acp: support config mode-negotiation disable and bound line reads

wesm · wesm · commit 3def33b8e32a · 2026-02-28T22:07:48.000-06:00
diff --git a/internal/agent/acp.go b/internal/agent/acp.go
@@ -89,7 +89,9 @@ func NewACPAgentFromConfig(config *config.ACPAgentConfig) *ACPAgent {
 	if autoApproveMode := strings.TrimSpace(config.AutoApproveMode); autoApproveMode != "" {
 		agent.AutoApproveMode = autoApproveMode
 	}
-	if mode := strings.TrimSpace(config.Mode); mode != "" {
+	if config.DisableModeNegotiation {
+		agent.Mode = ""
+	} else if mode := strings.TrimSpace(config.Mode); mode != "" {
 		agent.Mode = mode
 	} else {
 		agent.Mode = agent.ReadOnlyMode
@@ -139,6 +141,9 @@ func (a *ACPAgent) WithAgentic(agentic bool) Agent {
 	if agentic && a.AutoApproveMode != "" {
 		mode = a.AutoApproveMode
 	}
+	if strings.TrimSpace(a.Mode) == "" {
+		mode = ""
+	}
 
 	return &ACPAgent{
 		agentName:       a.agentName,
@@ -584,12 +589,13 @@ func readTextFileWindow(path string, startLine int, limit *int, maxBytes int) (s
 
 	reader := bufio.NewReader(file)
 	var out strings.Builder
+	var lineBuf bytes.Buffer
 	currentLine := 0
 	selectedLines := 0
 	wroteLine := false
 	endedWithNewline := false
 
-	appendLine := func(line string) error {
+	appendLine := func(line []byte) error {
 		additionalBytes := len(line)
 		if wroteLine {
 			additionalBytes++
@@ -600,14 +606,43 @@ func readTextFileWindow(path string, startLine int, limit *int, maxBytes int) (s
 		if wroteLine {
 			out.WriteByte('\n')
 		}
-		out.WriteString(line)
+		if len(line) > 0 {
+			out.Write(line)
+		}
 		wroteLine = true
 		selectedLines++
 		return nil
 	}
 
+	lineBufferBudget := func() int {
+		budget := maxBytes - out.Len()
+		if wroteLine {
+			budget--
+		}
+		return budget
+	}
+
+	appendLineChunk := func(chunk []byte) error {
+		if len(chunk) == 0 {
+			return nil
+		}
+		if lineBufferBudget() < lineBuf.Len()+len(chunk) {
+			return fmt.Errorf("file content too large: exceeds max %d bytes", maxBytes)
+		}
+		_, err := lineBuf.Write(chunk)
+		return err
+	}
+
 	for {
-		chunk, readErr := reader.ReadBytes('\n')
+		chunk, readErr := reader.ReadSlice('\n')
+		if readErr == bufio.ErrBufferFull {
+			if currentLine >= startLine && (limit == nil || selectedLines < *limit) {
+				if err := appendLineChunk(chunk); err != nil {
+					return "", err
+				}
+			}
+			continue
+		}
 		if readErr != nil && readErr != io.EOF {
 			return "", readErr
 		}
@@ -616,15 +651,19 @@ func readTextFileWindow(path string, startLine int, limit *int, maxBytes int) (s
 		}
 
 		hasTrailingNewline := len(chunk) > 0 && chunk[len(chunk)-1] == '\n'
-		if hasTrailingNewline {
-			chunk = chunk[:len(chunk)-1]
-		}
 		endedWithNewline = hasTrailingNewline
 
 		if currentLine >= startLine && (limit == nil || selectedLines < *limit) {
-			if err := appendLine(string(chunk)); err != nil {
+			if hasTrailingNewline {
+				chunk = chunk[:len(chunk)-1]
+			}
+			if err := appendLineChunk(chunk); err != nil {
+				return "", err
+			}
+			if err := appendLine(lineBuf.Bytes()); err != nil {
 				return "", err
 			}
+			lineBuf.Reset()
 			if limit != nil && selectedLines >= *limit {
 				return out.String(), nil
 			}
@@ -788,7 +827,7 @@ func (c *acpClient) WriteTextFile(ctx context.Context, params acp.WriteTextFileR
 
