clay-server 2.19.0 → 2.20.0-beta.1

package/lib/sdk-bridge.js

@@ -59,14 +59,14 @@ function createSDKBridge(opts) {
   var isMate = opts.isMate || (slug.indexOf("mate-") === 0);
   var dangerouslySkipPermissions = opts.dangerouslySkipPermissions || false;
   var onProcessingChanged = opts.onProcessingChanged || function () {};
-
+  var onTurnDone = opts.onTurnDone || null;
 
   // --- Skill discovery helpers ---
 
   function discoverSkillDirs() {
     var skills = {};
     var dirs = [
-      path.join(os.homedir(), ".claude", "skills"),
+      path.join(require("./config").REAL_HOME, ".claude", "skills"),
       path.join(cwd, ".claude", "skills"),
     ];
     for (var d = 0; d < dirs.length; d++) {
@@ -387,9 +387,13 @@ function createSDKBridge(opts) {
         });
       }
       // Reset for next turn in the same query
+      var donePreview = session.responsePreview || "";
       session.responsePreview = "";
       session.streamedText = false;
       sm.broadcastSessionList();
+      if (onTurnDone) {
+        try { onTurnDone(session, donePreview); } catch (e) {}
+      }
 
     } else if (parsed.type === "system" && parsed.subtype === "status") {
       if (parsed.status === "compacting") {
@@ -459,6 +463,18 @@ function createSDKBridge(opts) {
 
     } else if (parsed.type === "rate_limit_event" && parsed.rate_limit_info) {
       var info = parsed.rate_limit_info;
+
+      // Broadcast reset time for top-bar usage link
+      if (info.rateLimitType && info.resetsAt) {
+        send({
+          type: "rate_limit_usage",
+          rateLimitType: info.rateLimitType,
+          resetsAt: info.resetsAt * 1000,
+          status: info.status,
+        });
+      }
+
+      // Warning/rejection handling (existing behavior)
       if (info.status === "allowed_warning" || info.status === "rejected") {
         sendAndRecord(session, {
           type: "rate_limit",
@@ -832,14 +848,12 @@ function createSDKBridge(opts) {
     }
 
     if (dangerouslySkipPermissions) {
-      queryOptions.permissionMode = "bypassPermissions";
       queryOptions.allowDangerouslySkipPermissions = true;
-    } else {
-      var modeToApply = session.acceptEditsAfterStart ? "acceptEdits" : sm.currentPermissionMode;
-      if (session.acceptEditsAfterStart) delete session.acceptEditsAfterStart;
-      if (modeToApply && modeToApply !== "default") {
-        queryOptions.permissionMode = modeToApply;
-      }
+    }
+    var modeToApply = session.acceptEditsAfterStart ? "acceptEdits" : sm.currentPermissionMode;
+    if (session.acceptEditsAfterStart) delete session.acceptEditsAfterStart;
+    if (modeToApply && modeToApply !== "default") {
+      queryOptions.permissionMode = modeToApply;
     }
 
     if (session.cliSessionId) {
@@ -980,10 +994,11 @@ function createSDKBridge(opts) {
             sm.broadcastSessionList();
           }
           cleanupSessionWorker(session);
-          // Auto-continue for scheduler sessions on rate limit
+          // Auto-continue on rate limit (scheduler sessions, or user setting)
           var workerDidScheduleAC = false;
+          var workerACEnabled = session.onQueryComplete || (typeof opts.getAutoContinueSetting === "function" && opts.getAutoContinueSetting(session));
           if (session.rateLimitResetsAt && session.rateLimitResetsAt > Date.now()
-              && session.onQueryComplete && !session.destroying) {
+              && workerACEnabled && !session.destroying) {
             var wacDelay = session.rateLimitResetsAt - Date.now() + 3000;
             var wacResetsAt = session.rateLimitResetsAt;
             session.rateLimitResetsAt = null;
@@ -1149,6 +1164,52 @@ function createSDKBridge(opts) {
       if (mateAutoTools[toolName]) {
         return Promise.resolve({ behavior: "allow", updatedInput: input });
       }
+      // Auto-approve safe Bash commands (read-only, non-destructive)
+      if (toolName === "Bash" && input && input.command) {
+        var cmd = input.command.trim();
+        var firstWord = cmd.split(/[\s;|&]/)[0];
+        var safeBashCommands = {
+          ls: true, cat: true, head: true, tail: true, wc: true, file: true,
+          // File/dir inspection
+          ls: true, cat: true, head: true, tail: true, wc: true, file: true,
+          stat: true, find: true, tree: true, du: true, df: true,
+          readlink: true, realpath: true, basename: true, dirname: true,
+          // Search
+          grep: true, rg: true, ag: true, ack: true, fgrep: true, egrep: true,
+          // Lookup
+          which: true, type: true, whereis: true, command: true, hash: true,
+          // Environment/system info
+          echo: true, printf: true, env: true, printenv: true, pwd: true,
+          whoami: true, id: true, groups: true,
+          date: true, uname: true, hostname: true, uptime: true, arch: true,
+          nproc: true, free: true, lsb_release: true, sw_vers: true,
+          locale: true, timedatectl: true,
+          // Version checks
+          git: true, dotnet: true, ruby: true, java: true, javac: true,
+          rustc: true, gcc: true, clang: true, cmake: true,
+          // Text processing (pure stdin/stdout, no side effects)
+          jq: true, yq: true, sort: true, uniq: true, cut: true, tr: true,
+          awk: true, sed: true, paste: true, column: true, fold: true,
+          rev: true, tac: true, nl: true, expand: true, unexpand: true,
+          fmt: true, pr: true, csplit: true, comm: true, join: true,
+          // Comparison/hashing
+          diff: true, cmp: true, md5sum: true, sha256sum: true, sha1sum: true,
+          shasum: true, cksum: true, sum: true, b2sum: true, base64: true,
+          xxd: true, od: true, hexdump: true,
+          // Misc read-only
+          test: true, true: true, false: true, seq: true, yes: true,
+          sleep: true, tee: true, xargs: true, time: true,
+          man: true, help: true, info: true, apropos: true,
+          cal: true, bc: true, expr: true, factor: true,
+          lsof: true, ps: true, top: true, htop: true, pgrep: true,
+          netstat: true, ss: true, ifconfig: true, ip: true, dig: true,
+          nslookup: true, host: true, ping: true, traceroute: true,
+          curl: true, wget: true, http: true,
+        };
+        if (safeBashCommands[firstWord]) {
+          return Promise.resolve({ behavior: "allow", updatedInput: input });
+        }
+      }
     }
 
     // AskUserQuestion: wait for user answers via WebSocket
@@ -1373,10 +1434,11 @@ function createSDKBridge(opts) {
       session.pendingAskUser = {};
       session.pendingElicitations = {};
 
-      // Auto-continue for scheduler (Ralph Loop) sessions on rate limit
+      // Auto-continue on rate limit (scheduler sessions, or user setting)
       var didScheduleAutoContinue = false;
+      var acEnabled = session.onQueryComplete || (typeof opts.getAutoContinueSetting === "function" && opts.getAutoContinueSetting(session));
       if (session.rateLimitResetsAt && session.rateLimitResetsAt > Date.now()
-          && session.onQueryComplete && !session.destroying) {
+          && acEnabled && !session.destroying) {
         var acDelay = session.rateLimitResetsAt - Date.now() + 3000;
         var acResetsAt = session.rateLimitResetsAt;
         session.rateLimitResetsAt = null;
@@ -1527,15 +1589,13 @@ function createSDKBridge(opts) {
     }
 
     if (dangerouslySkipPermissions) {
-      queryOptions.permissionMode = "bypassPermissions";
       queryOptions.allowDangerouslySkipPermissions = true;
-    } else {
-      // Pass permissionMode in queryOptions at creation time to avoid race condition
-      var modeToApply = session.acceptEditsAfterStart ? "acceptEdits" : sm.currentPermissionMode;
-      if (session.acceptEditsAfterStart) delete session.acceptEditsAfterStart;
-      if (modeToApply && modeToApply !== "default") {
-        queryOptions.permissionMode = modeToApply;
-      }
+    }
+    // Pass permissionMode in queryOptions at creation time to avoid race condition
+    var modeToApply = session.acceptEditsAfterStart ? "acceptEdits" : sm.currentPermissionMode;
+    if (session.acceptEditsAfterStart) delete session.acceptEditsAfterStart;
+    if (modeToApply && modeToApply !== "default") {
+      queryOptions.permissionMode = modeToApply;
     }
 
