Add per-project full permissions toggle for --dangerously-skip-permissions

New projects default to standard permission mode (Claude asks before acting). Existing projects default to full permissions ON, preserving current behavior. UI toggle uses red/caution styling to highlight the security implications. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-13 08:58:13 -07:00
parent d7d7a83aec
commit b952b8e8de
6 changed files with 62 additions and 8 deletions
--- a/app/src-tauri/src/commands/terminal_commands.rs
+++ b/app/src-tauri/src/commands/terminal_commands.rs
@@ -17,10 +17,11 @@ fn build_terminal_cmd(project: &Project, state: &AppState) -> Vec<String> {
            .unwrap_or(false);

    if !is_bedrock_profile {
-        return vec![
-            "claude".to_string(),
-            "--dangerously-skip-permissions".to_string(),
-        ];
+        let mut cmd = vec!["claude".to_string()];
+        if project.full_permissions {
+            cmd.push("--dangerously-skip-permissions".to_string());
+        }
+        return cmd;
    }

    // Resolve AWS profile: project-level → global settings → "default"
@@ -33,6 +34,12 @@ fn build_terminal_cmd(project: &Project, state: &AppState) -> Vec<String> {

    // Build a bash wrapper that validates credentials, re-auths if needed,
    // then exec's into claude.
+    let claude_cmd = if project.full_permissions {
+        "exec claude --dangerously-skip-permissions"
+    } else {
+        "exec claude"
+    };
+
    let script = format!(
        r#"
 echo "Validating AWS session for profile '{profile}'..."
@@ -58,9 +65,10 @@ else
        echo ""
    fi
 fi
-exec claude --dangerously-skip-permissions
+{claude_cmd}
 "#,
-        profile = profile
+        profile = profile,
+        claude_cmd = claude_cmd
    );

    vec![
--- a/app/src-tauri/src/models/project.rs
+++ b/app/src-tauri/src/models/project.rs
@@ -24,6 +24,10 @@ fn default_protocol() -> String {
    "tcp".to_string()
 }

+fn default_full_permissions() -> bool {
+    true
+}
+
 #[derive(Debug, Clone, Serialize, Deserialize)]
 pub struct Project {
    pub id: String,
@@ -40,6 +44,8 @@ pub struct Project {
    pub allow_docker_access: bool,
    #[serde(default)]
    pub mission_control_enabled: bool,
+    #[serde(default = "default_full_permissions")]
+    pub full_permissions: bool,
    pub ssh_key_path: Option<String>,
    #[serde(skip_serializing, default)]
    pub git_token: Option<String>,
@@ -162,6 +168,7 @@ impl Project {
            openai_compatible_config: None,
            allow_docker_access: false,
            mission_control_enabled: false,
+            full_permissions: false,
            ssh_key_path: None,
            git_token: None,
            git_user_name: None,