Skip to content

fix(agent-client): attach role_ids_allowed_to_approve to approval requests [PRD-688]#1722

Closed
Scra3 wants to merge 1 commit into
feature/prd-688-approval-on-full-ai-trigger-actionfrom
fix/prd-688-approval-role-ids
Closed

fix(agent-client): attach role_ids_allowed_to_approve to approval requests [PRD-688]#1722
Scra3 wants to merge 1 commit into
feature/prd-688-approval-on-full-ai-trigger-actionfrom
fix/prd-688-approval-role-ids

Conversation

@Scra3

@Scra3 Scra3 commented Jun 29, 2026

Copy link
Copy Markdown
Member

Problem

Approvals filed programmatically (MCP server executeAction, and the workflow executor) show up in Forest without an attached resource — the created approval is malformed.

Root cause

The Forest server's POST /api/action-approvals expects role_ids_allowed_to_approve in the payload — the browser engine always sends it (store.createRecord('action-approval', { …, roleIdsAllowedToApprove })). The agent-client already extracts roleIdsAllowedToApprove from the 403 CustomActionRequiresApprovalError (domains/action.ts toActionError) but discarded it instead of forwarding it to createApprovalRequest. The resulting payload was missing that field.

Fix

  • ApprovalRequestPayload gains roleIdsAllowedToApprove?.
  • makeCreateApprovalRequest sends role_ids_allowed_to_approve in the JSON:API attributes (alongside record_ids / collection_name / inputs), matching the browser-engine payload.
  • Action.execute() forwards the value it already has from the mapped ActionRequiresApprovalError.

This is the only field that differed from the working browser-engine payload (verified against forestadmin action-approval model + custom-action service). record_ids was already correct (Collection.action serializes ids via serializeRecordId).

Notes

Tests: agent-client (340) + mcp-server (547) pass; build + lint clean.

Refs PRD-688

🤖 Generated with Claude Code

Note

Attach role_ids_allowed_to_approve to approval request payloads in agent-client

Adds the optional roleIdsAllowedToApprove field to ApprovalRequestPayload in approval-request-creator.ts and maps it to role_ids_allowed_to_approve in the POST body sent to /api/action-approvals. The Action.execute method in action.ts now forwards this field when constructing the approval request.

Macroscope summarized afa0ce1.

…approval request

Forest's POST /api/action-approvals expects `role_ids_allowed_to_approve` (the browser
engine always sends it). Without it the created approval is malformed and shows no
attached resource/record. agent-client already extracts `roleIdsAllowedToApprove` from
the 403 CustomActionRequiresApprovalError but threw it away — forward it to
createApprovalRequest and include it in the payload. Fixes approvals filed by the MCP
server and the workflow executor (both go through this agent-client path).

Refs PRD-688

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@linear-code

linear-code Bot commented Jun 29, 2026

Copy link
Copy Markdown

PRD-688

@Scra3

Scra3 commented Jun 29, 2026

Copy link
Copy Markdown
Member Author

Closing: verified in the Forest server that it computes roleIdsAllowedToApprove itself on approval creation (action-approval-service.createenvironmentRolePermissionStore.listRoleIdsForApproval, with a ?? fallback to the client value), and the create validator doesn't require the field. So sending it from the agent-client is unnecessary. The empty-Resource issue is unrelated (driven by record_ids).

@Scra3 Scra3 closed this Jun 29, 2026
@Scra3 Scra3 deleted the fix/prd-688-approval-role-ids branch June 29, 2026 18:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant