thinkpool-pair 0.6.14 → 0.6.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/claude-session.mjs +19 -7
- package/package.json +1 -1
package/claude-session.mjs
CHANGED
|
@@ -54,6 +54,21 @@ export function isSafeDocWrite(toolName, input) {
|
|
|
54
54
|
return SAFE_DOC_RE.test(p)
|
|
55
55
|
}
|
|
56
56
|
|
|
57
|
+
// The full auto-allow decision (exported for the contract test, so the policy
|
|
58
|
+
// can't drift away from docs/specs/2026-06-15-paired-permission-safe-doc-writes.md).
|
|
59
|
+
// Mirrors the PreToolUse policy: reads always; bypass mode always; acceptEdits for
|
|
60
|
+
// non-high writes; mandated safe-doc writes always; per tool:risk "always allow".
|
|
61
|
+
export function autoAllow({ toolName, input, mode = 'default', alwaysAllow = new Set() }) {
|
|
62
|
+
const risk = classifyRisk(toolName, input)
|
|
63
|
+
return (
|
|
64
|
+
risk === 'low' ||
|
|
65
|
+
mode === 'bypassPermissions' ||
|
|
66
|
+
(mode === 'acceptEdits' && WRITE_TOOLS.has(toolName) && risk !== 'high') ||
|
|
67
|
+
isSafeDocWrite(toolName, input) ||
|
|
68
|
+
alwaysAllow.has(`${toolName}:${risk}`)
|
|
69
|
+
)
|
|
70
|
+
}
|
|
71
|
+
|
|
57
72
|
// ── input stream — a generator we keep open and feed turns into ──
|
|
58
73
|
function makeInputStream() {
|
|
59
74
|
const queue = []
|
|
@@ -162,12 +177,7 @@ export function startClaudeSession({ cwd, model, resume, onEvent, requestPermiss
|
|
|
162
177
|
// never silently allows a future destructive one (high always re-asks).
|
|
163
178
|
const sig = `${toolName}:${risk}`
|
|
164
179
|
const safeDoc = isSafeDocWrite(toolName, toolInput)
|
|
165
|
-
const auto =
|
|
166
|
-
risk === 'low' ||
|
|
167
|
-
mode === 'bypassPermissions' ||
|
|
168
|
-
(mode === 'acceptEdits' && WRITE_TOOLS.has(toolName) && risk !== 'high') ||
|
|
169
|
-
safeDoc ||
|
|
170
|
-
alwaysAllow.has(sig)
|
|
180
|
+
const auto = autoAllow({ toolName, input: toolInput, mode, alwaysAllow })
|
|
171
181
|
let decision = 'allow'
|
|
172
182
|
if (!auto) {
|
|
173
183
|
try {
|
|
@@ -186,7 +196,9 @@ export function startClaudeSession({ cwd, model, resume, onEvent, requestPermiss
|
|
|
186
196
|
permissionDecision: denied ? 'deny' : 'allow',
|
|
187
197
|
permissionDecisionReason: denied
|
|
188
198
|
? 'Denied by the user in the ThinkPool room. Do not retry this tool — ask what to do instead.'
|
|
189
|
-
: auto
|
|
199
|
+
: auto
|
|
200
|
+
? (safeDoc ? 'Auto-approved (mandated doc write — .claude/SESSIONS/ or CLAUDE.md).' : `Auto-approved (${mode}).`)
|
|
201
|
+
: 'Approved in the ThinkPool room.',
|
|
190
202
|
},
|
|
191
203
|
}
|
|
192
204
|
}
|