-
-
Notifications
You must be signed in to change notification settings - Fork 194
Expand file tree
/
Copy pathclaude-code-agent.js
More file actions
2058 lines (1948 loc) · 97.6 KB
/
claude-code-agent.js
File metadata and controls
2058 lines (1948 loc) · 97.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
/*
* GNU AGPL-3.0 License
*
* Copyright (c) 2021 - present core.ai . All rights reserved.
*
* This program is free software: you can redistribute it and/or modify it
* under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License
* for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see https://opensource.org/licenses/AGPL-3.0.
*
*/
/**
* Claude Code SDK integration via NodeConnector.
*
* Provides AI chat capabilities by bridging the Claude Code CLI/SDK
* with Phoenix's browser-side chat panel. Handles streaming responses,
* edit/write interception, and session management.
*/
const { execSync, spawn } = require("child_process");
const fs = require("fs");
const path = require("path");
const { createEditorMcpServer } = require("./mcp-editor-tools");
const isWindows = process.platform === "win32";
const CONNECTOR_ID = "ph_ai_claude";
const CLARIFICATION_HINT =
" IMPORTANT: The user has typed a follow-up clarification while you were working." +
" Call the getUserClarification tool to read it before proceeding.";
// Lazy-loaded ESM module reference
let queryModule = null;
// Session state
let currentSessionId = null;
// Active query state
let currentAbortController = null;
// Lazily-initialized in-process MCP server for editor context
let editorMcpServer = null;
// Streaming throttle
const TEXT_STREAM_THROTTLE_MS = 50;
// Pending question resolver — used by AskUserQuestion hook
let _questionResolve = null;
// Pending plan resolver — used by ExitPlanMode stream interception
let _planResolve = null;
// Pending bash confirmation resolver — used by Bash PreToolUse hook (Edit Mode)
let _bashConfirmResolve = null;
// Pending plan-mode write confirmation resolver — set when an Edit/Write
// fires in plan mode and we're awaiting the user's "Allow & Switch to Edit
// Mode" / "Stay in Plan Mode" choice from the browser.
let _planModeConfirmResolve = null;
// Stores rejection feedback when user rejects a plan
let _planRejectionFeedback = null;
// Stores the last plan content written to .claude/plans/
let _lastPlanContent = null;
// Flag set when user approves a plan
let _planApproved = false;
// Queued clarification from the user (typed while AI is streaming)
// Shape: { text: string, images: [{mediaType, base64Data}] } or null
let _queuedClarification = null;
// Module-level "runtime" permission mode that hooks read at decision time.
// Updated on every sendPrompt and via the setPermissionMode peer when the
// user cycles the panel's permission bar mid-stream — without this, the
// Bash hook would close over the value at query start and continue
// prompting for confirmation even after the user has flipped to Full Auto.
let _runtimePermissionMode = "acceptEdits";
const nodeConnector = global.createNodeConnector(CONNECTOR_ID, exports);
/**
* Detect whether a PostToolUse `tool_response` represents an error result.
* Used to suppress diff-card painting when the SDK's native Edit/Write itself
* failed (e.g. oldText not found on disk). The shape of tool_response is
* `unknown` per the SDK types — handle the common variants defensively.
*/
function _isToolResponseError(toolResponse) {
if (!toolResponse) { return false; }
if (typeof toolResponse === "object") {
if (toolResponse.is_error === true || toolResponse.isError === true) { return true; }
if (Array.isArray(toolResponse.content)) {
for (const c of toolResponse.content) {
if (c && typeof c.text === "string" && /<tool_use_error>/i.test(c.text)) {
return true;
}
}
}
}
if (typeof toolResponse === "string" && /<tool_use_error>/i.test(toolResponse)) {
return true;
}
return false;
}
// Bash commands the agent can run without prompting the user in Edit
// Mode. Mirrors the CLI's default "permissions.allow" set
// (cli.js:2925) plus a small handful of universally read-only shell
// utilities. The safety belt in _isSafeReadOnlyBash splits on
// `;` / `&&` / `||` and checks every segment, so chaining safe
// commands (e.g. `git status && git log`, `sleep 1; echo done`)
// works while `git status; rm -rf /` correctly falls through.
const _SAFE_BASH_PATTERNS = [
// git read-only
/^git\s+status(\s|$)/,
/^git\s+log(\s|$)/,
/^git\s+diff(\s|$)/,
/^git\s+show(\s|$)/,
/^git\s+branch(\s|$)/,
/^git\s+ls-files(\s|$)/,
/^git\s+rev-parse(\s|$)/,
/^git\s+remote\s+show(\s|$)/,
/^git\s+--version$/,
// generic read-only shell
/^ls(\s|$)/,
/^pwd$/,
/^echo(\s|$)/,
/^which\s/,
/^cat(\s|$)/,
/^head(\s|$)/,
/^tail(\s|$)/,
/^wc(\s|$)/,
/^file\s/,
/^stat\s/,
// numeric-only sleep — no `sleep $(...)` since process substitution
// is rejected separately, but be explicit so `sleep $VAR` also fails.
/^sleep\s+\d+(\.\d+)?$/,
// version probes
/^node\s+--version$/,
/^npm\s+--version$/,
/^yarn\s+--version$/,
/^pnpm\s+--version$/
];
function _isSafeReadOnlyBash(rawCmd) {
const cmd = (rawCmd || "").trim();
if (!cmd) { return false; }
// Reject command/process substitution, redirection, and pipes —
// these can hide arbitrary commands or send output to dangerous
// places. Backticks, `$(...)`, `<`, `>`, `|`. Plain `$VAR` is
// allowed (substitution-without-command).
if (/[`<>|]|\$\(/.test(cmd)) { return false; }
// Split on `;`, `&&`, `||` and verify EVERY segment matches a safe
// pattern. Quotes around delimiters are not handled — a command
// like `echo "a; b"` will split mid-string and fail safe-check
// (which is fine: false negatives are OK, false positives are not).
const segments = cmd.split(/\s*(?:;|&&|\|\|)\s*/).filter(Boolean);
return segments.every(function (seg) {
return _SAFE_BASH_PATTERNS.some(function (rx) { return rx.test(seg); });
});
}
/**
* Lazily import the ESM Claude Agent SDK module.
*/
async function getQueryFn() {
if (!queryModule) {
// The JS SDK was split out of @anthropic-ai/claude-code in v2 and
// moved to @anthropic-ai/claude-agent-sdk. The CLI binary still
// ships under @anthropic-ai/claude-code (used by Phoenix's
// terminal "claude" command); the SDK now lives in its own
// package with the same query() signature and SDKResultMessage
// shape, so the rest of this file is unchanged.
queryModule = await import("@anthropic-ai/claude-agent-sdk");
}
return queryModule.query;
}
/**
* Build ordered candidate paths on Windows, split into two tiers:
* - `native`: real PE binaries dropped by claude.ai/install.ps1 or the
* desktop installer. No node/cli.js shim chain to break, so file
* existence is enough confidence — we skip the `--version` validation.
* - `fallback`: PATH discovery via `where`, npm shim. Broken installs
* are common here (orphan `.cmd` whose cli.js got deleted, extensionless
* POSIX scripts Windows can't execute), so every candidate is verified
* with `claude --version` before we return it.
*/
function _winClaudeCandidates() {
const userHome = process.env.USERPROFILE || process.env.HOME || "";
const native = [
path.join(userHome, ".local", "bin", "claude.exe"),
path.join(process.env.LOCALAPPDATA || "", "Programs", "claude", "claude.exe")
];
const fallback = [];
// PATH discovery — filter to executable extensions (drop extensionless
// POSIX scripts and .ps1, both of which our spawn path can't use),
// and prefer .exe over .cmd/.bat shims when both resolve.
try {
const allPaths = execSync("where claude", { encoding: "utf8" })
.trim()
.split("\r\n")
.filter(p => p && !p.includes("node_modules") && /\.(exe|cmd|bat)$/i.test(p));
const exes = allPaths.filter(p => /\.exe$/i.test(p));
const others = allPaths.filter(p => !/\.exe$/i.test(p));
fallback.push(...exes, ...others);
} catch { /* where not on PATH or returned nothing */ }
// Explicit npm shim in case `where` wasn't reachable.
fallback.push(path.join(process.env.APPDATA || "", "npm", "claude.cmd"));
return { native, fallback };
}
/**
* Build candidate nvm-installed claude paths. The previously hardcoded
* `process.version` was the Node that Phoenix ships, not the Node the user
* has selected in nvm — which mismatched in practice for ~every nvm user.
*
* Strategy: prefer the version named in `~/.nvm/alias/default` (or whatever
* `$NVM_DIR` points at). Fall back to enumerating installed versions, newest
* first, so we still find claude when the default alias is a label like
* `lts/*` or `node` that we don't expand here.
*/
function _nvmClaudeCandidates(home) {
const nvmRoot = process.env.NVM_DIR || path.join(home, ".nvm");
const versionsDir = path.join(nvmRoot, "versions", "node");
const candidates = [];
try {
const aliasFile = path.join(nvmRoot, "alias", "default");
if (fs.existsSync(aliasFile)) {
const alias = fs.readFileSync(aliasFile, "utf8").trim();
if (/^v?\d/.test(alias)) {
const v = alias.startsWith("v") ? alias : "v" + alias;
candidates.push(path.join(versionsDir, v, "bin", "claude"));
}
}
} catch { /* nvm not installed or unreadable */ }
try {
if (fs.existsSync(versionsDir)) {
const versions = fs.readdirSync(versionsDir)
.filter(v => /^v\d/.test(v))
.sort((a, b) => b.localeCompare(a, undefined, { numeric: true }));
for (const v of versions) {
candidates.push(path.join(versionsDir, v, "bin", "claude"));
}
}
} catch { /* ignore */ }
return candidates;
}
/**
* Build ordered candidate paths on macOS/Linux. See _winClaudeCandidates for
* the native/fallback rationale.
*/
function _posixClaudeCandidates() {
const home = process.env.HOME || "";
const native = [
path.join(home, ".local", "bin", "claude") // claude.ai/install.sh default
];
const fallback = [];
// PATH discovery. Matters most on macOS when Phoenix is launched from
// Finder/Dock — that PATH is the minimal `/usr/bin:/bin:/usr/sbin:/sbin`,
// so `which` may miss user-managed dirs and the known locations below
// are what saves us.
try {
const allPaths = execSync("which -a claude 2>/dev/null || which claude", { encoding: "utf8" })
.trim()
.split("\n")
.filter(p => p && !p.includes("node_modules"));
fallback.push(...allPaths);
} catch { /* which not available */ }
fallback.push(
"/usr/local/bin/claude", // System-wide / Intel Mac Homebrew
"/usr/bin/claude", // Distro package
..._nvmClaudeCandidates(home), // npm global via nvm
"/opt/homebrew/bin/claude", // Homebrew on Apple Silicon
"/home/linuxbrew/.linuxbrew/bin/claude" // Linuxbrew
);
return { native, fallback };
}
/**
* Existence + executability check. On Windows executability is derived from
* extension/PATHEXT not a file attribute, so existsSync is the right test;
* on posix we want the +x bit.
*/
function _canAccess(p) {
if (!p) { return false; }
try {
if (isWindows) {
return fs.existsSync(p);
}
fs.accessSync(p, fs.constants.X_OK);
return true;
} catch {
return false;
}
}
/**
* Spawn claude with argv and resolve to { stdout, stderr, status, error }.
* Async so callers don't block the event loop while claude runs — `auth
* status` can take up to 10 s, `--version` up to 3 s, and the integrated
* terminal and file watchers share this Node process.
*
* For .exe/posix binaries: shell-less spawn, paths-with-spaces and special
* chars pass through verbatim. For Windows .cmd/.bat shims: shell:true
* (Node refuses to spawn batch files without it per CVE-2024-27980
* hardening) plus manual command-name quoting (Node intentionally does NOT
* escape the command name under shell:true).
*
* Mimics the spawnSync result shape so callers read .status/.error/.stdout
* unchanged. `opts.timeout` (ms) kills the process with SIGKILL on expiry
* and surfaces an Error with message "timeout".
*/
function _spawnClaude(claudePath, args, opts) {
return new Promise(function (resolve) {
const isCmdShim = isWindows && /\.(cmd|bat)$/i.test(claudePath);
const spawnCmd = isCmdShim ? `"${claudePath}"` : claudePath;
const spawnOpts = isCmdShim ? Object.assign({ shell: true }, opts) : opts;
const encoding = (opts && opts.encoding) || "utf8";
const timeoutMs = (opts && opts.timeout) || 0;
let child;
try {
child = spawn(spawnCmd, args, spawnOpts);
} catch (err) {
resolve({ stdout: "", stderr: "", status: null, error: err });
return;
}
let stdout = "";
let stderr = "";
let settled = false;
let timer = null;
function finish(result) {
if (settled) { return; }
settled = true;
if (timer) { clearTimeout(timer); }
resolve(result);
}
if (child.stdout) {
child.stdout.setEncoding(encoding);
child.stdout.on("data", function (chunk) { stdout += chunk; });
}
if (child.stderr) {
child.stderr.setEncoding(encoding);
child.stderr.on("data", function (chunk) { stderr += chunk; });
}
child.on("error", function (err) {
finish({ stdout, stderr, status: null, error: err });
});
child.on("close", function (code) {
finish({ stdout, stderr, status: code, error: null });
});
if (timeoutMs > 0) {
timer = setTimeout(function () {
try { child.kill("SIGKILL"); } catch { /* already exited */ }
finish({ stdout, stderr, status: null, error: new Error("timeout") });
}, timeoutMs);
}
});
}
/**
* Validate that a fallback candidate actually runs. Catches broken installs
* the existence check misses — e.g. an npm `.cmd` shim whose referenced
* cli.js was deleted by a half-completed uninstall. `claude --version` is
* fast (~200 ms healthy) and outputs a version string starting with a digit.
*/
async function _validateClaudeBinary(claudePath) {
try {
const result = await _spawnClaude(claudePath, ["--version"], {
encoding: "utf8",
timeout: 3000
});
return !result.error && result.status === 0 && /^\d/.test((result.stdout || "").trim());
} catch {
return false;
}
}
// undefined = not yet probed; null = probed, nothing works; string = resolved path
let _cachedClaudePath;
let _cachedAt = 0;
// In-flight discovery promise so concurrent callers share one walk of the
// fallback chain instead of each spawning their own --version probes.
let _inFlightDiscovery = null;
// Negative results expire so a fresh `claude` install completes during a
// session can be detected on the next checkAvailability (the install-poll
// flow depends on this). Positive results are cached indefinitely — the
// self-heal in checkAvailability handles the mid-session-uninstall case
// by passing { force: true } when a cached path stops spawning.
const NULL_CACHE_TTL_MS = 15000;
function _setCache(p) {
_cachedClaudePath = p;
_cachedAt = Date.now();
return p;
}
/**
* Resolve the user's globally installed Claude CLI. Walks a fallback chain:
* native candidates first (existence is enough), then PATH/known-location
* candidates, each validated by spawning `--version` so broken shims get
* skipped instead of returned. Pass `{ force: true }` to invalidate the
* cache after a runtime spawn failure.
*/
function findGlobalClaudeCli(opts) {
const force = !!(opts && opts.force);
if (!force && _cachedClaudePath !== undefined) {
const fresh = _cachedClaudePath !== null
|| (Date.now() - _cachedAt) < NULL_CACHE_TTL_MS;
if (fresh) {
return Promise.resolve(_cachedClaudePath);
}
}
if (!force && _inFlightDiscovery) {
return _inFlightDiscovery;
}
const discovery = (async function () {
const { native, fallback } = isWindows ? _winClaudeCandidates() : _posixClaudeCandidates();
for (const p of native) {
if (_canAccess(p)) {
console.log("[Phoenix AI] Found native Claude CLI at:", p);
return _setCache(p);
}
}
for (const p of fallback) {
if (_canAccess(p) && await _validateClaudeBinary(p)) {
console.log("[Phoenix AI] Validated Claude CLI at:", p);
return _setCache(p);
}
}
console.log("[Phoenix AI] Global Claude CLI not found");
return _setCache(null);
})();
if (!force) {
_inFlightDiscovery = discovery;
discovery.finally(function () {
if (_inFlightDiscovery === discovery) {
_inFlightDiscovery = null;
}
});
}
return discovery;
}
/**
* Check whether Claude CLI is available.
* Called from browser via execPeer("checkAvailability").
*/
exports.checkAvailability = async function (opts) {
try {
// Poll loops (install/login screens) pass { refresh: true } because
// they're explicitly waiting on state changes — the cached null
// would otherwise make detection lag by up to NULL_CACHE_TTL_MS.
const refresh = !!(opts && opts.refresh);
let claudePath = await findGlobalClaudeCli(refresh ? { force: true } : undefined);
if (!claudePath) {
return { available: false, claudePath: null, error: "Claude Code CLI not found" };
}
// Check if user is logged in
let loggedIn = false;
let result;
try {
result = await _spawnClaude(claudePath, ["auth", "status"], {
encoding: "utf8",
timeout: 10000
});
// Spawn-level failure (ENOENT/EACCES — e.g. user uninstalled
// mid-session) means the cached binary is unusable. Invalidate
// and re-discover once. Distinct from "binary ran but exited
// non-zero", which we still treat as "not logged in".
if (result.error && result.status === null) {
claudePath = await findGlobalClaudeCli({ force: true });
if (!claudePath) {
return { available: false, claudePath: null, error: "Claude Code CLI not found" };
}
result = await _spawnClaude(claudePath, ["auth", "status"], {
encoding: "utf8",
timeout: 10000
});
}
if (result.status === 0 && result.stdout) {
const authStatus = JSON.parse(result.stdout);
loggedIn = authStatus.loggedIn === true;
}
} catch (e) {
// auth status failed — treat as not logged in
}
return { available: true, claudePath: claudePath, loggedIn: loggedIn };
} catch (err) {
return { available: false, claudePath: null, error: err.message };
}
};
/**
* Send a prompt to Claude and stream results back to the browser.
* Called from browser via execPeer("sendPrompt", {prompt, projectPath, sessionAction, model}).
