thinkpool-pair 0.6.13 → 0.6.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bridge.mjs +6 -0
- package/claude-session.mjs +35 -6
- package/package.json +1 -1
package/bridge.mjs
CHANGED
|
@@ -217,6 +217,9 @@ const name = process.env.TP_NAME || os.userInfo().username || 'host'
|
|
|
217
217
|
// Cheap reads, no subprocess: directory name + .git/HEAD.
|
|
218
218
|
const cwd = process.cwd()
|
|
219
219
|
const repoLabel = path.basename(cwd)
|
|
220
|
+
// thinkpool-pair's own version — surfaced in the room's welcome banner.
|
|
221
|
+
let VERSION = null
|
|
222
|
+
try { VERSION = JSON.parse(fs.readFileSync(new URL('./package.json', import.meta.url), 'utf8')).version } catch { /* unknown — banner omits it */ }
|
|
220
223
|
let branch = null
|
|
221
224
|
try {
|
|
222
225
|
const head = fs.readFileSync(path.join(cwd, '.git', 'HEAD'), 'utf8').trim()
|
|
@@ -270,6 +273,9 @@ const bcast = (event, payload) => {
|
|
|
270
273
|
const announce = () =>
|
|
271
274
|
bcast('bridge', {
|
|
272
275
|
v: 2, name, repo: repoLabel, branch,
|
|
276
|
+
// cwd + version: the host's working dir + thinkpool-pair version, shown in
|
|
277
|
+
// the room's welcome banner. Re-sent per announce so late joiners get them.
|
|
278
|
+
cwd, version: VERSION,
|
|
273
279
|
// updir: where room file-drops land (forward-slash normalised — the web
|
|
274
280
|
// client string-joins host paths onto it; Node accepts `/` on Windows).
|
|
275
281
|
updir: UPDIR.split(path.sep).join('/'),
|
package/claude-session.mjs
CHANGED
|
@@ -39,6 +39,36 @@ export function classifyRisk(toolName, input) {
|
|
|
39
39
|
return 'medium'
|
|
40
40
|
}
|
|
41
41
|
|
|
42
|
+
// ── safe-doc writes — auto-allow regardless of permission mode ──
|
|
43
|
+
// The repo MANDATES end-of-session writes (devlogs under .claude/SESSIONS/, and
|
|
44
|
+
// CLAUDE.md updates). They're append-only documentation with no runtime blast
|
|
45
|
+
// radius. Carding them in `default` mode dead-ended a phone-driven paired session
|
|
46
|
+
// (2026-06-15 SESSIONS-gate: every write threw a room card, deny-default + the
|
|
47
|
+
// "do not retry" deny-reason made Claude abandon the write and re-explain). These
|
|
48
|
+
// paths skip the card always; Bash/network/destructive/other writes are unchanged.
|
|
49
|
+
// Spec: docs/specs/2026-06-15-paired-permission-safe-doc-writes.md.
|
|
50
|
+
const SAFE_DOC_RE = /(^|\/)\.claude\/SESSIONS\/|(^|\/)CLAUDE\.md$/
|
|
51
|
+
export function isSafeDocWrite(toolName, input) {
|
|
52
|
+
if (!WRITE_TOOLS.has(toolName)) return false
|
|
53
|
+
const p = (input && (input.file_path || input.notebook_path)) || ''
|
|
54
|
+
return SAFE_DOC_RE.test(p)
|
|
55
|
+
}
|
|
56
|
+
|
|
57
|
+
// The full auto-allow decision (exported for the contract test, so the policy
|
|
58
|
+
// can't drift away from docs/specs/2026-06-15-paired-permission-safe-doc-writes.md).
|
|
59
|
+
// Mirrors the PreToolUse policy: reads always; bypass mode always; acceptEdits for
|
|
60
|
+
// non-high writes; mandated safe-doc writes always; per tool:risk "always allow".
|
|
61
|
+
export function autoAllow({ toolName, input, mode = 'default', alwaysAllow = new Set() }) {
|
|
62
|
+
const risk = classifyRisk(toolName, input)
|
|
63
|
+
return (
|
|
64
|
+
risk === 'low' ||
|
|
65
|
+
mode === 'bypassPermissions' ||
|
|
66
|
+
(mode === 'acceptEdits' && WRITE_TOOLS.has(toolName) && risk !== 'high') ||
|
|
67
|
+
isSafeDocWrite(toolName, input) ||
|
|
68
|
+
alwaysAllow.has(`${toolName}:${risk}`)
|
|
69
|
+
)
|
|
70
|
+
}
|
|
71
|
+
|
|
42
72
|
// ── input stream — a generator we keep open and feed turns into ──
|
|
43
73
|
function makeInputStream() {
|
|
44
74
|
const queue = []
|
|
@@ -146,11 +176,8 @@ export function startClaudeSession({ cwd, model, resume, onEvent, requestPermiss
|
|
|
146
176
|
// "Don't ask again" is keyed by tool + risk tier, so allowing medium Bash
|
|
147
177
|
// never silently allows a future destructive one (high always re-asks).
|
|
148
178
|
const sig = `${toolName}:${risk}`
|
|
149
|
-
const
|
|
150
|
-
|
|
151
|
-
mode === 'bypassPermissions' ||
|
|
152
|
-
(mode === 'acceptEdits' && WRITE_TOOLS.has(toolName) && risk !== 'high') ||
|
|
153
|
-
alwaysAllow.has(sig)
|
|
179
|
+
const safeDoc = isSafeDocWrite(toolName, toolInput)
|
|
180
|
+
const auto = autoAllow({ toolName, input: toolInput, mode, alwaysAllow })
|
|
154
181
|
let decision = 'allow'
|
|
155
182
|
if (!auto) {
|
|
156
183
|
try {
|
|
@@ -169,7 +196,9 @@ export function startClaudeSession({ cwd, model, resume, onEvent, requestPermiss
|
|
|
169
196
|
permissionDecision: denied ? 'deny' : 'allow',
|
|
170
197
|
permissionDecisionReason: denied
|
|
171
198
|
? 'Denied by the user in the ThinkPool room. Do not retry this tool — ask what to do instead.'
|
|
172
|
-
: auto
|
|
199
|
+
: auto
|
|
200
|
+
? (safeDoc ? 'Auto-approved (mandated doc write — .claude/SESSIONS/ or CLAUDE.md).' : `Auto-approved (${mode}).`)
|
|
201
|
+
: 'Approved in the ThinkPool room.',
|
|
173
202
|
},
|
|
174
203
|
}
|
|
175
204
|
}
|