tmux-team 2.0.0-alpha.1 → 2.0.0-alpha.3

package/src/pm/permissions.ts

@@ -0,0 +1,278 @@
+// ─────────────────────────────────────────────────────────────
+// Permission system for PM commands
+// ─────────────────────────────────────────────────────────────
+
+import { execSync } from 'child_process';
+import type { ResolvedConfig, PaneEntry } from '../types.js';
+
+/**
+ * Permission expression format:
+ * pm:<resource>:<action>(<field1>,<field2>,...)
+ *
+ * Examples:
+ * - pm:task:list
+ * - pm:task:update(status)
+ * - pm:task:update(assignee,status)
+ * - pm:task:update(*) - wildcard, any field
+ * - pm:task:update - no fields, entire action
+ */
+
+export interface PermissionCheck {
+  resource: string; // task, milestone, team, doc, log
+  action: string; // list, show, create, update, read
+  fields: string[]; // sorted alphabetically
+}
+
+/**
+ * Build permission path from command context.
+ */
+export function buildPermissionPath(check: PermissionCheck): string {
+  const base = `pm:${check.resource}:${check.action}`;
+  if (check.fields.length === 0) {
+    return base;
+  }
+  // Sort fields alphabetically for canonical form
+  const sortedFields = [...check.fields].sort();
+  return `${base}(${sortedFields.join(',')})`;
+}
+
+/**
+ * Parse a deny pattern into its components.
+ */
+function parsePattern(pattern: string): {
+  resource: string;
+  action: string;
+  fields: string[] | '*' | null;
+} {
+  // Pattern format: pm:resource:action or pm:resource:action(fields) or pm:resource:action(*)
+  const match = pattern.match(/^pm:(\w+):(\w+)(?:\(([^)]*)\))?$/);
+  if (!match) {
+    return { resource: '', action: '', fields: null };
+  }
+
+  const [, resource, action, fieldsStr] = match;
+
+  if (fieldsStr === undefined) {
+    // No parentheses - blocks entire action
+    return { resource, action, fields: null };
+  }
+
+  if (fieldsStr === '*') {
+    // Wildcard - blocks any field
+    return { resource, action, fields: '*' };
+  }
+
+  // Specific fields
+  const fields = fieldsStr
+    .split(',')
+    .map((f) => f.trim())
+    .filter(Boolean);
+  return { resource, action, fields };
+}
+
+/**
+ * Check if a permission path matches a deny pattern.
+ */
+function matchesPattern(path: PermissionCheck, pattern: string): boolean {
+  const parsed = parsePattern(pattern);
+
+  // Resource and action must match
+  if (parsed.resource !== path.resource || parsed.action !== path.action) {
+    return false;
+  }
+
+  // No fields in pattern = block entire action
+  if (parsed.fields === null) {
+    return true;
+  }
+
+  // Wildcard = block if path has any fields
+  if (parsed.fields === '*') {
+    return path.fields.length > 0;
+  }
+
+  // Specific fields = block if path uses ANY of the denied fields
+  return parsed.fields.some((f) => path.fields.includes(f));
+}
+
+/**
+ * Get current tmux pane in "window.pane" format.
+ * Returns null if not running in tmux.
+ */
+function getCurrentPane(): string | null {
+  // Check if we're in tmux
+  if (!process.env.TMUX) {
+    return null;
+  }
+
+  try {
+    const result = execSync("tmux display-message -p '#{window_index}.#{pane_index}'", {
+      encoding: 'utf-8',
+      timeout: 1000,
+    }).trim();
+    return result || null;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Look up agent name by pane ID in the registry.
+ */
+function findAgentByPane(paneRegistry: Record<string, PaneEntry>, paneId: string): string | null {
+  for (const [agentName, entry] of Object.entries(paneRegistry)) {
+    if (entry.pane === paneId) {
+      return agentName;
+    }
+  }
+  return null;
+}
+
+export interface ActorResolution {
+  actor: string;
+  source: 'pane' | 'env' | 'default';
+  warning?: string;
+}
+
+/**
+ * Resolve current actor using pane registry as primary source.
+ *
+ * Priority:
+ * 1. Look up current tmux pane in pane registry → agent name
+ * 2. If not in registry → 'human' (full access)
+ *
+ * Warnings:
+ * - If TMT_AGENT_NAME is set but conflicts with pane registry → warn about spoofing
+ * - If TMT_AGENT_NAME is set but pane not in registry → warn about unregistered pane
+ */
+export function resolveActor(paneRegistry: Record<string, PaneEntry>): ActorResolution {
+  const envActor = process.env.TMT_AGENT_NAME || process.env.TMUX_TEAM_ACTOR;
+  const currentPane = getCurrentPane();
+
+  // Not in tmux - use env var or default to human
+  if (!currentPane) {
+    if (envActor) {
+      return { actor: envActor, source: 'env' };
+    }
+    return { actor: 'human', source: 'default' };
+  }
+
+  // In tmux - look up pane in registry
+  const paneAgent = findAgentByPane(paneRegistry, currentPane);
+
+  if (paneAgent) {
+    // Pane is registered to an agent
+    if (envActor && envActor !== paneAgent) {
+      // Env var conflicts with pane registry - warn about potential spoofing
+      return {
+        actor: paneAgent,
+        source: 'pane',
+        warning: `⚠️  Identity mismatch: TMT_AGENT_NAME="${envActor}" but pane ${currentPane} is registered to "${paneAgent}". Using pane identity.`,
+      };
+    }
+    return { actor: paneAgent, source: 'pane' };
+  }
+
+  // Pane not in registry
+  if (envActor) {
+    // Agent claims identity but pane not registered - warn
+    return {
+      actor: 'human',
+      source: 'default',
+      warning: `⚠️  Unregistered pane: TMT_AGENT_NAME="${envActor}" but pane ${currentPane} is not in registry. Treating as human (full access).`,
+    };
+  }
+
+  // Not registered, no env var - human
+  return { actor: 'human', source: 'default' };
+}
+
+/**
+ * Get current actor (agent name or 'human').
+ * Legacy function for backward compatibility.
+ * Reads from TMT_AGENT_NAME or TMUX_TEAM_ACTOR env vars.
+ */
+export function getCurrentActor(): string {
+  return process.env.TMT_AGENT_NAME || process.env.TMUX_TEAM_ACTOR || 'human';
+}
+
+export interface PermissionResult {
+  allowed: boolean;
+  actor: string;
+  source: 'pane' | 'env' | 'default';
+  warning?: string;
+}
+
+/**
+ * Check if an action is allowed for the current actor.
+ * Uses pane-based identity resolution with warnings for conflicts.
+ */
+export function checkPermission(config: ResolvedConfig, check: PermissionCheck): PermissionResult {
+  const resolution = resolveActor(config.paneRegistry);
+  const { actor, source, warning } = resolution;
+
+  // Human is always allowed (no deny patterns for human)
+  if (actor === 'human') {
+    return { allowed: true, actor, source, warning };
+  }
+
+  // Get agent config
+  const agentConfig = config.agents[actor];
+  if (!agentConfig || !agentConfig.deny || agentConfig.deny.length === 0) {
+    // No deny patterns = allow all
+    return { allowed: true, actor, source, warning };
+  }
+
+  // Check if any deny pattern matches
+  for (const pattern of agentConfig.deny) {
+    if (matchesPattern(check, pattern)) {
+      return { allowed: false, actor, source, warning };
+    }
+  }
+
+  return { allowed: true, actor, source, warning };
+}
+
+/**
+ * Simple permission check (legacy, for tests).
+ * Returns true if allowed, false if denied.
+ */
+export function checkPermissionSimple(config: ResolvedConfig, check: PermissionCheck): boolean {
+  return checkPermission(config, check).allowed;
+}
+
+/**
+ * Build permission check for common PM operations.
+ */
+export const PermissionChecks = {
+  // Task operations
+  taskList: (): PermissionCheck => ({ resource: 'task', action: 'list', fields: [] }),
+  taskShow: (): PermissionCheck => ({ resource: 'task', action: 'show', fields: [] }),
+  taskCreate: (): PermissionCheck => ({ resource: 'task', action: 'create', fields: [] }),
+  taskUpdate: (fields: string[]): PermissionCheck => ({
+    resource: 'task',
+    action: 'update',
+    fields,
+  }),
+  taskDelete: (): PermissionCheck => ({ resource: 'task', action: 'delete', fields: [] }),
+
+  // Milestone operations
+  milestoneList: (): PermissionCheck => ({ resource: 'milestone', action: 'list', fields: [] }),
+  milestoneCreate: (): PermissionCheck => ({ resource: 'milestone', action: 'create', fields: [] }),
+  milestoneUpdate: (fields: string[]): PermissionCheck => ({
+    resource: 'milestone',
+    action: 'update',
+    fields,
+  }),
+
+  // Doc operations
+  docRead: (): PermissionCheck => ({ resource: 'doc', action: 'read', fields: [] }),
+  docUpdate: (): PermissionCheck => ({ resource: 'doc', action: 'update', fields: [] }),
+
+  // Team operations
+  teamCreate: (): PermissionCheck => ({ resource: 'team', action: 'create', fields: [] }),
+  teamList: (): PermissionCheck => ({ resource: 'team', action: 'list', fields: [] }),
+
+  // Log operations
+  logRead: (): PermissionCheck => ({ resource: 'log', action: 'read', fields: [] }),
+};

package/src/pm/storage/fs.ts

@@ -161,8 +161,9 @@ export class FSAdapter implements StorageAdapter {
       updatedAt: this.now(),
     };
     this.writeJson(path.join(this.tasksDir, `${id}.json`), task);
-    // Create empty doc file
-    fs.writeFileSync(path.join(this.tasksDir, `${id}.md`), `# ${input.title}\n\n`);
+    // Create doc file with title and optional body
+    const docContent = input.body ? `# ${input.title}\n\n${input.body}\n` : `# ${input.title}\n\n`;
+    fs.writeFileSync(path.join(this.tasksDir, `${id}.md`), docContent);
     return task;
   }
 

package/src/pm/storage/github.ts

@@ -61,13 +61,13 @@ interface GHMilestone {
 // Local cache for ID mapping (task ID -> issue number)
 // ─────────────────────────────────────────────────────────────
 
-const CACHE_VERSION = 1;
+const CACHE_VERSION = 2;
 
 interface IdCache {
   version: number; // Cache format version for migrations
   repo: string; // Associated repo to detect cross-repo drift
   tasks: Record<string, number>; // task ID -> issue number
-  milestones: Record<string, number>; // milestone ID -> milestone number
+  milestones: Record<string, { number: number; name: string }>; // milestone ID -> {number, name}
   nextTaskId: number;
   nextMilestoneId: number;
 }
@@ -89,9 +89,12 @@ export class GitHubAdapter implements StorageAdapter {
   // Helper: Execute gh CLI command safely (no shell injection)
   // ─────────────────────────────────────────────────────────────
 
-  private gh(args: string[]): string {
+  private gh(args: string[], options?: { skipRepo?: boolean }): string {
     const fullArgs = [...args];
-    if (this.repo) {
+    // gh api doesn't accept --repo flag (repo is in the endpoint path)
+    // Other commands like 'gh issue' do accept --repo
+    const isApiCommand = args[0] === 'api';
+    if (this.repo && !isApiCommand && !options?.skipRepo) {
       fullArgs.push('--repo', this.repo);
     }
     // Use spawnSync with array args to avoid shell injection
@@ -195,7 +198,12 @@ export class GitHubAdapter implements StorageAdapter {
 
   private getMilestoneNumber(milestoneId: string): number | null {
     const cache = this.loadCache();
-    return cache.milestones[milestoneId] ?? null;
+    return cache.milestones[milestoneId]?.number ?? null;
+  }
+
+  private getMilestoneName(milestoneId: string): string | null {
+    const cache = this.loadCache();
+    return cache.milestones[milestoneId]?.name ?? null;
   }
 
   // ─────────────────────────────────────────────────────────────
@@ -226,7 +234,7 @@ export class GitHubAdapter implements StorageAdapter {
     if (issue.milestone?.number) {
       const c = cache || this.loadCache();
       const ghMilestoneNum = issue.milestone.number;
-      milestoneId = Object.entries(c.milestones).find(([, num]) => num === ghMilestoneNum)?.[0];
+      milestoneId = Object.entries(c.milestones).find(([, m]) => m.number === ghMilestoneNum)?.[0];
     }
 
     return {
@@ -352,10 +360,10 @@ export class GitHubAdapter implements StorageAdapter {
     ]);
     const ghMilestone = JSON.parse(result) as { number: number; title: string; created_at: string };
 
-    // Cache the ID mapping
+    // Cache the ID mapping (store both number and name)
     const cache = this.loadCache();
     const id = String(cache.nextMilestoneId++);
-    cache.milestones[id] = ghMilestone.number;
+    cache.milestones[id] = { number: ghMilestone.number, name: ghMilestone.title };
     this.saveCache(cache);
 
     return {
@@ -404,11 +412,11 @@ export class GitHubAdapter implements StorageAdapter {
 
       // Match with cached IDs, or create new mappings
       for (const ghm of ghMilestones) {
-        let id = Object.entries(cache.milestones).find(([, num]) => num === ghm.number)?.[0];
+        let id = Object.entries(cache.milestones).find(([, m]) => m.number === ghm.number)?.[0];
         if (!id) {
           // New milestone from GitHub, assign ID
           id = String(cache.nextMilestoneId++);
-          cache.milestones[id] = ghm.number;
+          cache.milestones[id] = { number: ghm.number, name: ghm.title };
         }
         milestones.push(this.milestoneToMilestone(ghm, id));
       }
@@ -468,24 +476,26 @@ export class GitHubAdapter implements StorageAdapter {
       'create',
       '--title',
       input.title,
+      '--body',
+      input.body || '', // Required for non-interactive mode
       '--label',
       LABELS.TASK,
       '--label',
       LABELS.PENDING,
     ];
 
-    // Add milestone if specified
+    // Add milestone if specified (gh issue create expects milestone name, not number)
     if (input.milestone) {
-      const milestoneNum = this.getMilestoneNumber(input.milestone);
-      if (milestoneNum) {
-        args.push('--milestone', String(milestoneNum));
+      const milestoneName = this.getMilestoneName(input.milestone);
+      if (milestoneName) {
+        args.push('--milestone', milestoneName);
       }
     }
 
-    // Add assignee if specified
-    if (input.assignee) {
-      args.push('--assignee', input.assignee);
-    }
+    // NOTE: Assignee is intentionally NOT supported for GitHub backend.
+    // Agent names (e.g., "codex") don't map to GitHub usernames, and passing
+    // them could accidentally notify unrelated GitHub users or fail silently.
+    // Use labels or comments for agent attribution instead.
 
     // Create issue and get its number
     const url = this.gh(args);
@@ -528,7 +538,14 @@ export class GitHubAdapter implements StorageAdapter {
   }
 
   async listTasks(filter?: ListTasksFilter): Promise<Task[]> {
-    const cache = this.loadCache();
+    let cache = this.loadCache();
+
+    // Rebuild milestone cache if empty (e.g., after cache reset)
+    if (Object.keys(cache.milestones).length === 0) {
+      await this.listMilestones(); // This populates the cache
+      cache = this.loadCache(); // Reload updated cache
+    }
+
     const args = [
       'issue',
       'list',
@@ -548,18 +565,15 @@ export class GitHubAdapter implements StorageAdapter {
       args.push('--state', 'all');
     }
 
-    // Filter by milestone
+    // Filter by milestone (gh issue list expects milestone name)
     if (filter?.milestone) {
-      const milestoneNum = this.getMilestoneNumber(filter.milestone);
-      if (milestoneNum) {
-        args.push('--milestone', String(milestoneNum));
+      const milestoneName = this.getMilestoneName(filter.milestone);
+      if (milestoneName) {
+        args.push('--milestone', milestoneName);
       }
     }
 
