Chat: It's easy to accidentally enable editing all sensitive files

[joaomoreno]

Testing #297206

We have switched the default blue button to allow for the entire session:

This is very dangerous, and comes with no disclaimer, unlike the /yolo experience. It's also very ambiguous since I don't know if I'm allowing Copilot to edit package.json in the session, or all sensitive files.

After allowing for the session I no longer get asked about any sensitive files:

[justschen]

cc @digitarald if you have thoughts on this?

the main reason behind surfacing allow in session vs. allow once was to show that such things are possible, since we were seeing frustration over people keep clicking allow vs. in the dropdown. not sure if there's some additional disclaimer text we should add there then?

[digitarald]

My assumption for this kind of approve-for-this-session applies to the specific file/tool/url; whatever is easist to reason about. That's probably the most surprising part to fix here, that only package.json.

I totally understand the challenge that we have a lot of levels of approval :/ . Maybe the tooltip+dropdown can explain the nuance?

[justschen]

after some back and forth and some thought, i think the ultimately decision is maybe just to keep the 2 buttons separate. an allow-once, but also an allow in sesion, with everything else in a dropdown.

[ganlvtech]

I think Allow Once should be the default choice. Or use last choice as the default one.