From 8c5fd91d0570841557f6a898a41fd736ab5869e0 Mon Sep 17 00:00:00 2001
From: AI Briefing <ai@briefing.local>
Date: Mon, 16 Mar 2026 18:55:10 +0800
Subject: [PATCH 1/4] fix: route auto-approve through CodePilot

Handle permission prompts in CodePilot instead of relying on Claude Code bypass mode so auto-approve still works in environments where bypassPermissions is rejected.
---
 src/hooks/useSSEStream.ts           |  2 ++
 src/lib/bridge/permission-broker.ts | 10 ++++++-
 src/lib/claude-client.ts            | 46 +++++++++++++++++++++--------
 src/types/index.ts                  |  1 +
 4 files changed, 45 insertions(+), 14 deletions(-)

diff --git a/src/hooks/useSSEStream.ts b/src/hooks/useSSEStream.ts
index 14c39fc3..c4bb33e4 100644
--- a/src/hooks/useSSEStream.ts
+++ b/src/hooks/useSSEStream.ts
@@ -10,6 +10,7 @@ interface ToolUseInfo {
 interface ToolResultInfo {
   tool_use_id: string;
   content: string;
+  is_error?: boolean;
 }
 
 export interface SSECallbacks {
@@ -73,6 +74,7 @@ function handleSSEEvent(
         callbacks.onToolResult({
           tool_use_id: resultData.tool_use_id,
           content: resultData.content,
+          is_error: resultData.is_error,
         });
       } catch {
         // skip malformed tool_result data
diff --git a/src/lib/bridge/permission-broker.ts b/src/lib/bridge/permission-broker.ts
index 395a1245..bf2056c7 100644
--- a/src/lib/bridge/permission-broker.ts
+++ b/src/lib/bridge/permission-broker.ts
@@ -13,7 +13,7 @@ import type { PermissionUpdate } from '@anthropic-ai/claude-agent-sdk';
 import type { ChannelAddress, OutboundMessage } from './types';
 import type { BaseChannelAdapter } from './channel-adapter';
 import { deliver } from './delivery-layer';
-import { insertPermissionLink, getPermissionLink, markPermissionLinkResolved, getSession, getDb } from '../db';
+import { insertPermissionLink, getPermissionLink, markPermissionLinkResolved, getSession, getDb, getSetting } from '../db';
 import { resolvePendingPermission } from '../permission-registry';
 import { escapeHtml } from './adapters/telegram-utils';
 
@@ -36,6 +36,14 @@ export async function forwardPermissionRequest(
   suggestions?: unknown[],
   replyToMessageId?: string,
 ): Promise<void> {
+  // Check if auto-approval is enabled globally — auto-approve without IM notification
+  const globalAutoApprove = getSetting('dangerously_skip_permissions') === 'true';
+  if (globalAutoApprove) {
+    console.log(`[bridge] Auto-approved permission ${permissionRequestId} (tool=${toolName}) due to global auto-approval setting`);
+    resolvePendingPermission(permissionRequestId, { behavior: 'allow' });
+    return;
+  }
+
   // Check if this session uses full_access permission profile — auto-approve without IM notification
   if (sessionId) {
     const session = getSession(sessionId);
diff --git a/src/lib/claude-client.ts b/src/lib/claude-client.ts
index a0c21db4..d8089497 100644
--- a/src/lib/claude-client.ts
+++ b/src/lib/claude-client.ts
@@ -19,6 +19,7 @@ import { registerPendingPermission } from './permission-registry';
 import { registerConversation, unregisterConversation } from './conversation-registry';
 import { captureCapabilities, setCachedPlugins } from './agent-sdk-capabilities';
 import { getSetting, updateSdkSessionId, createPermissionRequest } from './db';
+// Auto-approval is now handled at the CodePilot level, not via SDK bypassPermissions
 import { resolveForClaudeCode, toClaudeCodeEnv } from './provider-resolver';
 import { findClaudeBinary, findGitBash, getExpandedPath, invalidateClaudePathCache } from './platform';
 import { notifyPermissionRequest, notifyGeneric } from './telegram-bot';
@@ -315,14 +316,26 @@ export async function generateTextViaSdk(params: {
   const queryOptions: Options = {
     cwd: os.homedir(),
     abortController,
-    permissionMode: 'bypassPermissions',
-    allowDangerouslySkipPermissions: true,
+    permissionMode: 'acceptEdits',
     env: sanitizeEnv(sdkEnv),
     settingSources: resolved.settingSources as Options['settingSources'],
     systemPrompt: params.system,
     maxTurns: 1,
   };
 
