claude-code - 💡(How to fix) Fix Plan-scoped permission manifest — approve once per plan, not per tool call

Preflight Checklist

• I have searched existing requests and this feature hasn't been requested yet
• This is a single feature request (not multiple features)

Problem Statement

When using plan mode, I approve a detailed plan (files to modify, approach, tools needed), then Claude executes it — but I still have to click "approve" for every single tool call (Edit, Bash, Read, etc.). A typical plan generates 20-40 tool calls, meaning 20-40 manual approvals for work I already reviewed and approved.

The current alternatives don't solve this:

• "Don't ask again" is session-scoped, not plan-scoped — it leaks permissions into unrelated future tasks
• Global auto-approve (--dangerously-skip-permissions) is too broad — I want control per-task, not per-session

As a solo developer, I use plan mode heavily. The approval friction makes plan mode feel like a plan-then-babysit mode instead of a plan-then-execute mode.

Proposed Solution

After the user approves a plan, Claude presents a permission manifest — a summary of all tools, files, and actions the plan requires. The user reviews the scope upfront, approves once, and Claude executes autonomously within that scope.

This is analogous to:

• Android app install permissions (declare upfront, approve once)
• GitHub Actions workflow permissions (scoped to workflow)
• npm install showing the dependency tree before proceeding

The manifest could include:

• Files: glob patterns (e.g., osboon/views/*.py, templates/**/*.html)
• Tools: which tools are needed (Edit, Bash, Read, Write, WebSearch)
• Bash patterns (optional): scoped commands (e.g., python manage.py test*, git diff*)

Permissions auto-expire when:

• The plan completes, OR
• The user sends a new message (implicit scope change)

The plan already contains the file list and approach — the permission manifest is largely derivable from the plan itself.

Alternative Solutions

1. "Don't ask again" per tool — current workaround, but session-scoped (leaks across tasks)
2. allowedTools in settings — too static, applies to all tasks
3. --dangerously-skip-permissions — nuclear option, no per-task control
4. Manually clicking approve 20-40 times — what I currently do. Works but defeats the purpose of autonomous plan execution.

Priority

High - Significant impact on productivity

Feature Category

Interactive mode (TUI)

Use Case Example

1. I ask Claude to refactor my template system across 10 files
2. Claude enters plan mode, explores the codebase, and presents a plan:
   • Modify 6 Python files, 3 HTML templates, 1 JS file
   • Run tests after changes
3. I review and approve the plan
4. Claude shows the permission manifest: ┌─────────────────────────────────────┐ │ Permission Manifest │ │ │ │ Files: osboon/views/fll.py │ │ osboon/fll_renderer.py │ │ templates/osboon/.html │ │ static/osboon/js/.js │ │ Tools: Read, Edit, Grep, Glob │ │ Bash: python manage.py test* │ │ │ │ Expires: on plan completion │ │ │ │ [Approve All] [Edit Scope] [Skip] │ └─────────────────────────────────────┘
5. I click "Approve All"
6. Claude executes all 30+ tool calls without interruption
7. Permissions expire when Claude reports completion

Additional Context

Similar patterns in other tools:

• VS Code tasks: tasks.json declares what commands a task can run
• Docker: --cap-add / --cap-drop for scoped container permissions
• Terraform: plan then apply — review scope, approve once, execute

This pairs naturally with Claude Code's existing plan mode — the plan already declares intent, so deriving a permission scope is a small incremental step.