feat(exit): detect permission denials and halt loop (Issue #101)

[frankbria]

Summary

• Detect permission denials from Claude Code JSON output
• Halt loop immediately when permissions are denied
• Provide clear guidance for updating .ralphrc ALLOWED_TOOLS

Problem

Ralph was executing Claude Code with stdout/stderr redirected to files, which prevented interactive approval prompts from reaching the user. When commands like npm install were denied permission, Ralph silently continued looping without alerting the user or pausing for intervention (Issue #101).

Solution

Implement a three-pronged approach:

1. Detection: Parse permission_denials array from Claude Code JSON output
2. Exit condition: Halt loop with reason "permission_denied" when denials detected
3. User guidance: Display clear instructions for updating .ralphrc

Implementation

Response Analyzer (lib/response_analyzer.sh)

• Add extraction of permission_denials array in parse_json_response()
• Track has_permission_denials, permission_denial_count, denied_commands
• Include permission denial fields in analyze_response() output

Main Loop (ralph_loop.sh)

• Add permission denial check to should_exit_gracefully() (highest priority)
• Display helpful error message with guidance:
  • Which commands were denied
  • Current ALLOWED_TOOLS configuration
  • Instructions to update .ralphrc

Circuit Breaker (lib/circuit_breaker.sh)

• Add CB_PERMISSION_DENIAL_THRESHOLD=2 constant
• Track consecutive_permission_denials in state file
• Open circuit after 2 consecutive loops with permission denials

Test plan

• Add 6 tests for permission denial parsing in test_json_parsing.bats
• Add 5 tests for permission denial exit condition in test_exit_detection.bats
• All 452 tests pass (100% pass rate)

Documentation

• Update CLAUDE.md with permission denial detection documentation
• Update README.md Common Issues section

Fixes #101

Summary by CodeRabbit

• New Features

  • Added permission denial detection that automatically stops execution when commands lack required permissions.
  • New circuit breaker threshold to exit after repeated permission denials instead of continuous retries.

• Documentation

  • Added troubleshooting guidance for resolving permission denied errors.
  • Updated documentation with permission denial configuration details and resolution steps.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR implements comprehensive permission denial detection and handling. It adds a new circuit-breaker threshold for permission denials, extracts permission_denials from Claude responses, tracks denial state across loop iterations, and introduces user-facing guidance with actionable remediation steps when permissions are denied.

Changes

Cohort / File(s)	Summary
Documentation CLAUDE.md, README.md	Added detailed documentation and user guidance for handling permission denials, including CB_PERMISSION_DENIAL_THRESHOLD, detection flow, state tracking fields, exit semantics, and ALLOWED_TOOLS configuration examples.
Circuit Breaker State Management lib/circuit_breaker.sh	Introduced consecutive_permission_denials counter and CB_PERMISSION_DENIAL_THRESHOLD constant. Extended state initialization, persistence, and reset logic to track permission denials as a high-priority failure condition that opens the circuit before other progress checks.
Response Analysis lib/response_analyzer.sh	Added extraction of permission_denials array from JSON responses, computing permission_denial_count and has_permission_denials flags, and deriving denied_commands list. Propagates these fields through both JSON and text parsing paths with backward compatibility defaults.
Exit Handling & User Guidance ralph_loop.sh	Added permission_denied exit condition with higher priority than other graceful exit paths. When triggered, displays detailed user guidance including ALLOWED_TOOLS configuration instructions and current .ralphrc settings, then resets the session and exits.
Test Coverage tests/unit/test_exit_detection.bats, tests/unit/test_json_parsing.bats	Expanded unit tests with 179 + 190 lines covering permission denial detection, exit signal logic, backward compatibility, Claude CLI JSON format parsing, session persistence, and field extraction validation.

Sequence Diagram(s)

sequenceDiagram
    participant Claude as Claude Response
    participant ResponseAnalyzer as Response Analyzer
    participant CircuitBreaker as Circuit Breaker
    participant MainLoop as Main Loop
    participant User

    Claude->>ResponseAnalyzer: JSON with permission_denials[]
    ResponseAnalyzer->>ResponseAnalyzer: Extract permission_denials,<br/>compute has_permission_denials
    ResponseAnalyzer-->>CircuitBreaker: Pass has_permission_denials flag
    CircuitBreaker->>CircuitBreaker: Increment<br/>consecutive_permission_denials
    CircuitBreaker->>CircuitBreaker: Check threshold:<br/>consecutive_permission_denials<br/>≥ CB_PERMISSION_DENIAL_THRESHOLD
    CircuitBreaker-->>MainLoop: Open circuit with<br/>reason: permission_denied
    MainLoop->>MainLoop: Detect permission_denied<br/>in should_exit_gracefully
    MainLoop->>User: Display permission denial<br/>guidance block with<br/>ALLOWED_TOOLS instructions
    MainLoop->>MainLoop: Reset session with<br/>reason: permission_denied
    MainLoop->>MainLoop: Exit gracefully

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• PR #132: Introduces explicit analysis.exit_signal logic for completion_indicators detection, sharing the same exit signal handling pattern extended in this PR.
• PR #62: Modifies parse_json_response and response analysis field extraction; directly related to the new permission_denials extraction logic added here.
• PR #137: Changes default ALLOWED_TOOLS and .ralphrc creation; related through the ALLOWED_TOOLS configuration guidance introduced in this PR's user-facing error handling.

Poem

🐰 A permission's denial now stops the loop's race,
No silent failures haunting this place,
The circuit breaks fast, the user sees light,
With ALLOWED_TOOLS guidance, permissions are right! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: detecting permission denials and halting the loop with reference to the linked issue.
Linked Issues check	✅ Passed	The PR fully addresses Issue #101 by implementing detection of permission denials, halting execution, and providing actionable user guidance.
Out of Scope Changes check	✅ Passed	All changes directly support Issue #101: permission denial detection, exit handling, circuit breaker integration, and user guidance with tests and documentation.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/101-permission-denial-detection

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[macroscopeapp]

Detect permission denials and halt the Ralph loop after 2 consecutive denials via lib/circuit_breaker.sh::record_loop_result and ralph_loop.sh::should_exit_gracefully

Add permission denial parsing to response analysis, track consecutive denials in circuit breaker state, and exit the loop with guidance when denials occur. Documentation and unit tests are updated.

🖇️ Linked Issues

Resolves Issue #101 by implementing loop halt behavior on permission denials and adding configuration and guidance.

📍Where to Start

Start with permission denial parsing in parse_json_response within lib/response_analyzer.sh, then review circuit breaker updates in lib/circuit_breaker.sh and loop exit handling in ralph_loop.sh.

---

Macroscope summarized ef813e7.

[claude]

Code Review Summary

This PR successfully implements permission denial detection for Issue 101. The implementation is well-structured, thoroughly tested, and follows the project's quality standards.

Strengths

1. Excellent Architecture

• Clean separation of concerns across three components: response_analyzer.sh, ralph_loop.sh, circuit_breaker.sh
• Permission denial check correctly positioned as highest priority in should_exit_gracefully() at line 400

2. Robust JSON Parsing

• Safe extraction with jq and proper fallback handling (lib/response_analyzer.sh:181-195)
• Defensive integer coercion
• Extracts three fields: has_permission_denials, permission_denial_count, denied_commands
• Gracefully handles missing field for backward compatibility

3. Comprehensive Test Coverage (11 new tests)

• 6 JSON parsing tests: Detection, counting, command extraction, empty array, missing field, Claude CLI array format
• 5 exit detection tests: Basic exit, no exit when absent, priority over other signals, multiple denials, backward compat
• All tests follow consistent naming and documentation patterns

4. Excellent User Experience

• Clear error message with visual formatting (ralph_loop.sh:1253-1291)
• Actionable guidance: numbered steps, example patterns, current config display
• Helpful examples for common package managers

5. Documentation Quality

• CLAUDE.md updated with detection flow and example patterns
• README.md Common Issues section expanded
• Inline comments explain Issue 101 context throughout

Code Quality Observations

Minor: Circuit Breaker Integration

In lib/circuit_breaker.sh lines 138-148, permission denials are tracked and increment consecutive_permission_denials.

