Skip to content

Desktop/Agent Runtime: Permission mechanism needs improvement — false positives for unknown tools #127

Description

@wangtsiao

Describe the bug

The current permission mechanism has two problems:

  1. edit.apply_patch requests permission incorrectly — In default permission mode, applying a patch via edit.apply_patch prompts for user permission even when the tool should be auto-approved. This creates unnecessary friction.

  2. Non-existent/unknown tools trigger permission requests — When the agent calls a tool that doesn't exist (e.g. edit), the system falls into an error path that presents the non-existent tool name to the user as a permission request. This is confusing — if a tool is not registered, it should not reach the permission UI at all.

Expected behavior

  • edit.apply_patch should respect the permission profile and not prompt unnecessarily in default mode
  • Unknown tools should result in a clean error to the agent without presenting a permission dialog to the user

Affected components

  • crates/core/src/permission.rs — permission evaluation pipeline
  • crates/core/src/tools/apply_patch.rs — apply_patch tool implementation
  • Desktop app permission UI

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions