Skip to content

fix: force preview for protected files regardless of background editing #6723

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

fix: force preview for protected files regardless of background editing #6723

wants to merge 1 commit into from

Conversation

@roomote
Copy link
Contributor

@roomote roomote bot commented Aug 5, 2025
edited by ellipsis-dev bot
Loading

Summary

This PR fixes an issue where protected files (like .vscode/, .roo/, etc.) could be edited without preview when the "Background editing" experimental feature is enabled. This was a security concern as these configuration files should always require explicit approval before modification.

Problem

When the PREVENT_FOCUS_DISRUPTION experiment (Background editing) is enabled, the file editing tools would bypass the diff view and directly save changes to files. This behavior was applied to all files, including protected configuration files, which should always require preview and explicit approval.

Solution

Modified all file editing tools to check if a file is write-protected and force the diff view regardless of the background editing setting:

  • writeToFileTool: Added condition to check !isWriteProtected before using direct save
  • applyDiffTool: Same fix applied
  • insertContentTool: Modified to show diff view when file is protected
  • searchAndReplaceTool: Modified to show diff view when file is protected
  • multiApplyDiffTool: Added protection checks for both single and batch operations

Testing

Added comprehensive test coverage in writeToFileTool.spec.ts to verify:

  • Protected files always show diff view even with background editing enabled
  • Non-protected files still use direct save when background editing is enabled
  • The isProtected flag is correctly passed to approval dialogs
  • Protection works for various protected file patterns (.vscode/, .roo/, etc.)

All existing tests pass, confirming no regression in functionality.

Related Issue

Fixes #6722

Important

This PR ensures protected files always require a diff view for approval, even with background editing enabled, by modifying several file editing tools.

  • Behavior:
    • Forces diff view for protected files in writeToFileTool, applyDiffTool, insertContentTool, searchAndReplaceTool, and multiApplyDiffTool regardless of background editing setting.
    • Non-protected files continue to use direct save when background editing is enabled.
  • Testing:
    • Added tests in writeToFileTool.spec.ts to ensure protected files always show diff view.
    • Tests verify behavior for .vscode/ and .roo/ files.
    • Tests confirm isProtected flag is passed to approval dialogs.
  • Misc:

This description was created by Ellipsis for fb30e4e. You can customize this summary. It will automatically update as commits are pushed.

@roomote
fix: force preview for protected files regardless of background editing
fb30e4e 
- Modified writeToFileTool to always show diff view for protected files
- Modified applyDiffTool to always show diff view for protected files
- Modified insertContentTool to always show diff view for protected files
- Modified searchAndReplaceTool to always show diff view for protected files
- Modified multiApplyDiffTool to handle protected files correctly
- Added comprehensive tests for the new behavior

Fixes #6722
@roomote roomote bot requested review from cte, jr and mrubens as code owners August 5, 2025 13:38
@dosubot dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. bug Something isn't working labels Aug 5, 2025
@roomote roomote bot mentioned this pull request Aug 5, 2025
Closed
roomote[bot]
roomote bot commented Aug 5, 2025
View reviewed changes
Copy link
Contributor Author

@roomote roomote bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewing my own code is like debugging in a mirror - everything looks backward but the bugs are still mine.

src/core/tools/multiApplyDiffTool.ts
const hasProtectedFiles = operationsToApprove.some(
(op) => cline.rooProtectedController?.isWriteProtected(op.path) || false,
)
if (isPreventFocusDisruptionEnabled && !hasProtectedFiles) {
Copy link
Contributor Author

@roomote roomote bot Aug 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this intentional? The condition for checking protected files in batch operations uses a different pattern than the other tools. Consider refactoring to match the pattern used elsewhere for consistency:

Suggested change
if (isPreventFocusDisruptionEnabled && !hasProtectedFiles) {
if (isPreventFocusDisruptionEnabled && !isWriteProtected) {

src/core/tools/writeToFileTool.ts
if (isPreventFocusDisruptionEnabled) {
// Direct file write without diff view
// For protected files, always show diff view regardless of background editing setting
if (isPreventFocusDisruptionEnabled && !isWriteProtected) {
Copy link
Contributor Author

@roomote roomote bot Aug 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment 'only for non-protected files' appears multiple times across the codebase. Could we improve readability by extracting this logic into a well-named variable like shouldUseDirectSave? This would make the intent clearer and reduce repetition.

src/core/tools/__tests__/writeToFileTool.spec.ts
expect(mockCline.diffViewProvider.reset).toHaveBeenCalled()
})
})

Copy link
Contributor Author

@roomote roomote bot Aug 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This test suite is quite comprehensive! However, it might benefit from being split into smaller, more focused describe blocks. For example, you could have separate blocks for 'direct save behavior', 'diff view behavior', and 'protection flag handling'. Also, consider adding a test case for when rooProtectedController is undefined/null to ensure the fallback to false works correctly.

@hannesrudolph hannesrudolph added the Issue/PR - Triage New issue. Needs quick review to confirm validity and assign labels. label Aug 5, 2025
@daniel-lxs
Copy link
Member

daniel-lxs commented Aug 6, 2025

I feel like this defeats the purpose of background edits, background edits is an experimental feature that depends on another pending feature to be complete.

I'll close this for now but feel free to continue the discussion.

@daniel-lxs daniel-lxs closed this Aug 6, 2025
@github-project-automation github-project-automation bot moved this from New to Done in Roo Code Roadmap Aug 6, 2025
@github-project-automation github-project-automation bot moved this from Triage to Done in Roo Code Roadmap Aug 6, 2025
@daniel-lxs daniel-lxs deleted the fix/protected-files-background-editing branch August 6, 2025 01:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrubens mrubens Awaiting requested review from mrubens mrubens is a code owner

@cte cte Awaiting requested review from cte cte is a code owner

@jr jr Awaiting requested review from jr jr is a code owner

Assignees

No one assigned

Labels

bug Something isn't working Issue/PR - Triage New issue. Needs quick review to confirm validity and assign labels. size:L This PR changes 100-499 lines, ignoring generated files.

Projects

Roo Code Roadmap
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] Unable to preview edits to protected files before save when Background editing is enabled

4 participants

@daniel-lxs @hannesrudolph @roomote