Skip to content

fix(tui): make the mode authoritative for YOLO — drop publish prompt carve-out (#3790)#3797

Closed
Hmbown wants to merge 1 commit into
mainfrom
codex/0866-3790-mode-authority
Closed

fix(tui): make the mode authoritative for YOLO — drop publish prompt carve-out (#3790)#3797
Hmbown wants to merge 1 commit into
mainfrom
codex/0866-3790-mode-authority

Conversation

@Hmbown

@Hmbown Hmbown commented Jun 29, 2026

Copy link
Copy Markdown
Owner

Addresses the core, user-reported symptom of #3790: YOLO still fires [approval] prompts (observed on git push and publish-like shell). Full audit posted on the issue.

Root cause (verified)

The mode is consulted, but one override defeated it: auto_review's safety_floor classifies publish-like actions (git push, gh release, npm/cargo publish, git tag) as durable-review holds, and auto_review_force_prompt_overrides_auto_approve (turn_loop.rs) forced the prompt past YOLO by setting approval_force_prompt = true — which is the one bit that makes the UI's should_auto_approve_approval_request ignore YOLO.

The audit confirmed this was the only remaining force_prompt source in YOLO (typed ask-rules are already !auto_approve-gated; the MCP gate and rlm_eval "non-bypassable" raise approval_required without force_prompt, so the UI already auto-approves them in YOLO). So this one deletion makes YOLO a true no-prompt mode.

Change (surgical, deletion-first)

  • Delete auto_review_force_prompt_overrides_auto_approve and its use; the auto-review ForcePrompt arm now applies only when !self.session.auto_approve. Publish-like holds are now fully mode-subordinate.
  • Agent / Plan unchanged — Agent still reviews publish (the policy layer still classifies it; only the YOLO application changed).
  • Typed deny rules + disallowed/allowed_tools remain mode-independent hard prohibitions (only ever tighten).

Tests

  • Flip yolo_mode_forces_prompt_for_publish_like_shellyolo_mode_does_not_force_prompt_for_publish_like_shell: asserts YOLO surfaces no approval and the publish-like tool runs unprompted.
  • auto_review_policy_* unit tests still assert publish → ForcePrompt (Agent path intact).
  • cargo test -p codewhale-tui --bins: 5569 passed; the only 2 failures are the pre-existing non-hermetic config_command_allow_shell_* papercuts (machine default_mode=yolo).

Acceptance (this PR)

  • YOLO: no prompts for shell / MCP / publish
  • Agent / Plan prompts unchanged
  • request_user_input still works in every mode (it's an independent, non-approval event — verified in the audit)
  • No version bump / tag / publish

Deliberately scoped out (deliberate follow-up — see issue)

The larger "single authority" cleanup — centralizing the two approval deciders (engine raises approval_required; the UI independently re-derives YOLO/Bypass) so the UI is a pure consumer of an engine-stamped verdict, making the MCP/hook gates consult auto_approve for consistency, dropping the dead rlm_eval non-bypassable path, collapsing the composer-bang duplicate, and removing the dormant AppMode::Auto — is the bigger refactor #3790 also describes. It carries real risk in the Agent path and has an open design question (now resolved for deny rules), so it's better staged deliberately rather than rushed into the release. Full map + recommendations are in the issue comment.

…carve-out (#3790)

The reported symptom (YOLO still prompts on `git push` / publish) traced to a
single override: `auto_review_force_prompt_overrides_auto_approve`. The
auto-review safety floor classifies publish-like actions (git push, gh release,
npm/cargo publish, git tag) as durable-review holds, and this carve-out forced
the prompt *past* YOLO by setting `approval_force_prompt = true`, which defeats
the UI's YOLO auto-approve (`should_auto_approve_approval_request`).

Remove the carve-out so the auto-review ForcePrompt is fully mode-subordinate:
YOLO (`auto_approve`) now skips it like every other heuristic hold. An audit of
the approval path confirms this was the *only* remaining `force_prompt` source
in YOLO (typed ask-rules are already `!auto_approve`-gated), so YOLO is now a
true no-prompt mode for shell / MCP / publish. Agent and Plan are unchanged —
Agent still reviews publish (the policy layer still classifies it; only the
YOLO application changed). Typed deny rules and `disallowed/allowed_tools`
remain mode-independent hard prohibitions.

- turn_loop.rs: delete `auto_review_force_prompt_overrides_auto_approve` and its
  use; the ForcePrompt arm now applies only when `!self.session.auto_approve`.
- tests: drop the helper assertion; flip `yolo_mode_forces_prompt_for_publish_like_shell`
  to `yolo_mode_does_not_force_prompt_for_publish_like_shell` (asserts no
  approval is surfaced and the tool runs under YOLO). Policy-layer tests
  (auto_review_policy_*) still assert publish → ForcePrompt for Agent.

Full `cargo test -p codewhale-tui --bins` green except the two pre-existing
non-hermetic `config_command_allow_shell_*` papercuts (machine default_mode=yolo).

Part of #3790; the broader dual-authority centralization + Auto-mode removal is
called out as a deliberate follow-up in the issue.
@Hmbown

Hmbown commented Jun 29, 2026

Copy link
Copy Markdown
Owner Author

Closing — superseded by #3795 (merged), which fixes #3790 more completely.

I opened this as the minimal, verified slice (drop the publish force-prompt carve-out). #3795 landed first and does the fuller flatten: removes the auto-review safety floor entirely, and gates MCP / code-execution / hook-ask on auto_approve too — exactly the dual-authority cleanup I mapped as the follow-up. It also keeps explicit deny/block rules as hard prohibitions in every mode, which matches the open-question recommendation in my audit on #3790. So #3795 is strictly the better, more complete change. Thanks!

@Hmbown Hmbown closed this Jun 29, 2026
@Hmbown Hmbown deleted the codex/0866-3790-mode-authority branch June 29, 2026 22:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant