npm - pando-ai - Versions diffs - 0.2.5 → 0.2.7 - Mend

pando-ai 0.2.5 → 0.2.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md +34 -15
package/dist/cli.js +149 -149
package/package.json +1 -1
package/tools/clojure-editor/lib/pando-clojure-editor-standalone.jar +0 -0
package/tools/clojure-indexer/lib/pando-clojure-indexer-standalone.jar +0 -0

package/README.md CHANGED Viewed

@@ -38,8 +38,10 @@ Two choke points, one ruleset:
 - **Launch shim** (`~/.pando/bin` ahead of the real tools on PATH) — supervises
   every `codex`/`claude` invocation. It disables the agent's native tools where
-  supported, installs the Pando MCP server (root-scoped to your project), and
-  applies the MCP allow/deny policy via the agent's own launch flags.
+  supported, dynamically injects the Pando MCP server (root-scoped to your
+  project), and applies the MCP allow/deny policy via the agent's own launch
+  flags. Pando does not permanently add itself to the user's MCP config files by
+  default; supervised launches pass generated config on each run.
 - **Wire gateway** (a local reverse proxy speaking the OpenAI Responses API and
   Anthropic Messages API) — sits inline on every supported request and forwards
   it to the upstream you control, so traffic stays local. It blocks off-policy
@@ -74,7 +76,7 @@ Legacy completion APIs, including OpenAI chat/completions and Anthropic
 | Capability | Claude Code | Codex |
 | --- | --- | --- |
 | Disable native tools | ✅ `--tools ""` (MCP stays available) + gateway/hook block | ⚠️ read-only sandbox + web search disabled + request/response gateway block |
-| Install Pando MCP, root-scoped | ✅ `--mcp-config` | ✅ required `-c mcp_servers.pando.*` |
+| Install Pando MCP, root-scoped | ✅ dynamic `--mcp-config` + `--strict-mcp-config` | ✅ dynamic required `-c mcp_servers.pando.*` with Pando tools pre-approved |
 | `other_mcp: deny_all` | ✅ `--strict-mcp-config` (Pando only) + gateway/hook block | ✅ request/response gateway block |
 | `other_mcp: allow_list` | ✅ strict config with Pando + named servers + gateway/hook block | ✅ request/response gateway block |
 | `other_mcp: deny_list` | ✅ `--disallowedTools` removes denied names + gateway/hook block | ✅ request/response gateway block |
@@ -82,11 +84,12 @@ Legacy completion APIs, including OpenAI chat/completions and Anthropic
 - **Codex** has no documented strict-MCP switch and no exact `--tools ""`
   equivalent, so launch-time stripping is best-effort. Pando marks its MCP
-  server required, disables Codex web search when native tools are denied,
-  strips off-policy tool definitions from `/v1/responses` requests, blocks
-  provider-bound off-policy tool call/result transcript items before they reach
-  the model provider, and blocks off-policy tool calls in model responses before
-  Codex can execute them.
+  server required, sets `default_tools_approval_mode="approve"` for Pando's own
+  MCP tools so non-interactive Codex launches can use them, disables Codex web
+  search when native tools are denied, strips off-policy tool definitions from
+  `/v1/responses` requests, blocks provider-bound off-policy tool call/result
+  transcript items before they reach the model provider, and blocks off-policy
+  tool calls in model responses before Codex can execute them.
 - **Claude Code** always gets Pando hook settings for tool-call/tool-result
   enforcement. API-key, auth-token, or Claude Code `apiKeyHelper` auth also
   enables gateway mode through `ANTHROPIC_BASE_URL`. Subscription-only launches
@@ -182,11 +185,11 @@ provider-bound gateway enforcement is disabled.
 ## Surfaces
 ```bash
-pando-ai                 # firewall console (TTY): status, install, uninstall
+pando-ai                 # firewall console: status, install, uninstall
 pando-ai install         # force a (re)install pass
 pando-ai uninstall       # remove Pando shims, managed PATH block, install state, and global npm install when detected
 pando-ai serve [path]    # stdio MCP server for MCP clients
-pando-ai serve-http      # HTTP MCP server
+pando-ai serve-http      # explicit HTTP MCP server for debugging/integrations
 pando-ai gateway         # run the firewall gateway in the foreground (debug)
 pando-ai proxy status|enable|disable [codex|claude]
 pando-ai login|logout|whoami
@@ -215,14 +218,30 @@ to remove in that case.
 ## MCP serve mode
-When invoked without a TTY (e.g. spawned by an MCP client) `pando-ai` starts the
-engine over stdio for the given path, or the current working directory, exactly
-as before. `pando-ai config set telemetry false` disables usage telemetry.
+MCP mode is explicit. Bare `pando-ai` always opens the firewall console; it does
+not become an MCP server just because stdin/stdout are non-interactive.
+Use stdio MCP for agents:
+```bash
+pando-ai serve /path/to/project
+```
+`serve-http` remains available as an explicit command for debugging or
+integrations that need HTTP:
+```bash
+pando-ai serve-http /path/to/project --host 127.0.0.1 --port 5888
+```
+`pando-ai config set telemetry false` disables usage telemetry.
 ## Transport behavior
-- MCP runs over stdio only.
-- The CLI redirects incidental runtime logs to stderr so stdout stays valid JSON-RPC/MCP traffic.
+- MCP does not run by default. Agents should use `pando-ai serve`.
+- HTTP MCP does not run by default. It only starts through explicit
+  `pando-ai serve-http`.
+- The CLI redirects incidental runtime logs to stderr so stdout stays valid JSON-RPC/MCP traffic in stdio mode.
 ## Agent setup