Add automatic agent skill aproval via ENV Flag (#5405)

* add autoapproval env flag

* persist flag
This commit is contained in:
Timothy Carambat
2026-04-10 13:20:47 -07:00
committed by GitHub
parent 159376e2a1
commit 246edc38ce
6 changed files with 63 additions and 2 deletions

View File

@@ -454,3 +454,7 @@ TTS_PROVIDER="native"
# many tools/MCP servers enabled.
# AGENT_SKILL_RERANKER_ENABLED="true"
# AGENT_SKILL_RERANKER_TOP_N=15 # (optional) Number of top tools to keep after reranking (default: 15)
# (optional) Comma-separated list of skills that are auto-approved.
# This will allow the skill to be invoked without user interaction.
# AGENT_AUTO_APPROVED_SKILLS=create-pdf-file,create-word-file

View File

@@ -1,6 +1,7 @@
const chalk = require("chalk");
const { Telemetry } = require("../../../../models/telemetry");
const { v4: uuidv4 } = require("uuid");
const { skillIsAutoApproved } = require("../../../helpers/agents");
const TOOL_APPROVAL_TIMEOUT_MS = 120 * 1_000; // 2 mins for tool approval
/**
@@ -118,7 +119,13 @@ const httpSocket = {
payload = {},
description = null,
}) {
// Check whitelist first
if (skillIsAutoApproved({ skillName })) {
return {
approved: true,
message: "Skill is auto-approved.",
};
}
const {
AgentSkillWhitelist,
} = require("../../../../models/agentSkillWhitelist");

View File

@@ -2,6 +2,7 @@ const chalk = require("chalk");
const { Telemetry } = require("../../../../models/telemetry");
const { v4: uuidv4 } = require("uuid");
const { safeJsonParse } = require("../../../http");
const { skillIsAutoApproved } = require("../../../helpers/agents");
const SOCKET_TIMEOUT_MS = 300 * 1_000; // 5 mins
const TOOL_APPROVAL_TIMEOUT_MS = 120 * 1_000; // 2 mins for tool approval
@@ -100,6 +101,13 @@ const websocket = {
payload = {},
description = null,
}) {
if (skillIsAutoApproved({ skillName })) {
return {
approved: true,
message: "Skill is auto-approved.",
};
}
const {
AgentSkillWhitelist,
} = require("../../../../models/agentSkillWhitelist");

View File

@@ -0,0 +1,35 @@
const chalk = require("chalk");
/**
* Checks if a skill is auto-approved by the ENV variable AGENT_AUTO_APPROVED_SKILLS.
* which is a comma-separated list of skill names. This property applies globally to all users
* so that all invocations of the skill are auto-approved without user interaction.
* @param {Object} options - The options object
* @param {string} options.skillName - The name of the skill
* @returns {boolean} True if the skill is auto-approved, false otherwise
*/
function skillIsAutoApproved({ skillName }) {
if ((!"AGENT_AUTO_APPROVED_SKILLS") in process.env) return false;
const autoApprovedSkills = String(process.env.AGENT_AUTO_APPROVED_SKILLS)
.split(",")
.map((skill) => skill.trim())
.filter((skill) => !!skill);
// If the list contains <all>, then all skills are auto-approved
// This is a special case and overrides any other items in the list.
if (autoApprovedSkills.includes("<all>")) return true;
if (!autoApprovedSkills.length || !autoApprovedSkills.includes(skillName))
return false;
console.log(
chalk.green(
`Skill ${skillName} is auto-approved by the ENV variable AGENT_AUTO_APPROVED_SKILLS.`
)
);
return true;
}
module.exports = {
skillIsAutoApproved,
};

View File

@@ -1336,6 +1336,9 @@ function dumpENV() {
// Allow native tool calling for specific providers.
"PROVIDER_SUPPORTS_NATIVE_TOOL_CALLING",
// Allow auto-approval of skills
"AGENT_AUTO_APPROVED_SKILLS",
];
// Simple sanitization of each value to prevent ENV injection via newline or quote escaping.