Question: Is the circuit breaker check redundant given that should_exit_gracefully() already exits immediately on first denial?

The circuit breaker threshold is set to 2 (line 22), but the main loop exits on the first occurrence. This means the circuit breaker will never trigger in practice since the loop halts before reaching the threshold.

Recommendation:

• Option A: Keep both for defense-in-depth, document this intentional redundancy
• Option B: Remove circuit breaker check and rely solely on immediate exit
• Option C: Lower threshold to 1 to align with immediate exit behavior

This is not a bug—just an observation about overlapping safety mechanisms. The current implementation is conservative and safe.

Very Minor: Code Duplication

The permission denial check logic appears in two places: should_exit_gracefully() in ralph_loop.sh:403-413 and circuit breaker state transitions in lib/circuit_breaker.sh. Consider extracting to a helper function if this pattern expands further. Not urgent for current scope.

Security, Performance, Tests

• Security: No concerns. Uses jq for safe JSON parsing with no injection vectors
• Performance: Efficient O(1) check positioned early in exit condition chain
• Test Quality: Excellent coverage of all code paths, edge cases, and backward compatibility

Final Verdict

Approval Status: APPROVED

This PR meets all quality standards:

• Code quality: Clean, modular, defensive
• Best practices: Follows project conventions
• Bugs: None identified
• Performance: Efficient implementation
• Security: No concerns
• Test coverage: Comprehensive (11 new tests, 452 total)
• Documentation: Thorough and actionable

Recommendation: Merge as-is. The circuit breaker observation can be addressed in a follow-up if desired.

Great work on implementing robust error handling with excellent user guidance!

[github-actions]

PR Review: Permission Denial Detection (Issue #101)

Overall Assessment

✅ LGTM - Approve with minor observations

This is a well-executed feature that addresses Issue #101 comprehensively. The implementation is clean, well-tested, and follows existing code patterns.

---

Code Quality & Best Practices

Strengths:

• Consistent with existing error handling patterns (defensive jq usage with and )
• Proper use of jq for safe JSON construction (avoids injection)
• Clear separation of concerns (detection → analysis → exit → user guidance)
• Backward compatibility handled (missing fields default to false/0)
• User-facing messages are helpful and actionable

Minor Observations:

1. Permission denial takes highest priority (ralph_loop.sh:400-413)

   • Correctly placed as exit condition #0 (before all other checks)
   • Prevents wasting API calls on repeated permission denials
   • ⚠️ Consider: Add comment explaining why this takes priority over circuit breaker checks

2. Circuit breaker threshold (lib/circuit_breaker.sh:22)

   • is appropriate (matches other thresholds)
   • Tracks consecutive denials correctly (resets to 0 when no denials)
   • ✅ Good integration with existing circuit breaker state machine

3. Denied commands extraction (lib/response_analyzer.sh:194)

   • ✅ Handles case where field is missing
   • ✅ Returns empty array when no denials exist

---

Potential Bugs or Issues

No critical issues found. Edge cases are well-handled:

1. Missing object: Handled by default
2. Missing field: Handled by jq expression
3. Corrupted JSON: Handled by pattern
4. Empty denied_commands array: Handled by (produces empty string)

Edge case to consider:

• If is present but not an array (e.g., ), the jq will fail. Consider:

  This is a very minor edge case; current implementation is acceptable.

---

Performance Considerations

✅ No performance concerns:

• Permission denial check is O(1) jq extraction (minimal overhead)
• Runs only once per loop iteration
• No additional I/O beyond existing file reads
• Circuit breaker tracks consecutive denials efficiently (single integer in state file)

---

Security Considerations

✅ Secure implementation:

1. Uses jq for JSON parsing (no shell injection vectors)
2. Uses array-based jq construction with (avoids injection)
3. Denied commands are joined in memory (not executed)
4. No user input is used in permission denial logic

---

Test Coverage

Excellent coverage - 452 tests (100% pass rate)

test_json_parsing.bats (+6 tests):

• ✅ Detects array
• ✅ Extracts
• ✅ Extracts list
• ✅ Handles empty array
• ✅ Handles missing field (backward compat)
• ✅ Includes in analysis result

test_exit_detection.bats (+5 tests):

• ✅ Exits on
• ✅ Continues when no denials
• ✅ Takes priority over test_saturation
• ✅ Takes priority over completion_indicators
• ✅ Missing field defaults to false

Test quality notes:

• Tests are isolated and follow existing patterns
• Mock files use valid JSON
• Helper function () mirrors production code
• Backward compatibility explicitly tested

---

Documentation

Well-documented:

1. CLAUDE.md (+22 lines):

   • Explains detection mechanism
   • Documents tracked fields
   • Provides example patterns
   • ⚠️ Add link to Common Issues section in README

2. README.md (+5 lines):

   • Added to Common Issues section
   • Provides 4-step troubleshooting guide
   • ✅ User-friendly and actionable

Documentation suggestion:
Consider adding a note about why permission denials are handled separately from errors (to prevent false positives from legitimate command failures).

---

Summary

This PR successfully implements permission denial detection for Issue #101. The code is production-ready with:

• ✅ Clean implementation following existing patterns
• ✅ Comprehensive test coverage (11 new tests)
• ✅ Backward compatible
• ✅ User-friendly error messages
• ✅ Well-documented
• ✅ No security or performance concerns

Recommendation: Merge after addressing the two minor suggestions above (optional).

Great work addressing this user experience issue! 🚀

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@ralph_loop.sh`:
- Around line 1256-1292: The permission_denied handler currently shows
ALLOWED_TOOLS from .ralphrc which can be stale; update that block to prefer the
runtime environment override by checking the CLAUDE_ALLOWED_TOOLS environment
variable first and only grep .ralphrc if CLAUDE_ALLOWED_TOOLS is unset/empty,
then display the effective value (CLAUDE_ALLOWED_TOOLS if set, otherwise the
parsed ALLOWED_TOOLS from .ralphrc) when printing "Current ALLOWED_TOOLS" in the
permission_denied branch so users see the actual policy in effect.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Show the effective ALLOWED_TOOLS value to avoid misleading guidance.
If env overrides are in use, grepping .ralphrc can display a stale value. Consider showing CLAUDE_ALLOWED_TOOLS first and falling back only if it’s unset.

🔧 Suggested tweak

-                if [[ -f ".ralphrc" ]]; then
-                    local current_tools=$(grep "^ALLOWED_TOOLS=" ".ralphrc" 2>/dev/null | cut -d= -f2- | tr -d '"')
-                    if [[ -n "$current_tools" ]]; then
-                        echo -e "${BLUE}Current ALLOWED_TOOLS:${NC} $current_tools"
-                        echo ""
-                    fi
-                fi
+                local current_tools="${CLAUDE_ALLOWED_TOOLS:-}"
+                if [[ -z "$current_tools" && -f ".ralphrc" ]]; then
+                    current_tools=$(grep "^ALLOWED_TOOLS=" ".ralphrc" 2>/dev/null | cut -d= -f2- | tr -d '"')
+                fi
+                if [[ -n "$current_tools" ]]; then
+                    echo -e "${BLUE}Current ALLOWED_TOOLS:${NC} $current_tools"
+                    echo ""
+                fi

