From 6db33ea78610c50d3b36d1e89a13568e74c3c1fb Mon Sep 17 00:00:00 2001
From: shokollm <270575765+shokollm@users.noreply.github.com>
Date: Mon, 30 Mar 2026 15:52:29 +0000
Subject: [PATCH] fix(phase3a): add fix-permissions command to kugetsu-helper

Add kugetsu_fix_pm_permissions function to fix opencode session permissions
for /tmp/kugetsu directory access. This resolves permission issues when
PM agent tries to access worktree directories.

Usage: kugetsu-helper fix-permissions
---
 .../kugetsu-helpers/scripts/kugetsu-helpers   | 56 ++++++++++++++++++-
 1 file changed, 55 insertions(+), 1 deletion(-)

diff --git a/skills/kugetsu-helpers/scripts/kugetsu-helpers b/skills/kugetsu-helpers/scripts/kugetsu-helpers
index 90c5081..c8ce651 100755
--- a/skills/kugetsu-helpers/scripts/kugetsu-helpers
+++ b/skills/kugetsu-helpers/scripts/kugetsu-helpers
@@ -97,6 +97,53 @@ kugetsu_continue_dev_session() {
     kugetsu continue "$issue_ref" "$update" 2>&1
 }
 
+kugetsu_fix_pm_permissions() {
+    local pm_session=$(kugetsu_get_pm_session)
+    if [ -z "$pm_session" ] || [ "$pm_session" = "null" ]; then
+        echo "Error: PM agent session not found"
+        return 1
+    fi
+    
+    python3 << PYEOF
+import sqlite3
+import json
+import os
+
+db_path = os.path.expanduser("~/.local/share/opencode/opencode.db")
+conn = sqlite3.connect(db_path)
+cursor = conn.cursor()
+
+# Get current permission for PM session
+session_id = "$pm_session"
+cursor.execute("SELECT id, permission FROM session WHERE id = ?", (session_id,))
+row = cursor.fetchone()
+
+if not row:
+    print(f"Error: Session {session_id} not found")
+    exit(1)
+
+perms = json.loads(row[1]) if row[1] else []
+patterns = [p['pattern'] for p in perms]
+
+# Add missing patterns for /tmp/kugetsu
+needed = ['/tmp/kugetsu', '/tmp/kugetsu/*', '/tmp/kugetsu/**']
+added = []
+
+for pattern in needed:
+    if pattern not in patterns:
+        perms.append({"permission": "external_directory", "pattern": pattern, "action": "allow"})
+        added.append(pattern)
+
+if added:
+    new_perms = json.dumps(perms)
+    cursor.execute("UPDATE session SET permission = ? WHERE id = ?", (new_perms, session_id))
+    conn.commit()
+    print(f"Added permissions: {', '.join(added)}")
+else:
+    print("All required permissions already exist")
+PYEOF
+}
+
 # Main entry point for CLI usage
 main() {
     local command="${1:-}"
@@ -121,6 +168,9 @@ main() {
         continue-dev-session)
             kugetsu_continue_dev_session "$@"
             ;;
+        fix-permissions)
+            kugetsu_fix_pm_permissions
+            ;;
         help|--help|-h)
             cat << 'EOF'
 kugetsu-helpers - Hermes tools for kugetsu
@@ -132,9 +182,13 @@ Commands:
     list-sessions            List all kugetsu sessions
     create-dev-session <ref> <task>  Create dev agent session
     continue-dev-session <ref> <update>  Continue dev agent session
+    fix-permissions          Fix opencode permission for /tmp/kugetsu access
 
 Usage in Hermes:
-    terminal(command="kugetsu_delegate_to_pm 'fix issue #5'")
+    terminal(command="~/.local/bin/kugetsu-helper delegate-to-pm 'fix issue #5'", timeout=120)
+
+Note: If PM agent has permission issues accessing /tmp/kugetsu, run:
+    kugetsu-helper fix-permissions
 EOF
             ;;
         *)