[TypeScript V2 SDK] Tool execution requires approval despite permissionMode: 'bypassPermissions' and allowDangerouslySkipPermissions: true

Resolved 💬 4 comments Opened Dec 17, 2025 by vishnukool Closed Dec 20, 2025

Description

When using the TypeScript V2 preview SDK (unstable_v2_createSession/unstable_v2_resumeSession), tool executions require user approval even when permission bypass options are configured. This prevents headless/autonomous agent execution in server environments.

Environment

  • SDK: @anthropic-ai/claude-agent-sdk (latest)
  • Runtime: Node.js in E2B sandbox
  • Model: claude-sonnet-4-5-20250929

Code to Reproduce

import { unstable_v2_createSession, unstable_v2_resumeSession } from '@anthropic-ai/claude-agent-sdk';

const sessionOptions = {
  model: 'claude-sonnet-4-5-20250929',
  systemPrompt: 'You are a helpful assistant.',
  allowedTools: ['Read', 'Write', 'Edit', 'Bash', 'Glob', 'Grep', 'WebSearch', 'WebFetch'],
  permissionMode: 'bypassPermissions',
  allowDangerouslySkipPermissions: true,
  sandbox: { enabled: false }
};

const session = unstable_v2_createSession(sessionOptions);

await session.send('What is the current NVIDIA stock price?');

for await (const msg of session.receive()) {
  console.log(JSON.stringify(msg));
}

Expected Behavior

The agent should execute tools (like curl for fetching web data) without requiring user approval when permissionMode: 'bypassPermissions' and allowDangerouslySkipPermissions: true are set.

Actual Behavior

Tool execution fails with an approval requirement error:

{
  "type": "tool-output-error",
  "toolCallId": "puf92qx3ne",
  "errorText": "This command requires approval"
}

The agent then outputs a message asking for permission to run the curl command, even though the session was configured to bypass permissions.

Questions

  1. Are permissionMode, allowDangerouslySkipPermissions, and allowedTools supported in the V2 API? The documentation mentions "Additional options supported" but doesn't specify which options are available.
  1. If these options are supported, is there a different syntax or configuration required for V2?
  1. Is there a way to run the V2 SDK in a fully autonomous mode without user approval for tool execution?

Additional Context

  • This works correctly with the V1 SDK using the query() function with similar permission options
  • The use case is running the agent in a server-side environment (E2B sandbox) where user interaction for tool approval is not possible
  • Logs show the agent successfully initializes but fails when attempting to use tools that would typically require approval

Related Documentation

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