feat(console): render approve buttons for tool guard (#2720)

[hikariming]

Description

Convert the web console's /approve text command into clickable buttons when the tool guard flags a risky tool call. Users can now click "Confirm" / "Cancel" instead of typing /approve.

The frontend @agentscope-ai/chat library already ships with built-in approval button UI (Approval component + StatusCard.HITL), triggered by mcp_approval_request message type. CoPaw never used this path because the backend emitted approval messages as plain-text ToolResultBlock. This PR makes the backend emit a structured approval_request content block, registers a runtime type converter that turns it into MCP_APPROVAL_REQUEST SSE events, and handles the mcp_approval_response payload that the frontend buttons send back.

Frontend code is unchanged — the library handles rendering, button clicks, input locking and response sending automatically.

The text-based /approve command remains fully functional for non-web channels (DingTalk, Feishu, etc.).

Related Issue: Fixes #2720

Security Considerations: None — the existing ApprovalService and tool-guard authorization flow are unchanged. Button clicks are mapped to the same ApprovalDecision.APPROVED / DENIED resolve path as text commands.

Type of Change

• Bug fix
• New feature
• Breaking change
• Documentation
• Refactoring

Component(s) Affected

• Core / Backend (app, agents, config, providers, utils, local_models)
• Console (frontend web UI)
• Channels (DingTalk, Feishu, QQ, Discord, iMessage, etc.)
• Skills
• CLI
• Documentation (website)
• Tests
• CI/CD
• Scripts / Deploy

Checklist

• I ran pre-commit run --all-files locally and it passes
• If pre-commit auto-fixed files, I committed those changes and reran checks
• I ran tests locally (pytest or as relevant) and they pass
• Documentation updated (if needed)
• Ready for review

Testing

1. Trigger any tool that the tool guard flags as risky (e.g. shell with a destructive command)
2. The web console should render an approval card with Confirm / Cancel buttons in place of the old /approve text instruction
3. Clicking Confirm should approve and replay the tool call; clicking Cancel should deny it
4. Other channels (text-based) should still accept /approve as before

Unit tests cover:

• build_approval_blocks — produces correct text + approval_request blocks
• _extract_approval_response — parses the frontend's data-block response (approve/deny/text/empty cases)

Local Verification Evidence

$ pre-commit run --all-files
... all hooks passed ...

$ pytest tests/unit/agents/test_tool_guard_approval_msg.py tests/unit/runner/test_approval_response.py -v
...
6 passed in 1.87s

$ pytest tests/ -k "approval or tool_guard" -v
...
8 passed, 473 deselected

Additional Notes

• The text-based /approve instruction is preserved in the approval message body, so terminal/CLI users still see how to approve manually.
• A new out_type_converters mechanism is registered on AgentRunner — future custom block types can use the same hook.

[github-actions]

Welcome to CoPaw! 🐾

Hi @hikariming, this is your 7th Pull Request.

🙌 Join Developer Community

Thanks so much for your contribution! We'd love to invite you to join the official CoPaw developer group! You can find the Discord and DingTalk group links under the "Developer Community" section on our docs page:
https://copaw.agentscope.io/docs/community

We truly appreciate your enthusiasm—and look forward to your future contributions! 😊

We'll review your PR soon.

[gemini-code-assist]

Code Review

This pull request introduces a structured approval mechanism for tool execution, enabling frontend button-based interactions. It adds logic to build approval content blocks, converts these blocks for the frontend, and handles incoming approval responses by mapping them to internal commands. Unit tests were added to verify the new functionality. A safety improvement was suggested to use ".get()" when accessing the tool call ID to prevent potential KeyError exceptions.

[hikariming]

#3257 this issue also say this

[xieyxclack]

Thank you for this pr! Please resolve the conflict

[xieyxclack]

@gnipping Could you review and test the improvement provided in this pr ?

[gnipping]

@gnipping Could you review and test the improvement provided in this pr ?

No problem

[hikariming]

Thank you for this pr! Please resolve the conflict

okk

[gnipping]

Thank you for this pr! Please resolve the conflict

okk

Please let me know if the conflicts have been resolved.
Thx!