fix: use acceptEdits mode and mount .claude.json for SDK

- bypassPermissions blocked by SDK when running as root - Switch to acceptEdits with canUseTool for programmatic control - Mount .claude.json config file into container Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 06:37:31 -08:00 · 2026-02-23 06:37:31 -08:00 · 04a18a7899
parent db1d0620f2
commit 04a18a7899
2 changed files with 3 additions and 4 deletions
--- a/deploy/docker/docker-compose.yml
+++ b/deploy/docker/docker-compose.yml
@ -120,6 +120,7 @@ services:
      - "13002:3002"
    volumes:
      - ${HOME}/.claude:/root/.claude
+      - ${HOME}/.claude.json:/root/.claude.json
    environment:
      - DB_HOST=postgres
      - DB_PORT=5432
--- a/packages/services/agent-service/src/infrastructure/engines/claude-agent-sdk/claude-agent-sdk-engine.ts
+++ b/packages/services/agent-service/src/infrastructure/engines/claude-agent-sdk/claude-agent-sdk-engine.ts
@ -107,8 +107,7 @@ export class ClaudeAgentSdkEngine implements AgentEnginePort {
          maxBudgetUsd: params.maxBudgetUsd,
          env,
          abortController,
-          allowDangerouslySkipPermissions: true,
-          permissionMode: 'bypassPermissions',
+          permissionMode: 'acceptEdits',
          stderr: (data: string) => {
            this.logger.debug(`SDK stderr (${params.sessionId}): ${data.trim()}`);
          },
@ -275,8 +274,7 @@ export class ClaudeAgentSdkEngine implements AgentEnginePort {
          resume: sdkSessionId,
          env,
          abortController,
-          allowDangerouslySkipPermissions: true,
-          permissionMode: 'bypassPermissions',
+          permissionMode: 'acceptEdits',
          canUseTool: async (toolName, toolInput) => {
            const riskLevel = this.classifyToolRisk(toolName, toolInput);
            if (riskLevel <= CommandRiskLevel.LOW_RISK_WRITE) {