feat(core): introduce TrustGateError for setApprovalMode (#4175 Wave 4 PR 17)

doudouOUC · doudouOUC · commit 489fcd7ab1ba · 2026-05-18T18:04:13.000+08:00
Adds a named subclass `TrustGateError` thrown by `Config.setApprovalMode` when the requested mode would grant privileged tool autonomy in a folder the user has not marked as trusted. Daemon mutation routes can now recognize this rejection class without depending on message text. Extends `mapDomainErrorToErrorKind` in `packages/cli/src/serve/status.ts` to map `TrustGateError → 'auth_env_error'`. Matches by `err.name` rather than `instanceof` because cross-package bundling can produce duplicate class instances where `instanceof` returns false. Test covers both the real class and a name-synthesized instance. Foundation for the `POST /session/:id/approval-mode` route landing in a follow-up commit in this PR. 🤖 Generated with [Qwen Code](https://github.com/QwenLM/qwen-code)
diff --git a/packages/cli/src/serve/status.test.ts b/packages/cli/src/serve/status.test.ts
@@ -4,7 +4,7 @@
  * SPDX-License-Identifier: Apache-2.0
  */
 
-import { SkillError } from '@qwen-code/qwen-code-core';
+import { SkillError, TrustGateError } from '@qwen-code/qwen-code-core';
 import { describe, expect, it } from 'vitest';
 import {
   BridgeTimeoutError,
@@ -87,6 +87,17 @@ describe('mapDomainErrorToErrorKind', () => {
     );
   });
 
+  it('classifies TrustGateError as auth_env_error (recognized via .name across package boundaries)', () => {
+    const err = new TrustGateError('untrusted folder rejects YOLO');
+    expect(mapDomainErrorToErrorKind(err)).toBe('auth_env_error');
+    // Synthesize the same class by name alone — verifies the matcher works
+    // even when a bundled-twice instance breaks `instanceof` symmetry.
+    const synthetic = Object.assign(new Error('synthetic'), {
+      name: 'TrustGateError',
+    });
+    expect(mapDomainErrorToErrorKind(synthetic)).toBe('auth_env_error');
+  });
+
   it('classifies ModelConfigError subclasses (recognized via .name) as auth_env_error', () => {
     for (const name of [
       'StrictMissingCredentialsError',
diff --git a/packages/cli/src/serve/status.ts b/packages/cli/src/serve/status.ts
@@ -563,6 +563,10 @@ export function mapDomainErrorToErrorKind(
   }
   if (err instanceof SyntaxError) return 'parse_error';
   if (!(err instanceof Error)) return undefined;
+  // `TrustGateError` is defined in `@qwen-code/qwen-code-core/config`; we
+  // match by `.name` rather than `instanceof` because cross-package bundling
+  // can produce duplicate class instances where `instanceof` returns false.
+  if (err.name === 'TrustGateError') return 'auth_env_error';
   if (MODEL_CONFIG_ERROR_NAMES.has(err.name)) return 'auth_env_error';
   const code = (err as { code?: unknown }).code;
   if (typeof code === 'string' && FS_MISSING_CODES.has(code)) {
diff --git a/packages/core/src/config/config.ts b/packages/core/src/config/config.ts
@@ -175,6 +175,23 @@ export enum ApprovalMode {
 
 export const APPROVAL_MODES = Object.values(ApprovalMode);
 
+/**
+ * Thrown by `Config.setApprovalMode` when the requested mode would grant
+ * privileged tool autonomy in a folder the user has not marked as trusted.
+ *
+ * Why: the daemon mutation route at `POST /session/:id/approval-mode` needs
+ * to recognize this specific class of rejection and translate it into a
+ * structured `errorKind: 'auth_env_error'` rather than a generic 500.
+ * Using a named subclass lets the bridge match by `err.name` without
+ * depending on the message text (which would drift across i18n).
+ */
+export class TrustGateError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'TrustGateError';
+  }
+}
+
 /**
  * Information about an approval mode including display name and description.
  */
@@ -2474,7 +2491,7 @@ export class Config {
       mode !== ApprovalMode.DEFAULT &&
       mode !== ApprovalMode.PLAN
     ) {
-      throw new Error(
+      throw new TrustGateError(
         'Cannot enable privileged approval modes in an untrusted folder.',
       );
     }
