fix(agent): honor auth-disabled tool access after setup

Check explicit auth-disabled mode before configured-admin ownership checks so single-user mode keeps full agent tool access after setup.
2026-06-19 19:25:27 -04:00 · 2026-06-15 09:01:48 +03:00
parent 6824fbb729
commit a7766d0b7f
2 changed files with 34 additions and 3 deletions
@@ -177,13 +177,16 @@ def owner_is_admin_or_single_user(owner: Optional[str]) -> bool:
    defense-in-depth for callers that bypass it (e.g. trusted loopback).
    """
    try:
+        from src.auth_helpers import _auth_disabled
+
+        if _auth_disabled():
+            return True
+
        from core.auth import AuthManager

        auth = AuthManager()
        if not auth.is_configured:
-            from src.auth_helpers import _auth_disabled
-
-            return _auth_disabled()
+            return False
        return bool(owner and auth.is_admin(owner))
    except Exception as exc:
        logger.warning("Unable to evaluate owner admin status: %s", exc)