Skip to content

fix(sdk): always use bypassPermissions mode unless in plan mode#825

Closed
netrezver wants to merge 1 commit into
siteboon:mainfrom
netrezver:fix/always-bypass-permissions
Closed

fix(sdk): always use bypassPermissions mode unless in plan mode#825
netrezver wants to merge 1 commit into
siteboon:mainfrom
netrezver:fix/always-bypass-permissions

Conversation

@netrezver
Copy link
Copy Markdown

@netrezver netrezver commented Jun 4, 2026
edited by coderabbitai Bot
Loading

Problem

The SDK's permission bypass is conditional on settings.skipPermissions being true in addition to not being in plan mode. In practice skipPermissions defaults to false, so even in the default UI workflow where the user has not explicitly enabled "plan mode", the SDK does not bypass permissions and throws unexpected tool-permission prompts during normal use.

Root Cause

// Before
if (settings.skipPermissions && permissionMode !== 'plan') {
  sdkOptions.permissionMode = 'bypassPermissions';
}

The double-guard (settings.skipPermissions &&) means bypassPermissions is only set when the user has explicitly toggled skipPermissions on. For all other modes the SDK falls back to its own interactive permission flow, which conflicts with CloudCLI's own permission UI.

Fix

Remove the settings.skipPermissions guard. Permission mode is already fully controlled by the permissionMode selector in the UI. bypassPermissions should be the default for any non-plan session:

// After
// Always bypass permissions unless in plan mode
if (permissionMode !== 'plan') {
  sdkOptions.permissionMode = 'bypassPermissions';
}

How to Reproduce

  1. Ensure skipPermissions is false (the default — don't touch Settings).
  2. Send a message that triggers a tool requiring permission (e.g. a file-write command).
  3. Before this fix: an unexpected SDK-level permission prompt appears instead of the CloudCLI permission UI.
  4. After this fix: CloudCLI's own permission UI handles the request as expected.

Files Changed

File Change
server/claude-sdk.js Remove settings.skipPermissions && guard in mapCliOptionsToSDK

Summary by CodeRabbit

  • Bug Fixes
    • Updated tool permission check behavior to align with permission mode configuration settings.

@netrezver
fix(sdk): always use bypassPermissions mode unless in plan mode
f080712 
The previous check required both skipPermissions setting AND non-plan mode.
Since the UI already gates this via the permission mode selector, the extra
skipPermissions guard prevents the SDK from bypassing permissions even when
the user has not explicitly disabled the setting, causing unexpected
permission prompts during normal use.
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Jun 4, 2026
edited
Loading

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 6e9987af-0b89-4d4d-9066-30d91b454f1f

📥 Commits

Reviewing files that changed from the base of the PR and between d9e9df1 and f080712.

📒 Files selected for processing (1)
  • server/claude-sdk.js
📝 Walkthrough

Walkthrough

A single-file permission handling logic update in server/claude-sdk.js. The mapCliOptionsToSDK function now unconditionally bypasses permissions for all non-'plan' permission modes, decoupling the bypass behavior from the settings.skipPermissions flag.

Changes

Permission Mode Bypass Logic

Layer / File(s) Summary
Permission bypass for non-plan modes
server/claude-sdk.js		 The permission handling in mapCliOptionsToSDK sets sdkOptions.permissionMode = 'bypassPermissions' for all permission modes except 'plan', replacing the prior conditional check on settings.skipPermissions.

🐰 Permissions bypass with mode-based logic flow,
When plan is not chosen, permissions let go.
A conditional shift, from flag to the gate,
Non-plan modes now skip with streamlined fate.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the main change: the SDK now bypasses permissions unless in plan mode, which directly aligns with the fix that removes the skipPermissions guard.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@netrezver @blackmammoth