agent-afk 4.22.0 → 4.23.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -155,9 +155,14 @@ Aliases: `afk c` → `chat`, `afk i` → `interactive`, `afk s` → `status`.
155
155
 
156
156
  `afk` does not prompt before each tool call — there is no per-tool approval flow. Claude runs bash, reads and writes files, fetches URLs, and calls MCP servers without asking each time. This is intentional — `afk` is built for unattended work, where a permission prompt with no human in front of it is just a wedged session.
157
157
 
158
- The one prompt you may hit is **path approval**: when a file tool (read/write/edit/list/glob/grep) targets a path *outside* the session's working directory, `afk` asks before allowing it. Pre-authorize paths with `/allow-dir <path>` (or answer "persist" at the prompt to remember them across sessions).
158
+ **New installs default to bypass mode.** `afk chat` and `afk interactive` start in `permissionMode: "bypassPermissions"` when `afk.config.json` sets none the agent reads and writes **anywhere** with no path-approval prompt. This is the equivalent of Claude Code's `--dangerously-skip-permissions`, on by default; use `afk` only on a machine and account you trust. Bypass does not change `ask_question` that is the model choosing to ask you something, a separate axis.
159
159
 
160
- To turn path approval off entirely — letting the agent read and write **anywhere** with no prompt — enable **bypass mode** any of three ways: `/bypass` in the REPL (the status line shows `⚠ BYPASS`), the `--dangerously-skip-permissions` flag on `afk`/`afk chat`, or `"permissionMode": "bypassPermissions"` in `afk.config.json`. This is the equivalent of Claude Code's `--dangerously-skip-permissions`; use it only on a machine and account you trust. `afk daemon` runs in bypass mode by default (no human to prompt). Bypass does not change `ask_question` — that is the model choosing to ask you something, a separate axis.
160
+ **To re-enable path containment**, set the mode back any of these ways:
161
+
162
+ - Persistently: `afk config set permissionMode default` (or `plan`), or `"permissionMode": "default"` in `afk.config.json`. It stays that way until you change it again.
163
+ - For one session: `/bypass off` in the REPL (the status line clears `⚠ BYPASS`).
164
+
165
+ With containment on (`default`), a file tool (read/write/edit/list/glob/grep) targeting a path *outside* the session's working directory triggers a **path-approval** prompt; pre-authorize paths with `/allow-dir <path>` (or answer "persist" at the prompt to remember them across sessions). Toggle bypass live anytime with `/bypass`. `afk daemon` always runs in bypass (no human to prompt); **Telegram** sessions stay contained (`default`) and rely on hook-based enforcement.
161
166
 
162
167
  ## Troubleshooting
163
168