[FEATURE] Agent-Level Permission Auto-Approval

Resolved 💬 2 comments Opened Dec 9, 2025 by colinboey Closed Dec 9, 2025

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

Currently, permissions (like WebFetch(domain:*)) can only be configured globally in settings.json or settings.local.json. This means if I want one specific agent to auto-approve all website visits, I must either:

  1. Manually approve each domain during agent execution (which defeats the purpose of automation)
  2. Enable global auto-approval for all WebFetch calls across all Claude Code sessions (too permissive)
  3. Pre-populate a list of specific domains (impractical for agents that need to visit arbitrary company websites)

The key issue is that I can't set and forget this agent, as I have to constantly approve visiting the company website.

Proposed Solution

dd support for an auto_approve or permissions field in agent YAML frontmatter that allows agent-specific permission rules:

---
name: my-agent
description: Agent that needs to fetch arbitrary websites
model: sonnet
permissions:
  auto_approve:
    - "WebFetch(domain:*)"
    - "WebSearch:*"
---

This would allow fine-grained control where specific agents can have elevated permissions without affecting the global security posture.

Alternative Solutions

_No response_

Priority

High - Significant impact on productivity

Feature Category

CLI commands and flags

Use Case Example

Use Case
I have a VC deal analysis agent that needs to visit company websites as part of its workflow. These websites are different every time (whatever company is being analysed). I want this specific agent to auto-approve all WebFetch calls without requiring manual confirmation, but I don't want to enable global WebFetch auto-approval for my entire Claude Code environment.

Additional Context

_No response_

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