Issue Station
Sign In
Tools hereToolbox

claude-code - 💡(How to fix) Fix bypassPermissions confirmation dialog has no pre-accept flag; blocks headless/autonomous sessions [1 comments, 2 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
anthropics/claude-code#52501Fetched 2026-04-24 06:05:31
View on GitHub
Comments
1
Participants
2
Timeline
5
Reactions
0
Author
ph47s74xph47s74x
Participants
github-actions[bot]github-actions[bot]ph47s74xph47s74x
Timeline (top)
labeled ×3commented ×1cross-referenced ×1

defaultMode: bypassPermissions in settings.local.json triggers a one-time interactive confirmation dialog ("WARNING: Claude Code running in Bypass Permissions mode … 1. No, exit / 2. Yes, I accept") that cannot be pre-accepted. This makes bypassPermissions effectively unusable for headless / autonomous / spawned-from-script sessions, even though those are precisely the contexts where it's most needed (multi-session orchestration, choir-style swarms, scheduled agents).

By contrast, workspaceTrust has the well-known precedent hasTrustDialogAccepted: true in ~/.claude.json projects[<path>] that lets callers pre-accept trust without an interactive dialog. There is no analogous pre-accept key for bypassPermissions.

Root Cause

The marketing case for bypass mode is autonomous agents in sandboxes — that is the exact case where no human is sitting there to dismiss a dialog. Multi-session frameworks (choir, custom swarm runners, CI-driven batch sessions) need this to work without TTY puppetry. Today the only reliable workaround is passing --dangerously-skip-permissions via a wrapper, which requires every orchestration tool to re-implement the same flag forwarding.

Fix Action

Fix / Workaround

The marketing case for bypass mode is autonomous agents in sandboxes — that is the exact case where no human is sitting there to dismiss a dialog. Multi-session frameworks (choir, custom swarm runners, CI-driven batch sessions) need this to work without TTY puppetry. Today the only reliable workaround is passing --dangerously-skip-permissions via a wrapper, which requires every orchestration tool to re-implement the same flag forwarding.

Code Example

{"permissions": {"defaultMode": "bypassPermissions"}}

---

WARNING: Claude Code running in Bypass Permissions mode
     o 1. No, exit
       2. Yes, I accept
     Enter to confirm · Esc to cancel

---

"hasAcceptedBypassPermissionsMode": true
RAW_BUFFERClick to expand / collapse

Summary

defaultMode: bypassPermissions in settings.local.json triggers a one-time interactive confirmation dialog ("WARNING: Claude Code running in Bypass Permissions mode … 1. No, exit / 2. Yes, I accept") that cannot be pre-accepted. This makes bypassPermissions effectively unusable for headless / autonomous / spawned-from-script sessions, even though those are precisely the contexts where it's most needed (multi-session orchestration, choir-style swarms, scheduled agents).

By contrast, workspaceTrust has the well-known precedent hasTrustDialogAccepted: true in ~/.claude.json projects[<path>] that lets callers pre-accept trust without an interactive dialog. There is no analogous pre-accept key for bypassPermissions.

Repro

  1. .claude/settings.local.json: 
    {"permissions": {"defaultMode": "bypassPermissions"}}
  2. Spawn claude detached (e.g. via screen, nohup, or in my case choir spawn into a headless GNU screen window).
  3. Session parks at: 
    WARNING: Claude Code running in Bypass Permissions mode
  o 1. No, exit
    2. Yes, I accept
  Enter to confirm · Esc to cancel
  4. screen -X stuff with arrow-key sequences to accept the dialog is brittle and in my case exited the session instead of accepting (the "No, exit" option is the default).

Expected

A durable, declarative way to pre-accept bypass mode without human interaction. Options:

  1. Best: a per-project / per-user key matching the hasTrustDialogAccepted pattern, e.g. 
    "hasAcceptedBypassPermissionsMode": true
    in ~/.claude.json projects[<path>], honoured when defaultMode: bypassPermissions is in effect.
  2. Alternative: make --permission-mode=bypassPermissions on the CLI suppress the confirmation dialog (it already accepts the risk implicitly by setting the flag). Today it still shows the dialog.
  3. Alternative: make --dangerously-skip-permissions (which already suppresses the dialog) respect per-session overrides from settings, so it can be configured per-cwd.

Why this matters

The marketing case for bypass mode is autonomous agents in sandboxes — that is the exact case where no human is sitting there to dismiss a dialog. Multi-session frameworks (choir, custom swarm runners, CI-driven batch sessions) need this to work without TTY puppetry. Today the only reliable workaround is passing --dangerously-skip-permissions via a wrapper, which requires every orchestration tool to re-implement the same flag forwarding.

Environment

  • Claude Code v2.1.117
  • Windows 11 + WSL2 Ubuntu, GNU screen backend
  • 21 choir-spawned peers, all blocked at the dialog simultaneously

extent analysis

TL;DR

To resolve the issue, consider adding a declarative way to pre-accept bypass mode without human interaction, such as introducing a hasAcceptedBypassPermissionsMode key in ~/.claude.json projects.

Guidance

  • Investigate the possibility of adding a hasAcceptedBypassPermissionsMode key in ~/.claude.json projects to pre-accept bypass mode, similar to the existing hasTrustDialogAccepted pattern.
  • Explore modifying the --permission-mode=bypassPermissions CLI flag to suppress the confirmation dialog when set.
  • Consider enhancing the --dangerously-skip-permissions flag to respect per-session overrides from settings, allowing for more flexible configuration.
  • Review the current implementation of bypassPermissions in settings.local.json to understand why it triggers an interactive confirmation dialog.

Example

{
  "hasAcceptedBypassPermissionsMode": true
}

This example illustrates the proposed hasAcceptedBypassPermissionsMode key in ~/.claude.json projects.

Notes

The solution may require changes to the Claude Code implementation, and it is essential to ensure that any modifications do not introduce security vulnerabilities.

Recommendation

Apply a workaround by passing --dangerously-skip-permissions via a wrapper, as this is the current reliable solution, although it requires re-implementing the same flag forwarding in every orchestration tool.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#container setup#orchestration issue#cache issue#memory leak#API versioning

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING

claude-code - 💡(How to fix) Fix bypassPermissions confirmation dialog has no pre-accept flag; blocks headless/autonomous sessions [1 comments, 2 participants]