- we have a detailed investigation on some of the downstream dependencies which consume this ACP protocol,
- what we have discovered here is that when codex-cli is being used on ACP protocol, it by default mark that directory as
trusted-working-directory in the .codex/config.toml file, which completely bypass ACP permission callback.
- this problem currently only happens on codex, we have confirmed gemini-cli is not able to reproduce this issue.
Environment
@zed/codex-acp: 0.10.0
codex: 0.114.0
obsidian-acp: latest tracked on this branch via BRAT
OS: Arch Linux (6.19.8-arch1-1)
trusted-working-directoryin the .codex/config.toml file, which completely bypass ACP permission callback.Environment
@zed/codex-acp: 0.10.0
codex: 0.114.0
obsidian-acp: latest tracked on this branch via BRAT
OS: Arch Linux (6.19.8-arch1-1)