feat(ai): input editing during tool approval #10720
Open
+865
−19
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Arron-Stothart
changed the title
Arron-Stothart
changed the title
Arron-Stothart
changed the title
Arron-Stothart
changed the title
Arron-Stothart
force-pushed
the
feat/tool-approval-input-editing
branch
from
4bcf440 to
79aa21a
Compare
Arron-Stothart
changed the title
…rom validation error
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Background
Allow users to review and modify tool inputs before execution to support Human-in-the-loop flows.
Summary
override.inputfield toToolApprovalResponseallowsInputEditingoption to tool definitions (opt-in)allowsInputEditingtoToolApprovalRequestso UI can show/hide edit controlsallowsInputEditingtoToolApprovalRequestvalidateAndApplyToolInputOverrides()generateTextandstreamTextto validate and apply modified inputsUIToolInvocation,DynamicToolUIPartto includeoverrideinapprovalChatAddToolApproveResponseFunctionto acceptoverrideparameterExample
Discussion
In this PR, the LLM sees the original tool call but the result of the modified execution. This causes confusion and poor traceability. We shouldn't overwrite message history (database integrity) and need immediate execution (user's intent shouldn't require LLM retry), some ideas:
tool-approval-response, and update providers to access override directly from it.tool-input-overridepart to tool messages for clearer traceability, separating the override info fromtool-approval-responseWhen an input override is provided for a denied error, should this be shown to the LLM?
This functionality is possible currently by creating a ‘request-input’ tool, using
addToolOutput, then having the LLM relay this output into the input of the tool we intended to execute.Overridden inputs are not validated against the tool schema before execution (neither are tool call inputs from messages), but since overrides are more likely to be end-user input, should we reconsider?
allowsInputEditingis currently checked against the approval request in messages (matching howneedsApprovalis handled). Should we also check the current tool definition, allowing developers to withdraw editing capability for pending approvals?Changes required since introduction of strict mode?
Manual Verification
examples/ai-core/src/generate-text/openai-tool-approval.tsChecklist
pnpm changesetin the project root)Future Work
Related Issues