diff --git a/src/shard.rs b/src/shard.rs
index 70ba255..f2029e6 100644
--- a/src/shard.rs
+++ b/src/shard.rs
@@ -21,6 +21,12 @@ use crate::paths;
 /// Followed by SYSTEM.md content at runtime. Source: `prompts/shard_preamble.md`.
 const SYSTEM_PROMPT_PREAMBLE: &str = include_str!("../prompts/shard_preamble.md");
 
+/// Permissions JSON passed via --settings. Without this, WebFetch and
+/// WebSearch fall back to interactive permission prompts, which the daemon
+/// has no way to answer (claude is a child process). Allowing them broadly
+/// is fine: the lab is sandboxed, and the tools are read-only HTTP GET.
+const SHARD_SETTINGS_JSON: &str = r#"{"permissions":{"allow":["WebFetch","WebSearch"]}}"#;
+
 /// One stream-json event from claude's stdout. Only fields we care about.
 #[derive(Debug, Deserialize)]
 #[serde(tag = "type")]
@@ -131,6 +137,8 @@ impl ShardSession {
             &cfg.mcp_config_path.to_string_lossy(),
             "--system-prompt",
             &system_prompt,
+            "--settings",
+            SHARD_SETTINGS_JSON,
         ]);
         cmd.current_dir(&identity_dir);
         cmd.stdin(Stdio::piped());