Skip to content

fix(sdk): honor canUseTool timeout in CLI control requests #4491

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
DragonnZhang merged 4 commits into from
May 26, 2026
Merged

fix(sdk): honor canUseTool timeout in CLI control requests #4491

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
5db56f2
fix(sdk): honor canUseTool timeout in CLI control requests
DragonnZhang May 25, 2026
a6b8cff
fix(sdk): add type assertion for CLIControlInitializeRequest.timeout …
DragonnZhang May 25, 2026
abb8d8a
fix(cli): add upper bound validation for canUseTool timeout
DragonnZhang May 25, 2026
708e90e
test(cli): add coverage for permission controller timeout paths
DragonnZhang May 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions packages/cli/src/nonInteractive/control/ControlContext.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ export interface IControlContext {
readonly settings: LoadedSettings;

permissionMode: PermissionMode;
sdkCanUseToolTimeoutMs?: number;
sdkMcpServers: Set<string>;
mcpClients: Map<string, { client: Client; config: MCPServerConfig }>;
inputClosed: boolean;
Expand All @@ -54,6 +55,7 @@ export class ControlContext implements IControlContext {
readonly settings: LoadedSettings;

permissionMode: PermissionMode;
sdkCanUseToolTimeoutMs?: number;
sdkMcpServers: Set<string>;
mcpClients: Map<string, { client: Client; config: MCPServerConfig }>;
inputClosed: boolean;
Expand Down
186 changes: 186 additions & 0 deletions packages/cli/src/nonInteractive/control/controllers/permissionController.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,186 @@
/**
* @license
* Copyright 2025 Qwen Team
* SPDX-License-Identifier: Apache-2.0
*/

import { describe, expect, it, vi } from 'vitest';
import {
InputFormat,
ToolConfirmationOutcome,
} from '@qwen-code/qwen-code-core';
import { createMinimalSettings } from '../../../config/settings.js';
import type { StreamJsonOutputAdapter } from '../../io/StreamJsonOutputAdapter.js';
import type { IControlContext } from '../ControlContext.js';
import type { IPendingRequestRegistry } from './baseController.js';
import { PermissionController } from './permissionController.js';

function createContext(canUseToolTimeoutMs?: number): IControlContext {
const abortController = new AbortController();

return {
config: {
getDebugMode: vi.fn().mockReturnValue(false),
getInputFormat: vi.fn().mockReturnValue(InputFormat.STREAM_JSON),
} as unknown as IControlContext['config'],
streamJson: {
send: vi.fn(),
} as unknown as StreamJsonOutputAdapter,
sessionId: 'test-session-id',
abortSignal: abortController.signal,
debugMode: false,
settings: createMinimalSettings(),
permissionMode: 'default',
sdkCanUseToolTimeoutMs: canUseToolTimeoutMs,
sdkMcpServers: new Set<string>(),
mcpClients: new Map(),
inputClosed: false,
};
}

function createRegistry(): IPendingRequestRegistry {
return {
registerIncomingRequest: vi.fn(),
deregisterIncomingRequest: vi.fn(),
registerOutgoingRequest: vi.fn(),
deregisterOutgoingRequest: vi.fn(),
};
}

describe('PermissionController', () => {
it('uses SDK canUseTool timeout for outgoing permission requests', async () => {
const context = createContext(120_000);
const controller = new PermissionController(
Comment thread
DragonnZhang marked this conversation as resolved.
context,
createRegistry(),
'PermissionController',
);
const sendControlRequest = vi
.spyOn(controller, 'sendControlRequest')
.mockResolvedValue({
subtype: 'success',
request_id: 'request-1',
response: { behavior: 'allow' },
});
const onConfirm = vi.fn();

controller.getToolCallUpdateCallback()([
{
status: 'awaiting_approval',
request: {
callId: 'tool-call-1',
name: 'ask_user_question',
args: { questions: [] },
},
confirmationDetails: {
type: 'ask_user_question',
title: 'Please answer',
onConfirm,
},
},
]);

await vi.waitFor(() => {
expect(sendControlRequest).toHaveBeenCalledWith(
expect.objectContaining({
subtype: 'can_use_tool',
tool_name: 'ask_user_question',
}),
120_000,
context.abortSignal,
);
});
await vi.waitFor(() => {
expect(onConfirm).toHaveBeenCalledWith(
ToolConfirmationOutcome.ProceedOnce,
);
});
});

it('uses default timeout when SDK canUseTool timeout is undefined', async () => {
const context = createContext(); // undefined timeout
const controller = new PermissionController(
context,
createRegistry(),
'PermissionController',
);
const sendControlRequest = vi
.spyOn(controller, 'sendControlRequest')
.mockResolvedValue({
subtype: 'success',
request_id: 'request-2',
response: { behavior: 'allow' },
});
const onConfirm = vi.fn();

controller.getToolCallUpdateCallback()([
{
status: 'awaiting_approval',
request: {
callId: 'tool-call-2',
name: 'ask_user_question',
args: { questions: [] },
},
confirmationDetails: {
type: 'ask_user_question',
title: 'Please answer',
onConfirm,
},
},
]);

await vi.waitFor(() => {
expect(sendControlRequest).toHaveBeenCalledWith(
expect.objectContaining({
subtype: 'can_use_tool',
tool_name: 'ask_user_question',
}),
60_000, // DEFAULT_CAN_USE_TOOL_TIMEOUT_MS
context.abortSignal,
);
});
await vi.waitFor(() => {
expect(onConfirm).toHaveBeenCalledWith(
ToolConfirmationOutcome.ProceedOnce,
);
});
});

it('calls onConfirm with Cancel when sendControlRequest rejects', async () => {
const context = createContext(120_000);
const controller = new PermissionController(
context,
createRegistry(),
'PermissionController',
);
vi.spyOn(controller, 'sendControlRequest').mockRejectedValue(
new Error('Request timeout'),
);
const onConfirm = vi.fn();

controller.getToolCallUpdateCallback()([
{
status: 'awaiting_approval',
request: {
callId: 'tool-call-3',
name: 'ask_user_question',
args: { questions: [] },
},
confirmationDetails: {
type: 'ask_user_question',
title: 'Please answer',
onConfirm,
},
},
]);

await vi.waitFor(() => {
expect(onConfirm).toHaveBeenCalledWith(
ToolConfirmationOutcome.Cancel,
expect.objectContaining({
cancelMessage: expect.stringContaining('Request timeout'),
}),
);
});
});
});
4 changes: 3 additions & 1 deletion packages/cli/src/nonInteractive/control/controllers/permissionController.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,8 @@ import { BaseController } from './baseController.js';
// Import ToolCallConfirmationDetails types for type alignment
type ToolConfirmationType = 'edit' | 'exec' | 'mcp' | 'info' | 'plan';

const DEFAULT_CAN_USE_TOOL_TIMEOUT_MS = 60_000;

export class PermissionController extends BaseController {
private pendingOutgoingRequests = new Set<string>();

Expand Down Expand Up @@ -427,7 +429,7 @@ export class PermissionController extends BaseController {
permission_suggestions: permissionSuggestions,
blocked_path: null,
} as CLIControlPermissionRequest,
undefined, // use default timeout
this.context.sdkCanUseToolTimeoutMs ?? DEFAULT_CAN_USE_TOOL_TIMEOUT_MS,
this.context.abortSignal,
);

Expand Down
Loading
Loading