@posthog/agent 2.3.388 → 2.3.401

package/dist/server/agent-server.js

@@ -8605,7 +8605,7 @@ import { z as z4 } from "zod";
 // package.json
 var package_default = {
   name: "@posthog/agent",
-  version: "2.3.388",
+  version: "2.3.401",
   repository: "https://github.com/PostHog/code",
   description: "TypeScript agent framework wrapping Claude Agent SDK with Git-based task execution for PostHog",
   exports: {
@@ -8657,6 +8657,10 @@ var package_default = {
       types: "./dist/adapters/reasoning-effort.d.ts",
       import: "./dist/adapters/reasoning-effort.js"
     },
+    "./adapters/claude/mcp/tool-metadata": {
+      types: "./dist/adapters/claude/mcp/tool-metadata.d.ts",
+      import: "./dist/adapters/claude/mcp/tool-metadata.js"
+    },
     "./execution-mode": {
       types: "./dist/execution-mode.d.ts",
       import: "./dist/execution-mode.js"
@@ -13657,10 +13661,12 @@ async function fetchMcpToolMetadata(q, logger = new Logger({ debug: false, prefi
       for (const tool of server.tools) {
         const toolKey = buildToolKey(server.name, tool.name);
         const readOnly = tool.annotations?.readOnly === true;
+        const existing = mcpToolMetadataCache.get(toolKey);
         mcpToolMetadataCache.set(toolKey, {
           readOnly,
           name: tool.name,
-          description: tool.description
+          description: tool.description,
+          approvalState: existing?.approvalState
         });
         if (readOnly) readOnlyCount++;
       }
@@ -13702,6 +13708,23 @@ function getConnectedMcpServerNames() {
   }
   return [...names];
 }
+function getMcpToolApprovalState(toolName) {
+  return mcpToolMetadataCache.get(toolName)?.approvalState;
+}
+function setMcpToolApprovalStates(approvals) {
+  for (const [toolKey, approvalState] of Object.entries(approvals)) {
+    const existing = mcpToolMetadataCache.get(toolKey);
+    if (existing) {
+      existing.approvalState = approvalState;
+    } else {
+      mcpToolMetadataCache.set(toolKey, {
+        readOnly: false,
+        name: toolKey,
+        approvalState
+      });
+    }
+  }
+}
 
 // src/adapters/claude/conversion/tool-use-to-acp.ts
 var SYSTEM_REMINDER_REGEX = /\s*<system-reminder>[\s\S]*?<\/system-reminder>/g;
@@ -15397,6 +15420,72 @@ async function handleDefaultPermissionFlow(context) {
     return { behavior: "deny", message, interrupt: !feedback };
   }
 }
+function parseMcpToolName(toolName) {
+  const parts2 = toolName.split("__");
+  return {
+    serverName: parts2[1] ?? toolName,
+    tool: parts2.slice(2).join("__") || toolName
+  };
+}
+async function handleMcpApprovalFlow(context) {
+  const { toolName, toolInput, toolUseID, client, sessionId } = context;
+  const { serverName, tool: displayTool } = parseMcpToolName(toolName);
+  const metadata2 = getMcpToolMetadata(toolName);
+  const description = metadata2?.description ? `
+
+${metadata2.description}` : "";
+  const response = await client.requestPermission({
+    options: [
+      { kind: "allow_once", name: "Yes", optionId: "allow" },
+      {
+        kind: "allow_always",
+        name: "Yes, always allow",
+        optionId: "allow_always"
+      },
+      {
+        kind: "reject_once",
+        name: "Type here to tell the agent what to do differently",
+        optionId: "reject",
+        _meta: { customInput: true }
+      }
+    ],
+    sessionId,
+    toolCall: {
+      toolCallId: toolUseID,
+      title: `The agent wants to call ${displayTool} (${serverName})`,
+      kind: "other",
+      content: description ? [{ type: "content", content: text(description) }] : [],
+      rawInput: { ...toolInput, toolName }
+    }
+  });
+  if (context.signal?.aborted || response.outcome?.outcome === "cancelled") {
+    throw new Error("Tool use aborted");
+  }
+  if (response.outcome?.outcome === "selected" && (response.outcome.optionId === "allow" || response.outcome.optionId === "allow_always")) {
+    if (response.outcome.optionId === "allow_always") {
+      return {
+        behavior: "allow",
+        updatedInput: toolInput,
+        updatedPermissions: [
+          {
+            type: "addRules",
+            rules: [{ toolName }],
+            behavior: "allow",
+            destination: "localSettings"
+          }
+        ]
+      };
+    }
+    return {
+      behavior: "allow",
+      updatedInput: toolInput
+    };
+  }
+  const feedback = response._meta?.customInput?.trim();
+  const message = feedback ? `User refused permission to run tool with feedback: ${feedback}` : "User refused permission to run tool";
+  await emitToolDenial(context, message);
+  return { behavior: "deny", message, interrupt: !feedback };
+}
 function handlePlanFileException(context) {
   const { session, toolName, toolInput } = context;
   if (session.permissionMode !== "plan" || !WRITE_TOOLS.has(toolName)) {
@@ -15467,6 +15556,17 @@ async function canUseTool(context) {
       }
     }
   }
+  if (toolName.startsWith("mcp__")) {
+    const approvalState = getMcpToolApprovalState(toolName);
+    if (approvalState === "do_not_use") {
+      const message = "This tool has been blocked. To re-enable it, go to Settings > MCP Servers in PostHog Code.";
+      await emitToolDenial(context, message);
+      return { behavior: "deny", message, interrupt: false };
+    }
+    if (approvalState === "needs_approval") {
+      return handleMcpApprovalFlow(context);
+    }
+  }
   if (isToolAllowedForMode(toolName, session.permissionMode)) {
     return {
       behavior: "allow",
@@ -15679,7 +15779,14 @@ Only enter plan mode (EnterPlanMode) when the user is requesting a significant c
 
 When in doubt, continue executing and incorporate the feedback inline.
 `;
-var APPENDED_INSTRUCTIONS = BRANCH_NAMING + PLAN_MODE;
+var MCP_TOOLS = `
+# MCP Tool Access
+
+If an MCP tool call is explicitly denied with a message, relay that denial message to the user exactly as given. Do NOT suggest checking "Claude Code settings."
+
+If an MCP tool call returns an error, treat it as a normal tool error \u2014 troubleshoot, retry, or inform the user about the specific error. Do NOT assume it is a permissions issue and do NOT direct the user to any settings page.
+`;
+var APPENDED_INSTRUCTIONS = BRANCH_NAMING + PLAN_MODE + MCP_TOOLS;
 
 // src/adapters/claude/session/options.ts
 function buildSystemPrompt(customPrompt) {
@@ -17008,6 +17115,9 @@ var ClaudeAcpAgent = class extends BaseAcpAgent {
     const earlyModelId = settingsManager.getSettings().model || meta?.model || "";
     const mcpServers = supportsMcpInjection(earlyModelId) ? parseMcpServers(params) : {};
     const systemPrompt = buildSystemPrompt(meta?.systemPrompt);
+    if (meta?.mcpToolApprovals) {
+      setMcpToolApprovalStates(meta.mcpToolApprovals);
+    }
     const outputFormat = meta?.jsonSchema && this.options?.onStructuredOutput ? { type: "json_schema", schema: meta.jsonSchema } : void 0;
     this.logger.debug(isResume ? "Resuming session" : "Creating new session", {
       sessionId,
@@ -18334,7 +18444,14 @@ function createCodexConnection(config) {
 }
 
 // src/handoff-checkpoint.ts
-import { mkdir as mkdir4, readFile as readFile4, rm as rm4, writeFile as writeFile2 } from "fs/promises";
+import {
+  mkdir as mkdir4,
+  readdir,
+  readFile as readFile4,
+  rm as rm4,
+  rmdir,
+  writeFile as writeFile2
+} from "fs/promises";
 import { join as join9 } from "path";
 
 // ../git/dist/handoff.js
@@ -19165,6 +19282,7 @@ var HandoffCheckpointTracker = class {
     } finally {
       await this.removeIfPresent(packPath);
       await this.removeIfPresent(indexPath);
+      await this.removeTmpDirIfEmpty(tmpDir);
     }
   }
   toGitCheckpoint(checkpoint) {
@@ -19323,6 +19441,14 @@ var HandoffCheckpointTracker = class {
     await rm4(filePath, { force: true }).catch(() => {
     });
   }
+  async removeTmpDirIfEmpty(tmpDir) {
+    const entries = await readdir(tmpDir).catch(() => null);
+    if (!entries || entries.length > 0) {
+      return;
+    }
+    await rmdir(tmpDir).catch(() => {
+    });
+  }
 };
 
 // src/utils/gateway.ts
@@ -20213,7 +20339,7 @@ var SessionLogWriter = class _SessionLogWriter {
 };
 
 // src/sagas/apply-snapshot-saga.ts
-import { mkdir as mkdir7, rm as rm6, writeFile as writeFile5 } from "fs/promises";
+import { mkdir as mkdir7, readdir as readdir2, rm as rm6, rmdir as rmdir2, writeFile as writeFile5 } from "fs/promises";
 import { join as join12 } from "path";
 
 // ../git/dist/sagas/tree.js
@@ -20487,68 +20613,83 @@ var ApplySnapshotSaga = class extends Saga {
       throw new Error("Cannot apply snapshot: no archive URL");
     }
     const archiveUrl = snapshot.archiveUrl;
-    await this.step({
-      name: "create_tmp_dir",
-      execute: () => mkdir7(tmpDir, { recursive: true }),
-      rollback: async () => {
-      }
-    });
-    const archivePath = join12(tmpDir, `${snapshot.treeHash}.tar.gz`);
-    this.archivePath = archivePath;
-    await this.step({
-      name: "download_archive",
-      execute: async () => {
-        const arrayBuffer = await apiClient.downloadArtifact(
-          taskId,
-          runId,
-          archiveUrl
-        );
-        if (!arrayBuffer) {
-          throw new Error("Failed to download archive");
+    try {
+      await this.step({
+        name: "create_tmp_dir",
+        execute: () => mkdir7(tmpDir, { recursive: true }),
+        rollback: async () => {
         }
-        const base64Content = Buffer.from(arrayBuffer).toString("utf-8");
-        const binaryContent = Buffer.from(base64Content, "base64");
-        await writeFile5(archivePath, binaryContent);
-        this.log.info("Tree archive downloaded", {
-          treeHash: snapshot.treeHash,
-          snapshotBytes: binaryContent.byteLength,
-          snapshotWireBytes: arrayBuffer.byteLength,
-          totalBytes: binaryContent.byteLength,
-          totalWireBytes: arrayBuffer.byteLength
-        });
-      },
-      rollback: async () => {
-        if (this.archivePath) {
-          await rm6(this.archivePath, { force: true }).catch(() => {
+      });
+      const archivePath = join12(tmpDir, `${snapshot.treeHash}.tar.gz`);
+      this.archivePath = archivePath;
+      await this.step({
+        name: "download_archive",
+        execute: async () => {
+          const arrayBuffer = await apiClient.downloadArtifact(
+            taskId,
+            runId,
+            archiveUrl
+          );
+          if (!arrayBuffer) {
+            throw new Error("Failed to download archive");
+          }
+          const base64Content = Buffer.from(arrayBuffer).toString("utf-8");
+          const binaryContent = Buffer.from(base64Content, "base64");
+          await writeFile5(archivePath, binaryContent);
+          this.log.info("Tree archive downloaded", {
+            treeHash: snapshot.treeHash,
+            snapshotBytes: binaryContent.byteLength,
+            snapshotWireBytes: arrayBuffer.byteLength,
+            totalBytes: binaryContent.byteLength,
+            totalWireBytes: arrayBuffer.byteLength
           });
+        },
+        rollback: async () => {
+          if (this.archivePath) {
+            await rm6(this.archivePath, { force: true }).catch(() => {
+            });
+          }
         }
+      });
+      const gitApplySaga = new ApplyTreeSaga(this.log);
+      const applyResult = await gitApplySaga.run({
+        baseDir: repositoryPath,
+        treeHash: snapshot.treeHash,
+        baseCommit: snapshot.baseCommit,
+        changes: snapshot.changes,
+        archivePath: this.archivePath
+      });
+      if (!applyResult.success) {
+        throw new Error(`Failed to apply tree: ${applyResult.error}`);
       }
-    });
-    const gitApplySaga = new ApplyTreeSaga(this.log);
-    const applyResult = await gitApplySaga.run({
-      baseDir: repositoryPath,
-      treeHash: snapshot.treeHash,
-      baseCommit: snapshot.baseCommit,
-      changes: snapshot.changes,
-      archivePath: this.archivePath
-    });
-    if (!applyResult.success) {
-      throw new Error(`Failed to apply tree: ${applyResult.error}`);
+      this.log.info("Tree snapshot applied", {
+        treeHash: snapshot.treeHash,
+        totalChanges: snapshot.changes.length,
+        deletedFiles: snapshot.changes.filter((c) => c.status === "D").length
+      });
+      return { treeHash: snapshot.treeHash };
+    } finally {
+      if (this.archivePath) {
+        await rm6(this.archivePath, { force: true }).catch(() => {
+        });
+      }
+      await this.removeTmpDirIfEmpty(tmpDir);
+      this.archivePath = null;
     }
-    await rm6(this.archivePath, { force: true }).catch(() => {
-    });
-    this.log.info("Tree snapshot applied", {
-      treeHash: snapshot.treeHash,
-      totalChanges: snapshot.changes.length,
-      deletedFiles: snapshot.changes.filter((c) => c.status === "D").length
+  }
+  async removeTmpDirIfEmpty(tmpDir) {
+    const entries = await readdir2(tmpDir).catch(() => null);
+    if (!entries || entries.length > 0) {
+      return;
+    }
+    await rmdir2(tmpDir).catch(() => {
     });
-    return { treeHash: snapshot.treeHash };
   }
 };
 
