agent-manager-cli 0.1.7__tar.gz → 0.1.9__tar.gz

{agent_manager_cli-0.1.7 → agent_manager_cli-0.1.9}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: agent-manager-cli
-Version: 0.1.7
+Version: 0.1.9
 Summary: CLI для удалённого управления AI-агентами — Node Agent, daemon, сканер сессий
 License-Expression: MIT
 Requires-Python: >=3.11

{agent_manager_cli-0.1.7 → agent_manager_cli-0.1.9}/am/cli.py

@@ -18,6 +18,7 @@ import argparse
 import asyncio
 import getpass
 import json
+import os
 import subprocess
 import sys
 from pathlib import Path
@@ -259,6 +260,7 @@ def format_control_response_for_stdin(
     allow: bool,
     original_input: dict | None = None,
     deny_message: str = "Denied by user",
+    destination: str | None = None,
 ) -> str:
     """Build a stream-json control_response for Claude's can_use_tool prompt.
 
@@ -268,12 +270,18 @@ def format_control_response_for_stdin(
 
     When allowing, we must echo back the input unchanged in `updatedInput`
     (Claude uses that to build the actual tool invocation).
+
+    `destination` (optional) supports "sticky" allow — Claude will remember
+    the decision for the rest of the session (`"session"`) or persist it
+    to local settings (`"localSettings"`).
     """
     if allow:
-        response_body = {
+        response_body: dict = {
             "behavior": "allow",
             "updatedInput": original_input or {},
         }
+        if destination in ("session", "localSettings"):
+            response_body["destination"] = destination
     else:
         response_body = {
             "behavior": "deny",
@@ -291,6 +299,21 @@ def format_control_response_for_stdin(
     )
 
 
+def format_control_request_for_stdin(subtype: str, **fields) -> str:
+    """Build a client→claude control_request with the given subtype and
+    payload fields. Handles `interrupt`, `set_model`, `set_permission_mode`,
+    and other control subtypes Claude supports over stream-json stdin."""
+    import uuid as _u
+
+    return json.dumps(
+        {
+            "type": "control_request",
+            "request_id": f"{subtype}-{_u.uuid4()}",
+            "request": {"subtype": subtype, **fields},
+        }
+    )
+
+
 def _log(prefix: str, msg: str) -> None:
     print(f"[{prefix}] {msg}", file=sys.stderr)
 
@@ -324,10 +347,39 @@ CLAUDE_PERMISSION_MODES_ALL = (
 )
 
 
+def _build_claude_hook_settings() -> str:
+    """Inline JSON payload for `claude --settings` that registers our
+    PreToolUse hook. The hook is `am permission-hook` — a subcommand of
+    this very CLI that forwards each permission request to the backend
+    and routes the user's answer back to Claude."""
+    # Quote sys.executable properly in case of spaces in path.
+    import shlex
+
+    cmd_str = f"{shlex.quote(sys.executable)} -m am permission-hook"
+    return json.dumps(
+        {
+            "hooks": {
+                "PreToolUse": [
+                    {
+                        "matcher": "*",
+                        "hooks": [
+                            {
+                                "type": "command",
+                                "command": cmd_str,
+                            }
+                        ],
+                    }
+                ]
+            }
+        }
+    )
+
+
 def _build_cli_command(
     cli: str,
     session_id: str,
     permission_mode: str | None = None,
+    with_permission_hook: bool = True,
 ) -> list[str]:
     """Build CLI-specific resume command.
 
@@ -350,6 +402,8 @@ def _build_cli_command(
         ]
         if permission_mode and permission_mode in CLAUDE_PERMISSION_MODES_ALL:
             cmd.extend(["--permission-mode", permission_mode])
+        if with_permission_hook:
+            cmd.extend(["--settings", _build_claude_hook_settings()])
         return cmd
     if cli == "codex":
         return ["codex", "resume", session_id, "--json"]
@@ -530,6 +584,7 @@ async def run_daemon_bidirectional(ws_url: str, ws_token: str, command: list[str
                     elif msg_type == "permission_response":
                         data = msg.get("data", {}) or {}
                         allow = bool(data.get("allow", False))
+                        destination = data.get("destination")
                         request_id = msg.get("request_id") or data.get("request_id")
                         if not request_id:
                             _log(
@@ -542,13 +597,38 @@ async def run_daemon_bidirectional(ws_url: str, ws_token: str, command: list[str
                                 request_id=request_id,
                                 allow=allow,
                                 original_input=original_input,
+                                destination=destination,
                             )
                             proc.stdin.write(ctrl + "\n")
                             proc.stdin.flush()
+                            sticky = f" sticky={destination}" if destination else ""
                             _log(
                                 "stdin",
-                                f"permission: {'allow' if allow else 'deny'} id={request_id[-8:]}",
+                                f"permission: {'allow' if allow else 'deny'}"
+                                f" id={request_id[-8:]}{sticky}",
                             )
+                    elif msg_type == "interrupt":
+                        # Cancel whatever Claude is currently doing without
+                        # killing the process. Equivalent to pressing Esc in
+                        # the TUI. Claude stops the in-flight tool and
+                        # returns control.
+                        if proc.stdin and not proc.stdin.closed:
+                            ctrl = format_control_request_for_stdin("interrupt")
+                            proc.stdin.write(ctrl + "\n")
+                            proc.stdin.flush()
+                            _log("stdin", "interrupt")
+                    elif msg_type == "set_model":
+                        model = msg.get("data", {}).get("model")
+                        if not model:
+                            _log("stdin", "set_model: missing model, ignoring")
+                        elif proc.stdin and not proc.stdin.closed:
+                            ctrl = format_control_request_for_stdin(
+                                "set_model",
+                                model=model,
+                            )
+                            proc.stdin.write(ctrl + "\n")
+                            proc.stdin.flush()
+                            _log("stdin", f"set_model: {model}")
                     elif msg_type == "set_permission_mode":
                         # Shift+Tab equivalent — send a control_request to
                         # Claude CLI so it updates its session permission
@@ -557,17 +637,11 @@ async def run_daemon_bidirectional(ws_url: str, ws_token: str, command: list[str
                         if mode not in CLAUDE_PERMISSION_MODES_ALL:
                             _log("stdin", f"set_permission_mode: ignoring unknown mode {mode!r}")
                         elif proc.stdin and not proc.stdin.closed:
-                            import uuid as _u
-
-                            ctrl = {
-                                "type": "control_request",
-                                "request_id": f"set-mode-{_u.uuid4()}",
-                                "request": {
-                                    "subtype": "set_permission_mode",
-                                    "mode": mode,
-                                },
-                            }
-                            proc.stdin.write(json.dumps(ctrl) + "\n")
+                            ctrl = format_control_request_for_stdin(
+                                "set_permission_mode",
+                                mode=mode,
+                            )
+                            proc.stdin.write(ctrl + "\n")
                             proc.stdin.flush()
                             _log("stdin", f"set_permission_mode: {mode}")
                     elif msg_type == "stop":
@@ -582,8 +656,39 @@ async def run_daemon_bidirectional(ws_url: str, ws_token: str, command: list[str
 
         stdout_task = asyncio.create_task(_read_stdout())
         ws_task = asyncio.create_task(_read_ws())
-        await stdout_task
-        ws_task.cancel()
+
+        # Run both in parallel. Normally stdout_task finishes first
+        # (Claude exits naturally at end of task). If ws_task finishes
+        # first it means the backend connection died — in that case we
+        # have no way to recover the session, so we terminate Claude
+        # so the daemon subprocess exits cleanly. The node agent will
+        # detect the dead subprocess and spawn a fresh one on the next
+        # attach command (with --continue --resume so history is kept).
+        done, _pending = await asyncio.wait(
+            [stdout_task, ws_task],
+            return_when=asyncio.FIRST_COMPLETED,
+        )
+
+        if ws_task in done and proc.returncode is None:
+            _log(
+                "daemon",
+                "WS closed while Claude is still running — terminating CLI "
+                "(node agent will respawn on next attach)",
+            )
+            try:
+                proc.terminate()
+            except ProcessLookupError:
+                pass
+
+        # Let remaining tasks clean up (stdout_task should exit once
+        # claude's stdout closes after terminate).
+        for task in (stdout_task, ws_task):
+            if not task.done():
+                task.cancel()
+                try:
+                    await task
+                except (asyncio.CancelledError, Exception):
+                    pass
 
     proc.wait()
     _log("daemon", f"Process exited with code {proc.returncode}")
@@ -814,8 +919,34 @@ async def _run_node_agent(
         async def _heartbeat():
             while True:
                 await asyncio.sleep(25)
+                # Reap any daemon subprocesses that have exited so we
+                # don't report them as alive.
+                dead = [
+                    aid for aid, p in daemon_procs.items()
+                    if p.returncode is not None
+                ]
+                for aid in dead:
+                    daemon_procs.pop(aid, None)
+
+                # Report live daemons to the backend so it can refresh
+                # `daemon:live:{id}` heartbeats. This is the source of
+                # truth for the UI's `is_daemon_alive` check — without
+                # it the backend has no way to know when a daemon
+                # subprocess is alive but its own ws to the backend is
+                # dead (orphaned after backend restart, etc.).
+                alive_ids = [
+                    aid for aid, p in daemon_procs.items()
+                    if p.returncode is None
+                ]
                 try:
-                    await ws.send(json.dumps({"type": "heartbeat"}))
+                    await ws.send(
+                        json.dumps(
+                            {
+                                "type": "heartbeat",
+                                "daemons": alive_ids,
+                            }
+                        )
+                    )
                 except websockets.exceptions.ConnectionClosed as e:
                     _log("node", f"heartbeat: connection closed ({e.code} {e.reason or '-'})")
                     break
@@ -902,11 +1033,21 @@ async def _handle_attach(
         *cli_cmd,
     ]
 
+    # Propagate backend connection info + daemon token to the child
+    # subprocess tree. Claude CLI will spawn PreToolUse hooks (via
+    # `am permission-hook`) that need to contact the backend, so these
+    # env vars must reach the grandchild process.
+    env = dict(os.environ)
+    env["AM_DAEMON_TOKEN"] = daemon_token
+    env["AM_BACKEND_HOST"] = host
+    env["AM_BACKEND_SECURE"] = "1" if secure else "0"
+
     proc = await asyncio.create_subprocess_exec(
         *daemon_cmd,
         cwd=project_path or None,
         stdout=asyncio.subprocess.DEVNULL,
         stderr=asyncio.subprocess.PIPE,
+        env=env,
     )
     daemon_procs[agent_id] = proc
     _log("node", f"Spawned daemon PID {proc.pid} for agent {agent_id[:8]}...")
@@ -1039,6 +1180,103 @@ def cmd_daemon(args: argparse.Namespace) -> None:
         asyncio.run(run_daemon_pipe(ws_url, args.token, sys.stdin))
 
 
+# ---------------------------------------------------------------------------
+# PreToolUse permission hook — spawned by Claude CLI for every tool call.
+# ---------------------------------------------------------------------------
+
+
+def cmd_permission_hook(args: argparse.Namespace) -> None:  # noqa: ARG001
+    """Handle a single Claude Code PreToolUse hook invocation.
+
+    Claude spawns this subprocess per tool call with a JSON payload on
+    stdin describing the tool use. We forward it to the backend, wait
+    for the user's decision (long-poll HTTP), and write Claude's
+    expected response shape to stdout.
+
+    Environment (populated by the parent am daemon subprocess):
+        AM_DAEMON_TOKEN   — daemon JWT (identifies user+agent)
+        AM_BACKEND_HOST   — "host:port"
+        AM_BACKEND_SECURE — "1" for https/wss, "0" for plain
+
+    Fail-safe: on any error (network, missing token, timeout) we default
+    to `ask` with a reason. This causes Claude to use its normal
+    permission-mode flow instead of silently allowing or blocking.
+    """
+    import urllib.error
+    import urllib.request
+
+    def _emit(decision: str, reason: str = "") -> None:
+        """Write the PreToolUse hook response and exit cleanly."""
+        out = {
+            "hookSpecificOutput": {
+                "hookEventName": "PreToolUse",
+                "permissionDecision": decision,
+                "permissionDecisionReason": reason,
+            }
+        }
+        sys.stdout.write(json.dumps(out))
+        sys.stdout.flush()
+        sys.exit(0)
+
+    try:
+        raw_input_payload = sys.stdin.read()
+    except Exception as e:
+        _emit("ask", f"Hook: failed to read stdin: {e}")
+        return
+
+    try:
+        hook_input = json.loads(raw_input_payload) if raw_input_payload.strip() else {}
+    except json.JSONDecodeError as e:
+        _emit("ask", f"Hook: bad JSON on stdin: {e}")
+        return
+
+    token = os.environ.get("AM_DAEMON_TOKEN")
+    host = os.environ.get("AM_BACKEND_HOST", "localhost:8000")
+    secure = os.environ.get("AM_BACKEND_SECURE") == "1"
+    if not token:
+        _emit("ask", "Hook: AM_DAEMON_TOKEN is not set")
+        return
+
+    proto = "https" if secure else "http"
+    url = f"{proto}://{host}/api/hooks/permission/ask"
+
+    body = {
+        "tool_name": hook_input.get("tool_name"),
+        "tool_input": hook_input.get("tool_input"),
+        "hook_event_name": hook_input.get("hook_event_name"),
+        "session_id": hook_input.get("session_id"),
+        "transcript_path": hook_input.get("transcript_path"),
+    }
+
+    req = urllib.request.Request(
+        url,
+        data=json.dumps(body).encode(),
+        headers={
+            "Authorization": f"Bearer {token}",
+            "Content-Type": "application/json",
+        },
+        method="POST",
+    )
+
+    try:
+        # Long-poll: backend blocks until user answers or 5-min timeout.
+        # Give urllib a slightly longer ceiling to avoid races.
+        with _safe_urlopen(req, timeout=310) as resp:
+            payload = json.loads(resp.read())
+    except urllib.error.HTTPError as e:
+        _emit("ask", f"Hook: backend HTTP {e.code}")
+        return
+    except Exception as e:
+        _emit("ask", f"Hook: backend error: {e}")
+        return
+
+    decision = payload.get("decision", "ask")
+    reason = payload.get("reason", "")
+    if decision not in ("allow", "deny", "ask"):
+        decision = "ask"
+    _emit(decision, reason)
+
+
 # ---------------------------------------------------------------------------
 # Main entry point
 # ---------------------------------------------------------------------------
@@ -1094,6 +1332,12 @@ def main() -> None:
     daemon_p.add_argument("--no-followup", action="store_true", help="Disable follow-up mode")
     daemon_p.add_argument("cli_command", nargs="*", help="CLI command to run")
 
+    # --- permission-hook (spawned by Claude CLI as PreToolUse hook) ---
+    subparsers.add_parser(
+        "permission-hook",
+        help="Internal: Claude Code PreToolUse hook handler",
+    )
+
     args = parser.parse_args()
 
     if args.command == "login":
@@ -1102,6 +1346,8 @@ def main() -> None:
         cmd_connect(args)
     elif args.command == "daemon":
         cmd_daemon(args)
+    elif args.command == "permission-hook":
+        cmd_permission_hook(args)
     else:
         parser.print_help()
         sys.exit(1)

{agent_manager_cli-0.1.7 → agent_manager_cli-0.1.9}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "agent-manager-cli"
-version = "0.1.7"
+version = "0.1.9"
 description = "CLI для удалённого управления AI-агентами — Node Agent, daemon, сканер сессий"
 readme = "README.md"
 requires-python = ">=3.11"

agent_manager_cli-0.1.9/tests/test_cli.py

@@ -0,0 +1,387 @@
+"""Tests for CLI config management and helpers."""
+
+import json
+import subprocess
+import sys
+
+from am.cli import (
+    _build_claude_hook_settings,
+    _build_cli_command,
+    _build_continue_command,
+    format_control_request_for_stdin,
+    format_control_response_for_stdin,
+    format_permission_response_for_stdin,
+    format_user_message_for_stdin,
+    load_config,
+    save_config,
+)
+
+
+class TestConfig:
+    def test_load_config_missing(self, tmp_path, monkeypatch):
+        monkeypatch.setattr("am.cli.CONFIG_FILE", tmp_path / "missing.json")
+        assert load_config() == {}
+
+    def test_save_and_load(self, tmp_path, monkeypatch):
+        config_file = tmp_path / "sub" / "config.json"
+        monkeypatch.setattr("am.cli.CONFIG_FILE", config_file)
+        monkeypatch.setattr("am.cli.CONFIG_DIR", tmp_path / "sub")
+
+        save_config({"host": "example.com", "secure": True})
+        result = load_config()
+        assert result["host"] == "example.com"
+        assert result["secure"] is True
+
+
+class TestFormatMessages:
+    def test_user_message(self):
+        result = json.loads(format_user_message_for_stdin("hello"))
+        assert result["type"] == "user"
+        assert result["message"]["role"] == "user"
+        content = result["message"]["content"]
+        assert len(content) == 1
+        assert content[0]["type"] == "text"
+        assert content[0]["text"] == "hello"
+
+    def test_permission_allow(self):
+        result = json.loads(format_permission_response_for_stdin(True))
+        assert result["type"] == "permission_response"
+        assert result["permission"] == "allow"
+
+    def test_permission_deny(self):
+        result = json.loads(format_permission_response_for_stdin(False))
+        assert result["permission"] == "deny"
+
+
+class TestBuildCommands:
+    def test_claude_command(self):
+        cmd = _build_cli_command("claude", "sess-123")
+        assert cmd[0] == "claude"
+        assert "--continue" in cmd
+        assert "--resume" in cmd
+        assert "sess-123" in cmd
+        assert "--output-format" in cmd
+        assert "stream-json" in cmd
+        # No permission mode → flag should NOT be present
+        assert "--permission-mode" not in cmd
+        # Permission hook is enabled by default for claude
+        assert "--settings" in cmd
+        # The inline settings JSON must declare a PreToolUse hook pointing
+        # to `am permission-hook` so Claude calls our bridge on every tool.
+        idx = cmd.index("--settings")
+        settings = json.loads(cmd[idx + 1])
+        assert "hooks" in settings
+        assert "PreToolUse" in settings["hooks"]
+        hook_cmd = settings["hooks"]["PreToolUse"][0]["hooks"][0]["command"]
+        assert "am permission-hook" in hook_cmd
+
+    def test_claude_command_without_hook(self):
+        cmd = _build_cli_command("claude", "sess-123", with_permission_hook=False)
+        assert "--settings" not in cmd
+
+    def test_claude_command_with_permission_mode(self):
