refactor: remove MCP permission settings and streamline SDK options for autonomous mode

- Removed MCP permission settings from the application, including related functions and UI components.
- Updated SDK options to always bypass permissions and allow unrestricted tool access in autonomous mode.
- Adjusted related components and services to reflect the removal of MCP permission configurations, ensuring a cleaner and more efficient codebase.

apps/server/src/lib/sdk-options.ts

@@ -252,10 +252,14 @@ export function getModelForUseCase(
 
 /**
  * Base options that apply to all SDK calls
+ *
+ * AUTONOMOUS MODE: Always bypass permissions and allow dangerous operations
+ * for fully autonomous operation without user prompts.
  */
 function getBaseOptions(): Partial<Options> {
   return {
-    permissionMode: 'acceptEdits',
+    permissionMode: 'bypassPermissions',
+    allowDangerouslySkipPermissions: true,
   };
 }
 
@@ -276,31 +280,27 @@ interface McpPermissionOptions {
  * Centralizes the logic for determining permission modes and tool restrictions
  * when MCP servers are configured.
  *
+ * AUTONOMOUS MODE: Always bypass permissions for fully autonomous operation.
+ * Always allow unrestricted tools when MCP servers are configured.
+ *
  * @param config - The SDK options config
  * @returns Object with MCP permission settings to spread into final options
  */
 function buildMcpOptions(config: CreateSdkOptionsConfig): McpPermissionOptions {
   const hasMcpServers = config.mcpServers && Object.keys(config.mcpServers).length > 0;
-  // Default to true for autonomous workflow. Security is enforced when adding servers
-  // via the security warning dialog that explains the risks.
-  const mcpAutoApprove = config.mcpAutoApproveTools ?? true;
-  const mcpUnrestricted = config.mcpUnrestrictedTools ?? true;
 
-  // Determine if we should bypass permissions based on settings
-  const shouldBypassPermissions = hasMcpServers && mcpAutoApprove;
-  // Determine if we should restrict tools (only when no MCP or unrestricted is disabled)
-  const shouldRestrictTools = !hasMcpServers || !mcpUnrestricted;
+  // AUTONOMOUS MODE: Always bypass permissions and allow unrestricted tools
+  // Only restrict tools when no MCP servers are configured
+  const shouldRestrictTools = !hasMcpServers;
 
   return {
     shouldRestrictTools,
-    // Only include bypass options when MCP is configured and auto-approve is enabled
-    bypassOptions: shouldBypassPermissions
-      ? {
-          permissionMode: 'bypassPermissions' as const,
-          // Required flag when using bypassPermissions mode
-          allowDangerouslySkipPermissions: true,
-        }
-      : {},
+    // AUTONOMOUS MODE: Always include bypass options (though base options already set this)
+    bypassOptions: {
+      permissionMode: 'bypassPermissions' as const,
+      // Required flag when using bypassPermissions mode
+      allowDangerouslySkipPermissions: true,
+    },
     // Include MCP servers if configured
     mcpServerOptions: config.mcpServers ? { mcpServers: config.mcpServers } : {},
   };
@@ -392,12 +392,6 @@ export interface CreateSdkOptionsConfig {
 
   /** MCP servers to make available to the agent */
   mcpServers?: Record<string, McpServerConfig>;
-
-  /** Auto-approve MCP tool calls without permission prompts */
-  mcpAutoApproveTools?: boolean;
-
-  /** Allow unrestricted tools when MCP servers are enabled */
-  mcpUnrestrictedTools?: boolean;
 }
 
 // Re-export MCP types from @automaker/types for convenience
@@ -426,10 +420,7 @@ export function createSpecGenerationOptions(config: CreateSdkOptionsConfig): Opt
 
   return {
     ...getBaseOptions(),
-    // Override permissionMode - spec generation only needs read-only tools
-    // Using "acceptEdits" can cause Claude to write files to unexpected locations
-    // See: https://github.com/AutoMaker-Org/automaker/issues/149
-    permissionMode: 'default',
+    // AUTONOMOUS MODE: Base options already set bypassPermissions and allowDangerouslySkipPermissions
     model: getModelForUseCase('spec', config.model),
     maxTurns: MAX_TURNS.maximum,
     cwd: config.cwd,
@@ -458,8 +449,7 @@ export function createFeatureGenerationOptions(config: CreateSdkOptionsConfig):
 
   return {
     ...getBaseOptions(),
-    // Override permissionMode - feature generation only needs read-only tools
-    permissionMode: 'default',
+    // AUTONOMOUS MODE: Base options already set bypassPermissions and allowDangerouslySkipPermissions
     model: getModelForUseCase('features', config.model),
     maxTurns: MAX_TURNS.quick,
     cwd: config.cwd,

apps/server/src/lib/settings-helpers.ts

@@ -191,41 +191,6 @@ export async function getMCPServersFromSettings(
   }
 }
 
-/**
- * Get MCP permission settings from global settings.
- *
- * @param settingsService - Optional settings service instance
- * @param logPrefix - Prefix for log messages (e.g., '[AgentService]')
- * @returns Promise resolving to MCP permission settings
- */
-export async function getMCPPermissionSettings(
-  settingsService?: SettingsService | null,
-  logPrefix = '[SettingsHelper]'
-): Promise<{ mcpAutoApproveTools: boolean; mcpUnrestrictedTools: boolean }> {
-  // Default to true for autonomous workflow. Security is enforced when adding servers
-  // via the security warning dialog that explains the risks.
-  const defaults = { mcpAutoApproveTools: true, mcpUnrestrictedTools: true };
-
-  if (!settingsService) {
-    return defaults;
-  }
-
-  try {
-    const globalSettings = await settingsService.getGlobalSettings();
-    const result = {
-      mcpAutoApproveTools: globalSettings.mcpAutoApproveTools ?? true,
-      mcpUnrestrictedTools: globalSettings.mcpUnrestrictedTools ?? true,
-    };
-    logger.info(
-      `${logPrefix} MCP permission settings: autoApprove=${result.mcpAutoApproveTools}, unrestricted=${result.mcpUnrestrictedTools}`
-    );
-    return result;
-  } catch (error) {
-    logger.error(`${logPrefix} Failed to load MCP permission settings:`, error);
-    return defaults;
-  }
-}
-
 /**
  * Convert a settings MCPServerConfig to SDK McpServerConfig format.
  * Validates required fields and throws informative errors if missing.

apps/server/src/providers/claude-provider.ts

@@ -63,20 +63,13 @@ export class ClaudeProvider extends BaseProvider {
     } = options;
 
     // Build Claude SDK options
-    // MCP permission logic - determines how to handle tool permissions when MCP servers are configured.
-    // This logic mirrors buildMcpOptions() in sdk-options.ts but is applied here since
-    // the provider is the final point where SDK options are constructed.
+    // AUTONOMOUS MODE: Always bypass permissions for fully autonomous operation
     const hasMcpServers = options.mcpServers && Object.keys(options.mcpServers).length > 0;
-    // Default to true for autonomous workflow. Security is enforced when adding servers
-    // via the security warning dialog that explains the risks.
-    const mcpAutoApprove = options.mcpAutoApproveTools ?? true;
-    const mcpUnrestricted = options.mcpUnrestrictedTools ?? true;
     const defaultTools = ['Read', 'Write', 'Edit', 'Glob', 'Grep', 'Bash', 'WebSearch', 'WebFetch'];
 
-    // Determine permission mode based on settings
-    const shouldBypassPermissions = hasMcpServers && mcpAutoApprove;
-    // Determine if we should restrict tools (only when no MCP or unrestricted is disabled)
-    const shouldRestrictTools = !hasMcpServers || !mcpUnrestricted;
+    // AUTONOMOUS MODE: Always bypass permissions and allow unrestricted tools
+    // Only restrict tools when no MCP servers are configured
+    const shouldRestrictTools = !hasMcpServers;
 
     const sdkOptions: Options = {
       model,
@@ -88,10 +81,9 @@ export class ClaudeProvider extends BaseProvider {
       // Only restrict tools if explicitly set OR (no MCP / unrestricted disabled)
       ...(allowedTools && shouldRestrictTools && { allowedTools }),
       ...(!allowedTools && shouldRestrictTools && { allowedTools: defaultTools }),
-      // When MCP servers are configured and auto-approve is enabled, use bypassPermissions
-      permissionMode: shouldBypassPermissions ? 'bypassPermissions' : 'default',
-      // Required when using bypassPermissions mode
-      ...(shouldBypassPermissions && { allowDangerouslySkipPermissions: true }),
+      // AUTONOMOUS MODE: Always bypass permissions and allow dangerous operations
+      permissionMode: 'bypassPermissions',
+      allowDangerouslySkipPermissions: true,
       abortController,
       // Resume existing SDK session if we have a session ID
       ...(sdkSessionId && conversationHistory && conversationHistory.length > 0

apps/server/src/routes/enhance-prompt/routes/enhance.ts

@@ -164,7 +164,9 @@ export function createEnhanceHandler(
           systemPrompt,
           maxTurns: 1,
           allowedTools: [],
-          permissionMode: 'acceptEdits',
+          // AUTONOMOUS MODE: Always bypass permissions
+          permissionMode: 'bypassPermissions',
+          allowDangerouslySkipPermissions: true,
         },
       });
 

apps/server/src/routes/features/routes/generate-title.ts

@@ -96,7 +96,9 @@ export function createGenerateTitleHandler(): (req: Request, res: Response) => P
           systemPrompt: SYSTEM_PROMPT,
           maxTurns: 1,
           allowedTools: [],
-          permissionMode: 'acceptEdits',
+          // AUTONOMOUS MODE: Always bypass permissions
+          permissionMode: 'bypassPermissions',
+          allowDangerouslySkipPermissions: true,
         },
       });
 

apps/server/src/services/agent-service.ts

@@ -23,7 +23,6 @@ import {
   getEnableSandboxModeSetting,
   filterClaudeMdFromContext,
   getMCPServersFromSettings,
-  getMCPPermissionSettings,
   getPromptCustomization,
 } from '../lib/settings-helpers.js';
 
@@ -235,9 +234,6 @@ export class AgentService {
       // Load MCP servers from settings (global setting only)
       const mcpServers = await getMCPServersFromSettings(this.settingsService, '[AgentService]');
 
-      // Load MCP permission settings (global setting only)
-      const mcpPermissions = await getMCPPermissionSettings(this.settingsService, '[AgentService]');
-
       // Load project context files (CLAUDE.md, CODE_QUALITY.md, etc.)
       const contextResult = await loadContextFiles({
         projectPath: effectiveWorkDir,
@@ -264,8 +260,6 @@ export class AgentService {
         autoLoadClaudeMd,
         enableSandboxMode,
         mcpServers: Object.keys(mcpServers).length > 0 ? mcpServers : undefined,
-        mcpAutoApproveTools: mcpPermissions.mcpAutoApproveTools,
-        mcpUnrestrictedTools: mcpPermissions.mcpUnrestrictedTools,
       });
 
       // Extract model, maxTurns, and allowedTools from SDK options
@@ -290,8 +284,6 @@ export class AgentService {
         sandbox: sdkOptions.sandbox, // Pass sandbox configuration
         sdkSessionId: session.sdkSessionId, // Pass SDK session ID for resuming
         mcpServers: Object.keys(mcpServers).length > 0 ? mcpServers : undefined, // Pass MCP servers configuration
-        mcpAutoApproveTools: mcpPermissions.mcpAutoApproveTools, // Pass MCP auto-approve setting
-        mcpUnrestrictedTools: mcpPermissions.mcpUnrestrictedTools, // Pass MCP unrestricted tools setting
       };
 
       // Build prompt content with images

apps/server/src/services/auto-mode-service.ts

@@ -38,7 +38,6 @@ import {
   getEnableSandboxModeSetting,
   filterClaudeMdFromContext,
   getMCPServersFromSettings,
-  getMCPPermissionSettings,
   getPromptCustomization,
 } from '../lib/settings-helpers.js';
 
@@ -2003,9 +2002,6 @@ This mock response was generated because AUTOMAKER_MOCK_AGENT=true was set.
     // Load MCP servers from settings (global setting only)
     const mcpServers = await getMCPServersFromSettings(this.settingsService, '[AutoMode]');
 
-    // Load MCP permission settings (global setting only)
-    const mcpPermissions = await getMCPPermissionSettings(this.settingsService, '[AutoMode]');
-
     // Build SDK options using centralized configuration for feature implementation
     const sdkOptions = createAutoModeOptions({
       cwd: workDir,
@@ -2014,8 +2010,6 @@ This mock response was generated because AUTOMAKER_MOCK_AGENT=true was set.
       autoLoadClaudeMd,
       enableSandboxMode,
       mcpServers: Object.keys(mcpServers).length > 0 ? mcpServers : undefined,
-      mcpAutoApproveTools: mcpPermissions.mcpAutoApproveTools,
-      mcpUnrestrictedTools: mcpPermissions.mcpUnrestrictedTools,
     });
 
     // Extract model, maxTurns, and allowedTools from SDK options
@@ -2058,8 +2052,6 @@ This mock response was generated because AUTOMAKER_MOCK_AGENT=true was set.
       settingSources: sdkOptions.settingSources,
       sandbox: sdkOptions.sandbox, // Pass sandbox configuration
       mcpServers: Object.keys(mcpServers).length > 0 ? mcpServers : undefined, // Pass MCP servers configuration
-      mcpAutoApproveTools: mcpPermissions.mcpAutoApproveTools, // Pass MCP auto-approve setting
-      mcpUnrestrictedTools: mcpPermissions.mcpUnrestrictedTools, // Pass MCP unrestricted tools setting
     };
 
     // Execute via provider
@@ -2291,8 +2283,6 @@ After generating the revised spec, output:
                         allowedTools: allowedTools,
                         abortController,
                         mcpServers: Object.keys(mcpServers).length > 0 ? mcpServers : undefined,
-                        mcpAutoApproveTools: mcpPermissions.mcpAutoApproveTools,
-                        mcpUnrestrictedTools: mcpPermissions.mcpUnrestrictedTools,
                       });
 
                       let revisionText = '';
@@ -2431,8 +2421,6 @@ After generating the revised spec, output:
                     allowedTools: allowedTools,
                     abortController,
                     mcpServers: Object.keys(mcpServers).length > 0 ? mcpServers : undefined,
-                    mcpAutoApproveTools: mcpPermissions.mcpAutoApproveTools,
-                    mcpUnrestrictedTools: mcpPermissions.mcpUnrestrictedTools,
                   });
 
                   let taskOutput = '';
@@ -2523,8 +2511,6 @@ Implement all the changes described in the plan above.`;
                   allowedTools: allowedTools,
                   abortController,
                   mcpServers: Object.keys(mcpServers).length > 0 ? mcpServers : undefined,
-                  mcpAutoApproveTools: mcpPermissions.mcpAutoApproveTools,
-                  mcpUnrestrictedTools: mcpPermissions.mcpUnrestrictedTools,
                 });
 
                 for await (const msg of continuationStream) {