {
   user_message: userMessageParamsSchema,
   "posthog/user_message": userMessageParamsSchema,
@@ -55,6 +67,10 @@ export const commandParamsSchemas = {
   "posthog/cancel": z.object({}).optional(),
   close: z.object({}).optional(),
   "posthog/close": z.object({}).optional(),
+  permission_response: permissionResponseParamsSchema,
+  "posthog/permission_response": permissionResponseParamsSchema,
+  set_config_option: setConfigOptionParamsSchema,
+  "posthog/set_config_option": setConfigOptionParamsSchema,
 } as const;
 
 export type CommandMethod = keyof typeof commandParamsSchemas;

package/src/server/types.ts

@@ -24,4 +24,7 @@ export interface AgentServerConfig {
   baseBranch?: string;
   claudeCode?: ClaudeCodeConfig;
   allowedDomains?: string[];
+  runtimeAdapter?: "claude" | "codex";
+  model?: string;
+  reasoningEffort?: "low" | "medium" | "high" | "max";
 }

package/src/test/mocks/msw-handlers.ts

@@ -20,6 +20,30 @@ export function createPostHogHandlers(options: PostHogHandlersOptions = {}) {
   } = options;
 
   return [
+    // GET local LLM gateway models - session initialization fetches these in the
+    // background for command/model metadata.
+    http.get("http://localhost:3308/:product/v1/models", () => {
+      return HttpResponse.json({
+        object: "list",
+        data: [
+          {
+            id: "claude-opus-4-6",
+            owned_by: "anthropic",
+            context_window: 200000,
+            supports_streaming: true,
+            supports_vision: true,
+          },
+          {
+            id: "gpt-5.4",
+            owned_by: "openai",
+            context_window: 200000,
+            supports_streaming: true,
+            supports_vision: true,
+          },
+        ],
+      });
+    }),
+
     // POST /append_log/ - Agent log entries
     http.post(
       `${baseUrl}/api/projects/:projectId/tasks/:taskId/runs/:runId/append_log/`,