refactor: namespace tool call ids with session id to prevent conflicts (#11319)

src/main/services/agents/services/claudecode/__tests__/transform.test.ts

@@ -25,7 +25,7 @@ describe('stripLocalCommandTags', () => {
 
 describe('Claude → AiSDK transform', () => {
   it('handles tool call streaming lifecycle', () => {
-    const state = new ClaudeStreamState()
+    const state = new ClaudeStreamState({ agentSessionId: baseStreamMetadata.session_id })
     const parts: ReturnType<typeof transformSDKMessageToStreamParts>[number][] = []
 
     const messages: SDKMessage[] = [
@@ -182,14 +182,14 @@ describe('Claude → AiSDK transform', () => {
       (typeof parts)[number],
       { type: 'tool-result' }
     >
-    expect(toolResult.toolCallId).toBe('tool-1')
+    expect(toolResult.toolCallId).toBe('session-123:tool-1')
     expect(toolResult.toolName).toBe('Bash')
     expect(toolResult.input).toEqual({ command: 'ls' })
     expect(toolResult.output).toBe('ok')
   })
 
   it('handles streaming text completion', () => {
-    const state = new ClaudeStreamState()
+    const state = new ClaudeStreamState({ agentSessionId: baseStreamMetadata.session_id })
     const parts: ReturnType<typeof transformSDKMessageToStreamParts>[number][] = []
 
     const messages: SDKMessage[] = [

src/main/services/agents/services/claudecode/claude-stream-state.ts

@@ -10,8 +10,21 @@
  * Every Claude turn gets its own instance. `resetStep` should be invoked once the finish event has
  * been emitted to avoid leaking state into the next turn.
  */
+import { loggerService } from '@logger'
 import type { FinishReason, LanguageModelUsage, ProviderMetadata } from 'ai'
 
+/**
+ * Builds a namespaced tool call ID by combining session ID with raw tool call ID.
+ * This ensures tool calls from different sessions don't conflict even if they have
+ * the same raw ID from the SDK.
+ *
+ * @param sessionId - The agent session ID
+ * @param rawToolCallId - The raw tool call ID from SDK (e.g., "WebFetch_0")
+ */
+export function buildNamespacedToolCallId(sessionId: string, rawToolCallId: string): string {
+  return `${sessionId}:${rawToolCallId}`
+}
+
 /**
  * Shared fields for every block that Claude can stream (text, reasoning, tool).
  */
@@ -34,6 +47,7 @@ type ReasoningBlockState = BaseBlockState & {
 type ToolBlockState = BaseBlockState & {
   kind: 'tool'
   toolCallId: string
+  rawToolCallId: string
   toolName: string
   inputBuffer: string
   providerMetadata?: ProviderMetadata
@@ -48,12 +62,17 @@ type PendingUsageState = {
 }
 
 type PendingToolCall = {
+  rawToolCallId: string
   toolCallId: string
   toolName: string
   input: unknown
   providerMetadata?: ProviderMetadata
 }
 
+type ClaudeStreamStateOptions = {
+  agentSessionId: string
+}
+
 /**
  * Tracks the lifecycle of Claude streaming blocks (text, thinking, tool calls)
  * across individual websocket events. The transformer relies on this class to
@@ -61,12 +80,20 @@ type PendingToolCall = {
  * usage/finish metadata once Anthropic closes a message.
  */
 export class ClaudeStreamState {
+  private logger
+  private readonly agentSessionId: string
   private blocksByIndex = new Map<number, BlockState>()
-  private toolIndexById = new Map<string, number>()
+  private toolIndexByNamespacedId = new Map<string, number>()
   private pendingUsage: PendingUsageState = {}
   private pendingToolCalls = new Map<string, PendingToolCall>()
   private stepActive = false
 
