fix(mode): acceptEdits auto-allows read tools inside cwd (superset of default)

Author: nnemirovsky

hooks/common.sh

@@ -361,9 +361,9 @@ overlay_available() {
 #
 # Mode behavior:
 #   bypassPermissions: always 0 (everything auto-allowed).
-#   acceptEdits:      0 for Write/Edit/NotebookEdit/MultiEdit when the
-#                     target file_path resolves inside cwd. Non-edit tools
-#                     in acceptEdits return 1.
+#   acceptEdits:      superset of default. 0 for Write/Edit/NotebookEdit/
+#                     MultiEdit + Read/Grep/Glob/NotebookRead/LS when the
+#                     target path resolves inside cwd.
 #   default (+ empty mode value): 0 for read-only tools
 #                     (Read/Grep/Glob/NotebookRead/LS) when the target path
 #                     is inside cwd. Everything else returns 1, including
@@ -408,6 +408,8 @@ permission_mode_auto_allows() {
 
   case "$mode" in
     acceptEdits)
+      # acceptEdits is a superset of default: everything default auto-allows
+      # (Read/Grep/Glob/LS inside cwd) PLUS edit tools inside cwd.
       case "$tool_name" in
         Write|Edit|NotebookEdit|MultiEdit)
           local fp
@@ -417,6 +419,25 @@ permission_mode_auto_allows() {
           fi
           return 1
           ;;
+        Read|NotebookRead)
+          local fp
+          fp="$(jq -r '.file_path // .notebook_path // ""' <<<"$tool_input" 2>/dev/null || printf '')"
+          if _pm_path_inside_cwd "$fp" "$cwd"; then
+            return 0
+          fi
+          return 1
+          ;;
+        Grep|Glob|LS)
+          local gp
+          gp="$(jq -r '.path // ""' <<<"$tool_input" 2>/dev/null || printf '')"
+          if [ -z "$gp" ]; then
+            return 0
+          fi
+          if _pm_path_inside_cwd "$gp" "$cwd"; then
+            return 0
+          fi
+          return 1
+          ;;
         *)
           return 1
           ;;

tests/hook_handler.bats

@@ -953,18 +953,19 @@ run_handler_in_stub_root() {
   [ "$decision" = "ask" ]
 }
 
-@test "mode: acceptEdits + Read (non-edit tool) -> overlay path entered" {
-  # Read is NOT in the acceptEdits allow-list; acceptEdits only covers
-  # Write/Edit/NotebookEdit/MultiEdit. A Read call falls through to overlay.
-  setup_overlay_stub "yes_once"
+@test "mode: acceptEdits + Read inside cwd -> mode auto-allow (superset of default)" {
+  # acceptEdits is a superset of default: it auto-allows everything default
+  # does (Read/Grep/Glob inside cwd) PLUS edit tools inside cwd.
   ti="$(jq -cn --arg fp "$PROJ_ROOT/src/foo.ts" '{file_path:$fp}')"
   payload="$(make_mode_payload 'Read' "$ti" 'acceptEdits' "$PROJ_ROOT")"
-  run_handler_in_stub_root "$payload"
+  run_handler "$payload"
   [ "$status" -eq 0 ]
   json_line="$(printf '%s\n' "$output" | grep -o '{"hookSpecificOutput".*}' | head -n1)"
   [ -n "$json_line" ]
   decision="$(jq -r '.hookSpecificOutput.permissionDecision' <<<"$json_line")"
   [ "$decision" = "allow" ]
+  reason="$(jq -r '.hookSpecificOutput.permissionDecisionReason' <<<"$json_line")"
+  [[ "$reason" == *"mode-allow"* ]]
 }
 
 # default mode: all tools go to overlay ----------------------------------------