Describe the bug
The current permission mechanism has two problems:
-
edit.apply_patch requests permission incorrectly — In default permission mode, applying a patch via edit.apply_patch prompts for user permission even when the tool should be auto-approved. This creates unnecessary friction.
-
Non-existent/unknown tools trigger permission requests — When the agent calls a tool that doesn't exist (e.g. edit), the system falls into an error path that presents the non-existent tool name to the user as a permission request. This is confusing — if a tool is not registered, it should not reach the permission UI at all.
Expected behavior
edit.apply_patch should respect the permission profile and not prompt unnecessarily in default mode
- Unknown tools should result in a clean error to the agent without presenting a permission dialog to the user
Affected components
crates/core/src/permission.rs — permission evaluation pipeline
crates/core/src/tools/apply_patch.rs — apply_patch tool implementation
- Desktop app permission UI
Describe the bug
The current permission mechanism has two problems:
edit.apply_patchrequests permission incorrectly — In default permission mode, applying a patch viaedit.apply_patchprompts for user permission even when the tool should be auto-approved. This creates unnecessary friction.Non-existent/unknown tools trigger permission requests — When the agent calls a tool that doesn't exist (e.g.
edit), the system falls into an error path that presents the non-existent tool name to the user as a permission request. This is confusing — if a tool is not registered, it should not reach the permission UI at all.Expected behavior
edit.apply_patchshould respect the permission profile and not prompt unnecessarily in default modeAffected components
crates/core/src/permission.rs— permission evaluation pipelinecrates/core/src/tools/apply_patch.rs— apply_patch tool implementation