Add "Always allow" option to HITL approval prompts#19
Draft
glean-github-app-oauth[bot] wants to merge 3 commits into
Draft
Add "Always allow" option to HITL approval prompts#19glean-github-app-oauth[bot] wants to merge 3 commits into
glean-github-app-oauth[bot] wants to merge 3 commits into
Conversation
When HITL is enabled, tool approval prompts now include an "Always allow"
checkbox. Checking it before accepting persists the preference so future
calls to the same tool skip the approval gate entirely.
- New tool-permissions-store persists auto-approved tool names to disk
- Elicitation schema includes an always_allow boolean field
- Auto-approved tools bypass elicitation on subsequent calls
- setup({reset}) clears saved permissions alongside other state
glean-github-app-oauth
Bot
added
the
glean-code-writer
aditya-scio
reviewed
Jun 21, 2026
aditya-scio
left a comment
aditya-scio
left a comment
There was a problem hiding this comment.
Why rename from path4 to path5 or path8 to path9
| } | ||
|
|
||
| export function isToolAutoApproved(toolName: string): boolean { | ||
| return loadPermissions().autoApproved.includes(toolName); |
The peer flag removals were an unintended side effect of running npm install with a different npm version and are unrelated to the always-allow feature.
Collaborator
@aditya-scio You are probably reading the distribution file, that is checked in as part of source to support Plugin delivery in different harnesses. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
When HITL (Human-In-The-Loop) is enabled, every write action (e.g.
slack_send_message) requires manual approval via Accept/Decline buttons. This makes write actions tedious to use repeatedly.This PR adds an "Always allow" checkbox to the approval prompt. When a user checks it and clicks Accept, the preference is persisted so future calls to that tool skip the approval gate entirely.
Changes
src/tool-permissions-store.ts— Persistent store (following the same pattern astoken-store.tsandurl-config-store.ts) that saves auto-approved tool names tomcp-tool-permissions.jsonsrc/tools/run-tool.ts— Before showing the elicitation prompt, checks if the tool has been previously auto-approved. The elicitation schema now includes analways_allowboolean field rendered as a checkbox in the approval UIsrc/index.ts—setup({reset})now also clears saved tool permissionsTesting
always_allowboolean fieldalways_allow=true🤖 Generated by Glean Code Writer
📝 Chat link - https://app.glean.com/chat/61bb6b7594f048fbb44c65d2073ebf10