[TypeScript V2 SDK] Tool execution requires approval despite permissionMode: 'bypassPermissions' and allowDangerouslySkipPermissions: true
Resolved 💬 4 comments Opened Dec 17, 2025 by vishnukool Closed Dec 20, 2025
Description
When using the TypeScript V2 preview SDK (unstable_v2_createSession/unstable_v2_resumeSession), tool executions require user approval even when permission bypass options are configured. This prevents headless/autonomous agent execution in server environments.
Environment
- SDK:
@anthropic-ai/claude-agent-sdk(latest) - Runtime: Node.js in E2B sandbox
- Model:
claude-sonnet-4-5-20250929
Code to Reproduce
import { unstable_v2_createSession, unstable_v2_resumeSession } from '@anthropic-ai/claude-agent-sdk';
const sessionOptions = {
model: 'claude-sonnet-4-5-20250929',
systemPrompt: 'You are a helpful assistant.',
allowedTools: ['Read', 'Write', 'Edit', 'Bash', 'Glob', 'Grep', 'WebSearch', 'WebFetch'],
permissionMode: 'bypassPermissions',
allowDangerouslySkipPermissions: true,
sandbox: { enabled: false }
};
const session = unstable_v2_createSession(sessionOptions);
await session.send('What is the current NVIDIA stock price?');
for await (const msg of session.receive()) {
console.log(JSON.stringify(msg));
}
Expected Behavior
The agent should execute tools (like curl for fetching web data) without requiring user approval when permissionMode: 'bypassPermissions' and allowDangerouslySkipPermissions: true are set.
Actual Behavior
Tool execution fails with an approval requirement error:
{
"type": "tool-output-error",
"toolCallId": "puf92qx3ne",
"errorText": "This command requires approval"
}
The agent then outputs a message asking for permission to run the curl command, even though the session was configured to bypass permissions.
Questions
- Are
permissionMode,allowDangerouslySkipPermissions, andallowedToolssupported in the V2 API? The documentation mentions "Additional options supported" but doesn't specify which options are available.
- If these options are supported, is there a different syntax or configuration required for V2?
- Is there a way to run the V2 SDK in a fully autonomous mode without user approval for tool execution?
Additional Context
- This works correctly with the V1 SDK using the
query()function with similar permission options - The use case is running the agent in a server-side environment (E2B sandbox) where user interaction for tool approval is not possible
- Logs show the agent successfully initializes but fails when attempting to use tools that would typically require approval
Related Documentation
This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