poke-gate 0.1.8 → 0.2.0

package/.github/workflows/release.yml

@@ -9,7 +9,43 @@ permissions:
   contents: write
 
 jobs:
-  build:
+  verify:
+    strategy:
+      matrix:
+        os:
+          - macos-15
+          - macos-26
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Select Xcode 26
+        run: |
+          XCODE_APP="$(find /Applications -maxdepth 1 -type d -name 'Xcode_26*.app' | sort -V | tail -1)"
+          if [[ -z "${XCODE_APP:-}" ]]; then
+            echo "Xcode 26 not found on this runner."
+            exit 1
+          fi
+
+          sudo xcode-select -s "${XCODE_APP}/Contents/Developer"
+          xcodebuild -version
+          xcodebuild -version | grep '^Xcode 26' >/dev/null
+
+      - name: Build app
+        run: |
+          xcodebuild -project "clients/Poke macOS Gate/Poke macOS Gate.xcodeproj" \
+            -scheme "Poke macOS Gate" \
+            -configuration Release \
+            CODE_SIGN_IDENTITY="-" \
+            CODE_SIGNING_REQUIRED=NO \
+            DEVELOPMENT_TEAM="" \
+            clean build
+
+  release:
+    needs: verify
     runs-on: macos-26
     steps:
       - name: Checkout
@@ -37,8 +73,17 @@ jobs:
           git commit -m "Bump version to ${{ steps.version.outputs.number }}" || echo "No changes to commit"
           git push origin HEAD:refs/heads/main || echo "Push skipped"
 
-      - name: Select Xcode
-        run: sudo xcode-select -s /Applications/Xcode_26.0.app/Contents/Developer
+      - name: Select Xcode 26
+        run: |
+          XCODE_APP="$(find /Applications -maxdepth 1 -type d -name 'Xcode_26*.app' | sort -V | tail -1)"
+          if [[ -z "${XCODE_APP:-}" ]]; then
+            echo "Xcode 26 not found on this runner."
+            exit 1
+          fi
+
+          sudo xcode-select -s "${XCODE_APP}/Contents/Developer"
+          xcodebuild -version
+          xcodebuild -version | grep '^Xcode 26' >/dev/null
 
       - name: Build universal app
         run: |
@@ -88,6 +133,11 @@ jobs:
           VERSION: ${{ steps.version.outputs.tag }}
           SHA256: ${{ steps.sha.outputs.sha256 }}
         run: |
+          if [[ -z "${TAP_REPO_TOKEN_HOMEBREW:-}" ]]; then
+            echo "Skipping Homebrew tap update because TAP_REPO_TOKEN_HOMEBREW is not set."
+            exit 0
+          fi
+
           VERSION_NUM="${VERSION#v}"
           git clone https://x-access-token:${TAP_REPO_TOKEN_HOMEBREW}@github.com/f/homebrew-tap.git tap
           mkdir -p tap/Casks

package/README.md

@@ -44,9 +44,9 @@ npx poke-gate
 
 ## Setup
 
-1. Get an API key from [poke.com/kitchen/api-keys](https://poke.com/kitchen/api-keys)
-2. Open Poke Gate from your menu bar and go to **Settings**
-3. Paste your API key and save
+1. Open Poke Gate from your menu bar
+2. The **Setup View** guides you through choosing an access mode and granting Accessibility permission
+3. Sign in with Poke OAuth when prompted — a browser window opens automatically
 
 The app connects automatically and shows a green dot when ready.
 
@@ -91,15 +91,17 @@ From iMessage or Telegram, ask Poke:
 
 ## macOS App
 
-The menu bar app manages everything:
+The native SwiftUI menu bar app manages everything:
 
+- **First-run setup** — guided onboarding to choose an access mode and grant Accessibility permission
 - **Status** — green dot when connected, yellow when connecting, red on error
 - **Personalized** — shows "Connected to your Poke, [name]"
-- **Auto-start** — connects on launch if API key is saved
+- **Access mode** — switch between Full, Limited, and Sandbox from Settings or the popover
+- **Accessibility-first** — prompts for Accessibility permission (needed for automation) with live status updates
+- **Auto-start** — connects on launch if signed in via OAuth
 - **Auto-restart** — reconnects automatically if the connection drops
-- **Settings** — paste your API key
-- **Logs** — view real-time tool calls and connection events
-- **Screen Recording** — prompts for permission on first launch
+- **Logs** — view real-time tool calls with sandbox status
+- **About** — version pulled dynamically from the app bundle
 
 The app runs in the menu bar only (no Dock icon). Quit is the only way to stop it.
 
@@ -127,12 +129,19 @@ If you prefer the command line over the macOS app:
 npx poke-gate
 ```
 
-On first run, paste your API key when prompted. Add `--verbose` to see tool calls in real time:
+On first run, Poke OAuth opens in your browser. Add `--verbose` to see tool calls in real time:
 
 ```bash
 npx poke-gate --verbose
 ```
 
+Set the access mode with `--mode`:
+
+```bash
+npx poke-gate --mode limited
+npx poke-gate --mode sandbox
+```
+
 Config is stored at `~/.config/poke-gate/config.json`.
 
 ## Agents
@@ -226,15 +235,34 @@ Save as `~/.config/poke-gate/agents/my-agent.30m.js` and it runs automatically w
 
 Agents start running when poke-gate connects and run once immediately on startup.
 
+## Access modes
+
+Poke Gate supports three access modes that control what your agent can do:
+
+| Mode | Description |
+|------|-------------|
+| **Full** (default) | All tools available. Risky actions (commands, file writes, screenshots) require chat approval. |
+| **Limited** | Read-only tools plus a curated set of safe commands (`ls`, `cat`, `grep`, `curl`, etc.). `write_file` and `take_screenshot` are disabled. |
+| **Sandbox** | Broader command support than Limited, but writes are restricted to `~/Downloads` and `/tmp` via macOS `sandbox-exec`. |
+
+Set the mode via CLI flag, environment variable, or the macOS app Settings:
+
+```bash
+npx poke-gate --mode sandbox
+# or
+POKE_GATE_PERMISSION_MODE=limited npx poke-gate
+```
+
 ## Security
 
-**Poke Gate grants full shell access to your Poke agent.** This means:
+**In full mode, Poke Gate grants full shell access to your Poke agent.** This means:
 
 - Any command can be run with your user's permissions
 - Files can be read and written anywhere your user has access
-- Only your Poke agent (authenticated by your API key) can reach the tunnel
+- Risky tools require approval in chat before execution
+- Only your Poke agent (authenticated via Poke OAuth) can reach the tunnel
 
-Only run Poke Gate on machines and networks you trust.
+Only run Poke Gate on machines and networks you trust. Use `limited` or `sandbox` mode if you want tighter restrictions.
 
 ## Project structure
 
@@ -242,12 +270,18 @@ Only run Poke Gate on machines and networks you trust.
 clients/
   Poke macOS Gate/       macOS menu bar app (SwiftUI)
 bin/
-  poke-gate.js           CLI entry point, run-agent + agent get subcommands
+  poke-gate.js           CLI entry point with --mode flag
 src/
   app.js                 Startup: MCP server + tunnel + agent scheduler
   agents.js              Agent discovery, scheduling, env loading, download
-  mcp-server.js          JSON-RPC MCP handler with OS tools
+  mcp-server.js          JSON-RPC MCP handler, tools, access policy, sandbox
+  permission-service.js  HMAC approval tokens, session whitelisting
   tunnel.js              PokeTunnel wrapper
+test/
+  mcp-server-access-policy.test.js
+  mcp-server-loop-guard.test.js
+  mcp-server-sandbox-command.test.js
+  permission-service.test.js
 examples/
   agents/
     beeper.1h.js         Example: Beeper message digest agent

package/bin/poke-gate.js

@@ -2,6 +2,19 @@
 
 const args = process.argv.slice(2);
 
+const VALID_MODES = ["full", "limited", "sandbox"];
+
+function parseMode() {
+  const idx = args.indexOf("--mode");
+  if (idx === -1) return null;
+  const value = args[idx + 1];
+  if (!value || !VALID_MODES.includes(value)) {
+    console.error(`Invalid --mode value. Must be one of: ${VALID_MODES.join(", ")}`);
+    process.exit(1);
+  }
+  return value;
+}
+
 async function main() {
   if (args[0] === "run-agent") {
     const name = args[1];
@@ -27,6 +40,10 @@ async function main() {
     const { createAgent } = await import("../src/agent-create.js");
     await createAgent(prompt);
   } else {
+    const mode = parseMode();
+    if (mode) {
+      process.env.POKE_GATE_PERMISSION_MODE = mode;
+    }
     await import("../src/app.js");
   }
 }

package/clients/Poke macOS Gate/Poke macOS Gate/AboutView.swift

@@ -1,5 +1,11 @@
 import SwiftUI
 
+extension Bundle {
+    var appVersion: String {
+        infoDictionary?["CFBundleShortVersionString"] as? String ?? "Unknown"
+    }
+}
+
 struct AboutView: View {
     @Environment(\.dismiss) private var dismiss
 
@@ -13,7 +19,7 @@ struct AboutView: View {
                 .font(.title2)
                 .fontWeight(.semibold)
 
-            Text("Version 0.0.8")
+            Text("Version \(Bundle.main.appVersion)")
                 .font(.caption)
                 .foregroundStyle(.secondary)
 

package/clients/Poke macOS Gate/Poke macOS Gate/AccessibilityPermissionView.swift

@@ -0,0 +1,58 @@
+import SwiftUI
+
+struct AccessibilityPermissionView: View {
+    @ObservedObject var service: GateService
+
+    var body: some View {
+        let granted = service.hasSystemPermissionsGranted
+
+        VStack(alignment: .leading, spacing: 10) {
+            HStack(spacing: 8) {
+                Image(systemName: granted ? "checkmark.seal.fill" : "exclamationmark.shield.fill")
+                    .font(.headline)
+                    .foregroundStyle(granted ? Color.green : Color.orange)
+
+                VStack(alignment: .leading, spacing: 1) {
+                    Text(granted ? "Accessibility granted" : "Accessibility permission needed")
+                        .font(.subheadline)
+                        .fontWeight(.semibold)
+
+                    Text(granted
+                        ? "Poke Gate can now use keyboard and mouse automation."
+                        : "Open macOS Accessibility settings and enable Poke Gate.")
+                        .font(.caption)
+                        .foregroundStyle(.secondary)
+                }
+
+                Spacer()
+            }
+
+            if granted {
+                HStack(spacing: 8) {
+                    Image(systemName: "checkmark.circle.fill")
+                        .foregroundStyle(.green)
+                    Text("Granted")
+                        .font(.caption)
+                        .foregroundStyle(.green)
+                    Spacer()
+                }
+            } else {
+                Button {
+                    service.openSystemPermission(.accessibility)
+                } label: {
+                    Label("Open Accessibility Settings", systemImage: "hand.raised.app")
+                        .font(.subheadline)
+                }
+                .buttonStyle(.plain)
+                .foregroundStyle(Color.accentColor)
+
+                Text("After enabling it, return here and the status will update automatically.")
+                    .font(.caption2)
+                    .foregroundStyle(.tertiary)
+            }
+        }
+        .padding(12)
+        .macPanelStyle(granted ? .success : .warning, cornerRadius: 12)
+        .animation(.easeInOut(duration: 0.2), value: granted)
+    }
+}