feat(acp): require approval for editor file edits

2026-05-15 23:28:44 +01:00
parent 060ec02858
commit 9592e595a2
4 changed files with 448 additions and 1 deletions
--- a/model_tools.py
+++ b/model_tools.py
@@ -788,6 +788,20 @@ def handle_function_call(
            if block_message is not None:
                return json.dumps({"error": block_message}, ensure_ascii=False)

+        # ACP/Zed edit approval runs before any file mutation.  The requester
+        # is bound via ContextVar only for ACP sessions, so CLI/gateway paths
+        # are unaffected when it is unset.
+        try:
+            from acp_adapter.edit_approval import maybe_require_edit_approval
+
+            edit_block_message = maybe_require_edit_approval(function_name, function_args)
+            if edit_block_message is not None:
+                return edit_block_message
+        except Exception as _edit_approval_err:
+            logger.debug("ACP edit approval guard error: %s", _edit_approval_err)
+            if function_name in {"write_file", "patch"}:
+                return json.dumps({"error": "Edit approval denied: approval guard failed"}, ensure_ascii=False)
+
        # Notify the read-loop tracker when a non-read/search tool runs,
        # so the *consecutive* counter resets (reads after other work are fine).
        if function_name not in _READ_SEARCH_TOOLS: