Restore prompt-approved tool execution in CLI parity runs

ConversationRuntime already performs permission-policy checks and interactive approvals before dispatching a tool. The CLI tool executor was routing those same tool calls back through GlobalToolRegistry::execute, which re-ran the enforcer without a prompter and flipped approved bash calls back into denials. Add a preauthorized execution path for runtime-dispatched tools, keep registry enforcement for direct callers, and format the files that were already tripping rustfmt on main. Constraint: CI on main was failing both cargo fmt and the mock parity harness after permission enforcement landed Rejected: Remove registry enforcement globally | would reopen direct-dispatch permission gaps Confidence: high Scope-risk: narrow Reversibility: clean Directive: Use execute_preauthorized only after ConversationRuntime or an equivalent caller has already completed permission gating Tested: cargo fmt --all --check; cargo test -p rusty-claude-cli; cargo test -p tools Not-tested: Full workspace test matrix beyond the Rust CI workflow targets
2026-06-03 06:18:00 +02:00 · 2026-04-03 09:32:29 +00:00
parent 618a79a9f4
commit bf59abc9e9
3 changed files with 60 additions and 23 deletions
@@ -191,7 +191,10 @@ impl McpToolRegistry {
                        let mut manager = manager
                            .lock()
                            .map_err(|_| "mcp server manager lock poisoned".to_string())?;
-                        manager.discover_tools().await.map_err(|error| error.to_string())?;
+                        manager
+                            .discover_tools()
+                            .await
+                            .map_err(|error| error.to_string())?;
                        let response = manager
                            .call_tool(&qualified_tool_name, arguments)
                            .await
@@ -834,7 +837,9 @@ mod tests {
            None,
        );
        registry
-            .set_manager(Arc::new(Mutex::new(McpServerManager::from_servers(&servers))))
+            .set_manager(Arc::new(Mutex::new(McpServerManager::from_servers(
+                &servers,
+            ))))
            .expect("manager should only be set once");

        let result = registry