teleportation-cli 1.1.4 → 1.2.0

package/.claude/hooks/permission_request.mjs

@@ -82,6 +82,45 @@ const isValidSessionId = (id) => {
   return id && /^[a-f0-9-]{36}$/i.test(id);
 };
 
+// Timeout for daemon-state updates (extracted from magic number per code review)
+const DAEMON_STATE_UPDATE_TIMEOUT_MS = 3000;
+
+/**
+ * Update daemon state with timeout and proper resource cleanup.
+ * Returns true if update succeeded, false otherwise.
+ * @param {string} relayApiUrl - Relay API base URL
+ * @param {string} sessionId - Session ID to update
+ * @param {object} state - State object to patch (e.g., { is_away: true })
+ * @param {string} apiKey - API key for authorization
+ * @param {function} log - Logging function
+ * @returns {Promise<boolean>} - True if update succeeded
+ */
+const updateDaemonState = async (relayApiUrl, sessionId, state, apiKey, log) => {
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => controller.abort(), DAEMON_STATE_UPDATE_TIMEOUT_MS);
+  try {
+    const res = await fetch(`${relayApiUrl}/api/sessions/${sessionId}/daemon-state`, {
+      method: 'PATCH',
+      headers: {
+        'Content-Type': 'application/json',
+        'Authorization': `Bearer ${apiKey}`
+      },
+      body: JSON.stringify(state),
+      signal: controller.signal
+    });
+    if (!res.ok) {
+      log(`[TRACE] daemon-state update returned ${res.status}`);
+      return false;
+    }
+    return true;
+  } catch (e) {
+    log(`[TRACE] daemon-state update failed: ${e.message}`);
+    return false;
+  } finally {
+    clearTimeout(timeoutId);
+  }
+};
+
 const fetchJson = async (url, opts) => {
   const res = await fetch(url, opts);
   if (!res.ok) {
@@ -126,6 +165,31 @@ const fetchJson = async (url, opts) => {
     return exit(0);
   }
 
+  // For autonomous tasks, use parent session ID for approvals
+  // This ensures approvals appear in the timeline the user is viewing
+  const raw_parent_session_id = env.TELEPORTATION_PARENT_SESSION_ID;
+
+  // Validate parent_session_id if provided to prevent injection
+  // Only use if it passes validation, otherwise fall back to session_id
+  const parent_session_id = (raw_parent_session_id && isValidSessionId(raw_parent_session_id))
+    ? raw_parent_session_id
+    : null;
+
+  if (raw_parent_session_id && !parent_session_id) {
+    log(`Warning: Invalid TELEPORTATION_PARENT_SESSION_ID format, ignoring: ${raw_parent_session_id}`);
+  }
+  const approval_session_id = parent_session_id || session_id;
+  const child_session_id = parent_session_id ? session_id : null;
+
+  if (parent_session_id) {
+    log(`Using parent session ${parent_session_id} for approvals (child session: ${session_id})`);
+  }
+
+  // Detect message source
+  const isAutonomousTask = env.TELEPORTATION_TASK_MODE === 'true' || !!parent_session_id;
+  const source = isAutonomousTask ? 'autonomous_task' : 'cli_interactive';
+  log(`Message source: ${source}`);
+
   // Load config
   let config;
   try {
@@ -151,14 +215,64 @@ const fetchJson = async (url, opts) => {
     return exit(0);
   }
 
-  // Check if session is in "away" mode
+  // Auto-detect away mode based on last approval location
   let isAway = false;
+  let autoDetected = false;
+
+  // Force away mode if running as a daemon-spawned task
+  // TELEPORTATION_TASK_MODE is set by task-executor.js when spawning Claude for task execution
+  const isTaskMode = env.TELEPORTATION_TASK_MODE === 'true';
+  if (isTaskMode) {
+    isAway = true;
+    log(`[PermissionRequest] Task mode detected - forcing away mode for remote approval`);
+  }
+
   try {
-    const state = await fetchJson(`${RELAY_API_URL}/api/sessions/${session_id}/daemon-state`, {
+    const state = await fetchJson(`${RELAY_API_URL}/api/sessions/${approval_session_id}/daemon-state`, {
       headers: { 'Authorization': `Bearer ${RELAY_API_KEY}` }
     });
-    isAway = !!state.is_away;
-    log(`Session away status: ${isAway}`);
+
+    // Skip auto-toggle if task mode is forcing away
+    if (isTaskMode) {
+      log(`Task mode: skipping auto-detection, using forced away mode`);
+    } else {
+      // Auto-toggle based on last interaction source
+      const lastLocation = state.last_approval_location;
+      if (lastLocation === 'mobile') {
+        // Last approval was from mobile → user is away
+        isAway = true;
+        autoDetected = true;
+        log(`Auto-detected: user away (last approval from mobile)`);
+      } else if (lastLocation === 'local') {
+        // Last approval was local → user is present
+        isAway = false;
+        autoDetected = true;
+        log(`Auto-detected: user present (last approval from local)`);
+      } else {
+        // Use existing is_away flag if no approval history
+        isAway = !!state.is_away;
+        log(`Session away status: ${isAway} (no auto-detection)`);
+      }
+    }
+
+    // Update daemon state if auto-detected different from current
+    // Use approval_session_id for consistency with session registration
+    if (autoDetected && isAway !== !!state.is_away) {
+      log(`Updating away status: ${state.is_away} → ${isAway}`);
+      try {
+        await fetchJson(`${RELAY_API_URL}/api/sessions/${approval_session_id}/daemon-state`, {
+          method: 'PATCH',
+          headers: {
+            'Content-Type': 'application/json',
+            'Authorization': `Bearer ${RELAY_API_KEY}`
+          },
+          body: JSON.stringify({ is_away: isAway })
+        });
+        log(`Updated session away status to: ${isAway}`);
+      } catch (updateErr) {
+        log(`Warning: Failed to update away status: ${updateErr.message}`);
+      }
+    }
   } catch (e) {
     // Fail-safe: if relay is down, assume user is present (safer default)
     const failSafe = env.AWAY_CHECK_FAIL_SAFE || 'present';
@@ -205,7 +319,7 @@ const fetchJson = async (url, opts) => {
         'Content-Type': 'application/json',
         'Authorization': `Bearer ${RELAY_API_KEY}`
       },
-      body: JSON.stringify({ session_id, reason: 'New permission request' })
+      body: JSON.stringify({ session_id: approval_session_id, reason: 'New permission request' })
     });
   } catch (e) {
     log(`Warning: Failed to invalidate old approvals: ${e.message}`);
@@ -234,12 +348,14 @@ const fetchJson = async (url, opts) => {
       }
 
       if (lastUserMessage) {
+        const CONTEXT_LIMIT = 2000;
+        const truncated = lastUserMessage.length > CONTEXT_LIMIT;
         conversation_context = {
-          user_last_message: lastUserMessage.slice(0, 500), // Truncate to 500 chars
+          user_last_message: truncated ? lastUserMessage.slice(0, CONTEXT_LIMIT) + '...' : lastUserMessage,
           claude_reasoning: null, // Phase 2: extract Claude's reasoning
           timestamp: Date.now()
         };
-        log(`Extracted conversation context: user_message="${lastUserMessage.slice(0, 50)}..."`);
+        log(`Extracted conversation context (truncated: ${truncated}): user_message="${conversation_context.user_last_message.slice(0, 50)}..."`);
       }
     } catch (e) {
       log(`Warning: Failed to extract conversation context: ${e.message}`);
@@ -247,20 +363,47 @@ const fetchJson = async (url, opts) => {
   }
 
   // Fallback: Generate tool_use_id if not provided (defensive programming)
-  const effective_tool_use_id = tool_use_id || `tool_${Date.now()}_${Math.random().toString(36).substring(2, 9)}`;
+  const effective_tool_use_id = tool_use_id || `tool_${crypto.randomUUID()}`;
   if (!tool_use_id) {
     log(`Warning: tool_use_id not provided, generated fallback: ${effective_tool_use_id}`);
   }
 