 // src/sagas/capture-tree-saga.ts
 import { existsSync as existsSync6 } from "fs";
-import { readFile as readFile6, rm as rm7 } from "fs/promises";
+import { readdir as readdir3, readFile as readFile6, rm as rm7, rmdir as rmdir3 } from "fs/promises";
 import { join as join13 } from "path";
 var CaptureTreeSaga2 = class extends Saga {
   sagaName = "CaptureTreeSaga";
@@ -20569,54 +20710,62 @@ var CaptureTreeSaga2 = class extends Saga {
     }
     const shouldArchive = !!apiClient;
     const archivePath = shouldArchive ? join13(tmpDir, `tree-${Date.now()}.tar.gz`) : void 0;
-    const gitCaptureSaga = new CaptureTreeSaga(this.log);
-    const captureResult = await gitCaptureSaga.run({
-      baseDir: repositoryPath,
-      lastTreeHash,
-      archivePath
-    });
-    if (!captureResult.success) {
-      throw new Error(`Failed to capture tree: ${captureResult.error}`);
-    }
-    const {
-      snapshot: gitSnapshot,
-      archivePath: createdArchivePath,
-      changed
-    } = captureResult.data;
-    if (!changed || !gitSnapshot) {
-      this.log.debug("No changes since last capture", { lastTreeHash });
-      return { snapshot: null, newTreeHash: lastTreeHash };
-    }
-    let archiveUrl;
-    if (apiClient && createdArchivePath) {
-      try {
-        archiveUrl = await this.uploadArchive(
-          createdArchivePath,
-          gitSnapshot.treeHash,
-          apiClient,
-          taskId,
-          runId
-        );
-      } finally {
-        await rm7(createdArchivePath, { force: true }).catch(() => {
+    try {
+      const gitCaptureSaga = new CaptureTreeSaga(this.log);
+      const captureResult = await gitCaptureSaga.run({
+        baseDir: repositoryPath,
+        lastTreeHash,
+        archivePath
+      });
+      if (!captureResult.success) {
+        throw new Error(`Failed to capture tree: ${captureResult.error}`);
+      }
+      const {
+        snapshot: gitSnapshot,
+        archivePath: createdArchivePath,
+        changed
+      } = captureResult.data;
+      if (!changed || !gitSnapshot) {
+        this.log.debug("No changes since last capture", { lastTreeHash });
+        return { snapshot: null, newTreeHash: lastTreeHash };
+      }
+      let archiveUrl;
+      if (apiClient && createdArchivePath) {
+        try {
+          archiveUrl = await this.uploadArchive(
+            createdArchivePath,
+            gitSnapshot.treeHash,
+            apiClient,
+            taskId,
+            runId
+          );
+        } finally {
+          await rm7(createdArchivePath, { force: true }).catch(() => {
+          });
+        }
+      }
+      const snapshot = {
+        treeHash: gitSnapshot.treeHash,
+        baseCommit: gitSnapshot.baseCommit,
+        changes: gitSnapshot.changes,
+        timestamp: gitSnapshot.timestamp,
+        interrupted,
+        archiveUrl
+      };
+      this.log.info("Tree captured", {
+        treeHash: snapshot.treeHash,
+        changes: snapshot.changes.length,
+        interrupted,
+        archiveUrl
+      });
+      return { snapshot, newTreeHash: snapshot.treeHash };
+    } finally {
+      if (archivePath) {
+        await rm7(archivePath, { force: true }).catch(() => {
         });
       }
+      await this.removeTmpDirIfEmpty(tmpDir);
     }
-    const snapshot = {
-      treeHash: gitSnapshot.treeHash,
-      baseCommit: gitSnapshot.baseCommit,
-      changes: gitSnapshot.changes,
-      timestamp: gitSnapshot.timestamp,
-      interrupted,
-      archiveUrl
-    };
-    this.log.info("Tree captured", {
-      treeHash: snapshot.treeHash,
-      changes: snapshot.changes.length,
-      interrupted,
-      archiveUrl
-    });
-    return { snapshot, newTreeHash: snapshot.treeHash };
   }
   async uploadArchive(archivePath, treeHash, apiClient, taskId, runId) {
     const archiveUrl = await this.step({
@@ -20655,6 +20804,14 @@ var CaptureTreeSaga2 = class extends Saga {
     });
     return archiveUrl;
   }
+  async removeTmpDirIfEmpty(tmpDir) {
+    const entries = await readdir3(tmpDir).catch(() => null);
+    if (!entries || entries.length > 0) {
+      return;
+    }
+    await rmdir3(tmpDir).catch(() => {
+    });
+  }
 };
 
 // src/tree-tracker.ts