fix(approval): honor bare YAML approvals.mode: off (#2620)

Cherry-picked from PR #2563 by tumf. YAML 1.1 parses unquoted 'off' as boolean False. Added _normalize_approval_mode() to map False -> 'off', True -> 'manual', and normalize string values. Includes regression tests.
2026-03-23 06:56:09 -07:00 · 2026-03-23 06:56:09 -07:00 · 7da0822456
commit 7da0822456
parent d35df0db71
2 changed files with 28 additions and 1 deletions
--- a/tests/tools/test_approval.py
+++ b/tests/tools/test_approval.py
@ -4,6 +4,7 @@ from unittest.mock import patch as mock_patch

 import tools.approval as approval_module
 from tools.approval import (
+    _get_approval_mode,
    approve_session,
    clear_session,
    detect_dangerous_command,
@ -16,6 +17,16 @@ from tools.approval import (
 )


+class TestApprovalModeParsing:
+    def test_unquoted_yaml_off_boolean_false_maps_to_off(self):
+        with mock_patch("hermes_cli.config.load_config", return_value={"approvals": {"mode": False}}):
+            assert _get_approval_mode() == "off"
+
+    def test_string_off_still_maps_to_off(self):
+        with mock_patch("hermes_cli.config.load_config", return_value={"approvals": {"mode": "off"}}):
+            assert _get_approval_mode() == "off"
+
+
 class TestDetectDangerousRm:
    def test_rm_rf_detected(self):
        is_dangerous, key, desc = detect_dangerous_command("rm -rf /home/user")