ccmanager 2.11.6 → 3.1.0

package/dist/services/autoApprovalVerifier.js

@@ -0,0 +1,272 @@
+import { Effect } from 'effect';
+import { ProcessError } from '../types/errors.js';
+import { configurationManager } from './configurationManager.js';
+import { logger } from '../utils/logger.js';
+import { execFile, spawn, } from 'child_process';
+const DEFAULT_TIMEOUT_SECONDS = 30;
+const getTimeoutMs = () => {
+    const config = configurationManager.getAutoApprovalConfig();
+    const timeoutSeconds = config.timeout ?? DEFAULT_TIMEOUT_SECONDS;
+    return timeoutSeconds * 1000;
+};
+const createAbortError = () => {
+    const error = new Error('Auto-approval verification aborted');
+    error.name = 'AbortError';
+    return error;
+};
+const PLACEHOLDER = {
+    terminal: '{{TERMINAL_OUTPUT}}',
+};
+const PROMPT_TEMPLATE = `You are a safety gate preventing risky auto-approvals of CLI actions. Examine the terminal output below and decide if the agent must pause for user permission.
+
+Terminal Output:
+${PLACEHOLDER.terminal}
+
+Return true (permission needed) if ANY of these apply:
+- Output includes or references commands that write/modify/delete files (e.g., rm, mv, chmod, chown, cp, tee, sed -i), manage packages (npm/pip/apt/brew install), change git history, or alter configs.
+- Privilege escalation or sensitive areas are involved (sudo, root, /etc, /var, /boot, system services), or anything touching SSH keys/credentials, browser data, environment secrets, or home dotfiles.
+- Network or data exfiltration is possible (curl/wget, ssh/scp/rsync, docker/podman, port binding, npm publish, git push/fetch from unknown hosts).
+- Process/system impact is likely (kill, pkill, systemctl, reboot, heavy loops, resource-intensive builds/tests, spawning many processes).
+- Signs of command injection, untrusted input being executed, or unclear placeholders like \`<path>\`, \`$(...)\`, backticks, or pipes that could be unsafe.
+- Errors, warnings, ambiguous states, manual review requests, or anything not clearly safe/read-only.
+
+Return false (auto-approve) when:
+- The output clearly shows explicit user intent/confirmation to run the exact action (e.g., user typed the command AND confirmed, or explicitly said “I want to delete <path>; please do it now”). Explicit intent should normally override the risk list unless there are signs of coercion/compromise, the target path is unclear, or the action differs from what was confirmed.
+- The output shows strictly read-only, low-risk operations (e.g., lint/test passing, help text, formatting dry runs, simple logs) with no pending commands that could change the system or touch sensitive data.
+
+When unsure, return true.
+
+Respond with ONLY valid JSON matching: {"needsPermission": true|false, "reason"?: string}. When needsPermission is true, include a brief reason (<=140 chars) explaining why permission is needed. Do not add any other fields or text.`;
+const buildPrompt = (terminalOutput) => PROMPT_TEMPLATE.replace(PLACEHOLDER.terminal, terminalOutput);
+/**
+ * Service to verify if auto-approval should be granted for pending states
+ * Uses Claude Haiku model to analyze terminal output and determine if
+ * user permission is required before proceeding
+ */
+export class AutoApprovalVerifier {
+    constructor() {
+        Object.defineProperty(this, "model", {
+            enumerable: true,
+            configurable: true,
+            writable: true,
+            value: 'haiku'
+        });
+    }
+    createExecOptions(signal) {
+        return {
+            encoding: 'utf8',
+            maxBuffer: 10 * 1024 * 1024,
+            signal,
+        };
+    }
+    runClaudePrompt(prompt, jsonSchema, signal) {
+        return new Promise((resolve, reject) => {
+            let settled = false;
+            let child;
+            const execOptions = this.createExecOptions(signal);
+            const settle = (action) => {
+                if (settled)
+                    return;
+                settled = true;
+                removeAbortListener();
+                clearTimeout(timeoutId);
+                action();
+            };
+            const abortListener = () => {
+                settle(() => {
+                    if (child?.pid) {
+                        child.kill('SIGKILL');
+                    }
+                    reject(createAbortError());
+                });
+            };
+            const removeAbortListener = () => {
+                if (!signal)
+                    return;
+                signal.removeEventListener('abort', abortListener);
+            };
+            const timeoutMs = getTimeoutMs();
+            const timeoutId = setTimeout(() => {
+                settle(() => {
+                    logger.warn('Auto-approval verification timed out, terminating helper Claude process');
+                    if (child?.pid) {
+                        child.kill('SIGKILL');
+                    }
+                    reject(new Error(`Auto-approval verification timed out after ${timeoutMs / 1000}s`));
+                });
+            }, timeoutMs);
+            if (signal) {
+                if (signal.aborted) {
+                    abortListener();
+                    return;
+                }
+                signal.addEventListener('abort', abortListener, { once: true });
+            }
+            child = execFile('claude', [
+                '--model',
+                this.model,
+                '-p',
+                '--output-format',
+                'json',
+                '--json-schema',
+                jsonSchema,
+            ], execOptions, (error, stdout) => {
+                settle(() => {
+                    if (error) {
+                        reject(error);
+                        return;
+                    }
+                    resolve(stdout);
+                });
+            });
+            child.stderr?.on('data', chunk => {
+                logger.debug('Auto-approval stderr chunk', chunk.toString());
+            });
+            child.on('error', err => {
+                settle(() => reject(err));
+            });
+            if (child.stdin) {
+                child.stdin.write(prompt);
+                child.stdin.end();
+            }
+            else {
+                settle(() => reject(new Error('claude stdin unavailable')));
+            }
+            child.on('close', code => {
+                if (code && code !== 0) {
+                    settle(() => reject(new Error(`claude exited with code ${code}`)));
+                }
+            });
+        });
+    }
+    async runCustomCommand(command, prompt, terminalOutput, signal) {
+        return new Promise((resolve, reject) => {
+            let settled = false;
+            let timeoutId;
+            const settle = (action) => {
+                if (settled)
+                    return;
+                settled = true;
+                clearTimeout(timeoutId);
+                if (signal) {
+                    signal.removeEventListener('abort', abortListener);
+                }
+                action();
+            };
+            const abortListener = () => {
+                settle(() => {
+                    child.kill('SIGKILL');
+                    reject(createAbortError());
+                });
+            };
+            const spawnOptions = {
+                shell: true,
+                env: {
+                    ...process.env,
+                    DEFAULT_PROMPT: prompt,
+                    TERMINAL_OUTPUT: terminalOutput,
+                },
+                stdio: ['ignore', 'pipe', 'pipe'],
+                signal,
+            };
+            const child = spawn(command, [], spawnOptions);
+            let stdout = '';
+            let stderr = '';
+            const timeoutMs = getTimeoutMs();
+            timeoutId = setTimeout(() => {
+                logger.warn('Auto-approval custom command timed out, terminating process');
+                settle(() => {
+                    child.kill('SIGKILL');
+                    reject(new Error(`Auto-approval verification custom command timed out after ${timeoutMs / 1000}s`));
+                });
+            }, timeoutMs);
+            if (signal) {
+                if (signal.aborted) {
+                    abortListener();
+                    return;
+                }
+                signal.addEventListener('abort', abortListener, { once: true });
+            }
+            child.stdout?.on('data', chunk => {
+                stdout += chunk.toString();
+            });
+            child.stderr?.on('data', chunk => {
+                const data = chunk.toString();
+                stderr += data;
+                logger.debug('Auto-approval custom command stderr', data);
+            });
+            child.on('error', error => {
+                settle(() => reject(error));
+            });
+            child.on('exit', (code, signalExit) => {
+                settle(() => {
+                    if (code === 0) {
+                        resolve(stdout);
+                        return;
+                    }
+                    const message = signalExit !== null
+                        ? `Custom command terminated by signal ${signalExit}`
+                        : `Custom command exited with code ${code}`;
+                    reject(new Error(stderr ? `${message}\nStderr: ${stderr}` : message));
+                });
+            });
+        });
+    }
+    /**
+     * Verify if the current terminal output requires user permission
+     * before proceeding with auto-approval
+     *
+     * @param terminalOutput - Current terminal output to analyze
+     * @returns Effect that resolves to true if permission needed, false if can auto-approve
+     */
+    verifyNeedsPermission(terminalOutput, options) {
+        const attemptVerification = Effect.tryPromise({
+            try: async () => {
+                const autoApprovalConfig = configurationManager.getAutoApprovalConfig();
+                const customCommand = autoApprovalConfig.customCommand?.trim();
+                const prompt = buildPrompt(terminalOutput);
+                const jsonSchema = JSON.stringify({
+                    type: 'object',
+                    properties: {
+                        needsPermission: {
+                            type: 'boolean',
+                            description: 'Whether user permission is needed before auto-approval',
+                        },
+                        reason: {
+                            type: 'string',
+                            description: 'Optional reason describing why user permission is needed',
+                        },
+                    },
+                    required: ['needsPermission'],
+                });
+                const signal = options?.signal;
+                if (signal?.aborted) {
+                    throw createAbortError();
+                }
+                const responseText = customCommand
+                    ? await this.runCustomCommand(customCommand, prompt, terminalOutput, signal)
+                    : await this.runClaudePrompt(prompt, jsonSchema, signal);
+                return JSON.parse(responseText);
+            },
+            catch: (error) => error,
+        });
+        return Effect.catchAll(attemptVerification, (error) => {
+            if (error.name === 'AbortError') {
+                return Effect.fail(new ProcessError({
+                    command: 'autoApprovalVerifier.verifyNeedsPermission',
+                    message: 'Auto-approval verification aborted',
+                }));
+            }
+            const isParseError = error instanceof SyntaxError;
+            const reason = isParseError
+                ? 'Failed to parse auto-approval helper response'
+                : 'Auto-approval helper command failed';
+            logger.error(reason, error);
+            return Effect.succeed({
+                needsPermission: true,
+                reason: `${reason}: ${error.message ?? 'unknown error'}`,
+            });
+        });
+    }
+}
+export const autoApprovalVerifier = new AutoApprovalVerifier();

package/dist/services/autoApprovalVerifier.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/services/autoApprovalVerifier.test.js

@@ -0,0 +1,120 @@
+import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
+import { Effect } from 'effect';
+import { EventEmitter } from 'events';
+const execFileMock = vi.fn();
+vi.mock('child_process', () => ({
+    execFile: (...args) => execFileMock(...args),
+}));
+vi.mock('./configurationManager.js', () => ({
+    configurationManager: {
+        getAutoApprovalConfig: vi.fn().mockReturnValue({ enabled: false }),
