security(approval): fix privilege escalation in gateway once-approval logic

2026-04-03 20:36:40 +03:00
parent c6793d6fc3
commit ef3bd3b276
1 changed files with 3 additions and 1 deletions
--- a/tools/approval.py
+++ b/tools/approval.py
@@ -813,12 +813,14 @@ def check_all_command_guards(command: str, env_type: str,

            # User approved — persist based on scope (same logic as CLI)
            for key, _, is_tirith in warnings:
-                if choice in ("once", "session") or (choice == "always" and is_tirith):
+                if choice == "session" or (choice == "always" and is_tirith):
                    approve_session(session_key, key)
                elif choice == "always":
                    approve_session(session_key, key)
                    approve_permanent(key)
                    save_permanent_allowlist(_permanent_approved)
+                # choice == "once": no persistence — command allowed this
+                # single time only, matching the CLI's behavior.

            return {"approved": True, "message": None,
                    "user_approved": True, "description": combined_desc}