fix(hub,web): apply selected permission mode when resuming inactive sessions#540
Merged
tiann merged 1 commit intotiann:mainfrom Apr 28, 2026
Merged
Conversation
…essions
Previously, toggling the permission mode on an inactive session had no
effect on resume: the /permission-mode endpoint rejected inactive sessions
(HTTP 409), so the cache was never updated, and the spawned CLI always
received the stored default value.
- Remove the `requireActive` guard from POST /sessions/:id/permission-mode
so inactive sessions can have their in-memory permission mode updated.
- In `SyncEngine.applySessionConfig`, skip the RPC call for inactive
sessions and update the in-memory cache directly; the value is then
available when the session is resumed.
- Accept an optional `{ permissionMode }` body in POST /sessions/:id/resume
and forward it to `resumeSession` (takes precedence over the cached value),
with flavor-compatibility validation.
- Extend `SyncEngine.resumeSession` with an optional `opts` argument so
callers can supply a permission mode override at resume time.
- Update the web client (`api.resumeSession`) and `router.tsx` to pass
`session.permissionMode` in the resume request body.
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Findings
- None.
Summary
Review mode: initial
No issues found in the changed lines. Residual risk: coverage is focused on route behavior; I did not execute the test suite because this review treats PR code as untrusted automation input.
Testing
- Not run (automation)
HAPI Bot
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
When a session is inactive (the CLI is not running), toggling the permission mode in the web UI has no visible effect: the
POST /sessions/:id/permission-modeendpoint returned 409 because it required the session to be active (requireActive: true), so the in-memory cache was never updated. As a result, resuming the session always spawned the CLI with the stored default mode, ignoring the user's selection.Solution
Three coordinated changes close the gap:
POST /sessions/:id/permission-mode– remove therequireActiveguard so inactive sessions are accepted. InSyncEngine.applySessionConfigan inactive-session branch is added that updates the in-memory cache directly (skipping the RPC call, which requires a running CLI).POST /sessions/:id/resume– accept an optional{ permissionMode }body. The value is validated against the session flavor before being forwarded toresumeSession. This lets the web client pass the currently displayed mode at resume time as a safety net.Web client –
api.resumeSessionpassessession.permissionModein the request body;SyncEngine.resumeSessionaccepts an optionalopts.permissionModethat takes precedence over the cached value when building the spawn payload.The in-memory-only approach is intentional: persisting the value across Hub restarts is a separate concern tracked elsewhere.
Tests
New cases in
hub/src/web/routes/sessions.test.ts:POST /sessions/:id/permission-modereturns 200 for inactive sessions and callsapplySessionConfigwith the requested mode.POST /sessions/:id/resumepassespermissionModefrom the request body through toresumeSession.POST /sessions/:id/resumereturns 400 when the requested mode is not supported by the session flavor.