Skip to content

Add .claude/settings.json with auto permission mode#513

Merged
jahooma merged 1 commit intomainfrom
jahooma/claude-auto-mode
Apr 19, 2026
Merged

Add .claude/settings.json with auto permission mode#513
jahooma merged 1 commit intomainfrom
jahooma/claude-auto-mode

Conversation

@jahooma
Copy link
Copy Markdown
Contributor

@jahooma jahooma commented Apr 19, 2026

Summary

  • Adds .claude/settings.json to set the default Claude Code permission mode to auto for this repo.

Test plan

  • Verify Claude Code picks up auto mode when working in this repo.

🤖 Generated with Claude Code

@jahooma @claude
Add .claude/settings.json with auto permission mode
e89e0eb 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps bot commented Apr 19, 2026

Greptile Summary

This PR adds a .claude/settings.json file to set defaultMode: \"auto\" for Claude Code permission handling in this repository. The intent is to reduce friction during development by letting Claude Code's classifier decide whether actions are safe without prompting on every tool call.

Key points:

  • The change is minimal (5-line JSON file) and syntactically correct.
  • auto mode is meaningfully safer than --dangerously-skip-permissions; it uses a classifier that blocks risky actions rather than approving everything blindly.
  • Because the file is committed, every contributor who uses Claude Code in this repo will inherit auto mode automatically, without explicitly opting in — this is worth communicating clearly (e.g. in a README or CONTRIBUTING note).
  • Anthropic's docs explicitly exclude autoMode classifier configuration from shared project settings for security reasons, so a malicious fork cannot inject its own trust rules; however, defaultMode is still honoured from shared settings.
  • Consider whether .claude/settings.local.json (gitignored) would be more appropriate so each contributor consciously opts in.

Confidence Score: 4/5

Safe to merge with minor consideration — the setting works as intended, but silently affects all contributors.

The change is a single, syntactically correct JSON file. auto mode is a legitimate, classifier-backed permission mode that is substantially safer than full permission bypass. The only concern is the implicit opt-in for contributors, which is a workflow/awareness issue rather than a critical bug or security flaw.

.claude/settings.json — consider documenting the rationale or moving to settings.local.json for per-contributor opt-in.

Security Review
  • Implicit auto-mode opt-in for all contributors: Committing defaultMode: \"auto\" to shared project settings silently enables auto permission mode for every contributor. While auto mode has a safety classifier, contributors may not be aware their Claude Code sessions are running without interactive confirmation prompts.
  • No secrets, credentials, or sensitive data are introduced in this change.
  • autoMode classifier trust rules cannot be injected via shared project settings (Anthropic explicitly blocks this), so the attack surface is limited to the defaultMode behavioural change.

Important Files Changed

Filename Overview
.claude/settings.json New file setting Claude Code's default permission mode to auto for all repo contributors; safe but silently overrides each contributor's personal permission preference.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Contributor clones repo] --> B[Opens Claude Code in repo]
    B --> C{Reads .claude/settings.json}
    C --> D[defaultMode: auto applied]
    D --> E[Tool call requested by Claude]
    E --> F{Auto-mode classifier\nevaluates action}
    F -->|Safe| G[Action runs automatically\nno user prompt]
    F -->|Risky| H[Action blocked\nClaude tries alternative]
    G --> I[Contributor may not realize\nauto mode is active]
Loading

Reviews (1): Last reviewed commit: "Add .claude/settings.json with auto perm..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps bot reviewed Apr 19, 2026
View reviewed changes
Comment thread .claude/settings.json
@@ -0,0 +1,5 @@
{
"permissions": {
"defaultMode": "auto"
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps bot Apr 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 security Auto mode applied to all contributors without explicit opt-in

Setting defaultMode: "auto" in the shared .claude/settings.json means every contributor who uses Claude Code in this repo will be placed in auto permission mode automatically, regardless of their personal preference. Auto mode uses a classifier to decide whether to proceed with actions without user confirmation — while safer than --dangerously-skip-permissions, it still bypasses interactive approval for tool calls.

Anthropic's own documentation notes that "a checked-in repo could otherwise inject its own allow rules" as the reason why autoMode classifier configuration is excluded from shared project settings. The defaultMode key is still honoured from shared settings, however.

Consider whether this should live in .claude/settings.local.json (which should be gitignored) so each contributor consciously opts in, rather than inheriting it silently from the repo. Alternatively, document the rationale in the PR/README so contributors are aware.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

@jahooma jahooma merged commit 21d5dd3 into main Apr 19, 2026
17 of 19 checks passed
@jahooma jahooma deleted the jahooma/claude-auto-mode branch April 19, 2026 22:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

@brandonkachen brandonkachen Awaiting requested review from brandonkachen brandonkachen is a code owner

@charleslien charleslien Awaiting requested review from charleslien charleslien is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jahooma