@todoforai/cli 0.1.2 → 0.1.4

package/README.md

@@ -10,11 +10,27 @@ bun install -g @todoforai/cli
 
 ## Setup
 
+Just run `todoai` — on first use it opens a browser for **device login** and saves the API key to `~/.todoforai/credentials.json` (shared with the edge daemon).
+
+```bash
+todoai                # prompts device login if no key found
+todoai login          # explicit login
+```
+
+Optional manual config:
+
 ```bash
 todoai --set-default-api-url http://localhost:4000   # or https://api.todofor.ai
-todoai --set-default-api-key <your-api-key>
 ```
 
+Auth resolution order: `--api-key` flag → `TODOFORAI_API_KEY` env → shared credentials (`~/.todoforai/credentials.json`) → device login.
+
+## Edge daemon
+
+The CLI talks to the backend over WebSocket; **shell execution, file I/O, and tool calls happen in the edge daemon** running locally. On every run `todoai` spawns a detached edge process if none is running (PID-locked at `~/.todoforai/edge-<hash>.lock`, logs at `~/.todoforai/edge.log`). It keeps running after the CLI exits, so long-running tasks survive `Ctrl+D`.
+
+Disable with `--no-edge` if you manage the edge yourself (e.g. systemd, separate terminal).
+
 ## Usage
 
 ### Create a todo from a prompt
@@ -66,14 +82,14 @@ todoai --resume <todo-id>     # resume specific todo
 --continue, -c                  Continue most recent todo
 --non-interactive, -n           Run to completion and exit
 --dangerously-skip-permissions  Auto-approve all blocks (CI/benchmarks)
+--allow-all                     Set permissions to allow all tools (no approval needed)
 --no-watch                      Create todo and exit
+--no-edge                       Do not auto-spawn edge daemon
 --json                          Output as JSON
 --safe                          Validate API key upfront
 --debug, -d                     Debug output
 --show-config                   Show config
---set-defaults                  Interactive defaults setup
 --set-default-api-url           Set default API URL
---set-default-api-key           Set default API key
 --reset-config                  Reset config file
 --help, -h                      Show this help
 ```

package/dist/todoai.js

@@ -1617,7 +1617,7 @@ var require_core = __commonJS((exports, module) => {
     return match && match.index === 0;
   }
   var BACKREF_RE = /\[(?:[^\\\]]|\\.)*\]|\(\??|\\([1-9][0-9]*)|\\./;
-  function join2(regexps, separator = "|") {
+  function join3(regexps, separator = "|") {
     let numCaptures = 0;
     return regexps.map((regex) => {
       numCaptures += 1;
@@ -1900,7 +1900,7 @@ var require_core = __commonJS((exports, module) => {
           this.exec = () => null;
         }
         const terminators = this.regexes.map((el) => el[1]);
-        this.matcherRe = langRe(join2(terminators), true);
+        this.matcherRe = langRe(join3(terminators), true);
         this.lastIndex = 0;
       }
       exec(s) {
@@ -42663,7 +42663,7 @@ var require_dist = __commonJS((exports) => {
 // src/index.ts
 import { realpathSync } from "fs";
 import { resolve as resolve3 } from "path";
-import { homedir as homedir2 } from "os";
+import { homedir as homedir3 } from "os";
 
 // src/tips.ts
 var TIPS = [
@@ -42833,6 +42833,7 @@ function normalizeApiUrl(url) {
     return `https://${url}`;
   return url;
 }
+var SUBCOMMANDS = new Set(["login", "logout"]);
 var CREDENTIALS_PATH = path.join(os.homedir(), ".todoforai", "credentials.json");
 
 // ../edge/bun/src/frontend-ws.ts
@@ -43045,11 +43046,13 @@ Usage:
   todoai --resume <todo-id>            # Resume specific todo
   todoai --inspect <todo-id>           # Print full chat log (read-only)
   todoai --template <id> [--input k=v] # Start from a registry template
+  todoai --list-agents                 # List available agents and exit
 
 Options:
   --path <dir>                    Workspace path (default: cwd)
   --project <id>                  Project ID
   --agent, -a <name>              Agent name (partial match)
+  --list-agents                   List available agents (name, id, workspace paths) and exit
   --api-url <url>                 API URL
   --api-key <key>                 API key
   --inspect, -i <todo-id>        Print full chat log (read-only, no interactive)
@@ -43059,14 +43062,14 @@ Options:
   --continue, -c                  Continue most recent todo
   --non-interactive, -n           Run to completion and exit without interactive prompt
   --dangerously-skip-permissions  Auto-approve all blocks (for CI/benchmarks)
+  --allow-all                     Set permissions to allow all tools (no approval needed)
   --no-watch                      Create todo and exit
+  --no-edge                       Do not auto-spawn edge daemon
   --json                          Output as JSON
   --safe                          Validate API key upfront
   --debug, -d                     Debug output
   --show-config                   Show config
-  --set-defaults                  Interactive defaults setup
   --set-default-api-url           Set default API URL
-  --set-default-api-key           Set default API key
   --reset-config                  Reset config file
   --help, -h                      Show this help
 `);
@@ -43078,6 +43081,7 @@ function parseCliArgs() {
       path: { type: "string", default: "." },
       project: { type: "string" },
       agent: { type: "string", short: "a" },
+      "list-agents": { type: "boolean", default: false },
       "api-url": { type: "string" },
       "api-key": { type: "string" },
       inspect: { type: "string", short: "i" },
@@ -43087,14 +43091,14 @@ function parseCliArgs() {
       continue: { type: "boolean", short: "c", default: false },
       "non-interactive": { type: "boolean", short: "n", default: false },
       "dangerously-skip-permissions": { type: "boolean", default: false },
+      "allow-all": { type: "boolean", default: false },
       "no-watch": { type: "boolean", default: false },
+      "no-edge": { type: "boolean", default: false },
       json: { type: "boolean", default: false },
       safe: { type: "boolean", default: false },
       debug: { type: "boolean", short: "d", default: false },
       "show-config": { type: "boolean", default: false },
-      "set-defaults": { type: "boolean", default: false },
       "set-default-api-url": { type: "string" },
-      "set-default-api-key": { type: "string" },
       "reset-config": { type: "boolean", default: false },
       "config-path": { type: "string" },
       help: { type: "boolean", short: "h", default: false }
@@ -43491,18 +43495,6 @@ function getConfigDir() {
   const xdg = process.env.XDG_CONFIG_HOME || join(homedir(), ".config");
   return join(xdg, "todoai-cli");
 }
-function obfuscate(s) {
-  return s ? Buffer.from(s, "utf-8").toString("base64") : s;
-}
-function deobfuscate(s) {
-  if (!s)
-    return s;
-  try {
-    return Buffer.from(s, "base64").toString("utf-8");
-  } catch {
-    return s;
-  }
-}
 function defaultConfig() {
   return {
     default_project_id: null,
@@ -43511,7 +43503,6 @@ function defaultConfig() {
     default_agent_settings: null,
     default_agent_settings_updated_at: null,
     default_api_url: null,
-    default_api_key: null,
     recent_projects: [],
     recent_agents: [],
     last_todo_id: null,
@@ -43536,8 +43527,7 @@ class ConfigStore {
       return defaultConfig();
     try {
       const raw = JSON.parse(readFileSync(this.path, "utf-8"));
-      if (raw.default_api_key)
-        raw.default_api_key = deobfuscate(raw.default_api_key);
+      delete raw.default_api_key;
       return { ...defaultConfig(), ...raw };
     } catch {
       return defaultConfig();
@@ -43546,10 +43536,7 @@ class ConfigStore {
   save() {
     try {
       mkdirSync(dirname(this.path), { recursive: true });
-      const out = { ...this.data };
-      if (out.default_api_key)
-        out.default_api_key = obfuscate(out.default_api_key);
-      writeFileSync(this.path, JSON.stringify(out, null, 2), "utf-8");
+      writeFileSync(this.path, JSON.stringify(this.data, null, 2), "utf-8");
     } catch {}
   }
   setDefaultProject(id, name) {
@@ -43573,10 +43560,6 @@ class ConfigStore {
     this.data.default_api_url = url;
     this.save();
   }
-  setDefaultApiKey(key) {
-    this.data.default_api_key = key;
-    this.save();
-  }
   addToHistory(input) {
     const trimmed = input.trim();
     if (!trimmed)
@@ -43593,6 +43576,30 @@ class ConfigStore {
   }
 }
 
+// src/credentials.ts
+import { existsSync as existsSync2, mkdirSync as mkdirSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync2 } from "fs";
+import { dirname as dirname2, join as join2 } from "path";
+import { homedir as homedir2 } from "os";
+var CREDENTIALS_PATH2 = join2(homedir2(), ".todoforai", "credentials.json");
+function read() {
+  if (!existsSync2(CREDENTIALS_PATH2))
+    return {};
+  try {
+    return JSON.parse(readFileSync2(CREDENTIALS_PATH2, "utf-8"));
+  } catch {
+    return {};
+  }
+}
+function readCredential(apiUrl) {
+  return read()[apiUrl] || "";
+}
+function writeCredential(apiUrl, apiKey) {
+  const data = read();
+  data[apiUrl] = apiKey;
+  mkdirSync2(dirname2(CREDENTIALS_PATH2), { recursive: true });
+  writeFileSync2(CREDENTIALS_PATH2, JSON.stringify(data, null, 2), "utf-8");
+}
+
 // src/logo.ts
 var LETTERS = {
   t: [" x  ", "xxxx", " x  ", " xll", " xll", " xxx"],
@@ -43911,6 +43918,12 @@ function splitShellCommands(input) {
   const len = input.length;
   while (i < len) {
     const ch = input[i];
+    if (ch === "\\" && i + 1 < len && input[i + 1] === `
+`) {
+      current += " ";
+      i += 2;
+      continue;
+    }
     if (ch === "\\" && i + 1 < len) {
       current += ch + input[i + 1];
       i += 2;
@@ -44023,6 +44036,11 @@ function splitTokens(cmd) {
   const len = cmd.length;
   while (i < len) {
     const ch = cmd[i];
+    if (ch === "\\" && i + 1 < len && cmd[i + 1] === `
+`) {
+      i += 2;
+      continue;
+    }
     if (ch === "\\" && i + 1 < len) {
       current += ch + cmd[i + 1];
       i += 2;
@@ -44113,29 +44131,40 @@ function parseBashCmd(fullCmd) {
 function generalizeBashCmd(fullCmd) {
   return parseBashCmd(fullCmd).map((p) => buildBashPattern(p));
 }
+function getBlockServerPrefix(block) {
+  const agentPattern = typeof block.generalized_pattern === "string" ? block.generalized_pattern : "";
+  const prefixMatch = agentPattern.match(/^(.*?:)BASH(?:\(|$)/);
+  return prefixMatch ? prefixMatch[1] : "";
+}
+var BASH_LIKE_BLOCK_TYPES = new Set(["bash", "machine_exec"]);
 function getBlockPatterns(block) {
   if (Array.isArray(block.generalized_pattern))
     return block.generalized_pattern;
-  if (block.type.toLowerCase() === "bash" && block.cmd) {
-    const agentPattern = typeof block.generalized_pattern === "string" ? block.generalized_pattern : "";
-    const prefixMatch = agentPattern.match(/^(.*?:)BASH\(/);
-    const prefix = prefixMatch ? prefixMatch[1] : "";
+  const agentPattern = typeof block.generalized_pattern === "string" ? block.generalized_pattern : "";
+  const isBashLike = BASH_LIKE_BLOCK_TYPES.has(block.type.toLowerCase()) || /:BASH(\(|$)/.test(agentPattern);
+  if (isBashLike && block.cmd) {
+    const prefix = getBlockServerPrefix(block);
     return generalizeBashCmd(block.cmd).map((p) => prefix + p);
   }
   if (block.generalized_pattern)
     return [block.generalized_pattern];
   return [`${block.type}(*)`];
 }
+function getBlockServerId(block) {
+  const prefix = getBlockServerPrefix(block);
+  return prefix ? prefix.slice(0, -1) : "*";
+}
 
 // ../packages/shared-fbe/src/permissionUtils.ts
 function parsePattern(pattern) {
   const colonIndex = pattern.indexOf(":");
   if (colonIndex === -1)
     return null;
-  return {
-    serverId: pattern.slice(0, colonIndex),
-    toolName: pattern.slice(colonIndex + 1)
-  };
+  const serverId = pattern.slice(0, colonIndex);
+  if (!/^[A-Za-z0-9_*-]+$/.test(serverId)) {
+    return { serverId: "*", toolName: pattern };
+  }
+  return { serverId, toolName: pattern.slice(colonIndex + 1) };
 }
 function serverIdMatches(ruleServerId, targetServerId) {
   if (ruleServerId === targetServerId)
@@ -44168,6 +44197,26 @@ function patternMatches(rulePattern, targetPattern) {
   }
   return false;
 }
+function bashRuleMatchesCmd(rulePattern, serverId, cmd) {
+  const rule = parsePattern(rulePattern);
+  if (!rule)
+    return false;
+  if (!serverIdMatches(rule.serverId, serverId))
+    return false;
+  if (rule.toolName === "*" || rule.toolName === "BASH")
+    return true;
+  const m = rule.toolName.match(/^BASH\(cmd:\s*(.*)\)$/);
+  if (!m)
+    return false;
+  let body = m[1];
+  const isPrefix = body.endsWith(" *") || body.endsWith("*");
+  if (isPrefix)
+    body = body.replace(/\s*\*$/, "");
+  const subs = splitShellCommands(cmd);
+  if (subs.length === 0)
+    return false;
+  return subs.every((sub) => isPrefix ? sub === body || sub.startsWith(body + " ") : sub === body);
+}
 function isPatternInList(list, pattern) {
