feat(desktop): safer defaults for builtin terminal agent presets#3546
Merged
Conversation
Swap permission-bypass flags for each CLI's intended safe-but-useful mode (claude acceptEdits, codex --full-auto, gemini auto_edit, copilot --allow-all-tools). Drop mastracode/opencode/pi from the default seed since they are YOLO-by-default at the CLI level; they remain available via Quick-Add. Remove cursor-agent's --yolo suffix (silent no-op on the real binary). Existing users are preserved — the v1 terminalPresetsInitialized guard and v2 migration marker ensure stored commands are never rewritten.
Contributor
📝 WalkthroughWalkthroughUpdated documentation, built-in terminal agent invocation flags, and test expectations to replace legacy unsafe/bypass flags with explicit permission/approval modes and adjust which agents appear in default presets. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Greptile SummaryThis PR tightens the default CLI flags for each built-in terminal agent preset to safer, permission-aware modes, and removes Key changes:
Confidence Score: 4/5Safe to merge after fixing gemini's promptCommand to include --approval-mode=auto_edit; all other safety improvements are correct and well-tested. The PR achieves its stated goals for claude, codex, and copilot. The gemini promptCommand inconsistency is a real bug (prompt/task launches run without the safe flag) but is an easy one-line fix. Existing-user migration is well-designed and docs are accurate. packages/shared/src/builtin-terminal-agents.ts — gemini's
|
| Filename | Overview |
|---|---|
| packages/shared/src/builtin-terminal-agents.ts | Core agent definitions updated with safer flags — claude, codex, copilot correct, but gemini's promptCommand is missing --approval-mode=auto_edit, causing prompt/task launches to run without the safe mode flag. |
| packages/shared/src/agent-command.test.ts | Tests updated for claude and codex new safe flags; missing gemini prompt command test that would have caught the promptCommand inconsistency. |
| apps/docs/content/docs/terminal-presets.mdx | Documentation accurately reflects new safe defaults and correctly marks mastracode/opencode/pi as opt-in due to YOLO-by-default CLI behavior. |
Flowchart
%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[Agent Launch Request] --> B{Launch type?}
B -->|Direct terminal| C[Use agent.command]
B -->|Prompt / Task| D[Use agent.promptCommand]
C --> E[claude: claude --permission-mode acceptEdits]
C --> F[codex: codex ... --full-auto]
C --> G[gemini: gemini --approval-mode=auto_edit ✓]
C --> H[copilot: copilot --allow-all-tools ✓]
D --> I[claude: claude --permission-mode acceptEdits ✓]
D --> J[codex: codex ... --full-auto -- ✓]
D --> K["gemini: gemini ❌ (missing --approval-mode=auto_edit)"]
D --> L[copilot: copilot -i --allow-all-tools ✓]
Comments Outside Diff (1)
-
packages/shared/src/agent-command.test.ts, line 1-63 (link)No test coverage for gemini prompt command safety flag
The test suite covers codex (
--full-auto --), claude (--permission-mode acceptEdits), amp (stdin mode), and pi (interactive mode), but there is no test for gemini's prompt command. This is exactly how the missing--approval-mode=auto_editinpromptCommandwent undetected.Consider adding a test:
it("includes --approval-mode=auto_edit for gemini prompt launches", () => { const command = buildAgentPromptCommand({ prompt: "hello", randomId: "gem-1234", agent: "gemini", }); expect(command).toStartWith( "gemini --approval-mode=auto_edit \"$(cat <<'SUPERSET_PROMPT_gem1234'", ); });
Prompt To Fix With AI
This is a comment left during a code review. Path: packages/shared/src/agent-command.test.ts Line: 1-63 Comment: **No test coverage for gemini prompt command safety flag** The test suite covers codex (`--full-auto --`), claude (`--permission-mode acceptEdits`), amp (stdin mode), and pi (interactive mode), but there is no test for gemini's prompt command. This is exactly how the missing `--approval-mode=auto_edit` in `promptCommand` went undetected. Consider adding a test: ```typescript it("includes --approval-mode=auto_edit for gemini prompt launches", () => { const command = buildAgentPromptCommand({ prompt: "hello", randomId: "gem-1234", agent: "gemini", }); expect(command).toStartWith( "gemini --approval-mode=auto_edit \"$(cat <<'SUPERSET_PROMPT_gem1234'", ); }); ``` How can I resolve this? If you propose a fix, please make it concise.
Prompt To Fix All With AI
This is a comment left during a code review.
Path: packages/shared/src/builtin-terminal-agents.ts
Line: 93-95
Comment:
**Gemini `promptCommand` missing `--approval-mode=auto_edit`**
The `promptCommand` for gemini is `"gemini"` without `--approval-mode=auto_edit`, but the `command` correctly sets it. This means prompt-based/task launches (via `buildAgentPromptCommand`) will run gemini without the safe approval flag, while direct terminal launches will have it.
The PR description says removing `--yolo` from the prompt command is "redundant with the new safe flag" — but that reasoning only holds if `--approval-mode=auto_edit` is included in the `promptCommand` too. Right now it isn't, so prompt launches get neither the old `--yolo` (removed) nor the new safe flag (not added).
The fix is to include the safe flag in `promptCommand` as well:
```suggestion
command: "gemini --approval-mode=auto_edit",
promptCommand: "gemini --approval-mode=auto_edit",
```
How can I resolve this? If you propose a fix, please make it concise.
---
This is a comment left during a code review.
Path: packages/shared/src/agent-command.test.ts
Line: 1-63
Comment:
**No test coverage for gemini prompt command safety flag**
The test suite covers codex (`--full-auto --`), claude (`--permission-mode acceptEdits`), amp (stdin mode), and pi (interactive mode), but there is no test for gemini's prompt command. This is exactly how the missing `--approval-mode=auto_edit` in `promptCommand` went undetected.
Consider adding a test:
```typescript
it("includes --approval-mode=auto_edit for gemini prompt launches", () => {
const command = buildAgentPromptCommand({
prompt: "hello",
randomId: "gem-1234",
agent: "gemini",
});
expect(command).toStartWith(
"gemini --approval-mode=auto_edit \"$(cat <<'SUPERSET_PROMPT_gem1234'",
);
});
```
How can I resolve this? If you propose a fix, please make it concise.Reviews (1): Last reviewed commit: "feat(desktop): safer defaults for builti..." | Re-trigger Greptile
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
Comment on lines
+93
to
95
| command: "gemini --approval-mode=auto_edit", | ||
| promptCommand: "gemini", | ||
| promptCommandSuffix: "--yolo", | ||
| includeInDefaultTerminalPresets: true, |
There was a problem hiding this comment.
promptCommand missing --approval-mode=auto_edit
The promptCommand for gemini is "gemini" without --approval-mode=auto_edit, but the command correctly sets it. This means prompt-based/task launches (via buildAgentPromptCommand) will run gemini without the safe approval flag, while direct terminal launches will have it.
The PR description says removing --yolo from the prompt command is "redundant with the new safe flag" — but that reasoning only holds if --approval-mode=auto_edit is included in the promptCommand too. Right now it isn't, so prompt launches get neither the old --yolo (removed) nor the new safe flag (not added).
The fix is to include the safe flag in promptCommand as well:
Suggested change
| command: "gemini --approval-mode=auto_edit", | |
| promptCommand: "gemini", | |
| promptCommandSuffix: "--yolo", | |
| includeInDefaultTerminalPresets: true, | |
| command: "gemini --approval-mode=auto_edit", | |
| promptCommand: "gemini --approval-mode=auto_edit", |
Prompt To Fix With AI
This is a comment left during a code review.
Path: packages/shared/src/builtin-terminal-agents.ts
Line: 93-95
Comment:
**Gemini `promptCommand` missing `--approval-mode=auto_edit`**
The `promptCommand` for gemini is `"gemini"` without `--approval-mode=auto_edit`, but the `command` correctly sets it. This means prompt-based/task launches (via `buildAgentPromptCommand`) will run gemini without the safe approval flag, while direct terminal launches will have it.
The PR description says removing `--yolo` from the prompt command is "redundant with the new safe flag" — but that reasoning only holds if `--approval-mode=auto_edit` is included in the `promptCommand` too. Right now it isn't, so prompt launches get neither the old `--yolo` (removed) nor the new safe flag (not added).
The fix is to include the safe flag in `promptCommand` as well:
```suggestion
command: "gemini --approval-mode=auto_edit",
promptCommand: "gemini --approval-mode=auto_edit",
```
How can I resolve this? If you propose a fix, please make it concise.![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
apps/docs/content/docs/terminal-presets.mdx (1)
52-54: Nit: clarify what "YOLO by default at the CLI level" means.The parentheticals are accurate as an internal note but may confuse end users who don't know YOLO semantics. Consider a short, uniform phrasing such as "(opt-in: auto-approves all actions, including destructive shell commands, by default)" so readers understand why these are opt-in rather than default.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@apps/docs/content/docs/terminal-presets.mdx` around lines 52 - 54, Update the three terminal preset descriptions to replace the ambiguous "YOLO by default at the CLI level" and the vague "full-access" phrasing with a clear, uniform opt-in explanation: for **mastracode** and **pi** change their parenthetical to "(opt-in: auto-approves all actions, including destructive shell commands, by default)" and for **opencode** use a similarly explicit parenthetical like "(opt-in: grants full access to files and shell commands by default)"; edit the lines mentioning mastracode, opencode, and pi to use these clarified phrases so end users understand why these presets are opt-in.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@apps/docs/content/docs/terminal-presets.mdx`:
- Around line 44-50: The docs claim defaults "prompt before running shell
commands" but the copilot preset uses the flag `--allow-all-tools`, which
auto-approves tool calls (including shell) — either remove or replace
`--allow-all-tools` from the copilot preset so it no longer auto-approves tools,
or explicitly mark the copilot preset as an exception in this document by
calling out `copilot --allow-all-tools` and warning that it auto-approves
tool/shell execution within the workspace allowlist; update the preset
definition for "copilot" and the descriptive text accordingly.
In `@packages/shared/src/builtin-terminal-agents.ts`:
- Around line 118-126: The Copilot terminal preset created via
createBuiltinTerminalAgent (id: "copilot") uses the unsafe flag
"--allow-all-tools" in the command and promptCommand which auto-approves
shell/tool execution; remove "--allow-all-tools" or replace it with explicit
narrower flags (e.g., use "--allow-tool" for only edit/IDE tools) in both the
command and promptCommand fields so Copilot defaults to prompting for shell
commands and external file touches, preserving the safer defaults promised in
the docs.
---
Nitpick comments:
In `@apps/docs/content/docs/terminal-presets.mdx`:
- Around line 52-54: Update the three terminal preset descriptions to replace
the ambiguous "YOLO by default at the CLI level" and the vague "full-access"
phrasing with a clear, uniform opt-in explanation: for **mastracode** and **pi**
change their parenthetical to "(opt-in: auto-approves all actions, including
destructive shell commands, by default)" and for **opencode** use a similarly
explicit parenthetical like "(opt-in: grants full access to files and shell
commands by default)"; edit the lines mentioning mastracode, opencode, and pi to
use these clarified phrases so end users understand why these presets are
opt-in.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: e0d5542d-b763-4628-997c-b0263b91a5ef
📒 Files selected for processing (3)
apps/docs/content/docs/terminal-presets.mdxpackages/shared/src/agent-command.test.tspackages/shared/src/builtin-terminal-agents.ts
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
1 issue found across 3 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="packages/shared/src/builtin-terminal-agents.ts">
<violation number="1" location="packages/shared/src/builtin-terminal-agents.ts:93">
P2: Gemini prompt/task launches drop the new safe approval mode because `promptCommand` is still plain `gemini`. Align `promptCommand` with the updated command so all launch paths use the same safety mode.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
Contributor
🧹 Preview Cleanup CompleteThe following preview resources have been cleaned up:
Thank you for your contribution! 🎉 |
buildPromptAgentLaunchRequest's terminal-command fixture hard-coded the old --dangerously-bypass-approvals-and-sandbox flag. Update it to the new --full-auto default so the test reflects the current builtin.
saddlepaddle
force-pushed
the
default-presets-should-not-be-dangerous
branch
from
7d7fd65 to
4f47389
Compare
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
packages/shared/src/builtin-terminal-agents.ts (1)
123-124:⚠️ Potential issue | 🟠 Major
--allow-all-toolsstill auto-approves tool execution.This is the same unresolved safety concern from the previous review: GitHub’s docs say
--allow-all-toolsgives full access to available tools and allows them without confirmation, which conflicts with a safer default preset. Prefer dropping it by default, or replacing it with a narrower--allow-toolallowlist if specific edit-only tools are intended. Source: https://docs.github.com/en/copilot/how-tos/copilot-cli/allowing-toolsSafer default option
- command: "copilot --allow-all-tools", - promptCommand: "copilot -i --allow-all-tools", + command: "copilot", + promptCommand: "copilot -i",Verify against the current Copilot CLI docs before choosing the final allowlist:
GitHub Copilot CLI --allow-all-tools behavior allow all tools automatically without confirmation🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/shared/src/builtin-terminal-agents.ts` around lines 123 - 124, The default commands in builtin-terminal-agents.ts currently include the unsafe flag `--allow-all-tools` (in the `command` and `promptCommand` entries), which auto-approves all tool execution; remove that flag or replace it with explicit narrower allowlist flags (e.g., use `--allow-tool <tool-name>` for specific edit-only tools) in both `command` and `promptCommand` so tools are not auto-approved; update both symbols (`command` and `promptCommand`) for the Copilot agent entry and verify the final flag set against the latest Copilot CLI docs before committing.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@packages/shared/src/builtin-terminal-agents.ts`:
- Around line 93-94: The prompt-based Gemini entry is missing the approval-mode
flag, causing prompt launches to run as plain "gemini"; update the promptCommand
for the Gemini preset (the entry where command is "gemini
--approval-mode=auto_edit") to include the same flag (set promptCommand to
"gemini --approval-mode=auto_edit") so prompt launches and terminal launches use
the identical approval-mode; locate the Gemini object in
BUILTIN_TERMINAL_AGENT_PROMPT_COMMANDS / the Gemini preset and make this change.
---
Duplicate comments:
In `@packages/shared/src/builtin-terminal-agents.ts`:
- Around line 123-124: The default commands in builtin-terminal-agents.ts
currently include the unsafe flag `--allow-all-tools` (in the `command` and
`promptCommand` entries), which auto-approves all tool execution; remove that
flag or replace it with explicit narrower allowlist flags (e.g., use
`--allow-tool <tool-name>` for specific edit-only tools) in both `command` and
`promptCommand` so tools are not auto-approved; update both symbols (`command`
and `promptCommand`) for the Copilot agent entry and verify the final flag set
against the latest Copilot CLI docs before committing.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 94716e07-bab1-4821-8113-952b17ea96d5
📒 Files selected for processing (4)
apps/desktop/src/shared/utils/agent-launch-request.test.tsapps/docs/content/docs/terminal-presets.mdxpackages/shared/src/agent-command.test.tspackages/shared/src/builtin-terminal-agents.ts
✅ Files skipped from review due to trivial changes (1)
- packages/shared/src/agent-command.test.ts
🚧 Files skipped from review as they are similar to previous changes (1)
- apps/docs/content/docs/terminal-presets.mdx
- gemini promptCommand: add --approval-mode=auto_edit so prompt/task launches use the same safety mode as terminal launches (flagged by cubic, greptile, and CodeRabbit) - copilot: switch from --allow-all-tools to --allow-tool=write. Per GitHub's own docs, --allow-all-tools "allows all tools to run automatically without confirmation" including shell, which contradicts the safe-by-default claim. --allow-tool=write auto- approves file edits only (analog of claude's acceptEdits). - docs: update copilot line; clarify mastracode/opencode/pi opt-in parentheticals so users understand why they're not auto-seeded.
Contributor
There was a problem hiding this comment.
♻️ Duplicate comments (1)
apps/docs/content/docs/terminal-presets.mdx (1)
44-49:⚠️ Potential issue | 🟡 MinorAvoid promising shell prompts for the Codex default.
Line 44 says defaults still prompt before running shell commands, but Line 48 documents
codex ... --full-auto; the official Codex docs describe Full Auto as autonomous command execution inside a sandboxed environment, so this overstates the approval behavior for Codex. Consider saying defaults either prompt or sandbox command execution. Source: https://help.openai.com/en/articles/11096431-openai-codex-cli-getting-started📝 Proposed wording adjustment
-Pre-configured presets for popular AI agents. Defaults are safe-by-default — agents can read and edit files, but still prompt before running shell commands or touching files outside your workspace. Edit any preset to opt into a more permissive mode. +Pre-configured presets for popular AI agents. Defaults are safe-by-default — agents can read and edit files while either prompting for shell commands or running them inside a workspace-scoped sandbox. Edit any preset to opt into a more permissive mode.To verify against the current Codex CLI documentation:
OpenAI Codex CLI --full-auto approval mode execute commands autonomously sandboxed environment🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@apps/docs/content/docs/terminal-presets.mdx` around lines 44 - 49, Update the documentation text describing defaults and the codex preset: change the sentence that claims "defaults still prompt before running shell commands" to say defaults either prompt before running shell commands or run in a sandboxed execution mode, and adjust the codex preset entry (`codex ... --full-auto`) to note that `--full-auto` enables autonomous command execution inside a sandboxed environment rather than implying interactive approval; edit the lines referencing "codex" and the general defaults wording to reflect this safer, accurate distinction.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In `@apps/docs/content/docs/terminal-presets.mdx`:
- Around line 44-49: Update the documentation text describing defaults and the
codex preset: change the sentence that claims "defaults still prompt before
running shell commands" to say defaults either prompt before running shell
commands or run in a sandboxed execution mode, and adjust the codex preset entry
(`codex ... --full-auto`) to note that `--full-auto` enables autonomous command
execution inside a sandboxed environment rather than implying interactive
approval; edit the lines referencing "codex" and the general defaults wording to
reflect this safer, accurate distinction.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: dc93ca0d-a578-4bc0-9052-5db7454b14de
📒 Files selected for processing (2)
apps/docs/content/docs/terminal-presets.mdxpackages/shared/src/builtin-terminal-agents.ts
🚧 Files skipped from review as they are similar to previous changes (1)
- packages/shared/src/builtin-terminal-agents.ts
5 tasks
saddlepaddle
added a commit
that referenced
this pull request
Apr 21, 2026
…3546 (#3615) PR #3546 swapped builtin terminal agent defaults to safer modes (claude acceptEdits, codex --full-auto, gemini auto_edit, copilot --allow-tool=write, cursor-agent without --yolo suffix). The v1 `terminalPresetsInitialized` guard and v2 migration marker preserved users' stored terminal-preset command strings, but the **agent-preset** resolution path (resolveAgentConfigs in packages/shared/src/agent-settings.ts) layers user overrides on top of the *current* builtin defaults — so any existing canary user who never customized claude/codex/gemini/copilot/cursor-agent silently had their resolved launch command swapped. Fix: one-shot backfill into agentPresetOverrides. New `agentPresetPermissionsMigratedAt` column in settings gates the migration to run exactly once per user. On first read of agent-preset overrides, if the user's stored `terminalPresets` row contains any of the 4 pre-#3546 exact default command strings (meaning their seed happened on a pre-#3546 build), we inject overrides for `command`/`promptCommand`/`promptCommandSuffix` carrying the legacy YOLO values, skipping any field the user has already customized. Fresh post-#3546 installs have no legacy fingerprint, so the migration only stamps the timestamp and moves on.
This was referenced Apr 23, 2026
github-actions Bot
added a commit
that referenced
this pull request
Apr 29, 2026
The Copilot prompt-launch command was built as `copilot -i --allow-tool=write "<prompt>"`. The Copilot CLI treats `-i` as interactive mode, which accepts no positional arguments, so launching from the new workspace modal failed with: error: too many arguments. Expected 0 arguments but got 1. Pass the prompt through Copilot's `--prompt` flag instead, with the flag placed last so the heredoc-quoted value becomes its argument. The same fix is applied to the legacy permissions migration so pre-#3546 users are not migrated into the broken command shape. Closes #3862
6 tasks
Kitenite
added a commit
that referenced
this pull request
Apr 29, 2026
The migration backfill restored `copilot -i --allow-all` for users seeded before #3546, which has the same flag-ordering bug as the registry: `-i` consumes `--allow-all` as its prompt value and the real prompt heredoc errors with `too many arguments`. Reorder to `copilot --allow-all -i` so the prompt lands directly after `-i`. The yolo permissions intent is preserved via the unchanged suffix.
Kitenite
added a commit
that referenced
this pull request
Apr 29, 2026
…3869) * fix(agents): correct copilot flag order and mastracode prompt mode - copilot: reorder `promptCommand` from `copilot -i --allow-tool=write` to `copilot --allow-tool=write -i`. With the old order, the rendered shell command landed as `copilot -i --allow-tool=write "PROMPT"`, which commander.js parsed as `-i=--allow-tool=write` and rejected the prompt with `error: too many arguments`. - mastracode: add `promptCommand: "mastracode --prompt"`. The previous default-from-`command` rendered `mastracode "PROMPT"`, but mastracode's TUI silently drops positional args (only the headless `--prompt`/`-p` path actually executes the input). Trade-off: prompt-mode now runs headless since upstream has no `interactive + auto-execute` flag like copilot's `-i` or gemini's `--prompt-interactive`. - bump `mastracode` desktop dep `0.15.0-alpha.3` → `0.16.0` to match the current published release. * fix(agents): keep mastracode interactive after handling prompt Chain headless prompt execution with a TUI relaunch so the user lands in an interactive session on the same thread the prompt seeded. Without the suffix, `mastracode --prompt` executed and exited, breaking the expected "interactive + handles prompt" UX. The TUI auto-resumes the most recent thread (per mastracode 0.13+ behavior), so chaining `; mastracode` after the headless run drops the user back into the conversation populated by the prompt. * fix(agents): fix copilot flag order in legacy permissions migration The migration backfill restored `copilot -i --allow-all` for users seeded before #3546, which has the same flag-ordering bug as the registry: `-i` consumes `--allow-all` as its prompt value and the real prompt heredoc errors with `too many arguments`. Reorder to `copilot --allow-all -i` so the prompt lands directly after `-i`. The yolo permissions intent is preserved via the unchanged suffix. * fix(desktop): revert internal mastracode bump to align workspace versions sherif flagged the workspace mismatch — packages/chat and packages/host-service still pin 0.15.0-alpha.3, so bumping desktop alone broke multi-version consistency. The runtime upgrade is already covered by the user-installed CLI; the internal dep just needs to track the rest of the workspace.
Kitenite
added a commit
that referenced
this pull request
May 4, 2026
Add v2 project setup section (#3566, #3605, #3606, #3592, #3626, #3632), scheduled agent runs (#3576), Opus 4.7 (#3579), v1 review comments in pane (#3596), configurable v2 link-click (#3600), Copy Branch Name (#3635), safer terminal preset defaults (#3546), and /pricing page (#3639). Expand bug fixes with v2 git correctness, cross-fork PR misattribution, terminal paste/Unicode/Shift+Enter, and security bumps.
Kitenite
added a commit
that referenced
this pull request
May 6, 2026
…-27) (#3792) * docs: generate weekly changelog 2026-04-27 * docs: reframe weekly changelog around v2 public beta Lead with v2 public beta + Settings → Experimental enable, restructure around the v1→v2 migration story, sidebar overhaul, cross-workspace terminals, and v2 chat. Pull in ~30 v2 PRs the bot missed and demote non-v2 items (Hosts page, marketing menu) to a brief "Also this week". * docs: pull in missed v2 features and bug fixes Add v2 project setup section (#3566, #3605, #3606, #3592, #3626, #3632), scheduled agent runs (#3576), Opus 4.7 (#3579), v1 review comments in pane (#3596), configurable v2 link-click (#3600), Copy Branch Name (#3635), safer terminal preset defaults (#3546), and /pricing page (#3639). Expand bug fixes with v2 git correctness, cross-fork PR misattribution, terminal paste/Unicode/Shift+Enter, and security bumps. * docs(changelog): add v2 public beta hero screenshot * docs(changelog): add Settings → Experimental screenshot, compress hero pngquant compression: v2-public-beta.png 704KB → 166KB (76%), v2-enable-flag.png 160KB → 36KB (78%). No visible quality loss. * docs(changelog): tighten v2 launch prose, condense bullet groups * docs(changelog): reframe cloud-first pillar as remote workspaces * docs(changelog): cut parallel-agents and honest-state pillars, fold into sub-sections * docs(changelog): tweak title and lead phrasing * docs(changelog): rewrite v2 launch lede around Twitter narrative Pull the launch story (physical limits, 3 ex-CTOs, cloud workspaces) into the lede, restructure pillars around Remote workspaces, Reimagined diff view, and Superset CLI, and add v2-remote-workspaces and v2-changes-pane screenshots to back the new sections. * docs(changelog): add CLI install snippet and docs link * docs(changelog): cut narrative lede, match standard changelog tone --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Kiet Ho <hoakiet98@gmail.com>