+  // Add auto-approval handler for this simple query
+  const globalAutoApprove = getSetting('dangerously_skip_permissions') === 'true';
+  if (globalAutoApprove) {
+    queryOptions.canUseTool = async (toolName, _input, opts) => {
+      console.log(`[claude-client] Auto-approved ${toolName} (auto-approval enabled)`);
+      return {
+        behavior: 'allow',
+        updatedInput: _input,
+        ...(opts.suggestions ? { updatedPermissions: opts.suggestions } : {}),
+      };
+    };
+  }
+
   if (params.model) {
     queryOptions.model = params.model;
   }
@@ -443,17 +456,15 @@ export function streamClaude(options: ClaudeStreamOptions): ReadableStream<strin
           console.warn('[claude-client] No API key found: no active provider, no legacy settings, and no ANTHROPIC_API_KEY/ANTHROPIC_AUTH_TOKEN in environment');
         }
 
-        // Check if dangerously_skip_permissions is enabled globally or per-session
-        const globalSkip = getSetting('dangerously_skip_permissions') === 'true';
-        const skipPermissions = globalSkip || !!sessionBypassPermissions;
+        // Check if auto-approval is enabled globally or per-session
+        const globalAutoApprove = getSetting('dangerously_skip_permissions') === 'true';
+        const shouldAutoApprove = globalAutoApprove || !!sessionBypassPermissions;
 
         const queryOptions: Options = {
           cwd: workingDirectory || os.homedir(),
           abortController,
           includePartialMessages: true,
-          permissionMode: skipPermissions
-            ? 'bypassPermissions'
-            : ((permissionMode as Options['permissionMode']) || 'acceptEdits'),
+          permissionMode: (permissionMode as Options['permissionMode']) || 'acceptEdits',
           env: sanitizeEnv(sdkEnv),
           // Load settings so the SDK behaves like the CLI (tool permissions,
           // CLAUDE.md, etc.). When an active provider is configured in
@@ -463,10 +474,6 @@ export function streamClaude(options: ClaudeStreamOptions): ReadableStream<strin
           settingSources: resolved.settingSources as Options['settingSources'],
         };
 
-        if (skipPermissions) {
-          queryOptions.allowDangerouslySkipPermissions = true;
-        }
-
         // Find claude binary for packaged app where PATH is limited.
         // On Windows, npm installs Claude CLI as a .cmd wrapper which cannot
         // be spawned directly without shell:true. Parse the wrapper to
@@ -562,10 +569,20 @@ export function streamClaude(options: ClaudeStreamOptions): ReadableStream<strin
           queryOptions.resume = sdkSessionId;
         }
 
-        // Permission handler: sends SSE event and waits for user response
+        // Permission handler: auto-approve if enabled, or sends SSE event and waits for user response
         queryOptions.canUseTool = async (toolName, input, opts) => {
           const permissionRequestId = `perm-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
 
+          // If auto-approval is enabled, approve immediately without user interaction
+          if (shouldAutoApprove) {
+            console.log(`[claude-client] Auto-approved ${toolName} (auto-approval enabled)`);
+            return {
+              behavior: 'allow',
+              updatedInput: input,
+              ...(opts.suggestions ? { updatedPermissions: opts.suggestions } : {}),
+            };
+          }
+
           const permEvent: PermissionRequestEvent = {
             permissionRequestId,
             toolName,
@@ -856,6 +873,9 @@ export function streamClaude(options: ClaudeStreamOptions): ReadableStream<strin
                         is_error: block.is_error || false,
                       }),
                     }));
+                    if (block.is_error) {
+                      console.warn(`[claude-client] Tool ${block.tool_use_id} failed: ${resultContent}`);
+                    }
 
                     // Deferred TodoWrite sync: only emit task_update after successful execution
                     if (!block.is_error && pendingTodoWrites.has(block.tool_use_id)) {
diff --git a/src/types/index.ts b/src/types/index.ts
index e40328fe..ea9f909c 100644
--- a/src/types/index.ts
+++ b/src/types/index.ts
@@ -902,6 +902,7 @@ export interface ToolUseInfo {
 export interface ToolResultInfo {
   tool_use_id: string;
   content: string;
+  is_error?: boolean;
 }
 
 export type StreamPhase = 'active' | 'completed' | 'error' | 'stopped';

From ca378734083e953c22e08625bc301a1dde9b889d Mon Sep 17 00:00:00 2001
From: AI Briefing <ai@briefing.local>
Date: Tue, 17 Mar 2026 17:09:46 +0800
Subject: [PATCH 2/4] chore: improve stop script to kill port 3000 processes

---
 start.sh | 183 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 183 insertions(+)
 create mode 100755 start.sh

diff --git a/start.sh b/start.sh
new file mode 100755
index 00000000..441ce0ea
--- /dev/null
+++ b/start.sh
@@ -0,0 +1,183 @@
+#!/bin/bash
+
+# CodePilot 后台启动脚本
+
+APP_DIR="$(cd "$(dirname "$0")" && pwd)"
+LOG_FILE="$APP_DIR/app.log"
+PID_FILE="$APP_DIR/app.pid"
+
+# 显示菜单
+show_menu() {
+  clear
+  echo "========================================"
+  echo "      CodePilot 管理菜单"
+  echo "========================================"
+  echo ""
+  
+  # 检查状态
+  if [ -f "$PID_FILE" ] && kill -0 "$(cat "$PID_FILE")" 2>/dev/null; then
+    echo "  当前状态: 运行中 (PID: $(cat "$PID_FILE"))"
+  else
+    echo "  当前状态: 未运行"
+  fi
+  
+  echo ""
+  echo "  [1] 启动服务"
+  echo "  [2] 停止服务"
+  echo "  [3] 重启服务"
+  echo "  [4] 查看实时日志"
+  echo "  [5] 查看状态"
+  echo "  [6] 查看日志 (最后50行)"
+  echo "  [0] 退出"
+  echo ""
+  echo "========================================"
+}
+
+# 启动服务
+do_start() {
+  if [ -f "$PID_FILE" ] && kill -0 "$(cat "$PID_FILE")" 2>/dev/null; then
+    echo "服务已在运行 (PID: $(cat "$PID_FILE"))"
+    return
+  fi
+  
+  cd "$APP_DIR" || exit 1
+  nohup npm run start > "$LOG_FILE" 2>&1 &
+  echo $! > "$PID_FILE"
+  echo "启动成功，PID: $!"
+}
+
+# 停止服务
+do_stop() {
+  # 先尝试停止 PID 文件中的进程
+  if [ -f "$PID_FILE" ]; then
+    PID=$(cat "$PID_FILE")
+    if kill -0 "$PID" 2>/dev/null; then
+      kill "$PID" 2>/dev/null
+      sleep 1
+      # 如果进程还在，强制杀掉
+      if kill -0 "$PID" 2>/dev/null; then
+        kill -9 "$PID" 2>/dev/null
+      fi
+      echo "已停止 (PID: $PID)"
+    else
+      echo "进程不存在"
+    fi
+    rm -f "$PID_FILE"
+  else
+    echo "服务未运行"
+  fi
+  
+  # 强制清理占用端口 3000 的进程
+  if ss -tlnp 2>/dev/null | grep -q ":3000 "; then
+    echo "清理残留进程..."
+    fuser -k 3000/tcp 2>/dev/null
+    sleep 1
+    # 再次强制清理
+    lsof -ti:3000 | xargs -r kill -9 2>/dev/null
+  fi
+}
+
+# 查看状态
+do_status() {
+  if [ -f "$PID_FILE" ] && kill -0 "$(cat "$PID_FILE")" 2>/dev/null; then
+    echo "运行中 (PID: $(cat "$PID_FILE"))"
+  else
+    echo "未运行"
+  fi
+}
+
+# 查看日志
+do_log() {
+  tail -f "$LOG_FILE"
+}
+
+# 菜单模式
+menu_mode() {
+  while true; do
+    show_menu
+    read -p "请选择操作 [0-6]: " choice
+    
+    case $choice in
+      1)
+        echo ""
+        do_start
+        read -p "按回车键继续..."
+        ;;
+      2)
+        echo ""
+        do_stop
+        read -p "按回车键继续..."
+        ;;
+      3)
+        echo ""
+        do_stop
+        sleep 1
+        do_start
+        read -p "按回车键继续..."
+        ;;
+      4)
+        echo ""
+        echo "按 Ctrl+C 退出日志查看"
+        do_log
+        ;;
+      5)
+        echo ""
+        do_status
+        read -p "按回车键继续..."
+        ;;
+      6)
+        echo ""
+        if [ -f "$LOG_FILE" ]; then
+          tail -n 50 "$LOG_FILE"
+        else
+          echo "暂无日志文件"
+        fi
+        read -p "按回车键继续..."
+        ;;
+      0)
+        echo ""
+        echo "再见！"
+        exit 0
+        ;;
+      *)
+        echo ""
+        echo "无效选项"
+        read -p "按回车键继续..."
+        ;;
+    esac
+  done
+}
+
+# 命令行模式
+case "${1:-menu}" in
+  start)
+    do_start
+    ;;
+  stop)
+    do_stop
+    ;;
+  restart)
+    do_stop
+    sleep 1
+    do_start
+    ;;
+  status)
+    do_status
+    ;;
+  log)
+    do_log
+    ;;
+  menu)
+    menu_mode
+    ;;
+  *)
+    echo "用法: $0 {start|stop|restart|status|log|menu}"
+    echo ""
+    echo "  start  - 后台启动服务"
+    echo "  stop   - 停止服务"
+    echo "  restart- 重启服务"
+    echo "  status - 查看运行状态"
+    echo "  log    - 查看实时日志"
+    echo "  menu   - 显示交互菜单（默认）"
+    ;;
+esac

From 3ea2c9ebde870217e8f028d2197ad2942eab7b79 Mon Sep 17 00:00:00 2001
From: HNGM-HP <542869290@qq.com>
Date: Sat, 21 Mar 2026 11:53:25 +0800
Subject: [PATCH 3/4] fix: improve stop script to kill all related processes

---
 start.sh | 55 +++++++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 41 insertions(+), 14 deletions(-)

diff --git a/start.sh b/start.sh
index 441ce0ea..03df74f9 100755
--- a/start.sh
+++ b/start.sh
@@ -48,32 +48,59 @@ do_start() {
 
 # 停止服务
 do_stop() {
-  # 先尝试停止 PID 文件中的进程
+  local stopped=0
+  
+  # 1. 先尝试停止 PID 文件中的进程及其子进程
   if [ -f "$PID_FILE" ]; then
     PID=$(cat "$PID_FILE")
     if kill -0 "$PID" 2>/dev/null; then
-      kill "$PID" 2>/dev/null
-      sleep 1
+      # 杀掉整个进程组（包括子进程）
+      kill -TERM -"$PID" 2>/dev/null || kill -TERM "$PID" 2>/dev/null
+      sleep 2
       # 如果进程还在，强制杀掉
       if kill -0 "$PID" 2>/dev/null; then
-        kill -9 "$PID" 2>/dev/null
+        kill -9 -"$PID" 2>/dev/null || kill -9 "$PID" 2>/dev/null
       fi
       echo "已停止 (PID: $PID)"
-    else
-      echo "进程不存在"
+      stopped=1
     fi
     rm -f "$PID_FILE"
-  else
-    echo "服务未运行"
   fi
   
-  # 强制清理占用端口 3000 的进程
-  if ss -tlnp 2>/dev/null | grep -q ":3000 "; then
-    echo "清理残留进程..."
-    fuser -k 3000/tcp 2>/dev/null
+  # 2. 强制清理占用端口 3000 的所有进程
+  local port_pids=$(lsof -ti:3000 2>/dev/null)
+  if [ -n "$port_pids" ]; then
+    echo "清理端口 3000 残留进程: $port_pids"
+    echo "$port_pids" | xargs kill -9 2>/dev/null
+    sleep 1
+    stopped=1
+  fi
+  
+  # 3. 清理所有 node/next 相关进程（当前目录下启动的）
+  local node_pids=$(pgrep -f "node.*$APP_DIR" 2>/dev/null)
+  if [ -n "$node_pids" ]; then
+    echo "清理 Node 进程: $node_pids"
+    echo "$node_pids" | xargs kill -9 2>/dev/null
+    stopped=1
+  fi
+  
+  # 4. 再次检查端口
+  if lsof -i:3000 >/dev/null 2>&1; then
+    echo "仍有进程占用端口 3000，强制清理..."
+    fuser -k -9 3000/tcp 2>/dev/null
     sleep 1
-    # 再次强制清理
-    lsof -ti:3000 | xargs -r kill -9 2>/dev/null
+  fi
+  
+  if [ "$stopped" -eq 0 ]; then
+    echo "服务未运行"
+  fi
+  
+  # 最终确认
+  if lsof -i:3000 >/dev/null 2>&1; then
+    echo "警告: 端口 3000 仍被占用"
+    lsof -i:3000
+  else
+    echo "端口 3000 已释放"
   fi
 }
 

From cc8fd848a2078b75d89792627292165995780522 Mon Sep 17 00:00:00 2001
From: HNGM-HP <542869290@qq.com>
Date: Sat, 21 Mar 2026 12:01:18 +0800
Subject: [PATCH 4/4] fix: use ss instead of lsof for reliable port detection

---
 start.sh | 105 +++++++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 82 insertions(+), 23 deletions(-)

diff --git a/start.sh b/start.sh
index 03df74f9..b5fdf1eb 100755
--- a/start.sh
+++ b/start.sh
@@ -14,9 +14,14 @@ show_menu() {
   echo "========================================"
   echo ""
   
-  # 检查状态
+  # 检查状态（使用 ss 更可靠）
+  local port_info=$(ss -tlnp 2>/dev/null | grep ":3000 ")
+  local port_pid=$(echo "$port_info" | sed -n 's/.*pid=\([0-9]*\).*/\1/p')
+  
   if [ -f "$PID_FILE" ] && kill -0 "$(cat "$PID_FILE")" 2>/dev/null; then
     echo "  当前状态: 运行中 (PID: $(cat "$PID_FILE"))"
+  elif [ -n "$port_pid" ]; then
+    echo "  当前状态: 端口被占用 (PID: $port_pid) - 异常"
   else
     echo "  当前状态: 未运行"
   fi
@@ -35,15 +40,44 @@ show_menu() {
 
 # 启动服务
 do_start() {
+  # 先检查端口是否已被占用
+  local port_info=$(ss -tlnp 2>/dev/null | grep ":3000 ")
+  if [ -n "$port_info" ]; then
+    local port_pid=$(echo "$port_info" | sed -n 's/.*pid=\([0-9]*\).*/\1/p')
+    echo "端口 3000 已被占用 (PID: $port_pid)"
+    echo "请先运行 ./start.sh stop 停止服务"
+    return 1
+  fi
+  
   if [ -f "$PID_FILE" ] && kill -0 "$(cat "$PID_FILE")" 2>/dev/null; then
     echo "服务已在运行 (PID: $(cat "$PID_FILE"))"
-    return
+    return 0
   fi
   
   cd "$APP_DIR" || exit 1
+  
+  # 启动服务并等待端口监听
   nohup npm run start > "$LOG_FILE" 2>&1 &
-  echo $! > "$PID_FILE"
-  echo "启动成功，PID: $!"
+  local npm_pid=$!
+  echo $npm_pid > "$PID_FILE"
+  
+  echo "正在启动服务..."
+  
+  # 等待端口监听（最多等待 30 秒，使用 ss 检测）
+  local waited=0
+  while [ $waited -lt 30 ]; do
+    sleep 1
+    waited=$((waited + 1))
+    local check_info=$(ss -tlnp 2>/dev/null | grep ":3000 ")
+    if [ -n "$check_info" ]; then
+      local server_pid=$(echo "$check_info" | sed -n 's/.*pid=\([0-9]*\).*/\1/p')
+      echo "启动成功 (PID: $server_pid)"
+      return 0
+    fi
+  done
+  
+  echo "启动超时，请检查日志: $LOG_FILE"
+  return 1
 }
 
