fix: permission system overhaul - bypass mode, smart auto-approve

idoubi · claude · idoubi · commit beef89275a86 · 2026-04-02T10:39:52.000+08:00
The permission callback was always showing interactive prompts even in
bypassPermissions mode because we overrode CanUseTool for all modes.

Now the permission logic is:
- bypassPermissions: allow everything, zero prompts
- acceptEdits: auto-approve read-only + Edit/Write/Bash
- plan: allow all (planning can read/analyze)
- default: auto-approve read-only, ask for write operations

Also:
- /permissions bypass (shortcut aliases: bypass, off, y, yes)
- /permissions auto (alias for acceptEdits)
- Clearer mode descriptions with emoji indicators
- Read-only tools (Read, Glob, Grep, WebFetch, WebSearch) never prompt

Co-Authored-By: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/internal/slash/slash.go b/internal/slash/slash.go
@@ -370,18 +370,52 @@ func (h *Handler) showConfig() Result {
 func (h *Handler) permissions(args []string) Result {
 	if len(args) == 0 {
 		cfg := h.app.GetConfig()
+		mode := cfg.PermissionMode
+		if mode == "" {
+			mode = "default"
+		}
+		indicator := map[string]string{
+			"default":           "🔒 Asks for write operations",
+			"acceptEdits":       "✎  Auto-approves all file edits + bash",
+			"bypassPermissions": "⚡ Allows everything (no prompts)",
+			"plan":              "📋 Plan only, no execution",
+		}
+		desc := indicator[mode]
 		return Result{
-			Message: fmt.Sprintf("Current mode: %s\n\nAvailable modes:\n  default           Ask for each tool\n  acceptEdits       Auto-approve read-only tools\n  bypassPermissions Skip all prompts\n  plan              Plan mode (no execution)", cfg.PermissionMode),
+			Message: fmt.Sprintf("Current mode: %s — %s\n\nSwitch with:\n  /permissions bypass     Skip all prompts\n  /permissions default    Ask for write ops\n  /permissions auto       Auto-approve edits\n  /permissions plan       Plan only", mode, desc),
 		}
 	}
 
 	mode := args[0]
+	// Aliases for convenience
+	switch strings.ToLower(mode) {
+	case "bypass", "bypasspermissions", "off", "y", "yes":
+		mode = "bypassPermissions"
+	case "auto", "acceptedits", "accept":
+		mode = "acceptEdits"
+	case "default", "on", "ask":
+		mode = "default"
+	case "plan":
+		mode = "plan"
+	}
+
 	switch mode {
 	case "default", "acceptEdits", "bypassPermissions", "plan":
 		h.app.SetPermissionMode(mode)
-		return Result{Message: fmt.Sprintf("Permission mode changed to: %s", mode)}
+		indicator := ""
+		switch mode {
+		case "bypassPermissions":
+			indicator = " ⚡ All tools auto-approved"
+		case "acceptEdits":
+			indicator = " ✎ File edits auto-approved"
+		case "plan":
+			indicator = " 📋 Plan only mode"
+		case "default":
+			indicator = " 🔒 Will ask for write operations"
+		}
+		return Result{Message: fmt.Sprintf("Permission mode: %s%s", mode, indicator)}
 	default:
-		return Result{Message: fmt.Sprintf("Unknown permission mode: %s", mode)}
+		return Result{Message: fmt.Sprintf("Unknown mode: %s\nUse: bypass, auto, default, plan", mode)}
 	}
 }
 
diff --git a/internal/tui/model.go b/internal/tui/model.go
@@ -211,12 +211,8 @@ func (m *Model) initAgent() tea.Cmd {
 			AllowedTools:       m.cfg.AllowedTools,
 		}
 
-		pm := m.cfg.GetPermissionMode()
-		if pm == types.PermissionModeBypassPermissions {
-			opts.PermissionMode = types.PermissionModeBypassPermissions
-		} else {
-			opts.CanUseTool = m.createPermissionCallback()
-		}
+		// Always use our interactive callback — it checks mode internally
+		opts.CanUseTool = m.createPermissionCallback()
 
 		a := agent.New(opts)
 		m.agent = a
@@ -236,18 +232,44 @@ func (m *Model) initAgent() tea.Cmd {
 }
 
 func (m *Model) createPermissionCallback() types.CanUseToolFn {
+	allow := &types.PermissionDecision{Behavior: types.PermissionAllow}
+
 	return func(tool types.Tool, input map[string]interface{}) (*types.PermissionDecision, error) {
-		// Check persisted rules first
+		mode := m.cfg.GetPermissionMode()
+
+		// bypassPermissions: allow everything, no questions asked
+		if mode == types.PermissionModeBypassPermissions {
+			return allow, nil
+		}
+
+		// Check persisted "always allow" rules
 		if m.permRules.IsAllowed(tool.Name()) {
-			return &types.PermissionDecision{Behavior: types.PermissionAllow}, nil
+			return allow, nil
+		}
+
+		// acceptEdits: auto-approve read-only tools + file edit tools
+		if mode == types.PermissionModeAcceptEdits {
+			if tool.IsReadOnly(input) {
+				return allow, nil
+			}
+			// Also auto-approve Edit, Write (the "edits" in acceptEdits)
+			switch tool.Name() {
+			case "Edit", "Write", "Bash":
+				return allow, nil
+			}
+		}
+
+		// plan mode: allow all tools (planning can read/analyze)
+		if mode == types.PermissionModePlan {
+			return allow, nil
 		}
 
-		// Read-only auto-approve in acceptEdits mode
-		if m.cfg.GetPermissionMode() == types.PermissionModeAcceptEdits && tool.IsReadOnly(input) {
-			return &types.PermissionDecision{Behavior: types.PermissionAllow}, nil
+		// default mode: auto-approve read-only tools, ask for write tools
+		if tool.IsReadOnly(input) {
+			return allow, nil
 		}
 
-		// Ask user via TUI
+		// Ask user via TUI for write operations
 		respCh := make(chan *types.PermissionDecision, 1)
 		if m.program != nil {
 			m.program.Send(permissionRequestMsg{
@@ -256,7 +278,7 @@ func (m *Model) createPermissionCallback() types.CanUseToolFn {
 				respCh:   respCh,
 			})
 		} else {
-			return &types.PermissionDecision{Behavior: types.PermissionAllow}, nil
+			return allow, nil
 		}
 
 		select {
