crashlabs/huskies
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 26 Wiki Activity

fix: switch agent permission mode from bypassPermissions to allowFullAutoEdit

Browse Source 
bypassPermissions ignored the worktree's .claude/settings.json entirely,
letting agents run any Bash command including cargo test (which they'd
spawn 4+ times concurrently, deadlocking on the build directory lock).

allowFullAutoEdit respects the settings.json allowlist, so agents can
only use the Bash commands we explicitly permit (cargo check, cargo
build, git) and must use MCP tools for everything else (run_tests,
run_lint, run_build).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
dave
2026-04-11 20:15:01 +00:00
parent 32e36bbc4b
commit e32300d1f8
2 changed files with 20 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/src/agents/pty.rs
+6 -2
View File
@@ -198,9 +198,13 @@ fn run_agent_pty_blocking(
// and instead leak as unstructured PTY text.
cmd.arg("--include-partial-messages");
// Supervised agents don't need interactive permission prompts
// Agents use allowFullAutoEdit so the worktree's .claude/settings.json
// controls which tools are pre-approved. Anything not in the allowlist
// triggers the permission prompt tool, which auto-denies for agents.
cmd.arg("--permission-mode");
cmd.arg("bypassPermissions");
cmd.arg("allowFullAutoEdit");
cmd.arg("--permission-prompt-tool");
cmd.arg("mcp__huskies__prompt_permission");
cmd.cwd(cwd);
cmd.env("NO_COLOR", "1");