Conversation
![github-code-quality[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
… tool approval panel Replaces the hardcoded --allowedTools flag with a user-configurable permission mode system. Three modes: Skip All (default, --dangerously- skip-permissions), Auto (--permission-mode auto, for paid plans), and Allowed Tools (--allowedTools with per-tool checklist). Security → Permissions now leads with a mode selector section featuring icon cards, flag badges, and a clear selected state. An allowed-tools checklist and per-harness overrides are available below. A one-time first-run modal surfaces before the first task execution. A slide-in ToolApprovalPanel lets users manage the allowed tools list mid-session from within the terminals view. All preferences persist in localStorage under harness-kit- keys. resetPermissionDefaults() clears tool list, ack flag, and overrides. 638/638 tests passing. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…llback getAllowedTools now filters stored entries against /^[A-Za-z]+(\([^)\]+\))?$/ so arbitrary localStorage strings cannot reach the Claude CLI flag. Empty allowed-tools list no longer falls back to --dangerously-skip-permissions; Claude's default prompting behavior (no permission flag) is now used instead, which matches user expectation that an empty list means "prompt for everything." Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…stance - tauri.ts: export detectClaudeAccount + ClaudeAccountInfo interface - tool-names.ts: add scopeHint/scopeLabel fields for per-tool scope input hints - PermissionsPage.test.tsx: add window.__TAURI_INTERNALS__ setup/teardown - vite.config.ts: ignore .auto-claude/** to prevent Vite watching worktree artifacts - Cargo.toml + Cargo.lock: add tauri-plugin-single-instance dependency - settings.rs: detect_claude_account command (parses claude auth status) - lib.rs: register single-instance plugin and detect_claude_account command Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
siracusa5
force-pushed
the
feat/permission-mode-selector
branch
from
b5f8cd1 to
3f84593
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a fully-featured permission mode selector to the Security → Permissions page, with automatic Claude account detection to gate Auto mode, per-tool scope granularity (e.g.
Read(~/repos/**)patterns), a live "Current configuration" summary banner, graceful degradation when running outside the Tauri desktop environment, and single-instance window enforcement.Changes
detect_claude_accountTauri command runsclaude auth status, parses subscription type, and returnsauto_mode_available. Frontend calls this on mount and auto-shows/hides the Auto card without a manual disclosure toggle.Tool(pattern)entries (e.g.Read(~/repos/**),Bash(git *),WebFetch(https://api.github.com/*)). Active tools render as rows with a scope input column; inactive tools render as+ ToolNamechips.window.__TAURI_INTERNALS__is absent (browser/dev), the settings.json section shows "requires the desktop app" instead of a raw TypeError.tauri-plugin-single-instancefocuses the existing window when a second instance is launched.window.__TAURI_INTERNALS__setup/teardown inbeforeEach/afterEachand missing mock entries (detectClaudeAccount,getAutoModeUnlocked,setAutoModeUnlocked) so all 638 tests pass.Test Plan
pnpm test --runinapps/desktop)auto_mode_available: false, shown when trueTool(pattern)formatNotes
The
detect_claude_accountcommand shells out toclaude auth status— if the Claude CLI is not installed, it returns{ logged_in: false, auto_mode_available: false }gracefully. The Auto mode card is suppressed in that case.