[FEATURE] Distinguish temporary "auto-accept X on" from permanent auto-approval in decision_source telemetry
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
Claude Code's OpenTelemetry telemetry exports decision_source: "config" for two different scenarios:
- Permanent auto-approval from
.claude/settings.local.json - Temporary "auto-accept X on" mode during a session
Security tools cannot tell them apart.
Permanent auto-approval is riskier. A user walks away. The agent acts without review.
Temporary auto-accept is different. The user enables it. The user watches. The user can stop it.
The telemetry has decision_source: "user_temporary" for manual clicks. This works. We need the same clarity for auto-approval modes.
Security teams need to know: Did a user choose this now? Or did someone set this months ago?
Proposed Solution
Add a third decision_source value for temporary auto-accept modes: "user_temporary_auto".
When a user enables "auto-accept edits on", telemetry exports:
{
"tool_name": "Edit",
"decision_type": "accept",
"decision_source": "user_temporary_auto"
}
Three values instead of two:
- "config" - Permanent auto-approval from settings
- "user_temporary_auto" - Session auto-accept mode
- "user_temporary" - Manual click approval
Security tools can now assess risk. They know what happened. They know why.
Alternative Solutions
Current workaround: Treat all decision_source: "config" as high risk. This creates false alarms when users enable temporary modes for trusted tasks.
Other options we considered:
- Add
is_temporary_auto: true/false- More attributes. Less clear. - Log session events when modes toggle - Disconnected from operations.
- Infer from session context - Complex. Error-prone.
A distinct decision_source value is cleaner. It ties to each operation. Tools understand it.
Priority
Medium - Would be very helpful
Feature Category
Other
Use Case Example
Scenario: Security team monitors AI agent operations.
- User starts a refactoring task across 20 files
- User enables "auto-accept edits on"
- Claude executes 15 Edit operations
- Telemetry shows: {"tool_name": "Edit", "decision_source": "config"}
- Security tool sees this. It flags HIGH risk. It alerts the team.
- The user was watching. The user enabled this. The user knew what was happening.
- The tool cannot tell this from a developer who set permanent auto-approval and left.
With this feature:
- Telemetry shows decision_source:
"user_temporary_auto" - Security tool knows: user made this choice now
- Permanent decision_source:
"config"gets flagged as higher risk - Team gets accurate alerts. No false positives.
The team can respond right. Temporary modes get logged. Permanent auto-approval gets investigated.
Additional Context
_No response_
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