Issue #736: adopt PermissionRequest hook to replace --dangerously-skip-permissions#752
Merged
Merged
Conversation
…sion policy
- Add permission_policy ('skip'|'hook'|null) and allowed_domains_json columns to projects table (DB migration v26)
- Create pure-function permission-policy.ts service with evaluatePermission() covering read-only, network, write, bash, and default rules
- Handle POST /api/hooks/PermissionRequest synchronously (CC blocks waiting for response)
- When permissionPolicy='hook', omit --dangerously-skip-permissions from spawned CC processes
- Add PermissionRequest hook to settings.json.http.example
- Update ProjectService, cc-spawn, team-manager to thread permissionPolicy through
- Add 31 unit tests, 8 integration tests, 8 cc-spawn tests
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… to ProjectsPage - Add Permission Policy selector (skip/hook) to project settings inline controls - Add AllowedDomainsEditor textarea shown only when policy='hook' - Add handleSavePermissionPolicy and handleSaveAllowedDomains callbacks - Update CLAUDE.md: per-project permission policy section, FLEET_SKIP_PERMISSIONS note, projects table description Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Append a random suffix to repoPath and name so multiple seedProject() calls within the same millisecond don't collide on the UNIQUE constraints. The file has no beforeEach that wipes projects, so on fast CI two calls in different tests could land in the same ms and trigger SqliteError: UNIQUE constraint failed: projects.repo_path. Exposed by timing shifts from the new permission policy tests added in this PR. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #736
Summary
permission_policy='hook'mode that drops--dangerously-skip-permissionsand registers a synchronousPermissionRequesthook (CC 2.1.45+).PermissionPolicyServiceevaluates each tool call: read-only allow, write-inside-worktree allow, write-outside-worktree deny, WebFetch against project allowlist, Bash audit-only allow.permission_requestevents (visible in TeamDetail via existingteam_eventSSE broadcast).--dangerously-skip-permissions) is preserved for backward compatibility.Test plan
permission-policy.test.ts(all 5 policy rules + Windows path edge cases + sibling-dir prevention)hooks-routes.test.tsforPOST /api/hooks/PermissionRequest--dangerously-skip-permissionsargnpx tsc --noEmitcleanpermission_policy+allowed_domains_jsoncolumns toprojects🤖 Generated with Claude Code