palmier 0.5.1 → 0.5.3

package/src/agents/copilot.ts

@@ -5,6 +5,7 @@ import { getAgentInstructions } from "./shared-prompt.js";
 import { SHELL } from "../platform/index.js";
 
 export class CopilotAgent implements AgentTool {
+  supportsPermissions = false;
   getPlanGenerationCommandLine(prompt: string): CommandLine {
     return {
       command: "copilot",
@@ -12,12 +13,17 @@ export class CopilotAgent implements AgentTool {
     };
   }
 
-  getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[]): CommandLine {
-    const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
+  getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[] | "yolo"): CommandLine {
+    const yolo = extraPermissions === "yolo";
+    const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id, yolo || !this.supportsPermissions) + "\n\n" + (task.body || task.frontmatter.user_prompt));
     const args = ["-p", prompt];
 
-    const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
-    args.push(`--allow-tool=${["web_fetch", ...allPerms.map((p) => p.name)].join(",")}`);
+    if (yolo) {
+      args.push("--yolo");
+    } else {
+      const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
+      args.push(`--allow-tool=${["web_fetch", ...allPerms.map((p) => p.name)].join(",")}`);
+    }
     if (followupPrompt) { args.push("--continue"); }
     return { command: "copilot", args};
   }

package/src/agents/gemini.ts

@@ -5,6 +5,7 @@ import { getAgentInstructions } from "./shared-prompt.js";
 import { SHELL } from "../platform/index.js";
 
 export class GeminiAgent implements AgentTool {
+  supportsPermissions = true;
   getPlanGenerationCommandLine(prompt: string): CommandLine {
     return {
       command: "gemini",
@@ -12,21 +13,24 @@ export class GeminiAgent implements AgentTool {
     };
   }
 
-  getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[]): CommandLine {
-    const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
-    const args = ["--approval-mode", "auto_edit", "--allowed-tools", "web_fetch"];
+  getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[] | "yolo"): CommandLine {
+    const yolo = extraPermissions === "yolo";
+    const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id, yolo || !this.supportsPermissions) + "\n\n" + (task.body || task.frontmatter.user_prompt));
+    const args = ["--approval-mode", yolo ? "yolo" : "auto_edit"];
 
-    const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
-    if (allPerms.length > 0) {
+    if (!yolo) {
+      const tools = ["run_shell_command", "web_fetch"];
+      const allPerms = [...(task.frontmatter.permissions ?? []), ...(extraPermissions ?? [])];
       for (const p of allPerms) {
-        args.push(p.name);
+        tools.push(p.name);
       }
+      args.push("--allowed-tools", tools.join(","));
     }
 
     if (followupPrompt) {args.push("--resume");} // continue mode for followups
-    args.push("--prompt", prompt);
+    args.push("--prompt", "-"); // read prompt from stdin to avoid command line length limits
     
-    return { command: "gemini", args };
+    return { command: "gemini", args, stdin: prompt };
   }
 
   async init(): Promise<boolean> {

package/src/agents/kimi.ts

@@ -0,0 +1,37 @@
+import type { ParsedTask, RequiredPermission } from "../types.js";
+import { execSync } from "child_process";
+import type { AgentTool, CommandLine } from "./agent.js";
+import { getAgentInstructions } from "./shared-prompt.js";
+import { SHELL } from "../platform/index.js";
+
+export class KimiAgent implements AgentTool {
+  supportsPermissions = false;
+  getPlanGenerationCommandLine(prompt: string): CommandLine {
+    return {
+      command: "kimi",
+      args: ["-p", prompt],
+    };
+  }
+
+  getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[] | "yolo"): CommandLine {
+    const yolo = extraPermissions === "yolo";
+    const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id, yolo || !this.supportsPermissions) + "\n\n" + (task.body || task.frontmatter.user_prompt));
+    const args = [];
+
+    if (yolo) {
+      args.push("--yolo");
+    }
+    if (followupPrompt) { args.push("--continue"); }
+    args.push("-p", prompt);
+    return { command: "kimi", args };
+  }
+
+  async init(): Promise<boolean> {
+    try {
+      execSync("kimi --version", { stdio: "ignore", shell: SHELL });
+    } catch {
+      return false;
+    }
+    return true;
+  }
+}

package/src/agents/openclaw.ts

@@ -4,6 +4,7 @@ import type { AgentTool, CommandLine } from "./agent.js";
 import { getAgentInstructions } from "./shared-prompt.js";
 
 export class OpenClawAgent implements AgentTool {
+  supportsPermissions = false;
   getPlanGenerationCommandLine(prompt: string): CommandLine {
     return {
       command: "openclaw",
@@ -11,8 +12,9 @@ export class OpenClawAgent implements AgentTool {
     };
   }
 
