Menu

#54 execute_prompt: remove dangerously_skip_permissions — move to member-level setting via register/update_member

closed
nobody
None
2026-04-28
2026-04-03
Anonymous
No

Originally created by: kumaakh

Problem

execute_prompt currently exposes dangerously_skip_permissions as a per-dispatch boolean. This creates two risks:

  1. Agents reading the schema may enable it autonomously when they reason the task is "background" or "unattended" — without the user's knowledge.
  2. Any caller can escalate permissions at dispatch time with no explicit user consent.

Proposed change

  • Remove dangerously_skip_permissions from execute_prompt entirely — passing it should be a no-op or error.
  • Add an unattended field to register_member and update_member with two options:
  • unattended: "auto" — member runs with --permission-mode auto; model still exercises judgment on risky operations
  • unattended: "dangerous" — member runs with --dangerously-skip-permissions; full bypass, no safety net
  • unattended: false (default) — interactive, prompts for approval

Key principle

Permission mode is a per-member (per-agent) decision made by the user at registration or mid-sprint via update_member — never a per-prompt decision made by an agent at dispatch time.

Benefit

  • User explicitly owns the risk decision, per member.
  • No agent can escalate permissions ad-hoc.
  • auto provides a safer default for unattended work; dangerous reserved for cases that truly need full bypass.

Related

Tickets: #82
Tickets: #90

Discussion

  • Anonymous

    Anonymous - 2026-04-23

    Originally posted by: kumaakh

    Technical direction: This should be implemented together with issue [#90] (unattended mode via register/update_member) since they are two sides of the same design.

    Approach:

    • Remove dangerously_skip_permissions from executePromptSchema in src/tools/execute-prompt.ts — make passing it a no-op with a deprecation warning in the response, then remove it in the next major version.
    • Add unattended field to Agent type and register_member/update_member schemas (see [#90] for details). Options: false (default, prompts), 'auto' (maps to --permission-mode auto), 'dangerous' (maps to --dangerously-skip-permissions).
    • In src/providers/claude.ts and src/providers/gemini.ts, read agent.unattended at dispatch time to set the appropriate CLI flag.
    • Update skills/fleet/SKILL.md and permissions docs to remove any references to dangerously_skip_permissions in execute_prompt.
    • Memory note in CLAUDE.md already says never use dangerously_skip_permissions=true — this change makes that rule enforceable at the server level.

    Key files:

    • src/tools/execute-prompt.ts — remove param
    • src/types.ts — add unattended to Agent
    • src/tools/register-member.ts, src/tools/update-member.ts — schema
    • src/providers/claude.ts, src/providers/gemini.ts — dispatch flag
     

    Related

    Tickets: #90

  • Anonymous

    Anonymous - 2026-04-28

    Originally posted by: kumaakh

    Addressed in PR [#183] (sprint/session-lifecycle-oob-fix → main).

    Changes shipped: dangerously_skip_permissions removed from execute_prompt; unattended mode moved to member-level registration.

    PR is open for testing — will be merged once testing is complete.

     

    Related

    Tickets: #183

  • Anonymous

    Anonymous - 2026-04-28

    Ticket changed by: kumaakh

    • status: open --> closed
     

Log in to post a comment.

MongoDB Logo MongoDB