refactor: extract _prompt_interactive and _decide_autonomous from _handle_tool_confirmation (#592)

2026-03-20 12:30:38 -04:00
parent 0029c34bb1
commit 04afa2a33b
1 changed files with 31 additions and 30 deletions
--- a/src/timmy/cli.py
+++ b/src/timmy/cli.py
@@ -37,6 +37,35 @@ def _is_interactive() -> bool:
    return hasattr(sys.stdin, "isatty") and sys.stdin.isatty()


+def _prompt_interactive(req, tool_name: str, tool_args: dict) -> None:
+    """Display tool details and prompt the human for approval."""
+    description = format_action_description(tool_name, tool_args)
+    impact = get_impact_level(tool_name)
+
+    typer.echo()
+    typer.echo(typer.style("Tool confirmation required", bold=True))
+    typer.echo(f"  Impact: {impact.upper()}")
+    typer.echo(f"  {description}")
+    typer.echo()
+
+    if typer.confirm("Allow this action?", default=False):
+        req.confirm()
+        logger.info("CLI: approved %s", tool_name)
+    else:
+        req.reject(note="User rejected from CLI")
+        logger.info("CLI: rejected %s", tool_name)
+
+
+def _decide_autonomous(req, tool_name: str, tool_args: dict) -> None:
+    """Auto-approve allowlisted tools; reject everything else."""
+    if is_allowlisted(tool_name, tool_args):
+        req.confirm()
+        logger.info("AUTO-APPROVED (allowlist): %s", tool_name)
+    else:
+        req.reject(note="Auto-rejected: not in allowlist")
+        logger.info("AUTO-REJECTED (not allowlisted): %s %s", tool_name, str(tool_args)[:100])
+
+
 def _handle_tool_confirmation(agent, run_output, session_id: str, *, autonomous: bool = False):
    """Prompt user to approve/reject dangerous tool calls.

@@ -51,6 +80,7 @@ def _handle_tool_confirmation(agent, run_output, session_id: str, *, autonomous:
    Returns the final RunOutput after all confirmations are resolved.
    """
    interactive = _is_interactive() and not autonomous
+    decide = _prompt_interactive if interactive else _decide_autonomous

    max_rounds = 10  # safety limit
    for _ in range(max_rounds):
@@ -66,39 +96,10 @@ def _handle_tool_confirmation(agent, run_output, session_id: str, *, autonomous:
        for req in reqs:
            if not getattr(req, "needs_confirmation", False):
                continue
-
            te = req.tool_execution
            tool_name = getattr(te, "tool_name", "unknown")
            tool_args = getattr(te, "tool_args", {}) or {}
-
-            if interactive:
-                # Human present — prompt for approval
-                description = format_action_description(tool_name, tool_args)
-                impact = get_impact_level(tool_name)
-
-                typer.echo()
-                typer.echo(typer.style("Tool confirmation required", bold=True))
-                typer.echo(f"  Impact: {impact.upper()}")
-                typer.echo(f"  {description}")
-                typer.echo()
-
-                approved = typer.confirm("Allow this action?", default=False)
-                if approved:
-                    req.confirm()
-                    logger.info("CLI: approved %s", tool_name)
-                else:
-                    req.reject(note="User rejected from CLI")
-                    logger.info("CLI: rejected %s", tool_name)
-            else:
-                # Autonomous mode — check allowlist
-                if is_allowlisted(tool_name, tool_args):
-                    req.confirm()
-                    logger.info("AUTO-APPROVED (allowlist): %s", tool_name)
-                else:
-                    req.reject(note="Auto-rejected: not in allowlist")
-                    logger.info(
-                        "AUTO-REJECTED (not allowlisted): %s %s", tool_name, str(tool_args)[:100]
-                    )
+            decide(req, tool_name, tool_args)

        # Resume the run so the agent sees the confirmation result
        try: