Add ACP permission mode support to the SDK (#224)

* chore: recover hamburg workspace state * chore: drop workspace context files * refactor: generalize permissions example * refactor: parse permissions example flags * docs: clarify why fs and terminal stay native * feat: add interactive permission prompt UI to Inspector Add permission request handling to the Inspector UI so users can Allow, Always Allow, or Reject tool calls that require permissions instead of having them auto-cancelled. Wires up SDK onPermissionRequest/respondPermission through App → ChatPanel → ChatMessages with proper toolCallId-to-pendingId mapping. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: prevent permission reply from silently escalating "once" to "always" Remove allow_always from the fallback chain when the user replies "once", aligning with the ACP spec which says "map by option kind first" with no fallback for allow_once. Also fix Inspector to use rawSend, revert hydration guard to accept empty configOptions, and handle respondPermission errors by rejecting the pending promise. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-17 06:04:56 +00:00 · 2026-03-10 21:52:43 -07:00 · 2026-03-10 21:52:43 -07:00 · 76586f409f
commit 76586f409f
parent 5d65013aa5
35 changed files with 1786 additions and 472 deletions
--- a/sdks/acp-http-client/src/index.ts
+++ b/sdks/acp-http-client/src/index.ts
@ -378,31 +378,39 @@ class StreamableHttpAcpTransport {
    });

    const url = this.buildUrl(this.bootstrapQueryIfNeeded());
-    const response = await this.fetcher(url, {
-      method: "POST",
-      headers,
-      body: JSON.stringify(message),
-    });
-
    this.postedOnce = true;
-
-    if (!response.ok) {
-      throw new AcpHttpError(response.status, await readProblem(response), response);
-    }
-
    this.ensureSseLoop();
+    void this.postMessage(url, headers, message);
+  }

-    if (response.status === 200) {
-      const text = await response.text();
-      if (text.trim()) {
-        const envelope = JSON.parse(text) as AnyMessage;
-        this.pushInbound(envelope);
+  private async postMessage(url: string, headers: Headers, message: AnyMessage): Promise<void> {
+    try {
+      const response = await this.fetcher(url, {
+        method: "POST",
+        headers,
+        body: JSON.stringify(message),
+      });
+
+      if (!response.ok) {
+        throw new AcpHttpError(response.status, await readProblem(response), response);
      }
-    } else {
+
+      if (response.status === 200) {
+        const text = await response.text();
+        if (text.trim()) {
+          const envelope = JSON.parse(text) as AnyMessage;
+          this.pushInbound(envelope);
+        }
+        return;
+      }
+
      // Drain response body so the underlying connection is released back to
-      // the pool.  Without this, Node.js undici keeps the socket occupied and
+      // the pool. Without this, Node.js undici keeps the socket occupied and
      // may stall subsequent requests to the same origin.
      await response.text().catch(() => {});
+    } catch (error) {
+      console.error("ACP write error:", error);
+      this.failReadable(error);
    }
  }

--- a/sdks/acp-http-client/tests/smoke.test.ts
+++ b/sdks/acp-http-client/tests/smoke.test.ts
@ -140,4 +140,54 @@ describe("AcpHttpClient integration", () => {

    await client.disconnect();
  });
+
+  it("answers session/request_permission while session/prompt is still in flight", async () => {
+    const permissionRequests: Array<{ sessionId: string; title?: string | null }> = [];
+    const serverId = `acp-http-client-permissions-${Date.now().toString(36)}`;
+
+    const client = new AcpHttpClient({
+      baseUrl,
+      token,
+      transport: {
+        path: `/v1/acp/${encodeURIComponent(serverId)}`,
+        bootstrapQuery: { agent: "mock" },
+      },
+      client: {
+        requestPermission: async (request) => {
+          permissionRequests.push({
+            sessionId: request.sessionId,
+            title: request.toolCall.title,
+          });
+          return {
+            outcome: {
+              outcome: "selected",
+              optionId: "reject-once",
+            },
+          };
+        },
+      },
+    });
+
+    await client.initialize();
+
+    const session = await client.newSession({
+      cwd: process.cwd(),
+      mcpServers: [],
+    });
+
+    const prompt = await client.prompt({
+      sessionId: session.sessionId,
+      prompt: [{ type: "text", text: "please trigger permission" }],
+    });
+
+    expect(prompt.stopReason).toBe("end_turn");
+    expect(permissionRequests).toEqual([
+      {
+        sessionId: session.sessionId,
+        title: "Write mock.txt",
+      },
+    ]);
+
+    await client.disconnect();
+  });
 });