From 2192c32b317887b63361d1caa590231295932042 Mon Sep 17 00:00:00 2001
From: Melanie Li <melanie@example.com>
Date: Thu, 19 Mar 2026 02:41:23 +0000
Subject: [PATCH] fix: use --permission-mode bypassPermissions instead of
 --dangerously-skip-permissions

CodeBuild runs as root. Claude Code v2.1.79 refuses to use
--dangerously-skip-permissions with root/sudo privileges:
'--dangerously-skip-permissions cannot be used with root/sudo privileges
for security reasons'

This caused ALL Claude Code invocations to silently fail with empty
output, resulting in 0 tokens, 0 tool calls, and artificially low
scores in any CI/CD environment running as root.

Fix: Replace --dangerously-skip-permissions with
--permission-mode bypassPermissions, which achieves the same effect
but is allowed for root users.
---
 skill_eval/agent_runner.py | 4 ++--
 tests/test_agent_runner.py | 3 ++-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/skill_eval/agent_runner.py b/skill_eval/agent_runner.py
index d60d3a5..d8da247 100644
--- a/skill_eval/agent_runner.py
+++ b/skill_eval/agent_runner.py
@@ -140,7 +140,7 @@ def _build_cmd_with_skill(self, prompt: str, skill_path: str) -> list[str]:
         skill_content = self._read_skill_content(skill_path)
         cmd = [
             self.CLI_NAME, "-p", prompt,
-            "--dangerously-skip-permissions",
+            "--permission-mode", "bypassPermissions",
             "--allowedTools", "Read", "Glob", "Grep", "Bash", "Write", "Edit",
         ]
         if skill_content:
@@ -162,7 +162,7 @@ def _build_cmd_without_skill(self, prompt: str) -> list[str]:
         """Build claude CLI argument list for running WITHOUT a skill."""
         return [
             self.CLI_NAME, "-p", prompt,
-            "--dangerously-skip-permissions",
+            "--permission-mode", "bypassPermissions",
             "--allowedTools", "Read", "Glob", "Grep", "Bash", "Write", "Edit",
         ]
 
diff --git a/tests/test_agent_runner.py b/tests/test_agent_runner.py
index 7193f3f..9d88054 100644
--- a/tests/test_agent_runner.py
+++ b/tests/test_agent_runner.py
@@ -405,7 +405,8 @@ def test_build_cmd_without_skill(self):
         assert "claude" == cmd[0]
         assert "-p" in cmd
         assert "test prompt" in cmd
-        assert "--dangerously-skip-permissions" in cmd
+        assert "--permission-mode" in cmd
+        assert "bypassPermissions" in cmd
         assert "--allowedTools" in cmd
 
     def test_build_cmd_with_skill_no_skill_md(self, tmp_path):