hoomanjs 1.7.0 → 1.8.0

package/README.md

@@ -27,10 +27,10 @@ It gives you:
 ## Features
 
 - Multiple LLM providers: `ollama`, `openai`, `anthropic`, `google`, `bedrock`, `groq`, `moonshot`, `xai`
-- Local configuration under `~/.hooman`
+- Local configuration under `./.hooman` when that folder exists in the current working directory, otherwise `~/.hooman`
 - MCP server support via `stdio`, `streamable-http`, and `sse`
 - MCP server `instructions` support: server-provided instructions are appended to the agent system prompt
-- MCP channel notification support through `hooman daemon --channel <name>`
+- MCP channel notification support through `hooman daemon --channels`
 - Skill discovery / install / removal through the integrated configure flow
 - Interactive terminal UI for chat and configuration
 
@@ -109,6 +109,12 @@ Choose a toolkit size:
 hooman exec "Summarize this repo" --toolkit lite
 ```
 
+Skip interactive tool approval (allows every tool call; use only when you trust the prompt and environment):
+
+```bash
+hooman exec "Summarize this repo" --yolo
+```
+
 ### `hooman chat`
 
 Start an interactive stateful chat session.
@@ -135,30 +141,36 @@ Choose a toolkit size:
 hooman chat --toolkit max
 ```
 
-### `hooman daemon`
-
-Run a long-lived daemon that subscribes to one or more MCP notification channels and feeds each received notification into the agent as a queued prompt.
+Skip the in-chat tool approval UI (same semantics as `exec --yolo`):
 
 ```bash
-hooman daemon --channel hooman/channel
+hooman chat --yolo
 ```
 
-Subscribe to multiple channels:
+### `hooman daemon`
+
+Run a long-lived daemon that subscribes to MCP servers advertising the fixed `hooman/channel` capability and feeds each received notification into the agent as a queued prompt.
 
 ```bash
-hooman daemon --channel hooman/channel --channel alerts/channel
+hooman daemon --channels
 ```
 
 Resume or pin a session id:
 
 ```bash
-hooman daemon --session my-daemon --channel hooman/channel
+hooman daemon --session my-daemon --channels
 ```
 
 Choose a toolkit size:
 
 ```bash
-hooman daemon --toolkit full --channel hoomanjs/channel
+hooman daemon --toolkit full --channels
+```
+
+Skip remote channel permission relay and allow every tool call from daemon turns (same risk profile as `exec` / `chat` with `--yolo`):
+
+```bash
+hooman daemon --channels --yolo
 ```
 
 ### Toolkit Levels
@@ -202,7 +214,7 @@ hooman acp --toolkit max
 
 ACP notes:
 
-- ACP sessions are stored under `~/.hooman/acp-sessions`
+- ACP sessions are stored under the active Hooman data directory in `acp-sessions/`
 - ACP loads MCP servers passed on `session/new` and `session/load`, in addition to Hooman's local `mcp.json`
 - ACP `session/new` and `session/load` support `_meta.userId` and `_meta.systemPrompt`
 - when `_meta.systemPrompt` is provided, it is appended to the agent system prompt with a section break
@@ -212,7 +224,8 @@ ACP notes:
 Hooman stores its data in:
 
 ```text
-~/.hooman/
+./.hooman/   # when this folder exists in the current working directory
+~/.hooman/   # otherwise
 ```
 
 Important files and folders:
@@ -440,17 +453,20 @@ Uses the Vercel AI SDK xAI provider (`@ai-sdk/xai`) on top of Strands `VercelMod
 
