Implement command denials

Author: cte

src/core/auto-approval/index.ts

@@ -29,7 +29,9 @@ export type AutoApprovalStateOptions =
 	| "allowedCommands" // For `alwaysAllowExecute`.
 	| "deniedCommands"
 
-export async function isAutoApproved({
+export type CheckAutoApprovalResult = "approve" | "deny" | "ask"
+
+export async function checkAutoApproval({
 	state,
 	ask,
 	text,
@@ -39,54 +41,63 @@ export async function isAutoApproved({
 	ask: ClineAsk
 	text?: string
 	isProtected?: boolean
-}): Promise<boolean> {
+}): Promise<CheckAutoApprovalResult> {
 	if (isNonBlockingAsk(ask)) {
-		return true
+		return "approve"
 	}
 
 	if (!state.autoApprovalEnabled) {
-		return false
+		return "ask"
 	}
 
 	// Note: The `alwaysApproveResubmit` check is already handled in `Task`.
 
 	if (ask === "followup") {
-		return state.alwaysAllowFollowupQuestions === true
+		return state.alwaysAllowFollowupQuestions === true ? "approve" : "ask"
 	}
 
 	if (ask === "browser_action_launch") {
-		return state.alwaysAllowBrowser === true
+		return state.alwaysAllowBrowser === true ? "approve" : "ask"
 	}
 
 	if (ask === "use_mcp_server") {
 		if (!text) {
-			return false
+			return "ask"
 		}
 
 		try {
 			const mcpServerUse = JSON.parse(text) as McpServerUse
 
 			if (mcpServerUse.type === "use_mcp_tool") {
 				return state.alwaysAllowMcp === true && isMcpToolAlwaysAllowed(mcpServerUse, state.mcpServers)
+					? "approve"
+					: "ask"
 			} else if (mcpServerUse.type === "access_mcp_resource") {
-				return state.alwaysAllowMcp === true
+				return state.alwaysAllowMcp === true ? "approve" : "ask"
 			}
 		} catch (error) {
-			return false
+			return "ask"
 		}
 
-		return false
+		return "ask"
 	}
 
 	if (ask === "command") {
 		if (!text) {
-			return false
+			return "ask"
 		}
 
-		return (
-			state.alwaysAllowExecute === true &&
-			getCommandDecision(text, state.allowedCommands || [], state.deniedCommands || []) === "auto_approve"
-		)
+		if (state.alwaysAllowExecute === true) {
+			const decision = getCommandDecision(text, state.allowedCommands || [], state.deniedCommands || [])
+
+			if (decision === "auto_approve") {
+				return "approve"
+			} else if (decision === "auto_deny") {
+				return "deny"
+			} else {
+				return "ask"
+			}
+		}
 	}
 
 	if (ask === "tool") {
@@ -99,50 +110,50 @@ export async function isAutoApproved({
 		}
 
 		if (!tool) {
-			return false
+			return "ask"
 		}
 
 		if (tool.tool === "updateTodoList") {
-			return state.alwaysAllowUpdateTodoList === true
+			return state.alwaysAllowUpdateTodoList === true ? "approve" : "ask"
 		}
 
 		if (tool?.tool === "fetchInstructions") {
 			if (tool.content === "create_mode") {
-				return state.alwaysAllowModeSwitch === true
+				return state.alwaysAllowModeSwitch === true ? "approve" : "ask"
 			}
 
 			if (tool.content === "create_mcp_server") {
-				return state.alwaysAllowMcp === true
+				return state.alwaysAllowMcp === true ? "approve" : "ask"
 			}
 		}
 
 		if (tool?.tool === "switchMode") {
-			return state.alwaysAllowModeSwitch === true
+			return state.alwaysAllowModeSwitch === true ? "approve" : "ask"
 		}
 
 		if (["newTask", "finishTask"].includes(tool?.tool)) {
-			return state.alwaysAllowSubtasks === true
+			return state.alwaysAllowSubtasks === true ? "approve" : "ask"
 		}
 
 		const isOutsideWorkspace = !!tool.isOutsideWorkspace
 
 		if (isReadOnlyToolAction(tool)) {
-			return (
-				state.alwaysAllowReadOnly === true &&
+			return state.alwaysAllowReadOnly === true &&
 				(!isOutsideWorkspace || state.alwaysAllowReadOnlyOutsideWorkspace === true)
-			)
+				? "approve"
+				: "ask"
 		}
 
 		if (isWriteToolAction(tool)) {
-			return (
-				state.alwaysAllowWrite === true &&
+			return state.alwaysAllowWrite === true &&
 				(!isOutsideWorkspace || state.alwaysAllowWriteOutsideWorkspace === true) &&
 				(!isProtected || state.alwaysAllowWriteProtected === true)
-			)
+				? "approve"
+				: "ask"
 		}
 	}
 
-	return false
+	return "ask"
 }
 
 export { AutoApprovalHandler } from "./AutoApprovalHandler"

src/core/task/Task.ts

@@ -116,7 +116,7 @@ import { processUserContentMentions } from "../mentions/processUserContentMentio
 import { getMessagesSinceLastSummary, summarizeConversation } from "../condense"
 import { Gpt5Metadata, ClineMessageWithMetadata } from "./types"
 import { MessageQueueService } from "../message-queue/MessageQueueService"
-import { AutoApprovalHandler, isAutoApproved } from "../auto-approval"
+import { AutoApprovalHandler, checkAutoApproval } from "../auto-approval"
 
 const MAX_EXPONENTIAL_BACKOFF_SECONDS = 600 // 10 minutes
 const DEFAULT_USAGE_COLLECTION_TIMEOUT_MS = 5000 // 5 seconds
@@ -826,18 +826,20 @@ export class Task extends EventEmitter<TaskEvents> implements TaskLike {
 		// Automatically approve if the ask according to the user's settings.
 		const provider = this.providerRef.deref()
 		const state = provider ? await provider.getState() : undefined
-		const isApproved = state ? await isAutoApproved({ state, ask: type, text, isProtected }) : false
+		const approval = state ? await checkAutoApproval({ state, ask: type, text, isProtected }) : false
 
-		if (isApproved) {
+		if (approval === "approve") {
 			this.approveAsk()
+		} else if (approval === "deny") {
+			this.denyAsk()
 		}
 
 		// The state is mutable if the message is complete and the task will
 		// block (via the `pWaitFor`).
 		const isBlocking = !(this.askResponse !== undefined || this.lastMessageTs !== askTs)
 		const isMessageQueued = !this.messageQueueService.isEmpty()
 
-		const isStatusMutable = !partial && isBlocking && !isMessageQueued && !isApproved
+		const isStatusMutable = !partial && isBlocking && !isMessageQueued && approval === "ask"
 		let statusMutationTimeouts: NodeJS.Timeout[] = []
 		const statusMutationTimeout = 5_000