fix(agent): guard permission auto-approve against empty options

[jonathanlab]

Summary

Both auto-approve fallbacks in requestPermission (the MCP-trusted-tool branch and the no-toolCallId fallback) indexed params.options[0].optionId without checking length. If the SDK sent a permission request with an empty options array, the .optionId access threw a TypeError out of the requestPermission callback, crashing the in-flight tool call and taking the agent session with it.

Fix

• Extract buildAutoApproveOutcome(options) next to the other top-level helpers in service.ts.
• It prefers allow_once/allow_always, falls back to the first option, and returns { outcome: "cancelled" } (a valid ACP outcome) when options is empty.
• Both call sites now use the helper, so the empty case is handled in one place.

Test plan

• pnpm --filter code typecheck
• pnpm --filter code test (1352 tests, all passing — includes 4 new tests for buildAutoApproveOutcome covering the allow / first-fallback / empty-options paths)

---

Created with PostHog Code

[greptile-apps]

Prompt To Fix All With AI

Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 1
apps/code/src/main/services/agent/service.test.ts:465-496
These four tests all call the same function with different inputs and check different outputs — a textbook case for a parameterised test. The team's convention is to prefer `it.each` for this pattern, which reduces boilerplate and makes adding new cases trivial.

```suggestion
describe("buildAutoApproveOutcome", () => {
  it.each([
    [
      "prefers an allow_once option",
      [
        { optionId: "reject", kind: "reject_once", name: "Reject" },
        { optionId: "allow", kind: "allow_once", name: "Allow" },
      ],
      { outcome: "selected", optionId: "allow" },
    ],
    [
      "prefers an allow_always option",
      [
        { optionId: "reject", kind: "reject_once", name: "Reject" },
        { optionId: "allow_always", kind: "allow_always", name: "Always" },
      ],
      { outcome: "selected", optionId: "allow_always" },
    ],
    [
      "falls back to the first option when no allow option exists",
      [
        { optionId: "first", kind: "reject_once", name: "First" },
        { optionId: "second", kind: "reject_always", name: "Second" },
      ],
      { outcome: "selected", optionId: "first" },
    ],
    ["returns a cancelled outcome when options is empty", [], { outcome: "cancelled" }],
  ] as const)("%s", (_, options, expected) => {
    expect(buildAutoApproveOutcome(options)).toEqual(expected);
  });
});
```

_{Reviews (1): Last reviewed commit: "fix(agent): guard permission auto-approv..." | Re-trigger Greptile}