fix(client): add spec_dir to SDK permissions (#429)

When running in isolated mode (worktree), the spec directory may be
outside the project_dir path. This caused permission errors when the
agent tried to write to implementation_plan.json or other spec files.

Added explicit Read/Write/Edit permissions for spec_dir path.
This commit is contained in:
Mitsu
2025-12-30 15:55:56 +01:00
committed by GitHub
parent 62a7551571
commit 88c7605985
+5
View File
@@ -182,6 +182,7 @@ def create_client(
# Note: Using both relative paths ("./**") and absolute paths to handle
# cases where Claude uses absolute paths for file operations
project_path_str = str(project_dir.resolve())
spec_path_str = str(spec_dir.resolve())
security_settings = {
"sandbox": {"enabled": True, "autoAllowBashIfSandboxed": True},
"permissions": {
@@ -200,6 +201,10 @@ def create_client(
f"Edit({project_path_str}/**)",
f"Glob({project_path_str}/**)",
f"Grep({project_path_str}/**)",
# Allow spec directory explicitly (needed when spec is in worktree)
f"Read({spec_path_str}/**)",
f"Write({spec_path_str}/**)",
f"Edit({spec_path_str}/**)",
# Bash permission granted here, but actual commands are validated
# by the bash_security_hook (see security.py for allowed commands)
"Bash(*)",