Web UI: exit-plan-mode approval lacks permission mode and implementation mode options

[hqhq1025]

Problem

When approving an exit_plan_mode request from the HAPI web UI, the current PermissionFooter only sends a bare approval without any additional options. This creates two limitations:

1. No post-plan permission mode selection

The web approval calls approvePermission(sessionId, permissionId) without a mode parameter (PermissionFooter.tsx:143). The CLI handler defaults to 'default' mode (permissionHandler.ts:242), so there's no way to start implementation with acceptEdits or bypassPermissions from the web UI.

The "Allow all edits" button is hidden for exit_plan_mode (PermissionFooter.tsx:134-135), and there's no equivalent selector.

2. No keep_context / clear_context option

The current implementation always uses queue.unshift() which preserves the existing context (permissionHandler.ts:240-243). There's no way for the user to choose clear_context (clear the Claude session and restart fresh with just the approved plan).

This matters because:

• Long planning sessions accumulate context that may confuse the implementation phase
• clear_context would need to clear claudeSessionId, reset permission allowlists, and drain the message queue to prevent stale prompts from leaking into the fresh session

3. Stale queue entries leak into clear_context restarts

Even if clear_context were implemented, using queue.unshift() / queue.unshiftIsolate() preserves the rest of the queue. Any user messages queued before approval would replay into the fresh session, leaking old-context instructions.

Relevant code

• cli/src/claude/utils/permissionHandler.ts:233-248 — exit_plan_mode approval handler
• cli/src/claude/utils/permissionHandler.ts:296-300 — bypassPermissions (YOLO) path
• web/src/components/ToolCard/PermissionFooter.tsx:134-144 — web approval UI (no mode selector)

Expected behavior

The exit-plan-mode approval flow should allow the user to:

1. Choose a post-plan permission mode (default / acceptEdits / bypassPermissions)
2. Choose an implementation mode (keep_context / clear_context)
3. If clear_context, properly drain the queue and reset session state

cc @xyzhang626 (working on this in #413 — this issue tracks the underlying bugs independently of that PR's scope)

[github-actions]

Confirmed in the current codebase.

exit_plan_mode approvals from the web footer currently submit a bare approval with no extra options, so the web UI does not expose a post-plan permission-mode choice. On the Claude side, the exit-plan handler only honors default, acceptEdits, and bypassPermissions; if no supported mode is provided, it falls back to default.

I also did not find any existing keep_context / clear_context field in the web -> hub -> CLI approval payload. For queue handling, the exit-plan path uses queue.unshift(...), which preserves older queued entries. The queue class does have a clearing primitive, pushIsolateAndClear(...), but it is not used in this flow. The only Claude session-reset path I found is the /clear command path, which clears the Claude session id before the next launch.

Relevant code:

• web/src/components/ToolCard/PermissionFooter.tsx:130 - hides session-wide allow for exit_plan_mode; approve() posts approval with no mode/options at web/src/components/ToolCard/PermissionFooter.tsx:143
• web/src/api/client.ts:344 - approval payload supports mode, allowTools, decision, and answers; no implementation-context field
• hub/src/web/routes/permissions.ts:18 - server-side approve schema has no clear_context / keep_context field; it forwards only the existing fields at hub/src/web/routes/permissions.ts:67
• cli/src/claude/utils/permissionHandler.ts:35 - Claude exit-plan flow only accepts default, acceptEdits, and bypassPermissions; unsupported or missing mode falls back to default at cli/src/claude/utils/permissionHandler.ts:239
• cli/src/utils/MessageQueue2.ts:111 - pushIsolateAndClear(...) exists and clears pending queue entries
• cli/src/claude/claudeRemote.ts:102 - /clear triggers a session reset; cli/src/claude/claudeRemoteLauncher.ts:346 clears the Claude session id
• shared/src/modes.ts:8 - plan is part of Claude's permission-mode set, but cli/src/claude/utils/permissionHandler.ts:35 does not include it in PLAN_EXIT_MODES

---

HAPI Bot