poke-gate 0.2.1 → 0.2.2

package/README.md

@@ -241,7 +241,7 @@ Poke Gate supports three access modes that control what your agent can do:
 
 | Mode | Description |
 |------|-------------|
-| **Full** (default) | All tools available. Risky actions (commands, file writes, screenshots) require chat approval. |
+| **Full** (default) | All tools available with no approval required. The agent can run commands, write files, and take screenshots directly. |
 | **Limited** | Read-only tools plus a curated set of safe commands (`ls`, `cat`, `grep`, `curl`, etc.). `write_file` and `take_screenshot` are disabled. |
 | **Sandbox** | Broader command support than Limited, but writes are restricted to `~/Downloads` and `/tmp` via macOS `sandbox-exec`. |
 

package/clients/Poke macOS Gate/Poke macOS Gate/GateService.swift

@@ -91,6 +91,7 @@ class GateService: ObservableObject {
 
     @Published var status: Status = .stopped
     @Published var logs: [String] = []
+    @Published var processLogs: [String] = []
     @Published var terminalPreviews: [TerminalPreview] = []
     @Published var userName: String? = nil
     @Published var permissionMode: PermissionMode
@@ -489,11 +490,21 @@ class GateService: ObservableObject {
         outputPipe?.fileHandleForReading.readabilityHandler = nil
         process = nil
         outputPipe = nil
+        killOrphanedProcesses()
+    }
+
+    private func killOrphanedProcesses() {
+        let task = Process()
+        task.executableURL = URL(fileURLWithPath: "/usr/bin/pkill")
+        task.arguments = ["-f", "poke-gate"]
+        try? task.run()
+        task.waitUntilExit()
     }
 
     private func handleOutput(_ raw: String) {
         for line in raw.components(separatedBy: .newlines) where !line.isEmpty {
             appendLog(line)
+            appendProcessLog(line)
             parseTerminalPreviewLine(line)
 
             if line.contains("Tunnel connected") || line.contains("Ready") {
@@ -510,6 +521,15 @@ class GateService: ObservableObject {
         }
     }
 
+    private func appendProcessLog(_ line: String) {
+        let stripped = stripToolTimestamp(from: line)
+        guard !stripped.isEmpty else { return }
+        processLogs.append(stripped)
+        if processLogs.count > maxLogs {
+            processLogs.removeFirst(processLogs.count - maxLogs)
+        }
+    }
+
     private func handleTermination(exitCode: Int32) {
         appendLog("Process exited with code \(exitCode)")
         stopHealthCheck()

package/clients/Poke macOS Gate/Poke macOS Gate/Poke_macOS_GateApp.swift

@@ -189,9 +189,9 @@ struct PopoverContent: View {
                             .truncationMode(.tail)
                     }
                 }
-            } else if !service.logs.isEmpty {
-                ForEach(Array(service.logs.suffix(4).enumerated()), id: \.offset) { _, log in
-                    Text(log)
+            } else if !service.processLogs.isEmpty {
+                ForEach(Array(service.processLogs.suffix(4).enumerated()), id: \.offset) { _, entry in
+                    Text(entry)
                         .font(.system(size: 9, design: .monospaced))
                         .foregroundStyle(.tertiary)
                         .lineLimit(1)

package/clients/Poke macOS Gate/Poke macOS Gate.xcodeproj/project.pbxproj

@@ -286,7 +286,7 @@
 					"@executable_path/../Frameworks",
 				);
 				MACOSX_DEPLOYMENT_TARGET = 15.0;
-				MARKETING_VERSION = 0.2.0;
+				MARKETING_VERSION = 0.2.1;
 				PRODUCT_BUNDLE_IDENTIFIER = "dev.fka.Poke-macOS-Gate";
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				REGISTER_APP_GROUPS = YES;
@@ -322,7 +322,7 @@
 					"@executable_path/../Frameworks",
 				);
 				MACOSX_DEPLOYMENT_TARGET = 15.0;
-				MARKETING_VERSION = 0.2.0;
+				MARKETING_VERSION = 0.2.1;
 				PRODUCT_BUNDLE_IDENTIFIER = "dev.fka.Poke-macOS-Gate";
 				PRODUCT_NAME = "$(TARGET_NAME)";
 				REGISTER_APP_GROUPS = YES;

package/docs/security.md

@@ -10,7 +10,7 @@ Poke Gate supports three access modes that control what tools your agent can use
 
 ### Full (default)
 
-All tools are available. Risky actions (`run_command`, `write_file`, `take_screenshot`) require **chat approval** — the agent must ask you in chat before executing, and you approve with a signed token.
+All tools are available with no approval required. The agent can run commands, write files, and take screenshots directly.
 
 ### Limited
 
@@ -48,13 +48,15 @@ POKE_GATE_PERMISSION_MODE=sandbox npx poke-gate
 
 ## Tool approval flow
 
-In **full** mode, risky tools (`run_command`, `write_file`, `take_screenshot`) use an HMAC-signed approval flow:
+In **limited** and **sandbox** modes, risky tools (`run_command`, `write_file`, `take_screenshot`) use an HMAC-signed approval flow:
 
 1. The agent calls the tool — Poke Gate returns `AWAITING_APPROVAL` with a signed token
 2. The agent asks you in chat to approve
 3. You approve — the agent re-calls the tool with the approval token
 4. Optionally, you can `remember_in_session` (same command) or `remember_all_risky` (all risky tools for the session)
 
+In **full** mode, all tools execute directly without approval.
+
 ## What protects you
 
 - **Authentication** — only your Poke agent (authenticated via Poke OAuth) can reach the tunnel

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "poke-gate",
-  "version": "0.2.1",
+  "version": "0.2.2",
   "description": "Expose your machine to your Poke AI assistant via MCP tunnel",
   "type": "module",
   "bin": {

package/src/app.js

@@ -2,10 +2,23 @@ import { startMcpServer, enableLogging, getPermissionMode } from "./mcp-server.j
 import { startTunnel } from "./tunnel.js";
 import { startAgentScheduler, stopAgentScheduler } from "./agents.js";
 import { Poke, isLoggedIn, login, getToken } from "poke";
+import { execSync } from "node:child_process";
 
 const verbose = process.argv.includes("--verbose") || process.argv.includes("-v");
 enableLogging(verbose);
 
+function killExistingInstances() {
+  const myPid = process.pid;
+  try {
+    const out = execSync("pgrep -f 'poke-gate'", { encoding: "utf-8" }).trim();
+    const pids = out.split("\n").map(Number).filter((p) => p && p !== myPid);
+    for (const pid of pids) {
+      try { process.kill(pid, "SIGTERM"); } catch {}
+    }
+    if (pids.length > 0) log(`Killed ${pids.length} existing poke-gate process(es).`);
+  } catch {}
+}
+
 function log(msg) {
   const ts = new Date().toISOString().slice(11, 19);
   console.log(`[${ts}] ${msg}`);
@@ -102,6 +115,7 @@ function scheduleReconnect(mcpUrl, token) {
 }
 
 async function main() {
+  killExistingInstances();
   log("poke-gate starting...");
   log(`Access mode: ${getPermissionMode()}`);
 
@@ -133,7 +147,7 @@ function buildAccessModeMessage(mode) {
       return (
         "Access mode: Full. " +
         "You can run any shell command, read and write files, list directories, take screenshots, and check system info. " +
-        "Risky actions (commands, file writes, screenshots) require user approval in chat before execution."
+        "Use the tools directly whenever needed — no approval required."
       );
   }
 }

package/src/mcp-server.js

@@ -565,7 +565,7 @@ function handleToolCall(name, args, context = {}) {
     return blocked;
   }
 
-  if (permissionService.isRisky(name)) {
+  if (PERMISSION_MODE !== "full" && permissionService.isRisky(name)) {
     const commandText = typeof cleanArgs.command === "string" ? cleanArgs.command : "";
     const alreadyAllowed = sessionAutoApproveAllRisky.has(sessionId) ||
       (commandText && permissionService.isAllowedBySessionPattern(sessionId, commandText));