feat: Enable YOLO Mode for Insights Chat Agent

[PatD42]

Insights chats should use the YOLO Mode configuration.

Changes

• Add --dangerously-skip-permissions CLI argument to insights_runner.py
• Configure ClaudeSDKClient with permission bypass settings when flag is enabled
• Update insights-handlers.ts to read dangerouslySkipPermissions from settings and pass to service
• Update InsightsService.sendMessage() to accept and forward dangerouslySkipPermissions parameter
• Update InsightsExecutor.execute() to add --dangerously-skip-permissions flag

Implementation Details

Backend (insights_runner.py)

• Adds --dangerously-skip-permissions CLI argument
• Creates security settings based on flag:
  • YOLO Mode: defaultMode: 'bypassPermissions' with wildcard allow
  • Standard Mode: Sandbox with restrictive project-path-only permissions
• Uses tempfile for cross-platform temp file creation
• Properly cleans up temp file in finally block

Frontend

• insights-executor.ts: Adds YOLO_MODE_FLAG constant and conditionally includes flag in spawn args
• insights-service.ts: Adds dangerouslySkipPermissions parameter to sendMessage()
• insights-handlers.ts: Reads dangerouslySkipPermissions from settings asynchronously

Testing

• ✅ All existing insights tests passing
• ✅ TypeScript compilation successful
• ✅ Cross-platform compatible (uses tempfile for temp settings file)

Related

Closes #1 (original PR)

Co-Authored-By: Claude Sonnet 4.5 noreply@anthropic.com

Summary by CodeRabbit

• New Features
  • Added --dangerously-skip-permissions CLI flag enabling unrestricted execution mode for insights operations
  • Introduced configurable permission bypass setting in the application
  • New setting propagated across backend and frontend layers; restrictive permissions applied by default when disabled

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

A "YOLO mode" feature is implemented across the frontend and backend layers, allowing the insights system to bypass permission checks via a dangerously_skip_permissions flag. The flag propagates from IPC handlers through service and executor layers to the Python backend, where temporary security settings files are generated and cleaned up accordingly.

Changes

Cohort / File(s)	Summary
Backend Permission Bypass Implementation apps/backend/runners/insights_runner.py	Added dangerously_skip_permissions parameter to run_with_sdk() and CLI (--dangerously-skip-permissions). Creates temporary JSON security settings file with bypassPermissions mode when enabled, or restrictive sandbox settings when disabled. Includes cleanup logic for temporary files on completion. Updated logging to track the flag state.
Frontend Service Layer apps/frontend/src/main/insights-service.ts	Extended InsightsService.sendMessage() signature to accept optional dangerouslySkipPermissions parameter and propagate it to InsightsExecutor.execute().
Frontend Executor Layer apps/frontend/src/main/insights/insights-executor.ts	Added YOLO_MODE_FLAG constant (--dangerously-skip-permissions). Extended InsightsExecutor.execute() signature with optional dangerouslySkipPermissions parameter. Appends the flag to Python subprocess arguments when enabled.
Frontend IPC Handlers apps/frontend/src/main/ipc-handlers/insights-handlers.ts	Reads settings to determine dangerouslySkipPermissions flag. Propagates flag to insightsService.sendMessage(). Added error handling with structured error reporting via safeSendToRenderer.

Sequence Diagram

sequenceDiagram
    actor User
    participant IPC as IPC Handler
    participant Service as InsightsService
    participant Executor as InsightsExecutor
    participant Python as Python Backend

    User->>IPC: sendMessage request
    IPC->>IPC: Read settings for dangerouslySkipPermissions
    IPC->>Service: sendMessage(..., dangerouslySkipPermissions)
    Service->>Executor: execute(..., dangerouslySkipPermissions)
    Executor->>Executor: Check dangerouslySkipPermissions flag
    alt YOLO Mode Enabled
        Executor->>Executor: Append --dangerously-skip-permissions to args
    else YOLO Mode Disabled
        Executor->>Executor: Use default arguments
    end
    Executor->>Python: Spawn subprocess with arguments
    Python->>Python: Create temporary security settings file
    alt dangerously_skip_permissions = true
        Python->>Python: Set bypassPermissions mode with allow ["*"]
    else dangerously_skip_permissions = false
        Python->>Python: Set restrictive sandbox (Read/Glob/Grep only)
    end
    Python->>Python: Pass settings file to ClaudeSDKClient
    Python->>Python: Execute with SDK
    Python->>Python: Cleanup temporary settings file
    Python-->>Executor: Return results
    Executor-->>Service: Return response
    Service-->>IPC: Return response
    IPC-->>User: Send response

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

feature, area/frontend, 🔄 Checking, size/M

Poem

🐰 A YOLO mode hops into view,
With dangerously\_skip permissions through and through,
From frontend to Python, the flag takes flight,
Bypassing checks with all its might—
Temporary files cleaned, the system stays tight! ✨

