fix: surface approval prompt in UI instead of getting stuck in Thinking (#187)

* fix: surface approval prompt in UI instead of getting stuck in Thinking

When a dangerous command was detected during streaming, the approval system
would call submit_pending() but no SSE 'approval' event would be emitted to
the frontend. The agent thread either blocked indefinitely (gateway path) or
returned an approval_required status the UI never saw (EXEC_ASK path). Either
way the chat UI stayed stuck in 'Thinking...' with no prompt shown.

Root cause: streaming.py used HERMES_EXEC_ASK=1 but never registered a
register_gateway_notify() callback. Without it, check_all_command_guards()
fell back to the legacy polling path (submit_pending only), which relies on
on_tool() polling -- but on_tool() fires *before* the tool runs, so by the
time the terminal tool detected the dangerous command and called submit_pending,
the approval event had already missed its window.

Fix (streaming.py):
- Register a gateway-style notify_cb via register_gateway_notify() before the
  agent runs. The callback calls put('approval', ...) to emit the SSE event
  the moment a dangerous command is detected, regardless of on_tool() timing.
- Unregister via unregister_gateway_notify() in the finally block to unblock
  any threads still waiting if the stream ends or is cancelled mid-approval.
- Keep the on_tool() fallback poll for older approval module versions.

Fix (routes.py):
- Import and call resolve_gateway_approval() in _handle_approval_respond().
  This unblocks the agent thread parked in entry.event.wait() when the user
  clicks Allow or Deny in the UI. Without this call the thread would block
  until the 5-minute gateway timeout.

Tests (tests/test_approval_unblock.py):
- 16 new tests covering: resolve_gateway_approval() event signalling, deny/
  session/once choices, resolve_all, notify_cb registration/firing/cleanup,
  unregister signals blocked entries, full end-to-end streaming simulation,
  module symbol exports, and HTTP endpoint regressions.

515 tests pass (499 existing + 16 new).

* feat: full approval UI — i18n buttons, keyboard shortcut, loading state, scoping fix

---------

Co-authored-by: Nathan Esquenazi <nesquena@gmail.com>

api/routes.py

@@ -58,6 +58,7 @@ try:
         has_pending, pop_pending, submit_pending,
         approve_session, approve_permanent, save_permanent_allowlist,
         is_approved, _pending, _lock, _permanent_approved,
+        resolve_gateway_approval,
     )
 except ImportError:
     has_pending = lambda *a, **k: False
@@ -67,6 +68,7 @@ except ImportError:
     approve_permanent = lambda *a, **k: None
     save_permanent_allowlist = lambda *a, **k: None
     is_approved = lambda *a, **k: True
+    resolve_gateway_approval = lambda *a, **k: 0
     _pending = {}
     _lock = threading.Lock()
     _permanent_approved = set()
@@ -1353,6 +1355,7 @@ def _handle_approval_respond(handler, body):
     choice = body.get('choice', 'deny')
     if choice not in ('once', 'session', 'always', 'deny'):
         return bad(handler, f'Invalid choice: {choice}')
+    # Pop the legacy polling-mode pending entry (no-op when gateway path is active).
     with _lock:
         pending = _pending.pop(sid, None)
     if pending:
@@ -1363,6 +1366,10 @@ def _handle_approval_respond(handler, body):
             for k in keys:
                 approve_session(sid, k); approve_permanent(k)
             save_permanent_allowlist(_permanent_approved)
+    # Unblock the agent thread waiting in the gateway approval queue.
+    # This is the primary signal when streaming is active — the agent
+    # thread is parked in entry.event.wait() and needs to be woken up.
+    resolve_gateway_approval(sid, choice, resolve_all=False)
     return j(handler, {'ok': True, 'choice': choice})
 
 

api/streaming.py

@@ -121,6 +121,26 @@ def _run_agent_streaming(session_id, msg_text, model, workspace, stream_id, atta
           if _profile_home:
               os.environ['HERMES_HOME'] = _profile_home
         # Lock released — agent runs without holding it
+        # Register a gateway-style notify callback so the approval system can
+        # push the `approval` SSE event the moment a dangerous command is
+        # detected, without waiting for the next on_tool() poll cycle.
+        # Without this, the agent thread blocks inside the terminal tool
+        # waiting for approval that the UI never knew to ask for, leaving
+        # the chat stuck in "Thinking…" forever.
+        _approval_registered = False
+        _unreg_notify = None
+        try:
+            from tools.approval import (
+                register_gateway_notify as _reg_notify,
+                unregister_gateway_notify as _unreg_notify,
+            )
+            def _approval_notify_cb(approval_data):
+                put('approval', approval_data)
+            _reg_notify(session_id, _approval_notify_cb)
+            _approval_registered = True
+        except ImportError:
+            pass  # approval module not available — fall back to polling
+
         try:
             def on_token(text):
                 if text is None:
@@ -133,13 +153,17 @@ def _run_agent_streaming(session_id, msg_text, model, workspace, stream_id, atta
                     for k, v in list(args.items())[:4]:
                         s2 = str(v); args_snap[k] = s2[:120]+('...' if len(s2)>120 else '')
                 put('tool', {'name': name, 'preview': preview, 'args': args_snap})
-                # also check for pending approval and surface it immediately
-                from tools.approval import has_pending as _has_pending, _pending, _lock
-                if _has_pending(session_id):
-                    with _lock:
-                        p = dict(_pending.get(session_id, {}))
-                    if p:
-                        put('approval', p)
+                # Fallback: poll for pending approval in case notify_cb wasn't
+                # registered (e.g. older approval module without gateway support).
+                try:
+                    from tools.approval import has_pending as _has_pending, _pending, _lock
+                    if _has_pending(session_id):
+                        with _lock:
+                            p = dict(_pending.get(session_id, {}))
+                        if p:
+                            put('approval', p)
+                except ImportError:
+                    pass
 
             if AIAgent is None:
                 raise ImportError("AIAgent not available -- check that hermes-agent is on sys.path")
@@ -382,6 +406,13 @@ def _run_agent_streaming(session_id, msg_text, model, workspace, stream_id, atta
                 usage['last_prompt_tokens'] = getattr(_cc, 'last_prompt_tokens', 0) or 0
             put('done', {'session': s.compact() | {'messages': s.messages, 'tool_calls': tool_calls}, 'usage': usage})
         finally:
+            # Unregister the gateway approval callback and unblock any threads
+            # still waiting on approval (e.g. stream cancelled mid-approval).
+            if _approval_registered and _unreg_notify is not None:
+                try:
+                    _unreg_notify(session_id)
+                except Exception:
+                    pass
             with _ENV_LOCK:
                 if old_cwd is None: os.environ.pop('TERMINAL_CWD', None)
                 else: os.environ['TERMINAL_CWD'] = old_cwd