npm - ax-agents - Versions diffs - 0.0.1-alpha.9 → 0.1.0 - Mend

ax-agents 0.0.1-alpha.9 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/ax.js +731 -155
package/package.json +1 -1

package/ax.js CHANGED Viewed

@@ -47,6 +47,8 @@ const VERSION = packageJson.version;
  * @property {string} tool
  * @property {string} [archangelName]
  * @property {string} [uuid]
+ * @property {string} [permissionHash]
+ * @property {boolean} [yolo]
  */
 /**
@@ -75,6 +77,10 @@ const VERSION = packageJson.version;
  * @property {string[]} files
  * @property {string} [summary]
  * @property {string} [message]
+ * @property {string} [rfpId]
+ * @property {string} [prompt]
+ * @property {string} [archangel]
+ * @property {string} [requestedBy]
  */
 /**
@@ -158,6 +164,7 @@ const PROJECT_ROOT = findProjectRoot();
 const AI_DIR = path.join(PROJECT_ROOT, ".ai");
 const AGENTS_DIR = path.join(AI_DIR, "agents");
 const HOOKS_DIR = path.join(AI_DIR, "hooks");
+const RFP_DIR = path.join(AI_DIR, "rfps");
 // =============================================================================
 // Helpers - tmux
@@ -254,25 +261,66 @@ function tmuxCurrentSession() {
 }
 /**
- * Check if a session was started in yolo mode by inspecting the pane's start command.
+ * @typedef {Object} SessionPermissions
+ * @property {'yolo' | 'custom' | 'safe'} mode
+ * @property {string | null} allowedTools
+ * @property {string | null} hash
+ */
+const SAFE_PERMISSIONS = /** @type {SessionPermissions} */ ({
+  mode: "safe",
+  allowedTools: null,
+  hash: null,
+});
+/**
+ * Get permission info from a session based on its name.
+ * Session name encodes permission mode: -yolo, -p{hash}, or neither (safe).
+ * @param {string} session
+ * @returns {SessionPermissions}
+ */
+function getSessionPermissions(session) {
+  const parsed = parseSessionName(session);
+  if (parsed?.yolo) {
+    return { mode: "yolo", allowedTools: null, hash: null };
+  }
+  if (parsed?.permissionHash) {
+    return { mode: "custom", allowedTools: null, hash: parsed.permissionHash };
+  }
+  return SAFE_PERMISSIONS;
+}
+/**
+ * Check if a session was started in yolo mode.
  * @param {string} session
  * @returns {boolean}
  */
 function isYoloSession(session) {
-  try {
-    const result = spawnSync(
-      "tmux",
-      ["display-message", "-t", session, "-p", "#{pane_start_command}"],
-      {
-        encoding: "utf-8",
-      },
-    );
-    if (result.status !== 0) return false;
-    const cmd = result.stdout.trim();
-    return cmd.includes("--dangerously-");
-  } catch {
-    return false;
-  }
+  return getSessionPermissions(session).mode === "yolo";
+}
+/**
+ * Normalize allowed tools string for consistent hashing.
+ * Splits on tool boundaries (e.g., 'Bash("...") Read') while preserving quoted content.
+ * @param {string} tools
+ * @returns {string}
+ */
+function normalizeAllowedTools(tools) {
+  // Match tool patterns: ToolName or ToolName("args") or ToolName("args with spaces")
+  const toolPattern = /\w+(?:\("[^"]*"\))?/g;
+  const matches = tools.match(toolPattern) || [];
+  return matches.sort().join(" ");
+}
+/**
+ * Compute a short hash of the allowed tools for session naming.
+ * @param {string | null | undefined} allowedTools
+ * @returns {string | null}
+ */
+function computePermissionHash(allowedTools) {
+  if (!allowedTools) return null;
+  const normalized = normalizeAllowedTools(allowedTools);
+  return createHash("sha256").update(normalized).digest("hex").slice(0, 8);
 }
 // =============================================================================
@@ -307,6 +355,7 @@ const ARCHANGEL_GIT_CONTEXT_MAX_LINES = 200;
 const ARCHANGEL_PARENT_CONTEXT_ENTRIES = 10;
 const ARCHANGEL_PREAMBLE = `## Guidelines
+- If you have nothing to report, you MUST respond with ONLY "EMPTY_RESPONSE".
 - Investigate before speaking. If uncertain, read more code and trace the logic until you're confident.
 - Explain WHY something is an issue, not just that it is.
 - Focus on your area of expertise.
@@ -314,9 +363,23 @@ const ARCHANGEL_PREAMBLE = `## Guidelines
 - Be clear. Brief is fine, but never sacrifice clarity.
 - For critical issues, request for them to be added to the todo list.
 - Don't repeat observations you've already made unless you have more to say or better clarity.
-- Make judgment calls - don't ask questions.
-"No issues found." is a valid response when there's nothing significant to report.`;
+- Make judgment calls - don't ask questions.`;
+const RFP_PREAMBLE = `## Guidelines
+- Your only task is to propose a single idea in response to this RFP. This overrides any other goals or habits.
+- Provide exactly one proposal.
+- Make a persuasive case for why this is a strong idea.
+- Think deeply before you answer; avoid first-impression responses.
+- Aim for 3–4 clear paragraphs.
+- Ground the idea in the actual context you were given; don’t ignore it.
+- If you need context, read the existing project or conversation before proposing.
+- Structure: (1) core insight/value, (2) who benefits & why now, (3) risks/tradeoffs (brief), (4) closing case.
+- Focus on value: what improves, for whom, and why now.
+- Do NOT review code or report bugs.
+- Do NOT describe scope, implementation approach, or plan.
+- You may briefly note tradeoffs, but they are not the focus.
+- Prioritize clarity over brevity.
+- If you have nothing to propose, respond with ONLY "EMPTY_RESPONSE".`;
 /**
  * @param {string} session
@@ -354,9 +417,9 @@ async function waitFor(session, predicate, timeoutMs = STARTUP_TIMEOUT_MS) {
 // =============================================================================
 /**
- * @returns {number | null}
+ * @returns {{pid: number, agent: 'claude' | 'codex'} | null}
  */
-function findCallerPid() {
+function findCallerAgent() {
   let pid = process.ppid;
   while (pid > 1) {
     const result = spawnSync("ps", ["-p", pid.toString(), "-o", "ppid=,comm="], {
@@ -366,9 +429,8 @@ function findCallerPid() {
     const parts = result.stdout.trim().split(/\s+/);
     const ppid = parseInt(parts[0], 10);
     const cmd = parts.slice(1).join(" ");
-    if (cmd.includes("claude") || cmd.includes("codex")) {
-      return pid;
-    }
+    if (cmd.includes("claude")) return { pid, agent: "claude" };
+    if (cmd.includes("codex")) return { pid, agent: "codex" };
     pid = ppid;
   }
   return null;
@@ -379,7 +441,9 @@ function findCallerPid() {
  * @returns {{pid: string, command: string}[]}
  */
 function findOrphanedProcesses() {
-  const result = spawnSync("ps", ["-eo", "pid=,ppid=,args="], { encoding: "utf-8" });
+  const result = spawnSync("ps", ["-eo", "pid=,ppid=,args="], {
+    encoding: "utf-8",
+  });
   if (result.status !== 0 || !result.stdout.trim()) {
     return [];
@@ -433,6 +497,17 @@ async function readStdin() {
   });
 }
+/**
+ * @param {string | null | undefined} value
+ * @returns {Promise<string | undefined>}
+ */
+async function readStdinIfNeeded(value) {
+  if (value && value !== "-") return value;
+  if (!hasStdinData()) return undefined;
+  const stdinText = await readStdin();
+  return stdinText || undefined;
+}
 // =============================================================================
 // =============================================================================
 // Helpers - CLI argument parsing
@@ -453,6 +528,7 @@ async function readStdin() {
  * @property {boolean} all
  * @property {boolean} orphans
  * @property {boolean} force
+ * @property {boolean} stale
  * @property {boolean} version
  * @property {boolean} help
  * @property {string} [tool]
@@ -461,6 +537,8 @@ async function readStdin() {
  * @property {number} [tail]
  * @property {number} [limit]
  * @property {string} [branch]
+ * @property {string} [archangels]
+ * @property {string} [autoApprove]
  */
 function parseCliArgs(args) {
   const { values, positionals } = parseArgs({
@@ -476,15 +554,18 @@ function parseCliArgs(args) {
       all: { type: "boolean", default: false },
       orphans: { type: "boolean", default: false },
       force: { type: "boolean", default: false },
+      stale: { type: "boolean", default: false },
       version: { type: "boolean", short: "V", default: false },
       help: { type: "boolean", short: "h", default: false },
       // Value flags
       tool: { type: "string" },
+      "auto-approve": { type: "string" },
       session: { type: "string" },
       timeout: { type: "string" },
       tail: { type: "string" },
       limit: { type: "string" },
       branch: { type: "string" },
+      archangels: { type: "string" },
     },
     allowPositionals: true,
     strict: false, // Don't error on unknown flags
@@ -501,6 +582,7 @@ function parseCliArgs(args) {
       all: Boolean(values.all),
       orphans: Boolean(values.orphans),
       force: Boolean(values.force),
+      stale: Boolean(values.stale),
       version: Boolean(values.version),
       help: Boolean(values.help),
       tool: /** @type {string | undefined} */ (values.tool),
@@ -509,6 +591,8 @@ function parseCliArgs(args) {
       tail: values.tail !== undefined ? Number(values.tail) : undefined,
       limit: values.limit !== undefined ? Number(values.limit) : undefined,
       branch: /** @type {string | undefined} */ (values.branch),
+      archangels: /** @type {string | undefined} */ (values.archangels),
+      autoApprove: /** @type {string | undefined} */ (values["auto-approve"]),
     },
     positionals,
   };
@@ -517,6 +601,10 @@ function parseCliArgs(args) {
 // Helpers - session tracking
 // =============================================================================
+// Regex pattern strings for session name parsing
+const UUID_PATTERN = "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}";
+const PERM_HASH_PATTERN = "[0-9a-f]{8}";
 /**
  * @param {string} session
  * @returns {ParsedSession | null}
@@ -529,19 +617,27 @@ function parseSessionName(session) {
   const rest = match[2];
   // Archangel: {tool}-archangel-{name}-{uuid}
-  const archangelMatch = rest.match(
-    /^archangel-(.+)-([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})$/i,
-  );
+  const archangelPattern = new RegExp(`^archangel-(.+)-(${UUID_PATTERN})$`, "i");
+  const archangelMatch = rest.match(archangelPattern);
   if (archangelMatch) {
     return { tool, archangelName: archangelMatch[1], uuid: archangelMatch[2] };
   }
-  // Partner: {tool}-partner-{uuid}
-  const partnerMatch = rest.match(
-    /^partner-([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})$/i,
+  // Partner: {tool}-partner-{uuid}[-p{hash}|-yolo]
+  const partnerPattern = new RegExp(
+    `^partner-(${UUID_PATTERN})(?:-p(${PERM_HASH_PATTERN})|-(yolo))?$`,
+    "i",
   );
+  const partnerMatch = rest.match(partnerPattern);
   if (partnerMatch) {
-    return { tool, uuid: partnerMatch[1] };
+    const result = { tool, uuid: partnerMatch[1] };
+    if (partnerMatch[2]) {
+      return { ...result, permissionHash: partnerMatch[2] };
+    }
+    if (partnerMatch[3]) {
+      return { ...result, yolo: true };
+    }
+    return result;
   }
   // Anything else
@@ -550,10 +646,19 @@ function parseSessionName(session) {
 /**
  * @param {string} tool
+ * @param {{allowedTools?: string | null, yolo?: boolean}} [options]
  * @returns {string}
  */
-function generateSessionName(tool) {
-  return `${tool}-partner-${randomUUID()}`;
+function generateSessionName(tool, { allowedTools = null, yolo = false } = {}) {
+  const uuid = randomUUID();
+  if (yolo) {
+    return `${tool}-partner-${uuid}-yolo`;
+  }
+  const hash = computePermissionHash(allowedTools);
+  if (hash) {
+    return `${tool}-partner-${uuid}-p${hash}`;
+  }
+  return `${tool}-partner-${uuid}`;
 }
 /**
@@ -1151,6 +1256,54 @@ function getArchangelSessionPattern(config) {
   return `${config.tool}-archangel-${config.name}`;
 }
+/**
+ * @param {string} rfpId
+ * @param {string} prompt
+ */
+function writeRfpRecord(rfpId, prompt) {
+  ensureRfpDir();
+  const p = path.join(RFP_DIR, `${rfpId}.md`);
+  const block = [`### ${rfpId}`, "", prompt.trim(), ""].join("\n");
+  writeFileSync(p, block, "utf-8");
+}
+/**
+ * @param {string} input
+ * @returns {string}
+ */
+function resolveRfpId(input) {
+  ensureRfpDir();
+  if (!existsSync(RFP_DIR)) return input;
+  const files = readdirSync(RFP_DIR).filter((f) => f.endsWith(".md"));
+  const ids = files.map((f) => f.replace(/\.md$/, ""));
+  const matches = ids.filter((id) => id.startsWith(input));
+  if (matches.length === 1) return matches[0];
+  if (matches.length > 1) {
+    console.log("ERROR: ambiguous rfp id. Matches:");
+    for (const m of matches) console.log(`  ${m}`);
+    process.exit(1);
+  }
+  return input;
+}
+/**
+ * @param {ParentSession | null} parent
+ * @returns {string}
+ */
+function generateRfpId(parent) {
+  const now = new Date();
+  const y = now.getFullYear();
+  const mo = String(now.getMonth() + 1).padStart(2, "0");
+  const d = String(now.getDate()).padStart(2, "0");
+  const h = String(now.getHours()).padStart(2, "0");
+  const mi = String(now.getMinutes()).padStart(2, "0");
+  const s = String(now.getSeconds()).padStart(2, "0");
+  const ts = `${y}-${mo}-${d}-${h}-${mi}-${s}`;
+  const base = parent?.uuid ? parent.uuid.split("-")[0] : randomUUID().split("-")[0];
+  const suffix = randomUUID().split("-")[0].slice(0, 4);
+  return `rfp-${base}-${ts}-${suffix}`.toLowerCase();
+}
 // =============================================================================
 // Helpers - mailbox
 // =============================================================================
@@ -1167,15 +1320,25 @@ function ensureMailboxDir() {
   }
 }
+/**
+ * @returns {void}
+ */
+function ensureRfpDir() {
+  if (!existsSync(RFP_DIR)) {
+    mkdirSync(RFP_DIR, { recursive: true });
+  }
+}
 /**
  * @param {MailboxPayload} payload
+ * @param {string} [type]
  * @returns {void}
  */
-function writeToMailbox(payload) {
+function writeToMailbox(payload, type = "observation") {
   ensureMailboxDir();
   const entry = {
     timestamp: new Date().toISOString(),
-    type: "observation",
+    type,
     payload,
   };
   appendFileSync(MAILBOX_PATH, JSON.stringify(entry) + "\n");
@@ -1397,8 +1560,8 @@ function findCurrentClaudeSession() {
   // We might be running from Claude but not inside tmux (e.g., VSCode, Cursor)
   // Find Claude sessions in the same cwd and pick the most recently active one
-  const callerPid = findCallerPid();
-  if (!callerPid) return null; // Not running from Claude
+  const caller = findCallerAgent();
+  if (!caller) return null;
   const cwd = process.cwd();
   const sessions = tmuxListSessions();
@@ -1812,6 +1975,7 @@ const State = {
   THINKING: "thinking",
   CONFIRMING: "confirming",
   RATE_LIMITED: "rate_limited",
+  FEEDBACK_MODAL: "feedback_modal",
 };
 /**
@@ -1839,6 +2003,17 @@ function detectState(screen, config) {
     return State.RATE_LIMITED;
   }
+  // Feedback modal - Claude CLI's "How is Claude doing this session?" prompt
+  // Match the numbered options pattern (flexible on whitespace)
+  if (
+    /1:\s*Bad/i.test(recentLines) &&
+    /2:\s*Fine/i.test(recentLines) &&
+    /3:\s*Good/i.test(recentLines) &&
+    /0:\s*Dismiss/i.test(recentLines)
+  ) {
+    return State.FEEDBACK_MODAL;
+  }
   // Confirming - check before THINKING because "Running…" in tool output matches thinking patterns
   const confirmPatterns = config.confirmPatterns || [];
   for (const pattern of confirmPatterns) {
@@ -1980,12 +2155,18 @@ class Agent {
   /**
    * @param {boolean} [yolo]
    * @param {string | null} [sessionName]
+   * @param {string | null} [customAllowedTools]
    * @returns {string}
    */
-  getCommand(yolo, sessionName = null) {
+  getCommand(yolo, sessionName = null, customAllowedTools = null) {
     let base;
     if (yolo) {
       base = this.yoloCommand;
+    } else if (customAllowedTools) {
+      // Custom permissions from --auto-approve flag
+      // Escape for shell: backslashes first, then double quotes
+      const escaped = customAllowedTools.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
+      base = `${this.startCommand} --allowedTools "${escaped}"`;
     } else if (this.safeAllowedTools) {
       // Default: auto-approve safe read-only operations
       base = `${this.startCommand} --allowedTools "${this.safeAllowedTools}"`;
@@ -2002,38 +2183,85 @@ class Agent {
     return base;
   }
-  getDefaultSession() {
+  /**
+   * @param {{allowedTools?: string | null, yolo?: boolean}} [options]
+   * @returns {string | null}
+   */
+  getDefaultSession({ allowedTools = null, yolo = false } = {}) {
     // Check env var for explicit session
     if (this.envVar && process.env[this.envVar]) {
-      return process.env[this.envVar];
+      return process.env[this.envVar] ?? null;
     }
     const cwd = process.cwd();
-    const childPattern = new RegExp(`^${this.name}-(partner-)?[0-9a-f-]{36}$`, "i");
+    // Match sessions: {tool}-(partner-)?{uuid}[-p{hash}|-yolo]?
+    const childPattern = new RegExp(
+      `^${this.name}-(partner-)?${UUID_PATTERN}(-p${PERM_HASH_PATTERN}|-yolo)?$`,
+      "i",
+    );
+    const requestedHash = computePermissionHash(allowedTools);
+    /**
+     * Find a matching session by walking up the directory tree.
+     * Checks exact cwd first, then parent directories up to git root or home.
+     * @param {string[]} sessions
+     * @returns {string | null}
+     */
+    const findSessionInCwdOrParent = (sessions) => {
+      const matchingSessions = sessions.filter((s) => {
+        if (!childPattern.test(s)) return false;
+        const perms = getSessionPermissions(s);
+        // If yolo requested, only match yolo sessions
+        if (yolo) {
+          return perms.mode === "yolo";
+        }
+        // If custom permissions requested, match yolo (superset) or same hash
+        if (requestedHash) {
+          return perms.mode === "yolo" || perms.hash === requestedHash;
+        }
+        // If no special permissions, match safe sessions only
+        return perms.mode === "safe";
+      });
+      if (matchingSessions.length === 0) return null;
+      // Cache session cwds to avoid repeated tmux calls
+      const sessionCwds = new Map(matchingSessions.map((s) => [s, getTmuxSessionCwd(s)]));
+      let searchDir = cwd;
+      const homeDir = os.homedir();
+      while (searchDir !== homeDir && searchDir !== "/") {
+        const existing = matchingSessions.find((s) => sessionCwds.get(s) === searchDir);
+        if (existing) return existing;
+        // Stop at git root (don't leak across projects)
+        if (existsSync(path.join(searchDir, ".git"))) break;
-    // If inside tmux, look for existing agent session in same cwd
+        searchDir = path.dirname(searchDir);
+      }
+      return null;
+    };
+    // If inside tmux, look for existing agent session in cwd or parent
     const current = tmuxCurrentSession();
     if (current) {
       const sessions = tmuxListSessions();
-      const existing = sessions.find((s) => {
-        if (!childPattern.test(s)) return false;
-        const sessionCwd = getTmuxSessionCwd(s);
-        return sessionCwd === cwd;
-      });
+      const existing = findSessionInCwdOrParent(sessions);
       if (existing) return existing;
-      // No existing session in this cwd - will generate new one in cmdStart
+      // No existing session in this cwd or parent - will generate new one in cmdStart
       return null;
     }
-    // Walk up to find claude/codex ancestor and reuse its session (must match cwd)
-    const callerPid = findCallerPid();
-    if (callerPid) {
+    // Walk up to find claude/codex ancestor and reuse its session
+    const caller = findCallerAgent();
+    if (caller) {
       const sessions = tmuxListSessions();
-      const existing = sessions.find((s) => {
-        if (!childPattern.test(s)) return false;
-        const sessionCwd = getTmuxSessionCwd(s);
-        return sessionCwd === cwd;
-      });
+      const existing = findSessionInCwdOrParent(sessions);
       if (existing) return existing;
     }
@@ -2042,10 +2270,11 @@ class Agent {
   }
   /**
+   * @param {{allowedTools?: string | null, yolo?: boolean}} [options]
    * @returns {string}
    */
-  generateSession() {
-    return generateSessionName(this.name);
+  generateSession(options = {}) {
+    return generateSessionName(this.name, options);
   }
   /**
@@ -2371,8 +2600,12 @@ async function waitUntilReady(agent, session, timeoutMs = DEFAULT_TIMEOUT_MS) {
   const initialScreen = tmuxCapture(session);
   const initialState = agent.getState(initialScreen);
-  // Already in terminal state
-  if (
+  // Dismiss feedback modal if present
+  if (initialState === State.FEEDBACK_MODAL) {
+    tmuxSend(session, "0");
+    await sleep(200);
+  } else if (
+    // Already in terminal state
     initialState === State.RATE_LIMITED ||
     initialState === State.CONFIRMING ||
     initialState === State.READY
@@ -2385,6 +2618,13 @@ async function waitUntilReady(agent, session, timeoutMs = DEFAULT_TIMEOUT_MS) {
     const screen = tmuxCapture(session);
     const state = agent.getState(screen);
+    // Dismiss feedback modal if it appears
+    if (state === State.FEEDBACK_MODAL) {
+      tmuxSend(session, "0");
+      await sleep(200);
+      continue;
+    }
     if (state === State.RATE_LIMITED || state === State.CONFIRMING || state === State.READY) {
       return { state, screen };
     }
@@ -2425,6 +2665,13 @@ async function pollForResponse(agent, session, timeoutMs, hooks = {}) {
       return { state, screen };
     }
+    // Dismiss feedback modal if it appears
+    if (state === State.FEEDBACK_MODAL) {
+      tmuxSend(session, "0");
+      await sleep(200);
+      continue;
+    }
     if (screen !== lastScreen) {
       lastScreen = screen;
       stableAt = Date.now();
@@ -2534,6 +2781,7 @@ async function autoApproveLoop(agent, session, timeoutMs, waitFn) {
       continue;
     }
+    // FEEDBACK_MODAL is handled by the underlying waitFn (pollForResponse)
     debugError("autoApproveLoop", new Error(`unexpected state: ${state}`));
   }
@@ -2545,12 +2793,13 @@ async function autoApproveLoop(agent, session, timeoutMs, waitFn) {
  * @param {string | null | undefined} session
  * @param {Object} [options]
  * @param {boolean} [options.yolo]
+ * @param {string | null} [options.allowedTools]
  * @returns {Promise<string>}
  */
-async function cmdStart(agent, session, { yolo = false } = {}) {
+async function cmdStart(agent, session, { yolo = false, allowedTools = null } = {}) {
   // Generate session name if not provided
   if (!session) {
-    session = agent.generateSession();
+    session = agent.generateSession({ allowedTools, yolo });
   }
   if (tmuxHasSession(session)) return session;
@@ -2562,7 +2811,7 @@ async function cmdStart(agent, session, { yolo = false } = {}) {
     process.exit(1);
   }
-  const command = agent.getCommand(yolo, session);
+  const command = agent.getCommand(yolo, session, allowedTools);
   tmuxNewSession(session, command);
   const start = Date.now();
@@ -2575,6 +2824,18 @@ async function cmdStart(agent, session, { yolo = false } = {}) {
       continue;
     }
+    if (state === State.FEEDBACK_MODAL) {
+      tmuxSend(session, "0");
+      await sleep(200);
+      continue;
+    }
+    if (state === State.CONFIRMING) {
+      tmuxSend(session, agent.approveKey);
+      await sleep(APPROVE_DELAY_MS);
+      continue;
+    }
     if (state === State.READY) return session;
     await sleep(POLL_MS);
@@ -2622,6 +2883,7 @@ function cmdAgents() {
     const isDefault =
       (parsed.tool === "claude" && session === claudeDefault) ||
       (parsed.tool === "codex" && session === codexDefault);
+    const perms = getSessionPermissions(session);
     // Get session metadata (Claude only)
     const meta = getSessionMeta(session);
@@ -2632,6 +2894,7 @@ function cmdAgents() {
       state: state || "unknown",
       target: isDefault ? "*" : "",
       type,
+      mode: perms.mode,
       plan: meta?.slug || "-",
       branch: meta?.gitBranch || "-",
     };
@@ -2643,14 +2906,15 @@ function cmdAgents() {
   const maxState = Math.max(5, ...agents.map((a) => a.state.length));
   const maxTarget = Math.max(6, ...agents.map((a) => a.target.length));
   const maxType = Math.max(4, ...agents.map((a) => a.type.length));
+  const maxMode = Math.max(4, ...agents.map((a) => a.mode.length));
   const maxPlan = Math.max(4, ...agents.map((a) => a.plan.length));
   console.log(
-    `${"SESSION".padEnd(maxSession)}  ${"TOOL".padEnd(maxTool)}  ${"STATE".padEnd(maxState)}  ${"TARGET".padEnd(maxTarget)}  ${"TYPE".padEnd(maxType)}  ${"PLAN".padEnd(maxPlan)}  BRANCH`,
+    `${"SESSION".padEnd(maxSession)}  ${"TOOL".padEnd(maxTool)}  ${"STATE".padEnd(maxState)}  ${"TARGET".padEnd(maxTarget)}  ${"TYPE".padEnd(maxType)}  ${"MODE".padEnd(maxMode)}  ${"PLAN".padEnd(maxPlan)}  BRANCH`,
   );
   for (const a of agents) {
     console.log(
-      `${a.session.padEnd(maxSession)}  ${a.tool.padEnd(maxTool)}  ${a.state.padEnd(maxState)}  ${a.target.padEnd(maxTarget)}  ${a.type.padEnd(maxType)}  ${a.plan.padEnd(maxPlan)}  ${a.branch}`,
+      `${a.session.padEnd(maxSession)}  ${a.tool.padEnd(maxTool)}  ${a.state.padEnd(maxState)}  ${a.target.padEnd(maxTarget)}  ${a.type.padEnd(maxType)}  ${a.mode.padEnd(maxMode)}  ${a.plan.padEnd(maxPlan)}  ${a.branch}`,
     );
   }
@@ -2707,11 +2971,29 @@ function startArchangel(config, parentSession = null) {
     env,
   });
   child.unref();
+  const watchingLabel = parentSession
+    ? parentSession.session || parentSession.uuid?.slice(0, 8)
+    : null;
   console.log(
-    `Summoning: ${config.name} (pid ${child.pid})${parentSession ? ` [parent: ${parentSession.session}]` : ""}`,
+    `Summoning: ${config.name} (pid ${child.pid})${watchingLabel ? ` [watching: ${watchingLabel}]` : ""}`,
   );
 }
+/**
+ * @param {string} pattern
+ * @param {number} [timeoutMs]
+ * @returns {Promise<string | undefined>}
+ */
+async function waitForArchangelSession(pattern, timeoutMs = ARCHANGEL_STARTUP_TIMEOUT_MS) {
+  const start = Date.now();
+  while (Date.now() - start < timeoutMs) {
+    const session = findArchangelSession(pattern);
+    if (session) return session;
+    await sleep(200);
+  }
+  return undefined;
+}
 // =============================================================================
 // Command: archangel (runs as the archangel process itself)
 // =============================================================================
@@ -2959,28 +3241,18 @@ async function cmdArchangel(agentName) {
       const cleanedResponse = agent.getResponse(sessionName, afterScreen) || "";
-      // Sanity check: skip garbage responses (screen scraping artifacts)
-      const isGarbage =
-        cleanedResponse.includes("[Pasted text") ||
-        cleanedResponse.match(/^\+\d+ lines\]/) ||
-        cleanedResponse.length < 20;
-      if (
-        cleanedResponse &&
-        !isGarbage &&
-        !cleanedResponse.toLowerCase().includes("no issues found")
-      ) {
+      const isSkippable = !cleanedResponse || cleanedResponse.trim() === "EMPTY_RESPONSE";
+      if (!isSkippable) {
         writeToMailbox({
           agent: /** @type {string} */ (agentName),
           session: sessionName,
           branch: getCurrentBranch(),
           commit: getCurrentCommit(),
           files,
-          message: cleanedResponse.slice(0, 1000),
+          message: cleanedResponse,
         });
         console.log(`[archangel:${agentName}] Wrote observation for ${files.length} file(s)`);
-      } else if (isGarbage) {
-        console.log(`[archangel:${agentName}] Skipped garbage response`);
       }
     } catch (err) {
       console.error(`[archangel:${agentName}] Error:`, err instanceof Error ? err.message : err);
@@ -3172,6 +3444,7 @@ import { readFileSync, writeFileSync, existsSync } from "node:fs";
 import { dirname, join } from "node:path";
 import { fileURLToPath } from "node:url";
 import { createHash } from "node:crypto";
+import { execSync } from "node:child_process";
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const AI_DIR = join(__dirname, "..");
@@ -3179,6 +3452,15 @@ const DEBUG = process.env.AX_DEBUG === "1";
 const MAILBOX = join(AI_DIR, "mailbox.jsonl");
 const MAX_AGE_MS = 60 * 60 * 1000;
+function getTmuxSessionName() {
+  if (!process.env.TMUX) return null;
+  try {
+    return execSync("tmux display-message -p '#S'", { encoding: "utf-8" }).trim();
+  } catch {
+    return null;
+  }
+}
 // Read hook input from stdin
 let hookInput = {};
 try {
@@ -3193,8 +3475,9 @@ const hookEvent = hookInput.hook_event_name || "";
 if (DEBUG) console.error("[hook] session:", sessionId, "event:", hookEvent);
-// NO-OP for archangel or partner sessions
-if (sessionId.includes("-archangel-") || sessionId.includes("-partner-")) {
+const tmuxSession = getTmuxSessionName();
+if (DEBUG) console.error("[hook] tmux session:", tmuxSession);
+if (tmuxSession && (tmuxSession.includes("-archangel-") || tmuxSession.includes("-partner-"))) {
   if (DEBUG) console.error("[hook] skipping non-parent session");
   process.exit(0);
 }
@@ -3385,7 +3668,7 @@ function cmdKill(session, { all = false, orphans = false, force = false } = {})
   // If specific session provided, kill just that one
   if (session) {
     if (!tmuxHasSession(session)) {
-      console.log("ERROR: session not found");
+      console.log("ERROR: session not found. Run 'ax agents' to list sessions.");
       process.exit(1);
     }
     tmuxKill(session);
@@ -3436,7 +3719,7 @@ function cmdAttach(session) {
   // Resolve partial session name
   const resolved = resolveSessionName(session);
   if (!resolved || !tmuxHasSession(resolved)) {
-    console.log("ERROR: session not found");
+    console.log("ERROR: session not found. Run 'ax agents' to list sessions.");
     process.exit(1);
   }
@@ -3460,7 +3743,7 @@ function cmdLog(sessionName, { tail = 50, reasoning = false, follow = false } =
   // Resolve partial session name
   const resolved = resolveSessionName(sessionName);
   if (!resolved) {
-    console.log("ERROR: session not found");
+    console.log("ERROR: session not found. Run 'ax agents' to list sessions.");
     process.exit(1);
   }
   const parsed = parseSessionName(resolved);
@@ -3724,7 +4007,13 @@ function cmdMailbox({ limit = 20, branch = null, all = false } = {}) {
       console.log(`**Branch**: ${p.branch || "?"} @ ${p.commit || "?"}\n`);
     }
-    if (p.message) {
+    if (p.rfpId) {
+      console.log(`**RFP**: ${p.rfpId}\n`);
+    }
+    if (entry.type === "proposal") {
+      console.log(`**Proposal**: ${p.message || ""}\n`);
+    } else if (p.message) {
       console.log(`**Assistant**: ${p.message}\n`);
     }
@@ -3738,13 +4027,246 @@ function cmdMailbox({ limit = 20, branch = null, all = false } = {}) {
   }
 }
+/**
+ * @param {string} rfpId
+ * @param {string} archangel
+ * @returns {string | null}
+ */
+function getProposalFromMailbox(rfpId, archangel) {
+  if (!existsSync(MAILBOX_PATH)) return null;
+  let result = null;
+  try {
+    const lines = readFileSync(MAILBOX_PATH, "utf-8").trim().split("\n").filter(Boolean);
+    for (const line of lines) {
+      try {
+        const entry = JSON.parse(line);
+        if (entry?.type !== "proposal") continue;
+        const p = entry.payload || {};
+        if (p.rfpId === rfpId && p.archangel === archangel) {
+          result = p.message || "";
+        }
+      } catch {
+        // Skip malformed lines
+      }
+    }
+  } catch (err) {
+    debugError("getProposalFromMailbox", err);
+  }
+  return result;
+}
+/**
+ * @param {string} prompt
+ * @param {{archangels?: string, fresh?: boolean, noWait?: boolean}} [options]
+ */
+async function cmdRfp(prompt, { archangels, fresh = false, noWait = false } = {}) {
+  const configs = loadAgentConfigs();
+  if (configs.length === 0) {
+    console.log(`No archangels found in ${AGENTS_DIR}/`);
+    process.exit(1);
+  }
+  const requested = archangels
+    ? archangels
+        .split(",")
+        .map((s) => s.trim())
+        .filter(Boolean)
+    : configs.map((c) => c.name);
+  if (requested.length === 0) {
+    console.log("ERROR: no archangels specified");
+    process.exit(1);
+  }
+  const missing = requested.filter((name) => !configs.some((c) => c.name === name));
+  if (missing.length > 0) {
+    console.log(`ERROR: unknown archangel(s): ${missing.join(", ")}`);
