agent-afk 4.22.0 → 4.23.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -2
- package/dist/cli.mjs +396 -396
- package/dist/index.mjs +3 -3
- package/dist/telegram.mjs +99 -99
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -155,9 +155,14 @@ Aliases: `afk c` → `chat`, `afk i` → `interactive`, `afk s` → `status`.
|
|
|
155
155
|
|
|
156
156
|
`afk` does not prompt before each tool call — there is no per-tool approval flow. Claude runs bash, reads and writes files, fetches URLs, and calls MCP servers without asking each time. This is intentional — `afk` is built for unattended work, where a permission prompt with no human in front of it is just a wedged session.
|
|
157
157
|
|
|
158
|
-
|
|
158
|
+
**New installs default to bypass mode.** `afk chat` and `afk interactive` start in `permissionMode: "bypassPermissions"` when `afk.config.json` sets none — the agent reads and writes **anywhere** with no path-approval prompt. This is the equivalent of Claude Code's `--dangerously-skip-permissions`, on by default; use `afk` only on a machine and account you trust. Bypass does not change `ask_question` — that is the model choosing to ask you something, a separate axis.
|
|
159
159
|
|
|
160
|
-
To
|
|
160
|
+
**To re-enable path containment**, set the mode back any of these ways:
|
|
161
|
+
|
|
162
|
+
- Persistently: `afk config set permissionMode default` (or `plan`), or `"permissionMode": "default"` in `afk.config.json`. It stays that way until you change it again.
|
|
163
|
+
- For one session: `/bypass off` in the REPL (the status line clears `⚠ BYPASS`).
|
|
164
|
+
|
|
165
|
+
With containment on (`default`), a file tool (read/write/edit/list/glob/grep) targeting a path *outside* the session's working directory triggers a **path-approval** prompt; pre-authorize paths with `/allow-dir <path>` (or answer "persist" at the prompt to remember them across sessions). Toggle bypass live anytime with `/bypass`. `afk daemon` always runs in bypass (no human to prompt); **Telegram** sessions stay contained (`default`) and rely on hook-based enforcement.
|
|
161
166
|
|
|
162
167
|
## Troubleshooting
|
|
163
168
|
|