[Agent] Introducing fundation for human-in-the-loop mechanism for tool calling #1548
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chr-hertel
commented
Feb 4, 2026
chr-hertel
commented
Feb 4, 2026
chr-hertel
commented
Feb 4, 2026
chr-hertel
commented
Feb 4, 2026
chr-hertel
commented
Feb 4, 2026
chr-hertel
commented
Feb 4, 2026
chr-hertel
commented
Feb 4, 2026
chr-hertel
commented
Feb 4, 2026
chr-hertel
commented
Feb 4, 2026
chr-hertel
commented
Feb 4, 2026
chr-hertel
force-pushed
the
feat-tool-confirmation
branch
5 times, most recently
from
99283f0 to
08c6600
Compare
OskarStark
reviewed
Feb 4, 2026
There was a problem hiding this comment.
Pull request overview
This pull request introduces a human-in-the-loop confirmation system for tool execution in the Agent component. The system allows developers to require user approval before potentially dangerous tool operations are performed, using a policy-based approach with event-driven architecture.
Changes:
- Adds
ToolCallRequestedevent dispatched before tool execution to enable interception - Implements confirmation system with policies (DefaultPolicy, AlwaysAllowPolicy), handlers, and a subscriber
- Provides comprehensive documentation and a working CLI example
Reviewed changes
Copilot reviewed 23 out of 23 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| src/agent/src/Toolbox/Toolbox.php | Integrates ToolCallRequested event dispatch into tool execution flow |
| src/agent/src/Toolbox/Event/ToolCallRequested.php | New stoppable event for tool execution confirmation with denial and custom result support |
| src/agent/src/Toolbox/Confirmation/PolicyInterface.php | Interface for decision policies on whether tools should be allowed, denied, or require confirmation |
| src/agent/src/Toolbox/Confirmation/PolicyDecision.php | Enum defining Allow, Deny, and AskUser policy decisions |
| src/agent/src/Toolbox/Confirmation/DefaultPolicy.php | Default policy implementation that auto-allows read operations and remembers user decisions |
| src/agent/src/Toolbox/Confirmation/AlwaysAllowPolicy.php | Permissive policy that bypasses all confirmation checks |
| src/agent/src/Toolbox/Confirmation/ConfirmationHandlerInterface.php | Interface for implementing user confirmation mechanisms |
| src/agent/src/Toolbox/Confirmation/ConfirmationResult.php | Result object carrying confirmation decision and remember preference |
| src/agent/src/Toolbox/Confirmation/ConfirmationSubscriber.php | Event subscriber that orchestrates the confirmation workflow |
| src/agent/tests/Toolbox/Event/ToolCallRequestedTest.php | Comprehensive unit tests for the ToolCallRequested event |
| src/agent/tests/Toolbox/Confirmation/*.php | Unit tests for all confirmation components with excellent coverage |
| src/agent/tests/Toolbox/Confirmation/HumanInTheLoopIntegrationTest.php | Integration tests verifying the complete confirmation workflow |
| src/agent/tests/Toolbox/ToolboxEventDispatcherTest.php | Updated to include ToolCallRequested in event dispatch assertions |
| src/agent/tests/Fixtures/Tool/*.php | New fixture tools for testing read/write/delete operations |
| docs/components/agent.rst | Detailed documentation of the confirmation system with usage examples |
| examples/toolbox/confirmation.php | Working CLI example demonstrating the human-in-the-loop pattern |
| src/agent/CHANGELOG.md | Documents the new features for version 0.4 |
src/agent/tests/Toolbox/Confirmation/HumanInTheLoopIntegrationTest.php
Outdated
Show resolved
Hide resolved
chr-hertel
commented
Feb 4, 2026
chr-hertel
commented
Feb 4, 2026
chr-hertel
force-pushed
the
feat-tool-confirmation
branch
3 times, most recently
from
ac5b01f to
9461c1c
Compare
chr-hertel
force-pushed
the
feat-tool-confirmation
branch
from
9461c1c to
a73aa24
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Screencast.from.2026-02-05.21-50-19.webm