-  getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[]): CommandLine {
-    const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id) + "\n\n" + (task.body || task.frontmatter.user_prompt));
+  getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[] | "yolo"): CommandLine {
+    const yolo = extraPermissions === "yolo";
+    const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id, yolo || !this.supportsPermissions) + "\n\n" + (task.body || task.frontmatter.user_prompt));
     // OpenClaw does not support stdin as prompt.
     const args = ["agent", "--local", "--session-id", task.frontmatter.id, "--message", prompt];
 

package/src/agents/qwen.ts

@@ -0,0 +1,34 @@
+import type { ParsedTask, RequiredPermission } from "../types.js";
+import { execSync } from "child_process";
+import type { AgentTool, CommandLine } from "./agent.js";
+import { getAgentInstructions } from "./shared-prompt.js";
+import { SHELL } from "../platform/index.js";
+
+export class QwenAgent implements AgentTool {
+  supportsPermissions = false;
+  getPlanGenerationCommandLine(prompt: string): CommandLine {
+    return {
+      command: "qwen",
+      args: ["-p", prompt],
+    };
+  }
+
+  getTaskRunCommandLine(task: ParsedTask, followupPrompt?: string, extraPermissions?: RequiredPermission[] | "yolo"): CommandLine {
+    const yolo = extraPermissions === "yolo";
+    const prompt = followupPrompt ?? (getAgentInstructions(task.frontmatter.id, yolo || !this.supportsPermissions) + "\n\n" + (task.body || task.frontmatter.user_prompt));
+    const args = ["--approval-mode", yolo ? "yolo" : "auto-edit"];
+
+    if (followupPrompt) { args.push("-c"); }
+    args.push("-p", prompt);
+    return { command: "qwen", args };
+  }
+
+  async init(): Promise<boolean> {
+    try {
+      execSync("qwen --version", { stdio: "ignore", shell: SHELL });
+    } catch {
+      return false;
+    }
+    return true;
+  }
+}

package/src/agents/shared-prompt.ts

@@ -13,11 +13,15 @@ const AGENT_INSTRUCTIONS_TEMPLATE = fs.readFileSync(
 /**
  * Agent instructions with the serve daemon's HTTP port and task ID baked in.
  */
-export function getAgentInstructions(taskId: string): string {
-  const port = loadConfig().httpPort ?? 7400;
-  return AGENT_INSTRUCTIONS_TEMPLATE
+export function getAgentInstructions(taskId: string, skipPermissions?: boolean): string {
+  const port = loadConfig().httpPort ?? 9966;
+  let instructions = AGENT_INSTRUCTIONS_TEMPLATE
     .replace(/\{\{PORT\}\}/g, String(port))
     .replace(/\{\{TASK_ID\}\}/g, taskId);
+  if (skipPermissions) {
+    instructions = instructions.replace(/## Permissions\r?\n[\s\S]*?(?=## |\r?\n---)/m, "");
+  }
+  return instructions;
 }
 
 export const TASK_SUCCESS_MARKER = "[PALMIER_TASK_SUCCESS]";