+  constructor(options: ClaudeStreamStateOptions) {
+    this.logger = loggerService.withContext('ClaudeStreamState')
+    this.agentSessionId = options.agentSessionId
+    this.logger.silly('ClaudeStreamState', options)
+  }
+
   /** Marks the beginning of a new AiSDK step. */
   beginStep(): void {
     this.stepActive = true
@@ -104,19 +131,21 @@ export class ClaudeStreamState {
   /** Caches tool metadata so subsequent input deltas and results can find it. */
   openToolBlock(
     index: number,
-    params: { toolCallId: string; toolName: string; providerMetadata?: ProviderMetadata }
+    params: { rawToolCallId: string; toolName: string; providerMetadata?: ProviderMetadata }
   ): ToolBlockState {
+    const toolCallId = buildNamespacedToolCallId(this.agentSessionId, params.rawToolCallId)
     const block: ToolBlockState = {
       kind: 'tool',
-      id: params.toolCallId,
+      id: toolCallId,
       index,
-      toolCallId: params.toolCallId,
+      toolCallId,
+      rawToolCallId: params.rawToolCallId,
       toolName: params.toolName,
       inputBuffer: '',
       providerMetadata: params.providerMetadata
     }
     this.blocksByIndex.set(index, block)
-    this.toolIndexById.set(params.toolCallId, index)
+    this.toolIndexByNamespacedId.set(toolCallId, index)
     return block
   }
 
@@ -125,13 +154,17 @@ export class ClaudeStreamState {
   }
 
   getToolBlockById(toolCallId: string): ToolBlockState | undefined {
-    const index = this.toolIndexById.get(toolCallId)
+    const index = this.toolIndexByNamespacedId.get(toolCallId)
     if (index === undefined) return undefined
     const block = this.blocksByIndex.get(index)
     if (!block || block.kind !== 'tool') return undefined
     return block
   }
 
+  getToolBlockByRawId(rawToolCallId: string): ToolBlockState | undefined {
+    return this.getToolBlockById(buildNamespacedToolCallId(this.agentSessionId, rawToolCallId))
+  }
+
   /** Appends streamed text to a text block, returning the updated state when present. */
   appendTextDelta(index: number, text: string): TextBlockState | undefined {
     const block = this.blocksByIndex.get(index)
@@ -158,10 +191,12 @@ export class ClaudeStreamState {
 
   /** Records a tool call to be consumed once its result arrives from the user. */
   registerToolCall(
-    toolCallId: string,
+    rawToolCallId: string,
     payload: { toolName: string; input: unknown; providerMetadata?: ProviderMetadata }
   ): void {
-    this.pendingToolCalls.set(toolCallId, {
+    const toolCallId = buildNamespacedToolCallId(this.agentSessionId, rawToolCallId)
+    this.pendingToolCalls.set(rawToolCallId, {
+      rawToolCallId,
       toolCallId,
       toolName: payload.toolName,
       input: payload.input,
@@ -170,10 +205,10 @@ export class ClaudeStreamState {
   }
 
   /** Retrieves and clears the buffered tool call metadata for the given id. */
-  consumePendingToolCall(toolCallId: string): PendingToolCall | undefined {
-    const entry = this.pendingToolCalls.get(toolCallId)
+  consumePendingToolCall(rawToolCallId: string): PendingToolCall | undefined {
+    const entry = this.pendingToolCalls.get(rawToolCallId)
     if (entry) {
-      this.pendingToolCalls.delete(toolCallId)
+      this.pendingToolCalls.delete(rawToolCallId)
     }
     return entry
   }
@@ -183,12 +218,12 @@ export class ClaudeStreamState {
    * completion so that downstream tool results can reference the original call.
    */
   completeToolBlock(toolCallId: string, input: unknown, providerMetadata?: ProviderMetadata): void {
+    const block = this.getToolBlockByRawId(toolCallId)
     this.registerToolCall(toolCallId, {
-      toolName: this.getToolBlockById(toolCallId)?.toolName ?? 'unknown',
+      toolName: block?.toolName ?? 'unknown',
       input,
       providerMetadata
     })
-    const block = this.getToolBlockById(toolCallId)
     if (block) {
       block.resolvedInput = input
     }
@@ -200,7 +235,7 @@ export class ClaudeStreamState {
     if (!block) return undefined
     this.blocksByIndex.delete(index)
     if (block.kind === 'tool') {
-      this.toolIndexById.delete(block.toolCallId)
+      this.toolIndexByNamespacedId.delete(block.toolCallId)
     }
     return block
   }
@@ -227,7 +262,7 @@ export class ClaudeStreamState {
   /** Drops cached block metadata for the currently active message. */
   resetBlocks(): void {
     this.blocksByIndex.clear()
-    this.toolIndexById.clear()
+    this.toolIndexByNamespacedId.clear()
   }
 
   /** Resets the entire step lifecycle after emitting a terminal frame. */
@@ -236,6 +271,10 @@ export class ClaudeStreamState {
     this.resetPendingUsage()
     this.stepActive = false
   }
+
+  getNamespacedToolCallId(rawToolCallId: string): string {
+    return buildNamespacedToolCallId(this.agentSessionId, rawToolCallId)
+  }
 }
 
 export type { PendingToolCall }

src/main/services/agents/services/claudecode/index.ts

@@ -13,6 +13,7 @@ import { app } from 'electron'
 import type { GetAgentSessionResponse } from '../..'
 import type { AgentServiceInterface, AgentStream, AgentStreamEvent } from '../../interfaces/AgentStreamInterface'
 import { sessionService } from '../SessionService'
+import { buildNamespacedToolCallId } from './claude-stream-state'
 import { promptForToolApproval } from './tool-permissions'
 import { ClaudeStreamState, transformSDKMessageToStreamParts } from './transform'
 
@@ -150,7 +151,10 @@ class ClaudeCodeService implements AgentServiceInterface {
         return { behavior: 'allow', updatedInput: input }
       }
 
-      return promptForToolApproval(toolName, input, options)
+      return promptForToolApproval(toolName, input, {
+        ...options,
+        toolCallId: buildNamespacedToolCallId(session.id, options.toolUseID)
+      })
     }
 
     // Build SDK options from parameters
@@ -346,7 +350,7 @@ class ClaudeCodeService implements AgentServiceInterface {
     const jsonOutput: SDKMessage[] = []
     let hasCompleted = false
     const startTime = Date.now()
-    const streamState = new ClaudeStreamState()
+    const streamState = new ClaudeStreamState({ agentSessionId: sessionId })
 
     try {
       for await (const message of query({ prompt: promptStream, options })) {

src/main/services/agents/services/claudecode/tool-permissions.ts

@@ -37,6 +37,7 @@ type RendererPermissionRequestPayload = {
   requestId: string
   toolName: string
   toolId: string
+  toolCallId: string
   description?: string
   requiresPermissions: boolean
   input: Record<string, unknown>
@@ -206,10 +207,19 @@ const ensureIpcHandlersRegistered = () => {
   })
 }
 
+type PromptForToolApprovalOptions = {
+  signal: AbortSignal
+  suggestions?: PermissionUpdate[]
+
+  // NOTICE: This ID is namespaced with session ID, not the raw SDK tool call ID.
+  // Format: `${sessionId}:${rawToolCallId}`, e.g., `session_123:WebFetch_0`
+  toolCallId: string
+}
+
 export async function promptForToolApproval(
   toolName: string,
   input: Record<string, unknown>,
-  options?: { signal: AbortSignal; suggestions?: PermissionUpdate[] }
+  options: PromptForToolApprovalOptions
 ): Promise<PermissionResult> {
   if (shouldAutoApproveTools) {
     logger.debug('promptForToolApproval auto-approving tool for test', {
@@ -245,6 +255,7 @@ export async function promptForToolApproval(
   logger.info('Requesting user approval for tool usage', {
     requestId,
     toolName,
+    toolCallId: options.toolCallId,
     description: toolMetadata?.description
   })
 
@@ -252,6 +263,7 @@ export async function promptForToolApproval(
     requestId,
     toolName,
     toolId: toolMetadata?.id ?? toolName,
+    toolCallId: options.toolCallId,
     description: toolMetadata?.description,
     requiresPermissions: toolMetadata?.requirePermissions ?? false,
     input: sanitizedInput,
@@ -266,6 +278,7 @@ export async function promptForToolApproval(
   logger.debug('Registering tool permission request', {
     requestId,
     toolName,
+    toolCallId: options.toolCallId,
     requiresPermissions: requestPayload.requiresPermissions,
     timeoutMs: TOOL_APPROVAL_TIMEOUT_MS,
     suggestionCount: sanitizedSuggestions.length
@@ -273,7 +286,11 @@ export async function promptForToolApproval(
 
   return new Promise<PermissionResult>((resolve) => {
     const timeout = setTimeout(() => {
-      logger.info('User tool permission request timed out', { requestId, toolName })
+      logger.info('User tool permission request timed out', {
+        requestId,
+        toolName,
+        toolCallId: options.toolCallId
+      })
       finalizeRequest(requestId, { behavior: 'deny', message: 'Timed out waiting for approval' }, 'timeout')
     }, TOOL_APPROVAL_TIMEOUT_MS)
 
@@ -287,7 +304,11 @@ export async function promptForToolApproval(
 
     if (options?.signal) {
       const abortListener = () => {
-        logger.info('Tool permission request aborted before user responded', { requestId, toolName })
+        logger.info('Tool permission request aborted before user responded', {
+          requestId,
+          toolName,
+          toolCallId: options.toolCallId
+        })
         finalizeRequest(requestId, defaultDenyUpdate, 'aborted')
       }
 

src/main/services/agents/services/claudecode/transform.ts

@@ -243,9 +243,10 @@ function handleAssistantToolUse(
   state: ClaudeStreamState,
   chunks: AgentStreamPart[]
 ): void {
+  const toolCallId = state.getNamespacedToolCallId(block.id)
   chunks.push({
     type: 'tool-call',
-    toolCallId: block.id,
+    toolCallId,
     toolName: block.name,
     input: block.input,
     providerExecuted: true,
@@ -331,10 +332,11 @@ function handleUserMessage(
     if (block.type === 'tool_result') {
       const toolResult = block as ToolResultContent
       const pendingCall = state.consumePendingToolCall(toolResult.tool_use_id)
+      const toolCallId = pendingCall?.toolCallId ?? state.getNamespacedToolCallId(toolResult.tool_use_id)
       if (toolResult.is_error) {
         chunks.push({
           type: 'tool-error',
-          toolCallId: toolResult.tool_use_id,
+          toolCallId,
           toolName: pendingCall?.toolName ?? 'unknown',
           input: pendingCall?.input,
           error: toolResult.content,
@@ -343,7 +345,7 @@ function handleUserMessage(
       } else {
         chunks.push({
           type: 'tool-result',
-          toolCallId: toolResult.tool_use_id,
+          toolCallId,
           toolName: pendingCall?.toolName ?? 'unknown',
           input: pendingCall?.input,
           output: toolResult.content,
@@ -514,7 +516,7 @@ function handleContentBlockStart(
     }
     case 'tool_use': {
       const block = state.openToolBlock(index, {
-        toolCallId: contentBlock.id,
+        rawToolCallId: contentBlock.id,
         toolName: contentBlock.name,
         providerMetadata
       })

src/renderer/src/pages/home/Messages/Tools/ToolPermissionRequestCard.tsx

@@ -1,7 +1,7 @@
 import type { PermissionUpdate } from '@anthropic-ai/claude-agent-sdk'
 import { loggerService } from '@logger'
 import { useAppDispatch, useAppSelector } from '@renderer/store'
-import { selectPendingPermissionByToolName, toolPermissionsActions } from '@renderer/store/toolPermissions'
+import { selectPendingPermission, toolPermissionsActions } from '@renderer/store/toolPermissions'
 import type { NormalToolResponse } from '@renderer/types'
 import { Button } from 'antd'
 import { ChevronDown, CirclePlay, CircleX } from 'lucide-react'
@@ -17,9 +17,7 @@ interface Props {
 export function ToolPermissionRequestCard({ toolResponse }: Props) {
   const { t } = useTranslation()
   const dispatch = useAppDispatch()
-  const request = useAppSelector((state) =>
-    selectPendingPermissionByToolName(state.toolPermissions, toolResponse.tool.name)
-  )
+  const request = useAppSelector((state) => selectPendingPermission(state.toolPermissions, toolResponse.toolCallId))
   const [now, setNow] = useState(() => Date.now())
   const [showDetails, setShowDetails] = useState(false)
 

src/renderer/src/store/toolPermissions.ts

@@ -6,6 +6,7 @@ export type ToolPermissionRequestPayload = {
   requestId: string
   toolName: string
   toolId: string
+  toolCallId: string
   description?: string
   requiresPermissions: boolean
   input: Record<string, unknown>
@@ -82,12 +83,12 @@ export const selectActiveToolPermission = (state: ToolPermissionsState): ToolPer
   return activeEntries[0]
 }
 
-export const selectPendingPermissionByToolName = (
+export const selectPendingPermission = (
   state: ToolPermissionsState,
-  toolName: string
+  toolCallId: string
 ): ToolPermissionEntry | undefined => {
   const activeEntries = Object.values(state.requests)
-    .filter((entry) => entry.toolName === toolName)
+    .filter((entry) => entry.toolCallId === toolCallId)
     .filter(
       (entry) => entry.status === 'pending' || entry.status === 'submitting-allow' || entry.status === 'submitting-deny'
     )