From c3273100f262625431cf08ee0d02c05f74760be8 Mon Sep 17 00:00:00 2001
From: Amolith <amolith@secluded.site>
Date: Fri, 31 Oct 2025 13:34:29 -0600
Subject: [PATCH] refactor(permission): check allowlist first

---
 internal/permission/permission.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/internal/permission/permission.go b/internal/permission/permission.go
index e7bc3f65f22fd6a0df396816c77150355e36fca6..9d5241b5927d8ad6b6aff462d10cd28e694e7433 100644
--- a/internal/permission/permission.go
+++ b/internal/permission/permission.go
@@ -127,6 +127,12 @@ func (s *permissionService) Request(opts CreatePermissionRequest) bool {
 		return true
 	}
 
+	// Check if the tool/action combination is in the allowlist
+	commandKey := opts.ToolName + ":" + opts.Action
+	if slices.Contains(s.allowedTools, commandKey) || slices.Contains(s.allowedTools, opts.ToolName) {
+		return true
+	}
+
 	// tell the UI that a permission was requested
 	s.notificationBroker.Publish(pubsub.CreatedEvent, PermissionNotification{
 		ToolCallID: opts.ToolCallID,
@@ -134,12 +140,6 @@ func (s *permissionService) Request(opts CreatePermissionRequest) bool {
 	s.requestMu.Lock()
 	defer s.requestMu.Unlock()
 
-	// Check if the tool/action combination is in the allowlist
-	commandKey := opts.ToolName + ":" + opts.Action
-	if slices.Contains(s.allowedTools, commandKey) || slices.Contains(s.allowedTools, opts.ToolName) {
-		return true
-	}
-
 	s.autoApproveSessionsMu.RLock()
 	autoApprove := s.autoApproveSessions[opts.SessionID]
 	s.autoApproveSessionsMu.RUnlock()