feat: three-tier permission modes with bash confirmation in Edit Mode

abose · abose · commit 2223590c7f91 · 2026-03-17T14:12:00.000+05:30
- Edit Mode (default): auto-allows edits, prompts for bash commands
- Full Auto (bypassPermissions): allows everything without prompts
- Plan Mode: plans first as before
- Bash PreToolUse hook sends confirmation to browser in Edit Mode
- Confirmation card collapses to status line after Allow/Deny
diff --git a/src-node/claude-code-agent.js b/src-node/claude-code-agent.js
@@ -60,6 +60,9 @@ let _questionResolve = null;
 // Pending plan resolver — used by ExitPlanMode stream interception
 let _planResolve = null;
 
+// Pending bash confirmation resolver — used by Bash PreToolUse hook (Edit Mode)
+let _bashConfirmResolve = null;
+
 // Stores rejection feedback when user rejects a plan
 let _planRejectionFeedback = null;
 
@@ -272,6 +275,7 @@ exports.cancelQuery = async function () {
         // Clear any pending question or plan
         _questionResolve = null;
         _planResolve = null;
+        _bashConfirmResolve = null;
         _queuedClarification = null;
         return { success: true };
     }
@@ -302,6 +306,18 @@ exports.answerPlan = async function (params) {
     return { success: true };
 };
 
+/**
+ * Receive the user's response to a bash confirmation prompt (Edit Mode).
+ * Called from browser via execPeer("answerBashConfirm", {allowed}).
+ */
+exports.answerBashConfirm = async function (params) {
+    if (_bashConfirmResolve) {
+        _bashConfirmResolve(params);
+        _bashConfirmResolve = null;
+    }
+    return { success: true };
+};
+
 /**
  * Resume a previous session by setting the session ID.
  * The next sendPrompt call will use queryOptions.resume with this session ID.
@@ -313,6 +329,7 @@ exports.resumeSession = async function (params) {
     }
     _questionResolve = null;
     _planResolve = null;
+    _bashConfirmResolve = null;
     _queuedClarification = null;
     currentSessionId = params.sessionId;
     return { success: true };
@@ -696,6 +713,48 @@ async function _runQuery(requestId, prompt, projectPath, model, signal, locale,
                         }
                     ]
                 },
+                {
+                    matcher: "Bash",
+                    hooks: [
+                        async (input) => {
+                            if (permissionMode !== "acceptEdits") {
+                                // Plan mode: SDK handles. Full Auto: allow freely.
+                                return {};
+                            }
+                            // Edit Mode: ask user confirmation before running bash
+                            const command = input.tool_input.command || "";
+                            console.log("[Phoenix AI] Bash confirmation requested:", command.slice(0, 80));
+                            nodeConnector.triggerPeer("aiBashConfirm", {
+                                requestId: requestId,
+                                command: command,
+                                toolId: toolCounter
+                            });
+                            const response = await new Promise((resolve, reject) => {
+                                _bashConfirmResolve = resolve;
+                                if (signal.aborted) {
+                                    _bashConfirmResolve = null;
+                                    reject(new Error("Aborted"));
+                                    return;
+                                }
+                                const onAbort = () => {
+                                    _bashConfirmResolve = null;
+                                    reject(new Error("Aborted"));
+                                };
+                                signal.addEventListener("abort", onAbort, { once: true });
+                            });
+                            if (response.allowed) {
+                                return {};
+                            }
+                            return {
+                                hookSpecificOutput: {
+                                    hookEventName: "PreToolUse",
+                                    permissionDecision: "deny",
+                                    permissionDecisionReason: "User denied this command."
+                                }
+                            };
+                        }
+                    ]
+                },
                 {
                     matcher: "AskUserQuestion",
                     hooks: [
diff --git a/src/nls/root/strings.js b/src/nls/root/strings.js
@@ -1927,7 +1927,13 @@ define({
     "AI_CHAT_PLAN_FEEDBACK_PLACEHOLDER": "What would you like changed?",
     "AI_CHAT_PLAN_REVISE_DEFAULT": "Please revise the plan.",
     "AI_CHAT_MODE_PLAN": "Plan Mode",
+    "AI_CHAT_MODE_EDIT": "Edit Mode",
     "AI_CHAT_MODE_FULL_AUTO": "Full Auto",
+    "AI_CHAT_BASH_CONFIRM_TITLE": "Allow command?",
+    "AI_CHAT_BASH_ALLOW": "Allow",
+    "AI_CHAT_BASH_DENY": "Deny",
+    "AI_CHAT_BASH_ALLOWED": "Command allowed",
+    "AI_CHAT_BASH_DENIED": "Command denied",
     "AI_CHAT_CODE_DEFAULT_LANG": "text",
     "AI_CHAT_CODE_COLLAPSE": "Collapse",
     "AI_CHAT_CODE_EXPAND": "Expand",
diff --git a/src/styles/Extn-AIChatPanel.less b/src/styles/Extn-AIChatPanel.less
@@ -1412,6 +1412,92 @@
     }
 }
 
+/* ── Bash confirmation card ─────────────────────────────────────────── */
+.ai-bash-confirm {
+    border: 1px solid rgba(243, 156, 18, 0.3);
+    border-radius: 8px;
+    background: rgba(243, 156, 18, 0.06);
+    margin: 8px 0;
+    overflow: hidden;
+
+    .ai-bash-confirm-header {
+        display: flex;
+        align-items: center;
+        gap: 8px;
+        padding: 8px 12px;
+        font-weight: 600;
+        font-size: @sidebar-content-font-size;
+        color: #f39c12;
+        border-bottom: 1px solid rgba(243, 156, 18, 0.15);
+    }
+
+    .ai-bash-confirm-body {
+        padding: 8px 12px;
+
+        pre {
+            margin: 0;
+            padding: 8px;
+            border-radius: 4px;
+            background: rgba(0, 0, 0, 0.2);
+            color: #e0e0e0;
+            font-size: @sidebar-content-font-size;
+            white-space: pre-wrap;
+            word-break: break-all;
+        }
+    }
+
+    .ai-bash-confirm-actions {
+        display: flex;
+        gap: 8px;
+        padding: 8px 12px;
+        border-top: 1px solid rgba(243, 156, 18, 0.15);
+    }
+
+    .ai-bash-allow-btn {
+        background: rgba(76, 175, 80, 0.15);
+        border: 1px solid rgba(76, 175, 80, 0.35);
+        color: #81c784;
+        padding: 4px 14px;
+        border-radius: 4px;
+        cursor: pointer;
+        font-size: @sidebar-xs-font-size;
+
+        &:hover {
+            background: rgba(76, 175, 80, 0.25);
+        }
+    }
+
+    .ai-bash-deny-btn {
+        background: rgba(231, 76, 60, 0.15);
+        border: 1px solid rgba(231, 76, 60, 0.35);
+        color: #e57373;
+        padding: 4px 14px;
+        border-radius: 4px;
+        cursor: pointer;
+        font-size: @sidebar-xs-font-size;
+
+        &:hover {
+            background: rgba(231, 76, 60, 0.25);
+        }
+    }
+
+}
+
+.ai-bash-result {
+    padding: 4px 10px;
+    border-radius: 4px;
+    font-size: @sidebar-xs-font-size;
+    margin: 4px 0;
+
+    &.ai-bash-result-allowed {
+        color: #81c784;
+    }
+
+    &.ai-bash-result-denied {
+        color: #e57373;
+    }
+}
+
 /* ── Queued clarification bubble (static, above input) ─────────────── */
 .ai-queued-msg {
     border: 1px dashed rgba(255, 255, 255, 0.15);
@@ -1647,6 +1733,10 @@
                 background-color: #e74c3c;
             }
 
+            &.mode-edit {
+                background-color: #f39c12;
+            }
+
             &.mode-plan {
                 background-color: #3498db;
             }
