Fix audit hanging: add auto_apply param + allow_write for tool access

Root cause: claude agent without --dangerously-skip-permissions hangs on tool permission prompts when stdin=DEVNULL. Fixes: - run_audit() now passes allow_write=True so agent can use Read/Bash tools without interactive permission prompts - Added auto_apply param: False for API (result only), CLI confirms with user then applies manually - API explicitly passes auto_apply=False - Tests for auto_apply=True/False behavior Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-15 18:00:39 +02:00 · 2026-03-15 18:00:39 +02:00 · 9cbb3cec37
commit 9cbb3cec37
parent 96509dcafc
4 changed files with 78 additions and 5 deletions
--- a/tests/test_runner.py
+++ b/tests/test_runner.py
@ -414,3 +414,51 @@ class TestRunAudit:
        prompt = mock_run.call_args[0][0][2]  # -p argument
        assert "VDOL-001" in prompt
        assert "Fix bug" in prompt
+
+    @patch("agents.runner.subprocess.run")
+    def test_audit_auto_apply_marks_done(self, mock_run, conn):
+        """auto_apply=True should mark already_done tasks as done in DB."""
+        mock_run.return_value = _mock_claude_success({
+            "result": json.dumps({
+                "already_done": [{"id": "VDOL-001", "reason": "Done"}],
+                "still_pending": [],
+                "unclear": [],
+            }),
+        })
+
+        result = run_audit(conn, "vdol", auto_apply=True)
+
+        assert result["success"] is True
+        assert "VDOL-001" in result["applied"]
+        task = models.get_task(conn, "VDOL-001")
+        assert task["status"] == "done"
+
+    @patch("agents.runner.subprocess.run")
+    def test_audit_no_auto_apply_keeps_pending(self, mock_run, conn):
+        """auto_apply=False should NOT change task status."""
+        mock_run.return_value = _mock_claude_success({
+            "result": json.dumps({
+                "already_done": [{"id": "VDOL-001", "reason": "Done"}],
+                "still_pending": [],
+                "unclear": [],
+            }),
+        })
+
+        result = run_audit(conn, "vdol", auto_apply=False)
+
+        assert result["success"] is True
+        assert result["applied"] == []
+        task = models.get_task(conn, "VDOL-001")
+        assert task["status"] == "pending"
+
+    @patch("agents.runner.subprocess.run")
+    def test_audit_uses_dangerously_skip_permissions(self, mock_run, conn):
+        """Audit must use --dangerously-skip-permissions for tool access."""
+        mock_run.return_value = _mock_claude_success({
+            "result": json.dumps({"already_done": [], "still_pending": [], "unclear": []}),
+        })
+
+        run_audit(conn, "vdol")
+
+        cmd = mock_run.call_args[0][0]
+        assert "--dangerously-skip-permissions" in cmd