resolve conflicts, keep local changes

Author: jonathanlab

.github/workflows/agent-release.yml

@@ -1,4 +1,4 @@
-name: Release
+name: Release Agent
 
 on:
   push:
@@ -22,7 +22,9 @@ jobs:
       is-new-version: ${{ steps.check-package-version.outputs.is-new-version }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
 
       - name: Check package version and detect an update
         id: check-package-version
@@ -40,12 +42,18 @@ jobs:
       id-token: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
+        with:
+          persist-credentials: false
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
 
       - name: Set up Node 24
         uses: actions/setup-node@v4
         with:
           node-version: 24
+          cache: "pnpm"
           registry-url: https://registry.npmjs.org
 
       - name: Install pnpm
@@ -54,12 +62,18 @@ jobs:
       - name: Setup Bun
         uses: oven-sh/setup-bun@v2
 
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v2
+
       - name: Install dependencies
         run: pnpm install --frozen-lockfile
 
       - name: Build the package
         run: pnpm --filter agent run build
 
+      - name: Run tests
+        run: pnpm --filter agent run test
+
       - name: Publish the package to npm registry
         working-directory: packages/agent
         run: pnpm publish --access public

.github/workflows/array-release.yml

@@ -0,0 +1,148 @@
+name: Release Array
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "apps/array/**"
+      - "packages/agent/**"
+      - "packages/electron-trpc/**"
+      - "pnpm-lock.yaml"
+      - "package.json"
+      - "turbo.json"
+      - ".github/workflows/array-release.yml"
+
+concurrency:
+  group: array-release
+  cancel-in-progress: false
+
+jobs:
+  publish:
+    runs-on: macos-latest
+    env:
+      NODE_ENV: production
+      APPLE_CODESIGN_IDENTITY: ${{ secrets.APPLE_CODESIGN_IDENTITY }}
+      APPLE_ID: ${{ secrets.APPLE_ID }}
+      APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
+      APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+      APPLE_CODESIGN_CERT_BASE64: ${{ secrets.APPLE_CODESIGN_CERT_BASE64 }}
+      APPLE_CODESIGN_CERT_PASSWORD: ${{ secrets.APPLE_CODESIGN_CERT_PASSWORD }}
+      APPLE_CODESIGN_KEYCHAIN_PASSWORD: ${{ secrets.APPLE_CODESIGN_KEYCHAIN_PASSWORD }}
+    steps:
+      - name: Get app token
+        id: app-token
+        uses: getsentry/action-github-app-token@d4b5da6c5e37703f8c3b3e43abb5705b46e159cc # v3
+        with:
+          app_id: ${{ secrets.GH_APP_ARRAY_RELEASER_APP_ID }}
+          private_key: ${{ secrets.GH_APP_ARRAY_RELEASER_PRIVATE_KEY }}
+
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+          token: ${{ steps.app-token.outputs.token }}
+          persist-credentials: false
+
+      - name: Setup pnpm
+        uses: pnpm/action-setup@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: "pnpm"
+
+      - name: Compute version from git tags
+        id: version
+        run: |
+          # Find the latest minor version tag (vX.Y format - exactly 2 parts)
+          # These are manually created to mark new minor releases
+          # Release tags (vX.Y.Z) are ignored for base version calculation
+          LATEST_TAG=$(git tag --list 'v[0-9]*.[0-9]*' --sort=-v:refname | grep -E '^v[0-9]+\.[0-9]+$' | head -1)
+
+          # Fall back to vX.Y.0 format if no vX.Y tags exist (backward compat)
+          if [ -z "$LATEST_TAG" ]; then
+            LATEST_TAG=$(git tag --list 'v[0-9]*.[0-9]*.0' --sort=-v:refname | head -1)
+          fi
+
+          if [ -z "$LATEST_TAG" ]; then
+            echo "No version tag found. Create one with: git tag v0.15 && git push origin v0.15"
+            exit 1
+          fi
+
+          # Extract major.minor from tag
+          VERSION_PART=${LATEST_TAG#v}
+          MAJOR=$(echo "$VERSION_PART" | cut -d. -f1)
+          MINOR=$(echo "$VERSION_PART" | cut -d. -f2)
+
+          # Count commits since the base tag
+          PATCH=$(git rev-list "$LATEST_TAG"..HEAD --count)
+
+          if [ "$PATCH" -eq 0 ]; then
+            echo "No commits since $LATEST_TAG. Nothing to release."
+            exit 1
+          fi
+
+          NEW_VERSION="${MAJOR}.${MINOR}.${PATCH}"
+          echo "Version: $NEW_VERSION (from base tag $LATEST_TAG + $PATCH commits)"
+
+          echo "version=$NEW_VERSION" >> "$GITHUB_OUTPUT"
+          echo "base_tag=$LATEST_TAG" >> "$GITHUB_OUTPUT"
+
+      - name: Set version in package.json
+        env:
+          APP_VERSION: ${{ steps.version.outputs.version }}
+        run: |
+          # Update package.json for the build (not committed)
+          jq --arg v "$APP_VERSION" '.version = $v' apps/array/package.json > tmp.json && mv tmp.json apps/array/package.json
+          echo "Set apps/array/package.json version to $APP_VERSION"
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Build electron-trpc package
+        run: pnpm --filter @posthog/electron-trpc run build
+
+      - name: Build agent package
+        run: pnpm --filter @posthog/agent run build
+
+      - name: Import code signing certificate
+        if: env.APPLE_CODESIGN_IDENTITY != ''
+        env:
+          CERT_BASE64: ${{ env.APPLE_CODESIGN_CERT_BASE64 }}
+          CERT_PASSWORD: ${{ env.APPLE_CODESIGN_CERT_PASSWORD }}
+          KEYCHAIN_PASSWORD: ${{ env.APPLE_CODESIGN_KEYCHAIN_PASSWORD }}
+        run: |
+          if [ -z "$CERT_BASE64" ] || [ -z "$CERT_PASSWORD" ] || [ -z "$KEYCHAIN_PASSWORD" ]; then
+            echo "Missing code signing certificate secrets"
+            exit 1
+          fi
+          KEYCHAIN="$RUNNER_TEMP/codesign.keychain-db"
+          echo "$CERT_BASE64" | base64 --decode > "$RUNNER_TEMP/certificate.p12"
+          security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN"
+          security set-keychain-settings -lut 21600 "$KEYCHAIN"
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN"
+          security import "$RUNNER_TEMP/certificate.p12" -k "$KEYCHAIN" -P "$CERT_PASSWORD" -T /usr/bin/codesign -T /usr/bin/security
+          security list-keychains -d user -s "$KEYCHAIN" $(security list-keychains -d user | tr -d '"')
+          security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN"
+          rm "$RUNNER_TEMP/certificate.p12"
+
+      - name: Create tag
+        env:
+          APP_VERSION: ${{ steps.version.outputs.version }}
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          REPOSITORY: ${{ github.repository }}
+        run: |
+          TAG="v$APP_VERSION"
+          git tag -a "$TAG" -m "Release $TAG"
+          git push "https://x-access-token:${GH_TOKEN}@github.com/$REPOSITORY" "$TAG"
+
+      - name: Build native modules
+        run: pnpm --filter array run build-native
+
+      - name: Publish with Electron Forge
+        env:
+          APP_VERSION: ${{ steps.version.outputs.version }}
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
+        run: pnpm --filter array run publish

.github/workflows/build.yml

@@ -13,7 +13,7 @@ jobs:
       contents: read
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           persist-credentials: false
       - name: Setup pnpm

.github/workflows/code-quality.yml

@@ -1,4 +1,4 @@
-name: Code quality
+name: Code Quality
 
 on:
   pull_request:
@@ -14,7 +14,7 @@ jobs:
       contents: read
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           persist-credentials: false
 

.github/workflows/test.yml

@@ -14,7 +14,7 @@ jobs:
       contents: read
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           persist-credentials: false
 

.github/workflows/typecheck.yml

@@ -10,7 +10,7 @@ jobs:
       contents: read
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           persist-credentials: false
       - name: Setup pnpm

apps/array/src/main/services/agent/schemas.ts

@@ -13,6 +13,10 @@ export type Credentials = z.infer<typeof credentialsSchema>;
 export const agentFrameworkSchema = z.enum(["claude", "codex"]);
 export type AgentFramework = z.infer<typeof agentFrameworkSchema>;
 
+// Execution mode schema
+export const executionModeSchema = z.enum(["plan", "acceptEdits", "default"]);
+export type ExecutionMode = z.infer<typeof executionModeSchema>;
+
 // Session config schema
 export const sessionConfigSchema = z.object({
   taskId: z.string(),
@@ -23,6 +27,7 @@ export const sessionConfigSchema = z.object({
   sdkSessionId: z.string().optional(),
   model: z.string().optional(),
   framework: agentFrameworkSchema.optional(),
+  executionMode: executionModeSchema.optional(),
 });
 
 export type SessionConfig = z.infer<typeof sessionConfigSchema>;
@@ -40,7 +45,7 @@ export const startSessionInput = z.object({
   autoProgress: z.boolean().optional(),
   model: z.string().optional(),
   framework: agentFrameworkSchema.optional().default("claude"),
-  executionMode: z.enum(["plan"]).optional(),
+  executionMode: z.enum(["plan", "acceptEdits", "default"]).optional(),
   runMode: z.enum(["local", "cloud"]).optional(),
   createPR: z.boolean().optional(),
 });
@@ -112,6 +117,12 @@ export const setModelInput = z.object({
   modelId: z.string(),
 });
 
+// Set mode input
+export const setModeInput = z.object({
+  sessionId: z.string(),
+  modeId: z.enum(["plan", "default", "acceptEdits"]),
+});
+
 // Subscribe to session events input
 export const subscribeSessionInput = z.object({
   sessionId: z.string(),
@@ -120,13 +131,51 @@ export const subscribeSessionInput = z.object({
 // Agent events
 export const AgentServiceEvent = {
   SessionEvent: "session-event",
+  PermissionRequest: "permission-request",
 } as const;
 
 export interface AgentSessionEventPayload {
   sessionId: string;
   payload: unknown;
 }
 
+export interface PermissionOption {
+  kind: "allow_once" | "allow_always" | "reject_once" | "reject_always";
+  name: string;
+  optionId: string;
+  description?: string;
+}
+
+export interface PermissionRequestPayload {
+  sessionId: string;
+  toolCallId: string;
+  title: string;
+  options: PermissionOption[];
+  rawInput: unknown;
+}
+
 export interface AgentServiceEvents {
   [AgentServiceEvent.SessionEvent]: AgentSessionEventPayload;
+  [AgentServiceEvent.PermissionRequest]: PermissionRequestPayload;
 }
+
+// Permission response input for tRPC
+export const respondToPermissionInput = z.object({
+  sessionId: z.string(),
+  toolCallId: z.string(),
+  optionId: z.string(),
+  // For multi-select mode: array of selected option IDs
+  selectedOptionIds: z.array(z.string()).optional(),
+  // For "Other" option: custom text input from user
+  customInput: z.string().optional(),
+});
+
+export type RespondToPermissionInput = z.infer<typeof respondToPermissionInput>;
+
+// Permission cancellation input for tRPC
+export const cancelPermissionInput = z.object({
+  sessionId: z.string(),
+  toolCallId: z.string(),
+});
+
+export type CancelPermissionInput = z.infer<typeof cancelPermissionInput>;