Skip to content

feat(mcp): Extend multi-approve button to Agentic chat

Dylan Bernardirequested to merge
db/extend-multi-approve-button-to-agentic-chat-vue into main

What does this MR do?

This change adds tool approval functionality to a chat component, allowing users to approve or deny AI tool requests with different permission levels.

The main additions include:

  • Two new event handlers that capture when users approve tools (with options like "approve once", "approve for session", or "always approve") or deny them with optional reasons
  • Documentation explaining how these approval events work and what data they carry
  • Test cases to ensure the approval/denial events work correctly
  • Interactive demo stories that show how the tool approval interface behaves with different configuration options

The component now supports both simple single-button approval and more advanced split-button approval with multiple permission levels. When a tool needs approval, users can choose how broadly they want to grant permission, and the parent application receives detailed information about their choice. This gives users more control over AI tool usage while maintaining backward compatibility with existing implementations.

Screenshots or screen recordings

Screen_Recording_2025-09-18_at_3.43.45_PM

Integration merge requests

The change is backwards compatible with the current features that consume the MCP approve button.

The merge request to make this available in VSCode is here; feat(ai-config): add session scoped MCP tool ap... (gitlab-org/editor-extensions/gitlab-lsp!2227 - merged)

Does this MR meet the acceptance criteria?

This checklist encourages the authors, reviewers, and maintainers of merge requests (MRs) to confirm changes were analyzed for conformity with the project's guidelines, security and accessibility.

Toggle the acceptance checklist

Conformity

  • Code review guidelines.
  • GitLab UI's contributing guidelines.
  • If it changes a Pajamas-compliant component's look & feel, the MR has been reviewed by a UX designer.
  • If it changes GitLab UI's documentation guidelines, the MR has been reviewed by a Technical Writer.
  • If the MR changes a component's API, integration MR(s) have been opened (see integration merge requests above).
  • Added the ~"component:*" label(s) if applicable.

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • Security reports checked/validated by a reviewer from the AppSec team

Accessibility

If this MR adds or modifies a component, take a few moments to review the following:

  • All actions and functionality can be done with a keyboard.
  • Links, buttons, and controls have a visible focus state.
  • All content is presented in text or with a text equivalent. For example, alt text for SVG, or aria-label for icons that have meaning or perform actions.
  • Changes in a component’s state are announced by a screen reader. For example, changing aria-expanded="false" to aria-expanded="true" when an accordion is expanded.
  • Color combinations have sufficient contrast.
Edited by Dylan Bernardi

Merge request reports