fix(agent-core): session approval for Write/Edit at tool scope

[Cyning12]

Related Issue

Fixes #437

Problem

In the TUI, choosing "Approve for this session" on Write or Edit did not behave differently from "Approve once": subsequent writes in the same session still showed approval prompts. Issue comment reproduces this when writing multiple files under the same directory after selecting session approval.

What changed

• When the user approves Write or Edit for this session, PermissionManager now stores a tool-name session rule (for example Write) instead of a path-specific rule (for example Write(/path/a.ts)).
• session-approval-history can then match later Write/Edit calls to different paths in the same session without re-prompting.
• Approve once still does not write session patterns; the next matching call prompts again.
• Bash session approval is unchanged: it still caches the full command-level rule so different commands remain separately gated.

Implementation is limited to packages/agent-core (resolveSessionApprovalRule + tests). TUI adapter already maps approved_for_session to scope: 'session'; no TUI code changes in this PR.

Checklist

• I have read the CONTRIBUTING document.
• I have linked a related issue, or explained the problem above.
• I have added tests that prove my feature works.
• Ran gen-changesets skill, or this PR needs no changeset.
• Ran gen-docs skill, or this PR needs no doc update.

Made with Cursor

[changeset-bot]

🦋 Changeset detected

Latest commit: 72b15b8

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package

Name	Type
@moonshot-ai/kimi-code	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[pkg-pr-new]

pnpm dlx https://pkg.pr.new/@moonshot-ai/kimi-code@72b15b8

npx https://pkg.pr.new/@moonshot-ai/kimi-code@72b15b8

commit: 72b15b8

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 72b15b8c77

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Do not cache Write session grants as unrestricted tool rules

When a user approves any Write/Edit for the session, this stores the bare tool name (for example Write). I checked createPermissionDecisionPolicies: SessionApprovalHistoryPermissionPolicy runs before SensitiveFileAccessAskPermissionPolicy and GitControlPathAccessAskPermissionPolicy, so a later write to .env, SSH keys, or .git/config is approved by the session cache instead of showing the protected-path prompt that would otherwise fire. Keep the cached rule scoped enough, or ensure protected-path asks still run before the session grant is applied.

Useful? React with 👍 / 👎.