@posthog/agent 2.3.351 → 2.3.353

package/dist/server/bin.cjs

@@ -8688,6 +8688,32 @@ async function getCurrentBranch(baseDir, options) {
     return branch === "HEAD" ? null : branch;
   }, { signal: options?.abortSignal });
 }
+async function listWorktrees(baseDir, options) {
+  const manager = getGitOperationManager();
+  return manager.executeRead(baseDir, async (git) => {
+    const output = await git.raw(["worktree", "list", "--porcelain"]);
+    const worktrees = [];
+    let current2 = {};
+    for (const line of output.split("\n")) {
+      if (line.startsWith("worktree ")) {
+        if (current2.path) {
+          worktrees.push(current2);
+        }
+        current2 = { path: line.slice(9), branch: null };
+      } else if (line.startsWith("HEAD ")) {
+        current2.head = line.slice(5);
+      } else if (line.startsWith("branch ")) {
+        current2.branch = line.slice(7).replace("refs/heads/", "");
+      } else if (line === "detached") {
+        current2.branch = null;
+      }
+    }
+    if (current2.path) {
+      worktrees.push(current2);
+    }
+    return worktrees;
+  }, { signal: options?.abortSignal });
+}
 async function getHeadSha(baseDir, options) {
   const manager = getGitOperationManager();
   return manager.executeRead(baseDir, (git) => git.revparse(["HEAD"]), {
@@ -8701,7 +8727,7 @@ var import_hono = require("hono");
 // package.json
 var package_default = {
   name: "@posthog/agent",
-  version: "2.3.351",
+  version: "2.3.353",
   repository: "https://github.com/PostHog/code",
   description: "TypeScript agent framework wrapping Claude Agent SDK with Git-based task execution for PostHog",
   exports: {
@@ -14231,16 +14257,16 @@ function permissionOptions(allowAlwaysLabel) {
     }
   ];
 }
-function buildPermissionOptions(toolName, toolInput, cwd, suggestions) {
+function buildPermissionOptions(toolName, toolInput, repoRoot, suggestions) {
   if (BASH_TOOLS.has(toolName)) {
     const rawRuleContent = suggestions?.flatMap((s) => "rules" in s ? s.rules : []).find((r) => r.toolName === "Bash" && r.ruleContent)?.ruleContent;
     const ruleContent = rawRuleContent?.replace(/:?\*$/, "");
     const command = toolInput?.command;
     const cmdName = command?.split(/\s+/)[0] ?? "this command";
-    const cwdLabel = cwd ? ` in ${cwd}` : "";
+    const scopeLabel = repoRoot ? ` in ${repoRoot}` : "";
     const label = ruleContent ?? `\`${cmdName}\` commands`;
     return permissionOptions(
-      `Yes, and don't ask again for ${label}${cwdLabel}`
+      `Yes, and don't ask again for ${label}${scopeLabel}`
     );
   }
   if (toolName === "BashOutput") {
@@ -14526,7 +14552,7 @@ async function handleDefaultPermissionFlow(context) {
   const options = buildPermissionOptions(
     toolName,
     toolInput,
-    session?.cwd,
+    session.settingsManager.getRepoRoot(),
     suggestions
   );
   const response = await client.requestPermission({
@@ -14546,17 +14572,19 @@ async function handleDefaultPermissionFlow(context) {
   }
   if (response.outcome?.outcome === "selected" && (response.outcome.optionId === "allow" || response.outcome.optionId === "allow_always")) {
     if (response.outcome.optionId === "allow_always") {
+      const rules = extractAllowRules(suggestions, toolName);
+      try {
+        await session.settingsManager.addAllowRules(rules);
+      } catch (error) {
+        context.logger.warn(
+          "[canUseTool] Failed to persist allow rules to repository settings",
+          { error: error instanceof Error ? error.message : String(error) }
+        );
+      }
       return {
         behavior: "allow",
         updatedInput: toolInput,
-        updatedPermissions: suggestions ?? [
-          {
-            type: "addRules",
-            rules: [{ toolName }],
-            behavior: "allow",
-            destination: "localSettings"
-          }
-        ]
+        updatedPermissions: buildSessionPermissions(suggestions, rules)
       };
     }
     return {
@@ -14589,6 +14617,26 @@ function handlePlanFileException(context) {
     updatedInput: toolInput
   };
 }
+function extractAllowRules(suggestions, toolName) {
+  if (!suggestions || suggestions.length === 0) {
+    return [{ toolName }];
+  }
+  return suggestions.filter(
+    (update) => update.type === "addRules" && update.behavior === "allow"
+  ).flatMap((update) => "rules" in update ? update.rules : []);
+}
+function buildSessionPermissions(suggestions, rules) {
+  const passthrough = (suggestions ?? []).filter(
+    (update) => !(update.type === "addRules" && update.behavior === "allow")
+  ).map((update) => ({ ...update, destination: "session" }));
+  if (rules.length === 0) {
+    return passthrough;
+  }
+  return [
+    { type: "addRules", rules, behavior: "allow", destination: "session" },
+    ...passthrough
+  ];
+}
 function extractDomainFromUrl(url) {
   try {
     return new URL(url).hostname;
@@ -14991,6 +15039,47 @@ var fs7 = __toESM(require("fs"), 1);
 var os3 = __toESM(require("os"), 1);
 var path9 = __toESM(require("path"), 1);
 var import_minimatch = require("minimatch");
+
+// src/utils/async-mutex.ts
+var AsyncMutex = class {
+  locked = false;
+  queue = [];
+  async acquire() {
+    if (!this.locked) {
+      this.locked = true;
+      return;
+    }
+    return new Promise((resolve4) => {
+      this.queue.push(resolve4);
+    });
+  }
+  release() {
+    const next = this.queue.shift();
+    if (next) {
+      next();
+    } else {
+      this.locked = false;
+    }
+  }
+  isLocked() {
+    return this.locked;
+  }
+  get queueLength() {
+    return this.queue.length;
+  }
+};
+
+// src/adapters/claude/session/repo-path.ts
+async function resolveMainRepoPath(cwd) {
+  try {
+    const worktrees = await listWorktrees(cwd);
+    return worktrees[0]?.path ?? cwd;
+  } catch {
+    return cwd;
+  }
+}
+
+// src/adapters/claude/session/settings.ts
 var ACP_TOOL_NAME_PREFIX = "mcp__acp__";
 var acpToolNames = {
   read: `${ACP_TOOL_NAME_PREFIX}Read`,
@@ -15047,7 +15136,7 @@ function matchesGlob(pattern, filePath, cwd) {
   });
 }
 function matchesRule(rule, toolName, toolInput, cwd) {
-  const ruleAppliesToTool = rule.toolName === "Bash" && toolName === acpToolNames.bash || rule.toolName === "Edit" && FILE_EDITING_TOOLS.includes(toolName) || rule.toolName === "Read" && FILE_READING_TOOLS.includes(toolName);
+  const ruleAppliesToTool = rule.toolName === "Bash" && toolName === acpToolNames.bash || rule.toolName === "Edit" && FILE_EDITING_TOOLS.includes(toolName) || rule.toolName === "Read" && FILE_READING_TOOLS.includes(toolName) || rule.toolName === toolName && !rule.argument;
   if (!ruleAppliesToTool) {
     return false;
   }
@@ -15077,6 +15166,19 @@ function matchesRule(rule, toolName, toolInput, cwd) {
   }
   return matchesGlob(rule.argument, actualArg, cwd);
 }
+function formatRule(rule) {
+  return rule.ruleContent ? `${rule.toolName}(${rule.ruleContent})` : rule.toolName;
+}
+async function writeFileAtomic(filePath, data) {
+  const tmpPath = `${filePath}.${process.pid}.${Date.now()}.tmp`;
+  await fs7.promises.writeFile(tmpPath, data);
+  try {
+    await fs7.promises.rename(tmpPath, filePath);
+  } catch (error) {
+    await fs7.promises.rm(tmpPath, { force: true });
+    throw error;
+  }
+}
 async function loadSettingsFile(filePath) {
   if (!filePath) {
     return {};
@@ -15095,6 +15197,17 @@ async function loadSettingsFile(filePath) {
     return {};
   }
 }
+async function readSettingsFileForUpdate(filePath) {
+  try {
+    const content = await fs7.promises.readFile(filePath, "utf-8");
+    return JSON.parse(content);
+  } catch (error) {
+    if (error instanceof Error && "code" in error && error.code === "ENOENT") {
+      return {};
+    }
+    throw error;
+  }
+}
 function getManagedSettingsPath() {
   switch (process.platform) {
     case "darwin":
@@ -15109,6 +15222,7 @@ function getManagedSettingsPath() {
 }
 var SettingsManager = class {
   cwd;
+  repoRoot;
   userSettings = {};
   projectSettings = {};
   localSettings = {};
@@ -15116,8 +15230,10 @@ var SettingsManager = class {
   mergedSettings = {};
   initialized = false;
   initPromise = null;
+  writeMutex = new AsyncMutex();
   constructor(cwd) {
     this.cwd = cwd;
+    this.repoRoot = cwd;
   }
   async initialize() {
     if (this.initialized) return;
@@ -15135,10 +15251,16 @@ var SettingsManager = class {
   getProjectSettingsPath() {
     return path9.join(this.cwd, ".claude", "settings.json");
   }
+  /**
+   * Local settings are anchored to the primary worktree so every worktree of
+   * the same repository shares a single `.claude/settings.local.json`. This
+   * avoids re-prompting for the same permission in every worktree.
