Skip to content

fix: restore smart-approve mode#7690

Merged
codefromthecrypt merged 1 commit intomainfrom
adrian/smart-perms
Mar 6, 2026
Merged

fix: restore smart-approve mode#7690
codefromthecrypt merged 1 commit intomainfrom
adrian/smart-perms

Conversation

@codefromthecrypt
Copy link
Copy Markdown
Collaborator

@codefromthecrypt codefromthecrypt commented Mar 6, 2026

Summary

Users who pick SmartApprove get prompted for every tool call, same as Approve since #4237. This is due to features supporting SmartApprove being orphaned.

  • The inspector now checks PermissionManager.is_readonly_annotated_tool() and the smart_approve permission cache before prompting, gated to SmartApprove mode.
  • The agent populates readonly_annotated_tools on PermissionManager from read_only_hint annotations when tools load.
  • LLM-based read-only detection for unannotated tools via detect_read_only_tools. Results are cached in the smart_approve permission store.

Type of Change

  • Bug fix
  • Tests

AI Assistance

  • This PR was created or reviewed with AI assistance

Testing

SmartApprove auto-approves read-only tools

$ GOOSE_MODE=smart_approve target/release/goose run \                                                                           
> --with-builtin developer \
> -t 'Use the tree tool to list the current directory'

    __( O)>  ● new session · tetrate gpt-5-nano
   \____)    20260306_7 · /Users/codefromthecrypt/oss/goose-2
     L L     goose is ready

  ▸ tree
    path: /Users/codefromthecrypt/oss/goose-2

bin/  [99]
  README.hermit.md  [7]
  activate-hermit  [21]
  activate-hermit.fish  [24]
  hermit  [43]
  hermit.hcl  [4]
--snip--

SmartApprove LLM detection auto-approves unannotated read-only tools

$ GOOSE_MODE=smart_approve target/release/goose run \                                                                           
> --with-streamable-http-extension 'https://mcp.kiwi.com' \
> -t 'Use the kiwi search-flight tool to find fastest itinerary from BKI to SYD tomorrow.'

    __( O)>  ● new session · tetrate gpt-5-nano
   \____)    20260306_8 · /Users/codefromthecrypt/oss/goose-2
     L L     goose is ready

  ▸ search-flight mcp_kiwi_com
    flyFrom: BKI
    flyTo: SYD
--snip--

SmartApprove still prompts for non-read-only tools

$ GOOSE_MODE=smart_approve target/release/goose session --with-builtin developer

    __( O)>  ● new session · tetrate gpt-5-nano
   \____)    20260306_9 · /Users/codefromthecrypt/oss/goose-2
     L L     goose is ready
  ╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌╌ 0% 0/400k
🪿 Run the shell command: echo hello

  ▸ shell
    command: cd /Users/codefromthecrypt/oss/goose-2 && echo hello

◆  Goose would like to call the above tool, do you allow?
│  ● Allow (Allow the tool call once)
│  ○ Always Allow 
│  ○ Deny 
│  ○ Cancel 
└

Related Issues

Regression from #4237
Original feature: #1371

@codefromthecrypt codefromthecrypt requested a review from Copilot March 6, 2026 07:10
Copilot AI reviewed Mar 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR restores SmartApprove behavior by reintroducing read-only tool auto-approval, using MCP read_only_hint annotations and an LLM-based fallback for unannotated tools, with caching to avoid repeated prompts.

Changes:

  • Extend ToolInspector / ToolInspectionManager interfaces to accept session_id, and plumb it through agent + tests.
  • Populate and consult a read-only annotation set (read_only_hint) and SmartApprove permission cache to skip prompts in SmartApprove mode.
  • Add/extend integration tests to cover SmartApprove read-only auto-approval and LLM-based detection.

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
crates/goose/src/tool_inspection.rs Adds session_id to inspector API and passes it to inspectors.
crates/goose/src/agents/agent.rs Wires shared provider into the permission inspector and applies tool annotations in SmartApprove.
crates/goose/src/permission/permission_inspector.rs Implements SmartApprove annotation/cache checks and LLM-based read-only detection with caching.
crates/goose/src/config/permission.rs Tracks read-only annotated tools and applies MCP tool annotations into permission state.
crates/goose/src/permission/permission_judge.rs Removes the old permission-check entrypoint; keeps detect_read_only_tools for LLM judging.
crates/goose/src/security/security_inspector.rs Updates inspector signature for session_id.
crates/goose/src/tool_monitor.rs Updates inspector signature for session_id.
crates/goose/tests/tool_inspection_manager_tests.rs Updates mocks and calls for new inspect_tools(session_id, ...) signature.
crates/goose/tests/providers.rs Adds SmartApprove integration tests for annotated and LLM-detected read-only tools.
crates/goose-test-support/src/mcp.rs Annotates get_code fixture tool as read-only via read_only_hint.
crates/goose/src/permission/mod.rs Removes re-export of detect_read_only_tools.

@codefromthecrypt codefromthecrypt marked this pull request as ready for review March 6, 2026 09:07
chatgpt-codex-connector[bot]
chatgpt-codex-connector bot reviewed Mar 6, 2026
View reviewed changes
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: cd0e8738e9

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

DOsinga
DOsinga approved these changes Mar 6, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@DOsinga DOsinga left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we could probably do a better job on the GooseMode <-> string conversion, but good fix

@codefromthecrypt codefromthecrypt added this pull request to the merge queue Mar 6, 2026
Merged via the queue into main with commit b4546f6 Mar 6, 2026
21 checks passed
@codefromthecrypt codefromthecrypt deleted the adrian/smart-perms branch March 6, 2026 15:57
wpfleger96 added a commit that referenced this pull request Mar 6, 2026
@wpfleger96
Merge remote-tracking branch 'origin/main' into wpfleger/socket-support
057a044 
* origin/main:
  fix: restore smart-approve mode (#7690)
  fix: make TLS configurable in goosed agent via GOOSE_TLS env var (#7686)
wpfleger96 added a commit that referenced this pull request Mar 6, 2026
@wpfleger96
Merge remote-tracking branch 'origin/main' into wpfleger/summon
ec87472 
* origin/main: (59 commits)
  fix: restore smart-approve mode (#7690)
  fix: make TLS configurable in goosed agent via GOOSE_TLS env var (#7686)
  Update to rmcp 1.1.0 (#7619)
  Fix max turns configuration (#7612)
  feat: add base path field to custom provider configuration (#7614)
  fix: compare extension configs before skipping add_extension (#7650)
  chore(release): release version 1.27.0 (minor) (#7611)
  feat: better private channel detection, bot version debugging (#7680)
  chore(deps): bump svgo from 3.3.2 to 3.3.3 in /documentation (#7667)
  fix: only add viewable channels to bot context (#7678)
  chore: added a recipe to help identify high risk change prs for testing (#7651)
  fix: make sure platform binary exists (#7676)
  fix(shell): replace global static output buffer with per-instance TempDir (#7632)
  opt: remove timestamped config file backup (#7618)
  chore(deps): bump @hono/node-server from 1.19.9 to 1.19.10 in /ui/desktop (#7662)
  chore(deps): bump hono from 4.12.3 to 4.12.5 in /evals/open-model-gym/mcp-harness (#7661)
  chore(deps): bump hono from 4.12.2 to 4.12.5 in /ui/desktop (#7660)
  fix: resolve parameters in initial message with autosubmit (#7659)
  fix: this should not be blocked (#7656)
  Relax the assertion for the model list ACP test (#7653)
  ...
wpfleger96 added a commit that referenced this pull request Mar 6, 2026
@wpfleger96
Merge remote-tracking branch 'origin/main' into wpfleger/tool-respons…
0036b81 
…e-issue

* origin/main:
  feat: combine TUI UX from alexhancock/tui-goodness with publishing config from jackamadeo/package-tui (#7683)
  chore: cleanup old sandbox (#7700)
  Correct windows artifact (#7699)
  gh fall back (#7695)
  fix: restore smart-approve mode (#7690)
  fix: make TLS configurable in goosed agent via GOOSE_TLS env var (#7686)
  Update to rmcp 1.1.0 (#7619)
@codefromthecrypt codefromthecrypt mentioned this pull request Mar 6, 2026
Merged
2 tasks
jh-block added a commit that referenced this pull request Mar 9, 2026
@jh-block
Merge remote-tracking branch 'origin/main' into jhugo/bump-workspace-…
ff7b8b2 
…deps

* origin/main: (34 commits)
  fix: reduce server log verbosity — skip session in instrument, defaul… (#7729)
  fix: provider test infrastructure (#7738)
  fix: sanitize streamable HTTP extension names derived from URLs (#7740)
  refactor: derive GooseMode string conversions with strum (#7706)
  docs: Add Spraay Batch Payments MCP Extension Tutorial (#7525)
  fix: flake.nix (#7224)
  delete goose web (#7696)
  Add @angiejones as CODEOWNER for documentation (#7711)
  Add MLflow integration guide (#7563)
  docs: LM Studio availability (#7698)
  feat: add Avian as an LLM provider (#7561)
  Adds `linux-mcp-server` to the goose registry (#6979)
  fix: add #[serde(default)] to description field on 4 ExtensionConfig variants (#7708)
  feat: combine TUI UX from alexhancock/tui-goodness with publishing config from jackamadeo/package-tui (#7683)
  chore: cleanup old sandbox (#7700)
  Correct windows artifact (#7699)
  gh fall back (#7695)
  fix: restore smart-approve mode (#7690)
  fix: make TLS configurable in goosed agent via GOOSE_TLS env var (#7686)
  Update to rmcp 1.1.0 (#7619)
  ...

# Conflicts:
#	Cargo.lock
@github-actions github-actions bot mentioned this pull request Mar 10, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@chatgpt-codex-connector chatgpt-codex-connector[bot] chatgpt-codex-connector[bot] left review comments

@DOsinga DOsinga DOsinga approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@codefromthecrypt @DOsinga