Problem
Each external coding agent has its own permission model. Today the operator configures each one independently:
- Codex CLI:
-s read-only|workspace-write|danger-full-access + --dangerously-bypass-approvals-and-sandbox + --add-dir
- OpenCode: permission entries in
opencode.json
- Chimera (
chimera code -p): its own permissions layer (chimera/permissions/)
There's no way to say "the lead's policy is workspace-write" and have it propagate to all three runtimes that participate in the team.
Scope
A translation layer keyed by --policy on chimera-team-run:
chimera-team-run --team x --agent codex-1 \
--cmd 'codex exec {prompt}' \
--policy workspace-write \
--workspace ~/project
The runner translates --policy workspace-write into the right shape for the agent it's about to spawn. Detect the runtime from the first token of --cmd (codex / opencode / chimera / aider / gemini / generic) — or accept an explicit --runtime.
Policies to support: read-only, workspace-write, dangerous (the codex name; map to the others' "full access" equivalents).
Acceptance
--policy workspace-write produces the right CLI flags / config injections for each runtime
- Codex gets
-s workspace-write --add-dir <workspace> --add-dir <teams-home> (because the MCP server needs to write the teams dir — see the sandbox-write gotcha)
- OpenCode gets the right
permission block in a generated temp opencode.json
- Chimera gets its native permission preset
--runtime generic (or unknown) errors clearly
- Tests covering the three runtimes' translation outputs
References
- Files: chimera/mcp_servers/teammate_runner.py, chimera/permissions/
- The sandbox-write gotcha (Codex read-only blocks MCP server from writing teams dir) is exactly the kind of footgun this should hide
Problem
Each external coding agent has its own permission model. Today the operator configures each one independently:
-s read-only|workspace-write|danger-full-access+--dangerously-bypass-approvals-and-sandbox+--add-diropencode.jsonchimera code -p): its own permissions layer (chimera/permissions/)There's no way to say "the lead's policy is workspace-write" and have it propagate to all three runtimes that participate in the team.
Scope
A translation layer keyed by
--policyonchimera-team-run:The runner translates
--policy workspace-writeinto the right shape for the agent it's about to spawn. Detect the runtime from the first token of--cmd(codex / opencode / chimera / aider / gemini / generic) — or accept an explicit--runtime.Policies to support:
read-only,workspace-write,dangerous(the codex name; map to the others' "full access" equivalents).Acceptance
--policy workspace-writeproduces the right CLI flags / config injections for each runtime-s workspace-write --add-dir <workspace> --add-dir <teams-home>(because the MCP server needs to write the teams dir — see the sandbox-write gotcha)permissionblock in a generated temp opencode.json--runtime generic(or unknown) errors clearlyReferences