*
* Returns immediately with a requestId. Results are sent as events:
* aiProgress, aiTextStream, aiToolEdit, aiError, aiComplete
*/
exports.sendPrompt = async function (params) {
const { prompt, projectPath, sessionAction, model, locale, selectionContext, images, envOverrides, permissionMode, additionalDirectories } = params;
const requestId = Date.now().toString(36) + Math.random().toString(36).slice(2, 7);
// Handle session
if (sessionAction === "new") {
currentSessionId = null;
}
// Clear any stale clarification from a previous turn
_queuedClarification = null;
// Cancel any in-flight query
if (currentAbortController) {
currentAbortController.abort();
currentAbortController = null;
}
currentAbortController = new AbortController();
// Prepend selection context to the prompt if available
let enrichedPrompt = prompt;
if (selectionContext) {
if (selectionContext.selectedText) {
enrichedPrompt =
"The user has selected the following text in " + selectionContext.filePath +
" (lines " + selectionContext.startLine + "-" + selectionContext.endLine + "):\n" +
"```\n" + selectionContext.selectedText + "\n```\n\n" + prompt;
} else {
let previewSnippet = "";
if (selectionContext.selectionPreview) {
previewSnippet = "\nPreview of selection:\n```\n" +
selectionContext.selectionPreview + "\n```\n";
}
enrichedPrompt =
"The user has selected lines " + selectionContext.startLine + "-" +
selectionContext.endLine + " in " + selectionContext.filePath +
". Use the Read tool with offset=" + (selectionContext.startLine - 1) +
" and limit=" + (selectionContext.endLine - selectionContext.startLine + 1) +
" to read the selected content if needed." + previewSnippet + "\n" + prompt;
}
}
// Run the query asynchronously — don't await here so we return requestId immediately
_runQuery(requestId, enrichedPrompt, projectPath, model, currentAbortController.signal, locale, images, envOverrides, permissionMode, additionalDirectories)
.catch(err => {
console.error("[Phoenix AI] Query error:", err);
});
return { requestId: requestId };
};
/**
* Cancel the current in-flight query.
*/
exports.cancelQuery = async function () {
if (currentAbortController) {
currentAbortController.abort();
currentAbortController = null;
// Keep currentSessionId so the next prompt resumes the same SDK session.
// Aborts leave an interrupt marker in the session log, not a corrupted state.
// Clear any pending question or plan
_questionResolve = null;
_planResolve = null;
_bashConfirmResolve = null;
_planModeConfirmResolve = null;
_queuedClarification = null;
return { success: true };
}
return { success: false };
};
/**
* Receive the user's answer to an AskUserQuestion prompt.
* Called from browser via execPeer("answerQuestion", {answers}).
*/
exports.answerQuestion = async function (params) {
if (_questionResolve) {
_questionResolve(params);
_questionResolve = null;
}
return { success: true };
};
/**
* Receive the user's response to a proposed plan.
* Called from browser via execPeer("answerPlan", {approved, feedback}).
*/
exports.answerPlan = async function (params) {
if (_planResolve) {
_planResolve(params);
_planResolve = null;
}
return { success: true };
};
/**
* Receive the user's response to a bash confirmation prompt (Edit Mode).
* Called from browser via execPeer("answerBashConfirm", {allowed}).
*/
exports.answerBashConfirm = async function (params) {
if (_bashConfirmResolve) {
_bashConfirmResolve(params);
_bashConfirmResolve = null;
}
return { success: true };
};
/**
* Receive the user's response to a plan-mode write confirmation prompt.
* Called from browser via execPeer("answerPlanModeWriteConfirm", {approved}).
*/
exports.answerPlanModeWriteConfirm = async function (params) {
if (_planModeConfirmResolve) {
_planModeConfirmResolve(params);
_planModeConfirmResolve = null;
}
return { success: true };
};
/**
* Apply a mid-stream permission-mode change so hooks running for the rest
* of the turn use the new value. Called from the browser when the user
* cycles the permission bar (so e.g. Bash stops prompting immediately
* after switching from Edit Mode to Full Auto). The next sendPrompt also
* passes permissionMode in params, so this peer is only strictly required
* during streaming — but calling it on every cycle keeps the agent's
* tracker authoritative.
*/
exports.setPermissionMode = async function (params) {
if (params && typeof params.mode === "string") {
_runtimePermissionMode = params.mode;
}
return { success: true };
};
/**
* Resume a previous session by setting the session ID.
* The next sendPrompt call will use queryOptions.resume with this session ID.
*/
exports.resumeSession = async function (params) {
if (currentAbortController) {
currentAbortController.abort();
currentAbortController = null;
}
_questionResolve = null;
_planResolve = null;
_bashConfirmResolve = null;
_queuedClarification = null;
currentSessionId = params.sessionId;
return { success: true };
};
/**
* Destroy the current session (clear session ID).
*/
exports.destroySession = async function () {
currentSessionId = null;
currentAbortController = null;
_queuedClarification = null;
return { success: true };
};
/**
* Queue a clarification message from the user (typed while AI is streaming).
* If text is already queued, appends with a newline.
*/
exports.queueClarification = async function (params) {
const newImages = params.images || [];
if (_queuedClarification) {
if (params.text) {
_queuedClarification.text += "\n" + params.text;
}
_queuedClarification.images = _queuedClarification.images.concat(newImages);
} else {
_queuedClarification = {
text: params.text || "",
images: newImages
};
}
return { success: true };
};
/**
* Get and clear the queued clarification (text + images).
* Called by the getUserClarification MCP tool.
*/
exports.getAndClearClarification = async function () {
const result = _queuedClarification;
_queuedClarification = null;
return result || { text: null, images: [] };
};
/**
* Clear any queued clarification without reading it.