 - MCP server `instructions` from the protocol `initialize` response are appended to Hooman's system prompt, after local `instructions.md` and session-specific prompt overrides.
 - Hooman reads these instructions automatically from connected MCP servers when building the agent.
-- `hooman daemon` can subscribe to server-published notification channels such as `hoomanjs/channel`.
-- Only MCP servers that advertise the requested channel capability are subscribed.
+- `hooman daemon --channels` subscribes to MCP servers that advertise the experimental `hooman/channel` capability.
+- Hooman also reads `hooman/user`, `hooman/session`, and `hooman/thread` capability paths so daemon turns preserve origin metadata from the source channel.
 - When a matching notification is received, Hooman uses `params.content` as the prompt if it is a string; otherwise it JSON-stringifies the notification params and sends that to the agent.
-- Daemon mode processes notifications sequentially, reuses the same agent session over time, and **auto-approves tool calls**.
+- Daemon mode processes notifications sequentially and reuses the same agent session over time.
+- Tool calls from daemon turns are no longer blanket auto-approved: if the originating MCP server supports `hooman/channel/permission`, Hooman relays a remote approval request back to that source; otherwise the tool call is denied.
+- `exec`, `chat`, and `daemon` accept `--yolo` to bypass those approval paths and allow all tools without prompting or relay.
 
 ## Skills
 
 Skills are installed under:
 
 ```text
-~/.hooman/skills
+./.hooman/skills   # when ./.hooman exists
+~/.hooman/skills   # otherwise
 ```
 
 The configure workflow can:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hoomanjs",
-  "version": "1.7.0",
+  "version": "1.8.0",
   "description": "Bun-powered local AI agent CLI with chat, exec, ACP, MCP, and skills support.",
   "author": {
     "name": "Vaibhav Pandey",

package/src/chat/app.tsx

@@ -31,6 +31,7 @@ type ChatAppProps = {
   manager: McpManager;
   registry: Registry;
   initialPrompt?: string;
+  yolo?: boolean;
   onExit: () => void;
 };
 
@@ -73,6 +74,7 @@ export function ChatApp({
   manager,
   registry,
   initialPrompt,
+  yolo,
   onExit,
 }: ChatAppProps): React.JSX.Element {
   const { exit } = useApp();
@@ -141,13 +143,13 @@ export function ChatApp({
     });
     const cleanupHook = agent.addHook(
       BeforeToolCallEvent,
-      createChatApprovalHandler(config, controller),
+      createChatApprovalHandler(config, controller, { yolo }),
     );
     return () => {
       cleanupListener();
       cleanupHook();
     };
-  }, [agent, config]);
+  }, [agent, config, yolo]);
 
   const appendLine = useCallback((line: ChatLine) => {
     setLines((prev) => [...prev, line]);

package/src/chat/approvals.ts

@@ -69,9 +69,13 @@ export class ChatApprovalController {
 export function createChatApprovalHandler(
   config: Config,
   controller: ChatApprovalController,
+  options?: { yolo?: boolean },
 ): (event: BeforeToolCallEvent) => Promise<void> {
   return async (event: BeforeToolCallEvent) => {
     const toolName = event.toolUse.name;
+    if (options?.yolo) {
+      return;
+    }
     if (
       INTERNAL_ALWAYS_ALLOWED.has(toolName) ||
       config.tools.allowed.includes(toolName)

package/src/chat/index.tsx

@@ -13,6 +13,7 @@ type LaunchChatOptions = {
   registry: Registry;
   sessionId: string;
   initialPrompt?: string;
+  yolo?: boolean;
 };
 
 export async function chat(options: LaunchChatOptions): Promise<void> {
@@ -25,6 +26,7 @@ export async function chat(options: LaunchChatOptions): Promise<void> {
       registry={options.registry}
       sessionId={options.sessionId}
       initialPrompt={options.initialPrompt}
+      yolo={options.yolo}
       onExit={() => {
         done = true;
       }}

package/src/cli.ts

@@ -10,6 +10,7 @@ import { chat } from "./chat/index.tsx";
 import { configure } from "./configure/index.tsx";
 import { runAcpStdio } from "./acp/acp-agent.ts";
 import { main as daemon } from "./daemon/index.ts";
+import { createDaemonApprovalHandler } from "./daemon/approvals.ts";
 
 async function readPackageMeta(): Promise<{
   name: string;
@@ -58,11 +59,12 @@ program
   .description("Bootstrap an agent and run a single prompt.")
   .argument("<prompt>", "Prompt to run once.")
   .option("-s, --session <id>", "Session ID to use.")
+  .option("--yolo", "Allow all tools without prompting for approval.")
   .addOption(createToolkitOption())
   .action(
     async (
       prompt: string,
-      options: { session?: string; toolkit?: Toolkit },
+      options: { session?: string; toolkit?: Toolkit; yolo?: boolean },
     ) => {
       const sessionId = options.session?.trim() || crypto.randomUUID();
       const {
@@ -73,7 +75,10 @@ program
         { sessionId, toolkit: options.toolkit ?? "full" },
         true,
       );
-      agent.addHook(BeforeToolCallEvent, createToolApprovalHandler(config));
+      agent.addHook(
+        BeforeToolCallEvent,
+        createToolApprovalHandler(config, { yolo: Boolean(options.yolo) }),
+      );
       try {
         await agent.invoke(prompt);
       } finally {
@@ -89,11 +94,12 @@ program
   .description("Start an interactive, stateful CLI chat session.")
   .argument("[prompt]", "Optional initial prompt to run after startup.")
   .option("-s, --session <id>", "Session ID to use.")
+  .option("--yolo", "Allow all tools without prompting for approval.")
   .addOption(createToolkitOption())
   .action(
     async (
       prompt: string | undefined,
-      options: { session?: string; toolkit?: Toolkit },
+      options: { session?: string; toolkit?: Toolkit; yolo?: boolean },
     ) => {
       const sessionId = options.session?.trim() || crypto.randomUUID();
       const {
@@ -114,6 +120,7 @@ program
           registry,
           sessionId,
           initialPrompt: prompt?.trim() || undefined,
+          yolo: Boolean(options.yolo),
         });
       } finally {
         try {
@@ -129,26 +136,24 @@ program
     "Run a background daemon that processes MCP channel notifications as prompts.",
   )
   .option("-s, --session <id>", "Session ID to use.")
-  .requiredOption(
-    "-c, --channel <name>",
-    "MCP notification channel to subscribe to (repeatable).",
-    (value: string, previous?: string[]) => [...(previous ?? []), value],
-  )
+  .option("--channels", "Subscribe to MCP servers advertising hooman/channel.")
   .option(
     "--debug",
     "Log each MCP channel notification payload to the console.",
   )
+  .option("--yolo", "Allow all tools without remote approval or prompts.")
   .addOption(createToolkitOption())
   .action(
     async (options: {
       session?: string;
       toolkit?: Toolkit;
-      channel?: string[];
+      channels?: boolean;
       debug?: boolean;
+      yolo?: boolean;
     }) => {
       const session = options.session?.trim();
-      const channels = options.channel ?? [];
       const {
+        config,
         agent,
         mcp: { manager },
       } = await bootstrap(
@@ -159,13 +164,17 @@ program
         },
         true,
       );
-      // Daemon mode is non-interactive: approve tool calls by default.
-      agent.addHook(BeforeToolCallEvent, async () => {});
+      agent.addHook(
+        BeforeToolCallEvent,
+        createDaemonApprovalHandler(config, manager, agent, {
+          yolo: Boolean(options.yolo),
+        }),
+      );
       try {
         await daemon({
           agent,
           manager,
-          channels,
+          channels: Boolean(options.channels),
           session,
           debug: Boolean(options.debug),
         });

package/src/core/mcp/index.ts

@@ -1,8 +1,15 @@
 import { Config, type NamedMcpTransport } from "./config.ts";
-import { Manager, type ChannelMessage } from "./manager.ts";
+import {
+  Manager,
+  HOOMAN_CHANNEL,
+  HOOMAN_CHANNEL_PERMISSION,
+  type ChannelMessage,
+  type ChannelPermissionBehavior,
+} from "./manager.ts";
 
 export { Config, Manager };
-export type { ChannelMessage, NamedMcpTransport };
+export { HOOMAN_CHANNEL, HOOMAN_CHANNEL_PERMISSION };
+export type { ChannelMessage, ChannelPermissionBehavior, NamedMcpTransport };
 export { createMcpTools } from "./tools.ts";
 
 export function createMcpConfig(path: string): Config {

package/src/core/mcp/manager.ts

@@ -9,14 +9,20 @@ import { z } from "zod";
 import { Config, type NamedMcpTransport } from "./config.ts";
 import type { McpTransport } from "./types.ts";
 
+export const HOOMAN_CHANNEL = "hooman/channel";
+export const HOOMAN_CHANNEL_PERMISSION = "hooman/channel/permission";
+const HOOMAN_CHANNEL_PERMISSION_METHOD = `notifications/${HOOMAN_CHANNEL_PERMISSION}`;
+
 export type ChannelMessageMeta = {
   server: string;
   channel: string;
   method: string;
   params: unknown;
+  source?: string;
   identity: {
     user?: string;
     session?: string;
+    thread?: string;
   };
 };
 
@@ -25,6 +31,19 @@ export type ChannelMessage = {
   meta: ChannelMessageMeta;
 };
 
+export type ChannelPermissionBehavior = "allow_once" | "allow_always" | "deny";
+
+type ChannelPermissionRequest = {
+  requestId: string;
+  tool: string;
+  description: string;
+  preview: string;
+  source?: string;
+  user?: string;
+  session?: string;
+  thread?: string;
+};
+
 function transportFor(spec: McpTransport): Transport {
   switch (spec.type) {
     case "stdio":
@@ -74,7 +93,7 @@ function readPathValue(
 
 function readIdentityPath(
   experimental: unknown,
-  key: "identity/user" | "identity/session",
+  key: "hooman/user" | "hooman/session" | "hooman/thread",
 ): string | undefined {
   const path = get(experimental, [key, "path"]);
   return typeof path === "string" && path.trim().length > 0
@@ -82,12 +101,24 @@ function readIdentityPath(
     : undefined;
 }
 
+function readSourceValue(value: unknown): string | undefined {
+  return readPathValue(value, "meta.source");
+}
+
 /**
  * Holds one {@link McpClient} per named entry in {@link Config}. Call {@link reload}
  * after changing the file on disk (or construct and then {@link reload} once).
  */
 export class Manager {
   private instances: Map<string, McpClient> | null = null;
+  private readonly pendingPermissions = new Map<
+    string,
+    {
+      resolve: (behavior: ChannelPermissionBehavior) => void;
+      reject: (reason: Error) => void;
+      timer: ReturnType<typeof setTimeout>;
+    }
+  >();
 
   public constructor(
     private readonly config: Config,
@@ -132,6 +163,11 @@ export class Manager {
   }
 
   public async disconnect(): Promise<void> {
+    for (const [key, pending] of this.pendingPermissions.entries()) {
+      clearTimeout(pending.timer);
+      pending.reject(new Error(`Pending permission "${key}" cancelled.`));
+    }
+    this.pendingPermissions.clear();
     const toClose = this.instances;
     this.instances = null;
     if (!toClose?.size) {
@@ -206,8 +242,48 @@ export class Manager {
       await client.connect();
       const experimental =
         client.client.getServerCapabilities()?.experimental ?? {};
-      const user = readIdentityPath(experimental, "identity/user");
-      const session = readIdentityPath(experimental, "identity/session");
+      const user = readIdentityPath(experimental, "hooman/user");
+      const session = readIdentityPath(experimental, "hooman/session");
+      const thread = readIdentityPath(experimental, "hooman/thread");
+      const supportsPermission =
+        Boolean(get(experimental, [HOOMAN_CHANNEL_PERMISSION])) &&
+        typeof (client.client as { setNotificationHandler?: unknown })
+          .setNotificationHandler === "function";
+
+      if (supportsPermission) {
+        const schema = z.object({
+          method: z.literal(HOOMAN_CHANNEL_PERMISSION_METHOD),
+          params: z.object({
+            request_id: z.string().min(1),
+            behavior: z.enum(["allow_once", "allow_always", "deny"]),
+          }),
+        });
+        const handler = (notification: {
+          params?: {
+            request_id?: string;
+            behavior?: ChannelPermissionBehavior;
+          };
+        }) => {
+          const requestId = notification.params?.request_id?.trim();
+          const behavior = notification.params?.behavior;
+          if (!requestId || !behavior) {
+            return;
+          }
+          const key = `${server}:${requestId}`;
+          const pending = this.pendingPermissions.get(key);
+          if (!pending) {
+            return;
+          }
+          this.pendingPermissions.delete(key);
+          clearTimeout(pending.timer);
+          pending.resolve(behavior);
+        };
+        client.client.setNotificationHandler(schema, handler);
+        unsubs.push(() => {
+          client.client.setNotificationHandler(schema, () => {});
+        });
+      }
+
       for (const channel of requested) {
         if (!Object.hasOwn(experimental, channel)) {
           continue;
@@ -235,9 +311,11 @@ export class Manager {
               channel,
               method,
               params,
+              source: readSourceValue(params),
               identity: {
                 user: readPathValue(params, user),
                 session: readPathValue(params, session),
+                thread: readPathValue(params, thread),
               },
             },
           });
@@ -256,6 +334,104 @@ export class Manager {
     };
   }
 
+  public async supportsChannelPermission(server: string): Promise<boolean> {
+    if (this.instances === null) {
+      this.reload();
+    }
+    const client = this.instances!.get(server);
+    if (!client) {
+      return false;
+    }
+    await client.connect();
+    const experimental =
+      client.client.getServerCapabilities()?.experimental ?? {};
+    return Boolean(get(experimental, [HOOMAN_CHANNEL_PERMISSION]));
+  }
+
+  public async requestChannelPermission(
+    server: string,
+    request: ChannelPermissionRequest,
+    timeoutMs = 120_000,
+  ): Promise<ChannelPermissionBehavior> {
+    if (this.instances === null) {
+      this.reload();
+    }
+    const client = this.instances!.get(server);
+    if (!client) {
+      throw new Error(`MCP server "${server}" is not connected.`);
+    }
+    await client.connect();
+    const experimental =
+      client.client.getServerCapabilities()?.experimental ?? {};
+    if (!Object.hasOwn(experimental, HOOMAN_CHANNEL_PERMISSION)) {
+      throw new Error(
+        `MCP server "${server}" does not support ${HOOMAN_CHANNEL_PERMISSION}.`,
+      );
+    }
+
+    const requestId = request.requestId.trim();
+    if (!requestId) {
+      throw new Error("requestId is required.");
+    }
+    const key = `${server}:${requestId}`;
+    if (this.pendingPermissions.has(key)) {
+      throw new Error(`Permission request "${requestId}" is already pending.`);
+    }
+
+    const response = new Promise<ChannelPermissionBehavior>(
+      (resolve, reject) => {
+        const timer = setTimeout(() => {
+          this.pendingPermissions.delete(key);
+          reject(
+            new Error(
+              `Permission request "${requestId}" timed out after ${timeoutMs}ms.`,
+            ),
+          );
+        }, timeoutMs);
+        this.pendingPermissions.set(key, { resolve, reject, timer });
+      },
+    );
+
+    try {
+      const sender = client.client as {
+        notification?: (payload: unknown) => Promise<void>;
+      };
+      if (typeof sender.notification !== "function") {
+        throw new Error(
+          `MCP client for "${server}" cannot send notifications.`,
+        );
+      }
+      await sender.notification({
+        method: "notifications/hooman/channel/permission_request",
+        params: {
+          request_id: requestId,
+          tool_name: request.tool,
+          description: request.description,
+          input_preview: request.preview,
+          options: [
+            { id: "allow_once", label: "Allow once" },
+            { id: "allow_always", label: "Always allow" },
+            { id: "deny", label: "Deny" },
+          ],
+          meta: {
+            ...(request.source ? { source: request.source } : {}),
+            ...(request.user ? { user: request.user } : {}),
+            ...(request.session ? { session: request.session } : {}),
+            ...(request.thread ? { thread: request.thread } : {}),
+          },
+        },
+      });
+      return await response;
+    } catch (error) {
+      const pending = this.pendingPermissions.get(key);
+      if (pending) {
+        clearTimeout(pending.timer);
+        this.pendingPermissions.delete(key);
+      }
+      throw error;
+    }
+  }
+
   private toChannelPrompt(method: string, params?: unknown): string {
     if (
       params &&

package/src/core/utils/paths.ts

@@ -1,10 +1,15 @@
+import { existsSync } from "fs";
 import { homedir } from "os";
 import { join } from "path";
 
-const HOME_FOLDER_NAME = ".hooman";
+const APP_FOLDER = ".hooman";
 
 export const basePath = () => {
-  return join(homedir(), HOME_FOLDER_NAME);
+  const local = join(process.cwd(), APP_FOLDER);
+  if (existsSync(local)) {
+    return local;
+  }
+  return join(homedir(), APP_FOLDER);
 };
 
 export const configJsonPath = () => {

package/src/daemon/approvals.ts

@@ -0,0 +1,114 @@
+import type { Agent, BeforeToolCallEvent } from "@strands-agents/sdk";
+import type { Config } from "../core/config.ts";
+import type { Manager as McpManager } from "../core/mcp/index.ts";
+import { INTERNAL_ALWAYS_ALLOWED } from "../acp/utils/tool-kind.ts";
+
+const INPUT_PREVIEW_LIMIT = 1_024;
+
+type ChannelOrigin = {
+  server?: string;
+  source?: string;
+  user?: string;
+  session?: string;
+  thread?: string;
+};
+
+function randomRequestId(): string {
+  return crypto.randomUUID();
+}
+
+function inputPreview(input: unknown): string {
+  try {
+    const text = JSON.stringify(input, null, 2) ?? "null";
+    return text.length > INPUT_PREVIEW_LIMIT
+      ? `${text.slice(0, INPUT_PREVIEW_LIMIT)}\n... (truncated)`
+      : text;
+  } catch {
+    return String(input);
+  }
+}
+
+function readOrigin(agent: Agent): ChannelOrigin | null {
+  const raw = agent.appState.get("origin");
+  if (!raw || typeof raw !== "object") {
+    return null;
+  }
+  const entry = raw as Record<string, unknown>;
+  const text = (value: unknown): string | undefined => {
+    if (typeof value !== "string") {
+      return undefined;
+    }
+    const trimmed = value.trim();
+    return trimmed.length > 0 ? trimmed : undefined;
+  };
+  return {
+    server: text(entry.server),
+    source: text(entry.source),
+    user: text(entry.user),
+    session: text(entry.session),
+    thread: text(entry.thread),
+  };
+}
+
+export function createDaemonApprovalHandler(
+  config: Config,
+  manager: McpManager,
+  agent: Agent,
+  options?: { yolo?: boolean },
+): (event: BeforeToolCallEvent) => Promise<void> {
+  return async (event: BeforeToolCallEvent) => {
+    const name = event.toolUse.name;
+    if (options?.yolo) {
+      return;
+    }
+    if (
+      INTERNAL_ALWAYS_ALLOWED.has(name) ||
+      config.tools.allowed.includes(name)
+    ) {
+      return;
+    }
+
+    const origin = readOrigin(agent);
+    if (!origin?.server) {
+      event.cancel = `Tool "${name}" was denied: missing daemon origin context.`;
+      return;
+    }
+
+    const supported = await manager.supportsChannelPermission(origin.server);
+    if (!supported) {
+      event.cancel = `Tool "${name}" was denied: MCP server "${origin.server}" does not support hooman/channel/permission.`;
+      return;
+    }
+
+    let behavior: "allow_once" | "allow_always" | "deny";
+    try {
+      behavior = await manager.requestChannelPermission(origin.server, {
+        requestId: randomRequestId(),
+        tool: name,
+        description:
+          event.tool?.description?.trim() ??
+          `Run tool "${name}" in daemon mode.`,
+        preview: inputPreview(event.toolUse.input),
+        source: origin.source,
+        user: origin.user,
+        session: origin.session,
+        thread: origin.thread,
+      });
+    } catch (error) {
+      event.cancel = `Tool "${name}" was denied: failed to request permission (${error instanceof Error ? error.message : String(error)}).`;
+      return;
+    }
+
+    if (behavior === "allow_once") {
+      return;
+    }
+    if (behavior === "allow_always") {
+      if (!config.tools.allowed.includes(name)) {
+        config.update({ tools: { allowed: [...config.tools.allowed, name] } });
+      }
+      return;
+    }
+
+    event.cancel = `Tool "${name}" was rejected by remote approval.`;
+  };
+}

package/src/daemon/index.ts

@@ -1,5 +1,6 @@
 import { stderr } from "node:process";
 import type { Agent } from "@strands-agents/sdk";
+import { HOOMAN_CHANNEL } from "../core/mcp/index.ts";
 import type {
   ChannelMessage,
   Manager as McpManager,
@@ -10,7 +11,7 @@ type RunDaemonOptions = {
   agent: Agent;
   manager: McpManager;
   session?: string;
-  channels: string[];
+  channels: boolean;
   debug?: boolean;
 };
 
@@ -42,13 +43,11 @@ function resolveUserId(
 }
 
 export async function main(options: RunDaemonOptions): Promise<void> {
-  const channels = [
-    ...new Set(options.channels.map((value) => value.trim()).filter(Boolean)),
-  ];
-  if (channels.length === 0) {
-    throw new Error("At least one --channel <name> is required.");
+  if (!options.channels) {
+    throw new Error("No daemon inputs enabled. Pass --channels.");
   }
-  debug(`starting daemon for channels: ${channels.join(", ")}`);
+  const channels = [HOOMAN_CHANNEL];
+  debug(`starting daemon for channel(s): ${channels.join(", ")}`);
 
   let unsubscribe = () => {};
 
@@ -65,6 +64,14 @@ export async function main(options: RunDaemonOptions): Promise<void> {
 
       options.agent.appState.set("userId", user);
       options.agent.appState.set("sessionId", session);
+      options.agent.appState.set("origin", {
+        server: message.meta.server,
+        channel: message.meta.channel,
+        source: message.meta.source,
+        user: message.meta.identity.user,
+        session: message.meta.identity.session,
+        thread: message.meta.identity.thread,
+      });
 
       try {
         await options.agent.invoke(message.prompt);

package/src/exec/approvals.ts

@@ -59,9 +59,13 @@ type BeforeToolCallEventHandler = (event: BeforeToolCallEvent) => Promise<void>;
 
 export function createToolApprovalHandler(
   config: Config,
+  options?: { yolo?: boolean },
 ): BeforeToolCallEventHandler {
   return async function onBeforeToolCallEvent(event: BeforeToolCallEvent) {
     const name = event.toolUse.name;
+    if (options?.yolo) {
+      return;
+    }
     if (
       INTERNAL_ALWAYS_ALLOWED.has(name) ||
       config.tools.allowed.includes(name)