feat(tui): redesign permission prompts#36726
Open
kitlangton wants to merge 1 commit into
Open
Conversation
Contributor
|
In Also, the resource comparison is exact array equality (same length + same order). Is the order sensitivity intended, or should it be set-based? If the tool can list resources in a different order between the followup metadata and the actual request, the auto-approval silently fails. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Redesign the V2 TUI permission dock around the operation the user is reviewing, revisiting the direction from #20594 against the current V2 permission model.
1-9selection.external_directory.Allow always.1. Compact review
A routine request stays docked and exposes its direct keyboard choices.
2. Full inspection
External mutations summarize their content in the dock and expand to the complete operation with
ctrl+f.3. One external file decision
Approving a built-in external file operation covers its exact, call-scoped
readoreditfollow-up. A resource mismatch or configured deny still uses normal permission evaluation.Before / After
Before: An external write first asked for generic directory patterns, then immediately asked again for the write's
editpermission. The first prompt did not describe the file content. Permission choices had no numeric shortcuts, every prompt advertised fullscreen, and saved-scope copy described restart-scoped behavior even though V2 approvals are durable and project-scoped.After: The first prompt identifies the external write, file, canonical directory, saved scope, and content summary. Fullscreen reveals the complete content. Approval suppresses only the exact built-in follow-up action and resources from the same session/message/tool call, while explicit denies still win.
Allow alwayskeeps a confirmation step that shows the saved scope.How
packages/tui/src/routes/session/permission.tsxderives operation-specific display data from the source tool, adds numbered controls, responsive geometry, scope confirmation, and fullscreen external-content inspection.packages/tui/src/routes/session/index.tsxkeys permission prompts by request ID so stage, selection, and fullscreen state cannot leak into the next request.packages/core/src/permission.tsstores one bounded, one-shot external follow-up keyed by the exact tool source and exact action/resources.packages/docs/permissions.mdxdocuments project-scoped approvals and exact external file follow-ups.Scope
This PR updates the full V2 TUI and V2 Core permission flow. It does not redesign the web app dock or direct-mode mini footer.
Testing
bun turbo typecheck --concurrency=3(push hook, 32 packages)bun run testinpackages/core(1,278 passed, 6 skipped)bun run testinpackages/tui(217 passed, 1 skipped)bun validateinpackages/docsbun broken-linksinpackages/docsopencode-drive check ./permission-panel.drive.tsDemo
The captures use an isolated OpenCode Drive instance with a simulated model and real V2 permission/tool execution.
Project-scoped
Allow alwaysconfirmationhttps://github.com/user-attachments/assets/fbf3be2a-bce1-4258-9fdb-ad9cc638690b
External write dock
https://github.com/user-attachments/assets/8a0d01c9-65b7-4bc7-9c7c-a045a8988763
Fullscreen content inspection
https://github.com/user-attachments/assets/d68e2e89-c7c6-47f2-82b8-cdea96f3dfdd
44-column layout
https://github.com/user-attachments/assets/169c652e-a47f-433f-8ed6-2567ff7cebda
Flow
flowchart TD A[Built-in file tool resolves external target] --> B[Assert external_directory with exact follow-up] B --> C[User reviews operation and scope] C -->|Reject| D[Stop tool] C -->|Allow once / always| E[Remember one exact call-scoped follow-up] E --> F[Tool asserts read or edit] F --> G{Action and resources match?} G -->|Yes, no configured deny| H[Consume grant and execute] G -->|No or denied| I[Use normal permission evaluation]