+    process.exit(1);
+  }
+  const parent = findParentSession();
+  const rfpId = generateRfpId(parent);
+  for (const name of requested) {
+    const config = configs.find((c) => c.name === name);
+    if (!config) continue;
+    const pattern = getArchangelSessionPattern(config);
+    let session = findArchangelSession(pattern);
+    if (!session) {
+      startArchangel(config, parent);
+      session = await waitForArchangelSession(pattern);
+    }
+    if (!session) {
+      console.log(`ERROR: failed to start archangel '${name}'`);
+      continue;
+    }
+    const { agent } = resolveAgent({ sessionName: session });
+    if (fresh) {
+      tmuxSendLiteral(session, "/new");
+      await sleep(50);
+      tmuxSend(session, "Enter");
+    }
+    const ready = await waitUntilReady(agent, session, ARCHANGEL_STARTUP_TIMEOUT_MS);
+    if (ready.state !== State.READY) {
+      console.log(`[rfp] ${name} not ready (${ready.state}), skipping`);
+      continue;
+    }
+    const rfpPrompt = `## RFP ${rfpId}\n\n${RFP_PREAMBLE}\n\n${prompt}\n\nReturn exactly one proposal.`;
+    tmuxSendLiteral(session, rfpPrompt);
+    await sleep(200);
+    tmuxSend(session, "Enter");
+  }
+  writeRfpRecord(rfpId, prompt);
+  const archangelList = requested.join(",");
+  const base = rfpId.split("-")[1];
+  const shortId = `rfp-${base}`;
+  console.log(`rfp: ${rfpId} (${archangelList})`);
+  if (noWait) {
+    // Truncate prompt for display (first line, max 60 chars)
+    const firstLine = prompt.split("\n")[0];
+    const taskPreview = firstLine.length > 60 ? firstLine.slice(0, 57) + "..." : firstLine;
+    let output = `Task: ${taskPreview}
+Add this to your task list, then continue with your work.`;
+    // Show TaskCreate example if caller is Claude
+    const caller = findCallerAgent();
+    if (caller?.agent === "claude") {
+      output += `
+e.g.
+  TaskCreate({ subject: "ax:${shortId} - ${taskPreview}" })
+`;
+    }
+    console.log(output);
+  }
+}
+/**
+ * @param {string} rfpId
+ * @param {{archangels?: string, timeoutMs?: number}} [options]
+ */
+async function cmdRfpWait(rfpId, { archangels, timeoutMs = ARCHANGEL_RESPONSE_TIMEOUT_MS } = {}) {
+  const resolvedRfpId = resolveRfpId(rfpId);
+  const configs = loadAgentConfigs();
+  if (configs.length === 0) {
+    console.log(`No archangels found in ${AGENTS_DIR}/`);
+    process.exit(1);
+  }
+  const requested = archangels
+    ? archangels
+        .split(",")
+        .map((s) => s.trim())
+        .filter(Boolean)
+    : configs.map((c) => c.name);
+  if (requested.length === 0) {
+    console.log("ERROR: no archangels specified");
+    process.exit(1);
+  }
+  const missing = requested.filter((name) => !configs.some((c) => c.name === name));
+  if (missing.length > 0) {
+    console.log(`ERROR: unknown archangel(s): ${missing.join(", ")}`);
+    process.exit(1);
+  }
+  let wroteAny = false;
+  let printedAny = false;
+  for (const name of requested) {
+    const config = configs.find((c) => c.name === name);
+    if (!config) continue;
+    const pattern = getArchangelSessionPattern(config);
+    const session = findArchangelSession(pattern);
+    if (!session) {
+      console.log(`[rfp] ${name} session not found, skipping`);
+      continue;
+    }
+    const existing = getProposalFromMailbox(resolvedRfpId, name);
+    if (existing !== null) {
+      if (printedAny) console.log("");
+      console.log(`[${name}]`);
+      console.log(existing);
+      wroteAny = true;
+      printedAny = true;
+      continue;
+    }
+    const { agent } = resolveAgent({ sessionName: session });
+    let result;
+    try {
+      result = await waitUntilReady(agent, session, timeoutMs);
+    } catch (err) {
+      if (err instanceof TimeoutError) {
+        console.log(`[rfp] ${name} timed out`);
+      } else {
+        console.log(`[rfp] ${name} error: ${err instanceof Error ? err.message : err}`);
+      }
+      continue;
+    }
+    if (result.state === State.RATE_LIMITED) {
+      console.log(`[rfp] ${name} rate limited`);
+      continue;
+    }
+    if (result.state === State.CONFIRMING) {
+      console.log(`[rfp] ${name} awaiting confirmation`);
+      continue;
+    }
+    const response = agent.getResponse(session, result.screen) || "";
+    if (!response || response.trim() === "EMPTY_RESPONSE") {
+      continue;
+    }
+    writeToMailbox(
+      {
+        agent: name,
+        session,
+        branch: getCurrentBranch(),
+        commit: getCurrentCommit(),
+        files: [],
+        message: response,
+        rfpId: resolvedRfpId,
+        archangel: name,
+      },
+      "proposal",
+    );
+    if (printedAny) console.log("");
+    console.log(`[${name}]`);
+    console.log(response);
+    wroteAny = true;
+    printedAny = true;
+  }
+  if (!wroteAny) process.exit(1);
+}
 /**
  * @param {Agent} agent
  * @param {string | null | undefined} session
  * @param {string} message
- * @param {{noWait?: boolean, yolo?: boolean, timeoutMs?: number}} [options]
+ * @param {{noWait?: boolean, yolo?: boolean, allowedTools?: string | null, timeoutMs?: number}} [options]
  */
-async function cmdAsk(agent, session, message, { noWait = false, yolo = false, timeoutMs = DEFAULT_TIMEOUT_MS } = {}) {
+async function cmdAsk(
+  agent,
+  session,
+  message,
+  { noWait = false, yolo = false, allowedTools = null, timeoutMs = DEFAULT_TIMEOUT_MS } = {},
+) {
   const sessionExists = session != null && tmuxHasSession(session);
   const nativeYolo = sessionExists && isYoloSession(/** @type {string} */ (session));
@@ -3758,7 +4280,7 @@ async function cmdAsk(agent, session, message, { noWait = false, yolo = false, t
   /** @type {string} */
   const activeSession = sessionExists
     ? /** @type {string} */ (session)
-    : await cmdStart(agent, session, { yolo });
+    : await cmdStart(agent, session, { yolo, allowedTools });
   tmuxSendLiteral(activeSession, message);
   await sleep(50);
@@ -3767,12 +4289,26 @@ async function cmdAsk(agent, session, message, { noWait = false, yolo = false, t
   if (noWait) {
     const parsed = parseSessionName(activeSession);
     const shortId = parsed?.uuid?.slice(0, 8) || activeSession;
-    const cli = path.basename(process.argv[1], ".js");
-    console.log(`Sent to: ${shortId}
+    // Truncate message for display (first line, max 60 chars)
+    const firstLine = message.split("\n")[0];
+    const taskPreview = firstLine.length > 60 ? firstLine.slice(0, 57) + "..." : firstLine;
+    let output = `Sent to: ${shortId}
+Task: ${taskPreview}
+Add this to your task list, then continue with your work.`;
+    // Show TaskCreate example if caller is Claude
+    const caller = findCallerAgent();
+    if (caller?.agent === "claude") {
+      output += `
 e.g.
