Merge pull request 'fix(sessions): unify dual suspension systems, wire approve to agentic_resume' (#18) from fix/agentic-tool-approval-unification into main
Deploy Soul to GKE / deploy (push) Failing after 6m35s
Neuron Soul CI / build (push) Failing after 14m31s

fix(sessions): unify dual suspension systems, wire approve to agentic_resume
This commit was merged in pull request #18.
This commit is contained in:
2026-06-17 18:06:01 +00:00
3 changed files with 331 additions and 148 deletions
+97 -147
View File
@@ -463,6 +463,15 @@ fn session_auto_title(session_id: String, first_message: String) -> Void {
// handle_session_approve handle tool approval for a pending agentic tool call.
// action: "allow" | "deny" | "always"
// Resumes the agentic loop from where it was paused.
//
// Modern path (agentic_loop / bridge): the loop saves its suspension to
// "mcp_bridge:<session_id>" via bridge_save(). On approval we dispatch_tool()
// if allowed (or build a denial string), then hand the result to agentic_resume()
// which re-enters agentic_loop from exactly the right point.
//
// Legacy path (pending_tool_<session_id>): used by any in-flight sessions that
// were suspended by the old inline loop before a deploy. Kept so those sessions
// are not broken during a rolling restart.
fn handle_session_approve(session_id: String, body: String) -> String {
if str_eq(session_id, "") {
return "{\"error\":\"session_id is required\"}"
@@ -476,7 +485,71 @@ fn handle_session_approve(session_id: String, body: String) -> String {
return "{\"error\":\"action is required (allow|deny|always)\"}"
}
// Load the pending tool state
let eff_action: String = if str_eq(action, "always") { "allow" } else { action }
// Modern path: suspension is in mcp_bridge:<session_id>
// agentic_loop (chat.el) writes here via bridge_save(). This is the primary
// path for all sessions created through handle_chat_agentic / agentic_loop.
let bridge_blob: String = state_get("mcp_bridge:" + session_id)
if !str_eq(bridge_blob, "") {
// For "always": record tool_name in the always-allow list before resuming.
// The tool_name is not stored in the bridge blob (only tool_use_id is).
// Accept it from the body so the client can pass it along.
let always_key: String = "always_allow_" + session_id
let approve_tool_name: String = json_get(body, "tool_name")
let discard_always: Bool = if str_eq(action, "always") && !str_eq(approve_tool_name, "") {
let always_list: String = state_get(always_key)
let new_always: String = if str_eq(always_list, "") { approve_tool_name }
else { always_list + "," + approve_tool_name }
state_set(always_key, new_always)
true
} else { false }
// BLOCKER: tool_name is required for allow an empty approve_tool_name
// would cause dispatch_tool("", ...) to silently return "unknown tool: "
// and inject a corrupted result into the conversation. Reject early.
if str_eq(approve_tool_name, "") && str_eq(eff_action, "allow") {
return "{\"error\":\"tool_name is required for allow action\"}"
}
// Build the content string the tool produced (or the denial message).
//
// For MCP/client-side tools (non-builtin): the client has ALREADY executed
// the tool and posts the result in body["content"]. Accept it directly
// (matching the handle_tool_result contract) rather than re-running
// server-side via dispatch_tool that would make the client-side execution
// irrelevant and would break mcp__* tools the soul cannot reach.
//
// For builtin tools with no client-provided content: fall back to
// dispatch_tool so those tools still execute correctly.
let client_content: String = json_get(body, "content")
let use_client_content: Bool = !str_eq(client_content, "")
let use_dispatch: Bool = is_builtin_tool(approve_tool_name) && !use_client_content
let raw_input: String = json_get_raw(body, "tool_input")
let eff_input: String = if str_eq(raw_input, "") { "{}" } else { raw_input }
let content: String = if str_eq(eff_action, "allow") {
if use_client_content {
let trimmed: String = if str_len(client_content) > 6000 {
str_slice(client_content, 0, 6000) + "...[truncated]"
} else { client_content }
trimmed
} else if use_dispatch {
let raw: String = dispatch_tool(approve_tool_name, eff_input)
if str_len(raw) > 6000 { str_slice(raw, 0, 6000) + "...[truncated]" } else { raw }
} else {
// Non-builtin tool, no client content error rather than
// silently dispatching a tool the soul cannot execute.
