Plan-scoped permission manifest — approve once per plan, not per tool call
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
When using plan mode, I approve a detailed plan (files to modify, approach, tools needed),
then Claude executes it — but I still have to click "approve" for every single tool call
(Edit, Bash, Read, etc.). A typical plan generates 20-40 tool calls, meaning 20-40 manual
approvals for work I already reviewed and approved.
The current alternatives don't solve this:
- "Don't ask again" is session-scoped, not plan-scoped — it leaks permissions into unrelated
future tasks
- Global auto-approve (
--dangerously-skip-permissions) is too broad — I want control
per-task, not per-session
As a solo developer, I use plan mode heavily. The approval friction makes plan mode feel
like a plan-then-babysit mode instead of a plan-then-execute mode.
Proposed Solution
After the user approves a plan, Claude presents a permission manifest — a summary of
all tools, files, and actions the plan requires. The user reviews the scope upfront,
approves once, and Claude executes autonomously within that scope.
This is analogous to:
- Android app install permissions (declare upfront, approve once)
- GitHub Actions workflow permissions (scoped to workflow)
npm installshowing the dependency tree before proceeding
The manifest could include:
- Files: glob patterns (e.g.,
osboon/views/*.py,templates/**/*.html) - Tools: which tools are needed (Edit, Bash, Read, Write, WebSearch)
- Bash patterns (optional): scoped commands (e.g.,
python manage.py test*,git diff*)
Permissions auto-expire when:
- The plan completes, OR
- The user sends a new message (implicit scope change)
The plan already contains the file list and approach — the permission manifest is
largely derivable from the plan itself.
Alternative Solutions
- "Don't ask again" per tool — current workaround, but session-scoped (leaks across tasks)
- allowedTools in settings — too static, applies to all tasks
- --dangerously-skip-permissions — nuclear option, no per-task control
- Manually clicking approve 20-40 times — what I currently do. Works but defeats the
purpose of autonomous plan execution.
Priority
High - Significant impact on productivity
Feature Category
Interactive mode (TUI)
Use Case Example
- I ask Claude to refactor my template system across 10 files
- Claude enters plan mode, explores the codebase, and presents a plan:
- Modify 6 Python files, 3 HTML templates, 1 JS file
- Run tests after changes
- I review and approve the plan
- Claude shows the permission manifest:
┌─────────────────────────────────────┐
│ Permission Manifest │
│ │
│ Files: osboon/views/fll.py │
│ osboon/fll_renderer.py │
│ templates/osboon/*.html │
│ static/osboon/js/*.js │
│ Tools: Read, Edit, Grep, Glob │
│ Bash: python manage.py test* │
│ │
│ Expires: on plan completion │
│ │
│ [Approve All] [Edit Scope] [Skip] │
└─────────────────────────────────────┘
- I click "Approve All"
- Claude executes all 30+ tool calls without interruption
- Permissions expire when Claude reports completion
Additional Context
Similar patterns in other tools:
- VS Code tasks:
tasks.jsondeclares what commands a task can run - Docker:
--cap-add/--cap-dropfor scoped container permissions - Terraform:
planthenapply— review scope, approve once, execute
This pairs naturally with Claude Code's existing plan mode — the plan already
declares intent, so deriving a permission scope is a small incremental step.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