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 75.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Linked Issues check	❓ Inconclusive	The linked issue (#1: Auto claude/add followup on done task) lacks concrete coding requirements, making compliance assessment impossible.	Clarify the specific coding requirements in the linked issue or link to issues with explicit requirements related to YOLO Mode implementation.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately describes the main change: enabling YOLO Mode for the Insights Chat Agent, which matches the core objective of adding the dangerously-skip-permissions flag.
Out of Scope Changes check	✅ Passed	All changes are scoped to implementing the dangerously-skip-permissions feature: backend security settings logic, frontend flag propagation, IPC handling, and CLI integration.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Summary of Changes

Hello @PatD42, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request integrates a "YOLO Mode" into the Insights Chat Agent, providing an option to disable filesystem permission checks for the underlying Claude SDK client. This feature allows for more flexible interaction with the codebase by the AI agent, while also clearly marking the associated security implications. The changes span both the backend Python runner and the frontend TypeScript services to ensure end-to-end support for this new configuration.

Highlights

• Backend Permissions Control: Introduced a "YOLO Mode" via the --dangerously-skip-permissions CLI argument in insights_runner.py, allowing the Claude SDK client to bypass all filesystem permission checks.
• Dynamic Security Configuration: The backend now dynamically configures Claude SDK security settings, applying a permissive "bypassPermissions" mode when "YOLO Mode" is active, and a restrictive sandbox mode otherwise.
• Temporary Settings Management: Implemented the use of Python's tempfile module in the backend to create and manage temporary JSON files for security settings, ensuring proper cleanup after execution.
• Frontend Integration: The frontend (insights-handlers.ts, insights-service.ts, insights-executor.ts) has been updated to read the dangerouslySkipPermissions setting from user preferences and pass it through to the backend Python runner.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request successfully introduces a "YOLO Mode" for the Insights Chat Agent, which allows bypassing permission checks via a --dangerously-skip-permissions flag. The implementation is solid, spanning both the Python backend and the TypeScript frontend. I appreciate the clear and dangerous naming of the flag. The use of a temporary file for security settings is handled correctly, including cleanup in a finally block. I've included a couple of minor suggestions for the Python runner to improve robustness and clarity.

[gemini-code-assist]

These relative path permissions (./**) are redundant. The agent's current working directory (cwd) is set to project_path on line 237, so the absolute path permissions on lines 206-208 already cover this scope. Removing these duplicates simplifies the configuration.

[gemini-code-assist]

Catching the broad Exception class can mask unexpected issues. It's better to catch a more specific exception. For file cleanup operations like os.unlink, catching OSError is more appropriate as it specifically handles file-related errors (like FileNotFoundError) without suppressing other potential problems.

Suggested change

	except Exception:
	# Ignore cleanup errors silently
	pass
	except OSError:
	# Ignore cleanup errors silently
	pass

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

apps/frontend/src/main/ipc-handlers/insights-handlers.ts (1)

68-75: Error message should use i18n translation keys.

Per coding guidelines, all user-facing text in the frontend must use i18n translation keys from react-i18next. The error message on line 74 uses a hardcoded string.

Suggested fix using i18n interpolation

-        safeSendToRenderer(
-          getMainWindow,
-          IPC_CHANNELS.INSIGHTS_ERROR,
-          projectId,
-          `Failed to send message: ${errorMessage}`
-        );
+        safeSendToRenderer(
+          getMainWindow,
+          IPC_CHANNELS.INSIGHTS_ERROR,
+          projectId,
+          { key: 'errors:insights.sendMessageFailed', params: { error: errorMessage } }
+        );

Note: The exact implementation depends on how your error rendering handles i18n keys. You may need to adjust based on your existing error handling patterns. Based on coding guidelines.

apps/backend/runners/insights_runner.py (1)

216-238: Remove invalid settings parameter from ClaudeAgentOptions.

The settings parameter is not supported by ClaudeAgentOptions. According to the Claude Agent SDK documentation, use setting_sources instead, which accepts a list of strings like ["project"], ["user"], or ["local"] to load filesystem-based settings. The current code passes a file path to an unsupported parameter, which will cause a runtime error. Consider either:

1. Removing this parameter and using setting_sources=["project"] if loading CLAUDE.md configurations
2. Or, passing security settings through permissionMode and allowDangerouslySkipPermissions parameters if bypassing permissions is the goal

