fix(tools): allow remembered low-risk external write retries

xgopilot · Cai-Tang-www · xgopilot · commit 1eb63155f71d · 2026-04-22T02:32:50.000Z
Generated with [codeagent](https://github.com/qbox/codeagent) Co-authored-by: Cai-Tang-www <106404101+Cai-Tang-www@users.noreply.github.com>
diff --git a/internal/tools/manager.go b/internal/tools/manager.go
@@ -338,16 +338,15 @@ func (m *DefaultManager) Execute(ctx context.Context, input ToolCallInput) (Tool
 				result := blockedToolResult(input, decision)
 				return result, permissionErrorFromDecision(decision)
 			}
+		} else {
+			result := NewErrorResult(input.Name, "workspace sandbox rejected action", sandboxErrorDetails(action, err), actionMetadata(action))
+			result.ToolCallID = input.ID
+			return result, err
 		}
-		result := NewErrorResult(input.Name, "workspace sandbox rejected action", sandboxErrorDetails(action, err), actionMetadata(action))
-		result.ToolCallID = input.ID
-		return result, err
-	}
-	m.auditCapabilityDecision(action, string(security.DecisionAllow), "")
-
-	if plan != nil {
+	} else if plan != nil {
 		input.WorkspacePlan = plan
 	}
+	m.auditCapabilityDecision(action, string(security.DecisionAllow), "")
 
 	return m.executor.Execute(ctx, input)
 }
diff --git a/internal/tools/manager_test.go b/internal/tools/manager_test.go
@@ -452,11 +452,11 @@ func TestDefaultManagerSandboxOutsideWriteSessionMemory(t *testing.T) {
 	}
 
 	_, err = manager.Execute(context.Background(), input)
-	if err == nil || !strings.Contains(err.Error(), "escapes workspace root") {
-		t.Fatalf("expected sandbox rejection after remembered allow, got %v", err)
+	if err != nil {
+		t.Fatalf("expected remembered allow retry to pass, got %v", err)
 	}
-	if writeTool.callCount != 0 {
-		t.Fatalf("expected write tool not to execute after remembered allow, got %d", writeTool.callCount)
+	if writeTool.callCount != 1 {
+		t.Fatalf("expected write tool to execute after remembered allow, got %d", writeTool.callCount)
 	}
 }
 

Original file line number	Diff line number	Diff line change
`@@ -338,16 +338,15 @@ func (m *DefaultManager) Execute(ctx context.Context, input ToolCallInput) (Tool`
`338`	`338`	`result := blockedToolResult(input, decision)`
`339`	`339`	`return result, permissionErrorFromDecision(decision)`
`340`	`340`	`}`
	`341`	`+ } else {`
	`342`	`+ result := NewErrorResult(input.Name, "workspace sandbox rejected action", sandboxErrorDetails(action, err), actionMetadata(action))`
	`343`	`+ result.ToolCallID = input.ID`
	`344`	`+ return result, err`
`341`	`345`	`}`
`342`		`- result := NewErrorResult(input.Name, "workspace sandbox rejected action", sandboxErrorDetails(action, err), actionMetadata(action))`
`343`		`- result.ToolCallID = input.ID`
`344`		`- return result, err`
`345`		`- }`
`346`		`- m.auditCapabilityDecision(action, string(security.DecisionAllow), "")`
`347`		`-`
`348`		`- if plan != nil {`
	`346`	`+ } else if plan != nil {`
`349`	`347`	`input.WorkspacePlan = plan`
`350`	`348`	`}`
	`349`	`+ m.auditCapabilityDecision(action, string(security.DecisionAllow), "")`
`351`	`350`
`352`	`351`	`return m.executor.Execute(ctx, input)`
`353`	`352`	`}`
Original file line number	Diff line number	Diff line change
`@@ -452,11 +452,11 @@ func TestDefaultManagerSandboxOutsideWriteSessionMemory(t *testing.T) {`
`452`	`452`	`}`
`453`	`453`
`454`	`454`	`_, err = manager.Execute(context.Background(), input)`
`455`		`- if err == nil \|\| !strings.Contains(err.Error(), "escapes workspace root") {`
`456`		`- t.Fatalf("expected sandbox rejection after remembered allow, got %v", err)`
	`455`	`+ if err != nil {`
	`456`	`+ t.Fatalf("expected remembered allow retry to pass, got %v", err)`
`457`	`457`	`}`
`458`		`- if writeTool.callCount != 0 {`
`459`		`- t.Fatalf("expected write tool not to execute after remembered allow, got %d", writeTool.callCount)`
	`458`	`+ if writeTool.callCount != 1 {`
	`459`	`+ t.Fatalf("expected write tool to execute after remembered allow, got %d", writeTool.callCount)`
`460`	`460`	`}`
`461`	`461`	`}`
`462`	`462`