fix: revert unsafe permission changes from PR #78

Security fixes to restore defense-in-depth after merging PR #78: **client.py:** - Revert permission mode from "bypassPermissions" to "acceptEdits" - Remove redundant web_tools_auto_approve_hook from PreToolUse hooks - Remove unused import of web_tools_auto_approve_hook **security.py:** - Remove web_tools_auto_approve_hook function (was redundant and returned {} for ALL tools, not just WebFetch/WebSearch) **server/services/spec_chat_session.py:** - Restore allowed_tools restriction: [Read, Write, Edit, Glob, WebFetch, WebSearch] - Revert permission mode from "bypassPermissions" to "acceptEdits" - Keeps setting_sources=["project", "user"] for global skills access **ui/src/components/AgentAvatar.tsx:** - Remove unused getMascotName export to fix React Fast Refresh warning - File now only exports AgentAvatar component as expected The bypassPermissions mode combined with unrestricted tool access in spec_chat_session.py created a security gap where Bash commands could execute without validation (sandbox disabled, no bash_security_hook). Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-01 06:53:36 +00:00 · 2026-01-22 08:04:53 +02:00
parent 47dabb5f08
commit f9d9ad9b85
4 changed files with 11 additions and 33 deletions
--- a/client.py
+++ b/client.py
@@ -15,7 +15,7 @@ from claude_agent_sdk import ClaudeAgentOptions, ClaudeSDKClient
 from claude_agent_sdk.types import HookMatcher
 from dotenv import load_dotenv

-from security import bash_security_hook, web_tools_auto_approve_hook
+from security import bash_security_hook

 # Load environment variables from .env file if present
 load_dotenv()
@@ -181,7 +181,7 @@ def create_client(
    security_settings = {
        "sandbox": {"enabled": True, "autoAllowBashIfSandboxed": True},
        "permissions": {
-            "defaultMode": "bypassPermissions",  # Auto-approve all tools
+            "defaultMode": "acceptEdits",  # Auto-approve edits within allowed directories
            "allow": permissions_list,
        },
    }
@@ -273,7 +273,6 @@ def create_client(
            hooks={
                "PreToolUse": [
                    HookMatcher(matcher="Bash", hooks=[bash_security_hook]),
-                    HookMatcher(matcher="WebFetch|WebSearch", hooks=[web_tools_auto_approve_hook]),
                ],
            },
            max_turns=1000,