feat(acp): add ACP external agent support

[YingchaoX]

Description

Add ACP (Agent Communication Protocol) external agent support across backend, console, runtime policy, tests, and docs.

This PR introduces ACP harness configuration and execution flow, adds approval-aware external agent handling, supports session reuse / restore behavior, exposes ACP settings in the Console, and adds the related tests and documentation updates. It also includes follow-up fixes from local verification so pre-commit and pytest pass cleanly before review.

Related Issue: Fixes #1059; Relates to #2291

Security Considerations: Adds approval-aware ACP execution controls, path / tool safety checks, unverified harness restrictions for dangerous actions, and new harness configuration fields that affect runtime permission behavior.

Type of Change

• Bug fix
• New feature
• Breaking change
• Documentation
• Refactoring

Component(s) Affected

• Core / Backend (app, agents, config, providers, utils, local_models)
• Console (frontend web UI)
• Channels (DingTalk, Feishu, QQ, Discord, iMessage, etc.)
• Skills
• CLI
• Documentation (website)
• Tests
• CI/CD
• Scripts / Deploy

Checklist

• I ran pre-commit run --all-files locally and it passes
• If pre-commit auto-fixed files, I committed those changes and reran checks
• I ran tests locally (pytest or as relevant) and they pass
• Documentation updated (if needed)
• Ready for review

Testing

1. Configure ACP harnesses in the Console ACP settings page.
2. Start an ACP-backed external agent flow from chat.
3. Verify approval-required behavior for dangerous actions.
4. Verify read-only / preapproved flows still proceed correctly.
5. Verify follow-up turns can restore or reuse ACP sessions as expected.
6. Verify docs render correctly for the new ACP pages.

Local Verification Evidence

uv run pre-commit run --all-files
Passed
check python ast.........................................................Passed
sort simple yaml files...............................(no files to check)Skipped
check yaml...............................................................Passed
check xml................................................................Passed
check toml...............................................................Passed
check docstring is first.................................................Passed
check json...............................................................Passed
fix python encoding pragma...............................................Passed
detect private key.......................................................Passed
trim trailing whitespace.................................................Passed
Add trailing commas......................................................Passed
mypy.....................................................................Passed
black....................................................................Passed
flake8...................................................................Passed
pylint...................................................................Passed
prettier.................................................................Passed

uv run pytest
============================= 412 passed in 26.87s =============================

Additional Notes

[github-actions]

Welcome to CoPaw! 🐾

Hi @YingchaoX, this is your 6th Pull Request.

🙌 Join Developer Community

Thanks so much for your contribution! We'd love to invite you to join the official CoPaw developer group! You can find the Discord and DingTalk group links under the "Developer Community" section on our docs page:
https://copaw.agentscope.io/docs/community

We truly appreciate your enthusiasm—and look forward to your future contributions! 😊

We'll review your PR soon.

[gemini-code-assist]

Code Review

This pull request implements the Agent Client Protocol (ACP), allowing CoPaw to integrate with external coding agents like OpenCode and Qwen-code. The changes include a comprehensive management UI, backend runtime services using JSON-RPC over stdio, and security enhancements for handling dangerous operations via user approvals. Feedback was provided regarding the argument parsing logic in the harness configuration, which fails to correctly handle quoted strings containing spaces.