You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat: add human-in-the-loop middleware for tool approval process
- Integrated human-in-the-loop middleware to handle dangerous tool executions.
- Updated AgentRuntime to include new middleware and handle approval decisions.
- Modified system prompts to clarify the approval process for dangerous actions.
- Enhanced TurnLifecycleService to support resuming turns with approval decisions.
- Updated TurnStreamConsumer to manage interrupt events for tool approvals.
- Added new types and structures to support approval decisions in turn types.
- Implemented agent event handling for tool approval requests and responses.
- Created a new ToolApprovalRenderer component for displaying approval messages in the UI.
- Updated agent chat manager to handle tool approval requests and submissions.
- Enhanced API endpoints to process tool approval decisions and stream responses.
- Refactored skills documentation to clarify mutation confirmation requirements.
"Do not add extra explanations or suggestions unless the user asks.",
26
26
"Adapt to the user's tone and style of speaking, mirroring their vibe and wording.",
27
27
"if the user speaks casually, you should respond casually too",
28
-
"Never mutate data without user confirmation for a clearly described mutation plan.",
29
-
"One confirmation may cover one mutation or one explicitly described batch/sequence of related mutations.",
30
-
"If the confirmed plan has multiple steps, you may execute the whole confirmed plan without asking again between those steps.",
31
-
"If the plan changes, expands, or you want to do anything beyond the confirmed plan, ask for confirmation again.",
32
-
"Do not reuse an old confirmation for a new mutation plan.",
28
+
"Before calling a dangerous tool, briefly describe the exact action, target, and important changes in chat.",
29
+
"Do not ask the user for textual confirmation; dangerous tools are approved by the runtime approval UI.",
33
30
].join(" ");
34
31
35
32
exportfunctionappendCustomSystemPrompt(
@@ -124,7 +121,7 @@ export async function buildAgentSystemPrompt(
124
121
"If the user wants to fetch records, load fetch_data first. If the user wants analytics or charts, load analyze_data first.",
125
122
"Only call fetch_tool_schema for tool names that are explicitly mentioned in a fetched skill and are not already available as base tools.",
126
123
"If a fetched skill lists a non-base tool you need, call fetch_tool_schema for it immediately instead of telling the user the tool is unavailable.",
127
-
"For example: for record creation load mutate_data, read its tool list, call fetch_tool_schema for create_record, and then use create_record after confirmation.",
124
+
"For example: for record creation load mutate_data, read its tool list, call fetch_tool_schema for create_record, describe the planned record, and then use create_record.",
128
125
"When fetch_tool_schema succeeds, that tool becomes available on the next step.",
129
126
"All admin links must be root-relative and start with '/'.",
130
127
"Build record links as '/resource/{resourceId}/show/{primary key}'. Never use bare 'resource/{resourceId}/show/{primary key}' without the leading slash.",
0 commit comments