Summary

Adds user approval flow for risky DeepAgent tool calls (write_file, edit_file, etc.).
Safe tools (read_file, ls) execute without interruption.'

What's included

• ToolApprovalModal with diff view, inline editing, 60s timeout
• Approval gate for both built-in filesystem tools and MCP tools
• BackendProtocol compatibility fixes for deepagents library
• Applied Yann's PR langchain skills #7080 changes: skills, thread_id, read() optional params, grep path fix
• System prompt reinforcement to enforce tool usage for file operations
• Fixed React StrictMode double-mount in ToolApprovalModal
• Batched edit approval: multiple edit() calls are combined into a single diff review

Key Design Decisions

• No chatHistory to agent: LangGraph checkpointer manages conversation state internally. buildChatPrompt() strips tool_use blocks, which caused LLM to skip tool calls.
• Dual approval points: Built-in tools via RemixFilesystemBackend, MCP tools via ToolApprovalGate in RemixToolAdapter.
• Edit batching: edit() accumulates changes in virtualContent, flushed as one combined diff when runAgent() completes or a non-edit tool is called.
• Approve button: allows quick approval without opening the editor. Review Changes opens inline diff for selective accept/reject.

Status

• Approve / Reject working (write_file, edit_file)
• Filesystem backend write()/read()/edit() aligned with BackendProtocol
• LLM hallucination fix (edit → write no longer skips tools)
• MCP tools wrapped with approval gate
• React StrictMode fix
• Edit mode (modified content)
• Cleanup debug logs + Proxy wrapper before merge

Target

lanchain_deepagent