feat: add elevated ask/full modes

2026-05-08 05:11:25 +00:00 · 2026-01-22 05:32:13 +00:00
parent 5567bceb66
commit a2981c5a2c
29 changed files with 115 additions and 57 deletions
--- a/src/auto-reply/reply/commands-context-report.ts
+++ b/src/auto-reply/reply/commands-context-report.ts
@@ -120,7 +120,7 @@ async function resolveContextReport(
        workspaceAccess: "rw" as const,
        elevated: {
          allowed: params.elevated.allowed,
-          defaultLevel: params.resolvedElevatedLevel === "off" ? ("off" as const) : ("on" as const),
+          defaultLevel: (params.resolvedElevatedLevel ?? "off") as "on" | "off" | "ask" | "full",
        },
      }
    : { enabled: false };
--- a/src/auto-reply/reply/directive-handling.impl.ts
+++ b/src/auto-reply/reply/directive-handling.impl.ts
@@ -205,7 +205,7 @@ export async function handleDirectiveOnly(params: {
      const level = currentElevatedLevel ?? "off";
      return {
        text: [
-          withOptions(`Current elevated level: ${level}.`, "on, off"),
+          withOptions(`Current elevated level: ${level}.`, "on, off, ask, full"),
          shouldHintDirectRuntime ? formatElevatedRuntimeHint() : null,
        ]
          .filter(Boolean)
@@ -213,7 +213,7 @@ export async function handleDirectiveOnly(params: {
      };
    }
    return {
-      text: `Unrecognized elevated level "${directives.rawElevatedLevel}". Valid levels: off, on.`,
+      text: `Unrecognized elevated level "${directives.rawElevatedLevel}". Valid levels: off, on, ask, full.`,
    };
  }
  if (directives.hasElevatedDirective && (!elevatedEnabled || !elevatedAllowed)) {
@@ -426,7 +426,9 @@ export async function handleDirectiveOnly(params: {
    parts.push(
      directives.elevatedLevel === "off"
        ? formatDirectiveAck("Elevated mode disabled.")
-        : formatDirectiveAck("Elevated mode enabled."),
+        : directives.elevatedLevel === "full"
+          ? formatDirectiveAck("Elevated mode set to full (auto-approve).")
+          : formatDirectiveAck("Elevated mode set to ask (approvals may still apply)."),
    );
    if (shouldHintDirectRuntime) parts.push(formatElevatedRuntimeHint());
  }
--- a/src/auto-reply/reply/directive-handling.shared.ts
+++ b/src/auto-reply/reply/directive-handling.shared.ts
@@ -16,10 +16,15 @@ export const withOptions = (line: string, options: string) =>
 export const formatElevatedRuntimeHint = () =>
  `${SYSTEM_MARK} Runtime is direct; sandboxing does not apply.`;

-export const formatElevatedEvent = (level: ElevatedLevel) =>
-  level === "on"
-    ? "Elevated ON — exec runs on host; set elevated:false to stay sandboxed."
-    : "Elevated OFF — exec stays in sandbox.";
+export const formatElevatedEvent = (level: ElevatedLevel) => {
+  if (level === "full") {
+    return "Elevated FULL — exec runs on host with auto-approval.";
+  }
+  if (level === "ask" || level === "on") {
+    return "Elevated ASK — exec runs on host; approvals may still apply.";
+  }
+  return "Elevated OFF — exec stays in sandbox.";
+};

 export const formatReasoningEvent = (level: ReasoningLevel) => {
  if (level === "stream") return "Reasoning STREAM — emit live <think>.";