+   */
   getLocalSettingsPath() {
-    return path9.join(this.cwd, ".claude", "settings.local.json");
+    return path9.join(this.repoRoot, ".claude", "settings.local.json");
   }
   async loadAllSettings() {
+    this.repoRoot = await resolveMainRepoPath(this.cwd);
     const [userSettings, projectSettings, localSettings, enterpriseSettings] = await Promise.all([
       loadSettingsFile(this.getUserSettingsPath()),
       loadSettingsFile(this.getProjectSettingsPath()),
@@ -15195,9 +15317,6 @@ var SettingsManager = class {
     this.mergedSettings = merged;
   }
   checkPermission(toolName, toolInput) {
-    if (!toolName.startsWith(ACP_TOOL_NAME_PREFIX)) {
-      return { decision: "ask" };
-    }
     const permissions = this.mergedSettings.permissions;
     if (!permissions) {
       return { decision: "ask" };
@@ -15228,6 +15347,43 @@ var SettingsManager = class {
   getCwd() {
     return this.cwd;
   }
+  getRepoRoot() {
+    return this.repoRoot;
+  }
+  /**
+   * Persists allow rules to `<primary-worktree>/.claude/settings.local.json`.
+   * Because local settings are resolved against the primary worktree, every
+   * worktree of the same repository picks up the new rule on next load.
+   *
+   * Writes are serialised via `writeMutex` to prevent concurrent callers from
+   * clobbering each other, and use a temp-file + rename to keep the file
+   * consistent if the process dies mid-write.
+   */
+  async addAllowRules(rules) {
+    if (rules.length === 0) return;
+    if (!this.initialized) await this.initialize();
+    await this.writeMutex.acquire();
+    try {
+      const filePath = this.getLocalSettingsPath();
+      const existing = await readSettingsFileForUpdate(filePath);
+      const permissions = {
+        ...existing.permissions ?? {}
+      };
+      const current2 = new Set(permissions.allow ?? []);
+      for (const rule of rules) {
+        current2.add(formatRule(rule));
+      }
+      permissions.allow = Array.from(current2);
+      const next = { ...existing, permissions };
+      await fs7.promises.mkdir(path9.dirname(filePath), { recursive: true });
+      await writeFileAtomic(filePath, `${JSON.stringify(next, null, 2)}
+`);
+      this.localSettings = next;
+      this.mergeAllSettings();
+    } finally {
+      this.writeMutex.release();
+    }
+  }
   async setCwd(cwd) {
     if (this.cwd === cwd) return;
     if (this.initPromise) await this.initPromise;
@@ -18813,35 +18969,6 @@ var SessionLogWriter = class _SessionLogWriter {
   }
 };
 
-// src/utils/async-mutex.ts
-var AsyncMutex = class {
-  locked = false;
-  queue = [];
-  async acquire() {
-    if (!this.locked) {
-      this.locked = true;
-      return;
-    }
-    return new Promise((resolve4) => {
-      this.queue.push(resolve4);
-    });
-  }
-  release() {
-    const next = this.queue.shift();
-    if (next) {
-      next();
-    } else {
-      this.locked = false;
-    }
-  }
-  isLocked() {
-    return this.locked;
-  }
-  get queueLength() {
-    return this.queue.length;
-  }
-};
-
 // src/server/cloud-prompt.ts
 function normalizeCloudPromptContent(content) {
   if (typeof content === "string") {