+  // Add child session ID to metadata if this is an autonomous task
+  if (child_session_id) {
+    meta.child_session_id = child_session_id;
+    meta.is_autonomous_task = true;
+  }
+
+  // Fetch session to get owner_id (PRD-0018: Multi-tenancy)
+  let owner_id = null;
+  try {
+    log(`Fetching session ${approval_session_id} to get owner_id for approval`);
+    const sessionResponse = await fetch(`${RELAY_API_URL}/api/sessions/${approval_session_id}`, {
+      headers: { 'Authorization': `Bearer ${RELAY_API_KEY}` }
+    });
+    
+    if (sessionResponse.ok) {
+      const session = await sessionResponse.json();
+      owner_id = session.owner_id;
+      log(`Retrieved owner_id: ${owner_id} from session`);
+    } else {
+      log(`Warning: Failed to fetch session (HTTP ${sessionResponse.status}). Creating orphan approval.`);
+    }
+  } catch (e) {
+    log(`Warning: Failed to fetch session owner_id: ${e.message}`);
+    // Continue without owner_id - will create orphan approval
+  }
+
   // Create approval request with metadata and context (PRD-0013)
   let approvalId;
   try {
     const payload = {
-      session_id,
+      session_id: approval_session_id,  // Use parent session for autonomous tasks
       tool_name,
       tool_input,
       meta,
       tool_use_id: effective_tool_use_id,
+      owner_id,  // PRD-0018: Associate approval with user
     };
     // Only include conversation_context if not null
     // API validation expects it to be an object, not null
@@ -272,7 +415,7 @@ const fetchJson = async (url, opts) => {
     // if (transcript_excerpt !== null) payload.transcript_excerpt = transcript_excerpt;
 
     log(`Creating approval with payload: ${JSON.stringify(payload).substring(0, 500)}`);
-    const created = await fetchJson(`${RELAY_API_URL}/api/approvals`, {
+    const approvalRes = await fetch(`${RELAY_API_URL}/api/approvals`, {
       method: 'POST',
       headers: {
         'Content-Type': 'application/json',
@@ -280,30 +423,83 @@ const fetchJson = async (url, opts) => {
       },
       body: JSON.stringify(payload)
     });
+
+    const created = await approvalRes.json();
+    if (!approvalRes.ok) {
+      throw new Error(created.error || `HTTP ${approvalRes.status}`);
+    }
+
+    if (created.warning === 'orphan_approval') {
+      process.stderr.write('⚠️  Warning: Approval created without owner context. It may not be visible in all devices.\n');
+    }
+
     approvalId = created.id;
-    log(`Approval created: ${approvalId} (tool_use_id: ${effective_tool_use_id})`);
+    log(`Created approval: ${approvalId}`);
   } catch (e) {
-    log(`ERROR creating approval: ${e.message}`);
-    log(`Error stack: ${e.stack}`);
-    return exit(0); // Let Claude Code handle it
+    log(`ERROR: Failed to create approval: ${e.message}`);
+    process.stderr.write(`[teleportation] Error: Could not request remote approval: ${e.message}\n`);
+    // Fall back to local prompt if approval creation fails
+    return process.stdout.write(JSON.stringify({ decision: 'ask', reason: `Remote approval request failed: ${e.message}` }));
   }
 
-  // If user is PRESENT: return immediately and let Claude Code show its native prompt
-  // The approval is now visible in mobile UI. If user approves locally:
-  // - PostToolUse will invalidate the approval
-  // - Mobile UI will filter it out (any timeline event after approval = stale)
-  if (!isAway) {
-    log(`User is present - approval ${approvalId} created for mobile visibility, letting Claude Code handle locally`);
-    return exit(0);
-  }
+  // DESIGN RATIONALE: Hybrid Approval Flow
+  // ========================================
+  // This polling loop supports "hybrid approval" where users can approve from
+  // EITHER their local CLI OR mobile app, regardless of away/present mode:
+  //
+  // - User PRESENT: Claude Code shows native prompt AND we poll for mobile approval.
+  //   If user approves locally, PostToolUse hook invalidates the remote approval.
+  //   If user approves via mobile, we detect it here and proceed.
+  //
+  // - User AWAY: Claude Code prompt is suppressed, we poll for mobile approval.
+  //   User must approve via mobile to continue.
+  //
+  // WHY NO MODE-AWARE TIMEOUTS:
+  // Old design had 5s timeout for present, 60s for away. This caused issues:
+  // 1. User at computer who wants to approve via mobile (e.g., testing) couldn't
+  // 2. Quick timeouts caused unnecessary daemon handoffs
+  // 3. Users stepping away briefly got their approvals handed to daemon
+  //
+  // The 1-hour timeout (configurable) allows flexible approval from either location.
+  // Circuit breaker prevents indefinite polling. Local approvals invalidate remote.
+  //
+  log(`${isAway ? 'User is away' : 'User is present'} - polling for approval...`);
 
-  // User is AWAY - poll for remote approval decision
-  log(`User is away - polling for remote approval decision (timeout=${FAST_APPROVAL_TIMEOUT_MS}ms)...`);
   let consecutiveFailures = 0;
   const MAX_CONSECUTIVE_FAILURES = 5;
 
-  const deadline = Date.now() + FAST_APPROVAL_TIMEOUT_MS;
-  while (Date.now() < deadline) {
+  // Circuit breaker: max 1 hour (1800 polls at 2s interval) or configurable via env
+  // Bounds: iterations 10-10000, timeout 60s-4hrs to prevent DoS and misconfiguration
+  const rawIterations = parseInt(env.APPROVAL_MAX_POLL_ITERATIONS || '1800', 10);
+  const rawTimeout = parseInt(env.APPROVAL_MAX_TIMEOUT_MS || '3600000', 10);
+  const MAX_POLL_ITERATIONS = Math.max(10, Math.min(10000, isNaN(rawIterations) ? 1800 : rawIterations));
+  const MAX_POLL_TIMEOUT_MS = Math.max(60000, Math.min(14400000, isNaN(rawTimeout) ? 3600000 : rawTimeout));
+  const pollStartTime = Date.now();
+  let pollIterations = 0;
+
+  // Poll with circuit breaker limits
+  while (true) {
+    pollIterations++;
+
+    // Circuit breaker: check iteration limit
+    if (pollIterations > MAX_POLL_ITERATIONS) {
+      log(`Circuit breaker: exceeded max poll iterations (${MAX_POLL_ITERATIONS})`);
+      // Fall back to daemon handoff
+      return process.stdout.write(JSON.stringify({
+        decision: 'deny',
+        reason: 'Approval polling exceeded maximum iterations - handed off to daemon'
+      }));
+    }
+
+    // Circuit breaker: check timeout
+    if (Date.now() - pollStartTime > MAX_POLL_TIMEOUT_MS) {
+      log(`Circuit breaker: exceeded max poll timeout (${MAX_POLL_TIMEOUT_MS}ms)`);
+      // Fall back to daemon handoff
+      return process.stdout.write(JSON.stringify({
+        decision: 'deny',
+        reason: 'Approval polling exceeded maximum timeout - handed off to daemon'
+      }));
+    }
     try {
       const status = await fetchJson(`${RELAY_API_URL}/api/approvals/${approvalId}`, {
         headers: { 'Authorization': `Bearer ${RELAY_API_KEY}` }
@@ -312,37 +508,168 @@ const fetchJson = async (url, opts) => {
 
       if (status.status === 'allowed') {
         log('Remote approval: ALLOWED');
+
+        // Auto-detect away mode: if approval came from mobile, switch to away mode
+        // This enables seamless handoff when user approves from mobile
+        if (status.decision_location === 'mobile') {
+          // Timeline: Mobile approval detected
+          log('[TIMELINE-DEBUG] About to log approval_processing event');
+          try {
+            await fetchJson(`${RELAY_API_URL}/api/timeline`, {
+              method: 'POST',
+              headers: {
+                'Content-Type': 'application/json',
+                'Authorization': `Bearer ${RELAY_API_KEY}`
+              },
+              body: JSON.stringify({
+                session_id: approval_session_id,
+                type: 'approval_processing',
+                source,
+                data: {
+                  tool_name,
+                  approval_id: approvalId,
+                  decision_location: 'mobile',
+                  message: 'Mobile approval detected - processing handoff'
+                }
+              })
+            });
+            log('[TIMELINE-DEBUG] Successfully logged approval_processing event');
+          } catch (e) {
+            log(`[TIMELINE-DEBUG] Failed to log approval_processing: ${e.message}`);
+          }
+
+          {
+            log('[TRACE] Approval came from mobile - starting auto-switch to away mode');
+            // Use helper function with proper timeout and resource cleanup
+            const updateSuccess = await updateDaemonState(
+              RELAY_API_URL,
+              approval_session_id,
+              { is_away: true, last_approval_location: 'mobile' },
+              RELAY_API_KEY,
+              log
+            );
+
+            // Timeline: Mode switched to away - ONLY log if daemon-state update succeeded
+            // This prevents logging a mode switch that didn't actually happen
+            if (updateSuccess) {
+              log('[TRACE] daemon-state update completed successfully');
+              try {
+                await fetchJson(`${RELAY_API_URL}/api/timeline`, {
+                  method: 'POST',
+                  headers: {
+                    'Content-Type': 'application/json',
+                    'Authorization': `Bearer ${RELAY_API_KEY}`
+                  },
+                  body: JSON.stringify({
+                    session_id: approval_session_id,
+                    type: 'mode_switched',
+                    source,
+                    data: {
+                      from: 'present',
+                      to: 'away',
+                      trigger: 'mobile_approval',
+                      approval_id: approvalId
+                    }
+                  })
+                });
+              } catch (e) {
+                log(`Warning: Failed to log timeline event: ${e.message}`);
+              }
+            } else {
+              log('[TRACE] Skipping mode_switched timeline event - daemon-state update failed');
+            }
+          }
+        } else if (status.decision_location === 'local') {
+          // Auto-switch to present mode when user approves locally
+          log('Approval came from CLI - auto-switching to present mode');
+          // Use helper function with proper timeout and resource cleanup
+          const updateSuccess = await updateDaemonState(
+            RELAY_API_URL,
+            approval_session_id,
+            { is_away: false, last_approval_location: 'local' },
+            RELAY_API_KEY,
+            log
+          );
+          if (!updateSuccess) {
+            log('Warning: Failed to auto-switch to present mode');
+          }
+        }
+
         // Acknowledge on the fast-path to prevent duplicate daemon execution.
-        try {
-          const ackRes = await fetch(`${RELAY_API_URL}/api/approvals/${approvalId}/ack`, {
-            method: 'POST',
-            headers: { 'Authorization': `Bearer ${RELAY_API_KEY}` }
-          });
-          if (!ackRes.ok) {
-            throw new Error(`ACK returned ${ackRes.status}`);
+        // PRD-0016: Implement 3-attempt exponential backoff for ACK
+        log('[TRACE] Starting ACK process');
+        let ackSuccess = false;
+        let ackAttempts = 0;
+        const MAX_ACK_ATTEMPTS = 3;
+
+        while (!ackSuccess && ackAttempts < MAX_ACK_ATTEMPTS) {
+          ackAttempts++;
+          log(`[TRACE] ACK attempt ${ackAttempts}/${MAX_ACK_ATTEMPTS}`);
+          try {
+            const ackRes = await fetch(`${RELAY_API_URL}/api/approvals/${approvalId}/ack`, {
+              method: 'POST',
+              headers: { 'Authorization': `Bearer ${RELAY_API_KEY}` }
+            });
+            if (ackRes.ok) {
+              ackSuccess = true;
+              log('[TRACE] ACK succeeded');
+            } else {
+              throw new Error(`ACK returned ${ackRes.status}`);
+            }
+          } catch (e) {
+            const delay = Math.pow(2, ackAttempts) * 100;
+            log(`[TRACE] ACK attempt ${ackAttempts} failed: ${e.message}. Retrying in ${delay}ms...`);
+            if (ackAttempts < MAX_ACK_ATTEMPTS) {
+              await sleep(delay);
+            }
           }
-        } catch (e) {
-          log(`ERROR: Failed to ack approval ${approvalId}: ${e.message} - aborting to prevent duplicate execution`);
-          const out = {
-            hookSpecificOutput: {
-              hookEventName: 'PermissionRequest',
-              permissionDecision: 'deny',
-              permissionDecisionReason: '⚠️ Teleportation: Approval received but acknowledgment failed. Request handed to daemon to prevent duplicate execution.'
-            },
-            suppressOutput: true
-          };
-          stdout.write(JSON.stringify(out));
-          return exit(0);
         }
+
+        if (!ackSuccess) {
+          log(`[TRACE] ERROR: All ${MAX_ACK_ATTEMPTS} ACK attempts failed for ${approvalId}. Allowing locally anyway.`);
+        }
+
+        // Timeline: ACK completed (mobile approvals only - more detail for mobile)
+        if (status.decision_location === 'mobile') {
+          try {
+            await fetchJson(`${RELAY_API_URL}/api/timeline`, {
+              method: 'POST',
+              headers: {
+                'Content-Type': 'application/json',
+                'Authorization': `Bearer ${RELAY_API_KEY}`
+              },
+              body: JSON.stringify({
+                session_id: approval_session_id,
+                type: 'approval_acknowledged',
+                source,
+                data: {
+                  tool_name,
+                  approval_id: approvalId,
+                  ack_success: ackSuccess,
+                  ack_attempts: ackAttempts,
+                  message: ackSuccess
+                    ? 'Approval acknowledged - executing tool locally'
+                    : 'ACK failed but proceeding anyway'
+                }
+              })
+            });
+          } catch (e) {
+            log(`Warning: Failed to log timeline event: ${e.message}`);
+          }
+        }
+
+        log('[TRACE] Returning allow decision to Claude Code');
         const out = {
           hookSpecificOutput: {
             hookEventName: 'PermissionRequest',
-            permissionDecision: 'allow',
-            permissionDecisionReason: 'Approved remotely via Teleportation'
-          },
-          suppressOutput: true
+            decision: {
+              behavior: 'allow'
+            }
+          }
         };
-        stdout.write(JSON.stringify(out));
+        stdout.write(JSON.stringify(out) + '\n');
+        log('[TRACE] Wrote allow decision to stdout with newline');
+        log('[TRACE] Hook exiting with exit(0)');
         return exit(0);
       }
 
