fix: use bypassPermissions mode for headless SDK execution

In a Docker container without TTY, permissionMode 'default' blocks waiting for interactive permission prompts. Switch to bypassPermissions with canUseTool callback for programmatic risk-based access control. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-23 06:30:38 -08:00 · 2026-02-23 06:30:38 -08:00 · d40f66ce14
parent 3a6f9d9447
commit d40f66ce14
1 changed files with 4 additions and 2 deletions
--- a/packages/services/agent-service/src/infrastructure/engines/claude-agent-sdk/claude-agent-sdk-engine.ts
+++ b/packages/services/agent-service/src/infrastructure/engines/claude-agent-sdk/claude-agent-sdk-engine.ts
@ -107,7 +107,8 @@ export class ClaudeAgentSdkEngine implements AgentEnginePort {
          maxBudgetUsd: params.maxBudgetUsd,
          env,
          abortController,
-          permissionMode: 'default',
+          allowDangerouslySkipPermissions: true,
+          permissionMode: 'bypassPermissions',
          canUseTool: async (toolName, toolInput, { signal }) => {
            const riskLevel = this.classifyToolRisk(toolName, toolInput);

@ -271,7 +272,8 @@ export class ClaudeAgentSdkEngine implements AgentEnginePort {
          resume: sdkSessionId,
          env,
          abortController,
-          permissionMode: 'default',
+          allowDangerouslySkipPermissions: true,
+          permissionMode: 'bypassPermissions',
          canUseTool: async (toolName, toolInput) => {
            const riskLevel = this.classifyToolRisk(toolName, toolInput);
            if (riskLevel <= CommandRiskLevel.LOW_RISK_WRITE) {