fix: deny of one tool call permanently blocks all future same-tool calls (#1377)

When a user denies a tool call (e.g. edit_file), the tool_name was inserted into approval_session_denied alongside the per-call approval_key. Every subsequent invocation of the same tool type was then auto-denied for the rest of the session without prompting. Fix: only store the approval_key (per-call unique). This still prevents the model's retry loop from re-prompting the exact same command (#360), but allows the user to approve a fresh invocation of the same tool type.
2026-05-11 02:01:01 +08:00
parent 9ada15fc70
commit d4a4892ee3
1 changed files with 4 additions and 5 deletions
@@ -5825,12 +5825,11 @@ async fn handle_view_events(
                    }
                    ReviewDecision::Denied | ReviewDecision::Abort => {
                        // Cache the denial so the model retry-loop doesn't
-                        // re-prompt for the same command (#360). Only when
-                        // the user actively denied (not when the timeout
-                        // fired) — a timeout might mean the user stepped
-                        // away rather than refused.
+                        // re-prompt for the exact same approval_key (#360).
+                        // Only the key (per-call unique) is stored — NOT
+                        // the tool_name, which would block all future
+                        // invocations of the same tool type (#1377).
                        if !timed_out {
-                            app.approval_session_denied.insert(tool_name.clone());
                            app.approval_session_denied.insert(approval_key);
                        }
                        let _ = engine_handle.deny_tool_call(tool_id).await;