+        cmd = _build_cli_command("claude", "sess-123", permission_mode="acceptEdits")
+        assert "--permission-mode" in cmd
+        idx = cmd.index("--permission-mode")
+        assert cmd[idx + 1] == "acceptEdits"
+
+    def test_claude_command_rejects_unknown_permission_mode(self):
+        # Unknown modes are silently dropped (we don't want to break
+        # spawn just because the UI sent a garbage value).
+        cmd = _build_cli_command("claude", "sess-123", permission_mode="nonsense")
+        assert "--permission-mode" not in cmd
+
+    def test_codex_command(self):
+        cmd = _build_cli_command("codex", "rollout-abc")
+        assert cmd == ["codex", "resume", "rollout-abc", "--json"]
+
+    def test_gemini_command(self):
+        cmd = _build_cli_command("gemini", "anything")
+        assert cmd == ["gemini", "--resume"]
+
+    def test_unsupported_cli(self):
+        try:
+            _build_cli_command("unknown", "x")
+            assert False, "Should have raised ValueError"
+        except ValueError as e:
+            assert "unknown" in str(e)
+
+    def test_continue_command(self):
+        original = ["claude", "-p", "do stuff", "--output-format", "stream-json"]
+        cmd = _build_continue_command(original, "sess-1", "next task")
+        assert cmd[0] == "claude"
+        assert "-p" in cmd
+        assert "next task" in cmd
+        assert "--continue" in cmd
+        assert "--resume" in cmd
+        assert "sess-1" in cmd
+
+
+class TestControlProtocol:
+    """Tests for Claude Code's stream-json control_request/response helpers."""
+
+    def test_control_request_shape(self):
+        raw = format_control_request_for_stdin("set_permission_mode", mode="plan")
+        msg = json.loads(raw)
+        assert msg["type"] == "control_request"
+        assert msg["request_id"].startswith("set_permission_mode-")
+        assert msg["request"] == {"subtype": "set_permission_mode", "mode": "plan"}
+
+    def test_control_request_empty_payload(self):
+        raw = format_control_request_for_stdin("interrupt")
+        msg = json.loads(raw)
+        assert msg["request"]["subtype"] == "interrupt"
+        assert len(msg["request"]) == 1  # only subtype
+
+    def test_control_response_allow(self):
+        raw = format_control_response_for_stdin(
+            request_id="req-1",
+            allow=True,
+            original_input={"command": "ls"},
+        )
+        msg = json.loads(raw)
+        assert msg["type"] == "control_response"
+        assert msg["response"]["subtype"] == "success"
+        assert msg["response"]["request_id"] == "req-1"
+        assert msg["response"]["response"]["behavior"] == "allow"
+        assert msg["response"]["response"]["updatedInput"] == {"command": "ls"}
+        assert "destination" not in msg["response"]["response"]
+
+    def test_control_response_allow_sticky(self):
+        raw = format_control_response_for_stdin(
+            request_id="req-2",
+            allow=True,
+            original_input={"x": 1},
+            destination="session",
+        )
+        msg = json.loads(raw)
+        assert msg["response"]["response"]["destination"] == "session"
+
+    def test_control_response_deny(self):
+        raw = format_control_response_for_stdin(
+            request_id="req-3",
+            allow=False,
+            deny_message="nope",
+        )
+        msg = json.loads(raw)
+        assert msg["response"]["response"]["behavior"] == "deny"
+        assert msg["response"]["response"]["message"] == "nope"
+        assert "updatedInput" not in msg["response"]["response"]
+
+
+class TestHookSettings:
+    def test_build_claude_hook_settings(self):
+        raw = _build_claude_hook_settings()
+        settings = json.loads(raw)
+        # Registers exactly one PreToolUse hook matching all tools.
+        assert list(settings.keys()) == ["hooks"]
