Skip to content

fix: prevent queued messages from auto-approving unapproved commands#12303

Draft
roomote-v0[bot] wants to merge 1 commit intomainfrom
fix/queued-message-auto-approve-bypass
Draft

fix: prevent queued messages from auto-approving unapproved commands#12303
roomote-v0[bot] wants to merge 1 commit intomainfrom
fix/queued-message-auto-approve-bypass

Conversation

@roomote-v0
Copy link
Copy Markdown
Contributor

@roomote-v0 roomote-v0 Bot commented May 9, 2026
edited
Loading

Related GitHub Issue

Closes: #12302

Description

This PR attempts to address Issue #12302. Feedback and guidance are welcome.

Root cause: In Task.ask(), when a queued message is drained during a command, tool, or use_mcp_server ask, the code unconditionally sent "yesButtonClicked", which approved the pending command regardless of auto-approval settings. This meant any queued message would silently approve commands the user never explicitly approved.

Fix: Changed both queued-message drain locations (the immediate drain at line ~1437 and the pWaitFor poll at line ~1462) to send "messageResponse" instead of "yesButtonClicked" for tool/command/mcp asks. This matches the existing behavior when a user types a reply without clicking the Approve button -- the command gets rejected and the message text is forwarded as a regular message.

Commands that were already auto-approved (via checkAutoApproval returning decision: "approve") are resolved before reaching the drain code, so they are unaffected by this change.

Test Procedure

  • Added 3 new test cases to src/core/task/__tests__/ask-queued-message-drain.spec.ts covering command, tool, and use_mcp_server ask types
  • All 3 new tests verify the response is "messageResponse" (rejected) rather than "yesButtonClicked" (approved)
  • Existing tests for followup and command_output asks continue to pass
  • All 5 tests pass: cd src && npx vitest run core/task/__tests__/ask-queued-message-drain.spec.ts

Pre-Submission Checklist

  • Issue Linked: This PR is linked to an approved GitHub Issue (see "Related GitHub Issue" above).
  • Scope: My changes are focused on the linked issue (one major feature/fix per PR).
  • Self-Review: I have performed a thorough self-review of my code.
  • Testing: New and/or updated tests have been added to cover my changes.
  • Documentation Impact: No documentation updates are required.
  • Contribution Guidelines: I have read and agree to the Contributor Guidelines.

Documentation Updates

  • No documentation updates are required.

Additional Notes

Two files changed:

  • src/core/task/Task.ts -- changed "yesButtonClicked" to "messageResponse" in two locations within the queued message drain logic
  • src/core/task/__tests__/ask-queued-message-drain.spec.ts -- added 3 new tests for command/tool/mcp ask types

Interactively review PR in Roo Code Cloud

@roomote
fix: prevent queued messages from auto-approving unapproved commands
839b63c 
When a queued message was drained during a tool/command/mcp ask, the code
unconditionally sent "yesButtonClicked", which approved the pending
command regardless of auto-approval settings. This changes the response
to "messageResponse" instead, matching the behavior when a user types a
reply without clicking Approve (the command gets rejected).

Fixes #12302
@roomote-v0 roomote-v0 Bot mentioned this pull request May 9, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrubens mrubens Awaiting requested review from mrubens mrubens will be requested when the pull request is marked ready for review mrubens is a code owner

@cte cte Awaiting requested review from cte cte will be requested when the pull request is marked ready for review cte is a code owner

@jr jr Awaiting requested review from jr jr will be requested when the pull request is marked ready for review jr is a code owner

@hannesrudolph hannesrudolph Awaiting requested review from hannesrudolph hannesrudolph will be requested when the pull request is marked ready for review hannesrudolph is a code owner

@daniel-lxs daniel-lxs Awaiting requested review from daniel-lxs daniel-lxs will be requested when the pull request is marked ready for review daniel-lxs is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] It runs non-approved commands by itself if I have queued messages!

1 participant

@roomote