From c39f38eedd6b07057ed8ae8ff124b5c140db28c7 Mon Sep 17 00:00:00 2001
From: NagyVikt <nagy.viktordp@gmail.com>
Date: Sat, 11 Apr 2026 13:54:10 +0200
Subject: [PATCH] Require explicit interactive consent before self-updating
 status runs

Users reported accidental updates when no input was intended. The update check now always prompts in interactive terminals and only honors MUSAFETY_AUTO_UPDATE_APPROVAL in non-interactive runs.

Constraint: Keep non-interactive automation support for CI/scripting
Rejected: Remove env-based auto-approval entirely | would break existing unattended workflows
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep interactive update decisions explicit unless a user passes a command flag for opt-in behavior
Tested: npm test (43/43); pseudo-interactive run with MUSAFETY_AUTO_UPDATE_APPROVAL=yes showed prompt and skipped on blank input
Not-tested: Real human tty keystroke path in all terminal emulators
---
 bin/multiagent-safety.js | 8 ++++----
 test/install.test.js     | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/bin/multiagent-safety.js b/bin/multiagent-safety.js
index e4b52a2..0a5fb61 100755
--- a/bin/multiagent-safety.js
+++ b/bin/multiagent-safety.js
@@ -1262,12 +1262,12 @@ function maybeSelfUpdateBeforeStatus() {
     return;
   }
 
-  const shouldUpdate = autoApproval != null
-    ? autoApproval
-    : promptYesNo(
+  const shouldUpdate = interactive
+    ? promptYesNo(
       `Update now? (${NPM_BIN} i -g ${packageJson.name}@latest)`,
       false,
-    );
+    )
+    : autoApproval;
 
   if (!shouldUpdate) {
     console.log(`[${TOOL_NAME}] Skipped update.`);
diff --git a/test/install.test.js b/test/install.test.js
index f9e492d..140ad63 100644
--- a/test/install.test.js
+++ b/test/install.test.js
@@ -364,7 +364,7 @@ test('self-update prompt defaults to no when approval is not preconfigured', ()
   const source = fs.readFileSync(cliPath, 'utf8');
   assert.match(
     source,
-    /promptYesNo\(\s*`Update now\?\s*\(\$\{NPM_BIN\} i -g \$\{packageJson\.name\}@latest\)`\s*,\s*false,\s*\)/s,
+    /const shouldUpdate = interactive\s*\?\s*promptYesNo\(\s*`Update now\?\s*\(\$\{NPM_BIN\} i -g \$\{packageJson\.name\}@latest\)`\s*,\s*false,\s*\)\s*:\s*autoApproval;/s,
   );
 });