fix(claude-code): Permission routing for smart-approve#7501
fix(claude-code): Permission routing for smart-approve#7501jamadeo merged 1 commit intoblock:mainfrom
Conversation
SmartApprove was passing --permission-mode acceptEdits without enabling the control protocol (--permission-prompt-tool stdio), causing non-edit permission requests to silently fail. Removed --permission-mode acceptEdits to align with goose's own smart-approve semantics rather than Claude Code's (auto-approve edits). Both SmartApprove and Approve now route all permissions through goose via the control protocol. Change-Id: I152fa83deaef7eb8ca078633c7a916ed1aee89aa Signed-off-by: rabi <[email protected]>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 867d25622a
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| GooseMode::SmartApprove | GooseMode::Approve => { | ||
| cmd.arg("--permission-prompt-tool").arg("stdio"); |
There was a problem hiding this comment.
Routing GooseMode::SmartApprove through --permission-prompt-tool stdio makes Claude Code emit ActionRequired tool confirmations and then wait for a confirmation reply (rx.await in crates/goose/src/providers/claude_code.rs), but the web command path only handles MessageContent::ToolConfirmationRequest and drops ActionRequired messages (crates/goose-cli/src/commands/web.rs). In SmartApprove + goose web, any tool call that triggers a permission check will therefore stall indefinitely on the first confirmation request.
Useful? React with 👍 / 👎.
| GooseMode::SmartApprove | GooseMode::Approve => { | ||
| cmd.arg("--permission-prompt-tool").arg("stdio"); |
There was a problem hiding this comment.
This change routes SmartApprove into the action-required confirmation path, where Permission::AlwaysAllow is treated the same as AllowOnce and no permission-manager update is performed; persistence currently only happens in the non-action-required tool approval flow (crates/goose/src/agents/tool_execution.rs). As a result, SmartApprove users who choose “Always Allow” on Claude Code control prompts will be asked again on subsequent tool calls instead of having that decision stick.
Useful? React with 👍 / 👎.
|
The ActionRequired flow issues (web.rs handling, AlwaysAllow persistence) raised by |
rabi
changed the title
* main: (46 commits) chore(deps): bump minimatch from 10.1.1 to 10.2.3 in /evals/open-model-gym/suite (#7498) chore(deps): bump swiper from 11.2.10 to 12.1.2 in /documentation (#7368) Better network failure error & antrhopic retry (#7595) feat: make the text bar persistent and add a queue for messages (#7560) fix: outdated clippy command in goosehints (#7590) chore(deps): bump hono from 4.11.7 to 4.12.1 in /evals/open-model-gym/mcp-harness (#7417) chore(deps-dev): bump ajv from 6.12.6 to 6.14.0 in /ui/desktop (#7437) chore(deps): bump ajv from 8.17.1 to 8.18.0 in /evals/open-model-gym/mcp-harness (#7491) chore(deps): bump hono from 4.12.0 to 4.12.2 in /ui/desktop (#7515) chore(deps-dev): bump rollup from 4.57.1 to 4.59.0 in /ui/desktop (#7522) chore(deps): bump minimatch in /ui/desktop (#7572) fix: validate configure probe for streaming providers (#7564) Dockerfile: add missing build/runtime dependencies (#7546) fix(claude-code): Permission routing for smart-approve (#7501) Add base_path field to custom provider config (#7558) fix(cli): avoid debug logging by default in CLI (#7569) fix: panic on corrupted permission.yaml instead of silently allowing all (#7432) (#7458) fix(openai): handle null reasoning effort in Responses API (#7469) Allow GOOSE_NODE_DIR override in batch file (#7422) feat: add analyze platform extension with tree-sitter AST parsing (#7542) ...
* origin/main: (27 commits)
feat: return structured {stdout, stderr} from shell tool with output schema (#7604)
Improve custom provider creation experience (#7541)
fix(scheduler): schedules added via CLI showing up in UI (#7594)
chore: openai reasoning model cleanup (#7529)
chore(deps): bump hono from 4.12.1 to 4.12.3 in /evals/open-model-gym/mcp-harness (#7585)
chore(deps): bump minimatch from 10.1.1 to 10.2.3 in /evals/open-model-gym/suite (#7498)
chore(deps): bump swiper from 11.2.10 to 12.1.2 in /documentation (#7368)
Better network failure error & antrhopic retry (#7595)
feat: make the text bar persistent and add a queue for messages (#7560)
fix: outdated clippy command in goosehints (#7590)
chore(deps): bump hono from 4.11.7 to 4.12.1 in /evals/open-model-gym/mcp-harness (#7417)
chore(deps-dev): bump ajv from 6.12.6 to 6.14.0 in /ui/desktop (#7437)
chore(deps): bump ajv from 8.17.1 to 8.18.0 in /evals/open-model-gym/mcp-harness (#7491)
chore(deps): bump hono from 4.12.0 to 4.12.2 in /ui/desktop (#7515)
chore(deps-dev): bump rollup from 4.57.1 to 4.59.0 in /ui/desktop (#7522)
chore(deps): bump minimatch in /ui/desktop (#7572)
fix: validate configure probe for streaming providers (#7564)
Dockerfile: add missing build/runtime dependencies (#7546)
fix(claude-code): Permission routing for smart-approve (#7501)
Add base_path field to custom provider config (#7558)
...
* main: (74 commits)
feat: return structured {stdout, stderr} from shell tool with output schema (#7604)
Improve custom provider creation experience (#7541)
fix(scheduler): schedules added via CLI showing up in UI (#7594)
chore: openai reasoning model cleanup (#7529)
chore(deps): bump hono from 4.12.1 to 4.12.3 in /evals/open-model-gym/mcp-harness (#7585)
chore(deps): bump minimatch from 10.1.1 to 10.2.3 in /evals/open-model-gym/suite (#7498)
chore(deps): bump swiper from 11.2.10 to 12.1.2 in /documentation (#7368)
Better network failure error & antrhopic retry (#7595)
feat: make the text bar persistent and add a queue for messages (#7560)
fix: outdated clippy command in goosehints (#7590)
chore(deps): bump hono from 4.11.7 to 4.12.1 in /evals/open-model-gym/mcp-harness (#7417)
chore(deps-dev): bump ajv from 6.12.6 to 6.14.0 in /ui/desktop (#7437)
chore(deps): bump ajv from 8.17.1 to 8.18.0 in /evals/open-model-gym/mcp-harness (#7491)
chore(deps): bump hono from 4.12.0 to 4.12.2 in /ui/desktop (#7515)
chore(deps-dev): bump rollup from 4.57.1 to 4.59.0 in /ui/desktop (#7522)
chore(deps): bump minimatch in /ui/desktop (#7572)
fix: validate configure probe for streaming providers (#7564)
Dockerfile: add missing build/runtime dependencies (#7546)
fix(claude-code): Permission routing for smart-approve (#7501)
Add base_path field to custom provider config (#7558)
...
Signed-off-by: rabi <[email protected]>
2 participants
Summary
SmartApprove was passing --permission-mode acceptEdits without enabling the control protocol (--permission-prompt-tool stdio), causing non-edit permission requests to silently fail.
Removed --permission-mode acceptEdits to align with goose's own smart-approve semantics rather than Claude Code's (auto-approve edits). Both SmartApprove and Approve now route all permissions through goose via the control protocol.
Type of Change
Testing
Tested locally.