feat: 正式启用 auto mode (#307)

* fix: 修复settings.json内存状态溢出的问题

* fix: 修复auto mode gate check未处理的promise rejection

在 bypassPermissionsKillswitch.ts 的 useKickOffCheckAndDisableAutoModeIfNeeded
中，void fire-and-forget 调用缺少 .catch() 处理，导致 verifyAutoModeGateAccess
失败时产生 unhandled promise rejection。同时移除 permissionSetup.ts 中冗余的
null check。

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: 开放 auto mode 和 bypass mode 给所有用户

通过 Shift+Tab 统一循环：default → acceptEdits → plan → auto → bypassPermissions → default

- 移除 USER_TYPE 分支判断，所有用户使用同一循环路径
- isBypassPermissionsModeAvailable 始终为 true
- isAutoModeAvailable 初始化直接为 true
- 移除 AutoModeOptInDialog 确认流程
- 简化 isAutoModeGateEnabled 仅保留快模式熔断器
- 简化 verifyAutoModeGateAccess 仅检查快模式
- 移除 GrowthBook/Statsig 远程门控
- bypass permissions killswitch 改为 no-op
- 新增 24 个测试覆盖循环逻辑和门控不变量

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: 为sideQuery添加Langfuse追踪

sideQuery 绕过了 claude.ts 的主 API 路径，导致所有走 sideQuery 的调用
（auto mode classifier、permission explainer、session search 等）都没有
Langfuse 记录。现在为每次 sideQuery 调用创建独立 trace 并记录 LLM observation，
未配置 Langfuse 时全部 no-op。

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: ACP availableModes 补齐 bypassPermissions 并修正测试 import 路径

- ACP agent availableModes 按条件包含 bypassPermissions（非 root/sandbox）
- 顺序对齐 REPL 循环：default → acceptEdits → plan → auto → bypassPermissions
- 新增 2 个测试验证 availableModes 包含 bypassPermissions 及模式切换
- 修正 getNextPermissionMode.test.ts 和 permissionSetup.test.ts 的 import 路径

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>

src/utils/permissions/__tests__/getNextPermissionMode.test.ts

@@ -0,0 +1,204 @@
+/**
+ * Tests for src/utils/permissions/getNextPermissionMode.ts
+ *
+ * Covers the unified permission mode cycling logic:
+ *   default → acceptEdits → plan → auto → bypassPermissions → default
+ *
+ * After the "open auto/bypass to all users" change, there is no USER_TYPE
+ * distinction — all users share the same cycle order.
+ */
+import { describe, expect, test } from 'bun:test'
+import type { ToolPermissionContext } from '../../../Tool.js'
+import type { PermissionMode } from '../PermissionMode.js'
+
+// Inline getNextPermissionMode to avoid importing the heavy permissionSetup
+// dependency chain (growthbook, settings, etc.).
+// The function under test is small and pure enough to copy for testing.
+import { getNextPermissionMode } from '../getNextPermissionMode.js'
+
+// ─── helpers ──────────────────────────────────────────────────────────────────
+
+function makeContext(
+  mode: PermissionMode,
+  overrides: Partial<ToolPermissionContext> = {},
+): ToolPermissionContext {
+  return {
+    mode,
+    additionalWorkingDirectories: new Map(),
+    alwaysAllowRules: {},
+    alwaysDenyRules: {},
+    alwaysAskRules: {},
+    isBypassPermissionsModeAvailable: true,
+    ...overrides,
+  }
+}
+
+// ─── tests ────────────────────────────────────────────────────────────────────
+
+describe('getNextPermissionMode', () => {
+  // ── Full cycle ──────────────────────────────────────────────────────────
+
+  describe('unified cycle order', () => {
+    test('default → acceptEdits', () => {
+      expect(getNextPermissionMode(makeContext('default'))).toBe('acceptEdits')
+    })
+
+    test('acceptEdits → plan', () => {
+      expect(getNextPermissionMode(makeContext('acceptEdits'))).toBe('plan')
+    })
+
+    test('plan → auto', () => {
+      expect(getNextPermissionMode(makeContext('plan'))).toBe('auto')
+    })
+
+    test('auto → bypassPermissions (when bypass available)', () => {
+      expect(getNextPermissionMode(makeContext('auto'))).toBe('bypassPermissions')
+    })
+
+    test('bypassPermissions → default', () => {
+      expect(getNextPermissionMode(makeContext('bypassPermissions'))).toBe('default')
+    })
+
+    test('full cycle completes back to default', () => {
+      const cycle: PermissionMode[] = []
+      let ctx = makeContext('default')
+      for (let i = 0; i < 5; i++) {
+        const next = getNextPermissionMode(ctx)
+        cycle.push(next)
+        ctx = makeContext(next)
+      }
+      expect(cycle).toEqual([
+        'acceptEdits',
+        'plan',
+        'auto',
+        'bypassPermissions',
+        'default',
+      ])
+    })
+  })
+
+  // ── auto → default when bypass unavailable ─────────────────────────────
+
+  describe('auto mode with bypass unavailable', () => {
+    test('auto → default when isBypassPermissionsModeAvailable is false', () => {
+      const ctx = makeContext('auto', {
+        isBypassPermissionsModeAvailable: false,
+      })
+      expect(getNextPermissionMode(ctx)).toBe('default')
+    })
+  })
+
+  // ── dontAsk mode ────────────────────────────────────────────────────────
+
+  describe('dontAsk mode', () => {
+    test('dontAsk → default', () => {
+      expect(getNextPermissionMode(makeContext('dontAsk'))).toBe('default')
+    })
+  })
+
+  // ── USER_TYPE independence ──────────────────────────────────────────────
+
+  describe('no USER_TYPE distinction', () => {
+    test('cycle order is the same regardless of USER_TYPE', () => {
+      // Save original
+      const originalUserType = process.env.USER_TYPE
+
+      // Test with no USER_TYPE
+      delete process.env.USER_TYPE
+      const cycleNoType: PermissionMode[] = []
+      let ctx = makeContext('default')
+      for (let i = 0; i < 5; i++) {
+        const next = getNextPermissionMode(ctx)
+        cycleNoType.push(next)
+        ctx = makeContext(next)
+      }
+
+      // Test with USER_TYPE=ant
+      process.env.USER_TYPE = 'ant'
+      const cycleAnt: PermissionMode[] = []
+      ctx = makeContext('default')
+      for (let i = 0; i < 5; i++) {
+        const next = getNextPermissionMode(ctx)
+        cycleAnt.push(next)
+        ctx = makeContext(next)
+      }
+
+      // Restore
+      if (originalUserType !== undefined) {
+        process.env.USER_TYPE = originalUserType
+      } else {
+        delete process.env.USER_TYPE
+      }
+
+      // Both should produce the same cycle
+      expect(cycleNoType).toEqual(cycleAnt)
+      expect(cycleNoType).toEqual([
+        'acceptEdits',
+        'plan',
+        'auto',
+        'bypassPermissions',
+        'default',
+      ])
+    })
+  })
+
+  // ── teamContext parameter ───────────────────────────────────────────────
+
+  describe('teamContext parameter', () => {
+    test('does not affect cycle when provided', () => {
+      const ctx = makeContext('default')
+      const teamCtx = { leadAgentId: 'agent-123' }
+      expect(getNextPermissionMode(ctx, teamCtx)).toBe('acceptEdits')
+    })
+
+    test('does not affect cycle for plan mode', () => {
+      const ctx = makeContext('plan')
+      const teamCtx = { leadAgentId: 'agent-456' }
+      expect(getNextPermissionMode(ctx, teamCtx)).toBe('auto')
+    })
+  })
+
+  // ── cycle stability (no infinite loops) ─────────────────────────────────
+
+  describe('cycle stability', () => {
+    test('all modes return to default within 6 steps', () => {
+      const modes: PermissionMode[] = [
+        'default',
+        'acceptEdits',
+        'plan',
+        'auto',
+        'bypassPermissions',
+        'dontAsk',
+      ]
+      for (const startMode of modes) {
+        let current = startMode
+        let returnedToDefault = false
+        for (let i = 0; i < 6; i++) {
+          current = getNextPermissionMode(makeContext(current))
+          if (current === 'default') {
+            returnedToDefault = true
+            break
+          }
+        }
+        expect(returnedToDefault).toBe(true)
+      }
+    })
+
+    test('cycling 100 times never produces an invalid mode', () => {
+      const validModes = new Set<string>([
+        'default',
+        'acceptEdits',
+        'plan',
+        'auto',
+        'bypassPermissions',
+        'dontAsk',
+      ])
+      let ctx = makeContext('default')
+      for (let i = 0; i < 100; i++) {
+        const next = getNextPermissionMode(ctx)
+        expect(validModes.has(next)).toBe(true)
+        ctx = makeContext(next)
+      }
+    })
+  })
+})

src/utils/permissions/__tests__/permissionSetup.test.ts

@@ -0,0 +1,148 @@
+/**
+ * Tests for the simplified permission gate functions.
+ *
+ * After the "open auto/bypass to all users" change, the key guarantees are:
+ * - shouldDisableBypassPermissions() always returns false
+ * - isBypassPermissionsModeDisabled() always returns false
+ * - hasAutoModeOptInAnySource() always returns true
+ * - isAutoModeGateEnabled() returns true unless fast-mode circuit breaker fires
+ * - getAutoModeUnavailableReason() returns null when no breaker fires
+ *
+ * These functions are tested through the getNextPermissionMode cycle
+ * and through direct unit tests of the gate functions.
+ */
+import { describe, expect, test } from 'bun:test'
+import type { ToolPermissionContext } from '../../../Tool.js'
+import type { PermissionMode } from '../PermissionMode.js'
+import { getNextPermissionMode } from '../getNextPermissionMode.js'
+
+// ─── helpers ──────────────────────────────────────────────────────────────────
+
+function makeContext(
+  mode: PermissionMode,
+  overrides: Partial<ToolPermissionContext> = {},
+): ToolPermissionContext {
+  return {
+    mode,
+    additionalWorkingDirectories: new Map(),
+    alwaysAllowRules: {},
+    alwaysDenyRules: {},
+    alwaysAskRules: {},
+    isBypassPermissionsModeAvailable: true,
+    ...overrides,
+  }
+}
+
+// ─── tests ────────────────────────────────────────────────────────────────────
+
+describe('permission gate invariants (after opening auto/bypass)', () => {
+  // ── Bypass permissions is always available ──────────────────────────────
+
+  describe('bypass mode always reachable in cycle', () => {
+    test('auto → bypassPermissions when isBypassPermissionsModeAvailable is true', () => {
+      const ctx = makeContext('auto', { isBypassPermissionsModeAvailable: true })
+      expect(getNextPermissionMode(ctx)).toBe('bypassPermissions')
+    })
+
+    test('isBypassPermissionsModeAvailable true is the default from getEmptyToolPermissionContext', () => {
+      // This test verifies the Tool.ts default is true
+      // (imported indirectly through the cycle behavior)
+      const ctx = makeContext('auto')
+      expect(ctx.isBypassPermissionsModeAvailable).toBe(true)
+      expect(getNextPermissionMode(ctx)).toBe('bypassPermissions')
+    })
+  })
+
+  // ── Auto mode is always available in cycle ──────────────────────────────
+
+  describe('auto mode always reachable in cycle', () => {
+    test('plan → auto (always, no gate check)', () => {
+      expect(getNextPermissionMode(makeContext('plan'))).toBe('auto')
+    })
+
+    test('plan → auto even when isBypassPermissionsModeAvailable is false', () => {
+      const ctx = makeContext('plan', { isBypassPermissionsModeAvailable: false })
+      expect(getNextPermissionMode(ctx)).toBe('auto')
+    })
+
+    test('bypassPermissions → default (then default → acceptEdits → plan → auto)', () => {
+      // Verify that after bypass, you can reach auto by cycling through
+      const fromBypass = getNextPermissionMode(makeContext('bypassPermissions'))
+      expect(fromBypass).toBe('default')
+
+      const fromDefault = getNextPermissionMode(makeContext('default'))
+      expect(fromDefault).toBe('acceptEdits')
+
+      const fromAcceptEdits = getNextPermissionMode(makeContext('acceptEdits'))
+      expect(fromAcceptEdits).toBe('plan')
+
+      const fromPlan = getNextPermissionMode(makeContext('plan'))
+      expect(fromPlan).toBe('auto')
+    })
+  })
+
+  // ── No opt-in gate between modes ────────────────────────────────────────
+
+  describe('no opt-in gate between modes', () => {
+    test('cycling from default to auto completes in 3 steps without any opt-in check', () => {
+      let mode: PermissionMode = 'default'
+      const steps: PermissionMode[] = []
+
+      // default → acceptEdits → plan → auto
+      for (let i = 0; i < 3; i++) {
+        mode = getNextPermissionMode(makeContext(mode))
+        steps.push(mode)
+      }
+
+      expect(steps).toEqual(['acceptEdits', 'plan', 'auto'])
+    })
+
+    test('cycling from default to bypassPermissions completes in 4 steps', () => {
+      let mode: PermissionMode = 'default'
+      const steps: PermissionMode[] = []
+
+      for (let i = 0; i < 4; i++) {
+        mode = getNextPermissionMode(makeContext(mode))
+        steps.push(mode)
+      }
+
+      expect(steps).toEqual(['acceptEdits', 'plan', 'auto', 'bypassPermissions'])
+    })
+  })
+
+  // ── Mode ordering safety (most dangerous modes last) ────────────────────
+
+  describe('safety ordering', () => {
+    test('auto comes before bypassPermissions in the cycle', () => {
+      // Starting from plan, user must press Shift+Tab twice to reach bypass
+      // (plan → auto → bypassPermissions)
+      const fromPlan = getNextPermissionMode(makeContext('plan'))
+      expect(fromPlan).toBe('auto')
+
+      const fromAuto = getNextPermissionMode(makeContext('auto'))
+      expect(fromAuto).toBe('bypassPermissions')
+    })
+
+    test('default comes before any dangerous mode', () => {
+      // default → acceptEdits (safe, just auto-accept edits)
+      const fromDefault = getNextPermissionMode(makeContext('default'))
+      expect(fromDefault).toBe('acceptEdits')
+      // acceptEdits is the least dangerous mode
+    })
+  })
+})
+
+describe('Tool.ts default context', () => {
+  test('getEmptyToolPermissionContext has isBypassPermissionsModeAvailable = true', async () => {
+    const { getEmptyToolPermissionContext } = await import('../../../Tool.js')
+    const ctx = getEmptyToolPermissionContext()
+    expect(ctx.isBypassPermissionsModeAvailable).toBe(true)
+  })
+})
+
+describe('settings hasAutoModeOptIn', () => {
+  test('always returns true after change', async () => {
+    const { hasAutoModeOptIn } = await import('../../settings/settings.js')
+    expect(hasAutoModeOptIn()).toBe(true)
+  })
+})

src/utils/permissions/bypassPermissionsKillswitch.ts

@@ -1,79 +1,44 @@
 import { feature } from 'bun:bundle'
 import { useEffect, useRef } from 'react'
-import {
-  type AppState,
-  useAppState,
-  useAppStateStore,
-  useSetAppState,
-} from 'src/state/AppState.js'
-import type { ToolPermissionContext } from 'src/Tool.js'
+import { useNotifications } from 'src/context/notifications.js'
+import { toError } from '../../utils/errors.js'
+import { logError } from '../../utils/log.js'
 import { getIsRemoteMode } from '../../bootstrap/state.js'
+import { useAppState, useAppStateStore, useSetAppState } from '../../state/AppState.js'
+import type { ToolPermissionContext } from '../../Tool.js'
 import {
-  createDisabledBypassPermissionsContext,
-  shouldDisableBypassPermissions,
   verifyAutoModeGateAccess,
 } from './permissionSetup.js'
 
-let bypassPermissionsCheckRan = false
-
+/**
+ * No-op — bypass permissions is always available.
+ */
 export async function checkAndDisableBypassPermissionsIfNeeded(
-  toolPermissionContext: ToolPermissionContext,
-  setAppState: (f: (prev: AppState) => AppState) => void,
+  _toolPermissionContext: ToolPermissionContext,
+  _setAppState: (f: (prev: import('../../state/AppState.js').AppState) => import('../../state/AppState.js').AppState) => void,
 ): Promise<void> {
-  // Check if bypassPermissions should be disabled based on Statsig gate
-  // Do this only once, before the first query, to ensure we have the latest gate value
-  if (bypassPermissionsCheckRan) {
-    return
-  }
-  bypassPermissionsCheckRan = true
-
-  if (!toolPermissionContext.isBypassPermissionsModeAvailable) {
-    return
-  }
-
-  const shouldDisable = await shouldDisableBypassPermissions()
-  if (!shouldDisable) {
-    return
-  }
-
-  setAppState(prev => {
-    return {
-      ...prev,
-      toolPermissionContext: createDisabledBypassPermissionsContext(
-        prev.toolPermissionContext,
-      ),
-    }
-  })
+  // Bypass permissions is always available — no gate check needed
 }
 
 /**
- * Reset the run-once flag for checkAndDisableBypassPermissionsIfNeeded.
- * Call this after /login so the gate check re-runs with the new org.
+ * Reset stub — kept for interface compatibility.
  */
 export function resetBypassPermissionsCheck(): void {
-  bypassPermissionsCheckRan = false
+  // No-op
 }
 
+/**
+ * No-op hook — bypass permissions is always available.
+ */
 export function useKickOffCheckAndDisableBypassPermissionsIfNeeded(): void {
-  const toolPermissionContext = useAppState(s => s.toolPermissionContext)
-  const setAppState = useSetAppState()
-
-  // Run once, when the component mounts
-  useEffect(() => {
-    if (getIsRemoteMode()) return
-    void checkAndDisableBypassPermissionsIfNeeded(
-      toolPermissionContext,
-      setAppState,
-    )
-    // eslint-disable-next-line react-hooks/exhaustive-deps
-  }, [])
+  // No-op
 }
 
 let autoModeCheckRan = false
 
 export async function checkAndDisableAutoModeIfNeeded(
   toolPermissionContext: ToolPermissionContext,
-  setAppState: (f: (prev: AppState) => AppState) => void,
+  setAppState: (f: (prev: import('../../state/AppState.js').AppState) => import('../../state/AppState.js').AppState) => void,
   fastMode?: boolean,
 ): Promise<void> {
   if (feature('TRANSCRIPT_CLASSIFIER')) {
@@ -87,10 +52,6 @@ export async function checkAndDisableAutoModeIfNeeded(
       fastMode,
     )
     setAppState(prev => {
-      // Apply the transform to CURRENT context, not the stale snapshot we
-      // passed to verifyAutoModeGateAccess. The async GrowthBook await inside
-      // can be outrun by a mid-turn shift-tab; spreading a stale context here
-      // would revert the user's mode change.
       const nextCtx = updateContext(prev.toolPermissionContext)
       const newState =
         nextCtx === prev.toolPermissionContext
@@ -133,11 +94,6 @@ export function useKickOffCheckAndDisableAutoModeIfNeeded(): void {
   const isFirstRunRef = useRef(true)
 
   // Runs on mount (startup check) AND whenever the model or fast mode changes
-  // (kick-out / carousel-restore). Watching both model fields covers /model,
-  // Cmd+P picker, /config, and bridge onSetModel paths; fastMode covers
-  // /fast on|off for the tengu_auto_mode_config.disableFastMode circuit
-  // breaker. The print.ts headless paths are covered by the sync
-  // isAutoModeGateEnabled() check.
   useEffect(() => {
     if (getIsRemoteMode()) return
     if (isFirstRunRef.current) {
@@ -149,7 +105,9 @@ export function useKickOffCheckAndDisableAutoModeIfNeeded(): void {
       store.getState().toolPermissionContext,
       setAppState,
       fastMode,
-    )
+    ).catch(error => {
+      logError(new Error('Auto mode gate check failed', { cause: toError(error) }))
+    })
     // eslint-disable-next-line react-hooks/exhaustive-deps
   }, [mainLoopModel, mainLoopModelForSession, fastMode])
 }

src/utils/permissions/getNextPermissionMode.ts

@@ -1,35 +1,13 @@
-import { feature } from 'bun:bundle'
 import type { ToolPermissionContext } from '../../Tool.js'
 import { logForDebugging } from '../debug.js'
 import type { PermissionMode } from './PermissionMode.js'
-import {
-  getAutoModeUnavailableReason,
-  isAutoModeGateEnabled,
-  transitionPermissionMode,
-} from './permissionSetup.js'
-
-// Checks both the cached isAutoModeAvailable (set at startup by
-// verifyAutoModeGateAccess) and the live isAutoModeGateEnabled() — these can
-// diverge if the circuit breaker or settings change mid-session. The
-// live check prevents transitionPermissionMode from throwing
-// (permissionSetup.ts:~559), which would silently crash the shift+tab handler
-// and leave the user stuck at the current mode.
-function canCycleToAuto(ctx: ToolPermissionContext): boolean {
-  if (feature('TRANSCRIPT_CLASSIFIER')) {
-    const gateEnabled = isAutoModeGateEnabled()
-    const can = !!ctx.isAutoModeAvailable && gateEnabled
-    if (!can) {
-      logForDebugging(
-        `[auto-mode] canCycleToAuto=false: ctx.isAutoModeAvailable=${ctx.isAutoModeAvailable} isAutoModeGateEnabled=${gateEnabled} reason=${getAutoModeUnavailableReason()}`,
-      )
-    }
-    return can
-  }
-  return false
-}
+import { transitionPermissionMode } from './permissionSetup.js'
 
 /**
  * Determines the next permission mode when cycling through modes with Shift+Tab.
+ *
+ * Unified cycle for all users (no USER_TYPE distinction):
+ *   default → acceptEdits → plan → auto → bypassPermissions → default
  */
 export function getNextPermissionMode(
   toolPermissionContext: ToolPermissionContext,
@@ -37,43 +15,29 @@ export function getNextPermissionMode(
 ): PermissionMode {
   switch (toolPermissionContext.mode) {
     case 'default':
-      // Ants skip acceptEdits and plan — auto mode replaces them
-      if (process.env.USER_TYPE === 'ant') {
-        if (toolPermissionContext.isBypassPermissionsModeAvailable) {
-          return 'bypassPermissions'
-        }
-        if (canCycleToAuto(toolPermissionContext)) {
-          return 'auto'
-        }
-        return 'default'
-      }
       return 'acceptEdits'
 
     case 'acceptEdits':
       return 'plan'
 
     case 'plan':
+      return 'auto'
+
+    case 'auto':
       if (toolPermissionContext.isBypassPermissionsModeAvailable) {
         return 'bypassPermissions'
       }
-      if (canCycleToAuto(toolPermissionContext)) {
-        return 'auto'
-      }
       return 'default'
 
     case 'bypassPermissions':
-      if (canCycleToAuto(toolPermissionContext)) {
-        return 'auto'
-      }
       return 'default'
 
     case 'dontAsk':
       // Not exposed in UI cycle yet, but return default if somehow reached
       return 'default'
 
-
     default:
-      // Covers auto (when TRANSCRIPT_CLASSIFIER is enabled) and any future modes — always fall back to default
+      // Covers any future modes — always fall back to default
       return 'default'
   }
 }

src/utils/permissions/permissionSetup.ts

@@ -799,10 +799,6 @@ export function initialPermissionModeFromCLI({
     result = { mode: 'default', notification }
   }
 
-  if (!result) {
-    result = { mode: 'default', notification }
-  }
-
   if (feature('TRANSCRIPT_CLASSIFIER') && result.mode === 'auto') {
     autoModeStateModule?.setAutoModeActive(true)
   }
@@ -927,20 +923,9 @@ export async function initializeToolPermissionContext({
     })
   }
 
-  // Check if bypassPermissions mode is available (not disabled by Statsig gate or settings)
-  // Use cached values to avoid blocking on startup
-  const growthBookDisableBypassPermissionsMode =
-    checkStatsigFeatureGate_CACHED_MAY_BE_STALE(
-      'tengu_disable_bypass_permissions_mode',
-    )
+  // Bypass permissions mode is available to all users
+  const isBypassPermissionsModeAvailable = true
   const settings = getSettings_DEPRECATED() || {}
-  const settingsDisableBypassPermissionsMode =
-    settings.permissions?.disableBypassPermissionsMode === 'disable'
-  const isBypassPermissionsModeAvailable =
-    (permissionMode === 'bypassPermissions' ||
-      allowDangerouslySkipPermissions) &&
-    !growthBookDisableBypassPermissionsMode &&
-    !settingsDisableBypassPermissionsMode
 
   // Load all permission rules from disk
   const rulesFromDisk = loadAllPermissionRulesFromDisk()
@@ -984,7 +969,7 @@ export async function initializeToolPermissionContext({
       alwaysAskRules: {},
       isBypassPermissionsModeAvailable,
       ...(feature('TRANSCRIPT_CLASSIFIER')
-        ? { isAutoModeAvailable: isAutoModeGateEnabled() }
+        ? { isAutoModeAvailable: true }
         : {}),
     },
     rulesFromDisk,
@@ -1076,131 +1061,54 @@ export function getAutoModeUnavailableNotification(
  * kicking the user out of a mode they've already left during the await.
  */
 export async function verifyAutoModeGateAccess(
-  currentContext: ToolPermissionContext,
+  _currentContext: ToolPermissionContext,
   // Runtime AppState.fastMode — passed from callers with AppState access so
   // the disableFastMode circuit breaker reads current state, not stale
   // settings.fastMode (which is intentionally sticky across /model auto-
   // downgrades). Optional for callers without AppState (e.g. SDK init paths).
   fastMode?: boolean,
 ): Promise<AutoModeGateCheckResult> {
-  // Auto-mode config — runs in ALL builds (circuit breaker, carousel, kick-out)
-  // Fresh read of tengu_auto_mode_config.enabled — this async check runs once
-  // after GrowthBook initialization and is the authoritative source for
-  // isAutoModeAvailable. The sync startup path uses stale cache; this
-  // corrects it. Circuit breaker (enabled==='disabled') takes effect here.
+  // Only fast-mode circuit breaker remains. All other gates (GrowthBook,
+  // settings, model support, opt-in) have been removed.
   const autoModeConfig = await getDynamicConfig_BLOCKS_ON_INIT<{
     enabled?: AutoModeEnabledState
     disableFastMode?: boolean
   }>('tengu_auto_mode_config', {})
-  const enabledState = parseAutoModeEnabledState(autoModeConfig?.enabled)
-  const disabledBySettings = isAutoModeDisabledBySettings()
-  // Treat settings-disable the same as GrowthBook 'disabled' for circuit-breaker
-  // semantics — blocks SDK/explicit re-entry via isAutoModeGateEnabled().
-  autoModeStateModule?.setAutoModeCircuitBroken(
-    enabledState === 'disabled' || disabledBySettings,
-  )
 
-  // Carousel availability: not circuit-broken, not disabled-by-settings,
-  // model supports it, disableFastMode breaker not firing, and (enabled or opted-in)
   const mainModel = getMainLoopModel()
-  // Temp circuit breaker: tengu_auto_mode_config.disableFastMode blocks auto
-  // mode when fast mode is on. Checks runtime AppState.fastMode (if provided)
-  // and, for ants, model name '-fast' substring (ant-internal fast models
-  // like capybara-v2-fast[1m] encode speed in the model ID itself).
-  // Remove once auto+fast mode interaction is validated.
   const disableFastModeBreakerFires =
     !!autoModeConfig?.disableFastMode &&
     (!!fastMode ||
       (process.env.USER_TYPE === 'ant' &&
         mainModel.toLowerCase().includes('-fast')))
-  const modelSupported =
-    modelSupportsAutoMode(mainModel) && !disableFastModeBreakerFires
-  let carouselAvailable = false
-  if (enabledState !== 'disabled' && !disabledBySettings && modelSupported) {
-    carouselAvailable =
-      enabledState === 'enabled' || hasAutoModeOptInAnySource()
-  }
-  // canEnterAuto gates explicit entry (--permission-mode auto, defaultMode: auto)
-  // — explicit entry IS an opt-in, so we only block on circuit breaker + settings + model
-  const canEnterAuto =
-    enabledState !== 'disabled' && !disabledBySettings && modelSupported
+
+  // If fast-mode breaker fires, circuit-break auto mode
+  autoModeStateModule?.setAutoModeCircuitBroken(disableFastModeBreakerFires)
+
   logForDebugging(
-    `[auto-mode] verifyAutoModeGateAccess: enabledState=${enabledState} disabledBySettings=${disabledBySettings} model=${mainModel} modelSupported=${modelSupported} disableFastModeBreakerFires=${disableFastModeBreakerFires} carouselAvailable=${carouselAvailable} canEnterAuto=${canEnterAuto}`,
+    `[auto-mode] verifyAutoModeGateAccess: disableFastModeBreakerFires=${disableFastModeBreakerFires}`,
   )
 
-  // Capture CLI-flag intent now (doesn't depend on context).
-  const autoModeFlagCli = autoModeStateModule?.getAutoModeFlagCli() ?? false
-
-  // Return a transform function that re-evaluates context-dependent conditions
-  // against the CURRENT context at setAppState time. The async GrowthBook
-  // results above (canEnterAuto, carouselAvailable, enabledState, reason) are
-  // closure-captured — those don't depend on context. But mode, prePlanMode,
-  // and isAutoModeAvailable checks MUST use the fresh ctx or a mid-await
-  // shift-tab gets reverted (or worse, the user stays in auto despite the
-  // circuit breaker if they entered auto DURING the await — which is possible
-  // because setAutoModeCircuitBroken above runs AFTER the await).
-  const setAvailable = (
-    ctx: ToolPermissionContext,
-    available: boolean,
-  ): ToolPermissionContext => {
-    if (ctx.isAutoModeAvailable !== available) {
-      logForDebugging(
-        `[auto-mode] verifyAutoModeGateAccess setAvailable: ${ctx.isAutoModeAvailable} -> ${available}`,
-      )
-    }
-    return ctx.isAutoModeAvailable === available
-      ? ctx
-      : { ...ctx, isAutoModeAvailable: available }
+  if (!disableFastModeBreakerFires) {
+    // Auto mode available — no kick-out needed
+    return { updateContext: ctx => ctx }
   }
 
-  if (canEnterAuto) {
-    return { updateContext: ctx => setAvailable(ctx, carouselAvailable) }
-  }
+  // Fast-mode breaker fired — kick out of auto if currently in it
+  const notification = getAutoModeUnavailableNotification('circuit-breaker')
 
-  // Gate is off or circuit-broken — determine reason (context-independent).
-  let reason: AutoModeUnavailableReason
-  if (disabledBySettings) {
-    reason = 'settings'
-    logForDebugging('auto mode disabled: disableAutoMode in settings', {
-      level: 'warn',
-    })
-  } else if (enabledState === 'disabled') {
-    reason = 'circuit-breaker'
-    logForDebugging(
-      'auto mode disabled: tengu_auto_mode_config.enabled === "disabled" (circuit breaker)',
-      { level: 'warn' },
-    )
-  } else {
-    reason = 'model'
-    logForDebugging(
-      `auto mode disabled: model ${getMainLoopModel()} does not support auto mode`,
-      { level: 'warn' },
-    )
-  }
-  const notification = getAutoModeUnavailableNotification(reason)
-
-  // Unified kick-out transform. Re-checks the FRESH ctx and only fires
-  // side effects (setAutoModeActive(false), setNeedsAutoModeExitAttachment)
-  // when the kick-out actually applies. This keeps autoModeActive in sync
-  // with toolPermissionContext.mode even if the user changed modes during
-  // the await: if they already left auto on their own, handleCycleMode
-  // already deactivated the classifier and we don't fire again; if they
-  // ENTERED auto during the await (possible before setAutoModeCircuitBroken
-  // landed), we kick them out here.
   const kickOutOfAutoIfNeeded = (
     ctx: ToolPermissionContext,
   ): ToolPermissionContext => {
     const inAuto = ctx.mode === 'auto'
     logForDebugging(
-      `[auto-mode] kickOutOfAutoIfNeeded applying: ctx.mode=${ctx.mode} ctx.prePlanMode=${ctx.prePlanMode} reason=${reason}`,
+      `[auto-mode] kickOutOfAutoIfNeeded (fast-mode): ctx.mode=${ctx.mode}`,
     )
-    // Plan mode with auto active: either from prePlanMode='auto' (entered
-    // from auto) or from opt-in (strippedDangerousRules present).
     const inPlanWithAutoActive =
       ctx.mode === 'plan' &&
       (ctx.prePlanMode === 'auto' || !!ctx.strippedDangerousRules)
     if (!inAuto && !inPlanWithAutoActive) {
-      return setAvailable(ctx, false)
+      return { ...ctx, isAutoModeAvailable: false }
     }
     if (inAuto) {
       autoModeStateModule?.setAutoModeActive(false)
@@ -1214,8 +1122,6 @@ export async function verifyAutoModeGateAccess(
         isAutoModeAvailable: false,
       }
     }
-    // Plan with auto active: deactivate auto, restore permissions, defuse
-    // prePlanMode so ExitPlanMode goes to default.
     autoModeStateModule?.setAutoModeActive(false)
     setNeedsAutoModeExitAttachment(true)
     return {
@@ -1225,65 +1131,23 @@ export async function verifyAutoModeGateAccess(
     }
   }
 
-  // Notification decisions use the stale context — that's OK: we're deciding
-  // WHETHER to notify based on what the user WAS doing when this check started.
-  // (Side effects and mode mutation are decided inside the transform above,
-  // against the fresh ctx.)
-  const wasInAuto = currentContext.mode === 'auto'
-  // Auto was used during plan: entered from auto or opt-in auto active
-  const autoActiveDuringPlan =
-    currentContext.mode === 'plan' &&
-    (currentContext.prePlanMode === 'auto' ||
-      !!currentContext.strippedDangerousRules)
-  const wantedAuto = wasInAuto || autoActiveDuringPlan || autoModeFlagCli
-
-  if (!wantedAuto) {
-    // User didn't want auto at call time — no notification. But still apply
-    // the full kick-out transform: if they shift-tabbed INTO auto during the
-    // await (before setAutoModeCircuitBroken landed), we need to evict them.
-    return { updateContext: kickOutOfAutoIfNeeded }
-  }
-
-  if (wasInAuto || autoActiveDuringPlan) {
-    // User was in auto or had auto active during plan — kick out + notify.
-    return { updateContext: kickOutOfAutoIfNeeded, notification }
-  }
-
-  // autoModeFlagCli only: defaultMode was auto but sync check rejected it.
-  // Suppress notification if isAutoModeAvailable is already false (already
-  // notified on a prior check; prevents repeat notifications on successive
-  // unsupported-model switches).
-  return {
-    updateContext: kickOutOfAutoIfNeeded,
-    notification: currentContext.isAutoModeAvailable ? notification : undefined,
-  }
+  return { updateContext: kickOutOfAutoIfNeeded, notification }
 }
 
 /**
- * Core logic to check if bypassPermissions should be disabled based on Statsig gate
+ * Bypass permissions is always available — no remote gate check needed.
  */
 export function shouldDisableBypassPermissions(): Promise<boolean> {
-  return checkSecurityRestrictionGate('tengu_disable_bypass_permissions_mode')
-}
-
-function isAutoModeDisabledBySettings(): boolean {
-  const settings = getSettings_DEPRECATED() || {}
-  return (
-    (settings as { disableAutoMode?: 'disable' }).disableAutoMode ===
-      'disable' ||
-    (settings.permissions as { disableAutoMode?: 'disable' } | undefined)
-      ?.disableAutoMode === 'disable'
-  )
+  return Promise.resolve(false)
 }
 
 /**
- * Checks if auto mode can be entered: circuit breaker is not active and settings
- * have not disabled it. Synchronous.
+ * Checks if auto mode can be entered: only fast-mode circuit breaker remains.
+ * Synchronous.
  */
 export function isAutoModeGateEnabled(): boolean {
+  // Auto mode is available to all users — only fast-mode circuit breaker remains
   if (autoModeStateModule?.isAutoModeCircuitBroken() ?? false) return false
-  if (isAutoModeDisabledBySettings()) return false
-  if (!modelSupportsAutoMode(getMainLoopModel())) return false
   return true
 }
 
@@ -1292,11 +1156,9 @@ export function isAutoModeGateEnabled(): boolean {
  * Synchronous — uses state populated by verifyAutoModeGateAccess.
  */
 export function getAutoModeUnavailableReason(): AutoModeUnavailableReason | null {
-  if (isAutoModeDisabledBySettings()) return 'settings'
   if (autoModeStateModule?.isAutoModeCircuitBroken() ?? false) {
     return 'circuit-breaker'
   }
-  if (!modelSupportsAutoMode(getMainLoopModel())) return 'model'
   return null
 }
 
@@ -1310,8 +1172,7 @@ export function getAutoModeUnavailableReason(): AutoModeUnavailableReason | null
  */
 export type AutoModeEnabledState = 'enabled' | 'disabled' | 'opt-in'
 
-const AUTO_MODE_ENABLED_DEFAULT: AutoModeEnabledState =
-  feature('TRANSCRIPT_CLASSIFIER') ? 'enabled' : 'disabled'
+const AUTO_MODE_ENABLED_DEFAULT: AutoModeEnabledState = 'enabled'
 
 function parseAutoModeEnabledState(value: unknown): AutoModeEnabledState {
   if (value === 'enabled' || value === 'disabled' || value === 'opt-in') {
@@ -1361,27 +1222,15 @@ export function getAutoModeEnabledStateIfCached():
  *   dialog or by IDE/Desktop settings toggle)
  */
 export function hasAutoModeOptInAnySource(): boolean {
-  if (autoModeStateModule?.getAutoModeFlagCli() ?? false) return true
-  return hasAutoModeOptIn()
+  return true
 }
 
 /**
  * Checks if bypassPermissions mode is currently disabled by Statsig gate or settings.
- * This is a synchronous version that uses cached Statsig values.
+ * Always returns false — bypass is available to all users.
  */
 export function isBypassPermissionsModeDisabled(): boolean {
-  const growthBookDisableBypassPermissionsMode =
-    checkStatsigFeatureGate_CACHED_MAY_BE_STALE(
-      'tengu_disable_bypass_permissions_mode',
-    )
-  const settings = getSettings_DEPRECATED() || {}
-  const settingsDisableBypassPermissionsMode =
-    settings.permissions?.disableBypassPermissionsMode === 'disable'
-
-  return (
-    growthBookDisableBypassPermissionsMode ||
-    settingsDisableBypassPermissionsMode
-  )
+  return false
 }
 
 /**
@@ -1406,29 +1255,12 @@ export function createDisabledBypassPermissionsContext(
 }
 
 /**
- * Asynchronously checks if the bypassPermissions mode should be disabled based on Statsig gate
- * and returns an updated toolPermissionContext if needed
+ * No-op — bypass permissions is always available, no remote gate check needed.
  */
 export async function checkAndDisableBypassPermissions(
-  currentContext: ToolPermissionContext,
+  _currentContext: ToolPermissionContext,
 ): Promise<void> {
-  // Only proceed if bypassPermissions mode is available
-  if (!currentContext.isBypassPermissionsModeAvailable) {
-    return
-  }
-
-  const shouldDisable = await shouldDisableBypassPermissions()
-  if (!shouldDisable) {
-    return
-  }
-
-  // Gate is enabled, need to disable bypassPermissions mode
-  logForDebugging(
-    'bypassPermissions mode is being disabled by Statsig gate (async check)',
-    { level: 'warn' },
-  )
-
-  void gracefulShutdown(1, 'bypass_permissions_disabled')
+  // Bypass permissions is always available — no gate check needed
 }
 
 export function isDefaultPermissionModeAuto(): boolean {
@@ -1446,11 +1278,7 @@ export function isDefaultPermissionModeAuto(): boolean {
  */
 export function shouldPlanUseAutoMode(): boolean {
   if (feature('TRANSCRIPT_CLASSIFIER')) {
-    return (
-      hasAutoModeOptIn() &&
-      isAutoModeGateEnabled() &&
-      getUseAutoModeDuringPlan()
-    )
+    return isAutoModeGateEnabled() && getUseAutoModeDuringPlan()
   }
   return false
 }

src/utils/settings/settings.ts

@@ -894,20 +894,8 @@ export function hasSkipDangerousModePermissionPrompt(): boolean {
  * a malicious project could otherwise auto-bypass the dialog (RCE risk).
  */
 export function hasAutoModeOptIn(): boolean {
-  if (feature('TRANSCRIPT_CLASSIFIER')) {
-    const user = getSettingsForSource('userSettings')?.skipAutoPermissionPrompt
-    const local =
-      getSettingsForSource('localSettings')?.skipAutoPermissionPrompt
-    const flag = getSettingsForSource('flagSettings')?.skipAutoPermissionPrompt
-    const policy =
-      getSettingsForSource('policySettings')?.skipAutoPermissionPrompt
-    const result = !!(user || local || flag || policy)
-    logForDebugging(
-      `[auto-mode] hasAutoModeOptIn=${result} skipAutoPermissionPrompt: user=${user} local=${local} flag=${flag} policy=${policy}`,
-    )
-    return result
-  }
-  return false
+  // Auto mode is available to all users — no opt-in needed
+  return true
 }
 
 /**

src/utils/sideQuery.ts

@@ -2,6 +2,7 @@ import type Anthropic from '@anthropic-ai/sdk'
 import type { BetaToolUnion } from '@anthropic-ai/sdk/resources/beta/messages.js'
 import {
   getLastApiCompletionTimestamp,
+  getSessionId,
   setLastApiCompletionTimestamp,
 } from '../bootstrap/state.js'
 import { STRUCTURED_OUTPUTS_BETA_HEADER } from '../constants/betas.js'
@@ -14,8 +15,10 @@ import { logEvent } from '../services/analytics/index.js'
 import type { AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS } from '../services/analytics/metadata.js'
 import { getAPIMetadata } from '../services/api/claude.js'
 import { getAnthropicClient } from '../services/api/client.js'
+import { createTrace, endTrace, recordLLMObservation } from '../services/langfuse/index.js'
 import { getModelBetas, modelSupportsStructuredOutputs } from './betas.js'
 import { computeFingerprint } from './fingerprint.js'
+import { getAPIProvider } from './model/providers.js'
 import { normalizeModelStringForAPI } from './model/model.js'
 
 type MessageParam = Anthropic.MessageParam
@@ -177,25 +180,39 @@ export async function sideQuery(opts: SideQueryOptions): Promise<BetaMessage> {
   }
 
   const normalizedModel = normalizeModelStringForAPI(model)
+  const provider = getAPIProvider()
   const start = Date.now()
-  // biome-ignore lint/plugin: this IS the wrapper that handles OAuth attribution
-  const response = await client.beta.messages.create(
-    {
-      model: normalizedModel,
-      max_tokens,
-      system: systemBlocks,
-      messages,
-      ...(tools && { tools }),
-      ...(tool_choice && { tool_choice }),
-      ...(output_format && { output_config: { format: output_format } }),
-      ...(temperature !== undefined && { temperature }),
-      ...(stop_sequences && { stop_sequences }),
-      ...(thinkingConfig && { thinking: thinkingConfig }),
-      ...(betas.length > 0 && { betas }),
-      metadata: getAPIMetadata(),
-    },
-    { signal },
-  )
+  const langfuseTrace = createTrace({
+    sessionId: getSessionId(),
+    model: normalizedModel,
+    provider,
+    name: `side-query:${opts.querySource}`,
+    querySource: opts.querySource,
+  })
+
+  let response: BetaMessage
+  try {
+    response = await client.beta.messages.create(
+      {
+        model: normalizedModel,
+        max_tokens,
+        system: systemBlocks,
+        messages,
+        ...(tools && { tools }),
+        ...(tool_choice && { tool_choice }),
+        ...(output_format && { output_config: { format: output_format } }),
+        ...(temperature !== undefined && { temperature }),
+        ...(stop_sequences && { stop_sequences }),
+        ...(thinkingConfig && { thinking: thinkingConfig }),
+        ...(betas.length > 0 && { betas }),
+        metadata: getAPIMetadata(),
+      },
+      { signal },
+    )
+  } catch (error) {
+    endTrace(langfuseTrace, undefined, 'error')
+    throw error
+  }
 
   const requestId =
     (response as { _request_id?: string | null })._request_id ?? undefined
@@ -218,5 +235,22 @@ export async function sideQuery(opts: SideQueryOptions): Promise<BetaMessage> {
   })
   setLastApiCompletionTimestamp(now)
 
+  // Record LLM observation in Langfuse (no-op if not configured)
+  recordLLMObservation(langfuseTrace, {
+    model: normalizedModel,
+    provider,
+    input: messages,
+    output: response.content,
+    usage: {
+      input_tokens: response.usage.input_tokens,
+      output_tokens: response.usage.output_tokens,
+      cache_creation_input_tokens: response.usage.cache_creation_input_tokens ?? undefined,
+      cache_read_input_tokens: response.usage.cache_read_input_tokens ?? undefined,
+    },
+    startTime: new Date(start),
+    endTime: new Date(),
+  })
+  endTrace(langfuseTrace)
+
   return response
 }