Require explicit interactive consent before self-updating status runs (#15)

Users reported accidental updates when no input was intended. The update check now always prompts in interactive terminals and only honors MUSAFETY_AUTO_UPDATE_APPROVAL in non-interactive runs.

Constraint: Keep non-interactive automation support for CI/scripting
Rejected: Remove env-based auto-approval entirely | would break existing unattended workflows
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep interactive update decisions explicit unless a user passes a command flag for opt-in behavior
Tested: npm test (43/43); pseudo-interactive run with MUSAFETY_AUTO_UPDATE_APPROVAL=yes showed prompt and skipped on blank input
Not-tested: Real human tty keystroke path in all terminal emulators

Co-authored-by: NagyVikt <nagy.viktordp@gmail.com>

Author: NagyVikt

bin/multiagent-safety.js

@@ -1262,12 +1262,12 @@ function maybeSelfUpdateBeforeStatus() {
     return;
   }
 
-  const shouldUpdate = autoApproval != null
-    ? autoApproval
-    : promptYesNo(
+  const shouldUpdate = interactive
+    ? promptYesNo(
       `Update now? (${NPM_BIN} i -g ${packageJson.name}@latest)`,
       false,
-    );
+    )
+    : autoApproval;
 
   if (!shouldUpdate) {
     console.log(`[${TOOL_NAME}] Skipped update.`);

test/install.test.js

@@ -364,7 +364,7 @@ test('self-update prompt defaults to no when approval is not preconfigured', ()
   const source = fs.readFileSync(cliPath, 'utf8');
   assert.match(
     source,
-    /promptYesNo\(\s*`Update now\?\s*\(\$\{NPM_BIN\} i -g \$\{packageJson\.name\}@latest\)`\s*,\s*false,\s*\)/s,
+    /const shouldUpdate = interactive\s*\?\s*promptYesNo\(\s*`Update now\?\s*\(\$\{NPM_BIN\} i -g \$\{packageJson\.name\}@latest\)`\s*,\s*false,\s*\)\s*:\s*autoApproval;/s,
   );
 });