dave/storkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 7 Wiki Activity

story-kit: create 180_bug_web_ui_permissions_handling_unreliable

Browse Source
This commit is contained in:
Dave
2026-02-25 12:11:02 +00:00
parent 1cccfc4975
commit a597fc5e75
1 changed files with 28 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
.story_kit/work/1_upcoming/180_bug_web_ui_permissions_handling_unreliable.md
View File

@@ -9,11 +9,34 @@ name: "Web UI permissions handling unreliable"
Permissions handling in the web UI chat has issues. This is a tracking bug to collect specific problems as they're encountered.
Known issues:
1. **Batch tool calls failing**: When the agent fires many parallel Bash calls (e.g. 11 at once), two problems compound:
- **Trigger**: The first call fails with an `invalid_union` permission/hook validation error. This may be a bug in how the permission hook response is parsed when many parallel requests hit it simultaneously.
- **Cascade**: All remaining sibling calls are cancelled with "Sibling tool call errored". This is a known Claude Code bug ([anthropics/claude-code#22264](https://github.com/anthropics/claude-code/issues/22264), 25 upvotes, still open). Claude Code uses an all-or-nothing batch model — if one parallel call fails, all siblings are killed.
1. **Chained commands fail permission validation**: Commands chained with `&&` or `|` in a single Bash call fail permission validation even when each individual command would match an allow rule. E.g. `git status && echo "---" && git log` fails because the full shell string doesn't cleanly match `Bash(git *)`. This is expected — Anthropic's permission system correctly refuses to whitelist compound shell strings since anything could follow `&&`.
The cascade is an upstream issue we can't fix. But the **trigger** (the `invalid_union` error) may be something in our permission hook handling that we can investigate.
When this happens inside a parallel batch, the Claude Code cascade bug ([anthropics/claude-code#22264](https://github.com/anthropics/claude-code/issues/22264)) kills all sibling calls too, making it look like a batch size problem — but it's not. 11 parallel simple `git` calls work fine.
**Workaround**: Don't chain commands with `&&`. Use separate Bash calls for each command.
## How to reproduce
Ask the agent to check git status across all worktrees. If it chains commands like:
```
git -C .story_kit/worktrees/163_story_foo status --porcelain 2>&1 | head -5 && echo "---COMMITS---" && git -C .story_kit/worktrees/163_story_foo log --oneline master..HEAD 2>&1 | head -3
```
This fails with:
```json
{
"code": "invalid_union",
"errors": [
[{ "code": "invalid_value", "values": ["allow"], "path": ["behavior"], "message": "Invalid input: expected \"allow\"" }],
[{ "code": "invalid_value", "values": ["deny"], "path": ["behavior"], "message": "Invalid input: expected \"deny\"" },
{ "expected": "string", "code": "invalid_type", "path": ["message"], "message": "Invalid input: expected string, received undefined" }]
]
}
```
But individual `git -C ... status --porcelain` calls (even 11+ in parallel) work fine.
## How to reproduce