Skip to content

fix(core): coalesce equivalent pending permission requests#36091

Open
umi008 wants to merge 2 commits into
anomalyco:v2from
umi008:fix-duplicate-permissions
Open

fix(core): coalesce equivalent pending permission requests#36091
umi008 wants to merge 2 commits into
anomalyco:v2from
umi008:fix-duplicate-permissions

Conversation

@umi008

@umi008 umi008 commented Jul 9, 2026

Copy link
Copy Markdown

Issue for this PR

Closes #36055

Type of change

  • Bug fix
  • New feature
  • Refactor / code improvement
  • Documentation

What does this PR do?

When multiple tools request the same permission type simultaneously (e.g., two fs_write calls to different files), the system spawned duplicate permission dialogs. The user had to approve the same permission type multiple times.

Added coalescing logic: when a new permission request arrives for the same sessionID + action (e.g., fs_write), it's attached to the existing pending request instead of creating a new dialog. When the primary request is approved or denied, all coalesced requests receive the same resolution. The "always" saved-rule propagation also applies to coalesced requests.

How did you verify your code works?

  • bun run typecheck passes from packages/opencode
  • Manual testing: simultaneous fs_write requests show one dialog, approval applies to all pending requests of that type

Checklist

  • I have tested my changes locally
  • I have not included unrelated changes in this PR

@github-actions github-actions Bot added needs:issue needs:compliance This means the issue will auto-close after 2 hours. labels Jul 9, 2026
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Thanks for your contribution!

This PR doesn't have a linked issue. All PRs must reference an existing issue.

Please:

  1. Open an issue describing the bug/feature (if one doesn't exist)
  2. Add Fixes #<number> or Closes #<number> to this PR description

See CONTRIBUTING.md for details.

@github-actions github-actions Bot removed the needs:compliance This means the issue will auto-close after 2 hours. label Jul 9, 2026
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Thanks for updating your PR! It now meets our contributing guidelines. 👍

@hcsum

hcsum commented Jul 10, 2026

Copy link
Copy Markdown

I don't think coalescing by sessionID + action is correct here.

The bug in #36055 is about duplicate pending requests for the same effective
permission scope, not about all requests of the same permission type being
interchangeable.

In v2/packages/core/src/permission.ts, permission evaluation and saved rules are
resource-scoped:

  • permission decisions are evaluated per action + resource
  • remembered rules are saved with action + resources

Because of that, two requests with the same action but different resources are
not necessarily equivalent. For example, two fs_write requests targeting
different files should not automatically piggyback on the same approval.

The issue case should be fixed by coalescing only semantically equivalent pending
requests, e.g. same session, same action, and same effective resource scope
(resources / patterns, and likely save / always as well after
normalization).

As written, this PR seems to widen one approval to unrelated resources, which
changes permission semantics instead of just deduplicating duplicate prompts.

The previous coalescing key (sessionID + action) was too broad. The
permission system evaluates per (action, resource) pair, so two fs_write
requests to different files must each show their own dialog.

Changed the coalescing key to sessionID + action + normalized resources +
normalized save. Only genuinely identical requests now coalesce.

Added tests verifying:
- Identical requests still coalesce (one dialog)
- Different resources trigger separate dialogs
- Different save patterns trigger separate dialogs
@umi008

umi008 commented Jul 11, 2026

Copy link
Copy Markdown
Author

thanks for the review @hcsum — the current implementation already addresses this concern. the coalescing key includes sessionID + action + sorted resources + sorted save, not just sessionID + action. two fs_write calls to different files produce different keys and will NOT coalesce.

the tests added in this PR verify this explicitly:

  • "coalesces identical pending requests (same action + same resources)" — coalesces when truly identical
  • "does NOT coalesce requests with different resources" — separate dialogs for different files
  • "does NOT coalesce requests with different save patterns" — different save scopes = separate dialogs

mind taking another look?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants