aru-code 0.54.0__tar.gz → 0.55.0__tar.gz

{aru_code-0.54.0/aru_code.egg-info → aru_code-0.55.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aru-code
-Version: 0.54.0
+Version: 0.55.0
 Summary: A Claude Code clone built with Agno agents
 Author-email: Estevao <estevaofon@gmail.com>
 License-Expression: MIT

aru_code-0.55.0/aru/__init__.py

@@ -0,0 +1 @@
+__version__ = "0.55.0"

{aru_code-0.54.0 → aru_code-0.55.0}/aru/permissions.py

@@ -27,10 +27,31 @@ from rich.console import Group
 from rich.panel import Panel
 from rich.text import Text
 
-from aru.runtime import get_ctx
+from aru.runtime import begin_permission_wait, end_permission_wait, get_ctx
 from aru.select import select_option
 
 
+@contextmanager
+def _permission_prompt_scope(ctx):
+    """Hold ``permission_lock`` while marking the tool-call permission gate.
+
+    The gate tells the surrounding ``_thread_tool`` wrapper to suspend its
+    execution-timeout for as long as we are blocked here — acquiring the lock
+    can wait on a sibling tool's open prompt, and the prompt itself waits on
+    the user. Without this, the tool could report a timeout mid-prompt and
+    then apply the mutation out-of-band once the user finally answered.
+    ``begin_permission_wait`` runs BEFORE the lock is acquired so the
+    lock-wait is covered too; it is a no-op when no gate is installed (async
+    tools, tests). See ``aru.runtime.PermissionWaitGate``.
+    """
+    begin_permission_wait()
+    try:
+        with ctx.permission_lock:
+            yield
+    finally:
+        end_permission_wait()
+
+
 def _resolve_ui(ctx):
     """Return ``ctx.ui`` or install a ``ReplUI`` on-the-fly.
 
@@ -891,8 +912,11 @@ def check_permission(
         except Exception:
             pass  # never let plugin errors block permissions
 
-    # action == "ask" -> prompt user
-    with ctx.permission_lock:
+    # action == "ask" -> prompt user. The scope holds permission_lock AND
+    # suspends the tool-execution timeout while we block on the user (see
+    # _permission_prompt_scope) — so a slow human decision can never let the
+    # tool time out and then apply the mutation out-of-band.
+    with _permission_prompt_scope(ctx):
         # Re-check after acquiring lock (another thread may have resolved it)
         results2 = _resolve_many(category, subjects)
         if any(action == "deny" for action, _ in results2):

{aru_code-0.54.0 → aru_code-0.55.0}/aru/runtime.py

@@ -345,6 +345,101 @@ def is_aborted() -> bool:
         return False
 
 
+# ── Permission-wait gate (tool-timeout suspension) ───────────────────
+#
+# Safety-critical. A tool's execution timeout (see
+# ``aru.tools._shared._thread_tool``) must NOT count the time a human spends
+# deciding on a permission prompt. The danger is concrete: if the timeout
+# fired while a prompt was still open, ``asyncio`` reports a timeout to the
+# model — but the worker thread it ran on CANNOT be killed (a Python
+# limitation), so it keeps running, parked on the prompt. The moment the user
+# clicks "yes", that orphaned thread applies the mutation **out-of-band**,
+# after the tool already claimed it timed out. An edit (or a delete) then
+# lands that the user never knowingly approved in-context.
+#
+# To prevent that, ``check_permission`` marks a per-tool-call gate while it
+# blocks on the user, and ``_thread_tool`` suspends its timeout for exactly
+# as long as the gate is active. Decision time is the human's, not the
+# tool's budget.
+#
+# Cross-thread mechanics: the gate object is created per tool call by the
+# ``_thread_tool`` wrapper (on the event loop) and stored in a ContextVar.
+# ``asyncio.to_thread`` copies the context into the worker thread, so
+# ``check_permission`` running on that thread flips the SAME gate object the
+# wrapper polls. Concurrent tool calls each get their own gate, so a prompt
+# open for one call never accidentally exempts a sibling.
+
+
+class PermissionWaitGate:
+    """Per-tool-call counter of in-flight human permission decisions.
+
+    A depth counter (not a bool) so re-entrant or repeated permission checks
+    within one tool call nest correctly. ``active`` is true whenever at least
+    one decision is outstanding.
+    """
+
+    __slots__ = ("_depth", "_lock")
+
+    def __init__(self) -> None:
+        self._depth = 0
+        self._lock = threading.Lock()
+
+    @property
+    def active(self) -> bool:
+        with self._lock:
+            return self._depth > 0
+
+    def enter(self) -> None:
+        with self._lock:
+            self._depth += 1
+
+    def leave(self) -> None:
+        with self._lock:
+            if self._depth > 0:
+                self._depth -= 1
+
+
+_perm_wait_gate: contextvars.ContextVar[PermissionWaitGate | None] = (
+    contextvars.ContextVar("aru_perm_wait_gate", default=None)
+)
+
+
+def install_permission_wait_gate() -> tuple[PermissionWaitGate, contextvars.Token]:
+    """Create a fresh gate, install it in the current context, return (gate, token).
+
+    Called by the ``_thread_tool`` wrapper before offloading to a worker
+    thread so the worker (which runs in a copy of this context) shares the
+    gate. Pair with ``reset_permission_wait_gate(token)`` in a finally.
+    """
+    gate = PermissionWaitGate()
+    token = _perm_wait_gate.set(gate)
+    return gate, token
+
+
+def reset_permission_wait_gate(token: contextvars.Token) -> None:
+    """Restore the previous gate binding (undo ``install_permission_wait_gate``)."""
+    _perm_wait_gate.reset(token)
+
+
+def begin_permission_wait() -> None:
+    """Mark that the current tool call is blocking on a human permission decision.
+
+    Paired with ``end_permission_wait()``. A no-op when no gate is installed
+    (async tools like ``bash`` that aren't wrapped by ``_thread_tool``, or
+    direct test calls) — those paths have no execution timeout to suspend.
+    """
+    gate = _perm_wait_gate.get()
+    if gate is not None:
+        gate.enter()
+
+
+def end_permission_wait() -> None:
+    """End the permission-wait window opened by ``begin_permission_wait()``."""
+    gate = _perm_wait_gate.get()
+    if gate is not None:
+        gate.leave()
+
+
 # ── Shared-state helpers (Stage 4) ───────────────────────────────────
 #
 # Individual ``dict[k] = v``, ``dict.get(k)``, and ``list.append`` are atomic

aru_code-0.55.0/aru/tools/_shared.py

@@ -0,0 +1,145 @@
+"""Shared helpers used by multiple tool modules.
+
+Split out of the former monolithic codebase.py. Imported by file_ops, search,
+shell, web, and delegate. Intentionally has no dependencies on other tool
+submodules so it sits at the bottom of the tool dependency graph.
+"""
+
+from __future__ import annotations
+
+import asyncio
+import functools
+
+from aru.runtime import get_ctx
+from aru.tools.gitignore import invalidate_walk_cache
+
+
+_MAX_OUTPUT_CHARS = 10_000
+_TRUNCATE_KEEP = 3_000  # chars to keep from start and end
+
+# How often (seconds) the timeout loop re-checks the permission gate while a
+# human decision is in flight. Small enough that the post-decision write is
+# noticed promptly; large enough not to busy-spin while the user is thinking.
+_PERM_POLL_SLICE = 0.1
+
+
+def _notify_file_mutation(*, path: str | None = None, mutation_type: str = "unknown"):
+    """Notify the session that files changed so caches are invalidated.
+
+    Also publishes ``file.changed`` via the plugin bus so plugins (auto-
+    linter, memory extractor, LSP didChange etc.) can react. ``path`` and
+    ``mutation_type`` are optional and default to "unknown" for legacy
+    callers that haven't been updated yet.
+    """
+    ctx = get_ctx()
+    ctx.read_cache.clear()
+    invalidate_walk_cache()
+    if ctx.on_file_mutation:
+        ctx.on_file_mutation()
+    from aru.runtime import _schedule_publish
+    _schedule_publish("file.changed", {
+        "path": path, "mutation_type": mutation_type,
+    })
+
+
+def _checkpoint_file(file_path: str):
+    """Capture pre-edit state of a file for undo support.
+
+    Must be called BEFORE writing/editing the file.
+    """
+    ctx = get_ctx()
+    if ctx.checkpoint_manager:
+        ctx.checkpoint_manager.track_edit(file_path)
+
+
+def _get_small_model_ref() -> str:
+    """Get the small model reference for sub-agents."""
+    return get_ctx().small_model_ref
+
+
+def _truncate_output(text: str, source_file: str = "", source_tool: str = "") -> str:
+    """Truncate long tool output to save tokens. Keeps start + end with a marker in the middle."""
+    from aru.context import truncate_output
+    return truncate_output(text, source_file=source_file, source_tool=source_tool)
+
+
+def _thread_tool(sync_fn, *, timeout: float | None = None):
+    """Wrap *sync_fn* as an async tool that runs on a worker thread.
+
+    ``functools.wraps`` copies ``__name__``/``__doc__`` so Agno introspects
+    the wrapper as if it were the original sync function — tool name and
+    signature match what the LLM already knows.
+
+    Args:
+        sync_fn: The synchronous implementation to offload to a worker.
+        timeout: Optional wall-clock cap (seconds). ``None`` (default) keeps
+            the historical behaviour of unbounded wait — callers opt into a
+            cap explicitly. Required because ``asyncio.to_thread`` cannot
+            actually abort the underlying worker thread (Python limitation):
+            on timeout, the REPL regains control but the thread may keep
+            running until its sync work finishes. Applying a blanket
+            default would break custom plugin tools that legitimately take
+            longer than the cap.
+
+    Permission-wait suspension (safety-critical): if the wrapped tool calls
+    ``check_permission`` and blocks on a human decision, the timeout is
+    suspended for the duration of that prompt. Without this, the timeout
+    could fire mid-prompt, report a timeout to the model, and leave the
+    worker thread alive to apply the mutation out-of-band once the user
+    finally answered. See ``aru.runtime.PermissionWaitGate``.
+    """
+
+    @functools.wraps(sync_fn)
+    async def wrapper(*args, **kwargs):
+        if timeout is None:
+            return await asyncio.to_thread(sync_fn, *args, **kwargs)
+
+        from aru.runtime import (
+            install_permission_wait_gate,
+            reset_permission_wait_gate,
+        )
+
+        # Install the per-call gate BEFORE offloading so the worker thread
+        # (which runs in a copy of this context) shares the same gate object
+        # and ``check_permission`` can flip it while it blocks on the user.
+        gate, token = install_permission_wait_gate()
+        task: asyncio.Future | None = None
+        try:
+            loop = asyncio.get_running_loop()
+            task = asyncio.ensure_future(asyncio.to_thread(sync_fn, *args, **kwargs))
+            deadline = loop.time() + timeout
+            while True:
+                if task.done():
+                    return task.result()
+                now = loop.time()
+                if gate.active:
+                    # A human is being asked to approve this tool call. Their
+                    # decision time is not the tool's execution budget — and
+                    # abandoning the worker thread now would let it apply the
+                    # mutation the instant the user answers, after we already
+                    # reported a timeout. Hold the deadline a full window
+                    # ahead so that, once the prompt closes, the actual work
+                    # still gets the complete budget (this closes the
+                    # answer→write race: when ``gate.active`` flips false the
+                    # deadline is at most one poll-slice old).
+                    deadline = now + timeout
+                    await asyncio.wait({task}, timeout=_PERM_POLL_SLICE)
+                    continue
+                remaining = deadline - now
+                if remaining <= 0:
+                    # Genuine timeout — no human in the loop. Request
+                    # cancellation (best-effort; the OS thread may run on,
+                    # same as the historical behaviour) and surface a string.
+                    task.cancel()
+                    return (
+                        f"[Tool timeout: {sync_fn.__name__} exceeded {timeout:g}s. "
+                        f"The worker thread may still be running in the background; "
+                        f"narrow the query or raise the timeout explicitly.]"
+                    )
+                await asyncio.wait({task}, timeout=remaining)
+        finally:
+            if task is not None and not task.done():
+                task.cancel()
+            reset_permission_wait_gate(token)
+
+    return wrapper

