episoda 0.2.102 → 0.2.104

package/dist/daemon/daemon-process.js

@@ -2786,7 +2786,7 @@ var require_package = __commonJS({
   "package.json"(exports2, module2) {
     module2.exports = {
       name: "episoda",
-      version: "0.2.102",
+      version: "0.2.104",
       description: "CLI tool for Episoda local development workflow orchestration",
       main: "dist/index.js",
       types: "dist/index.d.ts",
@@ -8374,7 +8374,7 @@ var AgentManager = class {
    * EP1173: Added autonomousMode parameter for permission-free execution
    */
   async startSession(options) {
-    const { sessionId, moduleId, moduleUid, projectPath, provider = "claude", autonomousMode = true, message, credentials, systemPrompt, onChunk, onComplete, onError } = options;
+    const { sessionId, moduleId, moduleUid, projectPath, provider = "claude", autonomousMode = true, canWrite = true, readOnlyReason, message, credentials, systemPrompt, onChunk, onComplete, onError } = options;
     if (this.sessions.has(sessionId)) {
       return { success: false, error: "Session already exists" };
     }
@@ -8413,6 +8413,10 @@ var AgentManager = class {
       // EP1133: Store provider in session
       autonomousMode,
       // EP1173: Store autonomous mode setting
+      canWrite,
+      // EP1205: Store write permission
+      readOnlyReason,
+      // EP1205: Store reason for read-only mode
       credentials,
       systemPrompt,
       status: "starting",
@@ -8437,16 +8441,50 @@ var AgentManager = class {
    * EP1133: Supports both Claude Code and Codex CLI with provider-specific handling.
    */
   async sendMessage(options) {
-    const { sessionId, message, isFirstMessage, agentSessionId, claudeSessionId, onChunk, onComplete, onError } = options;
+    const { sessionId, message, isFirstMessage, canWrite, readOnlyReason, agentSessionId, claudeSessionId, onChunk, onComplete, onError } = options;
     const session = this.sessions.get(sessionId);
     if (!session) {
       return { success: false, error: "Session not found" };
     }
     session.lastActivityAt = /* @__PURE__ */ new Date();
     session.status = "running";
+    if (canWrite !== void 0) {
+      session.canWrite = canWrite;
+      session.readOnlyReason = readOnlyReason;
+    }
     const resumeSessionId = agentSessionId || claudeSessionId;
     try {
       const provider = session.provider || "claude";
+      let effectiveSystemPrompt = session.systemPrompt || "";
+      if (session.canWrite === false) {
+        const readOnlyNotice = `
+\u26A0\uFE0F READ-ONLY SESSION - STRICT ENFORCEMENT
+
+You are operating in READ-ONLY mode. You MUST NOT perform ANY write operations:
+
+FORBIDDEN ACTIONS:
+- Create, modify, or delete any files (Write/Edit tools are blocked)
+- Run Bash commands that modify files (rm, mv, cp, touch, echo >, sed -i, etc.)
+- Run Bash commands that modify git state (git commit, git push, git checkout --, etc.)
+- Make any changes to the filesystem whatsoever
+
+Reason: ${session.readOnlyReason || "You do not have write access to this module."}
+
+ALLOWED ACTIONS:
+- Read files (using Read tool)
+- Run read-only Bash commands (ls, cat, git status, git log, git diff, grep, find, etc.)
+- Analyze code and provide recommendations
+- Explain architecture and suggest changes (but not implement them)
+
+If the user requests changes, explain what would need to be done but DO NOT execute any write operations.
+Violations will result in errors and may affect your ability to assist.
+
+---
+
+`;
+        effectiveSystemPrompt = readOnlyNotice + effectiveSystemPrompt;
+        console.log(`[AgentManager] EP1205: Read-only mode enabled for session ${sessionId}: ${session.readOnlyReason}`);
+      }
       let binaryPath;
       let args;
       if (provider === "codex") {
@@ -8461,21 +8499,39 @@ var AgentManager = class {
           session.projectPath
           // Working directory
         ];
-        if (session.autonomousMode) {
+        if (session.autonomousMode && session.canWrite !== false) {
           args.push("--full-auto");
           console.log(`[AgentManager] EP1173: Codex autonomous mode enabled - using --full-auto`);
         }
+        if (session.canWrite === false) {
+          args.push("--sandbox", "read-only");
+          console.log(`[AgentManager] EP1205: Codex read-only mode - using --sandbox read-only`);
+        }
         if (resumeSessionId) {
           args.push("resume", resumeSessionId);
         }
         let fullMessage = message;
-        if (isFirstMessage && session.systemPrompt) {
-          fullMessage = `${session.systemPrompt}
+        if (isFirstMessage && effectiveSystemPrompt) {
+          fullMessage = `${effectiveSystemPrompt}
 
 ---
 
 ${message}`;
         }
+        if (session.canWrite === false && !isFirstMessage) {
+          const readOnlyReminder = `
+[SYSTEM REMINDER - READ-ONLY MODE]
+You are in READ-ONLY mode. Do NOT:
+- Create, modify, or delete any files
+- Run commands that write to the filesystem
+- Make git commits or changes
+Reason: ${session.readOnlyReason || "No write access to this module."}
+If changes are needed, explain what needs to be done but do not execute.
+[END SYSTEM REMINDER]
+
+`;
+          fullMessage = readOnlyReminder + fullMessage;
+        }
         args.push(fullMessage);
       } else {
         binaryPath = await ensureClaudeBinary();
@@ -8494,12 +8550,26 @@ ${message}`;
           args.push("--model", session.credentials.preferredModel);
           console.log(`[AgentManager] EP1152: Using user preferred model: ${session.credentials.preferredModel}`);
         }
-        if (session.autonomousMode) {
+        if (session.autonomousMode && session.canWrite !== false) {
           args.push("--dangerously-skip-permissions");
           console.log(`[AgentManager] EP1173: Autonomous mode enabled - skipping permission prompts`);
+        } else if (session.autonomousMode && session.canWrite === false) {
+          console.log(`[AgentManager] EP1205: Autonomous mode with read-only - NOT skipping permissions (safety net)`);
+        }
+        if (isFirstMessage && effectiveSystemPrompt) {
+          args.push("--system-prompt", effectiveSystemPrompt);
         }
-        if (isFirstMessage && session.systemPrompt) {
-          args.push("--system-prompt", session.systemPrompt);
+        if (session.canWrite === false) {
+          args.push("--disallowed-tools", "Write,Edit,MultiEdit,NotebookEdit");
+          console.log("[AgentManager] EP1205: Read-only enforcement - disallowed Write/Edit tools");
+          if (!isFirstMessage) {
+            const readOnlyReminder = `
+REMINDER: You are in READ-ONLY mode. You cannot create, modify, or delete files.
+Reason: ${session.readOnlyReason || "No write access to this module."}
+If changes are needed, explain what needs to be done.`;
+            args.push("--append-system-prompt", readOnlyReminder);
+            console.log("[AgentManager] EP1205: Appended read-only reminder to subsequent message");
+          }
         }
         if (resumeSessionId) {
           args.push("--resume", resumeSessionId);
@@ -10217,11 +10287,23 @@ var Daemon = class _Daemon {
           if (cmd.action === "start") {
             const callbacks = createStreamingCallbacks(cmd.sessionId, message.id);
             let agentWorkingDir = projectPath;
-            if (cmd.moduleUid) {
+            if (cmd.moduleUid && cmd.sessionContext === "worktree") {
               const worktreeInfo = await getWorktreeInfoForModule(cmd.moduleUid);
               if (worktreeInfo?.exists) {
                 agentWorkingDir = worktreeInfo.path;
-                console.log(`[Daemon] EP959: Agent for ${cmd.moduleUid} in worktree: ${agentWorkingDir}`);
+                console.log(`[Daemon] EP1205: Agent for ${cmd.moduleUid} in worktree: ${agentWorkingDir}`);
+              } else {
+                console.log(`[Daemon] EP1205: Worktree requested but not found for ${cmd.moduleUid}, using project root`);
+              }
+            } else if (cmd.sessionContext === "project_root") {
+              console.log(`[Daemon] EP1205: Agent for ${cmd.moduleUid || "project"} in project root (sessionContext=project_root)`);
+            } else {
+              if (cmd.moduleUid) {
+                const worktreeInfo = await getWorktreeInfoForModule(cmd.moduleUid);
+                if (worktreeInfo?.exists) {
+                  agentWorkingDir = worktreeInfo.path;
+                  console.log(`[Daemon] EP959: Agent for ${cmd.moduleUid} in worktree (legacy, no sessionContext): ${agentWorkingDir}`);
+                }
               }
             }
             const startResult = await agentManager.startSession({
@@ -10233,6 +10315,10 @@ var Daemon = class _Daemon {
               // EP1133: Multi-provider support
               autonomousMode: cmd.autonomousMode ?? true,
               // EP1173: Default to autonomous
+              canWrite: cmd.canWrite ?? true,
+              // EP1205: Default to writable
+              readOnlyReason: cmd.readOnlyReason,
+              // EP1205: Pass reason for UI
               message: cmd.message,
               credentials: cmd.credentials,
               systemPrompt: cmd.systemPrompt,
@@ -10250,6 +10336,10 @@ var Daemon = class _Daemon {
               sessionId: cmd.sessionId,
               message: cmd.message,
               isFirstMessage: false,
+              canWrite: cmd.canWrite,
+              // EP1205: Update write permission if changed
+              readOnlyReason: cmd.readOnlyReason,
+              // EP1205: Update reason if changed
               agentSessionId: cmd.agentSessionId || cmd.claudeSessionId,
               claudeSessionId: cmd.claudeSessionId,
               // Backward compat