     if (session.cliSessionId) {
@@ -1745,12 +1805,6 @@ function createSDKBridge(opts) {
   }
 
   async function setPermissionMode(session, mode) {
-    // When dangerouslySkipPermissions is active, ignore mode changes from UI
-    // to prevent accidentally downgrading from bypassPermissions
-    if (dangerouslySkipPermissions) {
-      send({ type: "config_state", model: sm.currentModel || "", mode: "bypassPermissions", effort: sm.currentEffort || "medium", betas: sm.currentBetas || [] });
-      return;
-    }
     if (session.worker) {
       session.worker.send({ type: "set_permission_mode", mode: mode });
       return;
@@ -1819,9 +1873,7 @@ function createSDKBridge(opts) {
 
     var query;
     try {
-      query = sdk.query({
-        prompt: mq,
-        options: {
+      var mentionQueryOptions = {
           cwd: cwd,
           systemPrompt: opts.claudeMd,
           settingSources: ["user"],
@@ -1837,18 +1889,32 @@ function createSDKBridge(opts) {
               message: "Read-only access. You cannot make changes via @mention.",
             });
           },
-        },
+        };
+      if (opts.model) mentionQueryOptions.model = opts.model;
+      query = sdk.query({
+        prompt: mq,
+        options: mentionQueryOptions,
       });
     } catch (e) {
       opts.onError("Failed to create mention query: " + (e.message || e));
       return null;
     }
 
-    // Push the initial message (context + question)
+    // Push the initial message (context + question, with optional images)
     var initialPrompt = opts.initialContext + "\n\n" + opts.initialMessage;
+    var initialContent = [];
+    if (opts.initialImages && opts.initialImages.length > 0) {
+      for (var ii = 0; ii < opts.initialImages.length; ii++) {
+        initialContent.push({
+          type: "image",
+          source: { type: "base64", media_type: opts.initialImages[ii].mediaType, data: opts.initialImages[ii].data },
+        });
+      }
+    }
+    initialContent.push({ type: "text", text: initialPrompt });
     mq.push({
       type: "user",
-      message: { role: "user", content: [{ type: "text", text: initialPrompt }] },
+      message: { role: "user", content: initialContent },
     });
 
     // Background stream processing loop
@@ -1951,7 +2017,7 @@ function createSDKBridge(opts) {
 
     return {
       // Push a follow-up message to the existing mention session
-      pushMessage: function (text, callbacks) {
+      pushMessage: function (text, callbacks, images) {
         currentOnDelta = callbacks.onDelta;
         currentOnDone = callbacks.onDone;
         currentOnError = callbacks.onError;
@@ -1959,11 +2025,24 @@ function createSDKBridge(opts) {
         mentionBlocks = {};
         responseFullText = "";
         responseStreamedText = false;
+        var content = [];
+        if (images && images.length > 0) {
+          for (var pi = 0; pi < images.length; pi++) {
+            content.push({
+              type: "image",
+              source: { type: "base64", media_type: images[pi].mediaType, data: images[pi].data },
+            });
+          }
+        }
+        content.push({ type: "text", text: text });
         mq.push({
           type: "user",
-          message: { role: "user", content: [{ type: "text", text: text }] },
+          message: { role: "user", content: content },
         });
       },
+      abort: function () {
+        try { abortController.abort(); } catch (e) {}
+      },
       close: function () {
         alive = false;
         try { mq.end(); } catch (e) {}

package/lib/server.js

@@ -1128,6 +1128,7 @@ function createServer(opts) {
         profile.username = mu.username;
         profile.userId = mu.id;
         profile.role = mu.role;
+        profile.autoContinueOnRateLimit = !!mu.autoContinueOnRateLimit;
         res.writeHead(200, { "Content-Type": "application/json" });
         res.end(JSON.stringify(profile));
         return;
@@ -1143,6 +1144,11 @@ function createServer(opts) {
         if (saved.avatarSeed) profile.avatarSeed = saved.avatarSeed;
         if (saved.avatarCustom) profile.avatarCustom = saved.avatarCustom;
       } catch (e) { /* file doesn't exist yet */ }
+      // Single-user auto-continue from daemon config
+      if (typeof opts.onGetDaemonConfig === "function") {
+        var dc = opts.onGetDaemonConfig();
+        profile.autoContinueOnRateLimit = !!dc.autoContinueOnRateLimit;
+      }
       // Check if custom avatar file exists
       try {
         var avatarFiles = fs.readdirSync(path.join(CONFIG_DIR, "avatars"));
@@ -1431,6 +1437,69 @@ function createServer(opts) {
       return;
     }
 
