fix: managePermissions工具createUser动作未将password声明为必填参数，导致模型遗漏该参数

[binggg]

Attribution issue

• issueId: issue_moizl31y_hagnn4
• category: tool
• canonicalTitle: managePermissions工具createUser动作未将password声明为必填参数，导致模型遗漏该参数
• representativeRun: atomic-js-cloudbase-cli-user-create/2026-04-28T18-54-24-ba89b0

Automation summary

• root_cause: In managePermissions tool's inputSchema, password (and username) are declared as z.string().optional() without any description indicating they are required for createUser. The model sees "optional" in the generated MCP tool schema and omits the password parameter, causing a runtime error ("action=createUser requires username and password").
• changes: Added .describe() to both username and password fields in mcp/src/tools/permissions.ts:595-596 to explicitly state "action=createUser 时必填" (required when action=createUser). This is a Layer 1 fix — only tool description text, no logic changes.
• validation: TypeScript compiles cleanly (tsc --noEmit passes). All 3 skill quality test suites pass (10/10 tests).
• follow_up: None needed. The fix is minimal and directly addresses the canonical title — the tool schema now makes it explicit that password is required for createUser, so models will include it.

Changed files

• mcp/src/tools/permissions.ts

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[binggg]

Attribution post-PR evaluation

• visibility: internal identifiers, run ids, and private links are intentionally omitted
• attempt: 1
• eval_scope: primary_only
• overall: FAILED
• summary: at least one planned evaluation case failed
• updated_at: 2026-04-28T19:45:42.096Z

Cases

• [FAILED] — primary — evaluation failed