npm - @posthog/agent - Versions diffs - 2.3.647 → 2.3.656 - Mend

@posthog/agent 2.3.647 → 2.3.656

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

package/dist/adapters/claude/permissions/permission-options.js +700 -0
package/dist/adapters/claude/permissions/permission-options.js.map +1 -1
package/dist/adapters/claude/tools.js +700 -0
package/dist/adapters/claude/tools.js.map +1 -1
package/dist/adapters/codex/local-tools-mcp-server.d.ts +2 -0
package/dist/adapters/codex/local-tools-mcp-server.js +1172 -0
package/dist/adapters/codex/local-tools-mcp-server.js.map +1 -0
package/dist/agent.js +1488 -219
package/dist/agent.js.map +1 -1
package/dist/execution-mode.js +700 -0
package/dist/execution-mode.js.map +1 -1
package/dist/handoff-checkpoint.js.map +1 -1
package/dist/posthog-api.d.ts +1 -1
package/dist/posthog-api.js +1 -1
package/dist/posthog-api.js.map +1 -1
package/dist/server/agent-server.js +1637 -342
package/dist/server/agent-server.js.map +1 -1
package/dist/server/bin.cjs +1553 -261
package/dist/server/bin.cjs.map +1 -1
package/dist/types.d.ts +1 -1
package/dist/types.js.map +1 -1
package/package.json +1 -1
package/src/adapters/claude/claude-agent.ts +32 -2
package/src/adapters/claude/hooks.test.ts +54 -0
package/src/adapters/claude/hooks.ts +86 -0
package/src/adapters/claude/mcp/local-tools.test.ts +50 -0
package/src/adapters/claude/mcp/local-tools.ts +40 -0
package/src/adapters/claude/session/options.ts +14 -9
package/src/adapters/claude/types.ts +1 -0
package/src/adapters/codex/codex-agent.ts +117 -22
package/src/adapters/codex/local-tools-mcp-server.ts +71 -0
package/src/adapters/local-tools/index.ts +22 -0
package/src/adapters/local-tools/registry.test.ts +57 -0
package/src/adapters/local-tools/registry.ts +81 -0
package/src/adapters/local-tools/tools/signed-commit.ts +26 -0
package/src/adapters/session-meta.ts +16 -0
package/src/adapters/signed-commit-shared.ts +82 -0
package/src/server/agent-server.configure-environment.test.ts +64 -1
package/src/server/agent-server.test.ts +2 -4
package/src/server/agent-server.ts +60 -35
package/src/types.ts +2 -1
package/src/utils/common.ts +14 -0
package/src/utils/gateway.test.ts +70 -0
package/src/utils/gateway.ts +31 -1

package/src/adapters/codex/codex-agent.ts CHANGED Viewed

@@ -38,6 +38,7 @@ import {
   type SetSessionModeRequest,
   type SetSessionModeResponse,
 } from "@agentclientprotocol/sdk";
+import { ghTokenEnv } from "@posthog/git/signed-commit";
 import packageJson from "../../../package.json" with { type: "json" };
 import {
   isMethod,
@@ -56,6 +57,7 @@ import {
   type PermissionMode,
 } from "../../execution-mode";
 import type { PostHogAPIConfig, ProcessSpawnedCallback } from "../../types";
+import { isCloudRun, resolveGithubToken } from "../../utils/common";
 import { Logger } from "../../utils/logger";
 import {
   nodeReadableToWebReadable,
@@ -63,6 +65,12 @@ import {
 } from "../../utils/streams";
 import { BaseAcpAgent, type BaseSession } from "../base-acp-agent";
 import { classifyAgentError } from "../error-classification";
+import {
+  enabledLocalTools,
+  LOCAL_TOOLS_MCP_NAME,
+  type LocalToolCtx,
+} from "../local-tools";
+import { resolveTaskId } from "../session-meta";
 import { createCodexClient } from "./codex-client";
 import { normalizeCodexConfigOptions } from "./models";
 import {
@@ -193,8 +201,7 @@ const STRUCTURED_OUTPUT_INSTRUCTIONS = `\n\nWhen you have completed the task, ca
  * harness/bin.js, etc), `import.meta.dirname` sits at different depths. Walk
  * up until we find the script so each bundle locates the shared dist asset.
  */
-function resolveStructuredOutputMcpScript(): string {
-  const rel = "adapters/codex/structured-output-mcp-server.js";
+function resolveBundledMcpScript(rel: string): string {
   let dir = import.meta.dirname ?? __dirname;
   for (let i = 0; i < 5; i++) {
     const candidate = resolvePath(dir, rel);
@@ -209,7 +216,9 @@ function resolveStructuredOutputMcpScript(): string {
 function buildStructuredOutputMcpServer(
   jsonSchema: Record<string, unknown>,
 ): McpServerStdio {
-  const scriptPath = resolveStructuredOutputMcpScript();
+  const scriptPath = resolveBundledMcpScript(
+    "adapters/codex/structured-output-mcp-server.js",
+  );
   const schemaBase64 = Buffer.from(JSON.stringify(jsonSchema)).toString(
     "base64",
   );
@@ -221,6 +230,41 @@ function buildStructuredOutputMcpServer(
   };
 }
+/**
+ * Builds the stdio MCP server config exposing the enabled local tools. Context
+ * (cwd, taskId, token) and the enabled tool names are passed base64/CSV-encoded
+ * so the child registers the same tools the Claude adapter exposes in-process.
+ */
+function buildLocalToolsMcpServer(
+  ctx: LocalToolCtx,
+  enabledNames: string[],
+): McpServerStdio {
+  const scriptPath = resolveBundledMcpScript(
+    "adapters/codex/local-tools-mcp-server.js",
+  );
+  const ctxBase64 = Buffer.from(JSON.stringify(ctx)).toString("base64");
+  const env = [
+    { name: "POSTHOG_LOCAL_TOOLS_CTX", value: ctxBase64 },
+    { name: "POSTHOG_LOCAL_TOOLS_ENABLED", value: enabledNames.join(",") },
+  ];
+  if (ctx.token) {
+    // Token also on the child env so its own git remote ops (fetch/ls-remote)
+    // authenticate; the var names come from the single shared source.
+    env.push(
+      ...Object.entries(ghTokenEnv(ctx.token)).map(([name, value]) => ({
+        name,
+        value,
+      })),
+    );
+  }
+  return {
+    name: LOCAL_TOOLS_MCP_NAME,
+    command: process.execPath,
+    args: [scriptPath],
+    env,
+  };
+}
 export class CodexAcpAgent extends BaseAcpAgent {
   readonly adapterName = "codex";
   declare session: CodexSession;
@@ -338,7 +382,10 @@ export class CodexAcpAgent extends BaseAcpAgent {
     const meta = params._meta as NewSessionMeta | undefined;
     const requestedPermissionMode = toCodexPermissionMode(meta?.permissionMode);
-    const injectedParams = this.applyStructuredOutput(params, meta);
+    const injectedParams = this.applyLocalTools(
+      this.applyStructuredOutput(params, meta),
+      meta,
+    );
     const response = await this.codexConnection.newSession(injectedParams);
     response.configOptions = normalizeCodexConfigOptions(
       response.configOptions,
@@ -347,7 +394,7 @@ export class CodexAcpAgent extends BaseAcpAgent {
     // Initialize session state
     this.sessionState = createSessionState(response.sessionId, params.cwd, {
       taskRunId: meta?.taskRunId,
-      taskId: meta?.taskId ?? meta?.persistence?.taskId,
+      taskId: resolveTaskId(meta),
       modeId: response.modes?.currentModeId ?? "auto",
       modelId: response.models?.currentModelId,
       permissionMode: requestedPermissionMode,
@@ -380,7 +427,10 @@ export class CodexAcpAgent extends BaseAcpAgent {
   async loadSession(params: LoadSessionRequest): Promise<LoadSessionResponse> {
     const meta = params._meta as NewSessionMeta | undefined;
-    const injectedParams = this.applyStructuredOutput(params, meta);
+    const injectedParams = this.applyLocalTools(
+      this.applyStructuredOutput(params, meta),
+      meta,
+    );
     const response = await this.codexConnection.loadSession(injectedParams);
     response.configOptions = normalizeCodexConfigOptions(
       response.configOptions,
@@ -396,7 +446,7 @@ export class CodexAcpAgent extends BaseAcpAgent {
     // not, which silently broke task-completion tracking on re-attach.
     this.sessionState = createSessionState(params.sessionId, params.cwd, {
       taskRunId: meta?.taskRunId,
-      taskId: meta?.taskId ?? meta?.persistence?.taskId,
+      taskId: resolveTaskId(meta),
       modeId: response.modes?.currentModeId ?? "auto",
       permissionMode: currentPermissionMode,
     });
@@ -418,13 +468,16 @@ export class CodexAcpAgent extends BaseAcpAgent {
     params: ResumeSessionRequest,
   ): Promise<ResumeSessionResponse> {
     const meta = params._meta as NewSessionMeta | undefined;
-    const injectedParams = this.applyStructuredOutput(
-      {
-        sessionId: params.sessionId,
-        cwd: params.cwd,
-        mcpServers: params.mcpServers ?? [],
-        _meta: params._meta,
-      },
+    const injectedParams = this.applyLocalTools(
+      this.applyStructuredOutput(
+        {
+          sessionId: params.sessionId,
+          cwd: params.cwd,
+          mcpServers: params.mcpServers ?? [],
+          _meta: params._meta,
+        },
+        meta,
+      ),
       meta,
     );
@@ -439,7 +492,7 @@ export class CodexAcpAgent extends BaseAcpAgent {
     );
     this.sessionState = createSessionState(params.sessionId, params.cwd, {
       taskRunId: meta?.taskRunId,
-      taskId: meta?.taskId ?? meta?.persistence?.taskId,
+      taskId: resolveTaskId(meta),
       modeId: loadResponse.modes?.currentModeId ?? "auto",
       permissionMode: currentPermissionMode,
     });
@@ -465,12 +518,15 @@ export class CodexAcpAgent extends BaseAcpAgent {
     params: ForkSessionRequest,
   ): Promise<ForkSessionResponse> {
     const meta = params._meta as NewSessionMeta | undefined;
-    const injectedParams = this.applyStructuredOutput(
-      {
-        cwd: params.cwd,
-        mcpServers: params.mcpServers ?? [],
-        _meta: params._meta,
-      },
+    const injectedParams = this.applyLocalTools(
+      this.applyStructuredOutput(
+        {
+          cwd: params.cwd,
+          mcpServers: params.mcpServers ?? [],
+          _meta: params._meta,
+        },
+        meta,
+      ),
       meta,
     );
@@ -483,7 +539,7 @@ export class CodexAcpAgent extends BaseAcpAgent {
     const requestedPermissionMode = toCodexPermissionMode(meta?.permissionMode);
     this.sessionState = createSessionState(newResponse.sessionId, params.cwd, {
       taskRunId: meta?.taskRunId,
-      taskId: meta?.taskId ?? meta?.persistence?.taskId,
+      taskId: resolveTaskId(meta),
       modeId: newResponse.modes?.currentModeId ?? "auto",
       permissionMode: requestedPermissionMode,
     });
@@ -531,6 +587,45 @@ export class CodexAcpAgent extends BaseAcpAgent {
     };
   }
+  /**
+   * Injects the stdio general local-tools MCP server. Tools self-gate via the
+   * registry (e.g. signed-commit is cloud-only and needs a GH token), so the
+   * server is only injected when at least one tool's gate passes. Their
+   * instructions already live in the shared cloud system prompt, so only the
+   * server needs injecting here.
+   */
+  private applyLocalTools<
+    T extends { cwd?: string; mcpServers?: McpServer[]; _meta?: unknown },
+  >(request: T, meta: NewSessionMeta | undefined): T {
+    const cwd = request.cwd;
+    if (!cwd) {
+      return request;
+    }
+    const ctx: LocalToolCtx = {
+      cwd,
+      token: resolveGithubToken(),
+      taskId: resolveTaskId(meta),
+    };
+    const tools = enabledLocalTools(ctx, meta);
+    if (tools.length === 0) {
+      if (isCloudRun(meta)) {
+        this.logger.warn(
+          "Cloud run registered no local tools — missing GH_TOKEN/GITHUB_TOKEN? signed commits unavailable",
+        );
+      }
+      return request;
+    }
+    const mcpServer = buildLocalToolsMcpServer(
+      ctx,
+      tools.map((t) => t.name),
+    );
+    return {
+      ...request,
+      mcpServers: [...(request.mcpServers ?? []), mcpServer],
+    };
+  }
   private async applyInitialPermissionMode(
     sessionId: string,
     permissionMode?: string,

package/src/adapters/codex/local-tools-mcp-server.ts ADDED Viewed

@@ -0,0 +1,71 @@
+/**
+ * Standalone stdio MCP server exposing the general local tools to the Codex
+ * adapter. Spawned by codex-acp as an MCP server process. Reads its context
+ * (cwd, taskId, token) from POSTHOG_LOCAL_TOOLS_CTX and the set of tools to
+ * register from POSTHOG_LOCAL_TOOLS_ENABLED (both set by the parent, which has
+ * already evaluated each tool's gate) — then registers those registry tools,
+ * the same ones the Claude adapter exposes in-process.
+ *
+ * Usage:
+ *   POSTHOG_LOCAL_TOOLS_CTX=<base64> \
+ *   POSTHOG_LOCAL_TOOLS_ENABLED=git_signed_commit \
+ *     node local-tools-mcp-server.js
+ */
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { readGithubTokenFromEnv } from "@posthog/git/signed-commit";
+import {
+  LOCAL_TOOLS,
+  LOCAL_TOOLS_MCP_NAME,
+  type LocalToolCtx,
+} from "../local-tools";
+function die(message: string): never {
+  process.stderr.write(`[local-tools-mcp-server] ${message}\n`);
+  process.exit(1);
+}
+const ctxEnv = process.env.POSTHOG_LOCAL_TOOLS_CTX;
+if (!ctxEnv) {
+  die("POSTHOG_LOCAL_TOOLS_CTX env var is required");
+}
+let parsed: { cwd: string; taskId?: string; token?: string };
+try {
+  parsed = JSON.parse(Buffer.from(ctxEnv, "base64").toString("utf-8"));
+} catch (err) {
+  die(`Failed to parse POSTHOG_LOCAL_TOOLS_CTX as base64-encoded JSON: ${err}`);
+}
+if (!parsed.cwd) {
+  die("POSTHOG_LOCAL_TOOLS_CTX must include cwd");
+}
+const ctx: LocalToolCtx = {
+  cwd: parsed.cwd,
+  token: parsed.token ?? readGithubTokenFromEnv(),
+  taskId: parsed.taskId,
+};
+const enabledNames = (process.env.POSTHOG_LOCAL_TOOLS_ENABLED ?? "")
+  .split(",")
+  .filter(Boolean);
+const tools = LOCAL_TOOLS.filter((t) => enabledNames.includes(t.name));
+if (tools.length === 0) {
+  die("POSTHOG_LOCAL_TOOLS_ENABLED listed no known tools");
+}
+const server = new McpServer({
+  name: LOCAL_TOOLS_MCP_NAME,
+  version: "1.0.0",
+});
+for (const t of tools) {
+  server.tool(t.name, t.description, t.schema, async (args) =>
+    t.handler(ctx, args),
+  );
+}
+const transport = new StdioServerTransport();
+await server.connect(transport);

package/src/adapters/local-tools/index.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import type { LocalTool, LocalToolCtx, LocalToolGateMeta } from "./registry";
+import { signedCommitTool } from "./tools/signed-commit";
+export {
+  LOCAL_TOOLS_MCP_NAME,
+  type LocalTool,
+  type LocalToolCtx,
+  type LocalToolGateMeta,
+  type LocalToolResult,
+  qualifiedLocalToolName,
+} from "./registry";
+/** Every tool the general local MCP server can expose. Add new tools here. */
+export const LOCAL_TOOLS: LocalTool[] = [signedCommitTool];
+/** Tools whose gate passes for the given context — the set to actually expose. */
+export function enabledLocalTools(
+  ctx: LocalToolCtx,
+  meta: LocalToolGateMeta | undefined,
+): LocalTool[] {
+  return LOCAL_TOOLS.filter((t) => t.isEnabled(ctx, meta));
+}

package/src/adapters/local-tools/registry.test.ts ADDED Viewed

@@ -0,0 +1,57 @@
+import { afterEach, beforeEach, describe, expect, it } from "vitest";
+import {
+  enabledLocalTools,
+  LOCAL_TOOLS,
+  LOCAL_TOOLS_MCP_NAME,
+  qualifiedLocalToolName,
+} from "./index";
+describe("local-tools registry", () => {
+  const savedSandbox = process.env.IS_SANDBOX;
+  beforeEach(() => {
+    // isCloudRun also keys off IS_SANDBOX; clear it so meta.taskRunId is the
+    // only cloud signal under test.
+    delete process.env.IS_SANDBOX;
+  });
+  afterEach(() => {
+    if (savedSandbox === undefined) {
+      delete process.env.IS_SANDBOX;
+    } else {
+      process.env.IS_SANDBOX = savedSandbox;
+    }
+  });
+  it("registers tools with unique names", () => {
+    const names = LOCAL_TOOLS.map((t) => t.name);
+    expect(new Set(names).size).toBe(names.length);
+  });
+  it("qualifies tool names under the general server", () => {
+    expect(qualifiedLocalToolName("git_signed_commit")).toBe(
+      `mcp__${LOCAL_TOOLS_MCP_NAME}__git_signed_commit`,
+    );
+  });
+  it.each([
+    { name: "cloud run with a token", taskRunId: "run-1", token: "ghs_x" },
+    { name: "cloud run without a token", taskRunId: "run-1", token: undefined },
+    { name: "desktop run with a token", taskRunId: undefined, token: "ghs_x" },
+    {
+      name: "desktop run without a token",
+      taskRunId: undefined,
+      token: undefined,
+    },
+  ])(
+    "exposes git_signed_commit only in $name when cloud+token",
+    ({ taskRunId, token }) => {
+      const tools = enabledLocalTools(
+        { cwd: "/repo", token },
+        taskRunId ? { taskRunId } : undefined,
+      );
+      const hasSignedCommit = tools.some((t) => t.name === "git_signed_commit");
+      expect(hasSignedCommit).toBe(Boolean(taskRunId) && Boolean(token));
+    },
+  );
+});

package/src/adapters/local-tools/registry.ts ADDED Viewed

@@ -0,0 +1,81 @@
+import type { z } from "zod";
+/**
+ * A single general-purpose local MCP server hosts every tool registered here,
+ * for both adapters: the Claude in-process SDK server and the Codex stdio
+ * server. Adding a tool means adding one entry to `LOCAL_TOOLS` (see
+ * `./index.ts`) — no per-tool server file or adapter wiring. The name appears
+ * in tool ids as `mcp__posthog-local__<tool>`.
+ */
+export const LOCAL_TOOLS_MCP_NAME = "posthog-local";
+/** Runtime context handed to every local tool's handler and gate. */
+export interface LocalToolCtx {
+  cwd: string;
+  /** GitHub token available to the sandbox, if any. */
+  token?: string;
+  taskId?: string;
+}
+/** Minimal session-meta shape needed to gate tools (e.g. cloud-only). */
+export interface LocalToolGateMeta {
+  taskRunId?: string;
+}
+/**
+ * MCP tool result shape. Carries an open index signature so the value is
+ * assignable to either SDK's `CallToolResult` (the Claude SDK and the MCP SDK
+ * both attach an open `_meta`).
+ */
+export interface LocalToolResult {
+  content: { type: "text"; text: string }[];
+  isError?: true;
+  [key: string]: unknown;
+}
+/** Tool definition with its input schema's type preserved for the handler. */
+export interface LocalToolDef<S extends z.ZodRawShape> {
+  name: string;
+  description: string;
+  schema: S;
+  /**
+   * Keep the tool visible even though MCP tools are offloaded behind ToolSearch
+   * by default in the Claude adapter (ENABLE_TOOL_SEARCH). Ignored by Codex.
+   */
+  alwaysLoad?: boolean;
+  isEnabled(ctx: LocalToolCtx, meta: LocalToolGateMeta | undefined): boolean;
+  handler(
+    ctx: LocalToolCtx,
+    args: z.infer<z.ZodObject<S>>,
+  ): Promise<LocalToolResult>;
+}
+/** Schema-erased tool, the shape stored in the registry array. */
+export interface LocalTool {
+  name: string;
+  description: string;
+  schema: z.ZodRawShape;
+  alwaysLoad?: boolean;
+  isEnabled(ctx: LocalToolCtx, meta: LocalToolGateMeta | undefined): boolean;
+  handler(
+    ctx: LocalToolCtx,
+    args: Record<string, unknown>,
+  ): Promise<LocalToolResult>;
+}
+/**
+ * Registers a tool, preserving its schema's inferred type at the definition
+ * site. The returned value erases the schema generic so tools of different
+ * shapes can live in one array; the cast is sound because both MCP SDKs
+ * validate `args` against `schema` before dispatching to the handler.
+ */
+export function defineLocalTool<S extends z.ZodRawShape>(
+  def: LocalToolDef<S>,
+): LocalTool {
+  return def as unknown as LocalTool;
+}
+/** The qualified tool id as the model and tool guards see it. */
+export function qualifiedLocalToolName(toolName: string): string {
+  return `mcp__${LOCAL_TOOLS_MCP_NAME}__${toolName}`;
+}

package/src/adapters/local-tools/tools/signed-commit.ts ADDED Viewed

@@ -0,0 +1,26 @@
+import { isCloudRun } from "../../../utils/common";
+import {
+  runSignedCommitTool,
+  SIGNED_COMMIT_TOOL_DESCRIPTION,
+  SIGNED_COMMIT_TOOL_NAME,
+  signedCommitToolSchema,
+} from "../../signed-commit-shared";
+import { defineLocalTool } from "../registry";
+/**
+ * `git_signed_commit` as a local tool. Cloud runs only, and only when a GitHub
+ * token is available (the commit is created via GitHub's API, which also signs
+ * it). Committing is core to cloud tasks, so keep it visible past ToolSearch.
+ */
+export const signedCommitTool = defineLocalTool({
+  name: SIGNED_COMMIT_TOOL_NAME,
+  description: SIGNED_COMMIT_TOOL_DESCRIPTION,
+  schema: signedCommitToolSchema,
+  alwaysLoad: true,
+  isEnabled: (ctx, meta) => isCloudRun(meta) && !!ctx.token,
+  handler: (ctx, args) =>
+    runSignedCommitTool(
+      { cwd: ctx.cwd, token: ctx.token ?? "", taskId: ctx.taskId },
+      args,
+    ),
+});

package/src/adapters/session-meta.ts ADDED Viewed

@@ -0,0 +1,16 @@
+/** Minimal shape needed to resolve the effective task id from session meta. */
+interface TaskIdSource {
+  taskId?: string;
+  persistence?: { taskId?: string };
+}
+/**
+ * The task id can arrive directly on the session meta or nested under
+ * `persistence`; prefer the top-level value. Shared by the Claude and Codex
+ * adapters so the fallback chain stays in sync.
+ */
+export function resolveTaskId(
+  meta: TaskIdSource | undefined,
+): string | undefined {
+  return meta?.taskId ?? meta?.persistence?.taskId;
+}

package/src/adapters/signed-commit-shared.ts ADDED Viewed

@@ -0,0 +1,82 @@
+import {
+  createSignedCommit,
+  type SignedCommitCtx,
+  type SignedCommitInput,
+  type SignedCommitResult,
+} from "@posthog/git/signed-commit";
+import { z } from "zod";
+import { qualifiedLocalToolName } from "./local-tools/registry";
+/**
+ * Shared definitions for the `git_signed_commit` tool, used by the local-tools
+ * registry entry (which both adapters expose) so the tool name, schema,
+ * description, and result formatting can't drift. The qualified name also
+ * appears in the cloud system prompt and the PreToolUse guard message.
+ */
+export const SIGNED_COMMIT_TOOL_NAME = "git_signed_commit";
+export const SIGNED_COMMIT_QUALIFIED_TOOL_NAME = qualifiedLocalToolName(
+  SIGNED_COMMIT_TOOL_NAME,
+);
+export const SIGNED_COMMIT_TOOL_DESCRIPTION =
+  "Create a GitHub-signed (Verified) commit on the branch. Stage files with `git add` " +
+  "first (or pass `paths`), then call this instead of `git commit`/`git push` — those are " +
+  "blocked because all commits must be signed. The commit is created via GitHub's API and " +
+  "your local checkout is kept in sync. For a new branch, pass `branch` (prefixed with " +
+  "`posthog-code/`) and the tool creates it on the remote.";
+export const signedCommitToolSchema = {
+  message: z.string().describe("Commit headline (first line)."),
+  body: z.string().optional().describe("Optional extended commit body."),
+  branch: z
+    .string()
+    .optional()
+    .describe(
+      "Target branch; defaults to the current branch. Use a posthog-code/ prefix for new branches.",
+    ),
+  paths: z
+    .array(z.string())
+    .optional()
+    .describe(
+      "Files to stage before committing; defaults to already-staged files.",
+    ),
+};
+export function formatSignedCommitResult(result: SignedCommitResult): string {
+  const list = result.commits.map((c) => `- ${c.sha} ${c.url}`).join("\n");
+  return `Created ${result.commits.length} signed commit(s) on ${result.branch}:\n${list}`;
+}
+export interface SignedCommitToolResult {
+  content: { type: "text"; text: string }[];
+  isError?: true;
+  // Both SDKs' CallToolResult carries an open `_meta`/index signature; mirror it
+  // so this shape is assignable to either adapter's tool-handler return type.
+  [key: string]: unknown;
+}
+/**
+ * Runs `git_signed_commit` and formats the MCP result. Shared by the Claude
+ * in-process tool and the Codex stdio server so success/error formatting (and
+ * the error-message prefix) can't drift between adapters.
+ */
+export async function runSignedCommitTool(
+  ctx: SignedCommitCtx,
+  args: SignedCommitInput,
+): Promise<SignedCommitToolResult> {
+  try {
+    const result = await createSignedCommit(ctx, args);
+    return {
+      content: [{ type: "text", text: formatSignedCommitResult(result) }],
+    };
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    return {
+      content: [
+        { type: "text", text: `${SIGNED_COMMIT_TOOL_NAME} failed: ${message}` },
+      ],
+      isError: true,
+    };
+  }
+}

package/src/server/agent-server.configure-environment.test.ts CHANGED Viewed

@@ -2,13 +2,20 @@ import { afterEach, beforeEach, describe, expect, it } from "vitest";
 import { AgentServer } from "./agent-server";
 interface TestableServer {
-  configureEnvironment(args?: { isInternal?: boolean }): void;
+  configureEnvironment(args?: {
+    isInternal?: boolean;
+    originProduct?: string | null;
+    taskId?: string | null;
+    taskRunId?: string | null;
+    taskUserId?: number | null;
+  }): void;
 }
 const ENV_KEYS_UNDER_TEST = [
   "LLM_GATEWAY_URL",
   "ANTHROPIC_BASE_URL",
   "OPENAI_BASE_URL",
+  "ANTHROPIC_CUSTOM_HEADERS",
 ] as const;
 describe("AgentServer.configureEnvironment", () => {
@@ -85,6 +92,62 @@ describe("AgentServer.configureEnvironment", () => {
     expect(fromBackground).toBe("https://gateway.us.posthog.com/posthog_code");
   });
+  it("tags as signals when an internal task has origin_product 'signal_report'", () => {
+    buildServer("background").configureEnvironment({
+      isInternal: true,
+      originProduct: "signal_report",
+    });
+    expect(process.env.LLM_GATEWAY_URL).toBe(
+      "https://gateway.us.posthog.com/signals",
+    );
+    expect(process.env.ANTHROPIC_BASE_URL).toBe(
+      "https://gateway.us.posthog.com/signals",
+    );
+    expect(process.env.OPENAI_BASE_URL).toBe(
+      "https://gateway.us.posthog.com/signals/v1",
+    );
+  });
+  it("does not tag as signals when origin_product is 'signal_report' but the task is not internal", () => {
+    buildServer("background").configureEnvironment({
+      isInternal: false,
+      originProduct: "signal_report",
+    });
+    expect(process.env.LLM_GATEWAY_URL).toBe(
+      "https://gateway.us.posthog.com/posthog_code",
+    );
+  });
+  it("forwards task metadata as ANTHROPIC_CUSTOM_HEADERS", () => {
+    buildServer("background").configureEnvironment({
+      isInternal: true,
+      originProduct: "signal_report",
+      taskId: "task-abc",
+      taskRunId: "run-xyz",
+      taskUserId: 42,
+    });
+    expect(process.env.ANTHROPIC_CUSTOM_HEADERS).toBe(
+      [
+        "x-posthog-property-task_origin_product: signal_report",
+        "x-posthog-property-task_internal: true",
+        "x-posthog-property-task_id: task-abc",
+        "x-posthog-property-task_run_id: run-xyz",
+        "x-posthog-property-task_user_id: 42",
+      ].join("\n"),
+    );
+  });
+  it("omits optional task metadata from ANTHROPIC_CUSTOM_HEADERS when not provided", () => {
+    buildServer("background").configureEnvironment({ isInternal: false });
+    expect(process.env.ANTHROPIC_CUSTOM_HEADERS).toBe(
+      "x-posthog-property-task_internal: false",
+    );
+  });
   it("respects the LLM_GATEWAY_URL override regardless of internal flag", () => {
     process.env.LLM_GATEWAY_URL = "http://ngrok.test/proxy";