fix(cli): paint approval/clarify/sudo/secret modal prompts directly, not via the throttle (#41098)

[kshitijk4poor]

Summary

Fixes #41098 — in classic CLI mode (hermes chat, not --tui) the dangerous-command approval prompt never renders. The user sees ⏱ Timeout — denying command after 60s without ever seeing the panel, making approvals.mode: manual unusable. The same defect silently affects the clarify prompt (120s → agent decides alone), the sudo password prompt (45s → continues without sudo), and the secret-capture teardown.

Supersedes #41116, #41141, and #41166 — see Credit.

Root cause

The approval, clarify, sudo, and secret prompts run their wait loop on the agent/background thread: they set modal state that a ConditionalContainer filter reads, then call self._invalidate() to repaint so the panel appears. _invalidate() is a throttled wrapper built for high-frequency background repaints (spinner frames, streaming): it (a) returns early while a SIGWINCH resize-recovery is pending, and (b) otherwise only repaints if 250ms elapsed since the last paint. Under either condition the modal's entry paint is silently dropped, the ConditionalContainer never re-evaluates, and the prompt times out unseen.

The throttle never belonged on these paths:

• Originally the callbacks painted with a direct self._app.invalidate() and worked.
• A throttle PR (fix(cli): throttle UI invalidate to prevent terminal blinking on SSH #284) blanket-replaced every invalidate — including these rare, one-shot, user-blocking modal paints — with the throttled _invalidate().
• A later commit (5e92b6780) removed an idle 1Hz repaint that had been masking dropped modal paints, surfacing the bug.
• The modal key-binding handlers (↑/↓/Enter) already paint with a direct event.app.invalidate(), never the throttle — the background-thread callbacks were the inconsistent ones.

Fix

Add a small _paint_now() helper that paints directly (guarded for a missing _app, exception-safe) and route the four modal paths through it — matching the key-handler idiom. Clean two-rule partition:

Path	Repaint
spinner / streaming (high-frequency background)	self._invalidate() (throttled)
modal prompts + key handlers (rare / interactive)	self._app.invalidate() directly (_paint_now())

Covers approval, clarify, sudo, and the secret-capture teardown (_submit_secret_response, which previously used the throttled _invalidate() so its panel could linger after submit). _invalidate() is left untouched (no new parameter); its docstring now states it's for high-frequency background repaints only. This also fixes the resize-recovery edge case for free — a direct paint never consults the resize guard — without a throttle-bypass flag that could be cargo-culted onto hot paths and silently defeat the anti-flicker protection.

Also: countdown refresh cadence tightened 5s → 1s so the timer stays visible while waiting, and a copy-pasted duplicate countdown block in _clarify_callback is removed.

Why a new PR (not the force=True approach of #41116/#41141/#41166)

The earlier PRs fixed the same bug by bypassing the throttle either via a force=True flag threaded through _invalidate (#41116/#41141) or by inlining a guarded app.invalidate() at each approval site (#41166). All work, but a throttle with a "skip the throttle" flag is semantically a direct invalidate() through a wrapper, and the flag/inline-duplication is an attractive nuisance for hot paths. Painting directly through one small _paint_now() helper (this PR) is the idiom the key-handlers already use, touches no shared primitive, covers all four modals, and is strictly less surface. #41166 also added an audible-bell side effect and only fixed approval.

Tests

tests/cli/test_cli_approval_ui.py — new TestModalPaintNow:

• test_paint_now_bypasses_throttle_and_resize_guard / test_paint_now_no_app_is_safe — direct helper behavior.
• test_{approval,clarify,sudo}_prompt_paints_under_both_gates — drives each callback on a background thread with _resize_recovery_pending=True AND a recent _last_invalidate inside the throttle window, asserts the panel paints on entry and (approval/sudo) repaints on teardown.
• test_secret_response_teardown_paints — secret panel clears via _paint_now.
• Each modal test was verified to fail if its paint is reverted to _invalidate().
• 17 in-file tests pass; full tests/cli/ suite green (900); ruff clean.

Credit

• Root-cause diagnosis (throttle drop) by @sanidhyasin in fix(cli): force approval panel redraw past the _invalidate throttle (#41098) #41116.
• @islam666 independently reached the same direct-invalidate() approach in fix(cli): bypass _invalidate() throttle for approval panel render (#41098) #41166.
• Original report Approval panel never renders — _invalidate() throttle drops redraw #41098 by @jodonnel.

Closes #41098

[liuhao1024]

Positive verification — modal paint bypass is correct and addresses a real UX regression.

Reviewed the diff for cli.py and tests/cli/test_cli_approval_ui.py.

1. Root cause is well-diagnosed. The throttled _invalidate() silently drops repaints on a 250ms window collision or while a SIGWINCH resize is in flight (_resize_recovery_pending = True). Modal prompts (approval/clarify/sudo) are one-shot, user-blocking events — a dropped paint means the user never sees the prompt and it times out silently (Approval panel never renders — _invalidate() throttle drops redraw #41098).

2. _paint_now() is the right fix. It calls self._app.invalidate() directly, bypassing both the throttle interval check and the resize-recovery guard. The getattr(self, "_app", None) guard handles the edge case where _app is torn down. The try/except is appropriate for a paint path that should never crash the event loop.

3. All three modal callbacks are updated. _approval_callback, _clarify_callback, and _sudo_password_callback now use _paint_now() for initial paint, countdown refreshes, and cleanup repaints. No stale _invalidate() calls remain in these paths.

4. Countdown refresh interval reduced from 5s to 1s. This is safe because _paint_now() is unthrottled and lightweight — a direct invalidate() call. The 5s interval was chosen to avoid flicker from the throttled path, which no longer applies.

5. Test coverage is adversarial by design. The _make_real_paint_cli_stub() sets both gates (_resize_recovery_pending=True and _last_invalidate inside the throttle window) to ensure _invalidate() would be suppressed, then verifies _paint_now() paints through. The _drive() helper runs modal callbacks on a background thread and asserts invalidate was called, matching the real threading model.

6. No side effects on non-modal paths. _invalidate() is unchanged — spinner frames, streaming token flushes, and other high-frequency repaints still use the throttle. Only the three modal callbacks switched to _paint_now().

No issues found. The fix is well-scoped and the tests prove the regression cannot recur.

[sanidhyasin]

Thanks for carrying this forward and for the cleaner implementation — _paint_now() is the right call, reads better than my throttle-bypass flag. Nice catch extending it to the clarify and sudo prompts too. Appreciate the credit!