Plan-scoped permission manifest — approve once per plan, not per tool call

Resolved 💬 2 comments Opened May 15, 2026 by mejoudeh Closed Jul 13, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

When using plan mode, I approve a detailed plan (files to modify, approach, tools needed),
then Claude executes it — but I still have to click "approve" for every single tool call
(Edit, Bash, Read, etc.). A typical plan generates 20-40 tool calls, meaning 20-40 manual
approvals for work I already reviewed and approved.

The current alternatives don't solve this:

  • "Don't ask again" is session-scoped, not plan-scoped — it leaks permissions into unrelated

future tasks

  • Global auto-approve (--dangerously-skip-permissions) is too broad — I want control

per-task, not per-session

As a solo developer, I use plan mode heavily. The approval friction makes plan mode feel
like a plan-then-babysit mode instead of a plan-then-execute mode.

Proposed Solution

After the user approves a plan, Claude presents a permission manifest — a summary of
all tools, files, and actions the plan requires. The user reviews the scope upfront,
approves once, and Claude executes autonomously within that scope.

This is analogous to:

  • Android app install permissions (declare upfront, approve once)
  • GitHub Actions workflow permissions (scoped to workflow)
  • npm install showing the dependency tree before proceeding

The manifest could include:

  • Files: glob patterns (e.g., osboon/views/*.py, templates/**/*.html)
  • Tools: which tools are needed (Edit, Bash, Read, Write, WebSearch)
  • Bash patterns (optional): scoped commands (e.g., python manage.py test*, git diff*)

Permissions auto-expire when:

  • The plan completes, OR
  • The user sends a new message (implicit scope change)

The plan already contains the file list and approach — the permission manifest is
largely derivable from the plan itself.

Alternative Solutions

  1. "Don't ask again" per tool — current workaround, but session-scoped (leaks across tasks)
  2. allowedTools in settings — too static, applies to all tasks
  3. --dangerously-skip-permissions — nuclear option, no per-task control
  4. Manually clicking approve 20-40 times — what I currently do. Works but defeats the

purpose of autonomous plan execution.

Priority

High - Significant impact on productivity

Feature Category

Interactive mode (TUI)

Use Case Example

  1. I ask Claude to refactor my template system across 10 files
  2. Claude enters plan mode, explores the codebase, and presents a plan:
  • Modify 6 Python files, 3 HTML templates, 1 JS file
  • Run tests after changes
  1. I review and approve the plan
  2. Claude shows the permission manifest:

┌─────────────────────────────────────┐
│ Permission Manifest │
│ │
│ Files: osboon/views/fll.py │
│ osboon/fll_renderer.py │
│ templates/osboon/*.html │
│ static/osboon/js/*.js │
│ Tools: Read, Edit, Grep, Glob │
│ Bash: python manage.py test* │
│ │
│ Expires: on plan completion │
│ │
│ [Approve All] [Edit Scope] [Skip] │
└─────────────────────────────────────┘

  1. I click "Approve All"
  2. Claude executes all 30+ tool calls without interruption
  3. Permissions expire when Claude reports completion

Additional Context

Similar patterns in other tools:

  • VS Code tasks: tasks.json declares what commands a task can run
  • Docker: --cap-add / --cap-drop for scoped container permissions
  • Terraform: plan then apply — review scope, approve once, execute

This pairs naturally with Claude Code's existing plan mode — the plan already
declares intent, so deriving a permission scope is a small incremental step.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