fix: skip Claude permissions by default (with opt-out for safety mode)#14
Merged
Conversation
PR #11 (the AppleScript injection hardening) flipped the default for --dangerously-skip-permissions from "always on" to "off unless JARVIS_SKIP_PERMISSIONS=true is set." That was a defense-in-depth addition bundled with the injection fixes, but it's an awful default for a voice-driven assistant: Claude's interactive permission prompts have no UI surface in JARVIS, so subprocess calls silently hang waiting for input nobody can give. This commit keeps the env var as an opt-out toggle but flips its default back to "skip permissions = true", so JARVIS works out of the box. All the injection escapes from #11 are preserved — the actual security win (proper string escaping in AppleScript interpolation) is unaffected. Truth table: unset -> skip = True (default, works OOTB) JARVIS_SKIP_PERMISSIONS=true -> skip = True JARVIS_SKIP_PERMISSIONS=1 -> skip = True JARVIS_SKIP_PERMISSIONS=false-> skip = False (opt-in to prompts) JARVIS_SKIP_PERMISSIONS=0 -> skip = False JARVIS_SKIP_PERMISSIONS=no -> skip = False Updated .env.example comment to reflect the new default.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
PR #11 was a great security hardening, but it bundled a behavior change that doesn't fit JARVIS's UX: it flipped the default for `--dangerously-skip-permissions` from always on to off unless JARVIS_SKIP_PERMISSIONS=true. For a voice-driven assistant, Claude's interactive permission prompts have no UI surface — subprocess calls silently hang.
This PR keeps the env var as an opt-out toggle but flips its default back so JARVIS works out of the box.
All security improvements preserved
The actual injection fixes from #11 — proper AppleScript escaping in 9 call sites, the shared `applescript_escape()` helper, and the unit tests — are unaffected. This commit only touches one line per file (4 files) plus the doc comment in `.env.example`. The escape work is the real security win and it stays.
Behavior table
Test plan
🤖 Generated with Claude Code