humanize2 gen-idea workflow: direction-lead agent fails due to MCP tool permission denials in headless Claude runs

[zevorn]

Summary

When running workflows via humanize2 MCP hub, workflow-spawned agents (both Claude and Codex) fail to complete because per-agent launch settings (permissionMode, extraArgs) from ~/.h2/config.yaml are silently ignored.

• Claude agents: Run with permissionMode: default, blocking MCP tool calls (artifact_deliver, artifact_get, etc.) that require user approval in headless claude -p mode. Workflow fails with agent.expectation_unmet after exhausting retries.
• Codex agents: Fail immediately with "Not inside a trusted directory and --skip-git-repo-check was not specified" when the working directory is not a git repo, because extraArgs containing --skip-git-repo-check is never applied.

Environment

• Branch: h2-dev
• Plugin version: humanize@PolyArch 1.17.0
• Hub: humanize2 hub on http://127.0.0.1:4772
• Claude CLI: Deepseek-v4-pro backend
• Codex CLI: 0.130.0

Steps to Reproduce

1. Start humanize2 hub: node dist/hub-server.js
2. Load workflow: workflow.load_html with gen-idea cartridge
3. Start workflow: workflow.start with cartridgeId=gen-idea, cwd pointing to a non-git directory
4. Deliver idea-input artifact via artifact.deliver
5. Observe: direction-lead (Claude) agent spawns, generates directions, but cannot call artifact_deliver due to permission prompt
6. Observe: Exploration phase Codex agents (directions 2, 4, 6) fail instantly with git-repo-check error

Actual Behavior

Claude agents (direction-lead + exploration directions 1, 3, 5):

# Agent run log:
"permission_denials": [
  {"tool_name": "mcp__plugin_humanize_humanize2__artifact_get", ...},
  {"tool_name": "mcp__plugin_humanize_humanize2__artifact_deliver", ...}
]
# Tool error:
"Claude requested permissions to use mcp__plugin_humanize_humanize2__artifact_deliver,
 but you haven't granted it yet."

# Workflow event log:
vertex.failed: direction-lead
reason: agent.expectation_unmet
missing: [idea-directions]
retries: 3
→ workflow.failed

Codex agents (exploration directions 2, 4, 6):

command: codex exec --json --cd /Users/zevorn/yocto-project "prompt..."
stderr: Not inside a trusted directory and --skip-git-repo-check was not specified.
exitCode: 1
→ agent.terminal_failure → workflow.failed

Note: Codex args did NOT contain --skip-git-repo-check or --dangerously-bypass-approvals-and-sandbox, even though they were configured in ~/.h2/config.yaml under agents.codex.extraArgs.

Root Cause

Two underlying bugs in humanize2:

Bug 1 (critical): agentDefaults not passed to AgentRunCoordinator

In src/hub-server.ts, the AgentRunCoordinator is constructed without agentDefaults:

// BEFORE (broken):
const coordinator = new AgentRunCoordinator(service, {
    jsonRpcUrl, store, initialRuns,
    defaultRunTimeoutMs: config.defaultRunTimeoutMs
    // ← agentDefaults missing!
});

The config was loaded and passed to createHubHttpServer (line 44), but the AgentRunCoordinator — which actually creates and executes agent runs via createRun() — never received it. In src/hub/runs.ts:145:

const defaults = this.options.agentDefaults?.[input.agent] ?? {};

this.options.agentDefaults was always undefined, so defaults was always {}. All per-agent config (model, reasoningEffort, permissionMode, extraArgs, etc.) was silently dropped.

Bug 2: Config system missing permissionMode / sandbox / extraArgs

AgentModelDefaults interface and YAML parser only supported model and reasoningEffort. No way to configure agent CLI flags like --permission-mode bypassPermissions or --skip-git-repo-check through ~/.h2/config.yaml.

Fix (PR #166)

Three files changed:

File	Change
src/hub-server.ts	Pass agentDefaults: config.agentDefaults to AgentRunCoordinator constructor
src/config.ts	Extend AgentModelDefaults with permissionMode, sandbox, extraArgs; add YAML list parser for extraArgs
src/hub/runs.ts	Apply permissionMode/sandbox/extraArgs from config defaults in createRun effective input

With the fix, users can configure in ~/.h2/config.yaml:

agents:
  claude:
    model: claude-opus-4-7
    reasoningEffort: xhigh
    permissionMode: bypassPermissions
  codex:
    model: gpt-5.5
    reasoningEffort: xhigh
    extraArgs:
      - --dangerously-bypass-approvals-and-sandbox
      - --skip-git-repo-check

Workaround (without code fix)

Manually add humanize2 MCP tool names to ~/.claude/settings.json permissions.allow — this only fixes the Claude permission issue, not the Codex git-repo-check issue:

"permissions": {
  "allow": [
    "mcp__plugin_humanize_humanize2__artifact_deliver",
    "mcp__plugin_humanize_humanize2__artifact_get",
    "mcp__plugin_humanize_humanize2__board_patch",
    "mcp__plugin_humanize_humanize2__board_get",
    "mcp__plugin_humanize_humanize2__workflow_get",
    "mcp__plugin_humanize_humanize2__workflow_list",
    "mcp__plugin_humanize_humanize2__workflow_wait",
    "mcp__plugin_humanize_humanize2__human_request",
    "mcp__plugin_humanize_humanize2__event_emit"
  ]
}

Related

• Fix PR: fix(humanize2): pass agentDefaults to AgentRunCoordinator and support per-agent permission/sandbox/extraArgs #166
• The h2-dev marketplace entry points to this branch
• This affects all h2-agent vertices that expect artifact delivery — not just gen-idea

[zevorn]

Closing as fixed by #166, which was merged into h2-dev on 2026-05-17. The fix passes agentDefaults into AgentRunCoordinator and extends per-agent defaults to cover permissionMode, sandbox, and extraArgs, addressing both the headless Claude MCP permission-denial path and the Codex extraArgs / --skip-git-repo-check path described here.