@posthog/agent 2.3.349 → 2.3.353

package/dist/server/bin.cjs

@@ -8688,6 +8688,32 @@ async function getCurrentBranch(baseDir, options) {
     return branch === "HEAD" ? null : branch;
   }, { signal: options?.abortSignal });
 }
+async function listWorktrees(baseDir, options) {
+  const manager = getGitOperationManager();
+  return manager.executeRead(baseDir, async (git) => {
+    const output = await git.raw(["worktree", "list", "--porcelain"]);
+    const worktrees = [];
+    let current2 = {};
+    for (const line of output.split("\n")) {
+      if (line.startsWith("worktree ")) {
+        if (current2.path) {
+          worktrees.push(current2);
+        }
+        current2 = { path: line.slice(9), branch: null };
+      } else if (line.startsWith("HEAD ")) {
+        current2.head = line.slice(5);
+      } else if (line.startsWith("branch ")) {
+        current2.branch = line.slice(7).replace("refs/heads/", "");
+      } else if (line === "detached") {
+        current2.branch = null;
+      }
+    }
+    if (current2.path) {
+      worktrees.push(current2);
+    }
+    return worktrees;
+  }, { signal: options?.abortSignal });
+}
 async function getHeadSha(baseDir, options) {
   const manager = getGitOperationManager();
   return manager.executeRead(baseDir, (git) => git.revparse(["HEAD"]), {
@@ -8701,7 +8727,7 @@ var import_hono = require("hono");
 // package.json
 var package_default = {
   name: "@posthog/agent",
-  version: "2.3.349",
+  version: "2.3.353",
   repository: "https://github.com/PostHog/code",
   description: "TypeScript agent framework wrapping Claude Agent SDK with Git-based task execution for PostHog",
   exports: {
@@ -12740,7 +12766,7 @@ var createPostToolUseHook = ({ onModeChange, logger }) => async (input, toolUseI
 var SUBAGENT_REWRITES = {
   Explore: "ph-explore"
 };
-var createSubagentRewriteHook = (logger) => async (input, _toolUseID) => {
+var createSubagentRewriteHook = (logger, registeredAgents) => async (input, _toolUseID) => {
   if (input.hook_event_name !== "PreToolUse") {
     return { continue: true };
   }
@@ -12753,6 +12779,12 @@ var createSubagentRewriteHook = (logger) => async (input, _toolUseID) => {
     return { continue: true };
   }
   const target = SUBAGENT_REWRITES[subagentType];
+  if (!registeredAgents.has(target)) {
+    logger.warn(
+      `[SubagentRewriteHook] Skipping rewrite ${subagentType} \u2192 ${target}: target agent not registered for this session. Falling back to built-in ${subagentType}.`
+    );
+    return { continue: true };
+  }
   logger.info(
     `[SubagentRewriteHook] Rewriting subagent_type: ${subagentType} \u2192 ${target}`
   );
@@ -14225,16 +14257,16 @@ function permissionOptions(allowAlwaysLabel) {
     }
   ];
 }
-function buildPermissionOptions(toolName, toolInput, cwd, suggestions) {
+function buildPermissionOptions(toolName, toolInput, repoRoot, suggestions) {
   if (BASH_TOOLS.has(toolName)) {
     const rawRuleContent = suggestions?.flatMap((s) => "rules" in s ? s.rules : []).find((r) => r.toolName === "Bash" && r.ruleContent)?.ruleContent;
     const ruleContent = rawRuleContent?.replace(/:?\*$/, "");
     const command = toolInput?.command;
     const cmdName = command?.split(/\s+/)[0] ?? "this command";
-    const cwdLabel = cwd ? ` in ${cwd}` : "";
+    const scopeLabel = repoRoot ? ` in ${repoRoot}` : "";
     const label = ruleContent ?? `\`${cmdName}\` commands`;
     return permissionOptions(
-      `Yes, and don't ask again for ${label}${cwdLabel}`
+      `Yes, and don't ask again for ${label}${scopeLabel}`
     );
   }
   if (toolName === "BashOutput") {
@@ -14520,7 +14552,7 @@ async function handleDefaultPermissionFlow(context) {
   const options = buildPermissionOptions(
     toolName,
     toolInput,
-    session?.cwd,
+    session.settingsManager.getRepoRoot(),
     suggestions
   );
   const response = await client.requestPermission({
@@ -14540,17 +14572,19 @@ async function handleDefaultPermissionFlow(context) {
   }
   if (response.outcome?.outcome === "selected" && (response.outcome.optionId === "allow" || response.outcome.optionId === "allow_always")) {
     if (response.outcome.optionId === "allow_always") {
+      const rules = extractAllowRules(suggestions, toolName);
+      try {
+        await session.settingsManager.addAllowRules(rules);
+      } catch (error) {
+        context.logger.warn(
+          "[canUseTool] Failed to persist allow rules to repository settings",
+          { error: error instanceof Error ? error.message : String(error) }
+        );
+      }
       return {
         behavior: "allow",
         updatedInput: toolInput,
-        updatedPermissions: suggestions ?? [
-          {
-            type: "addRules",
-            rules: [{ toolName }],
-            behavior: "allow",
-            destination: "localSettings"
-          }
-        ]
+        updatedPermissions: buildSessionPermissions(suggestions, rules)
       };
     }
     return {
@@ -14583,6 +14617,26 @@ function handlePlanFileException(context) {
     updatedInput: toolInput
   };
 }
+function extractAllowRules(suggestions, toolName) {
+  if (!suggestions || suggestions.length === 0) {
+    return [{ toolName }];
+  }
+  return suggestions.filter(
+    (update) => update.type === "addRules" && update.behavior === "allow"
+  ).flatMap((update) => "rules" in update ? update.rules : []);
+}
+function buildSessionPermissions(suggestions, rules) {
+  const passthrough = (suggestions ?? []).filter(
+    (update) => !(update.type === "addRules" && update.behavior === "allow")
+  ).map((update) => ({ ...update, destination: "session" }));
+  if (rules.length === 0) {
+    return passthrough;
+  }
+  return [
+    { type: "addRules", rules, behavior: "allow", destination: "session" },
+    ...passthrough
+  ];
+}
 function extractDomainFromUrl(url) {
   try {
     return new URL(url).hostname;
@@ -14759,7 +14813,7 @@ function buildEnvironment() {
     CLAUDE_CODE_EMIT_SESSION_STATE_EVENTS: "1"
   };
 }
-function buildHooks(userHooks, onModeChange, settingsManager, logger, enrichmentDeps, enrichedReadCache) {
+function buildHooks(userHooks, onModeChange, settingsManager, logger, enrichmentDeps, enrichedReadCache, registeredAgents) {
   const postToolUseHooks = [createPostToolUseHook({ onModeChange, logger })];
   if (enrichmentDeps && enrichedReadCache) {
     postToolUseHooks.push(
@@ -14777,12 +14831,49 @@ function buildHooks(userHooks, onModeChange, settingsManager, logger, enrichment
       {
         hooks: [
           createPreToolUseHook(settingsManager, logger),
-          createSubagentRewriteHook(logger)
+          createSubagentRewriteHook(logger, registeredAgents)
         ]
       }
     ]
   };
 }
+var PH_EXPLORE_AGENT = {
+  description: 'Fast agent for exploring and understanding codebases. Use this when you need to find files by pattern (eg. "src/components/**/*.tsx"), search for code or keywords (eg. "where is the auth middleware?"), or answer questions about how the codebase works (eg. "how does the session service handle reconnects?"). When calling this agent, specify a thoroughness level: "quick" for targeted lookups, "medium" for broader exploration, or "very thorough" for comprehensive analysis across multiple locations.',
+  model: "haiku",
+  prompt: `You are a fast, read-only codebase exploration agent.
+
+Your job is to find files, search code, read the most relevant sources, and report findings clearly.
+
+Rules:
+- Never create, modify, delete, move, or copy files.
+- Never use shell redirection or any command that changes system state.
+- Use Glob for broad file pattern matching.
+- Use Grep for searching file contents.
+- Use Read when you know the exact file path to inspect.
+- Use Bash only for safe read-only commands like ls, git status, git log, git diff, find, cat, head, and tail.
+- Adapt your search approach based on the thoroughness level specified by the caller.
+- Return file paths as absolute paths in your final response.
+- Avoid using emojis.
+- Wherever possible, spawn multiple parallel tool calls for grepping and reading files.
+- Search efficiently, then read only the most relevant files.
+- Return findings directly in your final response \u2014 do not create files.`,
+  tools: [
+    "Bash",
+    "Glob",
+    "Grep",
+    "Read",
+    "WebFetch",
+    "WebSearch",
+    "NotebookRead",
+    "TodoWrite"
+  ]
+};
+function buildAgents(userAgents) {
+  return {
+    "ph-explore": PH_EXPLORE_AGENT,
+    ...userAgents || {}
+  };
+}
 function getAbortController(userProvidedController) {
   const controller = userProvidedController ?? new AbortController();
   if (controller.signal.aborted) {
@@ -14868,6 +14959,8 @@ function ensureLocalSettings(cwd) {
 function buildSessionOptions(params) {
   ensureLocalSettings(params.cwd);
   const tools = params.userProvidedOptions?.tools ?? (params.disableBuiltInTools ? [] : { type: "preset", preset: "claude_code" });
+  const agents = buildAgents(params.userProvidedOptions?.agents);
+  const registeredAgentNames = new Set(Object.keys(agents));
   const options = {
     ...params.userProvidedOptions,
     betas: ["context-1m-2025-08-07"],
@@ -14881,6 +14974,7 @@ function buildSessionOptions(params) {
     canUseTool: params.canUseTool,
     executable: "node",
     tools,
+    agents,
     extraArgs: {
       ...params.userProvidedOptions?.extraArgs,
       "replay-user-messages": ""
@@ -14896,7 +14990,8 @@ function buildSessionOptions(params) {
       params.settingsManager,
       params.logger,
       params.enrichmentDeps,
-      params.enrichedReadCache
+      params.enrichedReadCache,
+      registeredAgentNames
     ),
     outputFormat: params.outputFormat,
     abortController: getAbortController(
@@ -14944,6 +15039,47 @@ var fs7 = __toESM(require("fs"), 1);
 var os3 = __toESM(require("os"), 1);
 var path9 = __toESM(require("path"), 1);
 var import_minimatch = require("minimatch");
+
+// src/utils/async-mutex.ts
+var AsyncMutex = class {
+  locked = false;
+  queue = [];
+  async acquire() {
+    if (!this.locked) {
+      this.locked = true;
+      return;
+    }
+    return new Promise((resolve4) => {
+      this.queue.push(resolve4);
+    });
+  }
+  release() {
+    const next = this.queue.shift();
+    if (next) {
+      next();
+    } else {
+      this.locked = false;
+    }
+  }
+  isLocked() {
+    return this.locked;
+  }
+  get queueLength() {
+    return this.queue.length;
+  }
+};
+
+// src/adapters/claude/session/repo-path.ts
+async function resolveMainRepoPath(cwd) {
+  try {
+    const worktrees = await listWorktrees(cwd);
+    return worktrees[0]?.path ?? cwd;
+  } catch {
+    return cwd;
+  }
+}
+
+// src/adapters/claude/session/settings.ts
 var ACP_TOOL_NAME_PREFIX = "mcp__acp__";
 var acpToolNames = {
   read: `${ACP_TOOL_NAME_PREFIX}Read`,
@@ -15000,7 +15136,7 @@ function matchesGlob(pattern, filePath, cwd) {
   });
 }
 function matchesRule(rule, toolName, toolInput, cwd) {
-  const ruleAppliesToTool = rule.toolName === "Bash" && toolName === acpToolNames.bash || rule.toolName === "Edit" && FILE_EDITING_TOOLS.includes(toolName) || rule.toolName === "Read" && FILE_READING_TOOLS.includes(toolName);
+  const ruleAppliesToTool = rule.toolName === "Bash" && toolName === acpToolNames.bash || rule.toolName === "Edit" && FILE_EDITING_TOOLS.includes(toolName) || rule.toolName === "Read" && FILE_READING_TOOLS.includes(toolName) || rule.toolName === toolName && !rule.argument;
   if (!ruleAppliesToTool) {
     return false;
   }
@@ -15030,6 +15166,19 @@ function matchesRule(rule, toolName, toolInput, cwd) {
   }
   return matchesGlob(rule.argument, actualArg, cwd);
 }
+function formatRule(rule) {
+  return rule.ruleContent ? `${rule.toolName}(${rule.ruleContent})` : rule.toolName;
+}
+async function writeFileAtomic(filePath, data) {
+  const tmpPath = `${filePath}.${process.pid}.${Date.now()}.tmp`;
+  await fs7.promises.writeFile(tmpPath, data);
+  try {
+    await fs7.promises.rename(tmpPath, filePath);
+  } catch (error) {
+    await fs7.promises.rm(tmpPath, { force: true });
+    throw error;
+  }
+}
 async function loadSettingsFile(filePath) {
   if (!filePath) {
     return {};
@@ -15048,6 +15197,17 @@ async function loadSettingsFile(filePath) {
     return {};
   }
 }
+async function readSettingsFileForUpdate(filePath) {
+  try {
+    const content = await fs7.promises.readFile(filePath, "utf-8");
+    return JSON.parse(content);
+  } catch (error) {
+    if (error instanceof Error && "code" in error && error.code === "ENOENT") {
+      return {};
+    }
+    throw error;
+  }
+}
 function getManagedSettingsPath() {
   switch (process.platform) {
     case "darwin":
@@ -15062,6 +15222,7 @@ function getManagedSettingsPath() {
 }
 var SettingsManager = class {
   cwd;
+  repoRoot;
   userSettings = {};
   projectSettings = {};
   localSettings = {};
@@ -15069,8 +15230,10 @@ var SettingsManager = class {
   mergedSettings = {};
   initialized = false;
   initPromise = null;
+  writeMutex = new AsyncMutex();
   constructor(cwd) {
     this.cwd = cwd;
+    this.repoRoot = cwd;
   }
   async initialize() {
     if (this.initialized) return;
@@ -15088,10 +15251,16 @@ var SettingsManager = class {
   getProjectSettingsPath() {
     return path9.join(this.cwd, ".claude", "settings.json");
   }
+  /**
+   * Local settings are anchored to the primary worktree so every worktree of
+   * the same repository shares a single `.claude/settings.local.json`. This
+   * avoids re-prompting for the same permission in every worktree.
+   */
   getLocalSettingsPath() {
-    return path9.join(this.cwd, ".claude", "settings.local.json");
+    return path9.join(this.repoRoot, ".claude", "settings.local.json");
   }
   async loadAllSettings() {
+    this.repoRoot = await resolveMainRepoPath(this.cwd);
     const [userSettings, projectSettings, localSettings, enterpriseSettings] = await Promise.all([
       loadSettingsFile(this.getUserSettingsPath()),
       loadSettingsFile(this.getProjectSettingsPath()),
@@ -15148,9 +15317,6 @@ var SettingsManager = class {
     this.mergedSettings = merged;
   }
   checkPermission(toolName, toolInput) {
-    if (!toolName.startsWith(ACP_TOOL_NAME_PREFIX)) {
-      return { decision: "ask" };
-    }
     const permissions = this.mergedSettings.permissions;
     if (!permissions) {
       return { decision: "ask" };
@@ -15181,6 +15347,43 @@ var SettingsManager = class {
   getCwd() {
     return this.cwd;
   }
+  getRepoRoot() {
+    return this.repoRoot;
+  }
+  /**
+   * Persists allow rules to `<primary-worktree>/.claude/settings.local.json`.
+   * Because local settings are resolved against the primary worktree, every
+   * worktree of the same repository picks up the new rule on next load.
+   *
+   * Writes are serialised via `writeMutex` to prevent concurrent callers from
+   * clobbering each other, and use a temp-file + rename to keep the file
+   * consistent if the process dies mid-write.
+   */
+  async addAllowRules(rules) {
+    if (rules.length === 0) return;
+    if (!this.initialized) await this.initialize();
+    await this.writeMutex.acquire();
+    try {
+      const filePath = this.getLocalSettingsPath();
+      const existing = await readSettingsFileForUpdate(filePath);
+      const permissions = {
+        ...existing.permissions ?? {}
+      };
+      const current2 = new Set(permissions.allow ?? []);
+      for (const rule of rules) {
+        current2.add(formatRule(rule));
+      }
+      permissions.allow = Array.from(current2);
+      const next = { ...existing, permissions };
+      await fs7.promises.mkdir(path9.dirname(filePath), { recursive: true });
+      await writeFileAtomic(filePath, `${JSON.stringify(next, null, 2)}
+`);
+      this.localSettings = next;
+      this.mergeAllSettings();
+    } finally {
+      this.writeMutex.release();
+    }
+  }
   async setCwd(cwd) {
     if (this.cwd === cwd) return;
     if (this.initPromise) await this.initPromise;
@@ -18766,35 +18969,6 @@ var SessionLogWriter = class _SessionLogWriter {
   }
 };
 
-// src/utils/async-mutex.ts
-var AsyncMutex = class {
-  locked = false;
-  queue = [];
-  async acquire() {
-    if (!this.locked) {
-      this.locked = true;
-      return;
-    }
-    return new Promise((resolve4) => {
-      this.queue.push(resolve4);
-    });
-  }
-  release() {
-    const next = this.queue.shift();
-    if (next) {
-      next();
-    } else {
-      this.locked = false;
-    }
-  }
-  isLocked() {
-    return this.locked;
-  }
-  get queueLength() {
-    return this.queue.length;
-  }
-};
-
 // src/server/cloud-prompt.ts
 function normalizeCloudPromptContent(content) {
   if (typeof content === "string") {