-    // Filter by assignee
-    if (filter?.assignee) {
-      args.push('--assignee', filter.assignee);
-    }
+    // NOTE: Assignee filter not supported for GitHub backend (security risk)
 
     // Only get tmux-team managed issues (all have TASK label)
     args.push('--label', LABELS.TASK);
@@ -601,14 +615,12 @@ export class GitHubAdapter implements StorageAdapter {
       args.push('--title', input.title);
     }
 
-    if (input.assignee) {
-      args.push('--add-assignee', input.assignee);
-    }
+    // NOTE: Assignee updates are not supported for GitHub backend (security risk)
 
     if (input.milestone) {
-      const milestoneNum = this.getMilestoneNumber(input.milestone);
-      if (milestoneNum) {
-        args.push('--milestone', String(milestoneNum));
+      const milestoneName = this.getMilestoneName(input.milestone);
+      if (milestoneName) {
+        args.push('--milestone', milestoneName);
       }
     }
 

package/src/pm/types.ts

@@ -41,6 +41,7 @@ export interface AuditEvent {
 
 export interface CreateTaskInput {
   title: string;
+  body?: string;
   milestone?: string;
   assignee?: string;
 }
@@ -77,3 +78,8 @@ export interface TeamConfig {
   backend: StorageBackend;
   repo?: string; // GitHub repo (owner/repo format) for github backend
 }
+
+export interface TeamWithConfig extends Team {
+  backend: StorageBackend;
+  repo?: string;
+}

package/src/types.ts

@@ -4,6 +4,7 @@
 
 export interface AgentConfig {
   preamble?: string;
+  deny?: string[]; // Permission deny patterns, e.g., ["pm:task:update(status)"]
 }
 
 export interface PaneEntry {
@@ -24,6 +25,16 @@ export interface GlobalConfig {
   agents: Record<string, AgentConfig>;
 }
 
+export interface LocalSettings {
+  mode?: 'polling' | 'wait';
+  preambleMode?: 'always' | 'disabled';
+}
+
+export interface LocalConfigFile {
+  $config?: LocalSettings;
+  [agentName: string]: PaneEntry | LocalSettings | undefined;
+}
+
 export interface LocalConfig {
   [agentName: string]: PaneEntry;
 }

package/src/ui.ts

@@ -6,6 +6,9 @@ import type { UI } from './types.js';
 
 const isTTY = process.stdout.isTTY;
 
+// Strip ANSI escape codes for accurate length calculation
+const stripAnsi = (s: string) => s.replace(/\x1b\[[0-9;]*m/g, '');
+
 export const colors = {
   red: (s: string) => (isTTY ? `\x1b[31m${s}\x1b[0m` : s),
   green: (s: string) => (isTTY ? `\x1b[32m${s}\x1b[0m` : s),
@@ -46,18 +49,24 @@ export function createUI(jsonMode: boolean): UI {
       console.error(`${colors.red('✗')} ${msg}`);
     },
     table: (headers: string[], rows: string[][]) => {
-      // Calculate column widths
+      // Calculate column widths (strip ANSI codes for accurate length)
       const widths = headers.map((h, i) =>
-        Math.max(h.length, ...rows.map((r) => (r[i] || '').length))
+        Math.max(h.length, ...rows.map((r) => stripAnsi(r[i] || '').length))
       );
 
       // Print header
       console.log('  ' + headers.map((h, i) => colors.yellow(h.padEnd(widths[i]))).join(' '));
       console.log('  ' + widths.map((w) => '─'.repeat(w)).join(' '));
 
-      // Print rows
+      // Print rows (pad based on visible length, not byte length)
       for (const row of rows) {
-        console.log('  ' + row.map((c, i) => (c || '-').padEnd(widths[i])).join(' '));
+        const cells = row.map((c, i) => {
+          const cell = c || '-';
+          const visibleLen = stripAnsi(cell).length;
+          const padding = ' '.repeat(Math.max(0, widths[i] - visibleLen));
+          return cell + padding;
+        });
+        console.log('  ' + cells.join(' '));
       }
     },
     json: (data: unknown) => {