@posthog/agent 2.3.267 → 2.3.278

package/dist/adapters/claude/permissions/permission-options.js

@@ -28,8 +28,8 @@ var availableModes = [
 if (ALLOW_BYPASS) {
   availableModes.push({
     id: "bypassPermissions",
-    name: "Auto-accept Permissions",
-    description: "Auto-accept all permission requests"
+    name: "Bypass Permissions",
+    description: "Bypass all permission prompts"
   });
 }
 var codexModes = [
@@ -48,7 +48,7 @@ if (ALLOW_BYPASS) {
   codexModes.push({
     id: "full-access",
     name: "Full Access",
-    description: "Auto-accept all permission requests"
+    description: "Bypass all permission prompts"
   });
 }
 
@@ -153,7 +153,7 @@ function buildExitPlanModePermissionOptions() {
   if (ALLOW_BYPASS2) {
     options.push({
       kind: "allow_always",
-      name: "Yes, auto-accept all permissions",
+      name: "Yes, bypass all permissions",
       optionId: "bypassPermissions"
     });
   }

package/dist/adapters/claude/permissions/permission-options.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../../src/utils/common.ts","../../../../src/execution-mode.ts","../../../../src/adapters/claude/tools.ts","../../../../src/adapters/claude/permissions/permission-options.ts"],"sourcesContent":["import type { Logger } from \"./logger\";\n\n/**\n * Races an operation against a timeout.\n * Returns success with the value if the operation completes in time,\n * or timeout if the operation takes longer than the specified duration.\n */\nexport async function withTimeout<T>(\n  operation: Promise<T>,\n  timeoutMs: number,\n): Promise<{ result: \"success\"; value: T } | { result: \"timeout\" }> {\n  const timeoutPromise = new Promise<{ result: \"timeout\" }>((resolve) =>\n    setTimeout(() => resolve({ result: \"timeout\" }), timeoutMs),\n  );\n  const operationPromise = operation.then((value) => ({\n    result: \"success\" as const,\n    value,\n  }));\n  return Promise.race([operationPromise, timeoutPromise]);\n}\n\nexport const IS_ROOT =\n  typeof process !== \"undefined\" &&\n  (process.geteuid?.() ?? process.getuid?.()) === 0;\n\nexport function unreachable(value: never, logger: Logger): void {\n  let valueAsString: string;\n  try {\n    valueAsString = JSON.stringify(value);\n  } catch {\n    valueAsString = String(value);\n  }\n  logger.error(`Unexpected case: ${valueAsString}`);\n}\n","import { IS_ROOT } from \"./utils/common\";\n\nexport interface ModeInfo {\n  id: string;\n  name: string;\n  description: string;\n}\n\n// Helper constant that can easily be toggled for env/feature flag/etc\nconst ALLOW_BYPASS = !IS_ROOT;\n\nconst availableModes: ModeInfo[] = [\n  {\n    id: \"default\",\n    name: \"Default\",\n    description: \"Standard behavior, prompts for dangerous operations\",\n  },\n  {\n    id: \"acceptEdits\",\n    name: \"Accept Edits\",\n    description: \"Auto-accept file edit operations\",\n  },\n  {\n    id: \"plan\",\n    name: \"Plan Mode\",\n    description: \"Planning mode, no actual tool execution\",\n  },\n  // {\n  //   id: \"dontAsk\",\n  //   name: \"Don't Ask\",\n  //   description: \"Don't prompt for permissions, deny if not pre-approved\",\n  // },\n];\n\nif (ALLOW_BYPASS) {\n  availableModes.push({\n    id: \"bypassPermissions\",\n    name: \"Auto-accept Permissions\",\n    description: \"Auto-accept all permission requests\",\n  });\n}\n\n// Expose execution mode IDs in type-safe order for type checks\nexport const CODE_EXECUTION_MODES = [\n  \"default\",\n  \"acceptEdits\",\n  \"plan\",\n  // \"dontAsk\",\n  \"bypassPermissions\",\n] as const;\n\nexport type CodeExecutionMode = (typeof CODE_EXECUTION_MODES)[number];\n\nexport function getAvailableModes(): ModeInfo[] {\n  // When IS_ROOT, do not allow bypassPermissions\n  return IS_ROOT\n    ? availableModes.filter((m) => m.id !== \"bypassPermissions\")\n    : availableModes;\n}\n\n// --- Codex-native modes ---\n\nexport const CODEX_NATIVE_MODES = [\"auto\", \"read-only\", \"full-access\"] as const;\n\nexport type CodexNativeMode = (typeof CODEX_NATIVE_MODES)[number];\n\n/** Union of all permission mode IDs across adapters */\nexport type PermissionMode = CodeExecutionMode | CodexNativeMode;\n\nconst codexModes: ModeInfo[] = [\n  {\n    id: \"read-only\",\n    name: \"Read Only\",\n    description: \"Read-only access, no file modifications\",\n  },\n  {\n    id: \"auto\",\n    name: \"Auto\",\n    description: \"Standard behavior, prompts for dangerous operations\",\n  },\n];\n\nif (ALLOW_BYPASS) {\n  codexModes.push({\n    id: \"full-access\",\n    name: \"Full Access\",\n    description: \"Auto-accept all permission requests\",\n  });\n}\n\nexport function getAvailableCodexModes(): ModeInfo[] {\n  return IS_ROOT\n    ? codexModes.filter((m) => m.id !== \"full-access\")\n    : codexModes;\n}\n","export {\n  CODE_EXECUTION_MODES,\n  type CodeExecutionMode,\n  getAvailableModes,\n  type ModeInfo,\n} from \"../../execution-mode\";\n\nimport type { CodeExecutionMode } from \"../../execution-mode\";\nimport { isMcpToolReadOnly } from \"./mcp/tool-metadata\";\n\nexport const READ_TOOLS: Set<string> = new Set([\"Read\", \"NotebookRead\"]);\n\nexport const WRITE_TOOLS: Set<string> = new Set([\n  \"Edit\",\n  \"Write\",\n  \"NotebookEdit\",\n]);\n\nexport const BASH_TOOLS: Set<string> = new Set([\n  \"Bash\",\n  \"BashOutput\",\n  \"KillShell\",\n]);\n\nexport const SEARCH_TOOLS: Set<string> = new Set([\"Glob\", \"Grep\", \"LS\"]);\n\nexport const WEB_TOOLS: Set<string> = new Set([\"WebSearch\", \"WebFetch\"]);\n\nexport const AGENT_TOOLS: Set<string> = new Set([\n  \"Task\",\n  \"Agent\",\n  \"TodoWrite\",\n  \"Skill\",\n]);\n\nconst BASE_ALLOWED_TOOLS = [\n  ...READ_TOOLS,\n  ...SEARCH_TOOLS,\n  ...WEB_TOOLS,\n  ...AGENT_TOOLS,\n];\n\nconst AUTO_ALLOWED_TOOLS: Record<string, Set<string>> = {\n  default: new Set(BASE_ALLOWED_TOOLS),\n  acceptEdits: new Set([...BASE_ALLOWED_TOOLS, ...WRITE_TOOLS]),\n  plan: new Set(BASE_ALLOWED_TOOLS),\n  // dontAsk: new Set(BASE_ALLOWED_TOOLS),\n};\n\nexport function isToolAllowedForMode(\n  toolName: string,\n  mode: CodeExecutionMode,\n): boolean {\n  if (mode === \"bypassPermissions\") {\n    return true;\n  }\n  if (AUTO_ALLOWED_TOOLS[mode]?.has(toolName) === true) {\n    return true;\n  }\n  if (isMcpToolReadOnly(toolName)) {\n    return true;\n  }\n  return false;\n}\n","import type { PermissionUpdate } from \"@anthropic-ai/claude-agent-sdk\";\nimport { IS_ROOT } from \"../../../utils/common\";\nimport { BASH_TOOLS, READ_TOOLS, SEARCH_TOOLS, WRITE_TOOLS } from \"../tools\";\n\nexport interface PermissionOption {\n  kind: \"allow_once\" | \"allow_always\" | \"reject_once\" | \"reject_always\";\n  name: string;\n  optionId: string;\n  _meta?: { description?: string; customInput?: boolean };\n}\n\nfunction permissionOptions(allowAlwaysLabel: string): PermissionOption[] {\n  return [\n    { kind: \"allow_once\", name: \"Yes\", optionId: \"allow\" },\n    { kind: \"allow_always\", name: allowAlwaysLabel, optionId: \"allow_always\" },\n    {\n      kind: \"reject_once\",\n      name: \"No, and tell the agent what to do differently\",\n      optionId: \"reject\",\n      _meta: { customInput: true },\n    },\n  ];\n}\n\nexport function buildPermissionOptions(\n  toolName: string,\n  toolInput: Record<string, unknown>,\n  cwd?: string,\n  suggestions?: PermissionUpdate[],\n): PermissionOption[] {\n  if (BASH_TOOLS.has(toolName)) {\n    const rawRuleContent = suggestions\n      ?.flatMap((s) => (\"rules\" in s ? s.rules : []))\n      .find((r) => r.toolName === \"Bash\" && r.ruleContent)?.ruleContent;\n    const ruleContent = rawRuleContent?.replace(/:?\\*$/, \"\");\n\n    const command = toolInput?.command as string | undefined;\n    const cmdName = command?.split(/\\s+/)[0] ?? \"this command\";\n    const cwdLabel = cwd ? ` in ${cwd}` : \"\";\n    const label = ruleContent ?? `\\`${cmdName}\\` commands`;\n\n    return permissionOptions(\n      `Yes, and don't ask again for ${label}${cwdLabel}`,\n    );\n  }\n\n  if (toolName === \"BashOutput\") {\n    return permissionOptions(\"Yes, allow all background process reads\");\n  }\n\n  if (toolName === \"KillShell\") {\n    return permissionOptions(\"Yes, allow killing processes\");\n  }\n\n  if (WRITE_TOOLS.has(toolName)) {\n    return permissionOptions(\"Yes, allow all edits during this session\");\n  }\n\n  if (READ_TOOLS.has(toolName)) {\n    return permissionOptions(\"Yes, allow all reads during this session\");\n  }\n\n  if (SEARCH_TOOLS.has(toolName)) {\n    return permissionOptions(\"Yes, allow all searches during this session\");\n  }\n\n  if (toolName === \"WebFetch\") {\n    const url = toolInput?.url as string | undefined;\n    let domain = \"\";\n    try {\n      domain = url ? new URL(url).hostname : \"\";\n    } catch {}\n    return permissionOptions(\n      domain\n        ? `Yes, allow all fetches from ${domain}`\n        : \"Yes, allow all fetches\",\n    );\n  }\n\n  if (toolName === \"WebSearch\") {\n    return permissionOptions(\"Yes, allow all web searches\");\n  }\n\n  if (toolName === \"Task\") {\n    return permissionOptions(\"Yes, allow all sub-tasks\");\n  }\n\n  if (toolName === \"TodoWrite\") {\n    return permissionOptions(\"Yes, allow all todo updates\");\n  }\n\n  return permissionOptions(\"Yes, always allow\");\n}\n\nconst ALLOW_BYPASS = !IS_ROOT || !!process.env.IS_SANDBOX;\n\nexport function buildExitPlanModePermissionOptions(): PermissionOption[] {\n  const options: PermissionOption[] = [];\n\n  if (ALLOW_BYPASS) {\n    options.push({\n      kind: \"allow_always\",\n      name: \"Yes, auto-accept all permissions\",\n      optionId: \"bypassPermissions\",\n    });\n  }\n\n  options.push(\n    {\n      kind: \"allow_always\",\n      name: \"Yes, and auto-accept edits\",\n      optionId: \"acceptEdits\",\n    },\n    {\n      kind: \"allow_once\",\n      name: \"Yes, and manually approve edits\",\n      optionId: \"default\",\n    },\n    {\n      kind: \"reject_once\",\n      name: \"No, and tell the agent what to do differently\",\n      optionId: \"reject_with_feedback\",\n      _meta: { customInput: true },\n    },\n  );\n\n  return options;\n}\n"],"mappings":";AAqBO,IAAM,UACX,OAAO,YAAY,gBAClB,QAAQ,UAAU,KAAK,QAAQ,SAAS,OAAO;;;ACdlD,IAAM,eAAe,CAAC;AAEtB,IAAM,iBAA6B;AAAA,EACjC;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA;AAAA;AAAA;AAAA;AAAA;AAMF;AAEA,IAAI,cAAc;AAChB,iBAAe,KAAK;AAAA,IAClB,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf,CAAC;AACH;AA6BA,IAAM,aAAyB;AAAA,EAC7B;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AACF;AAEA,IAAI,cAAc;AAChB,aAAW,KAAK;AAAA,IACd,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf,CAAC;AACH;;;AC9EO,IAAM,aAA0B,oBAAI,IAAI,CAAC,QAAQ,cAAc,CAAC;AAEhE,IAAM,cAA2B,oBAAI,IAAI;AAAA,EAC9C;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAEM,IAAM,aAA0B,oBAAI,IAAI;AAAA,EAC7C;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAEM,IAAM,eAA4B,oBAAI,IAAI,CAAC,QAAQ,QAAQ,IAAI,CAAC;AAEhE,IAAM,YAAyB,oBAAI,IAAI,CAAC,aAAa,UAAU,CAAC;AAEhE,IAAM,cAA2B,oBAAI,IAAI;AAAA,EAC9C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAED,IAAM,qBAAqB;AAAA,EACzB,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AACL;AAEA,IAAM,qBAAkD;AAAA,EACtD,SAAS,IAAI,IAAI,kBAAkB;AAAA,EACnC,aAAa,oBAAI,IAAI,CAAC,GAAG,oBAAoB,GAAG,WAAW,CAAC;AAAA,EAC5D,MAAM,IAAI,IAAI,kBAAkB;AAAA;AAElC;;;ACpCA,SAAS,kBAAkB,kBAA8C;AACvE,SAAO;AAAA,IACL,EAAE,MAAM,cAAc,MAAM,OAAO,UAAU,QAAQ;AAAA,IACrD,EAAE,MAAM,gBAAgB,MAAM,kBAAkB,UAAU,eAAe;AAAA,IACzE;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,MACV,OAAO,EAAE,aAAa,KAAK;AAAA,IAC7B;AAAA,EACF;AACF;AAEO,SAAS,uBACd,UACA,WACA,KACA,aACoB;AACpB,MAAI,WAAW,IAAI,QAAQ,GAAG;AAC5B,UAAM,iBAAiB,aACnB,QAAQ,CAAC,MAAO,WAAW,IAAI,EAAE,QAAQ,CAAC,CAAE,EAC7C,KAAK,CAAC,MAAM,EAAE,aAAa,UAAU,EAAE,WAAW,GAAG;AACxD,UAAM,cAAc,gBAAgB,QAAQ,SAAS,EAAE;AAEvD,UAAM,UAAU,WAAW;AAC3B,UAAM,UAAU,SAAS,MAAM,KAAK,EAAE,CAAC,KAAK;AAC5C,UAAM,WAAW,MAAM,OAAO,GAAG,KAAK;AACtC,UAAM,QAAQ,eAAe,KAAK,OAAO;AAEzC,WAAO;AAAA,MACL,gCAAgC,KAAK,GAAG,QAAQ;AAAA,IAClD;AAAA,EACF;AAEA,MAAI,aAAa,cAAc;AAC7B,WAAO,kBAAkB,yCAAyC;AAAA,EACpE;AAEA,MAAI,aAAa,aAAa;AAC5B,WAAO,kBAAkB,8BAA8B;AAAA,EACzD;AAEA,MAAI,YAAY,IAAI,QAAQ,GAAG;AAC7B,WAAO,kBAAkB,0CAA0C;AAAA,EACrE;AAEA,MAAI,WAAW,IAAI,QAAQ,GAAG;AAC5B,WAAO,kBAAkB,0CAA0C;AAAA,EACrE;AAEA,MAAI,aAAa,IAAI,QAAQ,GAAG;AAC9B,WAAO,kBAAkB,6CAA6C;AAAA,EACxE;AAEA,MAAI,aAAa,YAAY;AAC3B,UAAM,MAAM,WAAW;AACvB,QAAI,SAAS;AACb,QAAI;AACF,eAAS,MAAM,IAAI,IAAI,GAAG,EAAE,WAAW;AAAA,IACzC,QAAQ;AAAA,IAAC;AACT,WAAO;AAAA,MACL,SACI,+BAA+B,MAAM,KACrC;AAAA,IACN;AAAA,EACF;AAEA,MAAI,aAAa,aAAa;AAC5B,WAAO,kBAAkB,6BAA6B;AAAA,EACxD;AAEA,MAAI,aAAa,QAAQ;AACvB,WAAO,kBAAkB,0BAA0B;AAAA,EACrD;AAEA,MAAI,aAAa,aAAa;AAC5B,WAAO,kBAAkB,6BAA6B;AAAA,EACxD;AAEA,SAAO,kBAAkB,mBAAmB;AAC9C;AAEA,IAAMA,gBAAe,CAAC,WAAW,CAAC,CAAC,QAAQ,IAAI;AAExC,SAAS,qCAAyD;AACvE,QAAM,UAA8B,CAAC;AAErC,MAAIA,eAAc;AAChB,YAAQ,KAAK;AAAA,MACX,MAAM;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,UAAQ;AAAA,IACN;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,MACV,OAAO,EAAE,aAAa,KAAK;AAAA,IAC7B;AAAA,EACF;AAEA,SAAO;AACT;","names":["ALLOW_BYPASS"]}
+{"version":3,"sources":["../../../../src/utils/common.ts","../../../../src/execution-mode.ts","../../../../src/adapters/claude/tools.ts","../../../../src/adapters/claude/permissions/permission-options.ts"],"sourcesContent":["import type { Logger } from \"./logger\";\n\n/**\n * Races an operation against a timeout.\n * Returns success with the value if the operation completes in time,\n * or timeout if the operation takes longer than the specified duration.\n */\nexport async function withTimeout<T>(\n  operation: Promise<T>,\n  timeoutMs: number,\n): Promise<{ result: \"success\"; value: T } | { result: \"timeout\" }> {\n  const timeoutPromise = new Promise<{ result: \"timeout\" }>((resolve) =>\n    setTimeout(() => resolve({ result: \"timeout\" }), timeoutMs),\n  );\n  const operationPromise = operation.then((value) => ({\n    result: \"success\" as const,\n    value,\n  }));\n  return Promise.race([operationPromise, timeoutPromise]);\n}\n\nexport const IS_ROOT =\n  typeof process !== \"undefined\" &&\n  (process.geteuid?.() ?? process.getuid?.()) === 0;\n\nexport function unreachable(value: never, logger: Logger): void {\n  let valueAsString: string;\n  try {\n    valueAsString = JSON.stringify(value);\n  } catch {\n    valueAsString = String(value);\n  }\n  logger.error(`Unexpected case: ${valueAsString}`);\n}\n","import { IS_ROOT } from \"./utils/common\";\n\nexport interface ModeInfo {\n  id: string;\n  name: string;\n  description: string;\n}\n\n// Helper constant that can easily be toggled for env/feature flag/etc\nconst ALLOW_BYPASS = !IS_ROOT;\n\nconst availableModes: ModeInfo[] = [\n  {\n    id: \"default\",\n    name: \"Default\",\n    description: \"Standard behavior, prompts for dangerous operations\",\n  },\n  {\n    id: \"acceptEdits\",\n    name: \"Accept Edits\",\n    description: \"Auto-accept file edit operations\",\n  },\n  {\n    id: \"plan\",\n    name: \"Plan Mode\",\n    description: \"Planning mode, no actual tool execution\",\n  },\n  // {\n  //   id: \"dontAsk\",\n  //   name: \"Don't Ask\",\n  //   description: \"Don't prompt for permissions, deny if not pre-approved\",\n  // },\n];\n\nif (ALLOW_BYPASS) {\n  availableModes.push({\n    id: \"bypassPermissions\",\n    name: \"Bypass Permissions\",\n    description: \"Bypass all permission prompts\",\n  });\n}\n\n// Expose execution mode IDs in type-safe order for type checks\nexport const CODE_EXECUTION_MODES = [\n  \"default\",\n  \"acceptEdits\",\n  \"plan\",\n  // \"dontAsk\",\n  \"bypassPermissions\",\n] as const;\n\nexport type CodeExecutionMode = (typeof CODE_EXECUTION_MODES)[number];\n\nexport function getAvailableModes(): ModeInfo[] {\n  // When IS_ROOT, do not allow bypassPermissions\n  return IS_ROOT\n    ? availableModes.filter((m) => m.id !== \"bypassPermissions\")\n    : availableModes;\n}\n\n// --- Codex-native modes ---\n\nexport const CODEX_NATIVE_MODES = [\"auto\", \"read-only\", \"full-access\"] as const;\n\nexport type CodexNativeMode = (typeof CODEX_NATIVE_MODES)[number];\n\n/** Union of all permission mode IDs across adapters */\nexport type PermissionMode = CodeExecutionMode | CodexNativeMode;\n\nconst codexModes: ModeInfo[] = [\n  {\n    id: \"read-only\",\n    name: \"Read Only\",\n    description: \"Read-only access, no file modifications\",\n  },\n  {\n    id: \"auto\",\n    name: \"Auto\",\n    description: \"Standard behavior, prompts for dangerous operations\",\n  },\n];\n\nif (ALLOW_BYPASS) {\n  codexModes.push({\n    id: \"full-access\",\n    name: \"Full Access\",\n    description: \"Bypass all permission prompts\",\n  });\n}\n\nexport function getAvailableCodexModes(): ModeInfo[] {\n  return IS_ROOT\n    ? codexModes.filter((m) => m.id !== \"full-access\")\n    : codexModes;\n}\n","export {\n  CODE_EXECUTION_MODES,\n  type CodeExecutionMode,\n  getAvailableModes,\n  type ModeInfo,\n} from \"../../execution-mode\";\n\nimport type { CodeExecutionMode } from \"../../execution-mode\";\nimport { isMcpToolReadOnly } from \"./mcp/tool-metadata\";\n\nexport const READ_TOOLS: Set<string> = new Set([\"Read\", \"NotebookRead\"]);\n\nexport const WRITE_TOOLS: Set<string> = new Set([\n  \"Edit\",\n  \"Write\",\n  \"NotebookEdit\",\n]);\n\nexport const BASH_TOOLS: Set<string> = new Set([\n  \"Bash\",\n  \"BashOutput\",\n  \"KillShell\",\n]);\n\nexport const SEARCH_TOOLS: Set<string> = new Set([\"Glob\", \"Grep\", \"LS\"]);\n\nexport const WEB_TOOLS: Set<string> = new Set([\"WebSearch\", \"WebFetch\"]);\n\nexport const AGENT_TOOLS: Set<string> = new Set([\n  \"Task\",\n  \"Agent\",\n  \"TodoWrite\",\n  \"Skill\",\n]);\n\nconst BASE_ALLOWED_TOOLS = [\n  ...READ_TOOLS,\n  ...SEARCH_TOOLS,\n  ...WEB_TOOLS,\n  ...AGENT_TOOLS,\n];\n\nconst AUTO_ALLOWED_TOOLS: Record<string, Set<string>> = {\n  default: new Set(BASE_ALLOWED_TOOLS),\n  acceptEdits: new Set([...BASE_ALLOWED_TOOLS, ...WRITE_TOOLS]),\n  plan: new Set(BASE_ALLOWED_TOOLS),\n  // dontAsk: new Set(BASE_ALLOWED_TOOLS),\n};\n\nexport function isToolAllowedForMode(\n  toolName: string,\n  mode: CodeExecutionMode,\n): boolean {\n  if (mode === \"bypassPermissions\") {\n    return true;\n  }\n  if (AUTO_ALLOWED_TOOLS[mode]?.has(toolName) === true) {\n    return true;\n  }\n  if (isMcpToolReadOnly(toolName)) {\n    return true;\n  }\n  return false;\n}\n","import type { PermissionUpdate } from \"@anthropic-ai/claude-agent-sdk\";\nimport { IS_ROOT } from \"../../../utils/common\";\nimport { BASH_TOOLS, READ_TOOLS, SEARCH_TOOLS, WRITE_TOOLS } from \"../tools\";\n\nexport interface PermissionOption {\n  kind: \"allow_once\" | \"allow_always\" | \"reject_once\" | \"reject_always\";\n  name: string;\n  optionId: string;\n  _meta?: { description?: string; customInput?: boolean };\n}\n\nfunction permissionOptions(allowAlwaysLabel: string): PermissionOption[] {\n  return [\n    { kind: \"allow_once\", name: \"Yes\", optionId: \"allow\" },\n    { kind: \"allow_always\", name: allowAlwaysLabel, optionId: \"allow_always\" },\n    {\n      kind: \"reject_once\",\n      name: \"No, and tell the agent what to do differently\",\n      optionId: \"reject\",\n      _meta: { customInput: true },\n    },\n  ];\n}\n\nexport function buildPermissionOptions(\n  toolName: string,\n  toolInput: Record<string, unknown>,\n  cwd?: string,\n  suggestions?: PermissionUpdate[],\n): PermissionOption[] {\n  if (BASH_TOOLS.has(toolName)) {\n    const rawRuleContent = suggestions\n      ?.flatMap((s) => (\"rules\" in s ? s.rules : []))\n      .find((r) => r.toolName === \"Bash\" && r.ruleContent)?.ruleContent;\n    const ruleContent = rawRuleContent?.replace(/:?\\*$/, \"\");\n\n    const command = toolInput?.command as string | undefined;\n    const cmdName = command?.split(/\\s+/)[0] ?? \"this command\";\n    const cwdLabel = cwd ? ` in ${cwd}` : \"\";\n    const label = ruleContent ?? `\\`${cmdName}\\` commands`;\n\n    return permissionOptions(\n      `Yes, and don't ask again for ${label}${cwdLabel}`,\n    );\n  }\n\n  if (toolName === \"BashOutput\") {\n    return permissionOptions(\"Yes, allow all background process reads\");\n  }\n\n  if (toolName === \"KillShell\") {\n    return permissionOptions(\"Yes, allow killing processes\");\n  }\n\n  if (WRITE_TOOLS.has(toolName)) {\n    return permissionOptions(\"Yes, allow all edits during this session\");\n  }\n\n  if (READ_TOOLS.has(toolName)) {\n    return permissionOptions(\"Yes, allow all reads during this session\");\n  }\n\n  if (SEARCH_TOOLS.has(toolName)) {\n    return permissionOptions(\"Yes, allow all searches during this session\");\n  }\n\n  if (toolName === \"WebFetch\") {\n    const url = toolInput?.url as string | undefined;\n    let domain = \"\";\n    try {\n      domain = url ? new URL(url).hostname : \"\";\n    } catch {}\n    return permissionOptions(\n      domain\n        ? `Yes, allow all fetches from ${domain}`\n        : \"Yes, allow all fetches\",\n    );\n  }\n\n  if (toolName === \"WebSearch\") {\n    return permissionOptions(\"Yes, allow all web searches\");\n  }\n\n  if (toolName === \"Task\") {\n    return permissionOptions(\"Yes, allow all sub-tasks\");\n  }\n\n  if (toolName === \"TodoWrite\") {\n    return permissionOptions(\"Yes, allow all todo updates\");\n  }\n\n  return permissionOptions(\"Yes, always allow\");\n}\n\nconst ALLOW_BYPASS = !IS_ROOT || !!process.env.IS_SANDBOX;\n\nexport function buildExitPlanModePermissionOptions(): PermissionOption[] {\n  const options: PermissionOption[] = [];\n\n  if (ALLOW_BYPASS) {\n    options.push({\n      kind: \"allow_always\",\n      name: \"Yes, bypass all permissions\",\n      optionId: \"bypassPermissions\",\n    });\n  }\n\n  options.push(\n    {\n      kind: \"allow_always\",\n      name: \"Yes, and auto-accept edits\",\n      optionId: \"acceptEdits\",\n    },\n    {\n      kind: \"allow_once\",\n      name: \"Yes, and manually approve edits\",\n      optionId: \"default\",\n    },\n    {\n      kind: \"reject_once\",\n      name: \"No, and tell the agent what to do differently\",\n      optionId: \"reject_with_feedback\",\n      _meta: { customInput: true },\n    },\n  );\n\n  return options;\n}\n"],"mappings":";AAqBO,IAAM,UACX,OAAO,YAAY,gBAClB,QAAQ,UAAU,KAAK,QAAQ,SAAS,OAAO;;;ACdlD,IAAM,eAAe,CAAC;AAEtB,IAAM,iBAA6B;AAAA,EACjC;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA;AAAA;AAAA;AAAA;AAAA;AAMF;AAEA,IAAI,cAAc;AAChB,iBAAe,KAAK;AAAA,IAClB,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf,CAAC;AACH;AA6BA,IAAM,aAAyB;AAAA,EAC7B;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AACF;AAEA,IAAI,cAAc;AAChB,aAAW,KAAK;AAAA,IACd,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf,CAAC;AACH;;;AC9EO,IAAM,aAA0B,oBAAI,IAAI,CAAC,QAAQ,cAAc,CAAC;AAEhE,IAAM,cAA2B,oBAAI,IAAI;AAAA,EAC9C;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAEM,IAAM,aAA0B,oBAAI,IAAI;AAAA,EAC7C;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAEM,IAAM,eAA4B,oBAAI,IAAI,CAAC,QAAQ,QAAQ,IAAI,CAAC;AAEhE,IAAM,YAAyB,oBAAI,IAAI,CAAC,aAAa,UAAU,CAAC;AAEhE,IAAM,cAA2B,oBAAI,IAAI;AAAA,EAC9C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAED,IAAM,qBAAqB;AAAA,EACzB,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AACL;AAEA,IAAM,qBAAkD;AAAA,EACtD,SAAS,IAAI,IAAI,kBAAkB;AAAA,EACnC,aAAa,oBAAI,IAAI,CAAC,GAAG,oBAAoB,GAAG,WAAW,CAAC;AAAA,EAC5D,MAAM,IAAI,IAAI,kBAAkB;AAAA;AAElC;;;ACpCA,SAAS,kBAAkB,kBAA8C;AACvE,SAAO;AAAA,IACL,EAAE,MAAM,cAAc,MAAM,OAAO,UAAU,QAAQ;AAAA,IACrD,EAAE,MAAM,gBAAgB,MAAM,kBAAkB,UAAU,eAAe;AAAA,IACzE;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,MACV,OAAO,EAAE,aAAa,KAAK;AAAA,IAC7B;AAAA,EACF;AACF;AAEO,SAAS,uBACd,UACA,WACA,KACA,aACoB;AACpB,MAAI,WAAW,IAAI,QAAQ,GAAG;AAC5B,UAAM,iBAAiB,aACnB,QAAQ,CAAC,MAAO,WAAW,IAAI,EAAE,QAAQ,CAAC,CAAE,EAC7C,KAAK,CAAC,MAAM,EAAE,aAAa,UAAU,EAAE,WAAW,GAAG;AACxD,UAAM,cAAc,gBAAgB,QAAQ,SAAS,EAAE;AAEvD,UAAM,UAAU,WAAW;AAC3B,UAAM,UAAU,SAAS,MAAM,KAAK,EAAE,CAAC,KAAK;AAC5C,UAAM,WAAW,MAAM,OAAO,GAAG,KAAK;AACtC,UAAM,QAAQ,eAAe,KAAK,OAAO;AAEzC,WAAO;AAAA,MACL,gCAAgC,KAAK,GAAG,QAAQ;AAAA,IAClD;AAAA,EACF;AAEA,MAAI,aAAa,cAAc;AAC7B,WAAO,kBAAkB,yCAAyC;AAAA,EACpE;AAEA,MAAI,aAAa,aAAa;AAC5B,WAAO,kBAAkB,8BAA8B;AAAA,EACzD;AAEA,MAAI,YAAY,IAAI,QAAQ,GAAG;AAC7B,WAAO,kBAAkB,0CAA0C;AAAA,EACrE;AAEA,MAAI,WAAW,IAAI,QAAQ,GAAG;AAC5B,WAAO,kBAAkB,0CAA0C;AAAA,EACrE;AAEA,MAAI,aAAa,IAAI,QAAQ,GAAG;AAC9B,WAAO,kBAAkB,6CAA6C;AAAA,EACxE;AAEA,MAAI,aAAa,YAAY;AAC3B,UAAM,MAAM,WAAW;AACvB,QAAI,SAAS;AACb,QAAI;AACF,eAAS,MAAM,IAAI,IAAI,GAAG,EAAE,WAAW;AAAA,IACzC,QAAQ;AAAA,IAAC;AACT,WAAO;AAAA,MACL,SACI,+BAA+B,MAAM,KACrC;AAAA,IACN;AAAA,EACF;AAEA,MAAI,aAAa,aAAa;AAC5B,WAAO,kBAAkB,6BAA6B;AAAA,EACxD;AAEA,MAAI,aAAa,QAAQ;AACvB,WAAO,kBAAkB,0BAA0B;AAAA,EACrD;AAEA,MAAI,aAAa,aAAa;AAC5B,WAAO,kBAAkB,6BAA6B;AAAA,EACxD;AAEA,SAAO,kBAAkB,mBAAmB;AAC9C;AAEA,IAAMA,gBAAe,CAAC,WAAW,CAAC,CAAC,QAAQ,IAAI;AAExC,SAAS,qCAAyD;AACvE,QAAM,UAA8B,CAAC;AAErC,MAAIA,eAAc;AAChB,YAAQ,KAAK;AAAA,MACX,MAAM;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,IACZ,CAAC;AAAA,EACH;AAEA,UAAQ;AAAA,IACN;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,IACZ;AAAA,IACA;AAAA,MACE,MAAM;AAAA,MACN,MAAM;AAAA,MACN,UAAU;AAAA,MACV,OAAO,EAAE,aAAa,KAAK;AAAA,IAC7B;AAAA,EACF;AAEA,SAAO;AACT;","names":["ALLOW_BYPASS"]}

package/dist/adapters/claude/tools.js

@@ -28,8 +28,8 @@ var availableModes = [
 if (ALLOW_BYPASS) {
   availableModes.push({
     id: "bypassPermissions",
-    name: "Auto-accept Permissions",
-    description: "Auto-accept all permission requests"
+    name: "Bypass Permissions",
+    description: "Bypass all permission prompts"
   });
 }
 var CODE_EXECUTION_MODES = [
@@ -58,7 +58,7 @@ if (ALLOW_BYPASS) {
   codexModes.push({
     id: "full-access",
     name: "Full Access",
-    description: "Auto-accept all permission requests"
+    description: "Bypass all permission prompts"
   });
 }
 

package/dist/adapters/claude/tools.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../../src/utils/common.ts","../../../src/execution-mode.ts","../../../src/adapters/claude/mcp/tool-metadata.ts","../../../src/adapters/claude/tools.ts"],"sourcesContent":["import type { Logger } from \"./logger\";\n\n/**\n * Races an operation against a timeout.\n * Returns success with the value if the operation completes in time,\n * or timeout if the operation takes longer than the specified duration.\n */\nexport async function withTimeout<T>(\n  operation: Promise<T>,\n  timeoutMs: number,\n): Promise<{ result: \"success\"; value: T } | { result: \"timeout\" }> {\n  const timeoutPromise = new Promise<{ result: \"timeout\" }>((resolve) =>\n    setTimeout(() => resolve({ result: \"timeout\" }), timeoutMs),\n  );\n  const operationPromise = operation.then((value) => ({\n    result: \"success\" as const,\n    value,\n  }));\n  return Promise.race([operationPromise, timeoutPromise]);\n}\n\nexport const IS_ROOT =\n  typeof process !== \"undefined\" &&\n  (process.geteuid?.() ?? process.getuid?.()) === 0;\n\nexport function unreachable(value: never, logger: Logger): void {\n  let valueAsString: string;\n  try {\n    valueAsString = JSON.stringify(value);\n  } catch {\n    valueAsString = String(value);\n  }\n  logger.error(`Unexpected case: ${valueAsString}`);\n}\n","import { IS_ROOT } from \"./utils/common\";\n\nexport interface ModeInfo {\n  id: string;\n  name: string;\n  description: string;\n}\n\n// Helper constant that can easily be toggled for env/feature flag/etc\nconst ALLOW_BYPASS = !IS_ROOT;\n\nconst availableModes: ModeInfo[] = [\n  {\n    id: \"default\",\n    name: \"Default\",\n    description: \"Standard behavior, prompts for dangerous operations\",\n  },\n  {\n    id: \"acceptEdits\",\n    name: \"Accept Edits\",\n    description: \"Auto-accept file edit operations\",\n  },\n  {\n    id: \"plan\",\n    name: \"Plan Mode\",\n    description: \"Planning mode, no actual tool execution\",\n  },\n  // {\n  //   id: \"dontAsk\",\n  //   name: \"Don't Ask\",\n  //   description: \"Don't prompt for permissions, deny if not pre-approved\",\n  // },\n];\n\nif (ALLOW_BYPASS) {\n  availableModes.push({\n    id: \"bypassPermissions\",\n    name: \"Auto-accept Permissions\",\n    description: \"Auto-accept all permission requests\",\n  });\n}\n\n// Expose execution mode IDs in type-safe order for type checks\nexport const CODE_EXECUTION_MODES = [\n  \"default\",\n  \"acceptEdits\",\n  \"plan\",\n  // \"dontAsk\",\n  \"bypassPermissions\",\n] as const;\n\nexport type CodeExecutionMode = (typeof CODE_EXECUTION_MODES)[number];\n\nexport function getAvailableModes(): ModeInfo[] {\n  // When IS_ROOT, do not allow bypassPermissions\n  return IS_ROOT\n    ? availableModes.filter((m) => m.id !== \"bypassPermissions\")\n    : availableModes;\n}\n\n// --- Codex-native modes ---\n\nexport const CODEX_NATIVE_MODES = [\"auto\", \"read-only\", \"full-access\"] as const;\n\nexport type CodexNativeMode = (typeof CODEX_NATIVE_MODES)[number];\n\n/** Union of all permission mode IDs across adapters */\nexport type PermissionMode = CodeExecutionMode | CodexNativeMode;\n\nconst codexModes: ModeInfo[] = [\n  {\n    id: \"read-only\",\n    name: \"Read Only\",\n    description: \"Read-only access, no file modifications\",\n  },\n  {\n    id: \"auto\",\n    name: \"Auto\",\n    description: \"Standard behavior, prompts for dangerous operations\",\n  },\n];\n\nif (ALLOW_BYPASS) {\n  codexModes.push({\n    id: \"full-access\",\n    name: \"Full Access\",\n    description: \"Auto-accept all permission requests\",\n  });\n}\n\nexport function getAvailableCodexModes(): ModeInfo[] {\n  return IS_ROOT\n    ? codexModes.filter((m) => m.id !== \"full-access\")\n    : codexModes;\n}\n","import type { McpServerStatus, Query } from \"@anthropic-ai/claude-agent-sdk\";\nimport { Logger } from \"../../../utils/logger\";\n\nexport interface McpToolMetadata {\n  readOnly: boolean;\n  name: string;\n  description?: string;\n}\n\nconst mcpToolMetadataCache: Map<string, McpToolMetadata> = new Map();\n\nconst PENDING_RETRY_INTERVAL_MS = 1_000;\nconst PENDING_MAX_RETRIES = 10;\n\nfunction buildToolKey(serverName: string, toolName: string): string {\n  return `mcp__${serverName}__${toolName}`;\n}\n\nfunction delay(ms: number): Promise<void> {\n  return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\nexport async function fetchMcpToolMetadata(\n  q: Query,\n  logger: Logger = new Logger({ debug: false, prefix: \"[McpToolMetadata]\" }),\n): Promise<void> {\n  let retries = 0;\n\n  while (retries <= PENDING_MAX_RETRIES) {\n    let statuses: McpServerStatus[];\n    try {\n      statuses = await q.mcpServerStatus();\n    } catch (error) {\n      logger.error(\"Failed to fetch MCP server status\", {\n        error: error instanceof Error ? error.message : String(error),\n      });\n      return;\n    }\n\n    const pendingServers = statuses.filter((s) => s.status === \"pending\");\n\n    for (const server of statuses) {\n      if (server.status !== \"connected\" || !server.tools) {\n        continue;\n      }\n\n      let readOnlyCount = 0;\n      for (const tool of server.tools) {\n        const toolKey = buildToolKey(server.name, tool.name);\n        const readOnly = tool.annotations?.readOnly === true;\n\n        mcpToolMetadataCache.set(toolKey, {\n          readOnly,\n          name: tool.name,\n          description: tool.description,\n        });\n        if (readOnly) readOnlyCount++;\n      }\n\n      logger.info(\"Fetched MCP tool metadata\", {\n        serverName: server.name,\n        toolCount: server.tools.length,\n        readOnlyCount,\n      });\n    }\n\n    if (pendingServers.length === 0) {\n      return;\n    }\n\n    retries++;\n    if (retries > PENDING_MAX_RETRIES) {\n      logger.warn(\"Gave up waiting for pending MCP servers\", {\n        pendingServers: pendingServers.map((s) => s.name),\n      });\n      return;\n    }\n\n    logger.info(\"Waiting for pending MCP servers\", {\n      pendingServers: pendingServers.map((s) => s.name),\n      retry: retries,\n    });\n    await delay(PENDING_RETRY_INTERVAL_MS);\n  }\n}\n\nexport function getMcpToolMetadata(\n  toolName: string,\n): McpToolMetadata | undefined {\n  return mcpToolMetadataCache.get(toolName);\n}\n\nexport function isMcpToolReadOnly(toolName: string): boolean {\n  const metadata = mcpToolMetadataCache.get(toolName);\n  return metadata?.readOnly === true;\n}\n\nexport function getConnectedMcpServerNames(): string[] {\n  const names = new Set<string>();\n  for (const key of mcpToolMetadataCache.keys()) {\n    const parts = key.split(\"__\");\n    if (parts.length >= 3) names.add(parts[1]);\n  }\n  return [...names];\n}\n\nexport function clearMcpToolMetadataCache(): void {\n  mcpToolMetadataCache.clear();\n}\n","export {\n  CODE_EXECUTION_MODES,\n  type CodeExecutionMode,\n  getAvailableModes,\n  type ModeInfo,\n} from \"../../execution-mode\";\n\nimport type { CodeExecutionMode } from \"../../execution-mode\";\nimport { isMcpToolReadOnly } from \"./mcp/tool-metadata\";\n\nexport const READ_TOOLS: Set<string> = new Set([\"Read\", \"NotebookRead\"]);\n\nexport const WRITE_TOOLS: Set<string> = new Set([\n  \"Edit\",\n  \"Write\",\n  \"NotebookEdit\",\n]);\n\nexport const BASH_TOOLS: Set<string> = new Set([\n  \"Bash\",\n  \"BashOutput\",\n  \"KillShell\",\n]);\n\nexport const SEARCH_TOOLS: Set<string> = new Set([\"Glob\", \"Grep\", \"LS\"]);\n\nexport const WEB_TOOLS: Set<string> = new Set([\"WebSearch\", \"WebFetch\"]);\n\nexport const AGENT_TOOLS: Set<string> = new Set([\n  \"Task\",\n  \"Agent\",\n  \"TodoWrite\",\n  \"Skill\",\n]);\n\nconst BASE_ALLOWED_TOOLS = [\n  ...READ_TOOLS,\n  ...SEARCH_TOOLS,\n  ...WEB_TOOLS,\n  ...AGENT_TOOLS,\n];\n\nconst AUTO_ALLOWED_TOOLS: Record<string, Set<string>> = {\n  default: new Set(BASE_ALLOWED_TOOLS),\n  acceptEdits: new Set([...BASE_ALLOWED_TOOLS, ...WRITE_TOOLS]),\n  plan: new Set(BASE_ALLOWED_TOOLS),\n  // dontAsk: new Set(BASE_ALLOWED_TOOLS),\n};\n\nexport function isToolAllowedForMode(\n  toolName: string,\n  mode: CodeExecutionMode,\n): boolean {\n  if (mode === \"bypassPermissions\") {\n    return true;\n  }\n  if (AUTO_ALLOWED_TOOLS[mode]?.has(toolName) === true) {\n    return true;\n  }\n  if (isMcpToolReadOnly(toolName)) {\n    return true;\n  }\n  return false;\n}\n"],"mappings":";AAqBO,IAAM,UACX,OAAO,YAAY,gBAClB,QAAQ,UAAU,KAAK,QAAQ,SAAS,OAAO;;;ACdlD,IAAM,eAAe,CAAC;AAEtB,IAAM,iBAA6B;AAAA,EACjC;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA;AAAA;AAAA;AAAA;AAAA;AAMF;AAEA,IAAI,cAAc;AAChB,iBAAe,KAAK;AAAA,IAClB,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf,CAAC;AACH;AAGO,IAAM,uBAAuB;AAAA,EAClC;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AACF;AAIO,SAAS,oBAAgC;AAE9C,SAAO,UACH,eAAe,OAAO,CAAC,MAAM,EAAE,OAAO,mBAAmB,IACzD;AACN;AAWA,IAAM,aAAyB;AAAA,EAC7B;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AACF;AAEA,IAAI,cAAc;AAChB,aAAW,KAAK;AAAA,IACd,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf,CAAC;AACH;;;AC/EA,IAAM,uBAAqD,oBAAI,IAAI;AAmF5D,SAAS,kBAAkB,UAA2B;AAC3D,QAAM,WAAW,qBAAqB,IAAI,QAAQ;AAClD,SAAO,UAAU,aAAa;AAChC;;;ACrFO,IAAM,aAA0B,oBAAI,IAAI,CAAC,QAAQ,cAAc,CAAC;AAEhE,IAAM,cAA2B,oBAAI,IAAI;AAAA,EAC9C;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAEM,IAAM,aAA0B,oBAAI,IAAI;AAAA,EAC7C;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAEM,IAAM,eAA4B,oBAAI,IAAI,CAAC,QAAQ,QAAQ,IAAI,CAAC;AAEhE,IAAM,YAAyB,oBAAI,IAAI,CAAC,aAAa,UAAU,CAAC;AAEhE,IAAM,cAA2B,oBAAI,IAAI;AAAA,EAC9C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAED,IAAM,qBAAqB;AAAA,EACzB,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AACL;AAEA,IAAM,qBAAkD;AAAA,EACtD,SAAS,IAAI,IAAI,kBAAkB;AAAA,EACnC,aAAa,oBAAI,IAAI,CAAC,GAAG,oBAAoB,GAAG,WAAW,CAAC;AAAA,EAC5D,MAAM,IAAI,IAAI,kBAAkB;AAAA;AAElC;AAEO,SAAS,qBACd,UACA,MACS;AACT,MAAI,SAAS,qBAAqB;AAChC,WAAO;AAAA,EACT;AACA,MAAI,mBAAmB,IAAI,GAAG,IAAI,QAAQ,MAAM,MAAM;AACpD,WAAO;AAAA,EACT;AACA,MAAI,kBAAkB,QAAQ,GAAG;AAC/B,WAAO;AAAA,EACT;AACA,SAAO;AACT;","names":[]}
+{"version":3,"sources":["../../../src/utils/common.ts","../../../src/execution-mode.ts","../../../src/adapters/claude/mcp/tool-metadata.ts","../../../src/adapters/claude/tools.ts"],"sourcesContent":["import type { Logger } from \"./logger\";\n\n/**\n * Races an operation against a timeout.\n * Returns success with the value if the operation completes in time,\n * or timeout if the operation takes longer than the specified duration.\n */\nexport async function withTimeout<T>(\n  operation: Promise<T>,\n  timeoutMs: number,\n): Promise<{ result: \"success\"; value: T } | { result: \"timeout\" }> {\n  const timeoutPromise = new Promise<{ result: \"timeout\" }>((resolve) =>\n    setTimeout(() => resolve({ result: \"timeout\" }), timeoutMs),\n  );\n  const operationPromise = operation.then((value) => ({\n    result: \"success\" as const,\n    value,\n  }));\n  return Promise.race([operationPromise, timeoutPromise]);\n}\n\nexport const IS_ROOT =\n  typeof process !== \"undefined\" &&\n  (process.geteuid?.() ?? process.getuid?.()) === 0;\n\nexport function unreachable(value: never, logger: Logger): void {\n  let valueAsString: string;\n  try {\n    valueAsString = JSON.stringify(value);\n  } catch {\n    valueAsString = String(value);\n  }\n  logger.error(`Unexpected case: ${valueAsString}`);\n}\n","import { IS_ROOT } from \"./utils/common\";\n\nexport interface ModeInfo {\n  id: string;\n  name: string;\n  description: string;\n}\n\n// Helper constant that can easily be toggled for env/feature flag/etc\nconst ALLOW_BYPASS = !IS_ROOT;\n\nconst availableModes: ModeInfo[] = [\n  {\n    id: \"default\",\n    name: \"Default\",\n    description: \"Standard behavior, prompts for dangerous operations\",\n  },\n  {\n    id: \"acceptEdits\",\n    name: \"Accept Edits\",\n    description: \"Auto-accept file edit operations\",\n  },\n  {\n    id: \"plan\",\n    name: \"Plan Mode\",\n    description: \"Planning mode, no actual tool execution\",\n  },\n  // {\n  //   id: \"dontAsk\",\n  //   name: \"Don't Ask\",\n  //   description: \"Don't prompt for permissions, deny if not pre-approved\",\n  // },\n];\n\nif (ALLOW_BYPASS) {\n  availableModes.push({\n    id: \"bypassPermissions\",\n    name: \"Bypass Permissions\",\n    description: \"Bypass all permission prompts\",\n  });\n}\n\n// Expose execution mode IDs in type-safe order for type checks\nexport const CODE_EXECUTION_MODES = [\n  \"default\",\n  \"acceptEdits\",\n  \"plan\",\n  // \"dontAsk\",\n  \"bypassPermissions\",\n] as const;\n\nexport type CodeExecutionMode = (typeof CODE_EXECUTION_MODES)[number];\n\nexport function getAvailableModes(): ModeInfo[] {\n  // When IS_ROOT, do not allow bypassPermissions\n  return IS_ROOT\n    ? availableModes.filter((m) => m.id !== \"bypassPermissions\")\n    : availableModes;\n}\n\n// --- Codex-native modes ---\n\nexport const CODEX_NATIVE_MODES = [\"auto\", \"read-only\", \"full-access\"] as const;\n\nexport type CodexNativeMode = (typeof CODEX_NATIVE_MODES)[number];\n\n/** Union of all permission mode IDs across adapters */\nexport type PermissionMode = CodeExecutionMode | CodexNativeMode;\n\nconst codexModes: ModeInfo[] = [\n  {\n    id: \"read-only\",\n    name: \"Read Only\",\n    description: \"Read-only access, no file modifications\",\n  },\n  {\n    id: \"auto\",\n    name: \"Auto\",\n    description: \"Standard behavior, prompts for dangerous operations\",\n  },\n];\n\nif (ALLOW_BYPASS) {\n  codexModes.push({\n    id: \"full-access\",\n    name: \"Full Access\",\n    description: \"Bypass all permission prompts\",\n  });\n}\n\nexport function getAvailableCodexModes(): ModeInfo[] {\n  return IS_ROOT\n    ? codexModes.filter((m) => m.id !== \"full-access\")\n    : codexModes;\n}\n","import type { McpServerStatus, Query } from \"@anthropic-ai/claude-agent-sdk\";\nimport { Logger } from \"../../../utils/logger\";\n\nexport interface McpToolMetadata {\n  readOnly: boolean;\n  name: string;\n  description?: string;\n}\n\nconst mcpToolMetadataCache: Map<string, McpToolMetadata> = new Map();\n\nconst PENDING_RETRY_INTERVAL_MS = 1_000;\nconst PENDING_MAX_RETRIES = 10;\n\nfunction buildToolKey(serverName: string, toolName: string): string {\n  return `mcp__${serverName}__${toolName}`;\n}\n\nfunction delay(ms: number): Promise<void> {\n  return new Promise((resolve) => setTimeout(resolve, ms));\n}\n\nexport async function fetchMcpToolMetadata(\n  q: Query,\n  logger: Logger = new Logger({ debug: false, prefix: \"[McpToolMetadata]\" }),\n): Promise<void> {\n  let retries = 0;\n\n  while (retries <= PENDING_MAX_RETRIES) {\n    let statuses: McpServerStatus[];\n    try {\n      statuses = await q.mcpServerStatus();\n    } catch (error) {\n      logger.error(\"Failed to fetch MCP server status\", {\n        error: error instanceof Error ? error.message : String(error),\n      });\n      return;\n    }\n\n    const pendingServers = statuses.filter((s) => s.status === \"pending\");\n\n    for (const server of statuses) {\n      if (server.status !