"{\"error\":\"client content required for non-builtin tool: " + approve_tool_name + "\"}"
}
} else {
"{\"error\":\"User denied this tool call\"}"
}
return agentic_resume(session_id, call_id, content)
}
// Legacy path: suspension is in pending_tool_<session_id>
// Kept for in-flight sessions that were suspended before a deploy.
let pending_raw: String = state_get("pending_tool_" + session_id)
if str_eq(pending_raw, "") {
return "{\"error\":\"no pending tool for session\",\"session_id\":\"" + session_id + "\"}"
@@ -489,14 +562,13 @@ fn handle_session_approve(session_id: String, body: String) -> String {
let tool_name: String = json_get(pending_raw, "tool_name")
let tool_input: String = json_get_raw(pending_raw, "tool_input")
let messages: String = json_get_raw(pending_raw, "messages_so_far")
let model: String = json_get(pending_raw, "model")
let safe_sys: String = json_get(pending_raw, "system")
// For "always": add to always-allow list
let always_key: String = "always_allow_" + session_id
let always_list: String = state_get(always_key)
let discard_always: Bool = if str_eq(action, "always") {
let discard_always2: Bool = if str_eq(action, "always") {
let new_always: String = if str_eq(always_list, "") { tool_name }
else { always_list + "," + tool_name }
state_set(always_key, new_always)
@@ -506,157 +578,35 @@ fn handle_session_approve(session_id: String, body: String) -> String {
// Clear pending state
state_set("pending_tool_" + session_id, "")
let eff_action: String = if str_eq(action, "always") { "allow" } else { action }
// Build tool result
let tool_result: String = if str_eq(eff_action, "allow") {
let raw: String = dispatch_tool(tool_name, tool_input)
if str_len(raw) > 6000 { str_slice(raw, 0, 6000) + "...[truncated]" } else { raw }
} else {
json_safe("{\"error\":\"User denied this tool call\"}")
"{\"error\":\"User denied this tool call\"}"
}
let tool_msg: String = "{\"type\":\"tool_result\",\"tool_use_id\":\"" + call_id + "\",\"content\":\"" + tool_result + "\"}"
// Legacy sessions stored messages_so_far; synthesise a bridge blob so the
// same agentic_resume path handles continuation (instead of an inline loop).
// messages_so_far already includes the assistant turn that requested the tool.
let legacy_messages: String = json_get_raw(pending_raw, "messages_so_far")
// WARNING: the original session may have used agentic_tools_with_web() or
// agentic_tools_all(). The old pending blob did not store the tools variant.
// Read a "tools_variant" field if present (future suspensions record it);
// fall back to agentic_tools_literal() for legacy blobs that lack this field.
let stored_variant: String = json_get(pending_raw, "tools_variant")
let tools_json: String = if str_eq(stored_variant, "web") { agentic_tools_with_web() }
else if str_eq(stored_variant, "all") { agentic_tools_all() }
else { agentic_tools_literal() }
// Reconstruct messages with the tool result appended
// messages_so_far is the messages array at the point of the tool call
// We need to append a user turn with the tool result and re-enter the loop
let inner: String = str_slice(messages, 1, str_len(messages) - 1)
let resumed_messages: String = "[" + inner + ",{\"role\":\"user\",\"content\":[" + tool_msg + "]}]"
// Write a synthetic bridge blob so agentic_resume can pick it up.
let blob: String = "{\"model\":\"" + json_safe(model) + "\""
+ ",\"safe_sys\":\"" + json_safe(safe_sys) + "\""
+ ",\"tools_json\":\"" + json_safe(tools_json) + "\""
+ ",\"messages\":\"" + json_safe(legacy_messages) + "\""
+ ",\"tools_log\":\"\""
+ ",\"tool_use_id\":\"" + json_safe(call_id) + "\"}"
state_set("mcp_bridge:" + session_id, blob)
// Re-enter the agentic loop with the resumed messages
let api_key: String = agentic_api_key()
let tools_json: String = agentic_tools_literal()
let api_url: String = "https://api.anthropic.com/v1/messages"
let h: Map = {}
map_set(h, "x-api-key", api_key)
map_set(h, "anthropic-version", "2023-06-01")
map_set(h, "content-type", "application/json")
let final_text: String = ""
let tools_log: String = ""
let iteration: Int = 0
let keep_going: Bool = true
let cur_messages: String = resumed_messages
while keep_going && iteration < 8 {
let req_body: String = "{\"model\":\"" + model + "\""
+ ",\"max_tokens\":4096"
+ ",\"system\":\"" + safe_sys + "\""
+ ",\"tools\":" + tools_json
+ ",\"messages\":" + cur_messages
+ "}"
let raw_resp: String = http_post_with_headers(api_url, req_body, h)
let is_error: Bool = str_starts_with(raw_resp, "{\"error\"")
|| str_starts_with(raw_resp, "{\"type\":\"error\"")
|| str_contains(raw_resp, "authentication_error")
if is_error {
return "{\"error\":\"llm unavailable\",\"reply\":\"\"}"
}
let stop_reason: String = json_get(raw_resp, "stop_reason")
let content_arr: String = json_get_raw(raw_resp, "content")
let eff_content: String = if str_eq(content_arr, "") { "[]" } else { content_arr }
let text_out: String = ""
let has_tool: Bool = false
let next_tool_id: String = ""
let next_tool_name: String = ""
let next_tool_input: String = ""
let ci: Int = 0
let c_total: Int = json_array_len(eff_content)
while ci < c_total {
let block: String = json_array_get(eff_content, ci)
let btype: String = json_get(block, "type")
let text_out = if str_eq(btype, "text") { text_out + json_get(block, "text") } else { text_out }
let is_new_tool: Bool = str_eq(btype, "tool_use") && !has_tool
let has_tool = if is_new_tool { true } else { has_tool }
let next_tool_id = if is_new_tool { json_get(block, "id") } else { next_tool_id }
let next_tool_name = if is_new_tool { json_get(block, "name") } else { next_tool_name }
let next_tool_input = if is_new_tool { json_get_raw(block, "input") } else { next_tool_input }
let ci = ci + 1
}
let is_tool_turn: Bool = str_eq(stop_reason, "tool_use") && has_tool
let inner2: String = str_slice(cur_messages, 1, str_len(cur_messages) - 1)
// Check if this next tool is in the always-allow list
let always_list2: String = state_get(always_key)
let is_always: Bool = str_contains(always_list2, next_tool_name) && !str_eq(next_tool_name, "")
// For approval-required sessions, pause on tool use if not always-allowed
let require_approval: String = state_get("session_require_approval_" + session_id)
let needs_pause: Bool = is_tool_turn && str_eq(require_approval, "true") && !is_always
let next_tool_result: String = if is_tool_turn && !needs_pause {
let raw2: String = dispatch_tool(next_tool_name, next_tool_input)
if str_len(raw2) > 6000 { str_slice(raw2, 0, 6000) + "...[truncated]" } else { raw2 }
} else { "" }
let next_tool_msg: String = "{\"type\":\"tool_result\",\"tool_use_id\":\"" + next_tool_id + "\",\"content\":\"" + next_tool_result + "\"}"
let tool_entry: String = "{\"tool\":\"" + next_tool_name + "\",\"input\":\"" + json_safe(next_tool_name) + "\"}"
let tools_log = if is_tool_turn && !needs_pause {
if str_eq(tools_log, "") { tool_entry } else { tools_log + "," + tool_entry }
} else { tools_log }
let cur_messages = if is_tool_turn && !needs_pause {
"[" + inner2
+ ",{\"role\":\"assistant\",\"content\":" + eff_content + "}"
+ ",{\"role\":\"user\",\"content\":[" + next_tool_msg + "]}"
+ "]"
} else { cur_messages }
// Pause if approval needed for next tool
let discard_pause: Bool = if needs_pause {
let safe_sys2: String = json_safe(safe_sys)
let msgs_with_assistant: String = "[" + inner2
+ ",{\"role\":\"assistant\",\"content\":" + eff_content + "}]"
let pending: String = "{\"call_id\":\"" + next_tool_id + "\""
+ ",\"tool_name\":\"" + next_tool_name + "\""
+ ",\"tool_input\":" + next_tool_input
+ ",\"messages_so_far\":" + msgs_with_assistant
+ ",\"model\":\"" + model + "\""
+ ",\"system\":\"" + safe_sys2 + "\"}"
state_set("pending_tool_" + session_id, pending)
true
} else { false }
let final_text = if !is_tool_turn { text_out } else { final_text }
let keep_going = if !is_tool_turn { false } else {
if needs_pause { false } else { keep_going }
}
let iteration = iteration + 1
}
// Check if we paused on a new tool
let new_pending: String = state_get("pending_tool_" + session_id)
if !str_eq(new_pending, "") {
let np_tool_name: String = json_get(new_pending, "tool_name")
let np_call_id: String = json_get(new_pending, "call_id")
let np_tool_input: String = json_get_raw(new_pending, "tool_input")
return "{\"status\":\"tool_pending\""
+ ",\"call_id\":\"" + np_call_id + "\""
+ ",\"tool_name\":\"" + np_tool_name + "\""
+ ",\"tool_input\":" + np_tool_input
+ ",\"session_id\":\"" + session_id + "\"}"
}
if str_eq(final_text, "") {
return "{\"error\":\"no response after approval\",\"reply\":\"\"}"
}
// Save updated history
let hist: String = session_hist_load(session_id)
let updated_hist: String = hist_append(hist, "assistant", final_text)
let final_hist: String = if json_array_len(updated_hist) > 20 {
hist_trim(updated_hist)
} else { updated_hist }
session_hist_save(session_id, final_hist)
session_update_meta_timestamp(session_id)
let safe_text: String = json_safe(final_text)
let tools_arr: String = if str_eq(tools_log, "") { "[]" } else { "[" + tools_log + "]" }
return "{\"reply\":\"" + safe_text + "\",\"model\":\"" + model + "\",\"agentic\":true,\"tools_used\":" + tools_arr + ",\"session_id\":\"" + session_id + "\"}"
return agentic_resume(session_id, call_id, tool_result)
}