claude-agent-sdk-python icon indicating copy to clipboard operation
claude-agent-sdk-python copied to clipboard
verified publisher icon anthropics

Feature Request: Support for Long-Running Tool Approval

Open slovx2 opened this issue 3 months ago • 2 comments

Problem

We need to implement user approval for sensitive tools (e.g., image generation, expensive API calls, file deletion) before execution. This requires:

  • Pausing tool execution
  • Waiting for user decision (may take several minutes)
  • Resuming based on approval/rejection

Current Limitation

Both CanUseTool and PreToolUse Hook appear to have hard-coded execution time limits (~60 seconds). When we wait for user approval in these callbacks, the SDK throws an AbortError:

Error in hook callback: vJ [AbortError]
    at AbortSignal.Z (file:///.../@anthropic-ai/claude-code/cli.js:3808:315)

Behavior:

  1. Hook/callback triggers successfully
  2. We wait for user decision (e.g., 5 minutes timeout)
  3. After ~60 seconds, SDK aborts with AbortError
  4. Tool executes anyway (fail-open), completely bypassing approval

This design works well for synchronous checks (parameter validation, logging) but not for asynchronous user interactions where users may need several minutes to review and decide.

Feature Request

Provide a mechanism for long-running tool approval that supports:

  1. Configurable or no timeout - Allow waiting 10+ minutes (or indefinitely) for user decision
  2. Cross-process persistence - If the Claude Code process restarts, the approval should be resumable when the session is restored (approval state survives process restart)
  3. Proper result handling:
    • On approval: Tool executes, results returned to model
    • On rejection: Model receives error message (not fail-open behavior)

Use Cases

1. Expensive API Calls User needs 2-3 minutes to review image generation prompt and cost estimate before approving.

2. Sensitive Operations Admin reviews file deletion request in approval dashboard, may take 5-10 minutes.

3. Compliance Workflows Compliance officer reviews email content before sending, approval process is cross-process.

4. Cost Control Financial approval for tools with per-call costs (e.g., paid APIs, cloud resources).

Current Workarounds (Unsatisfactory)

  • Deny immediately + manual re-invoke: Poor UX, tool never auto-executes after approval
  • Implement approval in tool code: Relies on model understanding, can be bypassed
  • Shorten timeout: Still hits 60s limit, too short for real users

Questions

  1. Is there a recommended pattern for implementing long-running approvals?
  2. Is this timeout configurable, or are there plans to make it configurable?
  3. Would you consider this feature for the roadmap?

Thank you!

slovx2 avatar Nov 02 '25 03:11 slovx2

I'm gonna ask a clarification here - are you using the direct query (one-shot) method, or are you using the streaming SDK client (ClaudeSDKClient)?

I'm currently using the ClaudeSDKClient method with a long-running tool timeouts (longest so far has been 2 days and still accepted the response). I'm not sure if there's a different timeout for the query method, but this has worked relatively flawlessly so far (once I figured out the can_use_tool callback madness.

Here's where I wait indefinitely in my development (sorry for the really nutty setup - I'm supporting multi-session, so the callback is in a factory).

  • https://github.com/EdanStarfire/claudecode_webui/blob/989e24c1ff2c75747bf3dc6e27229ae6a1e08f2d/src/web_server.py#L2083

High level is:

  1. SDK sends permission request and context to callback.
  2. (not necessary) I mark my session (for tracking purposes) as "paused" which plays with UI stuff
  3. I'm creating a future for the permission request
  4. I send the permission request, including suggestions to my webUI via a websocket
  5. Display it in the message stream and then just sit.... and wait...
  6. the await permission_future will just sit there indefinitely for that session. NOTE: I'm not asyncing multiple permission requests - a session can only ask for 1 permission at a time, then will receive the next doing it this way, so multiple tool calls with permission prompts kinda queue up.
  7. Unmark the session as "paused"
  8. interpret decision (and if using suggestions - this is naive right now, but works)
  9. callback return sends to SDK.

EdanStarfire avatar Nov 05 '25 06:11 EdanStarfire

For clarity I agree that the PreToolUse hook seems to have a hard timeout, but I've avoided using hooks for the purpose of approvals.

EdanStarfire avatar Nov 05 '25 06:11 EdanStarfire