Skip to content

feat(shell): honor Claude skip-permissions setting in the web shell (RFC)#987

Draft
mayankdebnath wants to merge 1 commit into
siteboon:mainfrom
mayankdebnath:feat/web-shell-skip-permissions-opt-in
Draft

feat(shell): honor Claude skip-permissions setting in the web shell (RFC)#987
mayankdebnath wants to merge 1 commit into
siteboon:mainfrom
mayankdebnath:feat/web-shell-skip-permissions-opt-in

Conversation

@mayankdebnath

@mayankdebnath mayankdebnath commented Jul 10, 2026

Copy link
Copy Markdown

Draft / RFC. This is a security-sensitive change and, per CONTRIBUTING
("Discuss first for new features"), I'm opening it as a draft to get direction
before polishing. Happy to adjust or drop it if it's not something you want
upstream.

Motivation

The app already has a Claude Skip Permissions setting (Settings → Agents →
Permissions → Claude) that bypasses Claude Code's approval prompts in chat via
the SDK's bypassPermissions mode. The web shell ignores it — it always
launches claude normally — so the same project can auto-approve in chat but
still prompt in the shell, and the only way to change that today is a local patch
that hardcodes --dangerously-skip-permissions.

This makes the web shell honor the existing Claude Skip Permissions setting,
so one toggle governs both chat and shell, and adds a server-wide env default for
headless deployments. Prior art for permission-related config: #802 (Codex
permission env fallback).

Design

Default is unchanged: with nothing enabled, the shell launches claude exactly
as before and prompts stay on.

  • UI (reuses the existing setting): the shell sends the persisted
    claude-settings.skipPermissions value on its init message. Enabling
    Settings → Agents → Permissions → Claude → Skip Permissions now also makes
    the web shell launch claude --dangerously-skip-permissions. No new toggle.
  • Server-wide (env): SHELL_DANGEROUSLY_SKIP_PERMISSIONS (default off;
    accepts 1/true/yes/on), for headless / no-UI deployments.

Precedence: an explicit per-session value overrides the server default; when
neither is set, prompts stay on. The flag is scoped to the claude provider and
applied to both the primary invocation and the resume-fallback, on posix and
Windows. Codex / Cursor / opencode / plain shell are never affected (each already
has its own permission mechanism).

Security notes

  • Default off — no behavior change unless explicitly enabled.
  • Non-boolean / garbage values fall back to "off".
  • Reuses the setting that already carries an orange "dangerous" warning in the
    UI, rather than introducing a second, easier-to-miss control.
  • Open question for maintainers: is folding the shell into the existing Claude
    Skip Permissions toggle the behavior you want, or should the shell bypass be
    independently controllable? Should the env var gate whether the UI setting
    applies to the shell at all? Guidance welcome.

Changes

  • Server: shouldSkipClaudePermissions() + SHELL_DANGEROUSLY_SKIP_PERMISSIONS
    wired into buildShellCommand (shell-websocket.service.ts), refactored to
    take injectable env/platform for testability.
  • Client: the shell reads claude-settings.skipPermissions and sends it on the
    shell init message.
  • Docs: README "Security & Tools Configuration" section and .env.example.

Tests / verification

  • New unit tests (server/modules/websocket/tests/shell-websocket-command.test.ts)
    asserting the default-off guarantee, env/per-session precedence, and
    behavior across posix/win32 and all providers.
  • npm run typecheck, npm run lint (0 errors), full node:test suite, and
    npm run build — all pass. Server boots and the default path spawns plain
    claude.

@coderabbitai

coderabbitai Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 1eb69e4a-a9ce-4785-ae60-71e95607281b

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

The web shell always launched `claude` normally, so it ignored the existing
Claude "Skip Permissions" setting (Settings > Agents > Permissions > Claude) that
already bypasses permission prompts in chat. Make the web shell honor the same
setting, and add a server-wide env default for headless deployments.

Because bypassing Claude Code's approval prompts is a deliberate security
downgrade, it stays off by default and the shell behaves exactly as before
unless it is opted into:

- UI: the shell now sends the existing `claude-settings` skipPermissions value,
  so the one Claude "Skip Permissions" toggle controls both chat and shell.
- Server: a `SHELL_DANGEROUSLY_SKIP_PERMISSIONS` env var (default off; accepts
  1/true/yes/on) for headless / no-UI deployments.

Precedence: an explicit per-session request overrides the server default; when
neither is set, prompts stay on. The flag is scoped to the `claude` provider and
applied to both the primary and resume-fallback invocations on posix and Windows.

Document the option in the README and .env.example, and add unit tests covering
the default-off guarantee and the opt-in across platforms and providers.
@mayankdebnath mayankdebnath force-pushed the feat/web-shell-skip-permissions-opt-in branch from 97f6aab to 3792f16 Compare July 10, 2026 13:53
@mayankdebnath mayankdebnath changed the title feat(shell): add opt-in to bypass web-shell permission prompts (RFC) feat(shell): honor Claude skip-permissions setting in the web shell (RFC) Jul 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant