ax-agents 0.0.1-alpha.12 → 0.0.1-alpha.13

package/ax.js

@@ -47,6 +47,8 @@ const VERSION = packageJson.version;
  * @property {string} tool
  * @property {string} [archangelName]
  * @property {string} [uuid]
+ * @property {string} [permissionHash]
+ * @property {boolean} [yolo]
  */
 
 /**
@@ -259,25 +261,66 @@ function tmuxCurrentSession() {
 }
 
 /**
- * Check if a session was started in yolo mode by inspecting the pane's start command.
+ * @typedef {Object} SessionPermissions
+ * @property {'yolo' | 'custom' | 'safe'} mode
+ * @property {string | null} allowedTools
+ * @property {string | null} hash
+ */
+
+const SAFE_PERMISSIONS = /** @type {SessionPermissions} */ ({
+  mode: "safe",
+  allowedTools: null,
+  hash: null,
+});
+
+/**
+ * Get permission info from a session based on its name.
+ * Session name encodes permission mode: -yolo, -p{hash}, or neither (safe).
+ * @param {string} session
+ * @returns {SessionPermissions}
+ */
+function getSessionPermissions(session) {
+  const parsed = parseSessionName(session);
+  if (parsed?.yolo) {
+    return { mode: "yolo", allowedTools: null, hash: null };
+  }
+  if (parsed?.permissionHash) {
+    return { mode: "custom", allowedTools: null, hash: parsed.permissionHash };
+  }
+  return SAFE_PERMISSIONS;
+}
+
+/**
+ * Check if a session was started in yolo mode.
  * @param {string} session
  * @returns {boolean}
  */
 function isYoloSession(session) {
-  try {
-    const result = spawnSync(
-      "tmux",
-      ["display-message", "-t", session, "-p", "#{pane_start_command}"],
-      {
-        encoding: "utf-8",
-      },
-    );
-    if (result.status !== 0) return false;
-    const cmd = result.stdout.trim();
-    return cmd.includes("--dangerously-");
-  } catch {
-    return false;
-  }
+  return getSessionPermissions(session).mode === "yolo";
+}
+
+/**
+ * Normalize allowed tools string for consistent hashing.
+ * Splits on tool boundaries (e.g., 'Bash("...") Read') while preserving quoted content.
+ * @param {string} tools
+ * @returns {string}
+ */
+function normalizeAllowedTools(tools) {
+  // Match tool patterns: ToolName or ToolName("args") or ToolName("args with spaces")
+  const toolPattern = /\w+(?:\("[^"]*"\))?/g;
+  const matches = tools.match(toolPattern) || [];
+  return matches.sort().join(" ");
+}
+
+/**
+ * Compute a short hash of the allowed tools for session naming.
+ * @param {string | null | undefined} allowedTools
+ * @returns {string | null}
+ */
+function computePermissionHash(allowedTools) {
+  if (!allowedTools) return null;
+  const normalized = normalizeAllowedTools(allowedTools);
+  return createHash("sha256").update(normalized).digest("hex").slice(0, 8);
 }
 
 // =============================================================================
@@ -374,9 +417,9 @@ async function waitFor(session, predicate, timeoutMs = STARTUP_TIMEOUT_MS) {
 // =============================================================================
 
 /**
- * @returns {number | null}
+ * @returns {{pid: number, agent: 'claude' | 'codex'} | null}
  */
-function findCallerPid() {
+function findCallerAgent() {
   let pid = process.ppid;
   while (pid > 1) {
     const result = spawnSync("ps", ["-p", pid.toString(), "-o", "ppid=,comm="], {
@@ -386,9 +429,8 @@ function findCallerPid() {
     const parts = result.stdout.trim().split(/\s+/);
     const ppid = parseInt(parts[0], 10);
     const cmd = parts.slice(1).join(" ");
-    if (cmd.includes("claude") || cmd.includes("codex")) {
-      return pid;
-    }
+    if (cmd.includes("claude")) return { pid, agent: "claude" };
+    if (cmd.includes("codex")) return { pid, agent: "codex" };
     pid = ppid;
   }
   return null;
@@ -486,6 +528,7 @@ async function readStdinIfNeeded(value) {
  * @property {boolean} all
  * @property {boolean} orphans
  * @property {boolean} force
+ * @property {boolean} stale
  * @property {boolean} version
  * @property {boolean} help
  * @property {string} [tool]
@@ -495,6 +538,7 @@ async function readStdinIfNeeded(value) {
  * @property {number} [limit]
  * @property {string} [branch]
  * @property {string} [archangels]
+ * @property {string} [autoApprove]
  */
 function parseCliArgs(args) {
   const { values, positionals } = parseArgs({
@@ -510,10 +554,12 @@ function parseCliArgs(args) {
       all: { type: "boolean", default: false },
       orphans: { type: "boolean", default: false },
       force: { type: "boolean", default: false },
+      stale: { type: "boolean", default: false },
       version: { type: "boolean", short: "V", default: false },
       help: { type: "boolean", short: "h", default: false },
       // Value flags
       tool: { type: "string" },
+      "auto-approve": { type: "string" },
       session: { type: "string" },
       timeout: { type: "string" },
       tail: { type: "string" },
@@ -536,6 +582,7 @@ function parseCliArgs(args) {
       all: Boolean(values.all),
       orphans: Boolean(values.orphans),
       force: Boolean(values.force),
+      stale: Boolean(values.stale),
       version: Boolean(values.version),
       help: Boolean(values.help),
       tool: /** @type {string | undefined} */ (values.tool),
@@ -545,6 +592,7 @@ function parseCliArgs(args) {
       limit: values.limit !== undefined ? Number(values.limit) : undefined,
       branch: /** @type {string | undefined} */ (values.branch),
       archangels: /** @type {string | undefined} */ (values.archangels),
+      autoApprove: /** @type {string | undefined} */ (values["auto-approve"]),
     },
     positionals,
   };
@@ -553,6 +601,10 @@ function parseCliArgs(args) {
 // Helpers - session tracking
 // =============================================================================
 
+// Regex pattern strings for session name parsing
+const UUID_PATTERN = "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}";
+const PERM_HASH_PATTERN = "[0-9a-f]{8}";
+
 /**
  * @param {string} session
  * @returns {ParsedSession | null}
@@ -565,19 +617,27 @@ function parseSessionName(session) {
   const rest = match[2];
 
   // Archangel: {tool}-archangel-{name}-{uuid}
-  const archangelMatch = rest.match(
-    /^archangel-(.+)-([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})$/i,
-  );
+  const archangelPattern = new RegExp(`^archangel-(.+)-(${UUID_PATTERN})$`, "i");
+  const archangelMatch = rest.match(archangelPattern);
   if (archangelMatch) {
     return { tool, archangelName: archangelMatch[1], uuid: archangelMatch[2] };
   }
 
-  // Partner: {tool}-partner-{uuid}
-  const partnerMatch = rest.match(
-    /^partner-([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})$/i,
+  // Partner: {tool}-partner-{uuid}[-p{hash}|-yolo]
+  const partnerPattern = new RegExp(
+    `^partner-(${UUID_PATTERN})(?:-p(${PERM_HASH_PATTERN})|-(yolo))?$`,
+    "i",
   );
+  const partnerMatch = rest.match(partnerPattern);
   if (partnerMatch) {
-    return { tool, uuid: partnerMatch[1] };
+    const result = { tool, uuid: partnerMatch[1] };
+    if (partnerMatch[2]) {
+      return { ...result, permissionHash: partnerMatch[2] };
+    }
+    if (partnerMatch[3]) {
+      return { ...result, yolo: true };
+    }
+    return result;
   }
 
   // Anything else
@@ -586,10 +646,19 @@ function parseSessionName(session) {
 
 /**
  * @param {string} tool
+ * @param {{allowedTools?: string | null, yolo?: boolean}} [options]
  * @returns {string}
  */
-function generateSessionName(tool) {
-  return `${tool}-partner-${randomUUID()}`;
+function generateSessionName(tool, { allowedTools = null, yolo = false } = {}) {
+  const uuid = randomUUID();
+  if (yolo) {
+    return `${tool}-partner-${uuid}-yolo`;
+  }
+  const hash = computePermissionHash(allowedTools);
+  if (hash) {
+    return `${tool}-partner-${uuid}-p${hash}`;
+  }
+  return `${tool}-partner-${uuid}`;
 }
 