-  ${cli} status --session=${shortId}
-  ${cli} output --session=${shortId}`);
+  TaskCreate({ subject: "ax:${shortId} - ${taskPreview}" })
+`;
+    }
+    console.log(output);
     return;
   }
@@ -3964,9 +4500,14 @@ async function cmdReview(
  * @param {Agent} agent
  * @param {string | null | undefined} session
  * @param {number} [index]
- * @param {{wait?: boolean, timeoutMs?: number}} [options]
+ * @param {{wait?: boolean, stale?: boolean, timeoutMs?: number}} [options]
  */
-async function cmdOutput(agent, session, index = 0, { wait = false, timeoutMs } = {}) {
+async function cmdOutput(
+  agent,
+  session,
+  index = 0,
+  { wait = false, stale = false, timeoutMs } = {},
+) {
   if (!session || !tmuxHasSession(session)) {
     console.log("ERROR: no session");
     process.exit(1);
@@ -3993,8 +4534,11 @@ async function cmdOutput(agent, session, index = 0, { wait = false, timeoutMs }
   }
   if (state === State.THINKING) {
-    console.log("THINKING");
-    process.exit(4);
+    if (!stale) {
+      console.log("THINKING: Use --wait to block, or --stale for old response.");
+      process.exit(1);
+    }
+    // --stale: fall through to show previous response
   }
   const output = agent.getResponse(session, screen, index);
@@ -4192,7 +4736,12 @@ function resolveAgent({ toolFlag, sessionName } = {}) {
   if (invoked === "axclaude" || invoked === "claude") return { agent: ClaudeAgent };
   if (invoked === "axcodex" || invoked === "codex") return { agent: CodexAgent };
-  // 4. AX_DEFAULT_TOOL environment variable
+  // 4. Infer from parent process (running from within claude/codex)
+  const caller = findCallerAgent();
+  if (caller?.agent === "claude") return { agent: ClaudeAgent };
+  if (caller?.agent === "codex") return { agent: CodexAgent };
+  // 5. AX_DEFAULT_TOOL environment variable
   const defaultTool = process.env.AX_DEFAULT_TOOL;
   if (defaultTool === "claude") return { agent: ClaudeAgent };
   if (defaultTool === "codex" || !defaultTool) return { agent: CodexAgent };
@@ -4208,72 +4757,64 @@ function resolveAgent({ toolFlag, sessionName } = {}) {
 function printHelp(agent, cliName) {
   const name = cliName;
   const backendName = agent.displayName;
-  const hasReview = !!agent.reviewOptions;
   console.log(`${name} v${VERSION} - agentic assistant CLI (${backendName})
 Usage: ${name} [OPTIONS] <command|message> [ARGS...]
-Commands:
-  agents                    List all running agents with state and log paths
+Messaging:
+  <message>                 Send message to ${name}
+  review [TYPE]             Review code: pr, uncommitted, commit, custom
+Sessions:
+  compact                   Summarise session to shrink context size
+  reset                     Start fresh conversation
+  agents                    List all running agents
   target                    Show default target session for current tool
   attach [SESSION]          Attach to agent session interactively
-  log SESSION               View conversation log (--tail=N, --follow, --reasoning)
-  mailbox                   View archangel observations (--limit=N, --branch=X, --all)
+  kill                      Kill sessions (--all, --session=NAME, --orphans [--force])
+Archangels:
   summon [name]             Summon archangels (all, or by name)
   recall [name]             Recall archangels (all, or by name)
-  kill                      Kill sessions (--all, --session=NAME, --orphans [--force])
-  status                    Check state (exit: 0=ready, 2=rate_limited, 3=confirming, 4=thinking)
+  mailbox                   Archangel notes (filters: --branch=git, --all)
+  rfp <prompt>              Request proposals (--archangels=a,b)
+  rfp wait <id>             Wait for proposals (--archangels=a,b)
+Recovery/State:
+  status                    Exit code: ready=0 rate_limit=2 confirm=3 thinking=4
   output [-N]               Show response (0=last, -1=prev, -2=older)
-  debug                     Show raw screen output and detected state${
-    hasReview
-      ? `
-  review [TYPE]             Review code: pr, uncommitted, commit, custom`
-      : ""
-  }
-  select N                  Select menu option N
+  debug                     Show raw screen output and detected state
   approve                   Approve pending action (send 'y')
   reject                    Reject pending action (send 'n')
+  select N                  Select menu option N
   send KEYS                 Send key sequence (e.g. "1[Enter]", "[Escape]")
-  compact                   Summarize conversation (when context is full)
-  reset                     Start fresh conversation
-  <message>                 Send message to ${name}
+  log [SESSION]             View conversation log (--tail=N, --follow, --reasoning)
 Flags:
   --tool=NAME               Use specific agent (codex, claude)
-  --session=NAME            Target session by name, archangel name, or UUID prefix (self = current)
+  --session=ID              name | archangel | uuid-prefix | self
+  --fresh                   Reset conversation before review
+  --yolo                    Skip all confirmations (dangerous)
+  --auto-approve=TOOLS      Auto-approve specific tools (e.g. 'Bash("cargo *")')
   --wait                    Wait for response (default for messages; required for approve/reject)
   --no-wait                 Fire-and-forget: send message, print session ID, exit immediately
   --timeout=N               Set timeout in seconds (default: ${DEFAULT_TIMEOUT_MS / 1000}, reviews: ${REVIEW_TIMEOUT_MS / 1000})
-  --yolo                    Skip all confirmations (dangerous)
-  --fresh                   Reset conversation before review
-  --orphans                 Kill orphaned claude/codex processes (PPID=1)
-  --force                   Use SIGKILL instead of SIGTERM (with --orphans)
-Environment:
-  AX_DEFAULT_TOOL           Default agent when using 'ax' (claude or codex, default: codex)
-  ${agent.envVar}           Override default session name
-  AX_CLAUDE_CONFIG_DIR      Override Claude config directory (default: ~/.claude)
-  AX_CODEX_CONFIG_DIR       Override Codex config directory (default: ~/.codex)
-  AX_REVIEW_MODE=exec       Bypass /review, send instructions directly (codex only)
-  AX_DEBUG=1                Enable debug logging
 Examples:
   ${name} "explain this codebase"
-  ${name} "review the error handling"           # Auto custom review (${REVIEW_TIMEOUT_MS / 60000}min timeout)
-  ${name} "FYI: auth was refactored" --no-wait  # Send context to a working session (no response needed)
+  ${name} "review the error handling"                   # Auto custom review (${REVIEW_TIMEOUT_MS / 60000}min timeout)
+  ${name} "FYI: auth was refactored" --no-wait          # Send context to a working session (no response needed)
+  ${name} --auto-approve='Bash("cargo *")' "run tests"  # Session with specific permissions
   ${name} review uncommitted --wait
-  ${name} approve --wait
-  ${name} kill                                 # Kill agents in current project
-  ${name} kill --all                           # Kill all agents across all projects
-  ${name} kill --session=NAME                  # Kill specific session
-  ${name} send "1[Enter]"                      # Recovery: select option 1 and press Enter
-  ${name} send "[Escape][Escape]"              # Recovery: escape out of a dialog
-  ${name} summon                               # Summon all archangels from .ai/agents/*.md
-  ${name} summon reviewer                      # Summon by name (creates config if new)
-  ${name} recall                               # Recall all archangels
-  ${name} recall reviewer                      # Recall one by name
-  ${name} agents                               # List all agents (shows TYPE=archangel)
+  ${name} kill                                          # Kill agents in current project
+  ${name} kill --all                                    # Kill all agents across all projects
+  ${name} kill --session=NAME                           # Kill specific session
+  ${name} summon                                        # Summon all archangels from .ai/agents/*.md
+  ${name} summon reviewer                               # Summon by name (creates config if new)
+  ${name} recall                                        # Recall all archangels
+  ${name} recall reviewer                               # Recall one by name
+  ${name} agents                                        # List all agents (shows TYPE=archangel)
 Note: Reviews and complex tasks may take several minutes.
       Use Bash run_in_background for long operations (not --no-wait).`);
@@ -4300,7 +4841,8 @@ async function main() {
   }
   // Extract flags into local variables for convenience
-  const { wait, noWait, yolo, fresh, reasoning, follow, all, orphans, force } = flags;
+  const { wait, noWait, yolo, fresh, reasoning, follow, all, orphans, force, stale, autoApprove } =
+    flags;
   // Session resolution (must happen before agent resolution so we can infer tool from session name)
   let session = null;
@@ -4319,15 +4861,24 @@ async function main() {
   }
   // Agent resolution (considers --tool flag, session name, invocation, and env vars)
-  const { agent, error: agentError } = resolveAgent({ toolFlag: flags.tool, sessionName: session });
+  const { agent, error: agentError } = resolveAgent({
+    toolFlag: flags.tool,
+    sessionName: session,
+  });
   if (agentError) {
     console.log(`ERROR: ${agentError}`);
     process.exit(1);
   }
-  // If no explicit session, use agent's default
+  // Validate --auto-approve is only used with Claude (Codex doesn't support --allowedTools)
+  if (autoApprove && agent.name === "codex") {
+    console.log("ERROR: --auto-approve is not supported by Codex. Use --yolo instead.");
+    process.exit(1);
+  }
+  // If no explicit session, use agent's default (with permission filtering)
   if (!session) {
-    session = agent.getDefaultSession();
+    session = agent.getDefaultSession({ allowedTools: autoApprove, yolo });
   }
   // Timeout (convert seconds to milliseconds)
@@ -4355,7 +4906,7 @@ async function main() {
   // Dispatch commands
   if (cmd === "agents") return cmdAgents();
   if (cmd === "target") {
-    const defaultSession = agent.getDefaultSession();
+    const defaultSession = agent.getDefaultSession({ allowedTools: autoApprove, yolo });
     if (defaultSession) {
       console.log(defaultSession);
     } else {
@@ -4371,20 +4922,39 @@ async function main() {
   if (cmd === "attach") return cmdAttach(positionals[1] || session);
   if (cmd === "log") return cmdLog(positionals[1] || session, { tail, reasoning, follow });
   if (cmd === "mailbox") return cmdMailbox({ limit, branch, all });
+  if (cmd === "rfp") {
+    if (positionals[1] === "wait") {
+      const rfpId = positionals[2];
+      if (!rfpId) {
+        console.log("ERROR: missing rfp id");
+        process.exit(1);
+      }
+      return cmdRfpWait(rfpId, { archangels: flags.archangels, timeoutMs });
+    }
+    const rawPrompt = positionals.slice(1).join(" ");
+    const prompt = await readStdinIfNeeded(rawPrompt);
+    if (!prompt) {
+      console.log("ERROR: missing prompt for rfp");
+      process.exit(1);
+    }
+    return cmdRfp(prompt, { archangels: flags.archangels, fresh, noWait });
+  }
   if (cmd === "approve") return cmdApprove(agent, session, { wait, timeoutMs });
   if (cmd === "reject") return cmdReject(agent, session, { wait, timeoutMs });
-  if (cmd === "review")
-    return cmdReview(agent, session, positionals[1], positionals[2], {
+  if (cmd === "review") {
+    const customInstructions = await readStdinIfNeeded(positionals[2]);
+    return cmdReview(agent, session, positionals[1], customInstructions ?? undefined, {
       wait,
       fresh,
       timeoutMs,
     });
+  }
   if (cmd === "status") return cmdStatus(agent, session);
   if (cmd === "debug") return cmdDebug(agent, session);
   if (cmd === "output") {
     const indexArg = positionals[1];
     const index = indexArg?.startsWith("-") ? parseInt(indexArg, 10) : 0;
-    return cmdOutput(agent, session, index, { wait, timeoutMs });
+    return cmdOutput(agent, session, index, { wait, stale, timeoutMs });
   }
   if (cmd === "send" && positionals.length > 1)
     return cmdSend(session, positionals.slice(1).join(" "));
@@ -4394,18 +4964,17 @@ async function main() {
     return cmdSelect(agent, session, positionals[1], { wait, timeoutMs });
   // Default: send message
-  let message = positionals.join(" ");
-  if (!message && hasStdinData()) {
-    message = await readStdin();
-  }
+  const rawMessage = positionals.join(" ");
+  let message = await readStdinIfNeeded(rawMessage);
   if (!message || flags.help) {
     printHelp(agent, cliName);
     process.exit(0);
   }
+  const messageText = message;
   // Detect "review ..." or "please review ..." and route to custom review mode
-  const reviewMatch = message.match(/^(?:please )?review\s*(.*)/i);
+  const reviewMatch = messageText.match(/^(?:please )?review\s*(.*)/i);
   if (reviewMatch && agent.reviewOptions) {
     const customInstructions = reviewMatch[1].trim() || null;
     return cmdReview(agent, session, "custom", customInstructions, {
@@ -4415,7 +4984,12 @@ async function main() {
     });
   }
-  return cmdAsk(agent, session, message, { noWait, yolo, timeoutMs });
+  return cmdAsk(agent, session, messageText, {
+    noWait,
+    yolo,
+    allowedTools: autoApprove,
+    timeoutMs,
+  });
 }
 // Run main() only when executed directly (not when imported for testing)
@@ -4455,4 +5029,6 @@ export {
   extractThinking,
   detectState,
   State,
+  normalizeAllowedTools,
+  computePermissionHash,
 };