+        assert list(settings["hooks"].keys()) == ["PreToolUse"]
+        group = settings["hooks"]["PreToolUse"][0]
+        assert group["matcher"] == "*"
+        hooks = group["hooks"]
+        assert len(hooks) == 1
+        assert hooks[0]["type"] == "command"
+        # Points at `sys.executable -m am permission-hook`
+        assert "am permission-hook" in hooks[0]["command"]
+
+
+class TestCLIEntryPoint:
+    def test_help(self):
+        result = subprocess.run(
+            [sys.executable, "-m", "am", "--help"],
+            capture_output=True,
+            text=True,
+        )
+        assert result.returncode == 0
+        assert "login" in result.stdout
+        assert "connect" in result.stdout
+        assert "daemon" in result.stdout
+
+    def test_login_help(self):
+        result = subprocess.run(
+            [sys.executable, "-m", "am", "login", "--help"],
+            capture_output=True,
+            text=True,
+        )
+        assert result.returncode == 0
+        assert "--host" in result.stdout
+        assert "--email" in result.stdout
+
+    def test_connect_help(self):
+        result = subprocess.run(
+            [sys.executable, "-m", "am", "connect", "--help"],
+            capture_output=True,
+            text=True,
+        )
+        assert result.returncode == 0
+        assert "--host" in result.stdout
+
+    def test_daemon_help(self):
+        result = subprocess.run(
+            [sys.executable, "-m", "am", "daemon", "--help"],
+            capture_output=True,
+            text=True,
+        )
+        assert result.returncode == 0
+        assert "--token" in result.stdout
+
+    def test_no_command_shows_help(self):
+        result = subprocess.run(
+            [sys.executable, "-m", "am"],
+            capture_output=True,
+            text=True,
+        )
+        assert result.returncode == 1
+
+
+class TestPermissionHook:
+    """Tests for `am permission-hook` subcommand.
+
+    The hook reads a Claude-style JSON payload on stdin, POSTs to the
+    backend, waits for the user, and writes the hookSpecificOutput shape
+    to stdout. We mock the backend via a monkey-patched urlopen.
+    """
+
+    def _run_hook(self, stdin_json, env, monkeypatch, mock_response):
+        """Invoke cmd_permission_hook() inline, capturing stdout/exit."""
+        import contextlib
+        import io
+
+        from am import cli as cli_mod
+
+        class _FakeResponse:
+            def __init__(self, body):
+                self._body = json.dumps(body).encode()
+
+            def read(self):
+                return self._body
+
+            def __enter__(self):
+                return self
+
+            def __exit__(self, *a):
+                return False
+
+        def _fake_urlopen(req, *args, **kwargs):
+            # Exceptions (e.g. HTTPError) can be injected by passing them
+            # in as `mock_response`.
+            if isinstance(mock_response, Exception):
+                raise mock_response
+            return _FakeResponse(mock_response)
+
+        monkeypatch.setattr(cli_mod, "_safe_urlopen", _fake_urlopen)
+        for k, v in env.items():
+            monkeypatch.setenv(k, v)
+        monkeypatch.setattr("sys.stdin", io.StringIO(json.dumps(stdin_json)))
+
+        buf = io.StringIO()
+        exit_code = None
+        try:
+            with contextlib.redirect_stdout(buf):
+                cli_mod.cmd_permission_hook(type("A", (), {"command": "permission-hook"})())
+        except SystemExit as e:
+            exit_code = e.code
+        return exit_code, buf.getvalue()
+
+    def test_allow_decision(self, monkeypatch):
+        code, out = self._run_hook(
+            stdin_json={
+                "tool_name": "Bash",
+                "tool_input": {"command": "ls"},
+                "hook_event_name": "PreToolUse",
+                "session_id": "s1",
+            },
+            env={
+                "AM_DAEMON_TOKEN": "fake-token",
+                "AM_BACKEND_HOST": "localhost:8000",
+                "AM_BACKEND_SECURE": "0",
+            },
+            monkeypatch=monkeypatch,
+            mock_response={"decision": "allow", "reason": "user approved"},
+        )
+        assert code == 0
+        parsed = json.loads(out)
+        assert parsed["hookSpecificOutput"]["hookEventName"] == "PreToolUse"
+        assert parsed["hookSpecificOutput"]["permissionDecision"] == "allow"
+        assert parsed["hookSpecificOutput"]["permissionDecisionReason"] == "user approved"
+
+    def test_deny_decision(self, monkeypatch):
+        code, out = self._run_hook(
+            stdin_json={"tool_name": "Bash", "tool_input": {"command": "rm -rf /"}},
+            env={
+                "AM_DAEMON_TOKEN": "fake",
+                "AM_BACKEND_HOST": "localhost:8000",
+            },
+            monkeypatch=monkeypatch,
+            mock_response={"decision": "deny", "reason": "nope"},
+        )
+        assert code == 0
+        parsed = json.loads(out)
+        assert parsed["hookSpecificOutput"]["permissionDecision"] == "deny"
+
+    def test_missing_token_defaults_to_ask(self, monkeypatch):
+        # Without AM_DAEMON_TOKEN the hook can't talk to the backend, so
+        # it must emit "ask" so Claude falls back to permission-mode logic.
+        monkeypatch.delenv("AM_DAEMON_TOKEN", raising=False)
+        code, out = self._run_hook(
+            stdin_json={"tool_name": "Bash"},
+            env={},  # no token
+            monkeypatch=monkeypatch,
+            mock_response={"decision": "allow"},  # never called
+        )
+        assert code == 0
+        parsed = json.loads(out)
+        assert parsed["hookSpecificOutput"]["permissionDecision"] == "ask"
+        assert "AM_DAEMON_TOKEN" in parsed["hookSpecificOutput"]["permissionDecisionReason"]
+
+    def test_backend_error_defaults_to_ask(self, monkeypatch):
+        code, out = self._run_hook(
+            stdin_json={"tool_name": "Bash"},
+            env={"AM_DAEMON_TOKEN": "fake"},
+            monkeypatch=monkeypatch,
+            mock_response=ConnectionRefusedError("backend down"),
+        )
+        assert code == 0
+        parsed = json.loads(out)
+        assert parsed["hookSpecificOutput"]["permissionDecision"] == "ask"
+        assert "backend error" in parsed["hookSpecificOutput"]["permissionDecisionReason"]
+
+    def test_garbage_decision_coerced_to_ask(self, monkeypatch):
+        code, out = self._run_hook(
+            stdin_json={"tool_name": "Bash"},
+            env={"AM_DAEMON_TOKEN": "fake"},
+            monkeypatch=monkeypatch,
+            mock_response={"decision": "something-weird"},
+        )
+        assert code == 0
+        parsed = json.loads(out)
+        assert parsed["hookSpecificOutput"]["permissionDecision"] == "ask"
+
+    def test_bad_stdin_json_defaults_to_ask(self, monkeypatch):
+        import contextlib
+        import io
+
+        from am import cli as cli_mod
+
+        monkeypatch.setenv("AM_DAEMON_TOKEN", "fake")
+        monkeypatch.setattr("sys.stdin", io.StringIO("not json {{"))
+        buf = io.StringIO()
+        code = None
+        try:
+            with contextlib.redirect_stdout(buf):
+                cli_mod.cmd_permission_hook(type("A", (), {"command": "permission-hook"})())
+        except SystemExit as e:
+            code = e.code
+        assert code == 0
+        parsed = json.loads(buf.getvalue())
+        assert parsed["hookSpecificOutput"]["permissionDecision"] == "ask"
+        assert "bad JSON" in parsed["hookSpecificOutput"]["permissionDecisionReason"]
+
+    def test_cli_registers_subcommand(self):
+        result = subprocess.run(
+            [sys.executable, "-m", "am", "--help"],
+            capture_output=True,
+            text=True,
+        )
+        assert result.returncode == 0
+        assert "permission-hook" in result.stdout

