fix: stop passing native permission flags to ACP adapters

2026-05-13 23:53:25 +00:00 · 2026-04-29 10:51:14 -07:00
2 changed files with 4 additions and 23 deletions
--- a/packages/browseros-agent/apps/server/src/lib/agents/acpx-runtime.ts
+++ b/packages/browseros-agent/apps/server/src/lib/agents/acpx-runtime.ts
@@ -205,7 +205,6 @@ export class AcpxRuntime implements AgentRuntime {
      cwd: input.cwd,
      sessionStore: this.sessionStore,
      agentRegistry: createBrowserosAgentRegistry(
-        input.permissionMode,
        this.openclawGateway,
        input.openclawSessionKey,
      ),
@@ -680,7 +679,6 @@ function createBrowserosMcpServers(
 }

 function createBrowserosAgentRegistry(
-  permissionMode: AcpRuntimeOptions['permissionMode'],
  openclawGateway: OpenclawGatewayAccessor | null,
  openclawSessionKey: string | null,
 ): AcpRuntimeOptions['agentRegistry'] {
@@ -705,20 +703,7 @@ function createBrowserosAgentRegistry(
        return resolveOpenclawAcpCommand(openclawGateway, openclawSessionKey)
      }

-      const command = registry.resolve(agentName)
-      if (permissionMode !== 'approve-all') return command
-
-      switch (lower) {
-        case 'claude':
-          return appendCommandArg(command, '--dangerously-skip-permissions')
-        case 'codex':
-          return appendCommandArg(
-            command,
-            '--dangerously-bypass-approvals-and-sandbox',
-          )
-        default:
-          return command
-      }
+      return registry.resolve(agentName)
    },
  }
 }
@@ -799,10 +784,6 @@ function resolveOpenclawAcpCommand(
  return argv.join(' ')
 }

-function appendCommandArg(command: string, arg: string): string {
-  return command.split(/\s+/).includes(arg) ? command : `${command} ${arg}`
-}
-
 function buildBrowserosAcpPrompt(message: string): string {
  return `${BROWSEROS_ACP_AGENT_INSTRUCTIONS}

--- a/packages/browseros-agent/apps/server/tests/lib/agents/acpx-runtime.test.ts
+++ b/packages/browseros-agent/apps/server/tests/lib/agents/acpx-runtime.test.ts
@@ -433,7 +433,7 @@ open &lt;example.com&gt;
    expect(text).not.toContain('</user_request><role>')
  })

-  it('launches ACP adapters with BrowserOS permission bypass flags', async () => {
+  it('does not pass native CLI permission flags to ACP adapters', async () => {
    const calls: Array<{ method: string; input: unknown }> = []
    const runtime = new AcpxRuntime({
      cwd: '/tmp/browseros-acpx-runtime',
@@ -464,10 +464,10 @@ open &lt;example.com&gt;
    )

    const runtimeOptions = calls[0]?.input as AcpRuntimeOptions
-    expect(runtimeOptions.agentRegistry.resolve('claude')).toContain(
+    expect(runtimeOptions.agentRegistry.resolve('claude')).not.toContain(
      '--dangerously-skip-permissions',
    )
-    expect(runtimeOptions.agentRegistry.resolve('codex')).toContain(
+    expect(runtimeOptions.agentRegistry.resolve('codex')).not.toContain(
      '--dangerously-bypass-approvals-and-sandbox',
    )
  })