diff --git a/registry/coder/modules/claude-code/main.test.ts b/registry/coder/modules/claude-code/main.test.ts index 19ab98c04..ba11135bf 100644 --- a/registry/coder/modules/claude-code/main.test.ts +++ b/registry/coder/modules/claude-code/main.test.ts @@ -180,6 +180,8 @@ describe("claude-code", async () => { "cat /home/coder/.claude-module/agentapi-start.log", ]); expect(startLog.stdout).toContain(`--permission-mode ${mode}`); + // Auto mode should not include --dangerously-skip-permissions + expect(startLog.stdout).not.toContain("--dangerously-skip-permissions"); }); test("claude-model", async () => { @@ -228,9 +230,48 @@ SESSIONEOF`, expect(startLog.stdout).toContain("--resume"); expect(startLog.stdout).toContain(taskSessionId); expect(startLog.stdout).toContain("Resuming task session"); + // Default (no permission_mode) should still include --dangerously-skip-permissions expect(startLog.stdout).toContain("--dangerously-skip-permissions"); }); + test("claude-continue-resume-task-session-auto-mode", async () => { + const { id } = await setup({ + moduleVariables: { + continue: "true", + report_tasks: "true", + permission_mode: "auto", + ai_prompt: "test prompt", + }, + }); + + // Create a mock task session file with the hardcoded task session ID + const taskSessionId = "cd32e253-ca16-4fd3-9825-d837e74ae3c2"; + const sessionDir = `/home/coder/.claude/projects/-home-coder-project`; + await execContainer(id, ["mkdir", "-p", sessionDir]); + await execContainer(id, [ + "bash", + "-c", + `cat > ${sessionDir}/${taskSessionId}.jsonl << 'SESSIONEOF' +{"sessionId":"${taskSessionId}","message":{"content":"Task"},"timestamp":"2020-01-01T10:00:00.000Z"} +{"type":"assistant","message":{"content":"Response"},"timestamp":"2020-01-01T10:00:05.000Z"} +SESSIONEOF`, + ]); + + await execModuleScript(id); + + const startLog = await execContainer(id, [ + "bash", + "-c", + "cat /home/coder/.claude-module/agentapi-start.log", + ]); + expect(startLog.stdout).toContain("--resume"); + expect(startLog.stdout).toContain(taskSessionId); + expect(startLog.stdout).toContain("Resuming task session"); + expect(startLog.stdout).toContain("--permission-mode auto"); + // Auto mode should NOT include --dangerously-skip-permissions + expect(startLog.stdout).not.toContain("--dangerously-skip-permissions"); + }); + test("pre-post-install-scripts", async () => { const { id } = await setup({ moduleVariables: { diff --git a/registry/coder/modules/claude-code/scripts/start.sh b/registry/coder/modules/claude-code/scripts/start.sh index 2df8fce12..b7e9e8d42 100644 --- a/registry/coder/modules/claude-code/scripts/start.sh +++ b/registry/coder/modules/claude-code/scripts/start.sh @@ -195,10 +195,19 @@ function start_agentapi() { if task_session_exists && is_valid_session "$session_file"; then echo "Resuming task session: $TASK_SESSION_ID" - ARGS+=(--resume "$TASK_SESSION_ID" --dangerously-skip-permissions) + ARGS+=(--resume "$TASK_SESSION_ID") + # Only add --dangerously-skip-permissions when no explicit permission mode + # is set (backward compat) or when bypassPermissions is chosen. + # Other modes like "auto" handle permissions themselves. + if [ -z "$ARG_PERMISSION_MODE" ] || [ "$ARG_PERMISSION_MODE" = "bypassPermissions" ]; then + ARGS+=(--dangerously-skip-permissions) + fi else echo "Starting new task session: $TASK_SESSION_ID" - ARGS+=(--session-id "$TASK_SESSION_ID" --dangerously-skip-permissions) + ARGS+=(--session-id "$TASK_SESSION_ID") + if [ -z "$ARG_PERMISSION_MODE" ] || [ "$ARG_PERMISSION_MODE" = "bypassPermissions" ]; then + ARGS+=(--dangerously-skip-permissions) + fi [ -n "$ARG_AI_PROMPT" ] && ARGS+=(-- "$ARG_AI_PROMPT") fi