You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks for the PR! The issue you identified is correct, and we appreciate the fix.
However, we've already addressed this in v2.5.0 (currently being released) with a broader architectural refactoring that goes beyond the immediate permission inheritance fix. Your PR is now superseded by the v2.5.0 changes.
How v2.5.0 solves this
What your PR does (and we agree with)
Propagate permission_checker into child AgentConfig ✅
Cover the default_decision = Allow edge case via is_default_policy() ✅
What v2.5.0 does additionally
Unified AgentDefinition::apply_to(&mut AgentConfig) — a single method that maps all agent definition fields onto child config. This eliminates the root cause: two independent code paths that can drift out of sync.
This means even if permission_checker returns Ask for an uncovered tool, the child run won't hit MissingConfirmationManager — it will auto-approve by default.
Removed guard_policy — the redundant defense-in-depth layer on ToolExecutor that you kept in your PR. Since apply_to() always sets permission_checker, the safety gate handles everything.
Mock LLM contract tests — 5 tests that verify the full task delegation path without network, covering permission allow/deny, confirmation auto-approve, step budget, and parallel execution.
SDK alignment — confirmation_inheritance field exposed in both Node and Python SDKs.
The is_default_policy() edge case
Your PR correctly identifies that default_decision = Allow (without explicit allow/deny rules) should also be propagated. In v2.5.0, this edge case is handled differently: ConfirmationInheritance::AutoApprove ensures that even if permission_checker is not set (because the policy looks "default"), the child run won't be denied. The net effect is the same — tools execute successfully.
The test_web_search_headless.rs issue you noted
We've also fixed this in v2.5.0 (commit 71ec109): wrapped SearchConfig in Arc to match the updated ToolContext field type.
Closing this PR since v2.5.0 fully supersedes it. Thank you for the contribution and the detailed analysis in Issue #28 — it directly informed our architectural improvements!
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
修复 #28。
变更内容
task/parallel_task创建子运行时,将被委派 agent 的非默认权限策略写入子AgentConfig.permission_checker。PermissionPolicy,覆盖default_decision = Allow这类没有 allow/deny 列表但仍然显式配置的策略。验证
cargo fmtcargo test -p a3s-code-core --libcargo test -p a3s-code-core --lib tools::task::testscargo test -p a3s-code-core --lib agent_api::agent_binding::tests补充说明:不带
--lib的cargo test -p a3s-code-core <filter>会编译 integration tests,目前 main 上已有的core/tests/test_web_search_headless.rs存在Option<SearchConfig>与Option<Arc<SearchConfig>>类型不匹配问题,会阻断该命令;这个问题不是本 PR 引入的。