From 68dc957699103914a0ebaa6016505fb989799374 Mon Sep 17 00:00:00 2001
From: Garry Tan <garrytan@gmail.com>
Date: Sat, 28 Mar 2026 22:53:08 -0700
Subject: [PATCH] feat: sidebar Write tool, stderr capture, cross-platform URL
 opener (#584)

Add Write to sidebar allowedTools (both sidebar-agent.ts and server.ts).
Write doesn't expand attack surface beyond what Bash already provides.
Replace empty stderr handler with buffer capture for better error
diagnostics. New bin/gstack-open-url for cross-platform URL opening.

Does NOT include Search Before Building intro flow (deferred).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 bin/gstack-open-url         | 14 ++++++++++++++
 browse/src/server.ts        |  2 +-
 browse/src/sidebar-agent.ts | 25 ++++++++++++++++++++-----
 3 files changed, 35 insertions(+), 6 deletions(-)
 create mode 100755 bin/gstack-open-url

diff --git a/bin/gstack-open-url b/bin/gstack-open-url
new file mode 100755
index 00000000..72523137
--- /dev/null
+++ b/bin/gstack-open-url
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+# gstack-open-url — cross-platform URL opener
+#
+# Usage: gstack-open-url <url>
+set -euo pipefail
+
+URL="${1:?Usage: gstack-open-url <url>}"
+
+case "$(uname -s)" in
+  Darwin)  open "$URL" ;;
+  Linux)   xdg-open "$URL" 2>/dev/null || echo "$URL" ;;
+  MINGW*|MSYS*|CYGWIN*) start "$URL" ;;
+  *)       echo "$URL" ;;
+esac
diff --git a/browse/src/server.ts b/browse/src/server.ts
index dca38040..0333135d 100644
--- a/browse/src/server.ts
+++ b/browse/src/server.ts
@@ -404,7 +404,7 @@ function spawnClaude(userMessage: string, extensionUrl?: string | null): void {
 
   const prompt = `${systemPrompt}\n\nUser: ${userMessage}`;
   const args = ['-p', prompt, '--output-format', 'stream-json', '--verbose',
-    '--allowedTools', 'Bash,Read,Glob,Grep'];
+    '--allowedTools', 'Bash,Read,Glob,Grep,Write'];
   if (sidebarSession?.claudeSessionId) {
     args.push('--resume', sidebarSession.claudeSessionId);
   }
diff --git a/browse/src/sidebar-agent.ts b/browse/src/sidebar-agent.ts
index ecce778e..3691b171 100644
--- a/browse/src/sidebar-agent.ts
+++ b/browse/src/sidebar-agent.ts
@@ -160,8 +160,10 @@ async function askClaude(queueEntry: any): Promise<void> {
 
   return new Promise((resolve) => {
     // Build args fresh — don't trust --resume from queue (session may be stale)
+    // Write doesn't expand attack surface beyond what Bash already provides.
+    // The security boundary is the localhost-only message path, not the tool allowlist.
     let claudeArgs = ['-p', prompt, '--output-format', 'stream-json', '--verbose',
-      '--allowedTools', 'Bash,Read,Glob,Grep'];
+      '--allowedTools', 'Bash,Read,Glob,Grep,Write'];
 
     // Validate cwd exists — queue may reference a stale worktree
     let effectiveCwd = cwd || process.cwd();
@@ -187,20 +189,30 @@ async function askClaude(queueEntry: any): Promise<void> {
       }
     });
 
-    proc.stderr.on('data', () => {}); // Claude logs to stderr, ignore
+    let stderrBuffer = '';
+    proc.stderr.on('data', (data: Buffer) => {
+      stderrBuffer += data.toString();
+    });
 
     proc.on('close', (code) => {
       if (buffer.trim()) {
         try { handleStreamEvent(JSON.parse(buffer)); } catch {}
       }
-      sendEvent({ type: 'agent_done' }).then(() => {
+      const doneEvent: Record<string, any> = { type: 'agent_done' };
+      if (code !== 0 && stderrBuffer.trim()) {
+        doneEvent.stderr = stderrBuffer.trim().slice(-500);
+      }
+      sendEvent(doneEvent).then(() => {
         isProcessing = false;
         resolve();
       });
     });
 
     proc.on('error', (err) => {
-      sendEvent({ type: 'agent_error', error: err.message }).then(() => {
+      const errorMsg = stderrBuffer.trim()
+        ? `${err.message}\nstderr: ${stderrBuffer.trim().slice(-500)}`
+        : err.message;
+      sendEvent({ type: 'agent_error', error: errorMsg }).then(() => {
         isProcessing = false;
         resolve();
       });
@@ -210,7 +222,10 @@ async function askClaude(queueEntry: any): Promise<void> {
     const timeoutMs = parseInt(process.env.SIDEBAR_AGENT_TIMEOUT || '300000', 10);
     setTimeout(() => {
       try { proc.kill(); } catch {}
-      sendEvent({ type: 'agent_error', error: `Timed out after ${timeoutMs / 1000}s` }).then(() => {
+      const timeoutMsg = stderrBuffer.trim()
+        ? `Timed out after ${timeoutMs / 1000}s\nstderr: ${stderrBuffer.trim().slice(-500)}`
+        : `Timed out after ${timeoutMs / 1000}s`;
+      sendEvent({ type: 'agent_error', error: timeoutMsg }).then(() => {
         isProcessing = false;
         resolve();
       });