Pre-release 0.46.158

Author: actions-user

Core/Package.swift

@@ -214,6 +214,7 @@ let package = Package(
             .target(
                 name: "SuggestionWidget",
                 dependencies: [
+                    "ChatService",
                     "PromptToCodeService",
                     "ConversationTab",
                     "GitHubCopilotViewModel",

Core/Sources/ChatService/ChatService.swift

@@ -149,30 +149,7 @@ public final class ChatService: ChatServiceType, ObservableObject {
 
     private func subscribeToClientToolConfirmationEvent() {
         ClientToolHandlerImpl.shared.onClientToolConfirmationEvent.sink(receiveValue: { [weak self] (request, completion) in
-            guard let params = request.params else { return }
-            
-            // Check if this conversationId is valid (main conversation or subagent conversation)
-            guard let validIds = self?.conversationTurnTracking.validConversationIds, validIds.contains(params.conversationId) else {
-                return
-            }
-            
-            let parentTurnId = self?.conversationTurnTracking.turnParentMap[params.turnId]
-            
-            let editAgentRounds: [AgentRound] = [
-                AgentRound(roundId: params.roundId,
-                           reply: "",
-                           toolCalls: [
-                            AgentToolCall(id: params.toolCallId, name: params.name, status: .waitForConfirmation, invokeParams: params, title: params.title)
-                           ]
-                          )
-            ]
-            self?.appendToolCallHistory(turnId: params.turnId, editAgentRounds: editAgentRounds, parentTurnId: parentTurnId)
-            self?.pendingToolCallRequests[params.toolCallId] = ToolCallRequest(
-                requestId: request.id,
-                turnId: params.turnId,
-                roundId: params.roundId,
-                toolCallId: params.toolCallId,
-                completion: completion)
+            self?.handleClientToolConfirmationEvent(request: request, completion: completion)
         }).store(in: &cancellables)
     }
 
@@ -298,9 +275,23 @@ public final class ChatService: ChatServiceType, ObservableObject {
     }
 
     // MARK: - Helper Methods for Tool Call Status Updates
+
+    /// Returns true if the `conversationId` belongs to the active conversation or any subagent conversations.
+    func isConversationIdValid(_ conversationId: String) -> Bool {
+        conversationTurnTracking.validConversationIds.contains(conversationId)
+    }
+
+    /// Workaround: toolConfirmation request does not have parent turnId.
+    func parentTurnIdForTurnId(_ turnId: String) -> String? {
+        conversationTurnTracking.turnParentMap[turnId]
+    }
+
+    func storePendingToolCallRequest(toolCallId: String, request: ToolCallRequest) {
+        pendingToolCallRequests[toolCallId] = request
+    }
 
     /// Sends the confirmation response (accept/dismiss) back to the server
-    private func sendToolConfirmationResponse(_ request: ToolCallRequest, accepted: Bool) {
+    func sendToolConfirmationResponse(_ request: ToolCallRequest, accepted: Bool) {
         let toolResult = LanguageModelToolConfirmationResult(
             result: accepted ? .Accept : .Dismiss
         )

Core/Sources/ChatService/ToolCalls/AutoApproval/AutoApprovalScope.swift

@@ -0,0 +1,10 @@
+import Foundation
+
+public typealias ConversationID = String
+
+public enum AutoApprovalScope: Hashable {
+    case session(ConversationID)
+    // Future scopes:
+    // case workspace(String)
+    // case global
+}

Core/Sources/ChatService/ToolCalls/AutoApproval/MCPApprovalStorage.swift

@@ -0,0 +1,60 @@
+import Foundation
+
+struct MCPApprovalStorage {
+    private struct ServerApprovalState {
+        var isServerAllowed: Bool = false
+        var allowedTools: Set<String> = []
+    }
+
+    private struct ConversationApprovalState {
+        var serverApprovals: [String: ServerApprovalState] = [:]
+    }
+
+    /// Storage for session-scoped approvals.
+    private var approvals: [ConversationID: ConversationApprovalState] = [:]
+
+    mutating func allowTool(scope: AutoApprovalScope, serverName: String, toolName: String) {
+        guard case .session(let conversationId) = scope else { return }
+        let server = normalize(serverName)
+        let tool = normalize(toolName)
+        guard !conversationId.isEmpty, !server.isEmpty, !tool.isEmpty else { return }
+
+        approvals[conversationId, default: ConversationApprovalState()]
+            .serverApprovals[server, default: ServerApprovalState()]
+            .allowedTools
+            .insert(tool)
+    }
+
+    mutating func allowServer(scope: AutoApprovalScope, serverName: String) {
+        guard case .session(let conversationId) = scope else { return }
+        let server = normalize(serverName)
+        guard !conversationId.isEmpty, !server.isEmpty else { return }
+
+        approvals[conversationId, default: ConversationApprovalState()]
+            .serverApprovals[server, default: ServerApprovalState()]
+            .isServerAllowed = true
+    }
+
+    func isAllowed(scope: AutoApprovalScope, serverName: String, toolName: String) -> Bool {
+        guard case .session(let conversationId) = scope else { return false }
+        let server = normalize(serverName)
+        let tool = normalize(toolName)
+        guard !conversationId.isEmpty, !server.isEmpty, !tool.isEmpty else { return false }
+
+        guard let conversationState = approvals[conversationId],
+              let serverState = conversationState.serverApprovals[server] else { return false }
+        
+        if serverState.isServerAllowed { return true }
+        return serverState.allowedTools.contains(tool)
+    }
+
+    mutating func clear(scope: AutoApprovalScope) {
+        guard case .session(let conversationId) = scope else { return }
+        guard !conversationId.isEmpty else { return }
+        approvals.removeValue(forKey: conversationId)
+    }
+
+    private func normalize(_ value: String) -> String {
+        value.trimmingCharacters(in: .whitespacesAndNewlines)
+    }
+}

Core/Sources/ChatService/ToolCalls/AutoApproval/SensitiveFileApprovalStorage.swift

@@ -0,0 +1,45 @@
+import Foundation
+
+struct SensitiveFileApprovalStorage {
+    private struct ToolApprovalState {
+        var allowedFiles: Set<String> = []
+    }
+
+    private struct ConversationApprovalState {
+        var toolApprovals: [String: ToolApprovalState] = [:]
+    }
+
+    /// Storage for session-scoped approvals.
+    private var approvals: [ConversationID: ConversationApprovalState] = [:]
+
+    mutating func allowFile(scope: AutoApprovalScope, toolName: String, fileKey: String) {
+        guard case .session(let conversationId) = scope else { return }
+        let tool = normalize(toolName)
+        let key = normalize(fileKey)
+        guard !conversationId.isEmpty, !tool.isEmpty, !key.isEmpty else { return }
+
+        approvals[conversationId, default: ConversationApprovalState()]
+            .toolApprovals[tool, default: ToolApprovalState()]
+            .allowedFiles
+            .insert(key)
+    }
+
+    func isAllowed(scope: AutoApprovalScope, toolName: String, fileKey: String) -> Bool {
+        guard case .session(let conversationId) = scope else { return false }
+        let tool = normalize(toolName)
+        let key = normalize(fileKey)
+        guard !conversationId.isEmpty, !tool.isEmpty, !key.isEmpty else { return false }
+
+        return approvals[conversationId]?.toolApprovals[tool]?.allowedFiles.contains(key) == true
+    }
+
+    mutating func clear(scope: AutoApprovalScope) {
+        guard case .session(let conversationId) = scope else { return }
+        guard !conversationId.isEmpty else { return }
+        approvals.removeValue(forKey: conversationId)
+    }
+
+    private func normalize(_ value: String) -> String {
+        value.trimmingCharacters(in: .whitespacesAndNewlines)
+    }
+}

Core/Sources/ChatService/ToolCalls/AutoApproval/ToolAutoApprovalManager.swift

@@ -0,0 +1,68 @@
+import Foundation
+
+public actor ToolAutoApprovalManager {
+    public static let shared = ToolAutoApprovalManager()
+
+    public enum AutoApproval: Equatable, Sendable {
+        case mcpTool(conversationId: String, serverName: String, toolName: String)
+        case mcpServer(conversationId: String, serverName: String)
+        case sensitiveFile(conversationId: String, toolName: String, fileKey: String)
+    }
+
+    private var mcpStorage = MCPApprovalStorage()
+    private var sensitiveFileStorage = SensitiveFileApprovalStorage()
+
+    public init() {}
+
+    public func approve(_ approval: AutoApproval) {
+        switch approval {
+        case let .mcpTool(conversationId, serverName, toolName):
+            allowMCPTool(conversationId: conversationId, serverName: serverName, toolName: toolName)
+        case let .mcpServer(conversationId, serverName):
+            allowMCPServer(conversationId: conversationId, serverName: serverName)
+        case let .sensitiveFile(conversationId, toolName, fileKey):
+            allowSensitiveFile(conversationId: conversationId, toolName: toolName, fileKey: fileKey)
+        }
+    }
+
+    // MARK: - MCP approvals
+
+    public func allowMCPTool(conversationId: String, serverName: String, toolName: String) {
+        mcpStorage.allowTool(scope: .session(conversationId), serverName: serverName, toolName: toolName)
+    }
+
+    public func allowMCPServer(conversationId: String, serverName: String) {
+        mcpStorage.allowServer(scope: .session(conversationId), serverName: serverName)
+    }
+
+    public func isMCPAllowed(
+        conversationId: String,
+        serverName: String,
+        toolName: String
+    ) -> Bool {
+        mcpStorage.isAllowed(scope: .session(conversationId), serverName: serverName, toolName: toolName)
+    }
+
+    // MARK: - Sensitive file approvals
+
+    public func allowSensitiveFile(conversationId: String, toolName: String, fileKey: String) {
+        sensitiveFileStorage.allowFile(scope: .session(conversationId), toolName: toolName, fileKey: fileKey)
+    }
+
+    public func isSensitiveFileAllowed(
+        conversationId: String,
+        toolName: String,
+        fileKey: String
+    ) -> Bool {
+        sensitiveFileStorage.isAllowed(scope: .session(conversationId), toolName: toolName, fileKey: fileKey)
+    }
+
+    // MARK: - Cleanup
+
+    public func clearConversationData(conversationId: String?) {
+        guard let conversationId else { return }
+        mcpStorage.clear(scope: .session(conversationId))
+        sensitiveFileStorage.clear(scope: .session(conversationId))
+    }
+}
+

Core/Sources/ChatService/ToolCalls/AutoApproval/ToolAutoApprovalParsingHelpers.swift

@@ -0,0 +1,47 @@
+import Foundation
+
+extension ToolAutoApprovalManager {
+    private static let mcpToolCallPattern = try? NSRegularExpression(
+        pattern: #"Confirm MCP Tool: .+ - (.+)\(MCP Server\)"#,
+        options: []
+    )
+
+    private static let sensitiveRuleDescriptionRegex = try? NSRegularExpression(
+        pattern: #"^(.*?)\s*needs confirmation\."#,
+        options: [.caseInsensitive]
+    )
+
+    public nonisolated static func extractMCPServerName(from message: String) -> String? {
+        let fullRange = NSRange(message.startIndex..<message.endIndex, in: message)
+
+        if let regex = mcpToolCallPattern,
+           let match = regex.firstMatch(in: message, options: [], range: fullRange),
+           match.numberOfRanges >= 2,
+           let range = Range(match.range(at: 1), in: message) {
+            return String(message[range]).trimmingCharacters(in: .whitespacesAndNewlines)
+        }
+
+        return nil
+    }
+
+    public nonisolated static func isSensitiveFileOperation(message: String) -> Bool {
+        message.range(of: "sensitive files", options: [.caseInsensitive, .diacriticInsensitive]) != nil
+    }
+
+    public nonisolated static func sensitiveFileKey(from message: String) -> String {
+        let fullRange = NSRange(message.startIndex..<message.endIndex, in: message)
+
+        // TODO: Update confirmation message in CLS to include rules
+        if let regex = sensitiveRuleDescriptionRegex,
+           let match = regex.firstMatch(in: message, options: [], range: fullRange),
+           match.numberOfRanges >= 2,
+           let range = Range(match.range(at: 1), in: message) {
+            let description = String(message[range]).trimmingCharacters(in: .whitespacesAndNewlines)
+            if !description.isEmpty {
+                return description.lowercased()
+            }
+        }
+
+        return "sensitive files"
+    }
+}

Core/Sources/ChatService/ToolCalls/ClientToolConfirmationEventHandler.swift

@@ -0,0 +1,95 @@
+import Foundation
+import ConversationServiceProvider
+import JSONRPC
+
+extension ChatService {
+    typealias ToolConfirmationCompletion = (AnyJSONRPCResponse) -> Void
+
+    func handleClientToolConfirmationEvent(
+        request: InvokeClientToolConfirmationRequest,
+        completion: @escaping ToolConfirmationCompletion
+    ) {
+        guard let params = request.params else { return }
+        guard isConversationIdValid(params.conversationId) else { return }
+
+        Task { [weak self] in
+            guard let self else { return }
+            let shouldAutoApprove = await shouldAutoApprove(params: params)
+            let parentTurnId = parentTurnIdForTurnId(params.turnId)
+
+            let toolCallStatus: AgentToolCall.ToolCallStatus = shouldAutoApprove
+                ? .accepted
+                : .waitForConfirmation
+
+            appendToolCallHistory(
+                turnId: params.turnId,
+                editAgentRounds: makeEditAgentRounds(params: params, status: toolCallStatus),
+                parentTurnId: parentTurnId
+            )
+
+            let toolCallRequest = ToolCallRequest(
+                requestId: request.id,
+                turnId: params.turnId,
+                roundId: params.roundId,
+                toolCallId: params.toolCallId,
+                completion: completion
+            )
+
+            if shouldAutoApprove {
+                sendToolConfirmationResponse(toolCallRequest, accepted: true)
+            } else {
+                storePendingToolCallRequest(toolCallId: params.toolCallId, request: toolCallRequest)
+            }
+        }
+    }
+
+    private func shouldAutoApprove(params: InvokeClientToolParams) async -> Bool {
+        let mcpServerName = ToolAutoApprovalManager.extractMCPServerName(from: params.title ?? "")
+        let confirmationMessage = params.message ?? ""
+
+        if let mcpServerName {
+            let allowed = await ToolAutoApprovalManager.shared.isMCPAllowed(
+                conversationId: params.conversationId,
+                serverName: mcpServerName,
+                toolName: params.name
+            )
+
+            if allowed {
+                return true
+            }
+        }
+
+        if ToolAutoApprovalManager.isSensitiveFileOperation(message: confirmationMessage) {
+            let fileKey = ToolAutoApprovalManager.sensitiveFileKey(from: confirmationMessage)
+            let allowed = await ToolAutoApprovalManager.shared.isSensitiveFileAllowed(
+                conversationId: params.conversationId,
+                toolName: params.name,
+                fileKey: fileKey
+            )
+
+            if allowed {
+                return true
+            }
+        }
+
+        return false
+    }
+
+    func makeEditAgentRounds(params: InvokeClientToolParams, status: AgentToolCall.ToolCallStatus) -> [AgentRound] {
+        [
+            AgentRound(
+                roundId: params.roundId,
+                reply: "",
+                toolCalls: [
+                    AgentToolCall(
+                        id: params.toolCallId,
+                        name: params.name,
+                        status: status,
+                        invokeParams: params,
+                        title: params.title
+                    )
+                ]
+            )
+        ]
+    }
+}