From d40f66ce146142feebf8fb734773f207b78b1c2c Mon Sep 17 00:00:00 2001 From: hailin Date: Mon, 23 Feb 2026 06:30:38 -0800 Subject: [PATCH] fix: use bypassPermissions mode for headless SDK execution In a Docker container without TTY, permissionMode 'default' blocks waiting for interactive permission prompts. Switch to bypassPermissions with canUseTool callback for programmatic risk-based access control. Co-Authored-By: Claude Opus 4.6 --- .../engines/claude-agent-sdk/claude-agent-sdk-engine.ts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/packages/services/agent-service/src/infrastructure/engines/claude-agent-sdk/claude-agent-sdk-engine.ts b/packages/services/agent-service/src/infrastructure/engines/claude-agent-sdk/claude-agent-sdk-engine.ts index 9bdc502..95742a5 100644 --- a/packages/services/agent-service/src/infrastructure/engines/claude-agent-sdk/claude-agent-sdk-engine.ts +++ b/packages/services/agent-service/src/infrastructure/engines/claude-agent-sdk/claude-agent-sdk-engine.ts @@ -107,7 +107,8 @@ export class ClaudeAgentSdkEngine implements AgentEnginePort { maxBudgetUsd: params.maxBudgetUsd, env, abortController, - permissionMode: 'default', + allowDangerouslySkipPermissions: true, + permissionMode: 'bypassPermissions', canUseTool: async (toolName, toolInput, { signal }) => { const riskLevel = this.classifyToolRisk(toolName, toolInput); @@ -271,7 +272,8 @@ export class ClaudeAgentSdkEngine implements AgentEnginePort { resume: sdkSessionId, env, abortController, - permissionMode: 'default', + allowDangerouslySkipPermissions: true, + permissionMode: 'bypassPermissions', canUseTool: async (toolName, toolInput) => { const riskLevel = this.classifyToolRisk(toolName, toolInput); if (riskLevel <= CommandRiskLevel.LOW_RISK_WRITE) {