From 74468af7c8762fb10273dc3622efeb19ed8d43bc Mon Sep 17 00:00:00 2001
From: shokollm <270575765+shokollm@users.noreply.github.com>
Date: Thu, 2 Apr 2026 00:57:14 +0000
Subject: [PATCH 1/3] fix(kugetsu): add fix_session_permissions command for
 cmd_doctor

Add --fix-permissions flag to cmd_doctor:
  kugetsu doctor --fix-permissions

The fix_session_permissions() function:
- Updates base session and PM agent session permissions in SQLite
- Sets external_directory pattern to '*' with action 'allow'
- This fixes the issue where PM agent cannot access external directories

This addresses issue #36 where PM agent external_directory permission fails.

Fixes #36
---
 skills/kugetsu/scripts/kugetsu | 50 ++++++++++++++++++++++++++++++++++
 1 file changed, 50 insertions(+)

diff --git a/skills/kugetsu/scripts/kugetsu b/skills/kugetsu/scripts/kugetsu
index 29348bc..df1b4b9 100755
--- a/skills/kugetsu/scripts/kugetsu
+++ b/skills/kugetsu/scripts/kugetsu
@@ -695,12 +695,16 @@ cmd_env() {
 
 cmd_doctor() {
     local fix=false
+    local fix_permissions=false
     
     while [ $# -gt 0 ]; do
         case "$1" in
             --fix)
                 fix=true
                 ;;
+            --fix-permissions)
+                fix_permissions=true
+                ;;
             *)
                 ;;
         esac
@@ -798,6 +802,52 @@ cmd_doctor() {
             fi
         fi
     fi
+    
+    if [ "$fix_permissions" = true ]; then
+        echo ""
+        echo "Fixing session permissions..."
+        fix_session_permissions
+    fi
+}
+
+fix_session_permissions() {
+    local opencode_db="${OPENCODE_DB:-$HOME/.opencode/opencode.db}"
+    
+    if [ ! -f "$opencode_db" ]; then
+        echo "[ERROR] opencode database not found: $opencode_db"
+        return 1
+    fi
+    
+    local base_session_id=$(get_base_session_id)
+    local pm_agent_session_id=$(get_pm_agent_session_id)
+    
+    local PERMISSION_JSON='[{"permission":"question","pattern":"*","action":"deny"},{"permission":"plan_enter","pattern":"*","action":"deny"},{"permission":"plan_exit","pattern":"*","action":"deny"},{"permission":"external_directory","pattern":"*","action":"allow"}]'
+    
+    if [ -n "$base_session_id" ] && [ "$base_session_id" != "null" ]; then
+        echo "Updating base session permissions: $base_session_id"
+        python3 -c "
+import sqlite3
+conn = sqlite3.connect('$opencode_db')
+cursor = conn.cursor()
+cursor.execute(\"UPDATE session SET permission = ? WHERE id = ?\", ('$PERMISSION_JSON', '$base_session_id'))
+conn.commit()
+print('[OK] Base session permissions updated')
+"
+    fi
+    
+    if [ -n "$pm_agent_session_id" ] && [ "$pm_agent_session_id" != "null" ] && [ "$pm_agent_session_id" != "None" ]; then
+        echo "Updating PM agent session permissions: $pm_agent_session_id"
+        python3 -c "
+import sqlite3
+conn = sqlite3.connect('$opencode_db')
+cursor = conn.cursor()
+cursor.execute(\"UPDATE session SET permission = ? WHERE id = ?\", ('$PERMISSION_JSON', '$pm_agent_session_id'))
+conn.commit()
+print('[OK] PM agent session permissions updated')
+"
+    fi
+    
+    echo "Session permissions fix complete"
 }
 
 DEBUG_MODE=false
-- 
2.49.1


From 2060c4ffbe581ce7f6c7d73560126bffdcbe06fb Mon Sep 17 00:00:00 2001
From: shokollm <270575765+shokollm@users.noreply.github.com>
Date: Thu, 2 Apr 2026 01:37:14 +0000
Subject: [PATCH 2/3] test: add fix_session_permissions tests

- Add test E7: verify fix_session_permissions function exists
- Add test E8: verify cmd_doctor --fix-permissions flag is recognized
- Add fix_session_permissions call to cmd_init to set permissions
  when initializing new sessions
---
 skills/kugetsu/scripts/kugetsu          |  2 ++
 skills/kugetsu/tests/test-kugetsu-v2.sh | 19 +++++++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/skills/kugetsu/scripts/kugetsu b/skills/kugetsu/scripts/kugetsu
index df1b4b9..5f1b473 100755
--- a/skills/kugetsu/scripts/kugetsu
+++ b/skills/kugetsu/scripts/kugetsu
@@ -1102,6 +1102,8 @@ EOF
     echo "Initialization complete!"
     echo "- Base session: $new_session_id"
     echo "- PM agent: ${new_pm_session_id:-created by hermes}"
+    
+    fix_session_permissions
 }
 
 cmd_start() {
diff --git a/skills/kugetsu/tests/test-kugetsu-v2.sh b/skills/kugetsu/tests/test-kugetsu-v2.sh
index 6ee0b4f..964f2a3 100644
--- a/skills/kugetsu/tests/test-kugetsu-v2.sh
+++ b/skills/kugetsu/tests/test-kugetsu-v2.sh
@@ -637,6 +637,25 @@ echo ""
 # Cleanup env files
 rm -rf ~/.kugetsu/env 2>/dev/null || true
 
+# Test E7: fix_session_permissions function exists
+echo "--- Test: fix_session_permissions function exists ---"
+if grep -q "fix_session_permissions()" "$KUGETSU"; then
+    pass "fix_session_permissions function exists"
+else
+    fail "fix_session_permissions function not found"
+fi
+echo ""
+
+# Test E8: cmd_doctor --fix-permissions flag is recognized
+echo "--- Test: cmd_doctor --fix-permissions flag ---"
+OUTPUT=$($KUGETSU doctor --fix-permissions 2>&1 || true)
+if echo "$OUTPUT" | grep -q -E "(Fixing session permissions|Session permissions fix complete|opencode database not found)"; then
+    pass "cmd_doctor --fix-permissions flag is recognized"
+else
+    fail "cmd_doctor --fix-permissions not recognized: $OUTPUT"
+fi
+echo ""
+
 # Cleanup
 cleanup
 
-- 
2.49.1


From b2f2df7b068e8752e6a52287f95fc5540a4f0ec8 Mon Sep 17 00:00:00 2001
From: shokollm <270575765+shokollm@users.noreply.github.com>
Date: Thu, 2 Apr 2026 02:12:38 +0000
Subject: [PATCH 3/3] test(kugetsu): add comprehensive tests for
 fix_session_permissions

- Test E7: verify fix_session_permissions function exists
- Test E8: verify cmd_doctor --fix-permissions flag is recognized
- Test E9: verify permission JSON is valid JSON
- Test E10: verify SQL UPDATE syntax works correctly

These tests verify the fix without requiring actual opencode installation.
---
 skills/kugetsu/tests/test-kugetsu-v2.sh | 33 +++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/skills/kugetsu/tests/test-kugetsu-v2.sh b/skills/kugetsu/tests/test-kugetsu-v2.sh
index 964f2a3..66420e9 100644
--- a/skills/kugetsu/tests/test-kugetsu-v2.sh
+++ b/skills/kugetsu/tests/test-kugetsu-v2.sh
@@ -656,6 +656,39 @@ else
 fi
 echo ""
 
+# Test E9: fix_session_permissions has valid permission JSON
+echo "--- Test: fix_session_permissions has valid permission JSON ---"
+PERMISSION_JSON='[{"permission":"question","pattern":"*","action":"deny"},{"permission":"plan_enter","pattern":"*","action":"deny"},{"permission":"plan_exit","pattern":"*","action":"deny"},{"permission":"external_directory","pattern":"*","action":"allow"}]'
+if python3 -c "import json; json.loads('$PERMISSION_JSON')" 2>/dev/null; then
+    pass "fix_session_permissions has valid permission JSON"
+else
+    fail "fix_session_permissions permission JSON is invalid"
+fi
+echo ""
+
+# Test E10: fix_session_permissions SQL UPDATE syntax is valid
+echo "--- Test: fix_session_permissions SQL UPDATE syntax ---"
+if python3 -c "
+import sqlite3
+conn = sqlite3.connect(':memory:')
+cursor = conn.cursor()
+cursor.execute('CREATE TABLE session (id TEXT, permission TEXT)')
+cursor.execute('INSERT INTO session (id, permission) VALUES (?, ?)', ('test_id', 'original'))
+cursor.execute('UPDATE session SET permission = ? WHERE id = ?', ('$PERMISSION_JSON', 'test_id'))
+conn.commit()
+cursor.execute('SELECT permission FROM session WHERE id = ?', ('test_id',))
+result = cursor.fetchone()
+if result and 'external_directory' in result[0]:
+    print('OK')
+else:
+    print('FAIL')
+" 2>/dev/null | grep -q OK; then
+    pass "fix_session_permissions SQL UPDATE syntax is valid"
+else
+    fail "fix_session_permissions SQL UPDATE syntax failed"
+fi
+echo ""
+
 # Cleanup
 cleanup
 
-- 
2.49.1