{aru_code-0.54.0 → aru_code-0.55.0}/aru/tools/apply_patch.py

@@ -27,6 +27,10 @@ import shutil
 from dataclasses import dataclass, field
 from pathlib import Path
 
+from rich.console import Group
+from rich.text import Text
+
+from aru.permissions import check_permission, consume_rejection_feedback
 from aru.tools._shared import _checkpoint_file, _notify_file_mutation
 
 
@@ -499,7 +503,86 @@ except OSError:
     _PROMPT_TEXT = "Apply a multi-file patch atomically (see apply_patch_prompt.txt)."
 
 
+_PREVIEW_MAX_ADD_LINES = 40  # cap new-file body shown in the prompt
+
+
+def _patch_permission_preview(patch: Patch) -> tuple[list[str], Group]:
+    """Build the (subjects, renderable) pair for the permission prompt.
+
+    Subjects are the affected paths (one per op, plus the move target) so the
+    user's per-path rules apply. The renderable shows a real diff — the actual
+    +/- lines for each Update hunk and Add body — so the user approves what
+    they can see, not a blind "update". Deletes and moves are highlighted;
+    those are the irreversible ones. New-file bodies are capped so a large
+    patch can't flood the terminal.
+    """
+    subjects: list[str] = []
+    blocks: list[Text] = [
+        Text(f"apply_patch — {len(patch.operations)} operation(s):", style="bold"),
+        Text(),
+    ]
+    for op in patch.operations:
+        if isinstance(op, AddFile):
+            subjects.append(op.path)
+            blocks.append(Text(f"+ add     {op.path}", style="bold green"))
+            body = op.content.splitlines()
+            for line in body[:_PREVIEW_MAX_ADD_LINES]:
+                blocks.append(Text(f"  +{line}", style="green"))
+            if len(body) > _PREVIEW_MAX_ADD_LINES:
+                blocks.append(Text(f"  … (+{len(body) - _PREVIEW_MAX_ADD_LINES} more lines)", style="dim"))
+        elif isinstance(op, DeleteFile):
+            subjects.append(op.path)
+            blocks.append(Text(f"- delete  {op.path}", style="bold red"))
+        elif isinstance(op, UpdateFile):
+            subjects.append(op.path)
+            header = f"~ update  {op.path}"
+            if op.move_to:
+                subjects.append(op.move_to)
+                header += f" → {op.move_to}"
+            blocks.append(Text(header, style="bold yellow"))
+            for hunk in op.hunks:
+                if hunk.anchor:
+                    blocks.append(Text(f"  @@ {hunk.anchor}", style="cyan"))
+                for tag, text in hunk.lines:
+                    if tag == "+":
+                        blocks.append(Text(f"  +{text}", style="green"))
+                    elif tag == "-":
+                        blocks.append(Text(f"  -{text}", style="red"))
+                    else:
+                        blocks.append(Text(f"   {text}", style="dim"))
+        blocks.append(Text())
+    return subjects, Group(*blocks)
+
+
 def apply_patch(patch: str) -> str:
+    # Parse + validate FIRST (neither touches disk for writes — validate only
+    # reads). This lets us reject malformed / non-applicable patches without
+    # bothering the user, and show exactly which files will change. ONLY then
+    # do we gate on permission, and only on approval do we apply. This is the
+    # security boundary: apply_patch can delete and move files, so it must
+    # never mutate the tree without an explicit allow.
+    try:
+        parsed = parse_patch(patch)
+        validate(parsed)
+    except PatchParseError as exc:
+        return f"Parse error: {exc}"
+    except PatchValidationError as exc:
+        return f"Validation error (no files modified): {exc}"
+
+    subjects, preview = _patch_permission_preview(parsed)
+    if not check_permission("edit", subjects, preview):
+        feedback = consume_rejection_feedback()
+        action = f"apply_patch ({len(parsed.operations)} operation(s))"
+        if feedback:
+            return (
+                f"PERMISSION DENIED by user: {action}. The user said: {feedback}\n"
+                f"Follow the user's instructions instead of retrying."
+            )
+        return (
+            f"PERMISSION DENIED by user: {action}. Do NOT retry this operation. "
+            f"Stop and ask the user for new instructions."
+        )
+
     try:
         return apply_patch_text(patch)
     except PatchParseError as exc:

{aru_code-0.54.0 → aru_code-0.55.0}/aru/tools/lsp.py

@@ -8,12 +8,17 @@ strings rather than raises — the model can fall back to grep-based tools.
 
 from __future__ import annotations
 
+import asyncio
 import logging
 import os
 
+from rich.console import Group
+from rich.text import Text
+
 from aru.lsp.client import LspRequestError
 from aru.lsp.manager import get_lsp_manager
 from aru.lsp.protocol import Location, Position, path_to_uri, uri_to_path
+from aru.permissions import check_permission, consume_rejection_feedback
 
 logger = logging.getLogger("aru.lsp")
 
@@ -194,6 +199,30 @@ async def lsp_rename(file_path: str, line: int, column: int, new_name: str) -> s
     if not per_file_edits:
         return "No files to edit."
 
+    # Gate on permission before touching any file — a rename rewrites every
+    # referencing file across the workspace, so the user must approve the
+    # full set. ``check_permission`` is sync and may open a TUI modal that
+    # blocks on ``threading.Event``; calling it directly from this async tool
+    # (running on the App loop) would deadlock the loop so the modal never
+    # resolves. Hop to a worker thread — same pattern as ``bash``.
+    paths = sorted({uri_to_path(uri) for uri in per_file_edits})
+    preview = Group(
+        Text(f"Rename symbol → {new_name!r} across {len(paths)} file(s):", style="bold"),
+        *[Text(f"  ~ {p}") for p in paths],
+    )
+    if not await asyncio.to_thread(check_permission, "edit", paths, preview):
+        feedback = consume_rejection_feedback()
+        if feedback:
+            return (
+                f"PERMISSION DENIED by user: lsp_rename → {new_name!r}. "
+                f"The user said: {feedback}\n"
+                f"Follow the user's instructions instead of retrying."
+            )
+        return (
+            f"PERMISSION DENIED by user: lsp_rename → {new_name!r}. Do NOT retry "
+            f"this operation. Stop and ask the user for new instructions."
+        )
+
     applied = _apply_workspace_edit(per_file_edits)
     if isinstance(applied, str):  # error path
         return applied

{aru_code-0.54.0 → aru_code-0.55.0}/aru/tools/registry.py

@@ -42,6 +42,15 @@ from aru.tools.worktree import worktree_info
 
 _rank_files_tool = _thread_tool(rank_files, timeout=45)
 
+# apply_patch now prompts for permission (it can delete/move files). The
+# prompt blocks on a threading.Event, which would deadlock the event loop if
+# the raw sync function ran there — so wrap it like the other mutating file
+# tools: run on a worker thread (loop stays free to drive the modal) and pick
+# up the permission-wait timeout suspension for free. functools.wraps keeps
+# __name__ == "apply_patch" so the registry key and LLM-facing schema are
+# unchanged.
+_apply_patch_tool = _thread_tool(apply_patch, timeout=60)
+
 
 # Tool sets composed from a single core set — avoid duplication and drift.
 _READ_ONLY_TOOLS = [
@@ -63,7 +72,7 @@ _WRITE_TOOLS = [
     _write_files_tool,
     _edit_file_tool,
     _edit_files_tool,
-    apply_patch,
+    _apply_patch_tool,
     lsp_rename,
 ]
 

{aru_code-0.54.0 → aru_code-0.55.0}/aru/tui/ui.py

@@ -138,19 +138,27 @@ class TuiUI:
                 result["error"] = f"mount failed: {exc}"
                 done.set()
 
+        # Hide the "thinking…" spinner while the prompt owns the screen — we
+        # are parked waiting on the user, not computing, so an animated
+        # spinner there is misleading. Restored in the finally regardless of
+        # how the wait ends.
+        self._suppress_thinking()
         try:
-            self.app.call_from_thread(_mount)
-        except Exception as exc:
-            raise RuntimeError(
-                f"TuiUI inline-choice dispatch failed: "
-                f"{type(exc).__name__}: {exc}"
-            ) from exc
-
-        if not done.wait(timeout=timeout_s):
-            raise RuntimeError(
-                f"TuiUI inline-choice timed out after {timeout_s:.0f}s"
-            )
-        return result.get("value")
+            try:
+                self.app.call_from_thread(_mount)
+            except Exception as exc:
+                raise RuntimeError(
+                    f"TuiUI inline-choice dispatch failed: "
+                    f"{type(exc).__name__}: {exc}"
+                ) from exc
+
+            if not done.wait(timeout=timeout_s):
+                raise RuntimeError(
+                    f"TuiUI inline-choice timed out after {timeout_s:.0f}s"
+                )
+            return result.get("value")
+        finally:
+            self._release_thinking()
 
     # ── confirm ───────────────────────────────────────────────────────
 
@@ -208,6 +216,34 @@ class TuiUI:
 
     # ── internal ──────────────────────────────────────────────────────
 
+    def _suppress_thinking(self) -> None:
+        """Hide the ThinkingIndicator while a blocking prompt is open.
+
+        Safe to call from a tool worker thread — the widget mutation is
+        marshalled onto the App loop. Best-effort: any failure (App shutting
+        down, indicator not mounted) is swallowed so a UI hiccup never blocks
+        a permission decision. Paired with ``_release_thinking``.
+        """
+        try:
+            from aru.tui.widgets.thinking import ThinkingIndicator
+
+            self.app.call_from_thread(
+                lambda: self.app.query_one(ThinkingIndicator).suppress()
+            )
+        except Exception:
+            pass
+
+    def _release_thinking(self) -> None:
+        """Undo one ``_suppress_thinking`` once the prompt closes."""
+        try:
+            from aru.tui.widgets.thinking import ThinkingIndicator
+
+            self.app.call_from_thread(
+                lambda: self.app.query_one(ThinkingIndicator).release()
+            )
+        except Exception:
+            pass
+
     def _run_modal(self, modal: Any, timeout_s: float = 300.0) -> Any:
         """Push a ModalScreen and block until it is dismissed.
 
@@ -225,15 +261,21 @@ class TuiUI:
             result["value"] = value
             done.set()
 
+        # Park the spinner while the modal owns the screen (see
+        # _run_inline_choice). Restored in the finally.
+        self._suppress_thinking()
         try:
-            self.app.call_from_thread(self.app.push_screen, modal, _on_dismiss)
-        except Exception as e:
-            raise RuntimeError(
-                f"TuiUI modal dispatch failed: {type(e).__name__}: {e}"
-            ) from e
-
-        if not done.wait(timeout=timeout_s):
-            raise RuntimeError(
-                f"TuiUI modal timed out after {timeout_s:.0f}s"
-            )
-        return result.get("value")
+            try:
+                self.app.call_from_thread(self.app.push_screen, modal, _on_dismiss)
+            except Exception as e:
+                raise RuntimeError(
+                    f"TuiUI modal dispatch failed: {type(e).__name__}: {e}"
+                ) from e
+
+            if not done.wait(timeout=timeout_s):
+                raise RuntimeError(
+                    f"TuiUI modal timed out after {timeout_s:.0f}s"
+                )
+            return result.get("value")
+        finally:
+            self._release_thinking()

{aru_code-0.54.0 → aru_code-0.55.0}/aru/tui/widgets/thinking.py

@@ -54,6 +54,14 @@ class ThinkingIndicator(Widget):
     TICK_SECONDS: float = 0.1
 
     busy: reactive[bool] = reactive(False, layout=True)
+    # Incremented while a blocking prompt (permission / confirm / text input)
+    # owns the screen. The spinner means "a turn is in flight", but while we
+    # are parked waiting on the user there is nothing to animate — showing it
+    # there reads as "still processing" and is misleading. The indicator is
+    # hidden whenever suppress_depth > 0, regardless of ``busy``. A depth
+    # counter (not a bool) keeps back-to-back prompts (e.g. "No" → feedback
+    # box) suppressed throughout, without a flash between them.
+    suppress_depth: reactive[int] = reactive(0, layout=True)
 
     def __init__(self) -> None:
         super().__init__()
@@ -66,16 +74,35 @@ class ThinkingIndicator(Widget):
     def on_mount(self) -> None:
         self.set_interval(self.TICK_SECONDS, self._tick)
 
+    def _visible(self) -> bool:
+        return self.busy and self.suppress_depth == 0
+
+    def _apply_visibility(self) -> None:
+        if self._visible():
+            self.add_class("-busy")
+        else:
+            self.remove_class("-busy")
+
     def watch_busy(self, _old: bool, new: bool) -> None:
         if new:
-            self.add_class("-busy")
             self._index = 0
             self._ticks_since_rotate = 0
-        else:
-            self.remove_class("-busy")
+        self._apply_visibility()
+
+    def watch_suppress_depth(self, _old: int, _new: int) -> None:
+        self._apply_visibility()
+
+    def suppress(self) -> None:
+        """Hide the spinner while a blocking prompt owns the screen."""
+        self.suppress_depth += 1
+
+    def release(self) -> None:
+        """Undo one ``suppress()``; spinner returns only if the turn is still busy."""
+        if self.suppress_depth > 0:
+            self.suppress_depth -= 1
 
     def _tick(self) -> None:
-        if not self.busy:
+        if not self._visible():
             return
         self._ticks_since_rotate += 1
         if self._ticks_since_rotate * self.TICK_SECONDS >= self.ROTATE_SECONDS:

{aru_code-0.54.0 → aru_code-0.55.0/aru_code.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aru-code
-Version: 0.54.0
+Version: 0.55.0
 Summary: A Claude Code clone built with Agno agents
 Author-email: Estevao <estevaofon@gmail.com>
 License-Expression: MIT

{aru_code-0.54.0 → aru_code-0.55.0}/aru_code.egg-info/SOURCES.txt

@@ -151,6 +151,7 @@ tests/test_mcp_health.py
 tests/test_memory.py
 tests/test_memory_tool.py
 tests/test_microcompact.py
+tests/test_permission_timeout_suspension.py
 tests/test_permissions.py
 tests/test_plan_mode_refactor.py
 tests/test_plugin_cache.py

{aru_code-0.54.0 → aru_code-0.55.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "aru-code"
-version = "0.54.0"
+version = "0.55.0"
 description = "A Claude Code clone built with Agno agents"
 readme = "README.md"
 license = "MIT"