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Handle permission_denied specially (Issue #101)
	if [[ "$exit_reason" == "permission_denied" ]]; then
	log_status "ERROR" "🚫 Permission denied - halting loop"
	reset_session "permission_denied"
	update_status "$loop_count" "$(cat "$CALL_COUNT_FILE")" "permission_denied" "halted" "permission_denied"
	# Display helpful guidance for resolving permission issues
	echo ""
	echo -e "${RED}╔════════════════════════════════════════════════════════════╗${NC}"
	echo -e "${RED}║ PERMISSION DENIED - Loop Halted ║${NC}"
	echo -e "${RED}╚════════════════════════════════════════════════════════════╝${NC}"
	echo ""
	echo -e "${YELLOW}Claude Code was denied permission to execute commands.${NC}"
	echo ""
	echo -e "${YELLOW}To fix this:${NC}"
	echo " 1. Edit .ralphrc and update ALLOWED_TOOLS to include the required tools"
	echo " 2. Common patterns:"
	echo " - Bash(npm *) - All npm commands"
	echo " - Bash(npm install) - Only npm install"
	echo " - Bash(pnpm *) - All pnpm commands"
	echo " - Bash(yarn *) - All yarn commands"
	echo ""
	echo -e "${YELLOW}After updating .ralphrc:${NC}"
	echo " ralph --reset-session # Clear stale session state"
	echo " ralph --monitor # Restart the loop"
	echo ""
	# Show current ALLOWED_TOOLS if .ralphrc exists
	if [[ -f ".ralphrc" ]]; then
	local current_tools=$(grep "^ALLOWED_TOOLS=" ".ralphrc" 2>/dev/null | cut -d= -f2- | tr -d '"')
	if [[ -n "$current_tools" ]]; then
	echo -e "${BLUE}Current ALLOWED_TOOLS:${NC} $current_tools"
	echo ""
	fi
	fi
	break
	# Handle permission_denied specially (Issue `#101`)
	if [[ "$exit_reason" == "permission_denied" ]]; then
	log_status "ERROR" "🚫 Permission denied - halting loop"
	reset_session "permission_denied"
	update_status "$loop_count" "$(cat "$CALL_COUNT_FILE")" "permission_denied" "halted" "permission_denied"
	# Display helpful guidance for resolving permission issues
	echo ""
	echo -e "${RED}╔════════════════════════════════════════════════════════════╗${NC}"
	echo -e "${RED}║ PERMISSION DENIED - Loop Halted ║${NC}"
	echo -e "${RED}╚════════════════════════════════════════════════════════════╝${NC}"
	echo ""
	echo -e "${YELLOW}Claude Code was denied permission to execute commands.${NC}"
	echo ""
	echo -e "${YELLOW}To fix this:${NC}"
	echo " 1. Edit .ralphrc and update ALLOWED_TOOLS to include the required tools"
	echo " 2. Common patterns:"
	echo " - Bash(npm *) - All npm commands"
	echo " - Bash(npm install) - Only npm install"
	echo " - Bash(pnpm *) - All pnpm commands"
	echo " - Bash(yarn *) - All yarn commands"
	echo ""
	echo -e "${YELLOW}After updating .ralphrc:${NC}"
	echo " ralph --reset-session # Clear stale session state"
	echo " ralph --monitor # Restart the loop"
	echo ""
	# Show current ALLOWED_TOOLS if .ralphrc exists
	local current_tools="${CLAUDE_ALLOWED_TOOLS:-}"
	if [[ -z "$current_tools" && -f ".ralphrc" ]]; then
	current_tools=$(grep "^ALLOWED_TOOLS=" ".ralphrc" 2>/dev/null | cut -d= -f2- | tr -d '"')
	fi
	if [[ -n "$current_tools" ]]; then
	echo -e "${BLUE}Current ALLOWED_TOOLS:${NC} $current_tools"
	echo ""
	fi
	break

🧰 Tools

🪛 Shellcheck (0.11.0)

[warning] 1285-1285: Declare and assign separately to avoid masking return values.

(SC2155)

🤖 Prompt for AI Agents

In `@ralph_loop.sh` around lines 1256 - 1292, The permission_denied handler
currently shows ALLOWED_TOOLS from .ralphrc which can be stale; update that
block to prefer the runtime environment override by checking the
CLAUDE_ALLOWED_TOOLS environment variable first and only grep .ralphrc if
CLAUDE_ALLOWED_TOOLS is unset/empty, then display the effective value
(CLAUDE_ALLOWED_TOOLS if set, otherwise the parsed ALLOWED_TOOLS from .ralphrc)
when printing "Current ALLOWED_TOOLS" in the permission_denied branch so users
see the actual policy in effect.