package/src/client-store.ts

@@ -0,0 +1,68 @@
+import * as fs from "fs";
+import * as path from "path";
+import { randomBytes } from "crypto";
+import { CONFIG_DIR } from "./config.js";
+
+const CLIENTS_FILE = path.join(CONFIG_DIR, "clients.json");
+
+export interface ClientEntry {
+  token: string;
+  createdAt: string;
+  label?: string;
+}
+
+function readFile(): ClientEntry[] {
+  try {
+    if (!fs.existsSync(CLIENTS_FILE)) return [];
+    const raw = fs.readFileSync(CLIENTS_FILE, "utf-8");
+    return JSON.parse(raw) as ClientEntry[];
+  } catch {
+    return [];
+  }
+}
+
+function writeFile(clients: ClientEntry[]): void {
+  fs.mkdirSync(CONFIG_DIR, { recursive: true });
+  fs.writeFileSync(CLIENTS_FILE, JSON.stringify(clients, null, 2), "utf-8");
+}
+
+export function loadClients(): ClientEntry[] {
+  return readFile();
+}
+
+export function addClient(label?: string): ClientEntry {
+  const clients = readFile();
+  const entry: ClientEntry = {
+    token: randomBytes(32).toString("hex"),
+    createdAt: new Date().toISOString(),
+    ...(label ? { label } : {}),
+  };
+  clients.push(entry);
+  writeFile(clients);
+  return entry;
+}
+
+export function revokeClient(token: string): boolean {
+  const clients = readFile();
+  const idx = clients.findIndex((c) => c.token === token);
+  if (idx === -1) return false;
+  clients.splice(idx, 1);
+  writeFile(clients);
+  return true;
+}
+
+export function revokeAllClients(): number {
+  const clients = readFile();
+  const count = clients.length;
+  writeFile([]);
+  return count;
+}
+
+export function validateClient(token: string): boolean {
+  const clients = readFile();
+  return clients.some((c) => c.token === token);
+}
+
+export function hasClients(): boolean {
+  return readFile().length > 0;
+}

package/src/commands/clients.ts

@@ -0,0 +1,29 @@
+import { loadClients, revokeClient, revokeAllClients } from "../client-store.js";
+
+export async function clientsListCommand(): Promise<void> {
+  const clients = loadClients();
+  if (clients.length === 0) {
+    console.log("No active clients.");
+    return;
+  }
+
+  console.log(`${clients.length} active client(s):\n`);
+  for (const c of clients) {
+    const label = c.label ? ` (${c.label})` : "";
+    console.log(`  ${c.token}${label}  created ${c.createdAt}`);
+  }
+}
+
+export async function clientsRevokeCommand(token: string): Promise<void> {
+  if (revokeClient(token)) {
+    console.log("Client revoked.");
+  } else {
+    console.error("Client not found.");
+    process.exit(1);
+  }
+}
+
+export async function clientsRevokeAllCommand(): Promise<void> {
+  const count = revokeAllClients();
+  console.log(`Revoked ${count} client(s).`);
+}

package/src/commands/info.ts

@@ -1,12 +1,12 @@
 import { loadConfig } from "../config.js";
-import { loadSessions } from "../session-store.js";
+import { loadClients } from "../client-store.js";
 
 /**
  * Print host connection info for setting up clients.
  */
 export async function infoCommand(): Promise<void> {
   const config = loadConfig();
-  const sessions = loadSessions();
+  const clients = loadClients();
 
   console.log(`Host ID:      ${config.hostId}`);
   console.log(`Project root: ${config.projectRoot}`);
@@ -18,10 +18,10 @@ export async function infoCommand(): Promise<void> {
     console.log(`Agents:       (none detected — run \`palmier agents\`)`);
   }
 
-  // Sessions
-  console.log(`Sessions:     ${sessions.length} active`);
+  // Clients
+  console.log(`Clients:      ${clients.length} active`);
 
-  if (sessions.length === 0) {
+  if (clients.length === 0) {
     console.log("");
     console.log("No paired clients. Run `palmier pair` to connect a device.");
   }

package/src/commands/init.ts

@@ -44,7 +44,7 @@ export async function initCommand(): Promise<void> {
     const lanAnswer = await ask("Enable LAN access (direct HTTP from local network)? (y/N): ");
     const lanEnabled = lanAnswer.trim().toLowerCase() === "y";
 
-    let httpPort = 7400;
+    let httpPort = 9966;
     const portLabel = lanEnabled ? "HTTP port for local and LAN access" : "HTTP port for local access";
     const portAnswer = await ask(`${portLabel} (default ${httpPort}): `);
     const parsed = parseInt(portAnswer.trim(), 10);

package/src/commands/pair.ts

@@ -2,7 +2,7 @@ import * as http from "node:http";
 import { StringCodec } from "nats";
 import { loadConfig } from "../config.js";
 import { connectNats } from "../nats-client.js";
-import { addSession } from "../session-store.js";
+import { addClient } from "../client-store.js";
 import type { HostConfig } from "../types.js";
 
 const CODE_CHARS = "ABCDEFGHJKMNPQRSTUVWXYZ23456789"; // no O/0/I/1/L
@@ -17,10 +17,10 @@ export function generatePairingCode(): string {
 }
 
 function buildPairResponse(config: HostConfig, label?: string) {
-  const session = addSession(label);
+  const client = addClient(label);
   return {
     hostId: config.hostId,
-    sessionToken: session.token,
+    clientToken: client.token,
   };
 }
 
@@ -67,7 +67,7 @@ function httpPairRegister(port: number, code: string): Promise<boolean> {
 export async function pairCommand(): Promise<void> {
   const config = loadConfig();
   const code = generatePairingCode();
-  const httpPort = config.httpPort ?? 7400;
+  const httpPort = config.httpPort ?? 9966;
 
   let paired = false;
 

package/src/commands/run.ts

@@ -62,10 +62,15 @@ async function invokeAgentWithRetries(
       }, 500);
     }
 
-    const { command, args, stdin } = ctx.agent.getTaskRunCommandLine(invokeTask, undefined, ctx.transientPermissions);
+    const { command, args, stdin } = ctx.agent.getTaskRunCommandLine(
+      invokeTask, undefined, ctx.task.frontmatter.yolo_mode ? "yolo" : ctx.transientPermissions,
+    );
+    const truncate = (s: string, max = 100) => s.length > max ? s.slice(0, max) + "…" : s;
+    const displayArgs = args.map((a) => truncate(a));
+    console.log(`[invoke] ${command} ${displayArgs.join(" ")}${stdin ? ` (stdin: ${truncate(stdin, 100)})` : ""}`);
     const result = await spawnCommand(command, args, {
       cwd: getRunDir(ctx.taskDir, ctx.runId),
-      env: { ...ctx.guiEnv, PALMIER_TASK_ID: ctx.task.frontmatter.id, PALMIER_RUN_DIR: getRunDir(ctx.taskDir, ctx.runId), PALMIER_HTTP_PORT: String(ctx.config.httpPort ?? 7400) },
+      env: { ...ctx.guiEnv, PALMIER_TASK_ID: ctx.task.frontmatter.id, PALMIER_RUN_DIR: getRunDir(ctx.taskDir, ctx.runId), PALMIER_HTTP_PORT: String(ctx.config.httpPort ?? 9966) },
       echoStdout: true,
       resolveOnFailure: true,
       stdin,
@@ -304,7 +309,7 @@ async function runCommandTriggeredMode(
 
   const child = spawnStreamingCommand(commandStr, {
     cwd: getRunDir(ctx.taskDir, ctx.runId),
-    env: { ...ctx.guiEnv, PALMIER_TASK_ID: ctx.task.frontmatter.id, PALMIER_RUN_DIR: getRunDir(ctx.taskDir, ctx.runId), PALMIER_HTTP_PORT: String(ctx.config.httpPort ?? 7400) },
+    env: { ...ctx.guiEnv, PALMIER_TASK_ID: ctx.task.frontmatter.id, PALMIER_RUN_DIR: getRunDir(ctx.taskDir, ctx.runId), PALMIER_HTTP_PORT: String(ctx.config.httpPort ?? 9966) },
   });
 
