settings ui: Add page for AI tool permissions#48277
Merged
danilo-leal merged 51 commits intomainfrom Feb 4, 2026
Merged
Conversation
- Add ToolPermissionsSetupPage for configuring per-tool permission rules - Shows list of 8 tools (terminal, edit_file, delete_path, etc.) - Each tool has a default mode dropdown (Confirm/Allow/Deny) - Expandable sections for Always Allow, Always Deny, Always Confirm patterns - Add/delete regex patterns with text input - Color-coded rule sections (green/red/yellow) - Add SubPageLink to AI > Agent Configuration section with title 'Configure Tool Rules' and description about regex patterns - Add agent_settings dependency to settings_ui crate
- Fix infinite recursion in ToolPermissionsSetupPageView by using #[derive(IntoElement)] instead of manual impl that called into_any_element() recursively - Add visual test for tool permissions settings UI page (Test 7) - Opens settings at agent.tool_permissions path - Captures screenshot of the settings window - Initialize agent_ui and settings_ui in visual test runner - Add ThreadStore::init_global via agent_ui::init - Set global AppState before subsystem initialization - Fixes panic in agent thread tests
- Take two screenshots in tool_permissions visual test: 1. tool_permissions_settings.png - Settings page with 'Configure Tool Rules' item 2. tool_permissions_subpage.png - After clicking Configure button to show sub-page - Simulate click at approximate Configure button position (830, 350) - Capture screenshots directly without baseline comparison for now
- Add SettingsWindow::navigate_to_sub_page() public method that navigates
to a sub-page by its json_path, enabling programmatic navigation
- Update visual test to use navigate_to_sub_page('agent.tool_permissions')
instead of trying to simulate button clicks
- Second screenshot now correctly shows the Tool Permission Rules sub-page
with all 8 tools (Terminal, Edit File, Delete Path, etc.)
- Redesign tool permissions UI to use nested sub-pages: - Main page shows list of tools with 'Configure >' buttons - Each tool has its own sub-page with breadcrumb navigation - Tool config pages show regex patterns and default mode dropdown - Add SettingsWindow::push_dynamic_sub_page() for programmatically pushing nested sub-pages that aren't in the main pages list - Each tool config page shows: - Always Allow patterns (green) - Always Deny patterns (red) - Always Confirm patterns (yellow) - Default Action dropdown at the bottom - Update visual test to capture three screenshots: 1. Settings page with 'Configure Tool Rules' item 2. Tool list showing all 8 tools with Configure buttons 3. Individual tool config page (Terminal) showing patterns - Make pages module and tool render functions public for visual tests
- Remove card borders around sections, use horizontal dividers instead
- Fix text box IDs so cursor is not shared between fields
- Fix hover highlighting to only apply to delete button, not entire row
- Make pattern rows editable text fields that auto-save on Enter
- Add tooltip to delete button ('Delete pattern')
- Swap order of 'Always Confirm' and 'Always Deny' sections
- Add remote/test-support to title_bar dev-dependencies - Fix unused variable warnings
Add unique ID to each rule section container so the element stack context is different when rendering nested input fields. This ensures each section's 'add pattern' text box has a unique global element ID.
The global gitignore file watcher was processing events for any file in the watched path, not just the actual gitignore file. This caused errors when unrelated files (like Firefox cookies.sqlite) triggered filesystem events. Now we compare the event path against the expected gitignore path before attempting to load it.
This reverts commit beff62f.
Adds a 'Test Your Rules' section at the top of each tool's permission configuration page. Users can type a test input (e.g., a command for the terminal tool) and press Enter to see how it would be handled: - 'Allowed' (green) - would be auto-approved - 'Denied' (red) - would be auto-rejected, with reason shown - 'Confirm' (yellow) - would prompt for confirmation Uses the production ToolPermissionDecision::from_input code to ensure accurate results matching actual tool behavior.
The verification feature should always test the configured rules, regardless of whether always_allow_tool_actions is enabled globally. This allows users to test their rule patterns even when they have the global override enabled.
Displays a prominent warning below the test input when the global 'Always allow tool actions' setting is enabled, informing users that all tools will be allowed regardless of the configured rules.
When the user clears the test input and presses Enter, the allow/deny/confirm result is now hidden instead of showing the previous result.
Instead of requiring Enter to be pressed, the verification result now updates live as the user types. This is done by: - Reading the editor text directly during render - Observing the editor to trigger re-render on text changes - Removing the unused Global-based state management
When clicked, it clears the sub-page stack and searches for the setting, navigating the user directly to the always_allow_tool_actions toggle.
Added a proper navigate_to_setting method to SettingsWindow that: - Clears the sub-page stack - Finds the page containing the setting by json_path - Opens and scrolls to that page and item The 'Always allow tool actions' link now uses this method to properly navigate to the setting instead of using a search bar hack.
- Add underline to make it clearer it's a link - Change to white text on hover - Remove right margin by using div+label instead of Button
Set text_color on the parent div instead of using Label's color, so the hover style can properly override it.
When testing rules, now displays all matching patterns below the input: - Each matched pattern shown on its own line with its rule type (Always Deny, Always Confirm, Always Allow) - Patterns that are overridden by higher-priority rules are shown with strikethrough (e.g., an Allow rule overridden by a Deny rule) - Helps users understand why a particular decision was made
- Use buffer font (monospace) for regex patterns in matched list - Show patterns in white (Color::Default) instead of rule color - Keep rule type labels in their respective colors
When the user types input that doesn't match any regex patterns, display a helpful message indicating that the Default Action will be used instead of showing an empty space.
The matched patterns list already shows which rule caused the denial, so the 'Command blocked by security rule' message is redundant.
The 'Test Your Rules' input now receives focus automatically when navigating to a tool's configuration page, making it easier to immediately start testing patterns.
Each tool now shows a brief explanation of how regex patterns are matched for that specific tool: - Terminal: explains command splitting (&&, ||, ;, pipes) - Edit/Delete/Create/Save: explains path matching - Move: explains source and destination path matching - Fetch: explains URL matching - Web Search: explains query matching
# Conflicts: # crates/zed/src/visual_test_runner.rs
adb-sh
pushed a commit
to adb-sh/zed
that referenced
this pull request
Feb 5, 2026
This PR adds a page in the settings UI, under the AI section, that allows to interact and customize permissions for tool calling for each tool available to Zed's native agent. Release Notes: - AI: Added a settings page in the settings editor that allows to customize tool call permissions for each tool. --------- Co-authored-by: Richard Feldman <oss@rtfeldman.com>
rtfeldman
added a commit
that referenced
this pull request
Feb 5, 2026
This PR adds a page in the settings UI, under the AI section, that allows to interact and customize permissions for tool calling for each tool available to Zed's native agent. Release Notes: - AI: Added a settings page in the settings editor that allows to customize tool call permissions for each tool. --------- Co-authored-by: Richard Feldman <oss@rtfeldman.com>
naaiyy
added a commit
to Glass-HQ/Glass
that referenced
this pull request
Feb 16, 2026
Key changes: - Semantic highlighting support (zed-industries#46356) - major new editor feature - Edit predictions via Ollama (zed-industries#48233) - local AI edit predictions - Side-by-side diff: staging/unstaging/restoring on LHS, hunk controls, gutter highlights - Branch diff fix when committing/changing branches (zed-industries#48388) - Settings UI: AI tool permissions page (zed-industries#48277) - Version bump to v0.224 (kept our v0.0.1) - Close toasts on middle mouse click (zed-industries#48208) - DAP settings made optional (zed-industries#43647) - REPL quality of life improvements (zed-industries#47533) - Mercury accept/reject tracking (zed-industries#48306) - Toolbar menu and EP menu telemetry (zed-industries#48225, zed-industries#48229) - lsp::Symbol now includes container_name (zed-industries#46822) - Nushell/Elvish/Rc always_allow patterns (zed-industries#48395) - Agent terminal security rules expanded (zed-industries#48399) Conflict resolution: - collab/rpc.rs, collab_ui, collab editor_tests: deleted (collab removed) - vim (yank, replace, test): deleted (vim removed) - util/shell.rs: deleted (extracted to Obsydian-HQ/gpui) - GPUI (app.rs, windows/platform.rs, platform_scheduler.rs): deleted (Obsydian) - editor/items.rs: merged imports (added ExcerptId, ExcerptRange, kept SearchWithinRange) - lsp_store.rs: added SemanticTokensData import, removed GlobalLogStore/LanguageServerKind - proto.rs: added SemanticTokens to entity_messages, removed JoinProject/LeaveProject - lsp_button.rs: kept empty server UI, added is_via_ssh check from upstream - edit_prediction_button.rs: kept TitleBarItemView import - vscode_import.rs: added semantic_token_rules, removed helix_mode (not in our struct) - zed/Cargo.toml: kept v0.0.1 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds a page in the settings UI, under the AI section, that allows to interact and customize permissions for tool calling for each tool available to Zed's native agent.
Release Notes: