fix(acp): resolve /tmp symlink before workspace auto-approve check on macOS

Path.resolve() follows the /tmp -> /private/tmp symlink on macOS, so str(path).startswith("/tmp/") is always False for temp-dir paths. The "Accept Edits" (workspace_session) mode silently refused to auto-approve every /tmp write on macOS, breaking the documented behaviour and making the existing test fail on this platform. Fix: keep the raw expanded path (pre-resolve) for the /tmp prefix check and continue using the resolved form only for the cwd relative_to() call where symlink resolution is correct behaviour.
2026-05-31 06:51:29 +00:00 · 2026-05-18 19:36:21 -07:00 · 2026-05-18 19:36:21 -07:00 · 5cbf86f1c8
commit 5cbf86f1c8
parent 52b049b560
1 changed files with 6 additions and 2 deletions
--- a/acp_adapter/edit_approval.py
+++ b/acp_adapter/edit_approval.py
@ -154,11 +154,15 @@ def should_auto_approve_edit(proposal: EditProposal, policy: str, cwd: str | Non
    policy = str(policy or AUTO_APPROVE_ASK).strip()
    if policy == AUTO_APPROVE_ASK or _is_sensitive_auto_approve_path(proposal.path):
        return False
-    path = Path(proposal.path).expanduser().resolve(strict=False)
+    raw_path = Path(proposal.path).expanduser()
+    # resolve() follows symlinks — on macOS /tmp → /private/tmp, so the
+    # resolved form never starts with "/tmp/". Use raw_path for the /tmp
+    # check and the resolved form only for the cwd relative_to() test.
+    path = raw_path.resolve(strict=False)
    if policy == AUTO_APPROVE_SESSION:
        return True
    if policy == AUTO_APPROVE_WORKSPACE:
-        if str(path).startswith("/tmp/"):
+        if str(raw_path).startswith("/tmp/"):
            return True
        if cwd:
            root = Path(cwd).expanduser().resolve(strict=False)