Add channels mode patch (tengu_harbor bypass)

[viceversaco]

Summary

Adds a channels-mode patch that force-enables MCP channel notifications by bypassing the tengu_harbor feature gate and related checks. This allows --channels to work without --dangerously-load-development-channels and its per-session confirmation dialog.

Toggled via enableChannelsMode in the Misc settings TUI.

What it patches

The patch has 5 sub-patches:

1. isChannelsEnabled() — bypasses the tengu_harbor GrowthBook gate (master on/off)
2. gateChannelServer() — returns {action:"register"} after the capability check, skipping auth, org policy, session, and allowlist gates
3. isChannelPermissionRelayEnabled() — bypasses the tengu_harbor_permissions gate
4. ChannelsNotice warning text — replaces the "Experimental · prompt injection risks" banner with "Channels active"
5. ChannelsNotice dev-flag warning — removes the "server: entries need --dangerously-load-development-channels" line

Note on scope

Patch 2 is a blanket bypass — after the capability check (does the server declare claude/channel?), it skips all remaining gates (OAuth auth, Teams/Enterprise policy, session allowlist, plugin/server allowlist). This keeps the patch simple and covers all channel use cases, but it does mean those intermediate checks are fully bypassed rather than selectively targeted.

If you'd prefer to split this up — e.g., separate patches for the feature gate vs. allowlist vs. notice suppression, or more surgical targeting of individual gates — happy to rework it.

Usage

tweakcc --apply --patches "channels-mode,..."
# Then start Claude Code with:
claude --channels server:myserver

Summary by CodeRabbit

• New Features

  • Added a new "Channels Mode" toggle in miscellaneous preferences (default: off) to enable MCP channel functionality.

• UI/UX Improvements

  • When Channels Mode is enabled, authentication flows are simplified and several experimental warnings and development-channel setup notifications are suppressed for a cleaner experience.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 268cced7-ad0c-4e08-95be-c2fc03d087f6

📥 Commits

Reviewing files that changed from the base of the PR and between 286c3fd and 7d47e73.

📒 Files selected for processing (1)

• src/patches/channelsMode.ts

🚧 Files skipped from review as they are similar to previous changes (1)

• src/patches/channelsMode.ts

---

📝 Walkthrough

Walkthrough

Adds a new misc.enableChannelsMode boolean setting, UI toggle, type/default updates, and a new patch (channels-mode) that rewrites bundled code to force-enable channel-related gates and remove related warning banners.

Changes

Cohort / File(s)	Summary
Configuration & Types src/defaultSettings.ts, src/types.ts	Added misc.enableChannelsMode: boolean to DEFAULT_SETTINGS and MiscConfig (default: false).
UI Component src/ui/components/MiscView.tsx	Added toggle UI for enableChannelsMode, reads current state and updates settings via ensureMisc() + updateSettings.
Patch Implementation src/patches/channelsMode.ts	New `writeChannelsMode(oldFile: string): string
Patch Registration src/patches/index.ts	Registered channels-mode (FEATURES) in PATCH_DEFINITIONS and wired patchImplementations to call writeChannelsMode(c) when config.settings.misc?.enableChannelsMode is truthy.

Sequence Diagram(s)

(Skipped — changes are patch/file-rewrite focused and do not introduce a multi-component runtime interaction flow requiring a sequence diagram.)

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• feat: add worktree mode patch to force-enable EnterWorktree tool #530: Adds a misc flag and a similar patch module that rewrites a bundle to force-enable a feature; overlaps in patch approach and registration.
• Misc fixes #440: Refactors patch grouping and patch interfaces in src/patches/index.ts; may affect how channels-mode is registered/executed.
• fix: make model customizations configurable and update models to latest #572: Adds a misc boolean setting and wires a new patch through PATCH_DEFINITIONS gated by config.settings.misc, similar wiring pattern.

Suggested reviewers

• bl-ue
• georpar

Poem

🐰
I nibble at code, a gentle prod,
Gates open wide where once they trod,
Banners hush and channels sing,
Restart the world — hear messages ping! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a channels mode patch that bypasses tengu_harbor feature gates to enable MCP channel notifications.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/patches/channelsMode.ts`:
- Around line 116-136: The current patchPermissionRelay function force-enables
the "tengu_harbor_permissions" gate as part of the channels-mode patch; extract
this behavior into a separate opt-in patch and stop applying it automatically
from channels-mode. Specifically, remove the automatic insertion call (or
prevent calling patchPermissionRelay) from wherever channels-mode applies
patches, create a distinct opt-in function/flag named patchPermissionRelay (or
patchPermissionRelayOptIn) that only runs when an explicit permission-relay
toggle is enabled, and ensure channels-mode uses only the channel-related patch
logic. Update any UI/config toggle or patch application logic to expose the new
opt-in flag and document that patchPermissionRelay is separate from
channels-mode.
- Around line 150-173: patchChannelsNotice currently treats failing to locate
the cosmetic warning as an unrecoverable error and returns null; change it to be
best-effort: when the regex match fails (or match.index is undefined) log a
non-fatal warning and return the original file string unchanged instead of null
so UI-only rewrites don't block functional patches; apply the same behavior to
the sibling functions referenced (other cosmetic patch helpers used by
writeChannelsMode / writeChannelsMode callers) so cosmetic patch failures never
cause the gate bypass to be skipped.
- Around line 90-109: The injected early return in patchGateFunction (insertion
= 'return{action:"register"};') short-circuits downstream auth/policy/session
guards for gateChannelServer; instead of returning, change the insertion to set
a sentinel flag (e.g. '__patched_channel_register = true;') or call a
non-returning helper (e.g. '__markChannelRegistration()') so the code records
that the server advertised claude/channel but lets the existing
auth/policy/session checks continue to run; update the insertion string in
patchGateFunction and keep showDiff/newFile logic the same so no control-flow is
changed by the patch.

In `@src/ui/components/MiscView.tsx`:
- Around line 437-450: The enableChannelsMode toggle currently flips on with one
press and must require an explicit acknowledgement like
allowBypassPermissionsInSudo: change the toggle handler for the item with id
'enableChannelsMode' to open the same confirmation/ack dialog used by
allowBypassPermissionsInSudo (or reuse its confirmation helper), only call
updateSettings/ensureMisc to flip settings.misc!.enableChannelsMode after the
user explicitly confirms, and update the title/description copy to warn that
this bypasses tengu_harbor, allowlist, org/session auth, and force-enables
permission relay (broader blast radius).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 7e7d621b-f8fc-46ed-81eb-a60ee52f3de0

📥 Commits

Reviewing files that changed from the base of the PR and between bc5cdbe and 286c3fd.

📒 Files selected for processing (5)

• src/defaultSettings.ts
• src/patches/channelsMode.ts
• src/patches/index.ts
• src/types.ts
• src/ui/components/MiscView.tsx

[viceversaco]

Thanks for the review. Addressing each comment:

1. Don't short-circuit gateChannelServer (Critical)

Dismissing. The entire purpose of this patch is to bypass the channel gates so --channels works without the tengu_harbor feature flag rollout. A sentinel flag that lets auth/policy/session checks continue to run would defeat the purpose — those downstream guards reject server: entries that lack entry.dev, which is the exact gate we're bypassing. Users opting into this patch are explicitly choosing to skip these checks.

2. Permission relay needs separate opt-in (Critical)

Dismissing. Permission relay (tengu_harbor_permissions) is essential for the primary use case: headless agent orchestration. Headless agents can't show TUI permission dialogs, so permission relay is the only way tool approvals work. Splitting it into a separate toggle would mean users need to flip two switches to get a working setup. The MCP server still has to explicitly declare claude/channel/permission capability to opt in — it's not force-enabled on all channel servers.

3. Cosmetic patches as hard dependency (Major)

Good catch — accepted. Cosmetic patches (notice text rewrite, dev-flag warning removal) now use ?? newFile fallback so upstream string changes don't block the functional gate bypasses. Fixed in next commit.

4. Confirmation dialog on toggle (Major)

Passing on this for now. tweakcc is an opt-in power-user tool — users have already made a deliberate choice to install and configure it. Adding a confirmation dialog on top of that adds friction without meaningful safety benefit.

[bl-ue]

Looks cool! Thank you!

[viceversaco]

Thanks! Wait till you see what I'm doing with it 😉 sharing soon.