saddlepaddle
pushed a commit
that referenced
this pull request
May 6, 2026
…-27) (#3792) * docs: generate weekly changelog 2026-04-27 * docs: reframe weekly changelog around v2 public beta Lead with v2 public beta + Settings → Experimental enable, restructure around the v1→v2 migration story, sidebar overhaul, cross-workspace terminals, and v2 chat. Pull in ~30 v2 PRs the bot missed and demote non-v2 items (Hosts page, marketing menu) to a brief "Also this week". * docs: pull in missed v2 features and bug fixes Add v2 project setup section (#3566, #3605, #3606, #3592, #3626, #3632), scheduled agent runs (#3576), Opus 4.7 (#3579), v1 review comments in pane (#3596), configurable v2 link-click (#3600), Copy Branch Name (#3635), safer terminal preset defaults (#3546), and /pricing page (#3639). Expand bug fixes with v2 git correctness, cross-fork PR misattribution, terminal paste/Unicode/Shift+Enter, and security bumps. * docs(changelog): add v2 public beta hero screenshot * docs(changelog): add Settings → Experimental screenshot, compress hero pngquant compression: v2-public-beta.png 704KB → 166KB (76%), v2-enable-flag.png 160KB → 36KB (78%). No visible quality loss. * docs(changelog): tighten v2 launch prose, condense bullet groups * docs(changelog): reframe cloud-first pillar as remote workspaces * docs(changelog): cut parallel-agents and honest-state pillars, fold into sub-sections * docs(changelog): tweak title and lead phrasing * docs(changelog): rewrite v2 launch lede around Twitter narrative Pull the launch story (physical limits, 3 ex-CTOs, cloud workspaces) into the lede, restructure pillars around Remote workspaces, Reimagined diff view, and Superset CLI, and add v2-remote-workspaces and v2-changes-pane screenshots to back the new sections. * docs(changelog): add CLI install snippet and docs link * docs(changelog): cut narrative lede, match standard changelog tone --------- Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Kiet Ho <hoakiet98@gmail.com>
8 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
--permission-mode acceptEdits, codex →--full-auto(workspace sandbox), gemini →--approval-mode=auto_edit, copilot →--allow-all-tools(instead of the footgun--allow-all).mastracode/opencode/pifrom the default-seeded preset bar since they are YOLO-by-default at the CLI level with no safe-startup flag. They remain available under Quick-Add for users who want to opt in.--yolosuffix oncursor-agent(silent no-op — the flag does not exist on the real CLI) and ongemini/copilotprompt commands (redundant with the new safe flag).Existing users preserved. No migration code needed:
initializeDefaultPresets()early-returns onterminalPresetsInitialized; stored command strings are returned verbatim throughgetNormalizedTerminalPresets(which only normalizesexecutionMode/projectIds/isDefault).useMigrateV1PresetsToV2is gated by thev2-terminal-presets-migrated-{orgId}localStorage marker, and copiescommandsfield-by-field from the preserved v1 row.Test plan
bun test packages/shared— 482/482 pass with updated claude + codex assertionsbun run lint— cleanterminalPresetsInitialized=1and old dangerous commands; confirm rows untouched after launchrm, codex writes only inside workspace, gemini auto-edits without per-write prompts, copilot path verification fires on out-of-workspace targets)Summary by cubic
Make built-in terminal agent presets safe by default by swapping dangerous flags for each CLI’s safe mode. Stop seeding YOLO-by-default agents; existing users’ saved presets are unchanged.
claude --permission-mode acceptEdits,codex --full-auto,gemini --approval-mode=auto_edit,copilot --allow-tool=write(prompt commands match these modes).mastracode,opencode,pi; still available via Quick-Add.--yolosuffix fromcursor-agent.Written for commit 0fd1e4f. Summary will update on new commits.
Summary by CodeRabbit
Documentation
Tests