🤖 Fix all issues with AI agents

In `@apps/backend/runners/insights_runner.py`:
- Around line 320-328: The finally block that unlinks settings_file currently
swallows exceptions silently; update the except Exception handler in
insights_runner.py (the finally block that references settings_file and calls
debug("insights_runner", "Cleaned up security settings file",
path=settings_file)) to catch the exception as e and emit a debug-level log
including the exception details (e) and context (e.g., path=settings_file)
instead of a silent pass so cleanup failures are recorded for troubleshooting.
- Around line 189-197: Update the CLI help text for the
--dangerously-skip-permissions option to a stronger warning: locate where the
flag dangerously_skip_permissions and its help/description string are defined
(the --dangerously-skip-permissions option) and replace the current message
"Skip filesystem permission checks (DANGEROUS - use only in trusted
environments)" with a clearer, stronger message such as "DANGEROUS: Bypasses all
filesystem permission checks. Only use in fully trusted environments where you
control the code being executed." Ensure the new text is used wherever the
option's help/usage is rendered.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

🧩 Analysis chain

🏁 Script executed:

# Search for dangerouslySkipPermissions usage in TypeScript/JavaScript files
rg "dangerouslySkipPermissions|dangerously_skip_permissions" --type=ts --type=tsx --type=js -C 3

Repository: AndyMik90/Auto-Claude

Length of output: 92

---

🏁 Script executed:

# Also check the Python backend for how this flag is used
rg "dangerously_skip_permissions" apps/backend/ -C 2

Repository: AndyMik90/Auto-Claude

Length of output: 2241

---

🏁 Script executed:

# Check for any UI configuration or settings files that expose this option
fd -e tsx -e ts -e json -e yaml | head -20 | xargs rg -l "permission|yolo|bypass" 2>/dev/null || true

Repository: AndyMik90/Auto-Claude

Length of output: 174

---

🏁 Script executed:

# Examine the insights_runner.py file more closely for the complete implementation
head -450 apps/backend/runners/insights_runner.py | tail -300

Repository: AndyMik90/Auto-Claude

Length of output: 11353

---

YOLO mode implementation is acceptable but consider stronger warning messaging.

The dangerously_skip_permissions flag safely gates unrestricted permissions behind an explicit CLI opt-in (--dangerously-skip-permissions), and debug logging is properly implemented when activated. However, the help text warning could be stronger:

Current: "Skip filesystem permission checks (DANGEROUS - use only in trusted environments)"

Consider: "DANGEROUS: Bypasses all filesystem permission checks. Only use in fully trusted environments where you control the code being executed."

The implementation correctly handles the temporary settings file (cleanup in finally block, proper exception handling), and the bypass is appropriately restricted to the CLI interface without UI exposure.

🤖 Prompt for AI Agents

In `@apps/backend/runners/insights_runner.py` around lines 189 - 197, Update the
CLI help text for the --dangerously-skip-permissions option to a stronger
warning: locate where the flag dangerously_skip_permissions and its
help/description string are defined (the --dangerously-skip-permissions option)
and replace the current message "Skip filesystem permission checks (DANGEROUS -
use only in trusted environments)" with a clearer, stronger message such as
"DANGEROUS: Bypasses all filesystem permission checks. Only use in fully trusted
environments where you control the code being executed." Ensure the new text is
used wherever the option's help/usage is rendered.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Consider logging cleanup failures at debug level instead of silent swallowing.

While silently ignoring cleanup errors is acceptable, logging at debug level would aid troubleshooting without impacting normal operation.

Suggested improvement

     finally:
         # Clean up temporary settings file
         if settings_file:
             try:
                 os.unlink(settings_file)
                 debug("insights_runner", "Cleaned up security settings file", path=settings_file)
-            except Exception:
-                # Ignore cleanup errors silently
-                pass
+            except Exception as cleanup_err:
+                debug("insights_runner", "Failed to cleanup settings file", path=settings_file, error=str(cleanup_err))

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	finally:
	# Clean up temporary settings file
	if settings_file:
	try:
	os.unlink(settings_file)
	debug("insights_runner", "Cleaned up security settings file", path=settings_file)
	except Exception:
	# Ignore cleanup errors silently
	pass
	finally:
	# Clean up temporary settings file
	if settings_file:
	try:
	os.unlink(settings_file)
	debug("insights_runner", "Cleaned up security settings file", path=settings_file)
	except Exception as cleanup_err:
	debug("insights_runner", "Failed to cleanup settings file", path=settings_file, error=str(cleanup_err))

🤖 Prompt for AI Agents

In `@apps/backend/runners/insights_runner.py` around lines 320 - 328, The finally
block that unlinks settings_file currently swallows exceptions silently; update
the except Exception handler in insights_runner.py (the finally block that
references settings_file and calls debug("insights_runner", "Cleaned up security
settings file", path=settings_file)) to catch the exception as e and emit a
debug-level log including the exception details (e) and context (e.g.,
path=settings_file) instead of a silent pass so cleanup failures are recorded
for troubleshooting.