back out bypassPermissions: claude refuses it under root uid

claude-code rejects --dangerously-skip-permissions / defaultMode= bypassPermissions when running as root, which all hyperhive containers do. revert to the previous explicit allow-list plumbing (per-flavor list spliced into permissions.allow + --tools enable list), keep TodoWrite out of the built-in allow set, and keep the deny list (TodoWrite, WebFetch, WebSearch, Task) as belt-and-braces in case anything sneaks past the allow gate.
2026-05-16 15:58:41 +02:00 · 2026-05-16 15:58:41 +02:00 · 7ec658851a
commit 7ec658851a
parent 36c7f3d1c7
3 changed files with 82 additions and 27 deletions
--- a/hive-ag3nt/prompts/claude-settings.json
+++ b/hive-ag3nt/prompts/claude-settings.json
@ -1,9 +1,5 @@
 {
  "autoCompactEnabled": false,
  "autoMemoryEnabled": false,
-  "effortLevel": "medium",
-  "permissions": {
-    "defaultMode": "bypassPermissions",
-    "deny": ["WebFetch", "WebSearch", "Task", "TodoWrite"]
-  }
+  "effortLevel": "medium"
 }