feat(shell): honor Claude skip-permissions setting in the web shell (RFC)#987
Draft
mayankdebnath wants to merge 1 commit into
Draft
feat(shell): honor Claude skip-permissions setting in the web shell (RFC)#987mayankdebnath wants to merge 1 commit into
mayankdebnath wants to merge 1 commit into
Conversation
Contributor
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
The web shell always launched `claude` normally, so it ignored the existing Claude "Skip Permissions" setting (Settings > Agents > Permissions > Claude) that already bypasses permission prompts in chat. Make the web shell honor the same setting, and add a server-wide env default for headless deployments. Because bypassing Claude Code's approval prompts is a deliberate security downgrade, it stays off by default and the shell behaves exactly as before unless it is opted into: - UI: the shell now sends the existing `claude-settings` skipPermissions value, so the one Claude "Skip Permissions" toggle controls both chat and shell. - Server: a `SHELL_DANGEROUSLY_SKIP_PERMISSIONS` env var (default off; accepts 1/true/yes/on) for headless / no-UI deployments. Precedence: an explicit per-session request overrides the server default; when neither is set, prompts stay on. The flag is scoped to the `claude` provider and applied to both the primary and resume-fallback invocations on posix and Windows. Document the option in the README and .env.example, and add unit tests covering the default-off guarantee and the opt-in across platforms and providers.
97f6aab to
3792f16
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
The app already has a Claude Skip Permissions setting (Settings → Agents →
Permissions → Claude) that bypasses Claude Code's approval prompts in chat via
the SDK's
bypassPermissionsmode. The web shell ignores it — it alwayslaunches
claudenormally — so the same project can auto-approve in chat butstill prompt in the shell, and the only way to change that today is a local patch
that hardcodes
--dangerously-skip-permissions.This makes the web shell honor the existing Claude Skip Permissions setting,
so one toggle governs both chat and shell, and adds a server-wide env default for
headless deployments. Prior art for permission-related config: #802 (Codex
permission env fallback).
Design
Default is unchanged: with nothing enabled, the shell launches
claudeexactlyas before and prompts stay on.
claude-settings.skipPermissionsvalue on itsinitmessage. EnablingSettings → Agents → Permissions → Claude → Skip Permissions now also makes
the web shell launch
claude --dangerously-skip-permissions. No new toggle.SHELL_DANGEROUSLY_SKIP_PERMISSIONS(default off;accepts
1/true/yes/on), for headless / no-UI deployments.Precedence: an explicit per-session value overrides the server default; when
neither is set, prompts stay on. The flag is scoped to the
claudeprovider andapplied to both the primary invocation and the resume-fallback, on posix and
Windows. Codex / Cursor / opencode / plain shell are never affected (each already
has its own permission mechanism).
Security notes
UI, rather than introducing a second, easier-to-miss control.
Skip Permissions toggle the behavior you want, or should the shell bypass be
independently controllable? Should the env var gate whether the UI setting
applies to the shell at all? Guidance welcome.
Changes
shouldSkipClaudePermissions()+SHELL_DANGEROUSLY_SKIP_PERMISSIONSwired into
buildShellCommand(shell-websocket.service.ts), refactored totake injectable
env/platformfor testability.claude-settings.skipPermissionsand sends it on theshell
initmessage..env.example.Tests / verification
server/modules/websocket/tests/shell-websocket-command.test.ts)asserting the default-off guarantee, env/per-session precedence, and
behavior across posix/win32 and all providers.
npm run typecheck,npm run lint(0 errors), fullnode:testsuite, andnpm run build— all pass. Server boots and the default path spawns plainclaude.