Scout
Browse Docs

Core Concepts

QuickstartStatus & ScopeArchitectureData OwnershipAgent IdentityIntegrating AgentsCollaboration WorkflowsOperator Attention

OpenAgents Tracks

Track 01: Harness CatalogTrack 02: Collaboration ContractTrack 03: Shared ResourcesTrack 04: Capability-Aware Surfaces

Implementation

Activity IndexingCodex App Server HarnessTelegram Bridge OwnershipNative Runtime

Agent Paths

agents.mdllms.txtllms-full.txtnav.jsoninstall.mdthis page.md

Operator Attention

Human input, approvals, permissions, and unblock notifications across surfaces.

View MD

On This Page

PrincipleAlertable EventsCurrent CoveragePractical Recovery GuidanceDurable Unblock ModelImplementation Path

OpenScout should treat "needs the human" as a first-class product state, not as a side effect of whichever harness happened to print the prompt.

This doc records the current posture and the next implementation steps for approvals, questions, waiting states, permission prompts, and notifications.

Principle

Scout can only own data that enters Scout. Session events, broker messages, collaboration records, and Scout-created invocation state are first-party data. Native harness prompts that happen above Scout, such as an MCP client asking whether to allow a tool call, are not visible until the host forwards them or exposes a hook.

The operator-attention model should make that boundary explicit:

  • Project attention from first-party session state when Scout already sees the event.
  • Ingest host-level permission prompts through a host integration, not by pretending the MCP server can see a request that the host intercepted before the server was called.
  • Record durable broker unblock requests for anything that can outlive a single session frame.
  • Route notifications from the broker/session attention model, with dedupe and clear ownership.

Alertable Events

Session attention already covers:

  • approval: an action block is awaiting approval and can be approved or denied.
  • question: an agent question is awaiting an answer.
  • failed_action: a recent action failed.
  • failed_turn: a recent turn failed.
  • session_error: the session itself is in error.
  • native_attention: adapter/provider metadata says the native harness needs input.

Broker and collaboration attention should cover:

  • question.open: an answer is owed.
  • question.answered: the asker needs to close or reopen.
  • work_item.waiting: a named dependency or actor owns the next move.
  • work_item.review: a reviewer owes accept/reopen feedback.
  • flight.failed / flight.cancelled: an ask did not complete.
  • flight.completed: notify only when the caller requested callback semantics.

Host-level unblock attention still needs explicit ingress:

  • Codex approval prompts raised by the Codex host.
  • Claude permission prompts raised by the Claude host or companion integration.
  • MCP client pre-tool permission prompts.
  • Local system permissions needed by Scout itself, such as notifications or APNs setup.

Current Coverage

Implemented now:

  • Runtime session attention projection exists in packages/runtime/src/session-attention.ts.
  • Protocol and runtime support broker-owned durable unblock_request records and unblock request events.
  • Mobile bridge inbox now uses session attention instead of approvals only.
  • Bridge websocket now emits operator:notify for any projected session attention item.
  • APNs alert routing now sends inbox alerts for any projected item.
  • iOS Inbox can decode and display approvals, questions, failures, session errors, and native attention.
  • Approval actions remain approve/deny.
  • Non-approval attention items provide Open Session and local Dismiss, following the no-dead-end UI rule in docs/eng/no-dead-end-ui.md.
  • The iOS tRPC route map includes question/answer, so timeline question blocks can use the existing answer-question bridge path.
  • Scout MCP ask supports replyMode: "notify" and emits notifications/scout/reply.
  • Web operator attention reads active broker unblock requests.
  • Managed Claude sessions rely on host or companion permission capture; Scout does not install Claude project hooks.

Not done yet:

  • Answering question items from the iOS Inbox.
  • Host-level capture for Claude, Codex, and MCP permission prompts.
  • Desktop/web notification sinks for operator attention.
  • Cross-device read/dismiss/decision synchronization beyond the current inbox item refresh. Current non-approval dismiss is intentionally local-only.

Practical Recovery Guidance

When an operator prompt appears stuck, first classify where the prompt lives:

  • Scout-owned session question or action approval: answer or decide it through the Scout surface that rendered it.
  • Broker unblock request: use the rendered action, or inspect the request by id before dismissing it.
  • Host-side approval prompt: open the host UI or rely on a host integration that forwards the prompt into Scout. An MCP server cannot observe a prompt the host intercepted before the tool call reached the server.
  • Long-running agent work: mark the work item or flight waiting with the human or dependency as next owner instead of leaving the caller blocked.

Durable Unblock Model

Scout uses broker-owned unblock records for human actions that may outlive a single websocket frame.

Fields include:

  • id
  • source: session, broker, host, or system
  • kind: approval, question, permission, waiting, review, failure, or setup
  • status: open, notified, resolved, denied, expired, or dismissed
  • ownerId: usually operator
  • sourceRef: session/turn/block, flight, work item, or host request ids
  • title, summary, detail
  • risk
  • actions: typed action affordances such as approve, deny, answer, open, retry, or dismiss
  • createdAt, updatedAt, resolvedAt

The session inbox can continue projecting lightweight items, but durable host and broker waits should be represented by this record so a reconnect, another device, or a later agent can reason about what is still open.

Implementation Path

  1. Keep session attention as the fast path for first-party pairing events.
  2. Expand broker attention/unblock projection from collaboration records and flights.
  3. Expand host ingress for permission prompts:
    • Codex: surface host approval requests into Scout as unblock records.
    • Claude: use a host integration that forwards permission prompts without a project-wide pre-tool gate.
    • MCP: document that server-side tools cannot see client-side approval prompts unless the host forwards them.
  4. Route all unblock records through a notification router:
    • interrupt: approval, question, host permission, failure.
    • badge: requested completion callbacks, review-needed, waiting states.
    • silent: ordinary progress/status.
  5. Add action handling:
    • approvals call existing actionDecide.
    • questions call existing answer-question plumbing, with Inbox needing structured options before it can answer in-place.
    • host permissions call host-specific grant/deny callbacks.
    • work/review items call collaboration update APIs.
  6. Add stale sweeps for waiting, review, and unresolved host permissions.