abbyswag/qwen-code
1
0
Fork 0
mirror of https://github.com/QwenLM/qwen-code.git synced 2025-12-19 09:33:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: implement permission denial tracking for tool calls

Browse Source
This commit is contained in:
Mingholy
2025-11-05 22:09:27 +08:00
parent 49b1018337
commit 95cf53f3bc
3 changed files with 56 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
packages/cli/src/nonInteractive/io/BaseJsonOutputAdapter.ts
View File

@@ -13,11 +13,12 @@ import type {
ServerGeminiStreamEvent,
TaskResultDisplay,
} from '@qwen-code/qwen-code-core';
import { GeminiEventType } from '@qwen-code/qwen-code-core';
import { GeminiEventType, ToolErrorType } from '@qwen-code/qwen-code-core';
import type { Part, GenerateContentResponseUsageMetadata } from '@google/genai';
import type {
CLIAssistantMessage,
CLIMessage,
CLIPermissionDenial,
CLIResultMessage,
CLIResultMessageError,
CLIResultMessageSuccess,
@@ -124,6 +125,9 @@ export abstract class BaseJsonOutputAdapter {
// Last assistant message for result generation
protected lastAssistantMessage: CLIAssistantMessage | null = null;
// Track permission denials (execution denied tool calls)
protected permissionDenials: CLIPermissionDenial[] = [];
constructor(config: Config) {
this.config = config;
this.mainAgentMessageState = this.createMessageState();
@@ -936,6 +940,7 @@ export abstract class BaseJsonOutputAdapter {
/**
* Emits a tool result message.
* Collects execution denied tool calls for inclusion in result messages.
* @param request - Tool call request info
* @param response - Tool call response info
* @param parentToolUseId - Parent tool use ID (null for main agent)
@@ -945,6 +950,19 @@ export abstract class BaseJsonOutputAdapter {
response: ToolCallResponseInfo,
parentToolUseId: string | null = null,
): void {
// Track permission denials (execution denied errors)
if (
response.error &&
response.errorType === ToolErrorType.EXECUTION_DENIED
) {
const denial: CLIPermissionDenial = {
tool_name: request.name,
tool_use_id: request.callId,
tool_input: request.args,
};
this.permissionDenials.push(denial);
}
const block: ToolResultBlock = {
type: 'tool_result',
tool_use_id: request.callId,
@@ -988,6 +1006,7 @@ export abstract class BaseJsonOutputAdapter {
/**
* Builds a result message from options.
* Helper method used by both emitResult implementations.
* Includes permission denials collected from execution denied tool calls.
* @param options - Result options
* @param lastAssistantMessage - Last assistant message for text extraction
* @returns CLIResultMessage
@@ -1020,7 +1039,7 @@ export abstract class BaseJsonOutputAdapter {
duration_api_ms: options.apiDurationMs,
num_turns: options.numTurns,
usage,
permission_denials: [],
permission_denials: [...this.permissionDenials],
error: { message: errorMessage },
};
} else {
@@ -1036,7 +1055,7 @@ export abstract class BaseJsonOutputAdapter {
num_turns: options.numTurns,
result: resultText,
usage,
permission_denials: [],
permission_denials: [...this.permissionDenials],
};
if (options.stats) {
@@ -1050,6 +1069,8 @@ export abstract class BaseJsonOutputAdapter {
/**
* Builds a subagent error result message.
* Helper method used by both emitSubagentErrorResult implementations.
* Note: Subagent permission denials are not included here as they are tracked
* separately and would be included in the main agent's result message.
* @param errorMessage - Error message
* @param numTurns - Number of turns
* @returns CLIResultMessageError
@@ -1108,6 +1129,9 @@ export function partsToString(parts: Part[]): string {
export function toolResultContent(
response: ToolCallResponseInfo,
): string | undefined {
if (response.error) {
return response.error.message;
}
if (
typeof response.resultDisplay === 'string' &&
response.resultDisplay.trim().length > 0
@@ -1119,9 +1143,6 @@ export function toolResultContent(
// functionResponse parts that contain output content
return functionResponsePartsToString(response.responseParts);
}
if (response.error) {
return response.error.message;
}
return undefined;
}

28
packages/core/src/core/coreToolScheduler.ts
View File

@@ -696,7 +696,7 @@ export class CoreToolScheduler {
response: createErrorResponse(
reqInfo,
new Error(permissionErrorMessage),
ToolErrorType.TOOL_NOT_REGISTERED,
ToolErrorType.EXECUTION_DENIED,
),
durationMs: 0,
};
@@ -811,6 +811,32 @@ export class CoreToolScheduler {
);
this.setStatusInternal(reqInfo.callId, 'scheduled');
} else {
/**
* In non-interactive mode where no user will respond to approval prompts,
* and not running as IDE companion or Zed integration, automatically deny approval.
* This is intended to create an explicit denial of the tool call,
* rather than silently waiting for approval and hanging forever.
*/
const shouldAutoDeny =
!this.config.isInteractive() &&
!this.config.getIdeMode() &&
!this.config.getExperimentalZedIntegration();
if (shouldAutoDeny) {
// Treat as execution denied error, similar to excluded tools
const errorMessage = `Qwen Code requires permission to use "${reqInfo.name}", but that permission was declined.`;
this.setStatusInternal(
reqInfo.callId,
'error',
createErrorResponse(
reqInfo,
new Error(errorMessage),
ToolErrorType.EXECUTION_DENIED,
),
);
continue;
}
// Allow IDE to resolve confirmation
if (
confirmationDetails.type === 'edit' &&

2
packages/core/src/tools/tool-error.ts
View File

@@ -14,6 +14,8 @@ export enum ToolErrorType {
UNHANDLED_EXCEPTION = 'unhandled_exception',
TOOL_NOT_REGISTERED = 'tool_not_registered',
EXECUTION_FAILED = 'execution_failed',
// Try to execute a tool that is excluded due to the approval mode
EXECUTION_DENIED = 'execution_denied',
// File System Errors
FILE_NOT_FOUND = 'file_not_found',