From b913c86170e8458f3478afc53fcaabf13b8914cc Mon Sep 17 00:00:00 2001 From: banteg <4562643+banteg@users.noreply.github.com> Date: Sat, 3 Jan 2026 01:03:48 +0400 Subject: [PATCH] feat(claude): default allowed tools (#29) --- docs/runner/claude/claude-runner.md | 3 ++- docs/runner/claude/claude-takopi-events.md | 3 ++- readme.md | 3 ++- src/takopi/runners/claude.py | 6 +++++- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/docs/runner/claude/claude-runner.md b/docs/runner/claude/claude-runner.md index 6e4b661..665760e 100644 --- a/docs/runner/claude/claude-runner.md +++ b/docs/runner/claude/claude-runner.md @@ -78,7 +78,7 @@ default_engine = "claude" [claude] model = "claude-sonnet-4-5-20250929" # optional (Claude Code supports model override in settings too) -allowed_tools = ["Bash", "Read", "Edit"] # optional but strongly recommended for automation +allowed_tools = ["Bash", "Read", "Edit", "Write"] # optional but strongly recommended for automation dangerously_skip_permissions = false # optional (high risk; prefer sandbox use only) use_api_billing = false # optional (keep ANTHROPIC_API_KEY for API billing) ``` @@ -87,6 +87,7 @@ Notes: * `--allowedTools` exists specifically to auto-approve tools in programmatic runs. ([Claude Code][1]) * Claude Code tools (Bash/Edit/Write/WebSearch/etc.) and whether permission is required are documented. ([Claude Code][2]) +* If `allowed_tools` is omitted, Takopi defaults to `["Bash", "Read", "Edit", "Write"]`. * Takopi only reads `model`, `allowed_tools`, `dangerously_skip_permissions`, and `use_api_billing` from `[claude]`. * By default Takopi strips `ANTHROPIC_API_KEY` from the subprocess environment so Claude uses subscription billing. Set `use_api_billing = true` to keep the key. diff --git a/docs/runner/claude/claude-takopi-events.md b/docs/runner/claude/claude-takopi-events.md index 76b54e9..53bc34d 100644 --- a/docs/runner/claude/claude-takopi-events.md +++ b/docs/runner/claude/claude-takopi-events.md @@ -221,10 +221,11 @@ A minimal TOML config for Claude: # model: opus | sonnet | haiku model = "sonnet" -allowed_tools = ["Bash", "Read", "Write", "WebSearch"] +allowed_tools = ["Bash", "Read", "Edit", "Write", "WebSearch"] dangerously_skip_permissions = false use_api_billing = false ``` Takopi only maps these keys to Claude CLI flags; other options should be configured in Claude Code settings. +If `allowed_tools` is omitted, Takopi defaults to `["Bash", "Read", "Edit", "Write"]`. When `use_api_billing` is false (default), Takopi strips `ANTHROPIC_API_KEY` from the Claude subprocess environment to prefer subscription billing. diff --git a/readme.md b/readme.md index 695389c..a74ee32 100644 --- a/readme.md +++ b/readme.md @@ -55,7 +55,8 @@ profile = "takopi" [claude] model = "sonnet" -allowed_tools = ["Bash", "Read", "Write", "WebSearch"] +# optional: defaults to ["Bash", "Read", "Edit", "Write"] +allowed_tools = ["Bash", "Read", "Edit", "Write", "WebSearch"] dangerously_skip_permissions = false # uses subscription by default, override to use api billing use_api_billing = false diff --git a/src/takopi/runners/claude.py b/src/takopi/runners/claude.py index d1756c5..1dcb2c7 100644 --- a/src/takopi/runners/claude.py +++ b/src/takopi/runners/claude.py @@ -25,6 +25,7 @@ logger = logging.getLogger(__name__) ENGINE: EngineId = EngineId("claude") STDERR_TAIL_LINES = 200 +DEFAULT_ALLOWED_TOOLS = ["Bash", "Read", "Edit", "Write"] _RESUME_RE = re.compile( r"(?im)^\s*`?claude\s+(?:--resume|-r)\s+(?P[^`\s]+)`?\s*$" @@ -539,7 +540,10 @@ def build_runner(config: EngineConfig, _config_path: Path) -> Runner: claude_cmd = "claude" model = config.get("model") - allowed_tools = config.get("allowed_tools") + if "allowed_tools" in config: + allowed_tools = config.get("allowed_tools") + else: + allowed_tools = DEFAULT_ALLOWED_TOOLS dangerously_skip_permissions = config.get("dangerously_skip_permissions") is True use_api_billing = config.get("use_api_billing") is True title = str(model) if model is not None else "claude"