feat(agent): add tool confirmation before execution

[newcat22]

Summary

• Add user confirmation mechanism for tool calls, allowing users to approve, reject, or auto-approve future matching tool calls before execution
• For bash tool: "always approve" uses command prefix matching — e.g., approving pip install requests auto-approves all pip install * commands
• For non-bash tools: "always approve" remembers the tool name, but each new tool call still requires confirmation by default
• Confirmation rules are session-scoped — they reset on exit or when a new task is started
• Feature is disabled by default and can be enabled via --confirm-tools CLI flag or YAML config

Changes

File	Change
trae_agent/utils/cli/cli_console.py	Add ToolConfirmationResult enum and get_tool_confirmation() abstract method
trae_agent/utils/config.py	Add ToolConfirmationConfig dataclass and YAML parsing support
trae_agent/agent/base_agent.py	Core: intercept tool calls in _tool_call_handler with prefix-based matching for bash and name-based matching for others
trae_agent/agent/trae_agent.py	Reset confirmation state on new_task()
trae_agent/utils/cli/simple_console.py	Implement get_tool_confirmation() with y/n/a prompt
trae_agent/utils/cli/rich_console.py	Implement get_tool_confirmation() with y/n/a prompt
trae_agent/cli.py	Add --confirm-tools flag to run and interactive commands
trae_config.yaml.example	Add tool_confirmation config example
tests/agent/test_tool_confirmation.py	Add 17 unit tests

Usage

CLI flag

trae-cli run "list files" --confirm-tools
trae-cli interactive --confirm-tools

YAML config

agents:
    trae_agent:
        tool_confirmation:
            enabled: true
            tools_requiring_confirmation:
                - bash
                - str_replace_based_edit_tool

User interaction

When a tool call requires confirmation:

┌─ Tool Confirmation Required ──────────────────┐
│ Tool: bash                                     │
│ Command: pip install requests                  │
└────────────────────────────────────────────────┘
Options: (y)es / (n)o / (a)lways approve this pattern
[y/n/a]: a

• y: approve this call only
• n: reject the call (LLM receives error feedback)
• a: auto-approve future matching calls (bash: by command prefix; others: by tool name)

Test plan

• All 79 existing tests pass
• 17 new unit tests added and passing
• Ruff lint check passes
• Manual test: trae-cli run "list files" --confirm-tools shows confirmation prompts (covered by test_cli_confirm_tools_flag, test_rejected_tool_returns_error_result, test_approved_tool_executes_normally)
• Manual test: approving pip install X with "a" auto-approves subsequent pip install Y (covered by test_approve_all_adds_prefix_pattern)
• Manual test: YAML config with tool_confirmation.enabled: true works (covered by test_tool_confirmation_from_yaml, test_tool_confirmation_default_when_missing_from_yaml)

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}