fix(memory,skills): repair write-approval inline prompt, gateway staging, and gateway /skills review#43452
Merged
Merged
Conversation
…ing, and gateway /skills review Follow-ups to #38199/#43354 found in post-merge review: - Inline CLI memory approval never worked: the per-thread approval callback was not passed to prompt_dangerous_approval, so the prompt_toolkit fail-closed guard (#15216) denied every gated foreground write without showing a prompt. Now invokes the registered callback directly; a crashed prompt falls back to staging instead of a silent deny. - Gateway sessions claimed inline support but prompt_dangerous_approval has no gateway round-trip (that lives in the pending-approval queue), so gated gateway memory writes hit the input() fallback and denied. Gateway contexts now stage for /memory pending review. - /skills pending|approve|reject|diff|approval now works on the gateway (gateway_config_gate on skills.write_approval), so skills staged from a messaging session can be reviewed there. Diff output truncated for chat. - memory_tool validates required params before the gate so invalid writes are rejected immediately instead of staged and failing at approve time. - Stale tri-state write_mode docstrings updated to the boolean gate; docs table corrected (inline prompt is interactive-CLI-only). - 6 new tests covering the interactive approve/deny/error paths, gateway staging, skills never-prompt invariant, and pre-gate validation.
changman
pushed a commit
to changman/hermes-agent
that referenced
this pull request
Jun 10, 2026
…ing, and gateway /skills review (NousResearch#43452) Follow-ups to NousResearch#38199/NousResearch#43354 found in post-merge review: - Inline CLI memory approval never worked: the per-thread approval callback was not passed to prompt_dangerous_approval, so the prompt_toolkit fail-closed guard (NousResearch#15216) denied every gated foreground write without showing a prompt. Now invokes the registered callback directly; a crashed prompt falls back to staging instead of a silent deny. - Gateway sessions claimed inline support but prompt_dangerous_approval has no gateway round-trip (that lives in the pending-approval queue), so gated gateway memory writes hit the input() fallback and denied. Gateway contexts now stage for /memory pending review. - /skills pending|approve|reject|diff|approval now works on the gateway (gateway_config_gate on skills.write_approval), so skills staged from a messaging session can be reviewed there. Diff output truncated for chat. - memory_tool validates required params before the gate so invalid writes are rejected immediately instead of staged and failing at approve time. - Stale tri-state write_mode docstrings updated to the boolean gate; docs table corrected (inline prompt is interactive-CLI-only). - 6 new tests covering the interactive approve/deny/error paths, gateway staging, skills never-prompt invariant, and pre-gate validation.
teknium1
added a commit
that referenced
this pull request
Jun 11, 2026
…slash-command docs (#43801) The memory/skill write-approval gate (#38199, #43354, #43452) was only documented inside features/memory.md. Surface it everywhere users will actually look: - features/skills.md: new 'Gating agent skill writes' section under skill_manage, with the staging semantics, review commands, and the distinction from skills.guard_agent_created - configuration.md: memory.write_approval added to the Memory Configuration block; new 'Write approval for skill writes' subsection next to the guard_agent_created scanner - reference/slash-commands.md: /memory and /skills review subcommands in both the CLI and messaging tables; Notes updated since /skills pending/approve/reject/diff/approval now works on the gateway - features/memory.md: cross-link to the new skills section
alt-glitch
pushed a commit
that referenced
this pull request
Jun 14, 2026
…ing, and gateway /skills review (#43452) Follow-ups to #38199/#43354 found in post-merge review: - Inline CLI memory approval never worked: the per-thread approval callback was not passed to prompt_dangerous_approval, so the prompt_toolkit fail-closed guard (#15216) denied every gated foreground write without showing a prompt. Now invokes the registered callback directly; a crashed prompt falls back to staging instead of a silent deny. - Gateway sessions claimed inline support but prompt_dangerous_approval has no gateway round-trip (that lives in the pending-approval queue), so gated gateway memory writes hit the input() fallback and denied. Gateway contexts now stage for /memory pending review. - /skills pending|approve|reject|diff|approval now works on the gateway (gateway_config_gate on skills.write_approval), so skills staged from a messaging session can be reviewed there. Diff output truncated for chat. - memory_tool validates required params before the gate so invalid writes are rejected immediately instead of staged and failing at approve time. - Stale tri-state write_mode docstrings updated to the boolean gate; docs table corrected (inline prompt is interactive-CLI-only). - 6 new tests covering the interactive approve/deny/error paths, gateway staging, skills never-prompt invariant, and pre-gate validation.
alt-glitch
pushed a commit
that referenced
this pull request
Jun 14, 2026
…slash-command docs (#43801) The memory/skill write-approval gate (#38199, #43354, #43452) was only documented inside features/memory.md. Surface it everywhere users will actually look: - features/skills.md: new 'Gating agent skill writes' section under skill_manage, with the staging semantics, review commands, and the distinction from skills.guard_agent_created - configuration.md: memory.write_approval added to the Memory Configuration block; new 'Write approval for skill writes' subsection next to the guard_agent_created scanner - reference/slash-commands.md: /memory and /skills review subcommands in both the CLI and messaging tables; Notes updated since /skills pending/approve/reject/diff/approval now works on the gateway - features/memory.md: cross-link to the new skills section
AIalliAI
pushed a commit
to AIalliAI/Hermes
that referenced
this pull request
Jun 14, 2026
…slash-command docs (NousResearch#43801) The memory/skill write-approval gate (NousResearch#38199, NousResearch#43354, NousResearch#43452) was only documented inside features/memory.md. Surface it everywhere users will actually look: - features/skills.md: new 'Gating agent skill writes' section under skill_manage, with the staging semantics, review commands, and the distinction from skills.guard_agent_created - configuration.md: memory.write_approval added to the Memory Configuration block; new 'Write approval for skill writes' subsection next to the guard_agent_created scanner - reference/slash-commands.md: /memory and /skills review subcommands in both the CLI and messaging tables; Notes updated since /skills pending/approve/reject/diff/approval now works on the gateway - features/memory.md: cross-link to the new skills section
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The write-approval gate from #38199 now actually works on its two headline surfaces: the inline CLI prompt approves/denies instead of silently denying every gated memory write, and gateway sessions stage writes (and can review staged skills) instead of dead-ending in a CLI-only prompt.
Found in a post-merge review of #38199/#43354 via E2E with real imports — the unit suite only exercised the no-callback staging branch, so both breaks shipped green.
What was broken
_prompt_inline_memory_approval()calledprompt_dangerous_approval()without the per-thread approval callback. Under prompt_toolkit the [Bug]: approval prompt get_input deadlocks against prompt_toolkit MainThread (regression of #13617) #15216 fail-closed guard returns "deny" instantly → every gated foreground memory write reported "denied by user" with no prompt ever shown. Verified: registered an approving callback, write blocked, callback invoked 0 times._interactive_approval_available()returned True for gateway sessions, but the gateway/approveround-trip lives in the pending-approval queue, whichprompt_dangerous_approvalnever reaches → gated gateway memory writes hit theinput()fallback and denied (EOF/timeout)./skills pending|approve|reject|diffwas CLI-only — a skill staged from a Telegram session could not be reviewed from Telegram, contradicting the feat(memory,skills): approve/deny gate for memory + skill writes #38199 PR body.Changes
tools/write_approval.py: inline path invokes the registered CLI callback directly (a crashed prompt falls back to staging, never a silent deny); gateway contexts stage; stale tri-statewrite_modedocstrings rewritten for the boolean gate.gateway/slash_commands.py+gateway/run.py: new_handle_skills_command— review-only/skillssurface (pending/approve/reject/diff/approval) with chat-safe diff truncation; staged writes remain reviewable even after the gate is turned off.hermes_cli/commands.py:/skillsgainsgateway_config_gate="skills.write_approval"so it only appears on gateway surfaces when the gate is in use.tools/memory_tool.py: param validation moved before the gate — invalid writes are rejected immediately instead of staged and failing at approve time.website/docs/user-guide/features/memory.md: inline prompt documented as interactive-CLI-only.tests/tools/test_write_approval.py: 6 new tests — inline approve/deny/error, gateway staging, skills never-prompt invariant, pre-gate validation.Validation
tests/tools/test_write_approval.py/skillsgateway handler roundtrips pending→diff→approve→on-disk skillInfographic