* Used when the user clicks Edit on the queue bubble.
*/
exports.clearClarification = async function () {
_queuedClarification = null;
return { success: true };
};
/**
* Internal: run a Claude SDK query and stream results back to the browser.
*/
async function _runQuery(requestId, prompt, projectPath, model, signal, locale, images, envOverrides, permissionMode, additionalDirectories) {
// Sync the runtime mutable that hooks read for permission decisions —
// setPermissionMode (peer) updates this same variable when the user
// cycles modes mid-stream.
_runtimePermissionMode = permissionMode || "acceptEdits";
let editCount = 0;
let toolCounter = 0;
// SDK tool_use id (e.g. "toolu_01...") → our sequential toolCounter so a
// tool_result block can be mapped back to its indicator on the browser.
const _toolUseIdToCounter = {};
// Set true once the user clicks "Allow & Switch to Edit Mode" on a
// plan-mode write confirmation. Subsequent Edit/Write attempts in the same
// turn skip the prompt and use the cached "allow" decision so a multi-edit
// turn doesn't pop a dialog before every edit.
let _planExitApprovedThisTurn = false;
let queryFn;
let connectionTimer = null;
try {
queryFn = await getQueryFn();
if (!editorMcpServer) {
editorMcpServer = createEditorMcpServer(queryModule, nodeConnector, {
hasClarification: function () { return !!_queuedClarification; },
getAndClearClarification: exports.getAndClearClarification
});
}
} catch (err) {
nodeConnector.triggerPeer("aiError", {
requestId: requestId,
error: "Failed to load Claude Code SDK: " + err.message
});
return;
}
// Send initial progress
nodeConnector.triggerPeer("aiProgress", {
requestId: requestId,
message: "Analyzing...",
phase: "start"
});
if (envOverrides) {
const keys = Object.keys(envOverrides);
console.log("[AI] Using env overrides:", keys.map(k => k + "=" + (k.includes("TOKEN") || k.includes("KEY") ? "***" : envOverrides[k])).join(", "));
}
let _lastStderrLines = [];
const MAX_STDERR_LINES = 50;
let _hookErrorBuffer = "";
let _hookErrorTimer = null;
const HOOK_ERROR_FLUSH_MS = 200;
function _flushHookError() {
if (_hookErrorBuffer) {
const trimmed = _hookErrorBuffer.trim();
console.error("[AI hook callback error] SDK threw delivering hook payload" +
" — tool likely ran natively in acceptEdits mode:\n" + trimmed);
try {
nodeConnector.triggerPeer("aiHookError", {
requestId: requestId,
error: trimmed
});
} catch (e) { /* peer may be gone — ignore */ }
_hookErrorBuffer = "";
}
_hookErrorTimer = null;
}
// Validate the user-attached extra directories the browser sent.
// Drop entries that aren't absolute, don't exist, or duplicate cwd.
// Returns undefined for empty results so the SDK ignores the option
// rather than seeing a literal []. Each sendPrompt rebuilds this
// list, so adding/removing in the UI takes effect on the next turn.
const _cwdForValidation = projectPath || process.cwd();
const validatedExtraDirs = (Array.isArray(additionalDirectories)
? additionalDirectories.filter(function (p) {
if (typeof p !== "string" || !path.isAbsolute(p)) { return false; }
if (p === _cwdForValidation) { return false; }
try { return fs.existsSync(p); } catch (e) { return false; }
})
: []);
const queryOptions = {
cwd: projectPath || process.cwd(),
additionalDirectories: validatedExtraDirs.length ? validatedExtraDirs : undefined,
maxTurns: undefined,
stderr: (data) => {
console.log("[AI stderr]", data);
_lastStderrLines.push(data);
if (_lastStderrLines.length > MAX_STDERR_LINES) {
_lastStderrLines.shift();
}
// Collect consecutive lines belonging to a hook callback error so
// we can log the full burst as one block. The SDK fragments the
// error across multiple stderr writes which is hard to read.
if (_hookErrorBuffer || /Error in hook callback/.test(data)) {
_hookErrorBuffer += data + "\n";
clearTimeout(_hookErrorTimer);
_hookErrorTimer = setTimeout(_flushHookError, HOOK_ERROR_FLUSH_MS);
}
},
allowedTools: [
"Read", "Edit", "Write", "Glob", "Grep", "Bash",
"AskUserQuestion", "Task",
"TodoRead", "TodoWrite",
"TaskCreate", "TaskUpdate", "TaskList", "TaskGet",
"WebFetch", "WebSearch",
"EnterPlanMode", "ExitPlanMode",
"mcp__phoenix-editor__getEditorState",
"mcp__phoenix-editor__takeScreenshot",
"mcp__phoenix-editor__execJsInLivePreview",
"mcp__phoenix-editor__execJsInEditor",
"mcp__phoenix-editor__editorPreferences",
"mcp__phoenix-editor__editorDocs",
"mcp__phoenix-editor__controlEditor",
"mcp__phoenix-editor__resizeLivePreview",
"mcp__phoenix-editor__wait",
"mcp__phoenix-editor__getUserClarification"
],
agents: {
"researcher": {
description: "Explores the codebase, reads files, and searches" +
" for patterns. Use for research tasks.",
prompt: "You are a code research assistant. Search and read" +
" files to answer questions. Do not modify files.",
tools: ["Read", "Glob", "Grep",
"mcp__phoenix-editor__getEditorState",
"mcp__phoenix-editor__takeScreenshot",
"mcp__phoenix-editor__execJsInLivePreview",
"mcp__phoenix-editor__editorDocs"]
},
"coder": {
description: "Reads, edits, and writes code files." +
" Use for implementation tasks.",
prompt: "You are a coding assistant. Implement the requested" +
" changes using Edit for existing files and Write" +
" only for new files.",
tools: ["Read", "Edit", "Write", "Glob", "Grep",
"mcp__phoenix-editor__getEditorState",
"mcp__phoenix-editor__takeScreenshot",
"mcp__phoenix-editor__execJsInLivePreview",
"mcp__phoenix-editor__execJsInEditor",
"mcp__phoenix-editor__editorPreferences",
"mcp__phoenix-editor__editorDocs"]
}
},
mcpServers: { "phoenix-editor": editorMcpServer },
permissionMode: permissionMode || "acceptEdits",
appendSystemPrompt:
"When modifying an existing file, always prefer the Edit tool " +
"(find-and-replace) instead of the Write tool. The Write tool should ONLY be used " +
"to create brand new files that do not exist yet. For existing files, always use " +
"multiple Edit calls to make targeted changes rather than rewriting the entire " +
"file with Write. This is critical because Write replaces the entire file content " +
"which is slow and loses undo history." +
"\n\nALWAYS call getEditorState as your FIRST tool call on any question that " +
"references the user's current work — not just \"what file am I on\". This includes " +
"implicit-context questions like \"the page\", \"this layout\", \"the nav bar\", " +
"\"the button\", \"why is X behaving like this\", \"can you fix the styling\", " +
"\"scroll down on the page\", etc. The user is sitting in front of an editor and a " +
"live preview — without getEditorState you don't know which file they mean, which " +
"rules out targeted Read / Grep and makes you blindly grep the whole codebase. Run " +
"getEditorState first; THEN decide whether to Read the active file, Grep within it, " +
"or takeScreenshot the live preview to see what they're describing." +
"\n\nAlways use full absolute paths for all file operations (Read, Edit, Write, " +
"controlEditor). Never use relative paths." +
"\n\nWhen a tool response mentions the user has typed a clarification, immediately " +
"call getUserClarification to read it and incorporate the user's feedback into your current work." +
"\n\nYou are running inside Phoenix Code, a web-focused code editor with built-in " +
"live preview for both HTML/CSS/JS/SVG and Markdown. When the user asks to create " +
"mockups, prototypes, or web pages, prefer vanilla HTML/CSS/JS so the live preview " +
"can render and edit them — unless the user specifically requests a framework. " +
"Build responsive layouts by default for web content. For images, prefer real " +
"<img> tags over div background-image so the user can swap, inspect, and resize " +
"them in the editor — only fall back to background-image when an effect (parallax, " +
"cover-with-overlay, repeating tile) genuinely requires it." +
"\n\nThe live preview is the rendered view of the HTML/CSS/JS/SVG or Markdown file " +
"currently active in the editor." +
"\n\nYou ALWAYS have live visibility into the editor through the phoenix-editor tools " +
"listed below. NEVER tell the user you can't see what's open / what they're looking " +
"at / what file they're on / what's selected / what's in the live preview — call " +
"getEditorState (and takeScreenshot / execJsInLivePreview as needed) instead. " +
"ALWAYS prefer the phoenix-editor MCP for ANY preview interaction — screenshots, " +
"JS evaluation, DOM inspection, console/network reads, viewport resizing, reloads. " +
"Do NOT reach for other MCP servers like chrome-devtools to open a separate browser " +
"session for the same things; the user's live preview inside Phoenix reflects their " +
"current (possibly unsaved) edits, while a fresh browser session would miss those. " +
"phoenix-editor.takeScreenshot, phoenix-editor.execJsInLivePreview, " +
"phoenix-editor.resizeLivePreview, and phoenix-editor.controlEditor cover virtually " +
"every \"look at / poke at the page\" need. Only fall back to chrome-devtools or " +
"another browser MCP if the user explicitly asks for a non-Phoenix browser context. " +
"These tools are for active iteration, not just final verification:" +
"\n- takeScreenshot: see the rendered HTML preview, the rendered Markdown preview, " +
"the editor, or any panel. Use it to confirm visual output, diagnose layout/styling " +
"bugs, or check that HTML or Markdown rendered as expected. Simple selector rule: " +
"if the question is about the rendered live preview pass " +
"selector='#panel-live-preview-frame' (targeted shot is easier to reason about); for " +
"anything else — Problems panel, file tree, toolbar, any other Phoenix UI, or just " +
"\"what is the user looking at\" — omit the selector and capture the full editor " +
"window. Pass reload=true to force-reload the preview before capturing (useful after " +
"JS edits) — saves a tool call vs. reloading separately." +
"\n- execJsInLivePreview: run JS inside the HTML preview iframe to read the DOM, " +
"query computed styles, click elements, or capture console output. Use it to debug " +
"behavior, not just to verify." +
"\n- resizeLivePreview: change the preview viewport width to test responsive " +
"breakpoints." +
"\n- controlEditor: open files, move the cursor, change selection, toggle the live " +
"preview panel, or reload it (reloadLivePreview operation — use after JS edits if " +
"you're not also taking a screenshot)." +
"\n- getEditorState: report active file, working set, cursor/selection, and the " +
"livePreviewFile. The live preview normally follows the active editor file, so " +
"assume that. Rarely the user pins the preview to a specific file — if a " +
"screenshot doesn't match the file you just edited, check " +
"getEditorState.livePreviewFile to rule that out." +
"\n- execJsInEditor: eval JS in Phoenix's OWN JS space (parent window — NOT the live " +
"preview iframe). Use when controlEditor's fixed ops aren't enough — split panes, " +
"click dialog buttons, send synthetic key events, dispatch any CommandManager " +
"command, configure indentation, etc. `__PR` exposes the modules and helpers; see " +
"the tool description for the full list. Before writing non-trivial JS, call " +
"editorDocs and Read / Grep the bundled API reference so you call real APIs." +
"\n- editorPreferences: read or write Phoenix preferences. `list` enumerates every " +
"registered pref with id/type/default/current/description/scope; `get` for a single " +
"pref; `set` writes into user (global), project (.phcode.json in repo), or session " +
"(in-memory) scope." +
"\n- editorDocs: returns the on-disk path to the bundled API reference plus the " +
"feature-docs URL and the GitHub source repo URL. Call once near the start of any " +
"non-trivial editor-control task; then Read / Grep the apiDocsPath and WebFetch the " +
"featureDocsURL as needed. Do NOT search the codebase blindly when this exists." +
"\n\nName-collision rule: \"Phoenix Code\" (the editor the user is sitting inside) " +
"and \"Claude Code\" (the SDK / CLI you happen to run on) BOTH have settings, " +
"configs, auto-update toggles, themes, etc. When the user says \"set / change / " +
"configure / disable X\" without naming a product, they ALWAYS mean PHOENIX — " +
"your first action is editorPreferences.list (or .get/.set), not anything else.\n\n" +
"DO NOT INVOKE the built-in `update-config` skill, do not Read / Write / cat / Bash " +
"anything under ~/.claude/, ~/.claude.json, or any Claude Code / SDK config path, " +
"unless the user EXPLICITLY says \"Claude\" / \"Claude Code\" / \"SDK\" / \"agent\" / " +
"\"~/.claude\" in their message. The `update-config` skill modifies Claude Code's own " +
"config, NEVER Phoenix's — if your first instinct on a config / setting / pref / " +
"auto-update / theme question is to fire that skill, STOP and reach for " +
"editorPreferences instead.\n\n" +
"If a request is genuinely ambiguous (Phoenix has no matching pref), say so and ask " +
"the user which product they meant before changing anything." +
"\n\nUse your best judgement for when to enter plan mode. Use it when the task " +
"involves creating new applications, extensive modifications, or architectural " +
"changes — propose a plan for user approval before writing code." +
(locale && !locale.startsWith("en")
? "\n\nThe user's display language is " + locale + ". " +
"Respond in this language unless they write in a different language."
: ""),
includePartialMessages: true,
abortController: currentAbortController,
env: envOverrides ? Object.assign({}, process.env, envOverrides) : undefined,
hooks: {
PreToolUse: [
{
matcher: "Edit",
hooks: [
async (input) => {
console.log("[Phoenix AI] Intercepted Edit tool");
// Plan file edits: capture content, write to disk, skip editor
const editPath = (input.tool_input.file_path || "").replace(/\\/g, "/");
if (editPath.includes("/.claude/plans/")) {
try {
let content = "";
if (fs.existsSync(input.tool_input.file_path)) {
content = fs.readFileSync(input.tool_input.file_path, "utf8");
}
if (input.tool_input.old_string && input.tool_input.new_string) {
if (input.tool_input.replace_all === true) {
content = content.split(input.tool_input.old_string)
.join(input.tool_input.new_string);
} else {
content = content.replace(input.tool_input.old_string,
input.tool_input.new_string);
}
}
const dir = path.dirname(input.tool_input.file_path);