== \"connected\" || !server.tools) {\n        continue;\n      }\n\n      let readOnlyCount = 0;\n      for (const tool of server.tools) {\n        const toolKey = buildToolKey(server.name, tool.name);\n        const readOnly = tool.annotations?.readOnly === true;\n\n        mcpToolMetadataCache.set(toolKey, {\n          readOnly,\n          name: tool.name,\n          description: tool.description,\n        });\n        if (readOnly) readOnlyCount++;\n      }\n\n      logger.info(\"Fetched MCP tool metadata\", {\n        serverName: server.name,\n        toolCount: server.tools.length,\n        readOnlyCount,\n      });\n    }\n\n    if (pendingServers.length === 0) {\n      return;\n    }\n\n    retries++;\n    if (retries > PENDING_MAX_RETRIES) {\n      logger.warn(\"Gave up waiting for pending MCP servers\", {\n        pendingServers: pendingServers.map((s) => s.name),\n      });\n      return;\n    }\n\n    logger.info(\"Waiting for pending MCP servers\", {\n      pendingServers: pendingServers.map((s) => s.name),\n      retry: retries,\n    });\n    await delay(PENDING_RETRY_INTERVAL_MS);\n  }\n}\n\nexport function getMcpToolMetadata(\n  toolName: string,\n): McpToolMetadata | undefined {\n  return mcpToolMetadataCache.get(toolName);\n}\n\nexport function isMcpToolReadOnly(toolName: string): boolean {\n  const metadata = mcpToolMetadataCache.get(toolName);\n  return metadata?.readOnly === true;\n}\n\nexport function getConnectedMcpServerNames(): string[] {\n  const names = new Set<string>();\n  for (const key of mcpToolMetadataCache.keys()) {\n    const parts = key.split(\"__\");\n    if (parts.length >= 3) names.add(parts[1]);\n  }\n  return [...names];\n}\n\nexport function clearMcpToolMetadataCache(): void {\n  mcpToolMetadataCache.clear();\n}\n","export {\n  CODE_EXECUTION_MODES,\n  type CodeExecutionMode,\n  getAvailableModes,\n  type ModeInfo,\n} from \"../../execution-mode\";\n\nimport type { CodeExecutionMode } from \"../../execution-mode\";\nimport { isMcpToolReadOnly } from \"./mcp/tool-metadata\";\n\nexport const READ_TOOLS: Set<string> = new Set([\"Read\", \"NotebookRead\"]);\n\nexport const WRITE_TOOLS: Set<string> = new Set([\n  \"Edit\",\n  \"Write\",\n  \"NotebookEdit\",\n]);\n\nexport const BASH_TOOLS: Set<string> = new Set([\n  \"Bash\",\n  \"BashOutput\",\n  \"KillShell\",\n]);\n\nexport const SEARCH_TOOLS: Set<string> = new Set([\"Glob\", \"Grep\", \"LS\"]);\n\nexport const WEB_TOOLS: Set<string> = new Set([\"WebSearch\", \"WebFetch\"]);\n\nexport const AGENT_TOOLS: Set<string> = new Set([\n  \"Task\",\n  \"Agent\",\n  \"TodoWrite\",\n  \"Skill\",\n]);\n\nconst BASE_ALLOWED_TOOLS = [\n  ...READ_TOOLS,\n  ...SEARCH_TOOLS,\n  ...WEB_TOOLS,\n  ...AGENT_TOOLS,\n];\n\nconst AUTO_ALLOWED_TOOLS: Record<string, Set<string>> = {\n  default: new Set(BASE_ALLOWED_TOOLS),\n  acceptEdits: new Set([...BASE_ALLOWED_TOOLS, ...WRITE_TOOLS]),\n  plan: new Set(BASE_ALLOWED_TOOLS),\n  // dontAsk: new Set(BASE_ALLOWED_TOOLS),\n};\n\nexport function isToolAllowedForMode(\n  toolName: string,\n  mode: CodeExecutionMode,\n): boolean {\n  if (mode === \"bypassPermissions\") {\n    return true;\n  }\n  if (AUTO_ALLOWED_TOOLS[mode]?.has(toolName) === true) {\n    return true;\n  }\n  if (isMcpToolReadOnly(toolName)) {\n    return true;\n  }\n  return false;\n}\n"],"mappings":";AAqBO,IAAM,UACX,OAAO,YAAY,gBAClB,QAAQ,UAAU,KAAK,QAAQ,SAAS,OAAO;;;ACdlD,IAAM,eAAe,CAAC;AAEtB,IAAM,iBAA6B;AAAA,EACjC;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA;AAAA;AAAA;AAAA;AAAA;AAMF;AAEA,IAAI,cAAc;AAChB,iBAAe,KAAK;AAAA,IAClB,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf,CAAC;AACH;AAGO,IAAM,uBAAuB;AAAA,EAClC;AAAA,EACA;AAAA,EACA;AAAA;AAAA,EAEA;AACF;AAIO,SAAS,oBAAgC;AAE9C,SAAO,UACH,eAAe,OAAO,CAAC,MAAM,EAAE,OAAO,mBAAmB,IACzD;AACN;AAWA,IAAM,aAAyB;AAAA,EAC7B;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AAAA,EACA;AAAA,IACE,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf;AACF;AAEA,IAAI,cAAc;AAChB,aAAW,KAAK;AAAA,IACd,IAAI;AAAA,IACJ,MAAM;AAAA,IACN,aAAa;AAAA,EACf,CAAC;AACH;;;AC/EA,IAAM,uBAAqD,oBAAI,IAAI;AAmF5D,SAAS,kBAAkB,UAA2B;AAC3D,QAAM,WAAW,qBAAqB,IAAI,QAAQ;AAClD,SAAO,UAAU,aAAa;AAChC;;;ACrFO,IAAM,aAA0B,oBAAI,IAAI,CAAC,QAAQ,cAAc,CAAC;AAEhE,IAAM,cAA2B,oBAAI,IAAI;AAAA,EAC9C;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAEM,IAAM,aAA0B,oBAAI,IAAI;AAAA,EAC7C;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAEM,IAAM,eAA4B,oBAAI,IAAI,CAAC,QAAQ,QAAQ,IAAI,CAAC;AAEhE,IAAM,YAAyB,oBAAI,IAAI,CAAC,aAAa,UAAU,CAAC;AAEhE,IAAM,cAA2B,oBAAI,IAAI;AAAA,EAC9C;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAED,IAAM,qBAAqB;AAAA,EACzB,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AAAA,EACH,GAAG;AACL;AAEA,IAAM,qBAAkD;AAAA,EACtD,SAAS,IAAI,IAAI,kBAAkB;AAAA,EACnC,aAAa,oBAAI,IAAI,CAAC,GAAG,oBAAoB,GAAG,WAAW,CAAC;AAAA,EAC5D,MAAM,IAAI,IAAI,kBAAkB;AAAA;AAElC;AAEO,SAAS,qBACd,UACA,MACS;AACT,MAAI,SAAS,qBAAqB;AAChC,WAAO;AAAA,EACT;AACA,MAAI,mBAAmB,IAAI,GAAG,IAAI,QAAQ,MAAM,MAAM;AACpD,WAAO;AAAA,EACT;AACA,MAAI,kBAAkB,QAAQ,GAAG;AAC/B,WAAO;AAAA,EACT;AACA,SAAO;AACT;","names":[]}

package/dist/agent.js

@@ -245,7 +245,7 @@ import { v7 as uuidv7 } from "uuid";
 // package.json
 var package_default = {
   name: "@posthog/agent",
-  version: "2.3.267",
+  version: "2.3.278",
   repository: "https://github.com/PostHog/code",
   description: "TypeScript agent framework wrapping Claude Agent SDK with Git-based task execution for PostHog",
   exports: {
@@ -2146,8 +2146,8 @@ var availableModes = [
 if (ALLOW_BYPASS) {
   availableModes.push({
     id: "bypassPermissions",
-    name: "Auto-accept Permissions",
-    description: "Auto-accept all permission requests"
+    name: "Bypass Permissions",
+    description: "Bypass all permission prompts"
   });
 }
 var CODE_EXECUTION_MODES = [
@@ -2176,7 +2176,7 @@ if (ALLOW_BYPASS) {
   codexModes.push({
     id: "full-access",
     name: "Full Access",
-    description: "Auto-accept all permission requests"
+    description: "Bypass all permission prompts"
   });
 }
 
@@ -2293,7 +2293,7 @@ function buildExitPlanModePermissionOptions() {
   if (ALLOW_BYPASS2) {
     options.push({
       kind: "allow_always",
-      name: "Yes, auto-accept all permissions",
+      name: "Yes, bypass all permissions",
       optionId: "bypassPermissions"
     });
   }