From ddae15dedecf13fb71bc722570c83f281774dc7e Mon Sep 17 00:00:00 2001
From: Jobdori <jobdori@openclaw.ai>
Date: Fri, 3 Apr 2026 18:39:14 +0900
Subject: [PATCH] fix(enforcer): defer to caller prompt flow when active mode
 is Prompt

The PermissionEnforcer was hard-denying tool calls that needed user
approval because it passes no prompter to authorize(). When the
active permission mode is Prompt, the enforcer now returns Allowed
and defers to the CLI's interactive approval flow.

Fixes: mock_parity_harness bash_permission_prompt_approved scenario
---
 rust/crates/runtime/src/permission_enforcer.rs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/rust/crates/runtime/src/permission_enforcer.rs b/rust/crates/runtime/src/permission_enforcer.rs
index 03c63ab..3164742 100644
--- a/rust/crates/runtime/src/permission_enforcer.rs
+++ b/rust/crates/runtime/src/permission_enforcer.rs
@@ -32,6 +32,12 @@ impl PermissionEnforcer {
     /// Check whether a tool can be executed under the current permission policy.
     /// Auto-denies when prompting is required but no prompter is provided.
     pub fn check(&self, tool_name: &str, input: &str) -> EnforcementResult {
+        // When the active mode is Prompt, defer to the caller's interactive
+        // prompt flow rather than hard-denying (the enforcer has no prompter).
+        if self.policy.active_mode() == PermissionMode::Prompt {
+            return EnforcementResult::Allowed;
+        }
+
         let outcome = self.policy.authorize(tool_name, input, None);
 
         match outcome {