🐛 fix: update the agentbuilder tools not always use humanIntervention

[ONLY-yours]

💻 Change Type

• ✨ feat
• 🐛 fix
• ♻️ refactor
• 💄 style
• 👷 build
• ⚡️ perf
• ✅ test
• 📝 docs
• 🔨 chore

🔗 Related Issue

fix LOBE-3605

🔀 Description of Change

🧪 How to Test

• Tested locally
• Added/updated tests
• No tests needed

📸 Screenshots / Videos

Before	After
...	...

📝 Additional Information

Summary by Sourcery

Bug Fixes:

• Allow marketplace tool search and plugin installation tools to run without being hard-coded as always requiring human intervention in the manifest.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
lobehub	Building	Preview, Comment	Jan 22, 2026 3:28am

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Removes the explicit humanIntervention: 'always' requirement from two Agent Builder marketplace-related tools so they can follow the default/higher-level human intervention policy instead of being hard‑coded to always require user approval.

Sequence diagram for AgentBuilder tool invocation and human intervention policy

sequenceDiagram
  actor User
  participant Agent
  participant ToolInvoker
  participant HumanInterventionPolicy

  User->>Agent: Request to search/install marketplace tools
  Agent->>ToolInvoker: invoke searchMarketTools or installPlugin
  ToolInvoker->>HumanInterventionPolicy: evaluateRequirement(toolId, context)
  alt human intervention required
    HumanInterventionPolicy-->>ToolInvoker: requireHumanApproval
    ToolInvoker-->>Agent: pendingUserApproval
    Agent->>User: Request approval (modal, prompt, etc.)
    User-->>Agent: Approve or reject
    Agent->>ToolInvoker: proceedWithDecision
    ToolInvoker-->>Agent: toolResult or rejected
  else human intervention not required
    HumanInterventionPolicy-->>ToolInvoker: noHumanApprovalNeeded
    ToolInvoker-->>Agent: toolResult
  end
  Agent-->>User: Present outcome

Loading

File-Level Changes

Change	Details	Files
Relax human intervention requirement for marketplace search and plugin install tools in the Agent Builder builtin tool manifest.	Remove the hard-coded humanIntervention: 'always' flag from the marketplace tool search action so it no longer always requires manual approval. Remove the hard-coded humanIntervention: 'always' flag from the plugin installation action so its approval behavior is controlled by the surrounding system defaults or policies.	packages/builtin-tool-agent-builder/src/manifest.ts

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[gru-agent]

TestGru Assignment

Summary

Link	CommitId	Status	Reason
Detail	b758f59	🚫 Skipped	No files need to be tested {"packages/builtin-tool-agent-builder/src/manifest.ts":"The code does not contain any functions or classes."}

History Assignment

Tip

You can @gru-agent and leave your feedback. TestGru will make adjustments based on your input

[sourcery-ai]

Hey - I've left some high level feedback:

• The description for installPlugin still states that it ALWAYS REQUIRES user approval, but humanIntervention: 'always' was removed; consider updating either the manifest description or the configuration so behavior and docs remain aligned.
• If the intent is to allow these tools to run without mandatory human intervention only in certain modes or contexts, consider making that conditional explicit instead of relying on the default behavior of omitting humanIntervention.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The description for `installPlugin` still states that it ALWAYS REQUIRES user approval, but `humanIntervention: 'always'` was removed; consider updating either the manifest description or the configuration so behavior and docs remain aligned.
- If the intent is to allow these tools to run without mandatory human intervention only in certain modes or contexts, consider making that conditional explicit instead of relying on the default behavior of omitting `humanIntervention`.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[lobehubbot]

❤️ Great PR @ONLY-yours ❤️

The growth of project is inseparable from user feedback and contribution, thanks for your contribution! If you are interesting with the lobehub developer community, please join our discord and then dm @arvinxx or @canisminor1990. They will invite you to our private developer channel. We are talking about the lobe-chat development or sharing ai newsletter around the world.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b758f59160

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Reinstate required approval for installPlugin

The installPlugin entry no longer declares a humanIntervention policy, so in the default “manual” mode GeneralChatAgent.checkInterventionNeeded falls back to InterventionChecker.shouldIntervene, which returns never when config is undefined; that makes the tool execute immediately and skips the approval UX. This contradicts the tool description (“ALWAYS REQUIRES user approval”) and means plugins can be installed without explicit user confirmation whenever the agent invokes this tool (e.g., marketplace installs), which is a security/regression risk.

Useful? React with 👍 / 👎.

[lobehubbot]

🎉 This PR is included in version 2.0.0-next.337 🎉

The release is available on:

• npm package (@next dist-tag)
• GitHub release

Your semantic-release bot 📦🚀