@@ -357,8 +684,9 @@ const fetchJson = async (url, opts) => {
               'Authorization': `Bearer ${RELAY_API_KEY}`
             },
             body: JSON.stringify({
-              session_id,
+              session_id: approval_session_id,
               type: 'tool_denied',
+              source,
               data: {
                 tool_name,
                 tool_input: tool_input || {},
@@ -375,12 +703,14 @@ const fetchJson = async (url, opts) => {
         const out = {
           hookSpecificOutput: {
             hookEventName: 'PermissionRequest',
-            permissionDecision: 'deny',
-            permissionDecisionReason: 'Denied remotely via Teleportation'
-          },
-          suppressOutput: true
+            decision: {
+              behavior: 'deny',
+              message: status.decision_reason || 'Denied remotely via Teleportation'
+            }
+          }
         };
-        stdout.write(JSON.stringify(out));
+        stdout.write(JSON.stringify(out) + '\n');
+        log('[TRACE] Wrote deny decision to stdout with newline');
         return exit(0);
       }
 
@@ -400,30 +730,10 @@ const fetchJson = async (url, opts) => {
     await sleep(POLLING_INTERVAL_MS);
   }
 
-  // Timeout while user is away - hand off to daemon
-  log('Fast-path approval timeout - handing off to daemon');
-
-  try {
-    await fetch(`${RELAY_API_URL}/api/sessions/${session_id}/daemon-state`, {
-      method: 'PATCH',
-      headers: {
-        'Content-Type': 'application/json',
-        'Authorization': `Bearer ${RELAY_API_KEY}`
-      },
-      body: JSON.stringify({ last_approval_location: 'daemon_handoff', is_away: true })
-    });
-  } catch (e) {
-    log(`Warning: Failed to update daemon-state for handoff: ${e.message}`);
-  }
-
-  const out = {
-    hookSpecificOutput: {
-      hookEventName: 'PermissionRequest',
-      permissionDecision: 'deny',
-      permissionDecisionReason: '⏳ Teleportation: waiting for mobile approval timed out. This request was handed off to the daemon and will run in the background once approved.'
-    },
-    suppressOutput: true
-  };
-  stdout.write(JSON.stringify(out));
-  return exit(0);
+  // Safety fallback: should never reach here, but if loop exits unexpectedly, deny
+  log('ERROR: Polling loop exited unexpectedly - this should not happen');
+  return process.stdout.write(JSON.stringify({
+    decision: 'deny',
+    reason: 'Internal error: polling loop exited unexpectedly'
+  }));
 })();