fix(cli): preserve dangerouslyBypassApprovalsAndSandbox on standalone personas (#125)

* fix(cli): preserve dangerouslyBypassApprovalsAndSandbox on standalone personas

assertStandaloneHarnessSettings rebuilt the resolved HarnessSettings object
field-by-field (reasoning, timeoutSeconds, sandboxMode, approvalPolicy,
workspaceWriteNetworkAccess, webSearch) but never copied
dangerouslyBypassApprovalsAndSandbox. Standalone local personas (intent +
no extends) silently lost the flag before codex launch, so codex started
with its default approval policy and kept prompting for confirmations —
including MCP tool-call approvals. The extends/overlay merge path was
unaffected (object spread preserves it); only the standalone path dropped it.

Also adds the boolean type check to assertPartialHarnessSettingsShape for
parity with the other codex-only settings, and a regression test asserting
the flag survives standalone resolution.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* fix(cli): centralize standalone harness settings parsing

---------

Co-authored-by: Ricky Schema Cascade <ricky@agent-relay.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

Author: 4 people

packages/cli/src/local-personas.test.ts

@@ -450,6 +450,59 @@ test('inputs are preserved on standalone local personas', () => {
   });
 });
 
+test('dangerouslyBypassApprovalsAndSandbox is preserved on standalone local personas', () => {
+  withLayers(({ cwd, homeDir }) => {
+    writeJson(join(homeDir, 'standalone-bypass.json'), {
+      id: 'standalone-bypass',
+      intent: 'review',
+      description: 'Standalone persona that opts out of codex approvals.',
+      harness: 'codex',
+      model: 'openai-codex/gpt-5.3-codex',
+      systemPrompt: 'Do the work.',
+      harnessSettings: {
+        reasoning: 'medium',
+        timeoutSeconds: 900,
+        dangerouslyBypassApprovalsAndSandbox: true
+      }
+    });
+    const loaded = loadLocalPersonas({ cwd, homeDir });
+    assert.deepEqual(loaded.warnings, []);
+    const settings = loaded.byId.get('standalone-bypass')?.harnessSettings;
+    assert.ok(settings);
+    // Regression: assertStandaloneHarnessSettings used to rebuild the
+    // settings object field-by-field and drop this flag, so codex launched
+    // without --dangerously-bypass-approvals-and-sandbox and kept prompting
+    // (including for MCP tool calls).
+    assert.equal(settings?.dangerouslyBypassApprovalsAndSandbox, true);
+  });
+});
+
+test('standalone local personas reject bypass with explicit codex sandbox settings', () => {
+  withLayers(({ cwd, homeDir }) => {
+    writeJson(join(homeDir, 'standalone-bypass-conflict.json'), {
+      id: 'standalone-bypass-conflict',
+      intent: 'review',
+      description: 'Standalone persona with contradictory codex settings.',
+      harness: 'codex',
+      model: 'openai-codex/gpt-5.3-codex',
+      systemPrompt: 'Do the work.',
+      harnessSettings: {
+        reasoning: 'medium',
+        timeoutSeconds: 900,
+        sandboxMode: 'workspace-write',
+        dangerouslyBypassApprovalsAndSandbox: true
+      }
+    });
+
+    const loaded = loadLocalPersonas({ cwd, homeDir });
+    assert.equal(loaded.byId.has('standalone-bypass-conflict'), false);
+    assert.match(
+      loaded.warnings.join('\n'),
+      /dangerouslyBypassApprovalsAndSandbox is mutually exclusive with: sandboxMode/
+    );
+  });
+});
+
 test('optional input flag is preserved on standalone local personas', () => {
   withLayers(({ cwd, homeDir }) => {
     writeJson(join(homeDir, 'standalone-scaffolder.json'), {

packages/cli/src/local-personas.ts

@@ -17,7 +17,8 @@ import {
   type PersonaPermissions,
   type PersonaSpec,
   type PersonaTag,
-  type SidecarMdMode
+  type SidecarMdMode,
+  parseHarnessSettings
 } from '@agentworkforce/persona-kit';
 import { listBuiltInPersonas, personaCatalog } from '@agentworkforce/workload-router';
 
@@ -659,7 +660,8 @@ function assertPartialHarnessSettingsShape(value: Record<string, unknown>, conte
     sandboxMode,
     approvalPolicy,
     workspaceWriteNetworkAccess,
-    webSearch
+    webSearch,
+    dangerouslyBypassApprovalsAndSandbox
   } = value;
   if (
     reasoning !== undefined &&
@@ -695,6 +697,12 @@ function assertPartialHarnessSettingsShape(value: Record<string, unknown>, conte
   if (webSearch !== undefined && typeof webSearch !== 'boolean') {
     throw new Error(`${context}.webSearch must be a boolean`);
   }
+  if (
+    dangerouslyBypassApprovalsAndSandbox !== undefined &&
+    typeof dangerouslyBypassApprovalsAndSandbox !== 'boolean'
+  ) {
+    throw new Error(`${context}.dangerouslyBypassApprovalsAndSandbox must be a boolean`);
+  }
 }
 
 function findInLibrary(key: string): PersonaSpec | undefined {
@@ -723,30 +731,7 @@ function assertStandaloneHarnessSettings(
   settings: Record<string, unknown>,
   context: string
 ): HarnessSettings {
-  assertPartialHarnessSettingsShape(settings, context);
-  const reasoning = settings.reasoning;
-  if (reasoning !== 'low' && reasoning !== 'medium' && reasoning !== 'high') {
-    throw new Error(`${context}.reasoning must be one of: low, medium, high`);
-  }
-  const timeoutSeconds = settings.timeoutSeconds;
-  if (typeof timeoutSeconds !== 'number' || !Number.isFinite(timeoutSeconds) || timeoutSeconds <= 0) {
-    throw new Error(`${context}.timeoutSeconds must be a positive number`);
-  }
-
-  const out: HarnessSettings = { reasoning, timeoutSeconds };
-  if (settings.sandboxMode !== undefined) {
-    out.sandboxMode = settings.sandboxMode as CodexSandboxMode;
-  }
-  if (settings.approvalPolicy !== undefined) {
-    out.approvalPolicy = settings.approvalPolicy as CodexApprovalPolicy;
-  }
-  if (settings.workspaceWriteNetworkAccess !== undefined) {
-    out.workspaceWriteNetworkAccess = settings.workspaceWriteNetworkAccess as boolean;
-  }
-  if (settings.webSearch !== undefined) {
-    out.webSearch = settings.webSearch as boolean;
-  }
-  return out;
+  return parseHarnessSettings(settings, context);
 }
 
 function standaloneSpecFromOverride(