Fix #275: wire workspace trust end to end (dialog → bootstrap → hooks gate)#306
Open
ericleepi314 wants to merge 1 commit into
Open
Conversation
…ry session (#275) pre_action hardcoded session trust to True, and nothing read the flag into ToolContext.workspace_trusted (default False) — so consent was implicit everywhere while the hook trust gate skipped non-policy hooks unconditionally. Now: - init.py seeds session trust from the persisted per-project decision (startup_gates.check_trust_accepted), failing closed on error - ToolContext.workspace_trusted seeds from the bootstrap flag at construction; subagent forks inherit the parent's value (monotone, no mutable-global dependence) - the TUI's trust-accept path flips the already-built context so hooks unblock mid-session; record_trust_accepted covers later contexts - hook executor logs a breadcrumb when the trust gate actually skips configured hooks (else "why don't my hooks run" is undiagnosable) - reset_session_trust_for_testing also resets the bootstrap flag so acceptance can't leak across tests Headless/-p/legacy-REPL sessions in never-trusted dirs now run with non-policy hooks skipped (fail-safe, TS shouldSkipHookDueToTrust parity) until the directory is trusted once via the TUI. Closes #275, closes #169 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This was referenced Jun 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #275
Closes #169 (duplicate)
Summary
The trust flow was broken in both directions:
init.pyunconditionally set session trust toTrue— every surface implicitly trusted the workspace (the issue's complaint), andToolContext.workspace_trusted(defaultFalse), so the hook trust gate actually skipped all non-policy hooks regardless — including after the user accepted the trust dialog.The C8 trust dialog (TrustFolderScreen +
startup_gates) shipped earlier but was wired to a dead store. This PR connects the chain:init.py: seeds session trust from the persisted per-project decision (check_trust_accepted(): session flag, then cwd + parent walk in the user-owned global config), failing closed on error.ToolContext.workspace_trusted:default_factoryseeded from the bootstrap flag at construction; subagent forks inherit the parent's value (trust stays monotone, fork path independent of mutable globals).record_trust_acceptedcovers contexts built later).reset_session_trust_for_testingalso resets the bootstrap flag (without this,record_trust_acceptedin the C8 tests would leak trust into later-collected tests).Surface behavior
-p/ legacy REPLshouldSkipHookDueToTrustparity — TS non-interactive sessions can't accept the dialog either)Test plan
🤖 Generated with Claude Code