test: reproduce #4285 — broken default agent commands for Claude and Codex#4290
Draft
github-actions[bot] wants to merge 1 commit into
Draft
test: reproduce #4285 — broken default agent commands for Claude and Codex#4290github-actions[bot] wants to merge 1 commit into
github-actions[bot] wants to merge 1 commit into
Conversation
…Codex Adds a co-located test file capturing the two misconfigured defaults reported in #4285: - Claude default `--permission-mode acceptEdits` does not enable auto mode (the user expects no per-action prompts on first run). - Codex default pairs `--sandbox workspace-write` with `--ask-for-approval never`, which produces "sandbox doesn't allow me to run terminal command" because codex cannot escalate when the sandbox blocks an operation. Both tests fail against current defaults, demonstrating the issue. Refs #4285
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What the bug is
Per #4285, the default commands generated for Claude and Codex don't work without manual fixes on first run:
--permission-mode acceptEdits, which auto-accepts file edits but still prompts before every shell command — the user expects "auto mode" (no per-action prompts) out of the box.--sandbox workspace-write --ask-for-approval never, producing "sandbox doesn't allow me to run terminal command" errors. Theworkspace-writesandbox blocks operations needing network or out-of-workspace access, and--ask-for-approval neverremoves codex's ability to escalate — so it silently refuses instead of asking the user.Every new user has to debug agent launch configs before they can do real work.
What code is affected and why
Defaults live in
packages/shared/src/builtin-terminal-agents.ts(canonical) and are mirrored inpackages/shared/src/host-agent-presets.ts. Both ship the flags that produce the broken first-run UX.These flags were intentionally introduced in #3546 to favor safety, with #3615 backfilling YOLO defaults for canary users. So fixing this is a UX-policy call (revert vs. tweak vs. keep) — leaving this as repro-only.
Working alternatives if a fix is wanted:
--permission-mode bypassPermissions(or legacy--dangerously-skip-permissions)--full-auto(workspace-write + on-failure approval) or--dangerously-bypass-approvals-and-sandboxfor full YOLOWhat the test does and how it proves the bug
Adds
packages/shared/src/builtin-terminal-agents.test.tswith two assertions againstBUILTIN_TERMINAL_AGENT_COMMANDS:--dangerously-skip-permissionsor--permission-mode bypassPermissions).--sandbox workspace-writewith--ask-for-approval never.Both assertions currently fail, demonstrating the misconfiguration.
Refs #4285
Summary by cubic
Add failing tests to reproduce #4285: default terminal agent commands for Claude and Codex break first run. The test in
packages/shared/src/builtin-terminal-agents.test.tsasserts Claude launches in auto mode and that Codex does not pair--sandbox workspace-writewith--ask-for-approval never.Written for commit aa0aeec. Summary will update on new commits.