 	// Enforce authorization at point of operation.
 	if !c.agent.mutatingOperationsAllowed() {
-		if c.agent.Mode == c.agent.ReadOnlyMode {
+		if c.agent.effectivePermissionMode() == c.agent.ReadOnlyMode {
 			return acp.WriteTextFileResponse{}, fmt.Errorf("write operation not permitted in read-only mode")
 		}
 		return acp.WriteTextFileResponse{}, fmt.Errorf("write operation not permitted unless auto-approve mode is explicitly enabled")
@@ -1071,7 +1110,7 @@ func (c *acpClient) CreateTerminal(ctx context.Context, params acp.CreateTermina
 
 	// Enforce authorization at point of operation.
 	if !c.agent.mutatingOperationsAllowed() {
-		if c.agent.Mode == c.agent.ReadOnlyMode {
+		if c.agent.effectivePermissionMode() == c.agent.ReadOnlyMode {
 			return acp.CreateTerminalResponse{}, fmt.Errorf("terminal creation not permitted in read-only mode")
 		}
 		return acp.CreateTerminalResponse{}, fmt.Errorf("terminal creation not permitted unless auto-approve mode is explicitly enabled")
@@ -1410,13 +1449,16 @@ func validateConfiguredModel(configuredModel string, models *acp.SessionModelSta
 }
 
 func (a *ACPAgent) mutatingOperationsAllowed() bool {
-	return a.AutoApproveMode != "" && a.Mode == a.AutoApproveMode
+	return a.AutoApproveMode != "" && a.effectivePermissionMode() == a.AutoApproveMode
 }
 
 func (a *ACPAgent) effectivePermissionMode() string {
 	if strings.TrimSpace(a.Mode) != "" {
 		return a.Mode
 	}
+	if a.Agentic && strings.TrimSpace(a.AutoApproveMode) != "" {
+		return a.AutoApproveMode
+	}
 	return a.ReadOnlyMode
 }
 
@@ -1512,7 +1554,12 @@ func applyACPAgentConfigOverride(cfg *config.ACPAgentConfig, override *config.AC
 	if autoApproveMode := strings.TrimSpace(override.AutoApproveMode); autoApproveMode != "" {
 		cfg.AutoApproveMode = autoApproveMode
 	}
-	if mode := strings.TrimSpace(override.Mode); mode != "" {
+	if override.DisableModeNegotiation {
+		cfg.DisableModeNegotiation = true
+	}
+	if cfg.DisableModeNegotiation {
+		cfg.Mode = ""
+	} else if mode := strings.TrimSpace(override.Mode); mode != "" {
 		cfg.Mode = mode
 	} else {
 		// If mode is omitted, default to the effective read-only mode.
diff --git a/internal/agent/acp_test.go b/internal/agent/acp_test.go
@@ -96,43 +96,57 @@ func TestACPAgentCommandLine(t *testing.T) {
 
 func TestApplyACPAgentConfigOverrideModeResolution(t *testing.T) {
 	tests := []struct {
-		name         string
-		override     *config.ACPAgentConfig
-		wantReadOnly string
-		wantMode     string
+		name               string
+		override           *config.ACPAgentConfig
+		wantReadOnly       string
+		wantMode           string
+		wantDisableModeNeg bool
 	}{
 		{
 			name: "read_only_mode only",
 			override: &config.ACPAgentConfig{
 				ReadOnlyMode: "safe-plan",
 			},
-			wantReadOnly: "safe-plan",
-			wantMode:     "safe-plan",
+			wantReadOnly:       "safe-plan",
+			wantMode:           "safe-plan",
+			wantDisableModeNeg: false,
 		},
 		{
 			name: "mode only",
 			override: &config.ACPAgentConfig{
 				Mode: "custom-mode",
 			},
-			wantReadOnly: defaultACPReadOnlyMode,
-			wantMode:     "custom-mode",
+			wantReadOnly:       defaultACPReadOnlyMode,
+			wantMode:           "custom-mode",
+			wantDisableModeNeg: false,
 		},
 		{
 			name: "both mode and read_only_mode",
 			override: &config.ACPAgentConfig{
 				ReadOnlyMode: "safe-plan",
 				Mode:         "agentic-mode",
 			},
-			wantReadOnly: "safe-plan",
-			wantMode:     "agentic-mode",
+			wantReadOnly:       "safe-plan",
+			wantMode:           "agentic-mode",
+			wantDisableModeNeg: false,
+		},
+		{
+			name: "disable mode negotiation",
+			override: &config.ACPAgentConfig{
+				DisableModeNegotiation: true,
+			},
+			wantReadOnly:       defaultACPReadOnlyMode,
+			wantMode:           "",
+			wantDisableModeNeg: true,
 		},
 		{
 			name: "neither mode nor read_only_mode",
 			override: &config.ACPAgentConfig{
 				Model: "devstral-2",
 			},
-			wantReadOnly: defaultACPReadOnlyMode,
-			wantMode:     defaultACPReadOnlyMode,
+			wantReadOnly:       defaultACPReadOnlyMode,
+			wantMode:           defaultACPReadOnlyMode,
+			wantDisableModeNeg: false,
 		},
 	}
 
@@ -147,10 +161,44 @@ func TestApplyACPAgentConfigOverrideModeResolution(t *testing.T) {
 			if cfg.Mode != tc.wantMode {
 				t.Fatalf("Mode = %q, want %q", cfg.Mode, tc.wantMode)
 			}
+			if cfg.DisableModeNegotiation != tc.wantDisableModeNeg {
+				t.Fatalf("DisableModeNegotiation = %v, want %v", cfg.DisableModeNegotiation, tc.wantDisableModeNeg)
+			}
 		})
 	}
 }
 
+func TestNewACPAgentFromConfigDisableModeNegotiation(t *testing.T) {
+	t.Parallel()
+
+	agent := NewACPAgentFromConfig(&config.ACPAgentConfig{
+		Command:                "go",
+		Mode:                   "plan",
+		ReadOnlyMode:           "plan",
+		AutoApproveMode:        "auto-approve",
+		DisableModeNegotiation: true,
+	})
+	if agent.Mode != "" {
+		t.Fatalf("expected mode negotiation disabled (empty mode), got %q", agent.Mode)
+	}
+
+	agentic := agent.WithAgentic(true).(*ACPAgent)
+	if agentic.Mode != "" {
+		t.Fatalf("expected WithAgentic(true) to preserve disabled mode negotiation, got %q", agentic.Mode)
+	}
+	if !agentic.mutatingOperationsAllowed() {
+		t.Fatalf("expected mutating operations allowed in agentic mode when negotiation is disabled")
+	}
+
+	nonAgentic := agent.WithAgentic(false).(*ACPAgent)
+	if nonAgentic.Mode != "" {
+		t.Fatalf("expected WithAgentic(false) to preserve disabled mode negotiation, got %q", nonAgentic.Mode)
+	}
+	if nonAgentic.mutatingOperationsAllowed() {
+		t.Fatalf("expected mutating operations denied in non-agentic mode when negotiation is disabled")
+	}
+}
+
 func TestGetAvailableWithConfigResolvesACPAlias(t *testing.T) {
 	t.Parallel()
 
diff --git a/internal/config/config.go b/internal/config/config.go
@@ -140,8 +140,11 @@ type ACPAgentConfig struct {
 	ReadOnlyMode    string   `toml:"read_only_mode"`    // Read-only mode. Valid values depend on the underlying agent, e.g. "plan"
 	AutoApproveMode string   `toml:"auto_approve_mode"` // Auto-approve mode. Valid values depend on the underlying agent, e.g. "auto-approve"
 	Mode            string   `toml:"mode"`              // Default agent mode. Use read_only_mode for review flows unless explicitly opting in.
-	Model           string   `toml:"model"`             // Default model to use
-	Timeout         int      `toml:"timeout"`           // Command timeout in seconds (default: 600)
+	// DisableModeNegotiation skips ACP SetSessionMode while keeping
+	// authorization behavior based on agentic/read-only mode selection.
+	DisableModeNegotiation bool   `toml:"disable_mode_negotiation"`
+	Model                  string `toml:"model"`   // Default model to use
+	Timeout                int    `toml:"timeout"` // Command timeout in seconds (default: 600)
 }
 
 // GitHubAppConfig holds GitHub App authentication settings.