+    // PUT /api/user/auto-continue
+    if (req.method === "PUT" && fullUrl === "/api/user/auto-continue") {
+      var mu = getMultiUserFromReq(req);
+      if (!mu) {
+        // Single-user: use daemon config fallback
+        var body = "";
+        req.on("data", function (chunk) { body += chunk; });
+        req.on("end", function () {
+          try {
+            var data = JSON.parse(body);
+            if (typeof opts.onSetAutoContinue === "function") {
+              opts.onSetAutoContinue(!!data.enabled);
+            }
+            res.writeHead(200, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({ ok: true, autoContinueOnRateLimit: !!data.enabled }));
+          } catch (e) {
+            res.writeHead(400, { "Content-Type": "application/json" });
+            res.end('{"error":"Invalid request"}');
+          }
+        });
+        return;
+      }
+      var body = "";
+      req.on("data", function (chunk) { body += chunk; });
+      req.on("end", function () {
+        try {
+          var data = JSON.parse(body);
+          var result = users.setAutoContinue(mu.id, !!data.enabled);
+          if (result.error) {
+            res.writeHead(400, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({ error: result.error }));
+            return;
+          }
+          res.writeHead(200, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ ok: true, autoContinueOnRateLimit: result.autoContinueOnRateLimit }));
+        } catch (e) {
+          res.writeHead(400, { "Content-Type": "application/json" });
+          res.end('{"error":"Invalid request"}');
+        }
+      });
+      return;
+    }
+
+    // GET /api/user/auto-continue
+    if (req.method === "GET" && fullUrl === "/api/user/auto-continue") {
+      var mu = getMultiUserFromReq(req);
+      if (!mu) {
+        // Single-user: read from daemon config
+        var enabled = false;
+        if (typeof opts.onGetDaemonConfig === "function") {
+          var dc = opts.onGetDaemonConfig();
+          enabled = !!dc.autoContinueOnRateLimit;
+        }
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ autoContinueOnRateLimit: enabled }));
+        return;
+      }
+      var val = users.getAutoContinue(mu.id);
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(JSON.stringify({ autoContinueOnRateLimit: val }));
+      return;
+    }
+
     // --- Admin API endpoints (multi-user mode only) ---
 
     // List all users (admin only)
@@ -2109,7 +2178,6 @@ function createServer(opts) {
       var pResults = [];
       projects.forEach(function (pCtx, pSlug) {
         var status = pCtx.getStatus();
-        if (status.isMate) return;
         if (status.isWorktree) return;
         // Access check
         if (paletteUser && onGetProjectAccess) {
@@ -2131,7 +2199,7 @@ function createServer(opts) {
           }
           if (!pQuery) {
             // Recent mode: return all sessions sorted by lastActivity
-            pResults.push({
+            var pItem = {
               projectSlug: pSlug,
               projectTitle: status.title || status.project,
               projectIcon: status.icon || null,
@@ -2140,7 +2208,12 @@ function createServer(opts) {
               lastActivity: session.lastActivity || session.createdAt || 0,
               matchType: null,
               snippet: null
-            });
+            };
+            if (status.isMate) {
+              pItem.isMate = true;
+              pItem.mateId = status.mateId || null;
+            }
+            pResults.push(pItem);
           } else {
             // Search mode: match title and content
             var q = pQuery.toLowerCase();
@@ -2148,7 +2221,7 @@ function createServer(opts) {
             var contentSnippet = null;
             for (var hi = 0; hi < session.history.length; hi++) {
               var entry = session.history[hi];
-              if ((entry.type === "delta" || entry.type === "user_message") && entry.text) {
+              if ((entry.type === "delta" || entry.type === "user_message" || entry.type === "mention_user" || entry.type === "mention_response" || entry.type === "debate_turn_done") && entry.text) {
                 var lowerText = entry.text.toLowerCase();
                 var matchIdx = lowerText.indexOf(q);
                 if (matchIdx !== -1) {
@@ -2162,7 +2235,7 @@ function createServer(opts) {
               }
             }
             if (titleMatch || contentSnippet) {
-              pResults.push({
+              var sItem = {
                 projectSlug: pSlug,
                 projectTitle: status.title || status.project,
                 projectIcon: status.icon || null,
@@ -2171,7 +2244,12 @@ function createServer(opts) {
                 lastActivity: session.lastActivity || session.createdAt || 0,
                 matchType: titleMatch && contentSnippet ? "both" : titleMatch ? "title" : "content",
                 snippet: contentSnippet
-              });
+              };
+              if (status.isMate) {
+                sItem.isMate = true;
+                sItem.mateId = status.mateId || null;
+              }
+              pResults.push(sItem);
             }
           }
         });

package/lib/sessions.js

@@ -31,7 +31,7 @@ function createSessionManager(opts) {
   //   v2: ~/.claude-relay/sessions/{encoded-cwd}/  (if config.js rename didn't cover it)
   var legacySessionDirs = [
     path.join(cwd, ".claude-relay", "sessions"),
-    path.join(require("os").homedir(), ".claude-relay", "sessions", encodedCwd),
+    path.join(require("./config").REAL_HOME, ".claude-relay", "sessions", encodedCwd),
   ];
   for (var li = 0; li < legacySessionDirs.length; li++) {
     var oldSessionsDir = legacySessionDirs[li];
@@ -569,7 +569,7 @@ function createSessionManager(opts) {
       var contentMatch = false;
       for (var i = 0; i < session.history.length; i++) {
         var entry = session.history[i];
-        if ((entry.type === "delta" || entry.type === "user_message") && entry.text) {
+        if ((entry.type === "delta" || entry.type === "user_message" || entry.type === "mention_user" || entry.type === "mention_response" || entry.type === "debate_turn_done") && entry.text) {
           if (entry.text.toLowerCase().indexOf(q) !== -1) {
             contentMatch = true;
             break;
@@ -602,11 +602,11 @@ function createSessionManager(opts) {
     var currentTurnStart = -1;
     for (var i = 0; i < history.length; i++) {
       var entry = history[i];
-      if (entry.type === "user_message") {
+      if (entry.type === "user_message" || entry.type === "mention_user") {
         currentTurnStart = i;
         lastAssistantHitTurn = -1;
       }
-      if ((entry.type === "delta" || entry.type === "user_message") && entry.text) {
+      if ((entry.type === "delta" || entry.type === "user_message" || entry.type === "mention_user" || entry.type === "mention_response" || entry.type === "debate_turn_done") && entry.text) {
         // Skip duplicate delta hits within the same assistant turn
         if (entry.type === "delta" && currentTurnStart === lastAssistantHitTurn) continue;
         var text = entry.text;

package/lib/users.js

@@ -641,6 +641,30 @@ function canAccessSession(userId, session, project) {
   return false;
 }
 
+// --- Per-user auto-continue setting ---
+
+function getAutoContinue(userId) {
+  var data = loadUsers();
+  for (var i = 0; i < data.users.length; i++) {
+    if (data.users[i].id === userId) {
+      return !!data.users[i].autoContinueOnRateLimit;
+    }
+  }
+  return false;
+}
+
+function setAutoContinue(userId, enabled) {
+  var data = loadUsers();
+  for (var i = 0; i < data.users.length; i++) {
+    if (data.users[i].id === userId) {
+      data.users[i].autoContinueOnRateLimit = !!enabled;
+      saveUsers(data);
+      return { ok: true, autoContinueOnRateLimit: !!enabled };
+    }
+  }
+  return { error: "User not found" };
+}
+
 module.exports = {
   USERS_FILE: USERS_FILE,
   loadUsers: loadUsers,
@@ -691,4 +715,6 @@ module.exports = {
   getDmHidden: getDmHidden,
   addDmHidden: addDmHidden,
   removeDmHidden: removeDmHidden,
+  getAutoContinue: getAutoContinue,
+  setAutoContinue: setAutoContinue,
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clay-server",
-  "version": "2.19.0",
+  "version": "2.20.0-beta.1",
   "description": "Web UI for Claude Code. Any device. Push notifications.",
   "bin": {
     "clay-server": "./bin/cli.js",