(input, _context)
| 583 | }, |
| 584 | |
| 585 | async checkPermissions(input, _context) { |
| 586 | if (feature('UDS_INBOX') && parseAddress(input.to).scheme === 'bridge') { |
| 587 | return { |
| 588 | behavior: 'ask' as const, |
| 589 | message: `Send a message to Remote Control session ${input.to}? It arrives as a user prompt on the receiving Claude (possibly another machine) via Anthropic's servers.`, |
| 590 | // safetyCheck (not mode) — permissions.ts guards this before both |
| 591 | // bypassPermissions (step 1g) and auto-mode's allowlist/classifier. |
| 592 | // Cross-machine prompt injection must stay bypass-immune. |
| 593 | decisionReason: { |
| 594 | type: 'safetyCheck', |
| 595 | reason: |
| 596 | 'Cross-machine bridge message requires explicit user consent', |
| 597 | classifierApprovable: false, |
| 598 | }, |
| 599 | } |
| 600 | } |
| 601 | return { behavior: 'allow' as const, updatedInput: input } |
| 602 | }, |
| 603 | |
| 604 | async validateInput(input, _context) { |
| 605 | if (input.to.trim().length === 0) { |
nothing calls this directly
no test coverage detected