( tool, input, context, assistantMessage, toolUseID, )
| 471 | } |
| 472 | |
| 473 | export const hasPermissionsToUseTool: CanUseToolFn = async ( |
| 474 | tool, |
| 475 | input, |
| 476 | context, |
| 477 | assistantMessage, |
| 478 | toolUseID, |
| 479 | ): Promise<PermissionDecision> => { |
| 480 | const result = await hasPermissionsToUseToolInner(tool, input, context) |
| 481 | |
| 482 | |
| 483 | // Reset consecutive denials on any allowed tool use in auto mode. |
| 484 | // This ensures that a successful tool use (even one auto-allowed by rules) |
| 485 | // breaks the consecutive denial streak. |
| 486 | if (result.behavior === 'allow') { |
| 487 | const appState = context.getAppState() |
| 488 | if (feature('TRANSCRIPT_CLASSIFIER')) { |
| 489 | const currentDenialState = |
| 490 | context.localDenialTracking ?? appState.denialTracking |
| 491 | if ( |
| 492 | appState.toolPermissionContext.mode === 'auto' && |
| 493 | currentDenialState && |
| 494 | currentDenialState.consecutiveDenials > 0 |
| 495 | ) { |
| 496 | const newDenialState = recordSuccess(currentDenialState) |
| 497 | persistDenialState(context, newDenialState) |
| 498 | } |
| 499 | } |
| 500 | return result |
| 501 | } |
| 502 | |
| 503 | // Apply dontAsk mode transformation: convert 'ask' to 'deny' |
| 504 | // This is done at the end so it can't be bypassed by early returns |
| 505 | if (result.behavior === 'ask') { |
| 506 | const appState = context.getAppState() |
| 507 | |
| 508 | if (appState.toolPermissionContext.mode === 'dontAsk') { |
| 509 | return { |
| 510 | behavior: 'deny', |
| 511 | decisionReason: { |
| 512 | type: 'mode', |
| 513 | mode: 'dontAsk', |
| 514 | }, |
| 515 | message: DONT_ASK_REJECT_MESSAGE(tool.name), |
| 516 | } |
| 517 | } |
| 518 | // Apply auto mode: use AI classifier instead of prompting user |
| 519 | // Check this BEFORE shouldAvoidPermissionPrompts so classifiers work in headless mode |
| 520 | if ( |
| 521 | feature('TRANSCRIPT_CLASSIFIER') && |
| 522 | (appState.toolPermissionContext.mode === 'auto' || |
| 523 | (appState.toolPermissionContext.mode === 'plan' && |
| 524 | (autoModeStateModule?.isAutoModeActive() ?? false))) |
| 525 | ) { |
| 526 | // Non-classifier-approvable safetyCheck decisions stay immune to ALL |
| 527 | // auto-approve paths: the acceptEdits fast-path, the safe-tool allowlist, |
| 528 | // and the classifier. Step 1g only guards bypassPermissions; this guards |
| 529 | // auto. classifierApprovable safetyChecks (sensitive-file paths) fall |
| 530 | // through to the classifier — the fast-paths below naturally don't fire |
no test coverage detected