feat: increase base permissions for agents

Author: jonathanlab

packages/agent/src/adapters/claude/permission-handlers.ts

@@ -4,6 +4,7 @@ import type {
 } from "@agentclientprotocol/sdk";
 import type { PermissionUpdate } from "@anthropic-ai/claude-agent-sdk";
 import type { Logger } from "@/utils/logger.js";
+import { isToolAllowedForMode } from "./permission-mode-config.js";
 import { buildPermissionOptions, isWriteTool } from "./permission-options.js";
 import {
   getClaudePlansDir,
@@ -421,7 +422,14 @@ function handlePlanFileException(
 export async function evaluateToolPermission(
   context: ToolHandlerContext,
 ): Promise<ToolPermissionResult> {
-  const { toolName } = context;
+  const { toolName, toolInput, session } = context;
+
+  if (isToolAllowedForMode(toolName, session.permissionMode)) {
+    return {
+      behavior: "allow",
+      updatedInput: toolInput as Record<string, unknown>,
+    };
+  }
 
   if (toolName === "ExitPlanMode") {
     return handleExitPlanModeTool(context);

packages/agent/src/adapters/claude/permission-mode-config.ts

@@ -0,0 +1,36 @@
+import type { PermissionMode } from "@anthropic-ai/claude-agent-sdk";
+
+// TODO: Use TwigToolKind here instead.
+const BASE_ALLOWED_TOOLS = new Set([
+  "TodoWrite",
+  "Glob",
+  "Grep",
+  "Read",
+  "LS",
+  "WebSearch",
+  "WebFetch",
+  "Task",
+]);
+
+// TODO: Key this with our own TwigMode type instead of reusing an agents PermissionMode
+const MODE_ALLOWED_TOOLS: Record<PermissionMode, Set<string>> = {
+  default: new Set(),
+  acceptEdits: new Set(["Edit", "Write", "NotebookEdit"]),
+  plan: new Set(),
+  bypassPermissions: new Set(),
+  delegate: new Set(),
+  dontAsk: new Set(),
+};
+
+export function isToolAllowedForMode(
+  toolName: string,
+  mode: PermissionMode,
+): boolean {
+  if (BASE_ALLOWED_TOOLS.has(toolName)) {
+    return true;
+  }
+  if (mode === "bypassPermissions") {
+    return true;
+  }
+  return MODE_ALLOWED_TOOLS[mode]?.has(toolName) ?? false;
+}