Merge pull request 'fix(sessions): unify dual suspension systems, wire approve to agentic_resume' (#18) from fix/agentic-tool-approval-unification into main
fix(sessions): unify dual suspension systems, wire approve to agentic_resume
This commit was merged in pull request #18.
This commit is contained in:
+97
-147
@@ -463,6 +463,15 @@ fn session_auto_title(session_id: String, first_message: String) -> Void {
|
||||
// handle_session_approve — handle tool approval for a pending agentic tool call.
|
||||
// action: "allow" | "deny" | "always"
|
||||
// Resumes the agentic loop from where it was paused.
|
||||
//
|
||||
// Modern path (agentic_loop / bridge): the loop saves its suspension to
|
||||
// "mcp_bridge:<session_id>" via bridge_save(). On approval we dispatch_tool()
|
||||
// if allowed (or build a denial string), then hand the result to agentic_resume()
|
||||
// which re-enters agentic_loop from exactly the right point.
|
||||
//
|
||||
// Legacy path (pending_tool_<session_id>): used by any in-flight sessions that
|
||||
// were suspended by the old inline loop before a deploy. Kept so those sessions
|
||||
// are not broken during a rolling restart.
|
||||
fn handle_session_approve(session_id: String, body: String) -> String {
|
||||
if str_eq(session_id, "") {
|
||||
return "{\"error\":\"session_id is required\"}"
|
||||
@@ -476,7 +485,71 @@ fn handle_session_approve(session_id: String, body: String) -> String {
|
||||
return "{\"error\":\"action is required (allow|deny|always)\"}"
|
||||
}
|
||||
|
||||
// Load the pending tool state
|
||||
let eff_action: String = if str_eq(action, "always") { "allow" } else { action }
|
||||
|
||||
// ── Modern path: suspension is in mcp_bridge:<session_id> ──────────────
|
||||
// agentic_loop (chat.el) writes here via bridge_save(). This is the primary
|
||||
// path for all sessions created through handle_chat_agentic / agentic_loop.
|
||||
let bridge_blob: String = state_get("mcp_bridge:" + session_id)
|
||||
if !str_eq(bridge_blob, "") {
|
||||
// For "always": record tool_name in the always-allow list before resuming.
|
||||
// The tool_name is not stored in the bridge blob (only tool_use_id is).
|
||||
// Accept it from the body so the client can pass it along.
|
||||
let always_key: String = "always_allow_" + session_id
|
||||
let approve_tool_name: String = json_get(body, "tool_name")
|
||||
let discard_always: Bool = if str_eq(action, "always") && !str_eq(approve_tool_name, "") {
|
||||
let always_list: String = state_get(always_key)
|
||||
let new_always: String = if str_eq(always_list, "") { approve_tool_name }
|
||||
else { always_list + "," + approve_tool_name }
|
||||
state_set(always_key, new_always)
|
||||
true
|
||||
} else { false }
|
||||
|
||||
// BLOCKER: tool_name is required for allow — an empty approve_tool_name
|
||||
// would cause dispatch_tool("", ...) to silently return "unknown tool: "
|
||||
// and inject a corrupted result into the conversation. Reject early.
|
||||
if str_eq(approve_tool_name, "") && str_eq(eff_action, "allow") {
|
||||
return "{\"error\":\"tool_name is required for allow action\"}"
|
||||
}
|
||||
|
||||
// Build the content string the tool produced (or the denial message).
|
||||
//
|
||||
// For MCP/client-side tools (non-builtin): the client has ALREADY executed
|
||||
// the tool and posts the result in body["content"]. Accept it directly
|
||||
// (matching the handle_tool_result contract) rather than re-running
|
||||
// server-side via dispatch_tool — that would make the client-side execution
|
||||
// irrelevant and would break mcp__* tools the soul cannot reach.
|
||||
//
|
||||
// For builtin tools with no client-provided content: fall back to
|
||||
// dispatch_tool so those tools still execute correctly.
|
||||
let client_content: String = json_get(body, "content")
|
||||
let use_client_content: Bool = !str_eq(client_content, "")
|
||||
let use_dispatch: Bool = is_builtin_tool(approve_tool_name) && !use_client_content
|
||||
let raw_input: String = json_get_raw(body, "tool_input")
|
||||
let eff_input: String = if str_eq(raw_input, "") { "{}" } else { raw_input }
|
||||
let content: String = if str_eq(eff_action, "allow") {
|
||||
if use_client_content {
|
||||
let trimmed: String = if str_len(client_content) > 6000 {
|
||||
str_slice(client_content, 0, 6000) + "...[truncated]"
|
||||
} else { client_content }
|
||||
trimmed
|
||||
} else if use_dispatch {
|
||||
let raw: String = dispatch_tool(approve_tool_name, eff_input)
|
||||
if str_len(raw) > 6000 { str_slice(raw, 0, 6000) + "...[truncated]" } else { raw }
|
||||
} else {
|
||||
// Non-builtin tool, no client content — error rather than
|
||||
// silently dispatching a tool the soul cannot execute.
|
||||
"{\"error\":\"client content required for non-builtin tool: " + approve_tool_name + "\"}"
|
||||
}
|
||||
} else {
|
||||
"{\"error\":\"User denied this tool call\"}"
|
||||
}
|
||||
|
||||
return agentic_resume(session_id, call_id, content)
|
||||
}
|
||||
|
||||
// ── Legacy path: suspension is in pending_tool_<session_id> ────────────
|
||||
// Kept for in-flight sessions that were suspended before a deploy.
|
||||
let pending_raw: String = state_get("pending_tool_" + session_id)
|
||||
if str_eq(pending_raw, "") {
|
||||
return "{\"error\":\"no pending tool for session\",\"session_id\":\"" + session_id + "\"}"
|
||||
@@ -489,14 +562,13 @@ fn handle_session_approve(session_id: String, body: String) -> String {
|
||||
|
||||
let tool_name: String = json_get(pending_raw, "tool_name")
|
||||
let tool_input: String = json_get_raw(pending_raw, "tool_input")
|
||||
let messages: String = json_get_raw(pending_raw, "messages_so_far")
|
||||
let model: String = json_get(pending_raw, "model")
|
||||
let safe_sys: String = json_get(pending_raw, "system")
|
||||
|
||||
// For "always": add to always-allow list
|
||||
let always_key: String = "always_allow_" + session_id
|
||||
let always_list: String = state_get(always_key)
|
||||
let discard_always: Bool = if str_eq(action, "always") {
|
||||
let discard_always2: Bool = if str_eq(action, "always") {
|
||||
let new_always: String = if str_eq(always_list, "") { tool_name }
|
||||
else { always_list + "," + tool_name }
|
||||
state_set(always_key, new_always)
|
||||
@@ -506,157 +578,35 @@ fn handle_session_approve(session_id: String, body: String) -> String {
|
||||
// Clear pending state
|
||||
state_set("pending_tool_" + session_id, "")
|
||||
|
||||
let eff_action: String = if str_eq(action, "always") { "allow" } else { action }
|
||||
|
||||
// Build tool result
|
||||
let tool_result: String = if str_eq(eff_action, "allow") {
|
||||
let raw: String = dispatch_tool(tool_name, tool_input)
|
||||
if str_len(raw) > 6000 { str_slice(raw, 0, 6000) + "...[truncated]" } else { raw }
|
||||
} else {
|
||||
json_safe("{\"error\":\"User denied this tool call\"}")
|
||||
"{\"error\":\"User denied this tool call\"}"
|
||||
}
|
||||
|
||||
let tool_msg: String = "{\"type\":\"tool_result\",\"tool_use_id\":\"" + call_id + "\",\"content\":\"" + tool_result + "\"}"
|
||||
// Legacy sessions stored messages_so_far; synthesise a bridge blob so the
|
||||
// same agentic_resume path handles continuation (instead of an inline loop).
|
||||
// messages_so_far already includes the assistant turn that requested the tool.
|
||||
let legacy_messages: String = json_get_raw(pending_raw, "messages_so_far")
|
||||
// WARNING: the original session may have used agentic_tools_with_web() or
|
||||
// agentic_tools_all(). The old pending blob did not store the tools variant.
|
||||
// Read a "tools_variant" field if present (future suspensions record it);
|
||||
// fall back to agentic_tools_literal() for legacy blobs that lack this field.
|
||||
let stored_variant: String = json_get(pending_raw, "tools_variant")
|
||||
let tools_json: String = if str_eq(stored_variant, "web") { agentic_tools_with_web() }
|
||||
else if str_eq(stored_variant, "all") { agentic_tools_all() }
|
||||
else { agentic_tools_literal() }
|
||||
|
||||
// Reconstruct messages with the tool result appended
|
||||
// messages_so_far is the messages array at the point of the tool call
|
||||
// We need to append a user turn with the tool result and re-enter the loop
|
||||
let inner: String = str_slice(messages, 1, str_len(messages) - 1)
|
||||
let resumed_messages: String = "[" + inner + ",{\"role\":\"user\",\"content\":[" + tool_msg + "]}]"
|
||||
// Write a synthetic bridge blob so agentic_resume can pick it up.
|
||||
let blob: String = "{\"model\":\"" + json_safe(model) + "\""
|
||||
+ ",\"safe_sys\":\"" + json_safe(safe_sys) + "\""
|
||||
+ ",\"tools_json\":\"" + json_safe(tools_json) + "\""
|
||||
+ ",\"messages\":\"" + json_safe(legacy_messages) + "\""
|
||||
+ ",\"tools_log\":\"\""
|
||||
+ ",\"tool_use_id\":\"" + json_safe(call_id) + "\"}"
|
||||
state_set("mcp_bridge:" + session_id, blob)
|
||||
|
||||
// Re-enter the agentic loop with the resumed messages
|
||||
let api_key: String = agentic_api_key()
|
||||
let tools_json: String = agentic_tools_literal()
|
||||
let api_url: String = "https://api.anthropic.com/v1/messages"
|
||||
let h: Map = {}
|
||||
map_set(h, "x-api-key", api_key)
|
||||
map_set(h, "anthropic-version", "2023-06-01")
|
||||
map_set(h, "content-type", "application/json")
|
||||
|
||||
let final_text: String = ""
|
||||
let tools_log: String = ""
|
||||
let iteration: Int = 0
|
||||
let keep_going: Bool = true
|
||||
let cur_messages: String = resumed_messages
|
||||
|
||||
while keep_going && iteration < 8 {
|
||||
let req_body: String = "{\"model\":\"" + model + "\""
|
||||
+ ",\"max_tokens\":4096"
|
||||
+ ",\"system\":\"" + safe_sys + "\""
|
||||
+ ",\"tools\":" + tools_json
|
||||
+ ",\"messages\":" + cur_messages
|
||||
+ "}"
|
||||
|
||||
let raw_resp: String = http_post_with_headers(api_url, req_body, h)
|
||||
|
||||
let is_error: Bool = str_starts_with(raw_resp, "{\"error\"")
|
||||
|| str_starts_with(raw_resp, "{\"type\":\"error\"")
|
||||
|| str_contains(raw_resp, "authentication_error")
|
||||
if is_error {
|
||||
return "{\"error\":\"llm unavailable\",\"reply\":\"\"}"
|
||||
}
|
||||
|
||||
let stop_reason: String = json_get(raw_resp, "stop_reason")
|
||||
let content_arr: String = json_get_raw(raw_resp, "content")
|
||||
let eff_content: String = if str_eq(content_arr, "") { "[]" } else { content_arr }
|
||||
|
||||
let text_out: String = ""
|
||||
let has_tool: Bool = false
|
||||
let next_tool_id: String = ""
|
||||
let next_tool_name: String = ""
|
||||
let next_tool_input: String = ""
|
||||
let ci: Int = 0
|
||||
let c_total: Int = json_array_len(eff_content)
|
||||
while ci < c_total {
|
||||
let block: String = json_array_get(eff_content, ci)
|
||||
let btype: String = json_get(block, "type")
|
||||
let text_out = if str_eq(btype, "text") { text_out + json_get(block, "text") } else { text_out }
|
||||
let is_new_tool: Bool = str_eq(btype, "tool_use") && !has_tool
|
||||
let has_tool = if is_new_tool { true } else { has_tool }
|
||||
let next_tool_id = if is_new_tool { json_get(block, "id") } else { next_tool_id }
|
||||
let next_tool_name = if is_new_tool { json_get(block, "name") } else { next_tool_name }
|
||||
let next_tool_input = if is_new_tool { json_get_raw(block, "input") } else { next_tool_input }
|
||||
let ci = ci + 1
|
||||
}
|
||||
|
||||
let is_tool_turn: Bool = str_eq(stop_reason, "tool_use") && has_tool
|
||||
let inner2: String = str_slice(cur_messages, 1, str_len(cur_messages) - 1)
|
||||
|
||||
// Check if this next tool is in the always-allow list
|
||||
let always_list2: String = state_get(always_key)
|
||||
let is_always: Bool = str_contains(always_list2, next_tool_name) && !str_eq(next_tool_name, "")
|
||||
|
||||
// For approval-required sessions, pause on tool use if not always-allowed
|
||||
let require_approval: String = state_get("session_require_approval_" + session_id)
|
||||
let needs_pause: Bool = is_tool_turn && str_eq(require_approval, "true") && !is_always
|
||||
|
||||
let next_tool_result: String = if is_tool_turn && !needs_pause {
|
||||
let raw2: String = dispatch_tool(next_tool_name, next_tool_input)
|
||||
if str_len(raw2) > 6000 { str_slice(raw2, 0, 6000) + "...[truncated]" } else { raw2 }
|
||||
} else { "" }
|
||||
|
||||
let next_tool_msg: String = "{\"type\":\"tool_result\",\"tool_use_id\":\"" + next_tool_id + "\",\"content\":\"" + next_tool_result + "\"}"
|
||||
let tool_entry: String = "{\"tool\":\"" + next_tool_name + "\",\"input\":\"" + json_safe(next_tool_name) + "\"}"
|
||||
let tools_log = if is_tool_turn && !needs_pause {
|
||||
if str_eq(tools_log, "") { tool_entry } else { tools_log + "," + tool_entry }
|
||||
} else { tools_log }
|
||||
|
||||
let cur_messages = if is_tool_turn && !needs_pause {
|
||||
"[" + inner2
|
||||
+ ",{\"role\":\"assistant\",\"content\":" + eff_content + "}"
|
||||
+ ",{\"role\":\"user\",\"content\":[" + next_tool_msg + "]}"
|
||||
+ "]"
|
||||
} else { cur_messages }
|
||||
|
||||
// Pause if approval needed for next tool
|
||||
let discard_pause: Bool = if needs_pause {
|
||||
let safe_sys2: String = json_safe(safe_sys)
|
||||
let msgs_with_assistant: String = "[" + inner2
|
||||
+ ",{\"role\":\"assistant\",\"content\":" + eff_content + "}]"
|
||||
let pending: String = "{\"call_id\":\"" + next_tool_id + "\""
|
||||
+ ",\"tool_name\":\"" + next_tool_name + "\""
|
||||
+ ",\"tool_input\":" + next_tool_input
|
||||
+ ",\"messages_so_far\":" + msgs_with_assistant
|
||||
+ ",\"model\":\"" + model + "\""
|
||||
+ ",\"system\":\"" + safe_sys2 + "\"}"
|
||||
state_set("pending_tool_" + session_id, pending)
|
||||
true
|
||||
} else { false }
|
||||
|
||||
let final_text = if !is_tool_turn { text_out } else { final_text }
|
||||
let keep_going = if !is_tool_turn { false } else {
|
||||
if needs_pause { false } else { keep_going }
|
||||
}
|
||||
let iteration = iteration + 1
|
||||
}
|
||||
|
||||
// Check if we paused on a new tool
|
||||
let new_pending: String = state_get("pending_tool_" + session_id)
|
||||
if !str_eq(new_pending, "") {
|
||||
let np_tool_name: String = json_get(new_pending, "tool_name")
|
||||
let np_call_id: String = json_get(new_pending, "call_id")
|
||||
let np_tool_input: String = json_get_raw(new_pending, "tool_input")
|
||||
return "{\"status\":\"tool_pending\""
|
||||
+ ",\"call_id\":\"" + np_call_id + "\""
|
||||
+ ",\"tool_name\":\"" + np_tool_name + "\""
|
||||
+ ",\"tool_input\":" + np_tool_input
|
||||
+ ",\"session_id\":\"" + session_id + "\"}"
|
||||
}
|
||||
|
||||
if str_eq(final_text, "") {
|
||||
return "{\"error\":\"no response after approval\",\"reply\":\"\"}"
|
||||
}
|
||||
|
||||
// Save updated history
|
||||
let hist: String = session_hist_load(session_id)
|
||||
let updated_hist: String = hist_append(hist, "assistant", final_text)
|
||||
let final_hist: String = if json_array_len(updated_hist) > 20 {
|
||||
hist_trim(updated_hist)
|
||||
} else { updated_hist }
|
||||
session_hist_save(session_id, final_hist)
|
||||
session_update_meta_timestamp(session_id)
|
||||
|
||||
let safe_text: String = json_safe(final_text)
|
||||
let tools_arr: String = if str_eq(tools_log, "") { "[]" } else { "[" + tools_log + "]" }
|
||||
return "{\"reply\":\"" + safe_text + "\",\"model\":\"" + model + "\",\"agentic\":true,\"tools_used\":" + tools_arr + ",\"session_id\":\"" + session_id + "\"}"
|
||||
return agentic_resume(session_id, call_id, tool_result)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user