   let linesProcessed = 0;
@@ -444,7 +449,7 @@ async function requestPermission(
   taskDir: string,
   requiredPermissions: RequiredPermission[],
 ): Promise<"granted" | "granted_all" | "aborted"> {
-  const port = config.httpPort ?? 7400;
+  const port = config.httpPort ?? 9966;
   const res = await fetch(`http://localhost:${port}/request-permission`, {
     method: "POST",
     headers: { "Content-Type": "application/json" },
@@ -472,7 +477,7 @@ async function requestConfirmation(
   task: ParsedTask,
   taskDir: string,
 ): Promise<boolean> {
-  const port = config.httpPort ?? 7400;
+  const port = config.httpPort ?? 9966;
   const res = await fetch(`http://localhost:${port}/request-confirmation`, {
     method: "POST",
     headers: { "Content-Type": "application/json" },
@@ -500,7 +505,8 @@ export function parseReportFiles(output: string): string[] {
   let match;
   while ((match = regex.exec(output)) !== null) {
     const name = match[1].trim();
-    if (name) files.push(name);
+    // Skip placeholder examples echoed from the prompt (e.g. "<filename>")
+    if (name && !name.startsWith("<")) files.push(name);
   }
   return files;
 }
@@ -515,6 +521,8 @@ export function parsePermissions(output: string): RequiredPermission[] {
   let match;
   while ((match = regex.exec(output)) !== null) {
     const raw = match[1].trim();
+    // Skip placeholder examples echoed from the prompt (e.g. "<tool_name> | <description>")
+    if (raw.startsWith("<")) continue;
     const sep = raw.indexOf("|");
     if (sep !== -1) {
       perms.push({ name: raw.slice(0, sep).trim(), description: raw.slice(sep + 1).trim() });
@@ -531,8 +539,14 @@ export function parsePermissions(output: string): RequiredPermission[] {
  */
 export function parseTaskOutcome(output: string): TaskRunningState {
   const lastChunk = output.slice(-500);
-  if (lastChunk.includes(TASK_FAILURE_MARKER)) return "failed";
-  if (lastChunk.includes(TASK_SUCCESS_MARKER)) return "finished";
+  const regex = new RegExp(`^\\${TASK_FAILURE_MARKER}$|^\\${TASK_SUCCESS_MARKER}$`, "gm");
+  let last: string | null = null;
+  let match;
+  while ((match = regex.exec(lastChunk)) !== null) {
+    last = match[0];
+  }
+  if (last === TASK_FAILURE_MARKER) return "failed";
+  if (last === TASK_SUCCESS_MARKER) return "finished";
   return "finished";
 }
 

package/src/commands/serve.ts

@@ -114,7 +114,7 @@ export async function serveCommand(): Promise<void> {
   }, POLL_INTERVAL_MS);
 
   const handleRpc = createRpcHandler(config, nc);
-  const httpPort = config.httpPort ?? 7400;
+  const httpPort = config.httpPort ?? 9966;
 
   // Start NATS transport (loops forever, fire-and-forget)
   if (nc) {

package/src/events.ts

@@ -23,7 +23,7 @@ export async function publishHostEvent(
   }
 
   const config = loadConfig();
-  const port = config.httpPort ?? 7400;
+  const port = config.httpPort ?? 9966;
   try {
     await fetch(`http://localhost:${port}/event`, {
       method: "POST",

package/src/index.ts

@@ -12,7 +12,7 @@ import { serveCommand } from "./commands/serve.js";
 
 import { pairCommand } from "./commands/pair.js";
 import { restartCommand } from "./commands/restart.js";
-import { sessionsListCommand, sessionsRevokeCommand, sessionsRevokeAllCommand } from "./commands/sessions.js";
+import { clientsListCommand, clientsRevokeCommand, clientsRevokeAllCommand } from "./commands/clients.js";
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const pkg = JSON.parse(readFileSync(join(__dirname, "../package.json"), "utf-8"));
@@ -68,29 +68,29 @@ program
   });
 
 
-const sessionsCmd = program
-  .command("sessions")
-  .description("Manage paired client sessions");
+const clientsCmd = program
+  .command("clients")
+  .description("Manage paired clients");
 
-sessionsCmd
+clientsCmd
   .command("list")
-  .description("List active sessions")
+  .description("List active clients")
   .action(async () => {
-    await sessionsListCommand();
+    await clientsListCommand();
   });
 
-sessionsCmd
+clientsCmd
   .command("revoke <token>")
-  .description("Revoke a session by token")
+  .description("Revoke a client by token")
   .action(async (token: string) => {
-    await sessionsRevokeCommand(token);
+    await clientsRevokeCommand(token);
   });
 
-sessionsCmd
+clientsCmd
   .command("revoke-all")
-  .description("Revoke all sessions")
+  .description("Revoke all clients")
   .action(async () => {
-    await sessionsRevokeAllCommand();
+    await clientsRevokeAllCommand();
   });
 
 // No subcommand → default to serve

package/src/rpc-handler.ts

@@ -11,7 +11,7 @@ import { getPlatform } from "./platform/index.js";
 import { spawnCommand } from "./spawn-command.js";
 import crossSpawn from "cross-spawn";
 import { getAgent } from "./agents/agent.js";
-import { validateSession } from "./session-store.js";
+import { validateClient } from "./client-store.js";
 import { publishHostEvent } from "./events.js";
 import { currentVersion, performUpdate } from "./update-checker.js";
 import { parseReportFiles, parseTaskOutcome, stripPalmierMarkers } from "./commands/run.js";
@@ -166,8 +166,8 @@ export function createRpcHandler(config: HostConfig, nc?: NatsConnection) {
   }
 
   async function handleRpc(request: RpcMessage): Promise<unknown> {
-    // Session token validation: skip for trusted localhost requests
-    if (!request.localhost && (!request.sessionToken || !validateSession(request.sessionToken))) {
+    // Client token validation: skip for trusted localhost requests
+    if (!request.localhost && (!request.clientToken || !validateClient(request.clientToken))) {
       return { error: "Unauthorized" };
     }
 
@@ -188,6 +188,7 @@ export function createRpcHandler(config: HostConfig, nc?: NatsConnection) {
           triggers?: Array<{ type: "cron" | "once"; value: string }>;
           triggers_enabled?: boolean;
           requires_confirmation?: boolean;
+          yolo_mode?: boolean;
           command?: string;
         };
 
@@ -218,6 +219,7 @@ export function createRpcHandler(config: HostConfig, nc?: NatsConnection) {
             triggers: params.triggers ?? [],
             triggers_enabled: params.triggers_enabled ?? true,
             requires_confirmation: params.requires_confirmation ?? true,
+            ...(params.yolo_mode ? { yolo_mode: true } : {}),
             ...(params.command ? { command: params.command } : {}),
           },
           body,
@@ -238,6 +240,7 @@ export function createRpcHandler(config: HostConfig, nc?: NatsConnection) {
           triggers?: Array<{ type: "cron" | "once"; value: string }>;
           triggers_enabled?: boolean;
           requires_confirmation?: boolean;
+          yolo_mode?: boolean;
           command?: string;
         };
 
@@ -256,6 +259,10 @@ export function createRpcHandler(config: HostConfig, nc?: NatsConnection) {
         if (params.triggers_enabled !== undefined) existing.frontmatter.triggers_enabled = params.triggers_enabled;
         if (params.requires_confirmation !== undefined)
           existing.frontmatter.requires_confirmation = params.requires_confirmation;
+        if (params.yolo_mode !== undefined) {
+          existing.frontmatter.yolo_mode = params.yolo_mode || undefined;
+          if (params.yolo_mode) delete existing.frontmatter.permissions;
+        }
         if (params.command !== undefined) {
           if (params.command) {
             existing.frontmatter.command = params.command;
@@ -302,6 +309,7 @@ export function createRpcHandler(config: HostConfig, nc?: NatsConnection) {
           user_prompt: string;
           agent: string;
           requires_confirmation?: boolean;
+          yolo_mode?: boolean;
           command?: string;
         };
 
@@ -317,6 +325,7 @@ export function createRpcHandler(config: HostConfig, nc?: NatsConnection) {
             triggers: [],
             triggers_enabled: false,
             requires_confirmation: params.requires_confirmation ?? false,
+            ...(params.yolo_mode ? { yolo_mode: true } : {}),
             ...(params.command ? { command: params.command } : {}),
           },
           body: "",
@@ -390,7 +399,7 @@ export function createRpcHandler(config: HostConfig, nc?: NatsConnection) {
         // Fire-and-forget: invoke agent inline as a child of the serve process
         const followupAgent = getAgent(followupTask.frontmatter.agent);
         const { command: cmd, args: cmdArgs, stdin } = followupAgent.getTaskRunCommandLine(
-          followupTask, params.message, followupTask.frontmatter.permissions,
+          followupTask, params.message, followupTask.frontmatter.yolo_mode ? "yolo" : followupTask.frontmatter.permissions,
         );
 
         // Spawn directly via crossSpawn so we can track and kill the child
@@ -564,8 +573,8 @@ export function createRpcHandler(config: HostConfig, nc?: NatsConnection) {
         const reports: Array<{ file: string; content?: string; error?: string }> = [];
         const runDir = path.join(config.projectRoot, "tasks", params.id, params.run_id);
         for (const file of params.report_files) {
-          if (!file.endsWith(".md")) {
-            reports.push({ file, error: "must end with .md" });
+          if (!file.endsWith(".md") && !file.endsWith(".txt")) {
+            reports.push({ file, error: "must end with .md or .txt" });
             continue;
           }
           const basename = path.basename(file);