Skip to content

[P2] Mode transition safety (strip dangerous perms on auto) #444

Description

@quangdang46

Mode Transition Safety

Priority: P2 · Effort: 0.5 day

Current

cycle_mode() blindly switches to next mode. Switching from BypassPermissions to Auto keeps all dangerous allow rules active.

Target (Claude Code parity)

When entering Auto mode, strip dangerously broad allow rules (bash, write, edit, patch, webfetch, subagent).

Implementation

  1. Add is_dangerous_allow_rule() check in dcg_bridge.rs
  2. Add strip_dangerous_permissions_for_mode() that removes dangerous rules before entering Auto
  3. Call in cycle_mode() when target mode is Auto

Acceptance Criteria

  • Dangerous tools (bash, write, edit) are removed from allow-list when entering Auto
  • Safe tools (read, glob, grep) remain in allow-list
  • Warning shown if permissions were stripped

Metadata

Metadata

Assignees

No one assigned

    Labels

    P2Nice to havepermissionsPermission system

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions