@simonfestl/husky-cli 1.18.1 → 1.19.2

package/dist/commands/agent.js

@@ -287,6 +287,8 @@ const ROLE_EMOJI = {
     worker: "\uD83D\uDD27", // Wrench emoji for worker
     reviewer: "\uD83D\uDCDD", // Memo emoji for reviewer
     support: "\uD83C\uDFA7", // Headphones emoji for support
+    e2e_agent: "\uD83E\uDDEA", // Test tube emoji for e2e agent
+    pr_agent: "\uD83D\uDE80", // Rocket emoji for pr agent
 };
 // husky agent message
 agentCommand
@@ -436,7 +438,7 @@ agentCommand
         process.exit(1);
     }
     // Validate role
-    const validRoles = ["supervisor", "worker", "reviewer", "support"];
+    const validRoles = ["supervisor", "worker", "reviewer", "support", "e2e_agent", "pr_agent"];
     if (!validRoles.includes(options.role)) {
         console.error(`Error: Invalid role '${options.role}'.`);
         console.error(`  Valid roles: ${validRoles.join(", ")}`);
@@ -527,11 +529,11 @@ agentCommand
         for (const agent of agents) {
             const statusIcon = agent.status === "online" ? "\u2714" :
                 agent.status === "busy" ? "\u231B" : "\u2717";
-            const lastSeen = agent.lastHeartbeat
-                ? new Date(agent.lastHeartbeat).toLocaleString()
+            const lastSeenDisplay = agent.lastSeen
+                ? new Date(agent.lastSeen).toLocaleString()
                 : "never";
             console.log(`  ${statusIcon} ${agent.emoji} ${agent.name} (${agent.id})`);
-            console.log(`      Role: ${agent.role} | Status: ${agent.status} | Last seen: ${lastSeen}`);
+            console.log(`      Role: ${agent.role} | Status: ${agent.status} | Last seen: ${lastSeenDisplay}`);
             if (agent.tmuxSession) {
                 console.log(`      Tmux: ${agent.tmuxSession}`);
             }

package/dist/commands/auth.js

@@ -318,6 +318,8 @@ authCommand
             role: session.role,
             agent: session.agent.id,
         });
+        // Clear permissions cache so next check uses the new session role
+        clearPermissionsCache();
         // Fetch and cache permissions for the new session role
         await fetchAndCacheRole();
         if (options.json) {
@@ -360,6 +362,7 @@ authCommand
         return;
     }
     clearSessionConfig();
+    clearPermissionsCache();
     if (options.json) {
         console.log(JSON.stringify({ success: true, agent: session.agent }));
         return;
@@ -452,7 +455,8 @@ authCommand
             role: session.role,
             agent: session.agent.id,
         });
-        // Refresh permissions for the session role
+        // Clear permissions cache and refresh for the session role
+        clearPermissionsCache();
         await fetchAndCacheRole();
         if (options.json) {
             console.log(JSON.stringify({

package/dist/lib/permissions-cache.js

@@ -1,4 +1,4 @@
-import { getConfig } from "../commands/config.js";
+import { getConfig, isSessionActive } from "../commands/config.js";
 const CACHE_TTL_MS = 5 * 60 * 1000;
 let cache = null;
 let fetchPromise = null;
@@ -7,7 +7,16 @@ async function fetchPermissions() {
     if (!config.apiUrl || !config.apiKey) {
         throw new Error("API not configured");
     }
+    // If there's an active session, use the session's role
+    // This ensures permissions match the logged-in agent, not the API key
+    const roleToFetch = isSessionActive() && config.sessionRole
+        ? config.sessionRole
+        : undefined;
+    // Build URL - if we have a session role, request permissions for that specific role
     const url = new URL("/api/auth/whoami", config.apiUrl);
+    if (roleToFetch) {
+        url.searchParams.set("role", roleToFetch);
+    }
     const res = await fetch(url.toString(), {
         method: "GET",
         headers: {
@@ -20,16 +29,39 @@ async function fetchPermissions() {
         throw new Error(error.message || error.error || `HTTP ${res.status}`);
     }
     const data = await res.json();
-    const kbPermissions = data.permissions
+    // If we have a session role, override the returned role with the session role
+    // and fetch permissions for that role
+    const effectiveRole = roleToFetch || data.role;
+    const effectivePermissions = roleToFetch
+        ? await fetchPermissionsForRole(config.apiUrl, config.apiKey, roleToFetch)
+        : data.permissions;
+    const kbPermissions = effectivePermissions
         .filter((p) => p.startsWith("kb:"))
         .map((p) => p.replace("kb:", ""));
     return {
-        role: data.role,
-        permissions: data.permissions,
+        role: effectiveRole,
+        permissions: effectivePermissions,
         knowledgeBases: kbPermissions,
         fetchedAt: Date.now(),
     };
 }
+async function fetchPermissionsForRole(apiUrl, apiKey, role) {
+    // Use the /permissions/:role endpoint to get permissions for a specific role
+    const url = new URL(`/api/auth/permissions/${encodeURIComponent(role)}`, apiUrl);
+    const res = await fetch(url.toString(), {
+        method: "GET",
+        headers: {
+            "x-api-key": apiKey,
+            "Content-Type": "application/json",
+        },
+    });
+    if (!res.ok) {
+        // Fall back to empty permissions if fetch fails
+        return [];
+    }
+    const data = await res.json();
+    return data.permissions || [];
+}
 export async function getPermissions() {
     const now = Date.now();
     if (cache && now - cache.fetchedAt < CACHE_TTL_MS) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@simonfestl/husky-cli",
-  "version": "1.18.1",
+  "version": "1.19.2",
   "description": "CLI for Huskyv0 Task Orchestration with Claude Agent SDK",
   "type": "module",
   "bin": {