Fix ChatGPT Web tool calls and web permission approvals

[sandro-salles]

Summary

• force the ChatGPT Web provider through non-persistent responses and strip stale item references before calling the Codex responses endpoint
• pass OpenAI provider options with store=false so tool-call continuations are serialized inline
• fix web permission approval actions to use yes/always/no, render prompt text, and expose filesystem scopes in the Permissions page
• wire the Permissions API to the live PermissionManager so web changes take effect immediately

Verification

• npm run -s typecheck
• npm test -s
• npm run -s build

Context

The ChatGPT Web Codex endpoint rejects persisted responses with store=true, but tool-call continuations could still include item_reference rows. That produced failures like: Item with id 'rs_*' not found. The web permissions UI also emitted allow/deny actions while the backend waited for yes/always/no, so approval prompts could not be resolved from the dashboard.

[Copilot]

Pull request overview

This PR addresses failures when using the ChatGPT Web Codex/Responses endpoint (by forcing non-persistent requests and removing stale item_references), and fixes the web permissions UX/API integration so approvals and filesystem scopes can be managed and applied live.

Changes:

• Force ChatGPT Web requests to be non-persistent (store=false) and strip item_reference entries before calling the Codex Responses endpoint; add unit coverage for the sanitizer.
• Update the chat permission prompt UI to use the backend’s expected approval actions (yes / always / no) and render prompt text.
• Expose and edit filesystem scopes in the Permissions page, and wire the web Permissions API to the live PermissionManager instance.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
ui/src/pages/Permissions.tsx	Adds a Filesystem Scopes editor and updates capability parsing to ignore non-boolean entries.
ui/src/pages/Chat.tsx	Fixes permission prompt actions, renders prompt text, and adds basic resolve/expiry feedback.
ui/src/components/chat/PermissionPrompt.tsx	Updates actions/status text for permission prompts (component appears unused).
src/web/server.ts	Re-exports setPermissionManager so the web layer can be wired to the live permission manager.
src/web/api/system.ts	Uses an injected PermissionManager for /api/permissions so changes take effect immediately.
src/providers/chatgpt-web.ts	Sanitizes outgoing requests: forces store=false, stream=true, and removes item_reference inputs.
src/providers/chatgpt-web.test.ts	Adds a Vitest unit test validating sanitization behavior.
src/index.ts	Wires the live PermissionManager from capabilities into the web server.
src/core/agent.ts	Passes provider options to force inline tool-call continuations for ChatGPT Web (openai.store=false).

Comments suppressed due to low confidence (1)

ui/src/components/chat/PermissionPrompt.tsx:76

• This PermissionPrompt component appears to be unused (no imports/usages found in ui/src), while ui/src/pages/Chat.tsx defines its own PermissionPrompt. Consider deleting this component or refactoring to a single shared implementation to avoid divergence over time.

            <div className="flex flex-wrap items-center gap-2">
              <Button size="sm" onClick={() => handleAction("yes")}>
                Allow Once
              </Button>
              <Button
                size="sm"
                variant="outline"
                onClick={() => handleAction("always")}
              >
                Always
              </Button>
              <Button
                size="sm"
                variant="ghost"
                onClick={() => handleAction("no")}
              >
                Deny
              </Button>
            </div>

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.