From 6733da81481d19c8691e3dba3f8267c9bc1f45af Mon Sep 17 00:00:00 2001 From: Dave Date: Tue, 24 Feb 2026 11:39:18 +0000 Subject: [PATCH] story-kit: create 130_bug_permission_approval_returns_wrong_format_tools_fail_after_user_approves --- ...g_format_tools_fail_after_user_approves.md | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 .story_kit/work/1_upcoming/130_bug_permission_approval_returns_wrong_format_tools_fail_after_user_approves.md diff --git a/.story_kit/work/1_upcoming/130_bug_permission_approval_returns_wrong_format_tools_fail_after_user_approves.md b/.story_kit/work/1_upcoming/130_bug_permission_approval_returns_wrong_format_tools_fail_after_user_approves.md new file mode 100644 index 0000000..203b04b --- /dev/null +++ b/.story_kit/work/1_upcoming/130_bug_permission_approval_returns_wrong_format_tools_fail_after_user_approves.md @@ -0,0 +1,32 @@ +--- +name: "Permission approval returns wrong format — tools fail after user approves" +--- + +# Bug 130: Permission approval returns wrong format — tools fail after user approves + +## Description + +The `prompt_permission` MCP tool returns plain text ("Permission granted for '...'") but Claude Code's `--permission-prompt-tool` expects a JSON object with a `behavior` field. After the user approves a permission request in the web UI dialog, every tool call fails with a Zod validation error: `"expected object, received null"`. + +## How to Reproduce + +1. Start the story-kit server and open the web UI +2. Chat with the claude-code-pty model +3. Ask it to do something that requires a tool NOT in `.claude/settings.json` allow list (e.g. `wc -l /etc/hosts`, or WebFetch to a non-allowed domain) +4. The permission dialog appears — click Approve +5. Observe the tool call fails with: `[{"code":"invalid_union","errors":[[{"expected":"object","code":"invalid_type","path":[],"message":"Invalid input: expected object, received null"}]],"path":[],"message":"Invalid input"}]` + +## Actual Result + +After approval, the tool fails with a Zod validation error. Claude Code cannot parse the plain-text response as a permission decision. + +## Expected Result + +After approval, the tool executes successfully. The MCP tool should return JSON that Claude Code understands: `{"behavior": "allow"}` for approval or `{"behavior": "deny", "message": "..."}` for denial. + +## Acceptance Criteria + +- [ ] prompt_permission returns `{"behavior": "allow"}` JSON when user approves +- [ ] prompt_permission returns `{"behavior": "deny"}` JSON when user denies +- [ ] After approving a permission request, the tool executes successfully and returns its result +- [ ] After denying a permission request, the tool is skipped gracefully