   if (!list)
     return false;
@@ -44179,6 +44228,28 @@ function isPatternAllowed(permissions, pattern) {
 function getNewPatterns(patterns, permissions) {
   return patterns.filter((p) => !isPatternAllowed(permissions, p));
 }
+function getBlockNewPatterns(block, permissions) {
+  const allow = permissions?.allow ?? [];
+  if (Array.isArray(block.generalized_pattern)) {
+    return getNewPatterns(block.generalized_pattern, permissions);
+  }
+  const agentPattern = typeof block.generalized_pattern === "string" ? block.generalized_pattern : "";
+  const isBash = (block.type.toLowerCase() === "bash" || agentPattern.includes(":BASH(")) && !!block.cmd;
+  if (!isBash) {
+    return getBlockPatterns(block).filter((p) => !isPatternAllowed(permissions, p));
+  }
+  const serverId = getBlockServerId(block);
+  const prefix = serverId === "*" ? "" : `${serverId}:`;
+  const rawSubs = splitShellCommands(block.cmd);
+  const pairs = [];
+  for (const raw of rawSubs) {
+    const parsed = parseBashCmd(raw);
+    if (parsed.length === 0)
+      continue;
+    pairs.push({ raw, pattern: prefix + buildBashPattern(parsed[0]) });
+  }
+  return pairs.filter(({ raw, pattern }) => !isPatternAllowed(permissions, pattern) && !allow.some((rule) => bashRuleMatchesCmd(rule, serverId, raw))).map(({ pattern }) => pattern);
+}
 
 // src/diff-view.ts
 var import_diff_match_patch = __toESM(require_diff_match_patch(), 1);
@@ -44426,12 +44497,14 @@ function renderDiff(originalContent, modifiedContent, filePath) {
 var diffStoreByWs = new WeakMap;
 function classifyBlock(info) {
   const inner = (info.block_type || "").toLowerCase();
-  if (["create", "createfile"].includes(inner))
+  if (["create", "createfile", "write"].includes(inner))
     return "create";
   if (["modify", "modifyfile", "update", "edit"].includes(inner))
     return "edit";
   if (["catfile", "read", "readfile"].includes(inner))
     return "read";
+  if (["search", "grep"].includes(inner))
+    return "search";
   if (inner === "mcp")
     return "mcp";
   if (["shell", "bash"].includes(inner) || info.cmd)
@@ -44439,7 +44512,7 @@ function classifyBlock(info) {
   return "unknown";
 }
 function blockDisplay(info) {
-  const labels = { create: "File", edit: "Edit", read: "Read File", mcp: "MCP", shell: "Shell" };
+  const labels = { create: "File", edit: "Edit", read: "Read File", search: "Search", mcp: "MCP", shell: "Shell" };
   const kind = classifyBlock(info);
   const typeLabel = labels[kind] || info.block_type || "Tool";
   const skipKeys = new Set([
@@ -44585,12 +44658,11 @@ ${YELLOW}\u26A0 ${blocks.length} action(s) awaiting approval:${RESET}
         process.stderr.write(renderDiff(diff.originalContent, diff.modifiedContent, filePath));
       }
     }
-    const allPatterns = blocks.flatMap((bi) => getBlockPatterns({
+    const newPatterns = blocks.flatMap((bi) => getBlockNewPatterns({
       type: bi.block_type || "unknown",
       generalized_pattern: bi.generalized_pattern,
       cmd: bi.cmd
-    }));
-    const newPatterns = getNewPatterns(allPatterns, opts.agentSettings?.permissions);
+    }, opts.agentSettings?.permissions));
     const stripPrefix = (p) => p.replace(/^todoai_(edge|cloud):/, "");
     const patternHint = newPatterns.length ? ` ${DIM}${newPatterns.map(stripPrefix).join(", ")}${RESET}` : "";
     try {
@@ -44603,11 +44675,11 @@ ${YELLOW}\u26A0 ${blocks.length} action(s) awaiting approval:${RESET}
         for (const bi of blocks) {
           let patterns;
           if (response === "r") {
-            patterns = getBlockPatterns({
+            patterns = getBlockNewPatterns({
               type: bi.block_type || "unknown",
               generalized_pattern: bi.generalized_pattern,
               cmd: bi.cmd
-            });
+            }, opts.agentSettings?.permissions);
             if (patterns.length > 0) {
               process.stderr.write(`  ${GREEN}\u2713 Remembering: ${patterns.map(stripPrefix).join(", ")}${RESET}
 `);
@@ -44745,10 +44817,62 @@ ${DIM}[todo:status] ${status}${RESET}
   }
 }
 
+// src/list-agents.ts
+async function listAgentsCommand(api, opts) {
+  const agents = await api.listAgentSettings();
+  if (opts.json) {
+    console.log(JSON.stringify(agents, null, 2));
+    return;
+  }
+  if (!agents.length) {
+    process.stderr.write(`No agents found.
+`);
+    return;
+  }
+  const rows = agents.map((a) => ({
+    name: getDisplayName(a),
+    id: getItemId(a),
+    model: a.model || "",
+    paths: getAgentWorkspacePaths(a).map(opts.formatPath)
+  }));
+  const nameW = Math.max(4, ...rows.map((r) => r.name.length));
+  const modelW = Math.max(5, ...rows.map((r) => r.model.length));
+  process.stderr.write(`${DIM}${"NAME".padEnd(nameW)}  ${"MODEL".padEnd(modelW)}  ID${" ".repeat(34)}PATHS${RESET}
+`);
+  for (const r of rows) {
+    process.stderr.write(`${BRAND}${r.name.padEnd(nameW)}${RESET}  ${CYAN}${r.model.padEnd(modelW)}${RESET}  ${DIM}${r.id}${RESET}  ${r.paths.join(", ")}
+`);
+  }
+}
+
+// src/ensure-edge.ts
+import { spawn } from "child_process";
+import fs from "fs";
+import path2 from "path";
+import os2 from "os";
+function ensureEdgeRunning(apiUrl, apiKey) {
+  const logDir = path2.join(os2.homedir(), ".todoforai");
+  fs.mkdirSync(logDir, { recursive: true });
+  const logFile = path2.join(logDir, "edge.log");
+  const out = fs.openSync(logFile, "a");
+  const child = spawn("bunx", ["@todoforai/edge", "--api-url", apiUrl, "--api-key", apiKey], {
+    detached: true,
+    stdio: ["ignore", out, out]
+  });
+  child.unref();
+  const pid = child.pid;
+  setTimeout(() => {
+    try {
+      process.kill(pid, 0);
+      console.error(`\x1B[2mStarted edge daemon (pid ${pid}), logs: ${logFile.replace(os2.homedir(), "~")}\x1B[0m`);
+    } catch {}
+  }, 500);
+}
+
 // src/index.ts
-function formatPathWithTilde(path2) {
-  const home = homedir2();
-  return path2.startsWith(home) ? path2.replace(home, "~") : path2;
+function formatPathWithTilde(path3) {
+  const home = homedir3();
+  return path3.startsWith(home) ? path3.replace(home, "~") : path3;
 }
 function getFrontendUrl(apiUrl, projectId, todoId) {
   if (apiUrl.includes("localhost:4000") || apiUrl.includes("127.0.0.1:4000")) {
@@ -44842,8 +44966,8 @@ Cancelled by user (Ctrl+C)
     return;
   }
   if (args["reset-config"]) {
-    const { existsSync: existsSync2, unlinkSync } = await import("fs");
-    if (existsSync2(cfg.path)) {
+    const { existsSync: existsSync3, unlinkSync } = await import("fs");
+    if (existsSync3(cfg.path)) {
       unlinkSync(cfg.path);
       console.log(`Configuration reset: ${formatPathWithTilde(cfg.path)}`);
     } else
@@ -44855,21 +44979,6 @@ Cancelled by user (Ctrl+C)
     console.log(`Default API URL set to: ${args["set-default-api-url"]}`);
     return;
   }
-  if (args["set-default-api-key"]) {
-    cfg.setDefaultApiKey(args["set-default-api-key"]);
-    console.log("Default API key set");
-    return;
-  }
-  if (args["set-defaults"]) {
-    const url = await readLine(`API URL [${cfg.data.default_api_url || DEFAULT_API_URL}]: `);
-    if (url)
-      cfg.setDefaultApiUrl(url);
-    const key = await readLine("API Key: ");
-    if (key)
-      cfg.setDefaultApiKey(key);
-    console.log("Defaults saved.");
-    return;
-  }
   const apiUrl = normalizeApiUrl(args["api-url"] || cfg.data.default_api_url || getEnv("API_URL") || DEFAULT_API_URL);
   async function deviceLogin() {
     const loginApi = new ApiClient(apiUrl, "");
@@ -44884,12 +44993,12 @@ Cancelled by user (Ctrl+C)
 
 `);
     try {
-      const { spawn } = await import("child_process");
+      const { spawn: spawn2 } = await import("child_process");
       if (process.platform === "win32") {
-        spawn("cmd", ["/c", "start", "", url], { stdio: "ignore", detached: true }).unref();
+        spawn2("cmd", ["/c", "start", "", url], { stdio: "ignore", detached: true }).unref();
       } else {
         const cmd = process.platform === "darwin" ? "open" : "xdg-open";
-        spawn(cmd, [url], { stdio: "ignore", detached: true }).unref();
+        spawn2(cmd, [url], { stdio: "ignore", detached: true }).unref();
       }
     } catch {}
     process.stderr.write(`Waiting for approval (expires in ${Math.round(expiresIn / 60)}min)...
@@ -44902,7 +45011,7 @@ Cancelled by user (Ctrl+C)
         const poll = await loginApi.pollDeviceLogin(code);
         failures = 0;
         if (poll.status === "complete" && poll.apiKey) {
-          cfg.setDefaultApiKey(poll.apiKey);
+          writeCredential(apiUrl, poll.apiKey);
           process.stderr.write(`${GREEN}\u2705 Login successful! API key saved.${RESET}
 `);
           return poll.apiKey;
@@ -44925,11 +45034,17 @@ Cancelled by user (Ctrl+C)
     await deviceLogin();
     return;
   }
-  let apiKey = args["api-key"] || cfg.data.default_api_key || getEnv("API_KEY") || "";
+  let apiKey = args["api-key"] || getEnv("API_KEY") || readCredential(apiUrl) || "";
   if (!apiKey) {
     apiKey = await deviceLogin();
   }
   const api = new ApiClient(apiUrl, apiKey);
+  if (!args["no-edge"])
+    ensureEdgeRunning(apiUrl, apiKey);
+  if (args["list-agents"]) {
+    await listAgentsCommand(api, { json: !!args.json, formatPath: formatPathWithTilde });
+    return;
+  }
   if (args.inspect) {
     const todoId = args.inspect;
     const todo2 = await api.getTodo(todoId);
@@ -44995,7 +45110,11 @@ Cancelled by user (Ctrl+C)
       const ws2 = new FrontendWebSocket(apiUrl, apiKey);
       await ws2.connect();
       const autoApprove = !!args["dangerously-skip-permissions"];
-      const agent2 = todo2.agentSettings || { id: todo2.agentSettingsId };
+      let agent2 = todo2.agentSettings || { id: todo2.agentSettingsId };
+      if (args["allow-all"]) {
+        const perms = agent2.permissions || { allow: [], ask: [], deny: [] };
+        agent2 = { ...agent2, permissions: { ...perms, allow: [...perms.allow || [], "*:*"] } };
+      }
       await watchTodo(ws2, todoId, projectId2, {
         json: !!args.json,
         autoApprove,
@@ -45005,7 +45124,7 @@ Cancelled by user (Ctrl+C)
         process.stderr.write(`
 ${"\u2500".repeat(40)}
 `);
-        await interactiveLoop(ws2, api, todoId, projectId2, agent2, !!args.json, autoApprove);
+        await interactiveLoop(ws2, api, todoId, projectId2, agent2, !!args.json, autoApprove, cfg);
       }
       await ws2.close();
     }
@@ -45135,6 +45254,10 @@ Resumed todo: ${todoId}
     await ws.connect();
   if (args.model)
     agent = { ...agent, model: args.model };
+  if (args["allow-all"]) {
+    const perms = agent.permissions || { allow: [], ask: [], deny: [] };
+    agent = { ...agent, permissions: { ...perms, allow: [...perms.allow || [], "*:*"] } };
+  }
   cfg.addToHistory(content);
   const todo = await api.addMessage(projectId, content, agent);
   const actualTodoId = todo.id || crypto.randomUUID();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@todoforai/cli",
-  "version": "0.1.2",
+  "version": "0.1.4",
   "type": "module",
   "bin": {
     "todoai": "dist/todoai.js"