 # 停止服务
@@ -67,28 +101,24 @@ do_stop() {
     rm -f "$PID_FILE"
   fi
   
-  # 2. 强制清理占用端口 3000 的所有进程
-  local port_pids=$(lsof -ti:3000 2>/dev/null)
+  # 2. 强制清理占用端口 3000 的所有进程（使用 ss 更可靠）
+  local port_pids=$(ss -tlnp 2>/dev/null | grep ":3000 " | sed -n 's/.*pid=\([0-9]*\).*/\1/p' | sort -u)
   if [ -n "$port_pids" ]; then
     echo "清理端口 3000 残留进程: $port_pids"
-    echo "$port_pids" | xargs kill -9 2>/dev/null
+    for pid in $port_pids; do
+      kill -9 "$pid" 2>/dev/null && echo "  已杀掉 PID: $pid"
+    done
     sleep 1
     stopped=1
   fi
   
-  # 3. 清理所有 node/next 相关进程（当前目录下启动的）
-  local node_pids=$(pgrep -f "node.*$APP_DIR" 2>/dev/null)
-  if [ -n "$node_pids" ]; then
-    echo "清理 Node 进程: $node_pids"
-    echo "$node_pids" | xargs kill -9 2>/dev/null
-    stopped=1
-  fi
-  
-  # 4. 再次检查端口
-  if lsof -i:3000 >/dev/null 2>&1; then
-    echo "仍有进程占用端口 3000，强制清理..."
-    fuser -k -9 3000/tcp 2>/dev/null
+  # 3. 备用方式：使用 lsof
+  local lsof_pids=$(lsof -ti:3000 2>/dev/null)
+  if [ -n "$lsof_pids" ]; then
+    echo "清理残留进程 (lsof): $lsof_pids"
+    echo "$lsof_pids" | xargs kill -9 2>/dev/null
     sleep 1
+    stopped=1
   fi
   
   if [ "$stopped" -eq 0 ]; then
@@ -96,9 +126,9 @@ do_stop() {
   fi
   
   # 最终确认
-  if lsof -i:3000 >/dev/null 2>&1; then
+  if ss -tlnp 2>/dev/null | grep -q ":3000 "; then
     echo "警告: 端口 3000 仍被占用"
-    lsof -i:3000
+    ss -tlnp | grep ":3000 "
   else
     echo "端口 3000 已释放"
   fi
@@ -106,10 +136,39 @@ do_stop() {
 
 # 查看状态
 do_status() {
+  local has_pid=0
+  local has_port=0
+  
+  # 检查 PID 文件
   if [ -f "$PID_FILE" ] && kill -0 "$(cat "$PID_FILE")" 2>/dev/null; then
-    echo "运行中 (PID: $(cat "$PID_FILE"))"
+    has_pid=1
+    echo "PID 文件: 运行中 (PID: $(cat "$PID_FILE"))"
+  else
+    echo "PID 文件: 未运行"
+    [ -f "$PID_FILE" ] && rm -f "$PID_FILE"
+  fi
+  
+  # 检查端口占用（使用 ss 更可靠）
+  local port_info=$(ss -tlnp 2>/dev/null | grep ":3000 ")
+  if [ -n "$port_info" ]; then
+    has_port=1
+    local port_pid=$(echo "$port_info" | sed -n 's/.*pid=\([0-9]*\).*/\1/p')
+    echo "端口 3000: 被占用 (PID: $port_pid)"
+  else
+    echo "端口 3000: 空闲"
+  fi
+  
+  # 综合状态
+  echo ""
+  if [ "$has_pid" -eq 1 ] && [ "$has_port" -eq 1 ]; then
+    echo ">>> 服务正常运行"
+  elif [ "$has_pid" -eq 0 ] && [ "$has_port" -eq 1 ]; then
+    echo ">>> 异常: 端口被占用但 PID 文件不存在"
+    echo ">>> 建议: 运行 ./start.sh stop 清理残留进程"
+  elif [ "$has_pid" -eq 1 ] && [ "$has_port" -eq 0 ]; then
+    echo ">>> 异常: PID 存在但端口未监听"
   else
-    echo "未运行"
+    echo ">>> 服务未运行"
   fi
 }