feat(cron): add per-job permission mode override#367
Merged
chenhg5 merged 2 commits intochenhg5:mainfrom Apr 2, 2026
Merged
Conversation
mkloveyy
force-pushed
the
feat/cron-job-permission-mode
branch
from
5f655cf to
ef81132
Compare
chenhg5
approved these changes
Mar 29, 2026
Owner
chenhg5
left a comment
chenhg5
left a comment
There was a problem hiding this comment.
LGTM. Useful feature for cron job automation.
Review notes:
- ✅ CI passes
- Adds per-job permission mode override (
modefield on CronJob) - Proper validation of mode values
- Mode applied via
LiveModeSwitcher.SetLiveMode()and restored via defer - Good test coverage
This enables unattended cron jobs to bypass permissions while keeping project in default mode for interactive sessions. Approved for merge.
Allow individual cron jobs to specify a permission mode (e.g. bypassPermissions) that overrides the project default during execution. The mode is restored after the job completes to prevent leakage into subsequent user messages. Changes: - CronJob.Mode field with validation against known modes - Message.ModeOverride as runtime carrier to processInteractiveMessageWith - LiveModeSwitcher.SetLiveMode applied with defer-based restoration - CronAddRequest.Mode in both Unix socket and management HTTP APIs - Management API PATCH support for editing existing cron jobs - Web dashboard: inline mode selector per job + create form dropdown - i18n translations for all 5 languages (EN/ZH/ZH-TW/JA/ES)
mkloveyy
force-pushed
the
feat/cron-job-permission-mode
branch
from
ef81132 to
f637895
Compare
Contributor
Author
|
@chenhg5 Hi, I've just rebased this branch onto latest main and resolved all the merge conflicts (management.go, CronList.tsx, i18n files, cron.ts). Build and tests pass. Could you take a look and merge when you get a chance? Thanks! |
chenhg5
pushed a commit
that referenced
this pull request
Apr 2, 2026
- fix(relay): process current event before timeout check, close session on channel drain (#405) - fix(claudecode): prevent reader goroutine leak in usage probe, add terminal memory bounds (#380) - fix(cron): validate mode/session_mode on UpdateJob, only restore live mode when override succeeds (#367) - fix(core): simplify idle rotation recovery — remove inconsistent fallback to old session (#400) - fix(feishu): use cache-disabled client for tenant token refresh (#401) - fix(setup): revert --set-allow-from-empty default to false to avoid unintended CLI behavior change (#376) - feat(telegram): gate message reactions behind enable_reactions config flag (#398) Made-with: Cursor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
bypassPermissions) independent of the project defaultLiveModeSwitcher.SetLiveMode()before execution and restored viadeferafter completionBackground
Cron jobs run unattended but inherit the project's permission mode. With
mode = "default", a cron job that triggers tool calls (Bash, Write, etc.) will block waiting for user approval — defeating the purpose of automation. This feature lets users setmode = "bypassPermissions"on specific cron jobs while keeping the project indefaultmode for interactive sessions.Changes
core/cron.go—Modefield on CronJob + validation + updateJobField supportcore/message.go—ModeOverridefield on Message as runtime carriercore/engine.go— Apply/restore mode inprocessInteractiveMessageWithcore/api.go—CronAddRequest.Mode+ job constructioncore/management.go—CronAddRequest.Mode+ PATCH handler for/cron/{id}web/— Inline mode selector, create form dropdown, i18n (5 languages)Test plan
go build ./...passesgo test ./core/ -run TestCron -vpassesbypassPermissionsauto-approved Write tool, no permission prompt