agent_manager_cli-0.1.7/tests/test_cli.py

@@ -1,149 +0,0 @@
-"""Tests for CLI config management and helpers."""
-
-import json
-import subprocess
-import sys
-
-from am.cli import (
-    _build_cli_command,
-    _build_continue_command,
-    format_permission_response_for_stdin,
-    format_user_message_for_stdin,
-    load_config,
-    save_config,
-)
-
-
-class TestConfig:
-    def test_load_config_missing(self, tmp_path, monkeypatch):
-        monkeypatch.setattr("am.cli.CONFIG_FILE", tmp_path / "missing.json")
-        assert load_config() == {}
-
-    def test_save_and_load(self, tmp_path, monkeypatch):
-        config_file = tmp_path / "sub" / "config.json"
-        monkeypatch.setattr("am.cli.CONFIG_FILE", config_file)
-        monkeypatch.setattr("am.cli.CONFIG_DIR", tmp_path / "sub")
-
-        save_config({"host": "example.com", "secure": True})
-        result = load_config()
-        assert result["host"] == "example.com"
-        assert result["secure"] is True
-
-
-class TestFormatMessages:
-    def test_user_message(self):
-        result = json.loads(format_user_message_for_stdin("hello"))
-        assert result["type"] == "user"
-        assert result["message"]["role"] == "user"
-        content = result["message"]["content"]
-        assert len(content) == 1
-        assert content[0]["type"] == "text"
-        assert content[0]["text"] == "hello"
-
-    def test_permission_allow(self):
-        result = json.loads(format_permission_response_for_stdin(True))
-        assert result["type"] == "permission_response"
-        assert result["permission"] == "allow"
-
-    def test_permission_deny(self):
-        result = json.loads(format_permission_response_for_stdin(False))
-        assert result["permission"] == "deny"
-
-
-class TestBuildCommands:
-    def test_claude_command(self):
-        cmd = _build_cli_command("claude", "sess-123")
-        assert cmd[0] == "claude"
-        assert "--continue" in cmd
-        assert "--resume" in cmd
-        assert "sess-123" in cmd
-        assert "--output-format" in cmd
-        assert "stream-json" in cmd
-        # No permission mode → flag should NOT be present
-        assert "--permission-mode" not in cmd
-
-    def test_claude_command_with_permission_mode(self):
-        cmd = _build_cli_command("claude", "sess-123", permission_mode="acceptEdits")
-        assert "--permission-mode" in cmd
-        idx = cmd.index("--permission-mode")
-        assert cmd[idx + 1] == "acceptEdits"
-
-    def test_claude_command_rejects_unknown_permission_mode(self):
-        # Unknown modes are silently dropped (we don't want to break
-        # spawn just because the UI sent a garbage value).
-        cmd = _build_cli_command("claude", "sess-123", permission_mode="nonsense")
-        assert "--permission-mode" not in cmd
-
-    def test_codex_command(self):
-        cmd = _build_cli_command("codex", "rollout-abc")
-        assert cmd == ["codex", "resume", "rollout-abc", "--json"]
-
-    def test_gemini_command(self):
-        cmd = _build_cli_command("gemini", "anything")
-        assert cmd == ["gemini", "--resume"]
-
-    def test_unsupported_cli(self):
-        try:
-            _build_cli_command("unknown", "x")
-            assert False, "Should have raised ValueError"
-        except ValueError as e:
-            assert "unknown" in str(e)
-
-    def test_continue_command(self):
-        original = ["claude", "-p", "do stuff", "--output-format", "stream-json"]
-        cmd = _build_continue_command(original, "sess-1", "next task")
-        assert cmd[0] == "claude"
-        assert "-p" in cmd
-        assert "next task" in cmd
-        assert "--continue" in cmd
-        assert "--resume" in cmd
-        assert "sess-1" in cmd
-
-
-class TestCLIEntryPoint:
-    def test_help(self):
-        result = subprocess.run(
-            [sys.executable, "-m", "am", "--help"],
-            capture_output=True,
-            text=True,
-        )
-        assert result.returncode == 0
-        assert "login" in result.stdout
-        assert "connect" in result.stdout
-        assert "daemon" in result.stdout
-
-    def test_login_help(self):
-        result = subprocess.run(
-            [sys.executable, "-m", "am", "login", "--help"],
-            capture_output=True,
-            text=True,
-        )
-        assert result.returncode == 0
-        assert "--host" in result.stdout
-        assert "--email" in result.stdout
-
-    def test_connect_help(self):
-        result = subprocess.run(
-            [sys.executable, "-m", "am", "connect", "--help"],
-            capture_output=True,
-            text=True,
-        )
-        assert result.returncode == 0
-        assert "--host" in result.stdout
-
-    def test_daemon_help(self):
-        result = subprocess.run(
-            [sys.executable, "-m", "am", "daemon", "--help"],
-            capture_output=True,
-            text=True,
-        )
-        assert result.returncode == 0
-        assert "--token" in result.stdout
-
-    def test_no_command_shows_help(self):
-        result = subprocess.run(
-            [sys.executable, "-m", "am"],
-            capture_output=True,
-            text=True,
-        )
-        assert result.returncode == 1