[FEATURE] Permission hook or API for remote/programmatic approval of tool use prompts

Resolved 💬 5 comments Opened Mar 24, 2026 by Tereseus Closed Mar 25, 2026

Summary

When Claude Code runs inside a PTY (e.g., via node-pty in a web-based terminal dashboard), there is no programmatic way to respond to permission prompts. This blocks building remote approval workflows such as mobile app approval, CI/CD pipelines, or team-based authorization.

Problem

Claude Code's permission prompt ("Do you want to proceed? 1. Yes 2. Yes 3. No") cannot be answered via pty.write(). Characters written to the PTY stdin appear in the terminal output but are not consumed by the permission handler. This has been tested with:

  • pty.write('1') — character echoes to terminal but prompt ignores it
  • pty.write('3\r') — same result with carriage return
  • pyautogui.hotkey('3') via Windows SendInput API — keystroke not captured
  • Direct HTTP API → sendToSession()session.pty.write() — same behavior

The permission prompt appears to read input through a mechanism that bypasses normal PTY stdin, making it impossible for any external process to respond.

Use Case

I'm building PAN — a personal AI operating system with an Android app, web dashboard, and Node.js server. Claude Code runs in PTY sessions served via WebSocket to a browser-based xterm.js terminal.

When Claude needs permission approval, I want to:

  1. Detect the permission prompt (working — via PTY output pattern matching)
  2. Send a push notification to the user's phone (working — Android notification with Allow/Deny buttons)
  3. Authenticate via biometric (fingerprint) on the phone for security
  4. Send the approval back to Claude Code (broken — no method works)

This would be more secure than the current keyboard-only approach since it adds biometric authentication as a factor.

Proposed Solutions (any of these would work)

  1. Permission hook — A PermissionRequest hook event that fires when Claude Code needs approval, with a response mechanism (HTTP callback, file-based, or stdin)
  2. Permission API endpoint — If claude serve (#37211) is implemented, include a /permissions endpoint to list pending prompts and respond to them
  3. Fix PTY stdin handling — Make the permission prompt read from normal PTY stdin so pty.write() works like keyboard input
  4. CLI flag — Something like claude --approve-via=http://localhost:7777/approve that delegates permission decisions to an external service

Environment

  • Windows 11, Claude Code CLI (Max subscription)
  • PTY via node-pty 1.1.0, terminal via xterm.js 5.5.0
  • Also tested with pyautogui SendInput (OS-level keystroke injection)

---
Built with PAN — Personal AI Network

View original on GitHub ↗

This issue has 5 comments on GitHub. Read the full discussion on GitHub ↗