fix(webui): link approval card to global auto-approve settings#5247
Open
italic-jinxin wants to merge 9 commits into
Open
fix(webui): link approval card to global auto-approve settings#5247italic-jinxin wants to merge 9 commits into
italic-jinxin wants to merge 9 commits into
Conversation
italic-jinxin
added
size: L
railway-app
Bot
temporarily deployed
to
ironclaw-ci-preview / ironclaw-pr-5247
github-actions
Bot
added
size: XL
ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Plus Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (7)
📝 WalkthroughSummary by CodeRabbit
WalkthroughThe PR adds ChangesGlobal auto-approve shortcut
Chat input DOM guard
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Possibly related issues
Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 3 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (3 passed)
Comment |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@crates/ironclaw_webui_v2_static/static/js/pages/chat/chat.js`:
- Around line 85-93: The global auto-approve flag is being derived from the
settings API response instead of the bootstrap globals, which breaks the
frontend flag-source contract. Update the chat page logic in the
`settingsQuery`/`globalAutoApproveEnabled` path to read the flag from the
existing bootstrap globals source used by the web UI, and remove the dependency
on `settingsQuery.data.settings` for this value.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 4c1ede1e-fc8e-4d24-972f-bc90fc073f43
⛔ Files ignored due to path filters (1)
crates/ironclaw_webui_v2_static/static/dist/app.jsis excluded by!**/dist/**
📒 Files selected for processing (5)
crates/ironclaw_webui_v2_static/static/js/i18n/en.jscrates/ironclaw_webui_v2_static/static/js/pages/chat/chat.jscrates/ironclaw_webui_v2_static/static/js/pages/chat/components/approval-card.jscrates/ironclaw_webui_v2_static/static/js/pages/chat/components/approval-card.test.mjscrates/ironclaw_webui_v2_static/static/js/pages/chat/lib/chat.test.mjs
# Conflicts: # crates/ironclaw_webui_v2_static/static/dist/app.js
railway-app
Bot
temporarily deployed
to
ironclaw-ci-preview / ironclaw-pr-5247
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@crates/ironclaw_webui_v2/src/handlers.rs`:
- Around line 121-133: The `global_auto_approve_enabled` helper is swallowing an
operator-config read error by using `let Ok(config) = ... else { return false
}`, which hides a boundary/IO failure. Keep the fail-closed `false` fallback,
but make it explicit by adding an inline `// silent-ok: ...` justification near
the `get_operator_config_key` call, or otherwise log/propagate the `Err` before
returning. Use `global_auto_approve_enabled`, `get_operator_config_key`, and
`AUTO_APPROVE_CONFIG_KEY` to locate the change.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 27468db3-7a5e-4053-a0b9-5f400658da42
⛔ Files ignored due to path filters (1)
crates/ironclaw_webui_v2_static/static/dist/app.jsis excluded by!**/dist/**
📒 Files selected for processing (9)
crates/ironclaw_webui_v2/src/handlers.rscrates/ironclaw_webui_v2/tests/webui_v2_handlers_contract.rscrates/ironclaw_webui_v2_static/src/assets.rscrates/ironclaw_webui_v2_static/static/js/app/app.jscrates/ironclaw_webui_v2_static/static/js/app/auth.jscrates/ironclaw_webui_v2_static/static/js/layout/gateway-layout.jscrates/ironclaw_webui_v2_static/static/js/pages/chat/chat-page.jscrates/ironclaw_webui_v2_static/static/js/pages/chat/chat.jscrates/ironclaw_webui_v2_static/static/js/pages/chat/lib/chat.test.mjs
|
🚅 Deployed to the ironclaw-pr-5247 environment in ironclaw-ci-preview
|
railway-app
Bot
temporarily deployed
to
ironclaw-ci-preview / ironclaw-pr-5247
Collaborator
|
@claude review |
This comment was marked as resolved.
This comment was marked as resolved.
railway-app
Bot
temporarily deployed
to
ironclaw-ci-preview / ironclaw-pr-5247
# Conflicts: # crates/ironclaw_webui_v2_static/static/dist/app.js
railway-app
Bot
temporarily deployed
to
ironclaw-ci-preview / ironclaw-pr-5247
railway-app
Bot
temporarily deployed
to
ironclaw-ci-preview / ironclaw-pr-5247
Collaborator
|
[BLOCK] Not ready for human final review. Blocking status:
No new inline findings were added in this pass. Guidance for human follow-up:
|
Collaborator
|
@claude review |
Collaborator
|
Mergeability check: is (). Please rebase or merge the current base branch to resolve conflicts before continuing review. |
Collaborator
|
Mergeability check: mergeStateStatus is DIRTY and mergeable is CONFLICTING. Please rebase or merge the current base branch to resolve conflicts before review can proceed. |
# Conflicts: # crates/ironclaw_webui_v2/src/handlers.rs # crates/ironclaw_webui_v2_static/static/dist/app.js # crates/ironclaw_webui_v2_static/static/js/pages/chat/chat.js # crates/ironclaw_webui_v2_static/static/js/pages/chat/lib/chat.test.mjs
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@crates/ironclaw_webui_v2_static/static/js/pages/chat/chat.js`:
- Around line 90-99: The new composer status messages in chat.js are hardcoded
in English instead of using the existing translation flow. Update the strings
used in the composer status logic around approvalSubmitWarning and
composerStatusText to go through useT() like the rest of the component,
including the cooldown text with the seconds value interpolated. Keep the same
behavior for composerSendDisabled and composerSendBlockedRef, but ensure both
the approval and retry messages are localized.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 95d3fbda-4e64-459b-b990-2a38db14168f
⛔ Files ignored due to path filters (1)
crates/ironclaw_webui_v2_static/static/dist/app.jsis excluded by!**/dist/**
📒 Files selected for processing (7)
crates/ironclaw_webui_v2/src/handlers.rscrates/ironclaw_webui_v2/tests/webui_v2_handlers_contract.rscrates/ironclaw_webui_v2_static/static/js/pages/chat/chat.jscrates/ironclaw_webui_v2_static/static/js/pages/chat/components/approval-card.jscrates/ironclaw_webui_v2_static/static/js/pages/chat/components/chat-input.jscrates/ironclaw_webui_v2_static/static/js/pages/chat/lib/chat-input.test.mjscrates/ironclaw_webui_v2_static/static/js/pages/chat/lib/chat.test.mjs
There was a problem hiding this comment.
Caution
Inline review comments failed to post. This is likely due to GitHub's internal server error or limits when posting large numbers of comments. If you are seeing this consistently it is likely a permissions issue. Please check "Moderation" -> "Code review limits" under your organization settings.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@crates/ironclaw_webui_v2_static/static/js/pages/chat/chat.js`:
- Around line 90-99: The new composer status messages in chat.js are hardcoded
in English instead of using the existing translation flow. Update the strings
used in the composer status logic around approvalSubmitWarning and
composerStatusText to go through useT() like the rest of the component,
including the cooldown text with the seconds value interpolated. Keep the same
behavior for composerSendDisabled and composerSendBlockedRef, but ensure both
the approval and retry messages are localized.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: ASSERTIVE
Plan: Pro Plus
Run ID: 95d3fbda-4e64-459b-b990-2a38db14168f
⛔ Files ignored due to path filters (1)
crates/ironclaw_webui_v2_static/static/dist/app.jsis excluded by!**/dist/**
📒 Files selected for processing (7)
crates/ironclaw_webui_v2/src/handlers.rscrates/ironclaw_webui_v2/tests/webui_v2_handlers_contract.rscrates/ironclaw_webui_v2_static/static/js/pages/chat/chat.jscrates/ironclaw_webui_v2_static/static/js/pages/chat/components/approval-card.jscrates/ironclaw_webui_v2_static/static/js/pages/chat/components/chat-input.jscrates/ironclaw_webui_v2_static/static/js/pages/chat/lib/chat-input.test.mjscrates/ironclaw_webui_v2_static/static/js/pages/chat/lib/chat.test.mjs
🛑 Comments failed to post (1)
crates/ironclaw_webui_v2_static/static/js/pages/chat/chat.js (1)
90-99: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win
Localize the new composer status copy.
Lines 90-99 add English-only UI strings (
"Resolve the approval request before sending another message."andRetry in ${cooldownSeconds}s) in a component that already routes copy throughuseT(). That will leak untranslated text in non-English sessions.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@crates/ironclaw_webui_v2_static/static/js/pages/chat/chat.js` around lines 90 - 99, The new composer status messages in chat.js are hardcoded in English instead of using the existing translation flow. Update the strings used in the composer status logic around approvalSubmitWarning and composerStatusText to go through useT() like the rest of the component, including the cooldown text with the seconds value interpolated. Keep the same behavior for composerSendDisabled and composerSendBlockedRef, but ensure both the approval and retry messages are localized.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Settings > Toolsso users can quickly find the global setting for automatically approving and executing all actions.agent.auto_approve_toolsonly while an approval gate is visible and keeps existing per-tool approval behavior unchanged.Linked Issue
Closes #5246
Screenshots
Validation
node --test crates/ironclaw_webui_v2_static/static/js/pages/chat/components/approval-card.test.mjsnode --test --test-name-pattern 'Chat deny gate callback routes through approve compatibility path' crates/ironclaw_webui_v2_static/static/js/pages/chat/lib/chat.test.mjsnpm run buildgit diff --checkSecurity Impact
No permission model changes. This only exposes a shortcut to an existing Tools setting and preserves the existing approval flow.
Database Impact
No schema or migration changes.
Blast Radius
Limited to WebUI v2 approval card rendering, settings-state lookup while an approval gate is visible, and the bundled static frontend asset.
Rollback Plan
Revert this PR to remove the approval-card shortcut and return the card to the previous per-tool-only approval UI.