 /**
@@ -1491,8 +1560,8 @@ function findCurrentClaudeSession() {
 
   // We might be running from Claude but not inside tmux (e.g., VSCode, Cursor)
   // Find Claude sessions in the same cwd and pick the most recently active one
-  const callerPid = findCallerPid();
-  if (!callerPid) return null; // Not running from Claude
+  const caller = findCallerAgent();
+  if (!caller) return null;
 
   const cwd = process.cwd();
   const sessions = tmuxListSessions();
@@ -1906,6 +1975,7 @@ const State = {
   THINKING: "thinking",
   CONFIRMING: "confirming",
   RATE_LIMITED: "rate_limited",
+  FEEDBACK_MODAL: "feedback_modal",
 };
 
 /**
@@ -1933,6 +2003,17 @@ function detectState(screen, config) {
     return State.RATE_LIMITED;
   }
 
+  // Feedback modal - Claude CLI's "How is Claude doing this session?" prompt
+  // Match the numbered options pattern (flexible on whitespace)
+  if (
+    /1:\s*Bad/i.test(recentLines) &&
+    /2:\s*Fine/i.test(recentLines) &&
+    /3:\s*Good/i.test(recentLines) &&
+    /0:\s*Dismiss/i.test(recentLines)
+  ) {
+    return State.FEEDBACK_MODAL;
+  }
+
   // Confirming - check before THINKING because "Running…" in tool output matches thinking patterns
   const confirmPatterns = config.confirmPatterns || [];
   for (const pattern of confirmPatterns) {
@@ -2074,12 +2155,18 @@ class Agent {
   /**
    * @param {boolean} [yolo]
    * @param {string | null} [sessionName]
+   * @param {string | null} [customAllowedTools]
    * @returns {string}
    */
-  getCommand(yolo, sessionName = null) {
+  getCommand(yolo, sessionName = null, customAllowedTools = null) {
     let base;
     if (yolo) {
       base = this.yoloCommand;
+    } else if (customAllowedTools) {
+      // Custom permissions from --auto-approve flag
+      // Escape quotes for shell since tmux runs the command through a shell
+      const escaped = customAllowedTools.replace(/"/g, '\\"');
+      base = `${this.startCommand} --allowedTools "${escaped}"`;
     } else if (this.safeAllowedTools) {
       // Default: auto-approve safe read-only operations
       base = `${this.startCommand} --allowedTools "${this.safeAllowedTools}"`;
@@ -2088,43 +2175,93 @@ class Agent {
     }
     // Some agents support session ID flags for deterministic session tracking
     if (this.sessionIdFlag && sessionName) {
-      return `${base} ${this.sessionIdFlag} ${sessionName}`;
+      const parsed = parseSessionName(sessionName);
+      if (parsed?.uuid) {
+        return `${base} ${this.sessionIdFlag} ${parsed.uuid}`;
+      }
     }
     return base;
   }
 
-  getDefaultSession() {
+  /**
+   * @param {{allowedTools?: string | null, yolo?: boolean}} [options]
+   * @returns {string | null}
+   */
+  getDefaultSession({ allowedTools = null, yolo = false } = {}) {
     // Check env var for explicit session
     if (this.envVar && process.env[this.envVar]) {
-      return process.env[this.envVar];
+      return process.env[this.envVar] ?? null;
     }
 
     const cwd = process.cwd();
-    const childPattern = new RegExp(`^${this.name}-(partner-)?[0-9a-f-]{36}$`, "i");
+    // Match sessions: {tool}-(partner-)?{uuid}[-p{hash}|-yolo]?
+    const childPattern = new RegExp(
+      `^${this.name}-(partner-)?${UUID_PATTERN}(-p${PERM_HASH_PATTERN}|-yolo)?$`,
+      "i",
+    );
+    const requestedHash = computePermissionHash(allowedTools);
+
+    /**
+     * Find a matching session by walking up the directory tree.
+     * Checks exact cwd first, then parent directories up to git root or home.
+     * @param {string[]} sessions
+     * @returns {string | null}
+     */
+    const findSessionInCwdOrParent = (sessions) => {
+      const matchingSessions = sessions.filter((s) => {
+        if (!childPattern.test(s)) return false;
+
+        const perms = getSessionPermissions(s);
+
+        // If yolo requested, only match yolo sessions
+        if (yolo) {
+          return perms.mode === "yolo";
+        }
+
+        // If custom permissions requested, match yolo (superset) or same hash
+        if (requestedHash) {
+          return perms.mode === "yolo" || perms.hash === requestedHash;
+        }
+
+        // If no special permissions, match safe sessions only
+        return perms.mode === "safe";
+      });
+      if (matchingSessions.length === 0) return null;
 
-    // If inside tmux, look for existing agent session in same cwd
+      // Cache session cwds to avoid repeated tmux calls
+      const sessionCwds = new Map(matchingSessions.map((s) => [s, getTmuxSessionCwd(s)]));
+
+      let searchDir = cwd;
+      const homeDir = os.homedir();
+
+      while (searchDir !== homeDir && searchDir !== "/") {
+        const existing = matchingSessions.find((s) => sessionCwds.get(s) === searchDir);
+        if (existing) return existing;
+
+        // Stop at git root (don't leak across projects)
+        if (existsSync(path.join(searchDir, ".git"))) break;
+
+        searchDir = path.dirname(searchDir);
+      }
+
+      return null;
+    };
+
+    // If inside tmux, look for existing agent session in cwd or parent
     const current = tmuxCurrentSession();
     if (current) {
       const sessions = tmuxListSessions();
-      const existing = sessions.find((s) => {
-        if (!childPattern.test(s)) return false;
-        const sessionCwd = getTmuxSessionCwd(s);
-        return sessionCwd === cwd;
-      });
+      const existing = findSessionInCwdOrParent(sessions);
       if (existing) return existing;
-      // No existing session in this cwd - will generate new one in cmdStart
+      // No existing session in this cwd or parent - will generate new one in cmdStart
       return null;
     }
 
-    // Walk up to find claude/codex ancestor and reuse its session (must match cwd)
-    const callerPid = findCallerPid();
-    if (callerPid) {
+    // Walk up to find claude/codex ancestor and reuse its session
+    const caller = findCallerAgent();
+    if (caller) {
       const sessions = tmuxListSessions();
-      const existing = sessions.find((s) => {
-        if (!childPattern.test(s)) return false;
-        const sessionCwd = getTmuxSessionCwd(s);
-        return sessionCwd === cwd;
-      });
+      const existing = findSessionInCwdOrParent(sessions);
       if (existing) return existing;
     }
 
@@ -2133,10 +2270,11 @@ class Agent {
   }
 
   /**
+   * @param {{allowedTools?: string | null, yolo?: boolean}} [options]
    * @returns {string}
    */
-  generateSession() {
-    return generateSessionName(this.name);
+  generateSession(options = {}) {
+    return generateSessionName(this.name, options);
   }
 
   /**
@@ -2462,8 +2600,12 @@ async function waitUntilReady(agent, session, timeoutMs = DEFAULT_TIMEOUT_MS) {
   const initialScreen = tmuxCapture(session);
   const initialState = agent.getState(initialScreen);
 
-  // Already in terminal state
-  if (
+  // Dismiss feedback modal if present
+  if (initialState === State.FEEDBACK_MODAL) {
+    tmuxSend(session, "0");
+    await sleep(200);
+  } else if (
+    // Already in terminal state
     initialState === State.RATE_LIMITED ||
     initialState === State.CONFIRMING ||
     initialState === State.READY
@@ -2476,6 +2618,13 @@ async function waitUntilReady(agent, session, timeoutMs = DEFAULT_TIMEOUT_MS) {
     const screen = tmuxCapture(session);
     const state = agent.getState(screen);
 
+    // Dismiss feedback modal if it appears
+    if (state === State.FEEDBACK_MODAL) {
+      tmuxSend(session, "0");
+      await sleep(200);
+      continue;
+    }
+
     if (state === State.RATE_LIMITED || state === State.CONFIRMING || state === State.READY) {
       return { state, screen };
     }
@@ -2516,6 +2665,13 @@ async function pollForResponse(agent, session, timeoutMs, hooks = {}) {
       return { state, screen };
     }
 
+    // Dismiss feedback modal if it appears
+    if (state === State.FEEDBACK_MODAL) {
+      tmuxSend(session, "0");
+      await sleep(200);
+      continue;
+    }
+
     if (screen !== lastScreen) {
       lastScreen = screen;
       stableAt = Date.now();
@@ -2625,6 +2781,7 @@ async function autoApproveLoop(agent, session, timeoutMs, waitFn) {
       continue;
     }
 
+    // FEEDBACK_MODAL is handled by the underlying waitFn (pollForResponse)
     debugError("autoApproveLoop", new Error(`unexpected state: ${state}`));
   }
 
@@ -2636,12 +2793,13 @@ async function autoApproveLoop(agent, session, timeoutMs, waitFn) {
  * @param {string | null | undefined} session
  * @param {Object} [options]
  * @param {boolean} [options.yolo]
+ * @param {string | null} [options.allowedTools]
  * @returns {Promise<string>}
  */
-async function cmdStart(agent, session, { yolo = false } = {}) {
+async function cmdStart(agent, session, { yolo = false, allowedTools = null } = {}) {
   // Generate session name if not provided
   if (!session) {
-    session = agent.generateSession();
+    session = agent.generateSession({ allowedTools, yolo });
   }
 
   if (tmuxHasSession(session)) return session;
@@ -2653,7 +2811,7 @@ async function cmdStart(agent, session, { yolo = false } = {}) {
     process.exit(1);
   }
 
-  const command = agent.getCommand(yolo, session);
+  const command = agent.getCommand(yolo, session, allowedTools);
   tmuxNewSession(session, command);
 
   const start = Date.now();
@@ -2666,6 +2824,18 @@ async function cmdStart(agent, session, { yolo = false } = {}) {
       continue;
     }
 
+    if (state === State.FEEDBACK_MODAL) {
+      tmuxSend(session, "0");
+      await sleep(200);
+      continue;
+    }
+
+    if (state === State.CONFIRMING) {
+      tmuxSend(session, agent.approveKey);
+      await sleep(APPROVE_DELAY_MS);
+      continue;
+    }
+
     if (state === State.READY) return session;
 
     await sleep(POLL_MS);
@@ -3271,6 +3441,7 @@ import { readFileSync, writeFileSync, existsSync } from "node:fs";
 import { dirname, join } from "node:path";
 import { fileURLToPath } from "node:url";
 import { createHash } from "node:crypto";
+import { execSync } from "node:child_process";
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const AI_DIR = join(__dirname, "..");
@@ -3278,6 +3449,15 @@ const DEBUG = process.env.AX_DEBUG === "1";
 const MAILBOX = join(AI_DIR, "mailbox.jsonl");
 const MAX_AGE_MS = 60 * 60 * 1000;
 
+function getTmuxSessionName() {
+  if (!process.env.TMUX) return null;
+  try {
+    return execSync("tmux display-message -p '#S'", { encoding: "utf-8" }).trim();
+  } catch {
+    return null;
+  }
+}
+
 // Read hook input from stdin
 let hookInput = {};
 try {
@@ -3292,8 +3472,9 @@ const hookEvent = hookInput.hook_event_name || "";
 
 if (DEBUG) console.error("[hook] session:", sessionId, "event:", hookEvent);
 
-// NO-OP for archangel or partner sessions
-if (sessionId.includes("-archangel-") || sessionId.includes("-partner-")) {
+const tmuxSession = getTmuxSessionName();
+if (DEBUG) console.error("[hook] tmux session:", tmuxSession);
+if (tmuxSession && (tmuxSession.includes("-archangel-") || tmuxSession.includes("-partner-"))) {
   if (DEBUG) console.error("[hook] skipping non-parent session");
   process.exit(0);
 }
@@ -3941,12 +4122,29 @@ async function cmdRfp(prompt, { archangels, fresh = false, noWait = false } = {}
 
   writeRfpRecord(rfpId, prompt);
   const archangelList = requested.join(",");
+  const base = rfpId.split("-")[1];
+  const shortId = `rfp-${base}`;
   console.log(`rfp: ${rfpId} (${archangelList})`);
   if (noWait) {
-    const cli = path.basename(process.argv[1], ".js");
-    const base = rfpId.split("-")[1];
-    const shortId = `rfp-${base}`;
-    console.log(`e.g.\n  ${cli} rfp wait ${shortId} --archangels=${archangelList}`);
+    // Truncate prompt for display (first line, max 60 chars)
+    const firstLine = prompt.split("\n")[0];
+    const taskPreview = firstLine.length > 60 ? firstLine.slice(0, 57) + "..." : firstLine;
+
+    let output = `Task: ${taskPreview}
+
+Add this to your task list, then continue with your work.`;
+
+    // Show TaskCreate example if caller is Claude
+    const caller = findCallerAgent();
+    if (caller?.agent === "claude") {
+      output += `
+
+e.g.
+  TaskCreate({ subject: "ax:${shortId} - ${taskPreview}" })
+`;
+    }
+
+    console.log(output);
   }
 }
 
@@ -4058,13 +4256,13 @@ async function cmdRfpWait(rfpId, { archangels, timeoutMs = ARCHANGEL_RESPONSE_TI
  * @param {Agent} agent
  * @param {string | null | undefined} session
  * @param {string} message
- * @param {{noWait?: boolean, yolo?: boolean, timeoutMs?: number}} [options]
+ * @param {{noWait?: boolean, yolo?: boolean, allowedTools?: string | null, timeoutMs?: number}} [options]
  */
 async function cmdAsk(
   agent,
   session,
   message,
-  { noWait = false, yolo = false, timeoutMs = DEFAULT_TIMEOUT_MS } = {},
+  { noWait = false, yolo = false, allowedTools = null, timeoutMs = DEFAULT_TIMEOUT_MS } = {},
 ) {
   const sessionExists = session != null && tmuxHasSession(session);
   const nativeYolo = sessionExists && isYoloSession(/** @type {string} */ (session));
@@ -4079,7 +4277,7 @@ async function cmdAsk(
   /** @type {string} */
   const activeSession = sessionExists
     ? /** @type {string} */ (session)
-    : await cmdStart(agent, session, { yolo });
+    : await cmdStart(agent, session, { yolo, allowedTools });
 
   tmuxSendLiteral(activeSession, message);
   await sleep(50);
@@ -4088,12 +4286,26 @@ async function cmdAsk(
   if (noWait) {
     const parsed = parseSessionName(activeSession);
     const shortId = parsed?.uuid?.slice(0, 8) || activeSession;
-    const cli = path.basename(process.argv[1], ".js");
-    console.log(`Sent to: ${shortId}
+    // Truncate message for display (first line, max 60 chars)
+    const firstLine = message.split("\n")[0];
+    const taskPreview = firstLine.length > 60 ? firstLine.slice(0, 57) + "..." : firstLine;
+
+    let output = `Sent to: ${shortId}
+Task: ${taskPreview}
+
+Add this to your task list, then continue with your work.`;
+
+    // Show TaskCreate example if caller is Claude
+    const caller = findCallerAgent();
+    if (caller?.agent === "claude") {
+      output += `
 
 e.g.
-  ${cli} status --session=${shortId}
-  ${cli} output --session=${shortId}`);
+  TaskCreate({ subject: "ax:${shortId} - ${taskPreview}" })
+`;
+    }
+
+    console.log(output);
     return;
   }
 
@@ -4285,9 +4497,14 @@ async function cmdReview(
  * @param {Agent} agent
  * @param {string | null | undefined} session
  * @param {number} [index]
- * @param {{wait?: boolean, timeoutMs?: number}} [options]
+ * @param {{wait?: boolean, stale?: boolean, timeoutMs?: number}} [options]
  */
-async function cmdOutput(agent, session, index = 0, { wait = false, timeoutMs } = {}) {
+async function cmdOutput(
+  agent,
+  session,
+  index = 0,
+  { wait = false, stale = false, timeoutMs } = {},
+) {
   if (!session || !tmuxHasSession(session)) {
     console.log("ERROR: no session");
     process.exit(1);
@@ -4314,8 +4531,11 @@ async function cmdOutput(agent, session, index = 0, { wait = false, timeoutMs }
   }
 
   if (state === State.THINKING) {
-    console.log("THINKING");
-    process.exit(4);
+    if (!stale) {
+      console.log("THINKING: Use --wait to block, or --stale for old response.");
+      process.exit(1);
+    }
+    // --stale: fall through to show previous response
   }
 
   const output = agent.getResponse(session, screen, index);
@@ -4513,7 +4733,12 @@ function resolveAgent({ toolFlag, sessionName } = {}) {
   if (invoked === "axclaude" || invoked === "claude") return { agent: ClaudeAgent };
   if (invoked === "axcodex" || invoked === "codex") return { agent: CodexAgent };
 
-  // 4. AX_DEFAULT_TOOL environment variable
+  // 4. Infer from parent process (running from within claude/codex)
+  const caller = findCallerAgent();
+  if (caller?.agent === "claude") return { agent: ClaudeAgent };
+  if (caller?.agent === "codex") return { agent: CodexAgent };
+
+  // 5. AX_DEFAULT_TOOL environment variable
   const defaultTool = process.env.AX_DEFAULT_TOOL;
   if (defaultTool === "claude") return { agent: ClaudeAgent };
   if (defaultTool === "codex" || !defaultTool) return { agent: CodexAgent };
@@ -4534,15 +4759,13 @@ function printHelp(agent, cliName) {
 
 Usage: ${name} [OPTIONS] <command|message> [ARGS...]
 
-Messaging/State:
+Messaging:
   <message>                 Send message to ${name}
   review [TYPE]             Review code: pr, uncommitted, commit, custom
-  status                    Exit code: ready=0 rate_limit=2 confirm=3 thinking=4
-  output [-N]               Show response (0=last, -1=prev, -2=older)
-  compact                   Summarise session to shrink context size
-  reset                     Start fresh conversation
 
 Sessions:
+  compact                   Summarise session to shrink context size
+  reset                     Start fresh conversation
   agents                    List all running agents
   target                    Show default target session for current tool
   attach [SESSION]          Attach to agent session interactively
@@ -4555,36 +4778,40 @@ Archangels:
   rfp <prompt>              Request proposals (--archangels=a,b)
   rfp wait <id>             Wait for proposals (--archangels=a,b)
 
-Recovery:
+Recovery/State:
+  status                    Exit code: ready=0 rate_limit=2 confirm=3 thinking=4
+  output [-N]               Show response (0=last, -1=prev, -2=older)
   debug                     Show raw screen output and detected state
   approve                   Approve pending action (send 'y')
   reject                    Reject pending action (send 'n')
   select N                  Select menu option N
   send KEYS                 Send key sequence (e.g. "1[Enter]", "[Escape]")
-  log SESSION               View conversation log (--tail=N, --follow, --reasoning)
+  log [SESSION]             View conversation log (--tail=N, --follow, --reasoning)
 
 Flags:
   --tool=NAME               Use specific agent (codex, claude)
   --session=ID              name | archangel | uuid-prefix | self
   --fresh                   Reset conversation before review
   --yolo                    Skip all confirmations (dangerous)
+  --auto-approve=TOOLS      Auto-approve specific tools (e.g. 'Bash("cargo *")')
   --wait                    Wait for response (default for messages; required for approve/reject)
   --no-wait                 Fire-and-forget: send message, print session ID, exit immediately
   --timeout=N               Set timeout in seconds (default: ${DEFAULT_TIMEOUT_MS / 1000}, reviews: ${REVIEW_TIMEOUT_MS / 1000})
 
 Examples:
   ${name} "explain this codebase"
-  ${name} "review the error handling"           # Auto custom review (${REVIEW_TIMEOUT_MS / 60000}min timeout)
-  ${name} "FYI: auth was refactored" --no-wait  # Send context to a working session (no response needed)
+  ${name} "review the error handling"                   # Auto custom review (${REVIEW_TIMEOUT_MS / 60000}min timeout)
+  ${name} "FYI: auth was refactored" --no-wait          # Send context to a working session (no response needed)
+  ${name} --auto-approve='Bash("cargo *")' "run tests"  # Session with specific permissions
   ${name} review uncommitted --wait
-  ${name} kill                                  # Kill agents in current project
-  ${name} kill --all                            # Kill all agents across all projects
-  ${name} kill --session=NAME                   # Kill specific session
-  ${name} summon                                # Summon all archangels from .ai/agents/*.md
-  ${name} summon reviewer                       # Summon by name (creates config if new)
-  ${name} recall                                # Recall all archangels
-  ${name} recall reviewer                       # Recall one by name
-  ${name} agents                                # List all agents (shows TYPE=archangel)
+  ${name} kill                                          # Kill agents in current project
+  ${name} kill --all                                    # Kill all agents across all projects
+  ${name} kill --session=NAME                           # Kill specific session
+  ${name} summon                                        # Summon all archangels from .ai/agents/*.md
+  ${name} summon reviewer                               # Summon by name (creates config if new)
+  ${name} recall                                        # Recall all archangels
+  ${name} recall reviewer                               # Recall one by name
+  ${name} agents                                        # List all agents (shows TYPE=archangel)
 
 Note: Reviews and complex tasks may take several minutes.
       Use Bash run_in_background for long operations (not --no-wait).`);
@@ -4611,7 +4838,8 @@ async function main() {
   }
 
   // Extract flags into local variables for convenience
-  const { wait, noWait, yolo, fresh, reasoning, follow, all, orphans, force } = flags;
+  const { wait, noWait, yolo, fresh, reasoning, follow, all, orphans, force, stale, autoApprove } =
+    flags;
 
   // Session resolution (must happen before agent resolution so we can infer tool from session name)
   let session = null;
@@ -4639,9 +4867,9 @@ async function main() {
     process.exit(1);
   }
 
-  // If no explicit session, use agent's default
+  // If no explicit session, use agent's default (with permission filtering)
   if (!session) {
-    session = agent.getDefaultSession();
+    session = agent.getDefaultSession({ allowedTools: autoApprove, yolo });
   }
 
   // Timeout (convert seconds to milliseconds)
@@ -4669,7 +4897,7 @@ async function main() {
   // Dispatch commands
   if (cmd === "agents") return cmdAgents();
   if (cmd === "target") {
-    const defaultSession = agent.getDefaultSession();
+    const defaultSession = agent.getDefaultSession({ allowedTools: autoApprove, yolo });
     if (defaultSession) {
       console.log(defaultSession);
     } else {
@@ -4717,7 +4945,7 @@ async function main() {
   if (cmd === "output") {
     const indexArg = positionals[1];
     const index = indexArg?.startsWith("-") ? parseInt(indexArg, 10) : 0;
-    return cmdOutput(agent, session, index, { wait, timeoutMs });
+    return cmdOutput(agent, session, index, { wait, stale, timeoutMs });
   }
   if (cmd === "send" && positionals.length > 1)
     return cmdSend(session, positionals.slice(1).join(" "));
@@ -4747,7 +4975,12 @@ async function main() {
     });
   }
 
-  return cmdAsk(agent, session, messageText, { noWait, yolo, timeoutMs });
+  return cmdAsk(agent, session, messageText, {
+    noWait,
+    yolo,
+    allowedTools: autoApprove,
+    timeoutMs,
+  });
 }
 
 // Run main() only when executed directly (not when imported for testing)
@@ -4787,4 +5020,6 @@ export {
   extractThinking,
   detectState,
   State,
+  normalizeAllowedTools,
+  computePermissionHash,
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ax-agents",
-  "version": "0.0.1-alpha.12",
+  "version": "0.0.1-alpha.13",
   "description": "A CLI for orchestrating AI coding agents via tmux",
   "bin": {
     "ax": "ax.js",