claude-code - 💡(How to fix) Fix Feature Request: Intelligent Permission Cascading in Agent Teams — Lead Agent as Permission Proxy [1 participants]

Summary

In Agent Teams, teammate permission requests currently bubble up to the human user, creating a flood of approval prompts that makes multi-agent workflows impractical without pre-approving everything in settings. The lead agent should be able to approve/deny teammate tool calls on the user's behalf, within the permission bounds the user granted to the lead.

Problem

Today there are only two extremes:

1. Manual approval — every teammate's file edit, bash command, etc. prompts the human. With 3-5 teammates, this is unusable.
2. Blanket pre-approval — pre-approve tool patterns in settings.json. This works but removes all guardrails. You're trusting everything blindly.

The plan approval feature (requiring teammates to plan before implementing) is a great middle ground for what to do, but there's no equivalent for how they do it — the actual tool calls still go straight to the human or bypass review entirely.

Proposed Solution

Add intelligent permission cascading where the lead agent acts as a permission proxy:

User grants permissions to Lead
  └── Lead evaluates teammate permission requests
       ├── Approve (within user's bounds + lead's judgment)
       ├── Deny (outside bounds or risky)
       └── Escalate to human (uncertain / high-risk)

How it would work

1. User sets permission bounds for the lead (existing mechanism — permission mode, allow/deny rules)
2. Teammate requests a tool call (e.g., Edit(src/auth/handler.ts), Bash(npm test))
3. Lead evaluates the request against:
   • The user's permission bounds (hard limit — lead can never approve beyond what the user allowed)
   • The task context (does this edit align with the teammate's assigned work?)
   • Risk assessment (is this a destructive or irreversible operation?)
4. Lead decides: approve, deny with feedback, or escalate to the human

Why the lead agent is well-positioned for this

• The lead already has full context of the task decomposition and each teammate's assignment
• It already approves teammate plans autonomously — extending this to tool calls is a natural progression
• It can catch misaligned actions (e.g., a teammate editing files outside its assigned scope) that blanket pre-approval can't
• The "approve within bounds" model already exists conceptually in plan approval — this applies the same pattern to execution

Configuration example

{
  "agentTeams": {
    "permissionCascading": true,
    "leadCanApprove": ["Edit(src/**)", "Bash(npm *)"],
    "alwaysEscalateToHuman": ["Bash(rm *)", "Bash(git push *)"]
  }
}

Or simply inherit from the lead's permission mode — if the user trusts the lead to run Edit(src/**), the lead can approve that same operation for teammates.

Why This Matters

Agent teams are the most exciting feature in Claude Code, but the permission UX is the main friction point. This sits perfectly between "approve every single thing" and "skip all permissions" — it's the supervised delegation model that makes multi-agent practical.

The building blocks are already there:

• Lead already approves plans autonomously
• Permission bounds are already configurable
• The classifier in auto mode already evaluates risk

Connecting these pieces — let the lead use that same judgment on teammate tool calls — would make agent teams dramatically more usable.