[FEATURE] Agent-Level Permission Auto-Approval
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
Currently, permissions (like WebFetch(domain:*)) can only be configured globally in settings.json or settings.local.json. This means if I want one specific agent to auto-approve all website visits, I must either:
- Manually approve each domain during agent execution (which defeats the purpose of automation)
- Enable global auto-approval for all WebFetch calls across all Claude Code sessions (too permissive)
- Pre-populate a list of specific domains (impractical for agents that need to visit arbitrary company websites)
The key issue is that I can't set and forget this agent, as I have to constantly approve visiting the company website.
Proposed Solution
dd support for an auto_approve or permissions field in agent YAML frontmatter that allows agent-specific permission rules:
---
name: my-agent
description: Agent that needs to fetch arbitrary websites
model: sonnet
permissions:
auto_approve:
- "WebFetch(domain:*)"
- "WebSearch:*"
---
This would allow fine-grained control where specific agents can have elevated permissions without affecting the global security posture.
Alternative Solutions
_No response_
Priority
High - Significant impact on productivity
Feature Category
CLI commands and flags
Use Case Example
Use Case
I have a VC deal analysis agent that needs to visit company websites as part of its workflow. These websites are different every time (whatever company is being analysed). I want this specific agent to auto-approve all WebFetch calls without requiring manual confirmation, but I don't want to enable global WebFetch auto-approval for my entire Claude Code environment.
Additional Context
_No response_
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