feat(cli): allow user to opt into permissions bypass

[auxesis]

When a user starts onboarding by running npx stash@latest init, it runs through a series of detection steps, and finishes by handing off to one of Claude Code, Codex, an AGENTS.md editor agent, or the CipherStash Wizard, to do the integration of the encryption SDK into their app.

When the user picks Claude Code, the CLI spawns the claude binary with a single argument — the launch prompt — and inherits stdio so the user can watch the session.

Claude needs to run a lot of read/edit/exec commands to understand the project before it can wire up the encryption SDK. Unless the user has already configured Claude to skip permission prompts, every one of those commands stops to ask for approval. That forces the user to babysit the integration the whole way through.

init should invoke Claude with --allow-dangerously-skip-permissions, so the user can shift to that mode if they decide to let Claude run with the integration.

Fixes #432.

Summary by CodeRabbit

Release Notes

• New Features
  • Claude Code handoff now supports opt-in skip-permissions mode when launching via stash init, allowing you to configure permissions during your session without a restart.

[changeset-bot]

🦋 Changeset detected

Latest commit: 4c9ebca

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages

Name	Type
stash	Patch
@cipherstash/e2e	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR enables users to opt into skip-permissions mode when handing off to Claude Code during stash init. The spawnAgent function now conditionally prepends --allow-dangerously-skip-permissions to the launch prompt when spawning Claude, and guidance text is updated to reflect this flag in manual invocations.

Changes

Claude Skip-Permissions Handoff

Layer / File(s)	Summary
Core Implementation packages/cli/src/commands/init/lib/handoff-helpers.ts	spawnAgent constructs an args array that includes --allow-dangerously-skip-permissions before the prompt when binary is claude; spawn call uses this array instead of a hard-coded [prompt].
Guidance & Messaging packages/cli/src/commands/impl/steps/handoff-claude.ts	Manual install instructions and non-zero exit warning both updated to show users the Claude invocation with --allow-dangerously-skip-permissions flag.
Release Documentation .changeset/allow-claude-yolo.md	Changeset entry documents the CLI behavior change for Claude Code handoff; Codex and Wizard handoffs remain unchanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A rabbit hops through init with glee,
Claude now skips permissions, letting minds run free!
No more "approve?" to slow the flow—
The dangerous shortcut lets the magic grow! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely summarizes the main change: allowing users to opt into permissions bypass in the CLI.
Linked Issues check	✅ Passed	The PR fully implements the requirement from issue #432 by modifying the Claude handoff to use the --allow-dangerously-skip-permissions flag during stash init.
Out of Scope Changes check	✅ Passed	All changes are scoped to the Claude Code handoff flow and directly address the permissions bypass opt-in requirement without introducing unrelated modifications.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/allow-claude-yolo

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

packages/cli/src/commands/init/lib/handoff-helpers.ts (1)

28-35: 💤 Low value

spawnAgent unconditionally opts all Claude sessions into skip-permissions availability — consider making it configurable.

The flag is hard-wired to every claude invocation through spawnAgent. If a future caller needs to spawn Claude without the flag, they cannot reuse this helper. Adding an optional parameter keeps the default aligned with the PR goal while preserving flexibility:

♻️ Proposed refactor

 export function spawnAgent(
   binary: 'claude' | 'codex',
   prompt: string,
+  options?: { allowSkipPermissions?: boolean },
 ): Promise<number> {
   const args =
-    binary === 'claude'
+    binary === 'claude' && options?.allowSkipPermissions !== false
       ? ['--allow-dangerously-skip-permissions', prompt]
       : [prompt]

The call-sites in handoff-claude.ts would then pass { allowSkipPermissions: true } explicitly, making the intent clear at the call site.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/cli/src/commands/init/lib/handoff-helpers.ts` around lines 28 - 35,
The spawnAgent helper currently always injects
'--allow-dangerously-skip-permissions' for the 'claude' binary; update
spawnAgent to accept an optional options object (e.g., spawnAgent(binary:
'claude' | 'codex', prompt: string, options?: { allowSkipPermissions?: boolean
}) with default allowSkipPermissions = true) and only include the
'--allow-dangerously-skip-permissions' arg when options.allowSkipPermissions is
truthy; adjust the args construction in spawnAgent accordingly and change call
sites such as handoff-claude.ts to pass { allowSkipPermissions: true }
explicitly so callers can opt out when needed.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/cli/src/commands/init/steps/handoff-claude.ts`:
- Around line 55-58: The resume hint currently tells users to re-run with
`--allow-dangerously-skip-permissions`, which only adds bypassPermissions to the
Shift+Tab cycle (not activate it); update the warning message emitted by
p.log.warn (the one using launchPrompt) to use `--dangerously-skip-permissions`
instead if you want the resumed session to immediately activate bypass mode;
alternatively, if you intentionally want the safer behavior, keep the current
flag but add a short clarifying note to the same p.log.warn message explaining
that `--allow-dangerously-skip-permissions` requires pressing Shift+Tab to
activate.

---

Nitpick comments:
In `@packages/cli/src/commands/init/lib/handoff-helpers.ts`:
- Around line 28-35: The spawnAgent helper currently always injects
'--allow-dangerously-skip-permissions' for the 'claude' binary; update
spawnAgent to accept an optional options object (e.g., spawnAgent(binary:
'claude' | 'codex', prompt: string, options?: { allowSkipPermissions?: boolean
}) with default allowSkipPermissions = true) and only include the
'--allow-dangerously-skip-permissions' arg when options.allowSkipPermissions is
truthy; adjust the args construction in spawnAgent accordingly and change call
sites such as handoff-claude.ts to pass { allowSkipPermissions: true }
explicitly so callers can opt out when needed.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0dffb8a5-19fc-4fad-9950-9da84af52d8d

📥 Commits

Reviewing files that changed from the base of the PR and between e57b53f and 254ff11.

📒 Files selected for processing (2)

• packages/cli/src/commands/init/lib/handoff-helpers.ts
• packages/cli/src/commands/init/steps/handoff-claude.ts

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@packages/cli/src/commands/init/lib/handoff-helpers.ts`:
- Around line 32-35: The args construction currently passes the wrong Claude
flag: when binary === 'claude' replace '--allow-dangerously-skip-permissions'
with '--dangerously-skip-permissions' so the CLI immediately skips permission
prompts; update the args ternary that references binary and prompt in
handoff-helpers.ts (the args variable) to use '--dangerously-skip-permissions'
for the claude branch.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 677c3c93-50d0-4bf8-a1cb-d2d1c882bd61

📥 Commits

Reviewing files that changed from the base of the PR and between 254ff11 and 4c9ebca.

📒 Files selected for processing (3)

• .changeset/allow-claude-yolo.md
• packages/cli/src/commands/impl/steps/handoff-claude.ts
• packages/cli/src/commands/init/lib/handoff-helpers.ts

✅ Files skipped from review due to trivial changes (1)

• .changeset/allow-claude-yolo.md

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🌐 Web query:

Claude CLI --allow-dangerously-skip-permissions flag exact behavior does it immediately activate bypass permissions mode or only add to shift tab cycle

💡 Result:

It only adds bypassPermissions to the Shift+Tab permission-mode cycle; it does not immediately start “bypass permissions mode”. The docs describe --allow-dangerously-skip-permissions as: “Add bypassPermissions to the Shift+Tab mode cycle without starting in it.” It lets you begin in a different mode (e.g., plan) and switch to bypass later via Shift+Tab [1]. By contrast, --dangerously-skip-permissions is what actually skips permission prompts immediately (it’s equivalent to starting in --permission-mode bypassPermissions) [1][2]. There’s also a known bug where combining --permission-mode plan with --dangerously-skip-permissions causes bypassPermissions to override plan at startup, underscoring that bypass takes effect at start only for the “dangerously-skip” flag, not for the “allow dangerously skip” flag [3].

Citations:

• 1: https://docs.claude.com/en/docs/claude-code/cli-usage
• 2: https://docs.anthropic.com/en/docs/claude-code/permissions
• 3: [BUG] --dangerously-skip-permissions ignores --permission-mode flag anthropics/claude-code#17544

---

Use --dangerously-skip-permissions instead of --allow-dangerously-skip-permissions to achieve immediate bypass activation.

The current flag only adds bypassPermissions to the Shift+Tab permission-mode cycle without activating it immediately. Per Claude CLI documentation, --allow-dangerously-skip-permissions lets users toggle to bypass mode later via Shift+Tab, while --dangerously-skip-permissions is the flag that actually skips permission prompts at startup. For an unattended integration flow, use the latter.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/cli/src/commands/init/lib/handoff-helpers.ts` around lines 32 - 35,
The args construction currently passes the wrong Claude flag: when binary ===
'claude' replace '--allow-dangerously-skip-permissions' with
'--dangerously-skip-permissions' so the CLI immediately skips permission
prompts; update the args ternary that references binary and prompt in
handoff-helpers.ts (the args variable) to use '--dangerously-skip-permissions'
for the claude branch.

[auxesis]

As it says in the PR description, this is the intended behaviour.

[coderabbitai]

@auxesis, you're right — I misread the intent. The PR deliberately uses --allow-dangerously-skip-permissions to add bypassPermissions to the Shift+Tab cycle as an opt-in, rather than --dangerously-skip-permissions which would force-activate bypass immediately. The doc comment and PR description both make this clear. Apologies for the noise!

---

✏️ Learnings added

Learnt from: auxesis
Repo: cipherstash/stack PR: 433
File: packages/cli/src/commands/init/lib/handoff-helpers.ts:32-35
Timestamp: 2026-05-06T23:48:55.582Z
Learning: In the CipherStash stack CLI (`packages/cli/src/commands/init/lib/handoff-helpers.ts`), the Claude handoff intentionally uses `--allow-dangerously-skip-permissions` (not `--dangerously-skip-permissions`). This adds `bypassPermissions` to the Shift+Tab mode cycle so users can opt into skip-permissions mode during the session, rather than immediately forcing bypass mode at startup. Do not flag this as a bug.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.