Summary
In process_pending_secret_requests(), when channel.confirm() times out after 120 seconds, the secret is denied. However, the sub-agent may re-request the same secret on its next turn, causing a duplicate prompt on the next tick iteration.
Reproduction
- A sub-agent requests a secret during plan execution.
- The user does not respond within 120 seconds → secret is denied.
- The sub-agent loops and requests the same secret again.
- The prompt appears again, creating a confusing UX.
Expected behavior
After a timeout denial, the orchestrator should not re-prompt for the same secret key within the same plan execution.
Impact
Low — requires user inaction for 120s and a sub-agent that retries secret requests.
Suggested fix
Track denied secret keys per handle_id in the tick loop and skip re-prompting for already-denied keys.
Identified as IC-CRIT-05 in validator review of PR for issue #1434.
Summary
In
process_pending_secret_requests(), whenchannel.confirm()times out after 120 seconds, the secret is denied. However, the sub-agent may re-request the same secret on its next turn, causing a duplicate prompt on the next tick iteration.Reproduction
Expected behavior
After a timeout denial, the orchestrator should not re-prompt for the same secret key within the same plan execution.
Impact
Low — requires user inaction for 120s and a sub-agent that retries secret requests.
Suggested fix
Track denied secret keys per handle_id in the tick loop and skip re-prompting for already-denied keys.
Identified as IC-CRIT-05 in validator review of PR for issue #1434.