pando-ai 0.2.4 → 0.2.6

package/README.md

@@ -26,8 +26,11 @@ npx -y pando-ai
 
 On a terminal this opens the **firewall console**: it detects whether `codex`
 and `claude` are protected, offers to install supervised launchers for any that
-aren't, and shows current status and policy. After installation you keep running
-`codex` and `claude` normally — Pando supervises each launch.
+aren't, and shows current status and policy. It also installs a persistent
+`~/.pando/bin/pando-ai` command shim, so future commands such as
+`pando-ai uninstall` work even when the first run came from `npx`. After
+installation you keep running `codex` and `claude` normally — Pando supervises
+each launch.
 
 ## How it works
 
@@ -35,8 +38,10 @@ Two choke points, one ruleset:
 
 - **Launch shim** (`~/.pando/bin` ahead of the real tools on PATH) — supervises
   every `codex`/`claude` invocation. It disables the agent's native tools where
-  supported, installs the Pando MCP server (root-scoped to your project), and
-  applies the MCP allow/deny policy via the agent's own launch flags.
+  supported, dynamically injects the Pando MCP server (root-scoped to your
+  project), and applies the MCP allow/deny policy via the agent's own launch
+  flags. Pando does not permanently add itself to the user's MCP config files by
+  default; supervised launches pass generated config on each run.
 - **Wire gateway** (a local reverse proxy speaking the OpenAI Responses API and
   Anthropic Messages API) — sits inline on every supported request and forwards
   it to the upstream you control, so traffic stays local. It blocks off-policy
@@ -71,7 +76,7 @@ Legacy completion APIs, including OpenAI chat/completions and Anthropic
 | Capability | Claude Code | Codex |
 | --- | --- | --- |
 | Disable native tools | ✅ `--tools ""` (MCP stays available) + gateway/hook block | ⚠️ read-only sandbox + web search disabled + request/response gateway block |
-| Install Pando MCP, root-scoped | ✅ `--mcp-config` | ✅ required `-c mcp_servers.pando.*` |
+| Install Pando MCP, root-scoped | ✅ dynamic `--mcp-config` + `--strict-mcp-config` | ✅ dynamic required `-c mcp_servers.pando.*` |
 | `other_mcp: deny_all` | ✅ `--strict-mcp-config` (Pando only) + gateway/hook block | ✅ request/response gateway block |
 | `other_mcp: allow_list` | ✅ strict config with Pando + named servers + gateway/hook block | ✅ request/response gateway block |
 | `other_mcp: deny_list` | ✅ `--disallowedTools` removes denied names + gateway/hook block | ✅ request/response gateway block |
@@ -179,11 +184,11 @@ provider-bound gateway enforcement is disabled.
 ## Surfaces
 
 ```bash
-pando-ai                 # firewall console (TTY): status + proactive install
+pando-ai                 # firewall console: status, install, uninstall
 pando-ai install         # force a (re)install pass
-pando-ai uninstall       # remove Pando shims, managed PATH block, and install state
+pando-ai uninstall       # remove Pando shims, managed PATH block, install state, and global npm install when detected
 pando-ai serve [path]    # stdio MCP server for MCP clients
-pando-ai serve-http      # HTTP MCP server
+pando-ai serve-http      # explicit HTTP MCP server for debugging/integrations
 pando-ai gateway         # run the firewall gateway in the foreground (debug)
 pando-ai proxy status|enable|disable [codex|claude]
 pando-ai login|logout|whoami
@@ -202,26 +207,40 @@ pando-ai uninstall
 ```
 
 This removes Pando-owned `codex`/`claude` shims from `~/.pando/bin`, removes
-the managed PATH block from your shell startup file when present, and deletes
-`~/.pando/state.json` so declined/install state does not suppress future setup
-prompts. It does not delete policy files, logs, or other user data.
+the Pando-owned `pando-ai` command shim, removes the managed PATH block from
+your shell startup file when present, and deletes `~/.pando/state.json` so
+declined/install state does not suppress future setup prompts. It does not
+delete policy files, logs, or other user data. If the command is running from a
+global npm install, it also removes that global `pando-ai` package
+automatically. `npx` runs are temporary, so there is no persistent npm package
+to remove in that case.
 
-If you installed the npm package globally, remove it separately:
+## MCP serve mode
+
+MCP mode is explicit. Bare `pando-ai` always opens the firewall console; it does
+not become an MCP server just because stdin/stdout are non-interactive.
+
+Use stdio MCP for agents:
 
 ```bash
-npm uninstall -g pando-ai
+pando-ai serve /path/to/project
 ```
 
-## MCP serve mode
+`serve-http` remains available as an explicit command for debugging or
+integrations that need HTTP:
+
+```bash
+pando-ai serve-http /path/to/project --host 127.0.0.1 --port 5888
+```
 
-When invoked without a TTY (e.g. spawned by an MCP client) `pando-ai` starts the
-engine over stdio for the given path, or the current working directory, exactly
-as before. `pando-ai config set telemetry false` disables usage telemetry.
+`pando-ai config set telemetry false` disables usage telemetry.
 
 ## Transport behavior
 
-- MCP runs over stdio only.
-- The CLI redirects incidental runtime logs to stderr so stdout stays valid JSON-RPC/MCP traffic.
+- MCP does not run by default. Agents should use `pando-ai serve`.
+- HTTP MCP does not run by default. It only starts through explicit
+  `pando-ai serve-http`.
+- The CLI redirects incidental runtime logs to stderr so stdout stays valid JSON-RPC/MCP traffic in stdio mode.
 
 ## Agent setup
 

package/bin/pando-ai.js

@@ -29,10 +29,30 @@ const current = parseNodeVersion(process.version);
 if (!isSupportedNode(current)) {
   const detected = current ? `${current.major}.${current.minor}.${current.patch}` : process.version;
   console.error(
-    `[pando] pando-ai requires Node.js 22.5.0 or newer. Detected ${detected}.\n` +
-      "[pando] Upgrade Node, then re-run `npx -y pando-ai`.",
+    "\n" +
+      `[pando] pando-ai requires Node.js 22.5.0 or newer. Detected ${detected}.\n` +
+      "[pando] Please update Node.js, then re-run: npx -y pando-ai\n",
   );
   process.exit(1);
 }
 
+const originalEmitWarning = process.emitWarning;
+process.emitWarning = function pandoEmitWarning(warning, ...args) {
+  const text =
+    typeof warning === "string"
+      ? warning
+      : warning && typeof warning === "object" && "message" in warning
+        ? String(warning.message)
+        : "";
+  const type = typeof args[0] === "string" ? args[0] : undefined;
+  if (
+    type === "ExperimentalWarning" ||
+    text.includes("SQLite is an experimental feature") ||
+    text.includes("localStorage is not available")
+  ) {
+    return;
+  }
+  return originalEmitWarning.call(process, warning, ...args);
+};
+
 require("../dist/cli.js");