Claude Code Keeps Asking for Permission — How to Handle It
Three options for handling Claude Code's approval gates: disable them entirely with --dangerously-skip-permissions, auto-approve specific tools, or handle them remotely from your phone with Grass.
Claude Code pauses before running bash commands, writing files, or fetching URLs and asks you to approve. This is by design — it prevents autonomous destructive actions. Three options exist for handling these gates: disable them entirely with --dangerously-skip-permissions, configure auto-approval for specific tool types, or handle them remotely from your phone with Grass so the session never stalls.
TL;DR
- Claude Code permission gates are a safety feature, not a bug — they prevent the agent from taking destructive actions without oversight
--dangerously-skip-permissions: disables all gates; appropriate only in isolated environments (containers, throwaway VMs)/allowed-toolsconfig: auto-approve specific tool categories while keeping gates on others- Grass: surfaces each agent approval gate as a native phone modal the moment it arrives — one tap to approve or deny, from anywhere
Why Claude Code asks for permission
Claude Code operates with a permission model: before running a bash command, writing to a file, or fetching a URL, it presents the planned action and waits for approval. This is documented in the Claude Code running tasks guide.
The design intent is containment. An AI coding agent with unrestricted execution access can delete files, install packages, make network requests, or modify configuration — all potentially irreversible. The permission model keeps a human in the loop for each consequential action.
The problem isn't the model — it's the location. Approval gates only surface in the terminal where Claude Code is running. Step away from that terminal, and gates stack up silently. You return to find the session has been waiting on a one-word response for the past 40 minutes.
Option 1: --dangerously-skip-permissions
claude --dangerously-skip-permissions
This flag disables all approval gates. Claude Code runs fully autonomously — no pauses, no prompts, maximum speed.
When it's appropriate:
- Docker containers used as isolated development environments
- Throwaway VMs provisioned for a single task
- CI pipeline integration where the codebase is already in a controlled state
- Sandboxed environments where the blast radius of a bad command is contained
When it's not appropriate:
- Your development machine with production credentials in
~/.aws,~/.ssh, or environment variables - Any machine with files you can't afford to lose
- Shared servers or environments where other services are running
The flag name is deliberate. It's not --skip-permissions or --autonomous-mode — it's --dangerously-skip-permissions. Use it in environments where "dangerous" is acceptable.
Option 2: /allowed-tools — auto-approve specific tool types
Claude Code can be configured to auto-approve specific tool categories while maintaining gates on others. This is the middle path.
In your project's .claude/settings.json:
{
"permissions": {
"allow": [
"Read",
"Glob",
"Grep"
],
"deny": []
}
}
With this configuration, file read operations are auto-approved. Write operations, bash commands, and URL fetches still require explicit approval.
You can also configure this interactively during a session with the /allowed-tools command. See the Claude Code CLI reference for the full list of tool names and permission configuration syntax.
When it's useful:
- Tasks where reading files is routine but writes need oversight
- Exploration and analysis tasks where the agent needs to read widely but you want to review any changes
- Situations where you trust read operations but not execution
The limitation: You're still only approving tool categories, not individual actions. A Bash auto-approval allows all bash commands, not just the safe ones. Review what you're auto-approving before enabling it.
Option 3: Grass — handle gates remotely from your phone
Grass keeps the full permission model intact. Nothing is auto-approved or skipped. Instead, approval gates are surfaced as native modals on your phone the moment they arrive — regardless of where you are.
When Claude Code pauses for a permission request, the gate appears on your phone screen immediately, even if you're not actively using the Grass app. One tap to approve or deny. The session continues. Full oversight, zero desk requirement.
This is purpose-built for the scenario where you step away but still want control — a commute, a meeting, overnight — where --dangerously-skip-permissions would be inappropriate.
How to set up Grass for remote permission handling
Step 1: Install the Grass CLI
npm install -g @grass-ai/ide
Requires Node.js 18+.
Step 2: Start the Grass server
In the project directory where Claude Code is running (or a second tmux window):
grass start
This starts a local server on a port in the 32100–32199 range and displays a QR code.
Step 3: Scan from the Grass app
Download Grass from the iOS App Store or use the Android PWA. Open the app, scan the QR code. The server is saved.
Step 4: Start your Claude Code session
Run claude in the project directory. Each time Claude Code hits a permission gate, a modal appears on your phone. Approve or deny — the session continues immediately.
The global permission manager: Grass aggregates gates from all connected servers. If you're running multiple Claude Code sessions in parallel — each in its own tmux window with its own grass start — all their gates surface in sequence in the single Grass app. You handle them one by one without switching between sessions.
For mobile coding agent access beyond the local network: grass start --network tailscale (requires Tailscale on both machine and phone).
Which option is right for you?
| Scenario | Best option |
|---|---|
| Isolated container, CI, throwaway VM | --dangerously-skip-permissions |
| Development machine, routine read operations | /allowed-tools auto-approve reads |
| Stepping away but want full oversight | Grass |
| Overnight run on a machine with sensitive credentials | Grass |
| Running multiple agents in parallel | Grass (global permission manager) |
Frequently asked questions
Why does Claude Code ask for permission before every action?
Claude Code's permission model exists to prevent unreviewed destructive actions. Before running a bash command, writing a file, or fetching a URL, it surfaces the planned action and waits for approval. This is a deliberate safety design — it keeps a human in the loop for consequential operations.
How do I stop Claude Code from asking for approval every time?
Two options: --dangerously-skip-permissions disables all gates (appropriate only in isolated environments). /allowed-tools configuration auto-approves specific tool categories (Read, Glob, Grep) while keeping gates on others. For most development workflows, neither is necessary — Grass lets you approve gates remotely so they don't block your session.
What is --dangerously-skip-permissions in Claude Code?
claude --dangerously-skip-permissions disables all tool approval gates. Claude Code runs fully autonomously with no permission prompts. The flag is appropriate in isolated environments (containers, throwaway VMs, CI pipelines) where a bad command can't cause serious damage. It's not appropriate on machines with production credentials or important files.
Is it safe to use --dangerously-skip-permissions?
In isolated environments: yes. On a development machine with real credentials and important files: no. Evaluate the blast radius — if Claude Code runs rm -rf ./ in a throwaway container, that's acceptable. If it runs that command in your home directory, it's not.
How do I configure Claude Code to auto-approve certain tools?
Add a permissions.allow array to .claude/settings.json in your project directory. List the tool names to auto-approve (e.g., "Read", "Glob", "Grep"). Write, Bash, and other unlisted tools will still require approval. Use the /allowed-tools command during an active session for interactive configuration.
How do I approve Claude Code tool requests when I'm not at my laptop?
Grass. Install the CLI (npm install -g @grass-ai/ide), run grass start in the project directory, and scan the QR code from the Grass app. Each permission request appears as a native modal on your phone the moment Claude Code pauses. One tap to approve or deny.
Can I approve Claude Code permission requests from my phone?
Yes, with Grass. The Grass app surfaces each gate as a native modal — not an email notification, not a delayed alert, but an immediate interactive prompt. Tap Approve or Deny. Claude Code continues immediately without any additional interaction.