Context
Claude Code's control protocol for permissions only supports binary "allow" / "deny" responses via control_response. There is no protocol-level mechanism to communicate "always allow this tool" — the native Claude Code TUI handles this entirely client-side by remembering the user's choice and auto-replying to matching future requests.
Current Workaround
We are implementing session-level always-allow caching in the sandbox-agent daemon layer (#136 related). When a user replies "always" via the Gigacode/OpenCode UI, the daemon stores the decision and auto-replies "allow" to matching future control_request events from Claude.
Proposal
Investigate whether Claude's control protocol could natively support an "always allow" behavior flag (e.g. "behavior": "allowAlways") that would tell the Claude agent process to stop emitting control_request for matching tools, rather than requiring the daemon to intercept and auto-reply.
This would reduce latency (no round-trip through the daemon for auto-approved permissions) and align with how Codex (acceptForSession) and OpenCode (always) handle this natively.
Priority
Low — the daemon-side workaround is sufficient. This is a nice-to-have for protocol cleanliness.
🤖 Generated with Claude Code
Context
Claude Code's control protocol for permissions only supports binary
"allow"/"deny"responses viacontrol_response. There is no protocol-level mechanism to communicate "always allow this tool" — the native Claude Code TUI handles this entirely client-side by remembering the user's choice and auto-replying to matching future requests.Current Workaround
We are implementing session-level always-allow caching in the sandbox-agent daemon layer (#136 related). When a user replies "always" via the Gigacode/OpenCode UI, the daemon stores the decision and auto-replies
"allow"to matching futurecontrol_requestevents from Claude.Proposal
Investigate whether Claude's control protocol could natively support an "always allow" behavior flag (e.g.
"behavior": "allowAlways") that would tell the Claude agent process to stop emittingcontrol_requestfor matching tools, rather than requiring the daemon to intercept and auto-reply.This would reduce latency (no round-trip through the daemon for auto-approved permissions) and align with how Codex (
acceptForSession) and OpenCode (always) handle this natively.Priority
Low — the daemon-side workaround is sufficient. This is a nice-to-have for protocol cleanliness.
🤖 Generated with Claude Code