[FEATURE] Distinguish temporary "auto-accept X on" from permanent auto-approval in decision_source telemetry

Resolved 💬 3 comments Opened Dec 13, 2025 by groovecoder Closed Feb 14, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

Claude Code's OpenTelemetry telemetry exports decision_source: "config" for two different scenarios:

  1. Permanent auto-approval from .claude/settings.local.json
  2. Temporary "auto-accept X on" mode during a session

Security tools cannot tell them apart.

Permanent auto-approval is riskier. A user walks away. The agent acts without review.

Temporary auto-accept is different. The user enables it. The user watches. The user can stop it.

The telemetry has decision_source: "user_temporary" for manual clicks. This works. We need the same clarity for auto-approval modes.

Security teams need to know: Did a user choose this now? Or did someone set this months ago?

Proposed Solution

Add a third decision_source value for temporary auto-accept modes: "user_temporary_auto".

When a user enables "auto-accept edits on", telemetry exports:

  {
    "tool_name": "Edit",
    "decision_type": "accept",
    "decision_source": "user_temporary_auto"
  }

Three values instead of two:

  • "config" - Permanent auto-approval from settings
  • "user_temporary_auto" - Session auto-accept mode
  • "user_temporary" - Manual click approval

Security tools can now assess risk. They know what happened. They know why.

Alternative Solutions

Current workaround: Treat all decision_source: "config" as high risk. This creates false alarms when users enable temporary modes for trusted tasks.

Other options we considered:

  • Add is_temporary_auto: true/false - More attributes. Less clear.
  • Log session events when modes toggle - Disconnected from operations.
  • Infer from session context - Complex. Error-prone.

A distinct decision_source value is cleaner. It ties to each operation. Tools understand it.

Priority

Medium - Would be very helpful

Feature Category

Other

Use Case Example

Scenario: Security team monitors AI agent operations.

  1. User starts a refactoring task across 20 files
  2. User enables "auto-accept edits on"
  3. Claude executes 15 Edit operations
  4. Telemetry shows: {"tool_name": "Edit", "decision_source": "config"}
  5. Security tool sees this. It flags HIGH risk. It alerts the team.
  6. The user was watching. The user enabled this. The user knew what was happening.
  7. The tool cannot tell this from a developer who set permanent auto-approval and left.

With this feature:

  • Telemetry shows decision_source: "user_temporary_auto"
  • Security tool knows: user made this choice now
  • Permanent decision_source: "config" gets flagged as higher risk
  • Team gets accurate alerts. No false positives.

The team can respond right. Temporary modes get logged. Permanent auto-approval gets investigated.

Additional Context

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