Skip to content

[teams] Unified per-teammate permission propagation across runtimes #150

Description

@0bserver07

Problem

Each external coding agent has its own permission model. Today the operator configures each one independently:

  • Codex CLI: -s read-only|workspace-write|danger-full-access + --dangerously-bypass-approvals-and-sandbox + --add-dir
  • OpenCode: permission entries in opencode.json
  • Chimera (chimera code -p): its own permissions layer (chimera/permissions/)

There's no way to say "the lead's policy is workspace-write" and have it propagate to all three runtimes that participate in the team.

Scope

A translation layer keyed by --policy on chimera-team-run:

chimera-team-run --team x --agent codex-1 \
    --cmd 'codex exec {prompt}' \
    --policy workspace-write \
    --workspace ~/project

The runner translates --policy workspace-write into the right shape for the agent it's about to spawn. Detect the runtime from the first token of --cmd (codex / opencode / chimera / aider / gemini / generic) — or accept an explicit --runtime.

Policies to support: read-only, workspace-write, dangerous (the codex name; map to the others' "full access" equivalents).

Acceptance

  • --policy workspace-write produces the right CLI flags / config injections for each runtime
  • Codex gets -s workspace-write --add-dir <workspace> --add-dir <teams-home> (because the MCP server needs to write the teams dir — see the sandbox-write gotcha)
  • OpenCode gets the right permission block in a generated temp opencode.json
  • Chimera gets its native permission preset
  • --runtime generic (or unknown) errors clearly
  • Tests covering the three runtimes' translation outputs

References

  • Files: chimera/mcp_servers/teammate_runner.py, chimera/permissions/
  • The sandbox-write gotcha (Codex read-only blocks MCP server from writing teams dir) is exactly the kind of footgun this should hide

Metadata

Metadata

Assignees

No one assigned

    Labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions