fix(claude-code): subscription mode silently generates empty docs when bypassPermissions is unavailable#70
Open
7nohe wants to merge 1 commit into
Open
Conversation
claude-code subscription runs finished with an empty module tree and no markdown while the agent falsely reported success. Two causes, both stemming from the session not being in true bypassPermissions (an org managed policy can disable bypass, downgrading --dangerously-skip-permissions to acceptEdits): 1. Workspace boundary: acceptEdits only auto-approves reads/edits inside the working dir; caw chdir's into the output subdir, so source files in the parent repo are denied. Pin cwd to the repo root for claude-code (str_replace_editor writes via absolute paths, so --output is honored). Codex keeps the output-dir cwd for its native file_change. 2. MCP tools: acceptEdits does not auto-approve --mcp-config tools, so CodeWiki's own toolkit was denied. caw only emits --disallowedTools; wrap subprocess.Popen to inject --allowedTools mcp__<server> for each server in the --mcp-config. Belongs upstream in caw's ClaudeCodeSession. Comments cite the official Claude Code permission-mode / CLI docs. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
On the
claude-codesubscription backend,codewiki generatecan finish with exit 0 and print✓ Documentation generated successfully!while actually writing no markdown and an emptymodule_tree.json({}). The agent even reports "I've generated comprehensive documentation" — a hallucinated success — because its tool calls were silently denied.This PR makes subscription mode actually write documentation.
Reproduction
Verbose log shows the agent's tool calls denied:
Result:
overview.md/module docs missing,module_tree.json == {}, exit 0.Root cause
Two issues, both rooted in the claude session not running in true
bypassPermissions.caw'sClaudeCodeSessionlaunchesclaudewith--dangerously-skip-permissions, which is documented as equivalent to--permission-mode bypassPermissions. But bypass can be disabled by an organization's managed policy, in which case the flag is downgraded toacceptEdits. (Confirmed directly:claude -p --dangerously-skip-permissionsand even--permission-mode bypassPermissionsreportedpermissionMode: acceptEditson a managed org account.)Under
acceptEdits:Workspace boundary. Auto-approval is limited to reads/edits inside the working directory / additionalDirectories; paths outside prompt (= denied in non-interactive
-p).CawBackend._run_module_agent_syncchdirs into the output subdir (needed for codex's nativefile_change), so the source tree in the parent repo is out of scope and every sourceReadis denied.MCP-server tools are not auto-approved. Tools from servers added via
--mcp-configneed an explicit--allowedToolsunderacceptEdits;--dangerously-skip-permissionsalone does not grant them.caw'sClaudeCodeSessiononly ever emits--disallowedTools, so CodeWiki's own toolkit (str_replace_editor,read_code_components,generate_sub_module_documentation) is denied.claude -p --dangerously-skip-permissions "call mcp tool X"→ denied; adding--allowedTools mcp__server→ allowed.(The
codexbackend already sidesteps this by mapping to--dangerously-bypass-approvals-and-sandbox; theclaude-codepath had no equivalent.)Fix
In
codewiki/src/be/caw_backend.py:claude-code, pin the agent's cwd to the repo root instead of the output subdir.str_replace_editorwrites via an absolutedepspath, so--outputis still honored, and the source tree is now inside the workspace. (codex keeps the output-dir cwd for its nativefile_change.)subprocess.Popenso anyclaudecommand carrying--mcp-configalso gets--allowedTools mcp__<server>for every server in that config. This grants CodeWiki's own toolkit.Verification
confluence-md(TypeScript, 28 source files),--provider claude-code:module_tree.json == {}, exit 0 (false success).overview.mdgenerated (1275 lines, 11 Mermaid diagrams), 0 permission denials.Notes
--allowedTools) really belongs upstream incaw'sClaudeCodeSession(it should allow-list its own toolkit servers, mirroring what it does for codex). ThePopenwrapper here is a stopgap; happy to move it if you prefer.bypassPermissions(a common enterprise policy). On accounts where--dangerously-skip-permissionsyields true bypass, the failure may not appear — but the fix is harmless there and makes the tool robust under restricted permission modes.