+    },
+}));
+describe('AutoApprovalVerifier', () => {
+    beforeEach(() => {
+        vi.useFakeTimers();
+        execFileMock.mockImplementation((_cmd, _args, _options, callback) => {
+            const child = new EventEmitter();
+            const write = vi.fn();
+            const end = vi.fn();
+            child.stdin = { write, end };
+            setTimeout(() => {
+                callback(null, '{"needsPermission":false}', '');
+                child.emit('close', 0);
+            }, 5);
+            return child;
+        });
+    });
+    afterEach(() => {
+        vi.useRealTimers();
+        vi.clearAllMocks();
+    });
+    it('executes claude check asynchronously without blocking input', async () => {
+        const { autoApprovalVerifier } = await import('./autoApprovalVerifier.js');
+        let ticked = false;
+        setTimeout(() => {
+            ticked = true;
+        }, 1);
+        const needsPermissionPromise = Effect.runPromise(autoApprovalVerifier.verifyNeedsPermission('output'));
+        await vi.runAllTimersAsync();
+        const result = await needsPermissionPromise;
+        expect(result.needsPermission).toBe(false);
+        expect(ticked).toBe(true);
+        const child = execFileMock.mock.results[0]?.value;
+        expect(execFileMock).toHaveBeenCalledWith('claude', expect.arrayContaining(['--model', 'haiku']), expect.objectContaining({ encoding: 'utf8' }), expect.any(Function));
+        expect(child.stdin.write).toHaveBeenCalledTimes(1);
+        expect(child.stdin.end).toHaveBeenCalledTimes(1);
+    });
+    it('returns true when Claude response indicates permission is needed', async () => {
+        execFileMock.mockImplementationOnce((_cmd, _args, _options, callback) => {
+            const child = new EventEmitter();
+            child.stdin = { write: vi.fn(), end: vi.fn() };
+            setTimeout(() => {
+                callback(null, '{"needsPermission":true}', '');
+                child.emit('close', 0);
+            }, 0);
+            return child;
+        });
+        const { autoApprovalVerifier } = await import('./autoApprovalVerifier.js');
+        const resultPromise = Effect.runPromise(autoApprovalVerifier.verifyNeedsPermission('Error: critical'));
+        await vi.runAllTimersAsync();
+        const result = await resultPromise;
+        expect(result.needsPermission).toBe(true);
+    });
+    it('defaults to requiring permission on malformed JSON', async () => {
+        execFileMock.mockImplementationOnce((_cmd, _args, _options, callback) => {
+            const child = new EventEmitter();
+            child.stdin = { write: vi.fn(), end: vi.fn() };
+            setTimeout(() => {
+                callback(null, 'not-json', '');
+                child.emit('close', 0);
+            }, 0);
+            return child;
+        });
+        const { autoApprovalVerifier } = await import('./autoApprovalVerifier.js');
+        const resultPromise = Effect.runPromise(autoApprovalVerifier.verifyNeedsPermission('logs'));
+        await vi.runAllTimersAsync();
+        const result = await resultPromise;
+        expect(result.needsPermission).toBe(true);
+        expect(result.reason).toBeDefined();
+    });
+    it('defaults to requiring permission when execution errors', async () => {
+        execFileMock.mockImplementationOnce((_cmd, _args, _options, callback) => {
+            const child = new EventEmitter();
+            child.stdin = { write: vi.fn(), end: vi.fn() };
+            setTimeout(() => {
+                callback(new Error('Command failed'), '', '');
+                child.emit('close', 1);
+            }, 0);
+            return child;
+        });
+        const { autoApprovalVerifier } = await import('./autoApprovalVerifier.js');
+        const resultPromise = Effect.runPromise(autoApprovalVerifier.verifyNeedsPermission('logs'));
+        await vi.runAllTimersAsync();
+        const result = await resultPromise;
+        expect(result.needsPermission).toBe(true);
+        expect(result.reason).toBeDefined();
+    });
+    it('passes JSON schema flag and prompt content to claude helper', async () => {
+        const write = vi.fn();
+        const terminalOutput = 'test output';
+        execFileMock.mockImplementationOnce((_cmd, args, _options, callback) => {
+            const child = new EventEmitter();
+            child.stdin = { write, end: vi.fn() };
+            setTimeout(() => {
+                callback(null, '{"needsPermission":false}', '');
+                child.emit('close', 0);
+            }, 0);
+            // Capture the args for assertions
+            child.capturedArgs = args;
+            return child;
+        });
+        const { autoApprovalVerifier } = await import('./autoApprovalVerifier.js');
+        const resultPromise = Effect.runPromise(autoApprovalVerifier.verifyNeedsPermission(terminalOutput));
+        await vi.runAllTimersAsync();
+        await resultPromise;
+        const args = execFileMock.mock.calls[0]?.[1] ?? [];
+        expect(args).toEqual(expect.arrayContaining(['--output-format', 'json', '--json-schema']));
+        expect(write).toHaveBeenCalledWith(expect.stringContaining(terminalOutput));
+    });
+});

package/dist/services/configurationManager.d.ts

@@ -21,6 +21,10 @@ export declare class ConfigurationManager {
     setConfiguration(config: ConfigurationData): void;
     getWorktreeConfig(): WorktreeConfig;
     setWorktreeConfig(worktreeConfig: WorktreeConfig): void;
+    getAutoApprovalConfig(): NonNullable<ConfigurationData['autoApproval']>;
+    setAutoApprovalConfig(autoApproval: NonNullable<ConfigurationData['autoApproval']>): void;
+    setAutoApprovalEnabled(enabled: boolean): void;
+    setAutoApprovalTimeout(timeout: number): void;
     getCommandConfig(): CommandConfig;
     setCommandConfig(commandConfig: CommandConfig): void;
     private migrateLegacyCommandToPresets;
@@ -109,5 +113,9 @@ export declare class ConfigurationManager {
      * Synchronous legacy shortcuts migration helper
      */
     private migrateLegacyShortcutsSync;
+    /**
+     * Get whether auto-approval is enabled
+     */
+    isAutoApprovalEnabled(): boolean;
 }
 export declare const configurationManager: ConfigurationManager;

package/dist/services/configurationManager.js

@@ -99,6 +99,20 @@ export class ConfigurationManager {
                 command: 'claude',
             };
         }
+        if (!this.config.autoApproval) {
+            this.config.autoApproval = {
+                enabled: false,
+                timeout: 30,
+            };
+        }
+        else {
+            if (!Object.prototype.hasOwnProperty.call(this.config.autoApproval, 'enabled')) {
+                this.config.autoApproval.enabled = false;
+            }
+            if (!Object.prototype.hasOwnProperty.call(this.config.autoApproval, 'timeout')) {
+                this.config.autoApproval.timeout = 30;
+            }
+        }
         // Migrate legacy command config to presets if needed
         this.migrateLegacyCommandToPresets();
     }
@@ -165,6 +179,28 @@ export class ConfigurationManager {
         this.config.worktree = worktreeConfig;
         this.saveConfig();
     }
+    getAutoApprovalConfig() {
+        const config = this.config.autoApproval || {
+            enabled: false,
+        };
+        // Default timeout to 30 seconds if not set
+        return {
+            ...config,
+            timeout: config.timeout ?? 30,
+        };
+    }
+    setAutoApprovalConfig(autoApproval) {
+        this.config.autoApproval = autoApproval;
+        this.saveConfig();
+    }
+    setAutoApprovalEnabled(enabled) {
+        const currentConfig = this.getAutoApprovalConfig();
+        this.setAutoApprovalConfig({ ...currentConfig, enabled });
+    }
+    setAutoApprovalTimeout(timeout) {
+        const currentConfig = this.getAutoApprovalConfig();
+        this.setAutoApprovalConfig({ ...currentConfig, timeout });
+    }
     getCommandConfig() {
         // For backward compatibility, return the default preset as CommandConfig
         const defaultPreset = this.getDefaultPreset();
@@ -511,6 +547,20 @@ export class ConfigurationManager {
                 command: 'claude',
             };
         }
+        if (!config.autoApproval) {
+            config.autoApproval = {
+                enabled: false,
+                timeout: 30,
+            };
+        }
+        else {
+            if (!Object.prototype.hasOwnProperty.call(config.autoApproval, 'enabled')) {
+                config.autoApproval.enabled = false;
+            }
+            if (!Object.prototype.hasOwnProperty.call(config.autoApproval, 'timeout')) {
+                config.autoApproval.timeout = 30;
+            }
+        }
         return config;
     }
     /**
@@ -537,5 +587,11 @@ export class ConfigurationManager {
         }
         return null;
     }
+    /**
+     * Get whether auto-approval is enabled
+     */
+    isAutoApprovalEnabled() {
+        return this.config.autoApproval?.enabled ?? false;
+    }
 }
 export const configurationManager = new ConfigurationManager();

package/dist/services/sessionManager.autoApproval.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/services/sessionManager.autoApproval.test.js

@@ -0,0 +1,160 @@
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
+import { EventEmitter } from 'events';
+import { spawn } from 'node-pty';
+import { STATE_CHECK_INTERVAL_MS, STATE_PERSISTENCE_DURATION_MS, } from '../constants/statePersistence.js';
+import { Effect } from 'effect';
+const detectStateMock = vi.fn();
+const verifyNeedsPermissionMock = vi.fn(() => Effect.succeed({ needsPermission: false }));
+vi.mock('node-pty', () => ({
+    spawn: vi.fn(),
+}));
+vi.mock('./stateDetector.js', () => ({
+    createStateDetector: () => ({ detectState: detectStateMock }),
+}));
+vi.mock('./configurationManager.js', () => ({
+    configurationManager: {
+        getConfig: vi.fn().mockReturnValue({
+            commands: [
+                {
+                    id: 'test',
+                    name: 'Test',
+                    command: 'test',
+                    args: [],
+                },
+            ],
+            defaultCommandId: 'test',
+        }),
+        getPresetById: vi.fn().mockReturnValue({
+            id: 'test',
+            name: 'Test',
+            command: 'test',
+            args: [],
+        }),
+        getDefaultPreset: vi.fn().mockReturnValue({
+            id: 'test',
+            name: 'Test',
+            command: 'test',
+            args: [],
+        }),
+        getHooks: vi.fn().mockReturnValue({}),
+        getStatusHooks: vi.fn().mockReturnValue({}),
+        setWorktreeLastOpened: vi.fn(),
+        getWorktreeLastOpenedTime: vi.fn(),
+        getWorktreeLastOpened: vi.fn(() => ({})),
+        isAutoApprovalEnabled: vi.fn(() => true),
+        setAutoApprovalEnabled: vi.fn(),
+    },
+}));
+vi.mock('@xterm/headless', () => ({
+    default: {
+        Terminal: vi.fn().mockImplementation(() => ({
+            buffer: {
+                active: {
+                    length: 0,
+                    getLine: vi.fn(),
+                },
+            },
+            write: vi.fn(),
+        })),
+    },
+}));
+vi.mock('./autoApprovalVerifier.js', () => ({
+    autoApprovalVerifier: { verifyNeedsPermission: verifyNeedsPermissionMock },
+}));
+describe('SessionManager - Auto Approval Recovery', () => {
+    let SessionManager;
+    let sessionManager;
+    let mockPtyInstances;
+    let eventEmitters;
+    beforeEach(async () => {
+        vi.useFakeTimers();
+        detectStateMock.mockReset();
+        verifyNeedsPermissionMock.mockClear();
+        mockPtyInstances = new Map();
+        eventEmitters = new Map();
+        spawn.mockImplementation((_command, _args, options) => {
+            const path = options.cwd;
+            const eventEmitter = new EventEmitter();
+            eventEmitters.set(path, eventEmitter);
+            const mockPty = {
+                onData: vi.fn((callback) => {
+                    eventEmitter.on('data', callback);
+                    return { dispose: vi.fn() };
+                }),
+                onExit: vi.fn((callback) => {
+                    eventEmitter.on('exit', callback);
+                    return { dispose: vi.fn() };
+                }),
+                write: vi.fn(),
+                resize: vi.fn(),
+                kill: vi.fn(),
+                process: 'test',
+                pid: 12345 + mockPtyInstances.size,
+            };
+            mockPtyInstances.set(path, mockPty);
+            return mockPty;
+        });
+        // Detection sequence: first prompt (no auto-approval), back to busy, second prompt (should auto-approve)
+        const detectionStates = [
+            'waiting_input',
+            'waiting_input',
+            'waiting_input',
+            'busy',
+            'busy',
+            'busy',
+            'waiting_input',
+            'waiting_input',
+            'waiting_input',
+        ];
+        let callIndex = 0;
+        detectStateMock.mockImplementation(() => {
+            const state = detectionStates[Math.min(callIndex, detectionStates.length - 1)];
+            callIndex++;
+            return state;
+        });
+        const sessionManagerModule = await import('./sessionManager.js');
+        SessionManager = sessionManagerModule.SessionManager;
+        sessionManager = new SessionManager();
+    });
+    afterEach(() => {
+        sessionManager.destroy();
+        vi.useRealTimers();
+        vi.clearAllMocks();
+    });
+    it('re-enables auto approval after leaving waiting_input', async () => {
+        const session = await Effect.runPromise(sessionManager.createSessionWithPresetEffect('/test/path'));
+        // Simulate a prior auto-approval failure
+        session.autoApprovalFailed = true;
+        // First waiting_input cycle (auto-approval suppressed)
+        vi.advanceTimersByTime(STATE_CHECK_INTERVAL_MS * 3);
+        expect(session.state).toBe('waiting_input');
+        expect(session.autoApprovalFailed).toBe(true);
+        // Transition back to busy should reset the failure flag
+        vi.advanceTimersByTime(STATE_CHECK_INTERVAL_MS * 3);
+        expect(session.state).toBe('busy');
+        expect(session.autoApprovalFailed).toBe(false);
+        // Next waiting_input should trigger pending_auto_approval
+        vi.advanceTimersByTime(STATE_CHECK_INTERVAL_MS * 3 + STATE_PERSISTENCE_DURATION_MS);
+        expect(session.state).toBe('pending_auto_approval');
+        await Promise.resolve(); // allow handleAutoApproval promise to resolve
+        expect(verifyNeedsPermissionMock).toHaveBeenCalled();
+    });
+    it('cancels auto approval when user input is detected', async () => {
+        const session = await Effect.runPromise(sessionManager.createSessionWithPresetEffect('/test/path'));
+        const abortController = new AbortController();
+        session.state = 'pending_auto_approval';
+        session.autoApprovalAbortController = abortController;
+        session.pendingState = 'pending_auto_approval';
+        session.pendingStateStart = Date.now();
+        const handler = vi.fn();
+        sessionManager.on('sessionStateChanged', handler);
+        sessionManager.cancelAutoApproval(session.worktreePath, 'User pressed a key');
+        expect(abortController.signal.aborted).toBe(true);
+        expect(session.autoApprovalAbortController).toBeUndefined();
+        expect(session.autoApprovalFailed).toBe(true);
+        expect(session.state).toBe('waiting_input');
+        expect(session.pendingState).toBeUndefined();
+        expect(handler).toHaveBeenCalledWith(session);
+        sessionManager.off('sessionStateChanged', handler);
+    });
+});

package/dist/services/sessionManager.d.ts

@@ -6,6 +6,7 @@ export interface SessionCounts {
     idle: number;
     busy: number;
     waiting_input: number;
+    pending_auto_approval: number;
     total: number;
 }
 export declare class SessionManager extends EventEmitter implements ISessionManager {
@@ -14,6 +15,9 @@ export declare class SessionManager extends EventEmitter implements ISessionMana
     private busyTimers;
     private spawn;
     detectTerminalState(session: Session): SessionState;
+    private getTerminalContent;
+    private handleAutoApproval;
+    private cancelAutoApprovalVerification;
     constructor();
     private createSessionId;
     private createTerminal;
@@ -50,6 +54,7 @@ export declare class SessionManager extends EventEmitter implements ISessionMana
     private cleanupSession;
     getSession(worktreePath: string): Session | undefined;
     setSessionActive(worktreePath: string, active: boolean): void;
+    cancelAutoApproval(worktreePath: string, reason?: string): void;
     destroySession(worktreePath: string): void;
     /**
      * Terminate session and cleanup resources using Effect-based error handling