HQ
HQ01
Intelligence

Artifacts

Browse the repository, read documents, and manage the governance folders. Source, runtime, and infrastructure are read-only.

Repository
repositories
aaf-holdings
README.md
CONSTITUTION_COMPLIANCE_AUDIT_V1.mdREADME.md
repositories/aaf-holdings/hq01/lib/sessions/config.ts
2.6 KB
/**
 * Configuration for the HQ01 Session Manager.
 *
 * Like the rest of HQ01, the session manager has no database: the filesystem is
 * the source of truth. All live session state lives under a single runtime root,
 * one directory per session.
 */

/**
 * Where session runtime state is stored. Each session gets its own subdirectory
 * containing `session.json`, `metadata.json`, `stdout.log` and `stderr.log`.
 *
 * Overridable with HQ01_SESSIONS_ROOT for tests or alternate deployments.
 */
export const SESSIONS_ROOT =
  process.env.HQ01_SESSIONS_ROOT?.trim() ||
  "/srv/aaf/runtime/claude/sessions";

/**
 * The executable launched for a new session when the caller does not override
 * it. Overridable with HQ01_CLAUDE_BIN (useful in tests, where we point it at a
 * harmless script instead of the real Claude CLI).
 */
export const DEFAULT_COMMAND =
  process.env.HQ01_CLAUDE_BIN?.trim() || "claude";

/** How long a graceful stop waits for SIGTERM before escalating to SIGKILL. */
export const STOP_GRACE_MS = 5000;

/** Maximum bytes of each log returned by the log viewer / tail endpoint. */
export const LOG_TAIL_BYTES = 64 * 1024;

/**
 * Controlled permission posture for Claude sessions.
 *
 * Both default to UNSET, which preserves the current restrictive behavior (no
 * permission flags → headless sessions cannot write). When set, the dispatch
 * layer appends these as documented Claude CLI flags so a briefed session can
 * write inside its runtime workspace without blanket dangerous permissions.
 *
 *   HQ01_CLAUDE_PERMISSION_MODE   e.g. "acceptEdits" (NEVER bypassPermissions)
 *   HQ01_CLAUDE_ALLOWED_TOOLS     e.g. "Read,Write,Edit,LS" (no Bash → no shell)
 */
export const CLAUDE_PERMISSION_MODE =
  process.env.HQ01_CLAUDE_PERMISSION_MODE?.trim() || "";

export const CLAUDE_ALLOWED_TOOLS = (
  process.env.HQ01_CLAUDE_ALLOWED_TOOLS?.trim() || ""
)
  .split(/[,\s]+/)
  .filter(Boolean);

/**
 * Safety guard: never honor a request to bypass permissions through this config,
 * even if the environment is misconfigured. bypassPermissions is treated as unset.
 */
function safeMode(mode: string): string {
  const banned = new Set(["bypasspermissions", "dontask"]);
  return banned.has(mode.toLowerCase()) ? "" : mode;
}

/** The Claude CLI permission flags implied by the config, or [] when unset. */
export function claudePermissionArgs(): string[] {
  const args: string[] = [];
  const mode = safeMode(CLAUDE_PERMISSION_MODE);
  if (mode) args.push("--permission-mode", mode);
  if (CLAUDE_ALLOWED_TOOLS.length) {
    args.push("--allowedTools", CLAUDE_ALLOWED_TOOLS.join(","));
  }
  return args;
}

root · /srv/aaf