feat: add support for require_approval argument when creating response (#3608)

# What does this PR do?
This PR adds support for the require_approval on an mcp tool definition
passed to create response in the Responses API. This allows the caller
to indicate whether they want to approve calls to that server, or let
them be called without approval.

Closes #3443

## Test Plan
Tested both approval and denial.
Added automated integration test for both cases.

---------

Signed-off-by: Gordon Sim <gsim@redhat.com>
Co-authored-by: Matthew Farrellee <matt@cs.wisc.edu>

tests/integration/responses/test_tool_responses.py

@@ -246,6 +246,82 @@ def test_response_sequential_mcp_tool(compat_client, text_model_id, case):
         assert "boiling point" in text_content.lower()
 
 
+@pytest.mark.parametrize("case", mcp_tool_test_cases)
+@pytest.mark.parametrize("approve", [True, False])
+def test_response_mcp_tool_approval(compat_client, text_model_id, case, approve):
+    if not isinstance(compat_client, LlamaStackAsLibraryClient):
+        pytest.skip("in-process MCP server is only supported in library client")
+
+    with make_mcp_server() as mcp_server_info:
+        tools = setup_mcp_tools(case.tools, mcp_server_info)
+        for tool in tools:
+            tool["require_approval"] = "always"
+
+        response = compat_client.responses.create(
+            model=text_model_id,
+            input=case.input,
+            tools=tools,
+            stream=False,
+        )
+
+        assert len(response.output) >= 2
+        list_tools = response.output[0]
+        assert list_tools.type == "mcp_list_tools"
+        assert list_tools.server_label == "localmcp"
+        assert len(list_tools.tools) == 2
+        assert {t.name for t in list_tools.tools} == {
+            "get_boiling_point",
+            "greet_everyone",
+        }
+
+        approval_request = response.output[1]
+        assert approval_request.type == "mcp_approval_request"
+        assert approval_request.name == "get_boiling_point"
+        assert json.loads(approval_request.arguments) == {
+            "liquid_name": "myawesomeliquid",
+            "celsius": True,
+        }
+
+        # send approval response
+        response = compat_client.responses.create(
+            previous_response_id=response.id,
+            model=text_model_id,
+            input=[{"type": "mcp_approval_response", "approval_request_id": approval_request.id, "approve": approve}],
+            tools=tools,
+            stream=False,
+        )
+
+        if approve:
+            assert len(response.output) >= 3
+            list_tools = response.output[0]
+            assert list_tools.type == "mcp_list_tools"
+            assert list_tools.server_label == "localmcp"
+            assert len(list_tools.tools) == 2
+            assert {t.name for t in list_tools.tools} == {
+                "get_boiling_point",
+                "greet_everyone",
+            }
+
+            call = response.output[1]
+            assert call.type == "mcp_call"
+            assert call.name == "get_boiling_point"
+            assert json.loads(call.arguments) == {
+                "liquid_name": "myawesomeliquid",
+                "celsius": True,
+            }
+            assert call.error is None
+            assert "-100" in call.output
+
+            # sometimes the model will call the tool again, so we need to get the last message
+            message = response.output[-1]
+            text_content = message.content[0].text
+            assert "boiling point" in text_content.lower()
+        else:
+            assert len(response.output) >= 1
+            for output in response.output:
+                assert output.type != "mcp_call"
+
+
 @pytest.mark.parametrize("case", custom_tool_test_cases)
 def test_response_non_streaming_custom_tool(compat_client, text_model_id, case):
     response = compat_client.responses.create(