Add feature request: Enable auto-mode option in permission dialogs

When auto mode gets disabled, users face an avalanche of permission
requests without an easy way to re-enable auto mode. This feature
request proposes adding an 'Enable auto-mode' option to permission
dialogs that would approve the current request and re-enable auto
mode for the session.

This addresses the UX pain point where users need uninterrupted time
to manually re-enable auto mode while being bombarded with prompts.

.claude-plugin/marketplace.json

@@ -1,5 +1,5 @@
 {
-  "$schema": "https://json.schemastore.org/claude-code-marketplace.json",
+  "$schema": "https://anthropic.com/claude-code/marketplace.schema.json",
   "name": "claude-code-plugins",
   "version": "1.0.0",
   "description": "Bundled plugins for Claude Code including Agent SDK development tools, PR review toolkit, and commit workflows",

.claude/commands/triage-issue.md

@@ -30,10 +30,7 @@ TASK:
 
 **If EVENT is "issues" (new issue):**
 
-4. First, check if this issue is actually about Claude Code.
-   - Look for Claude Code signals in the issue BODY: a `Claude Code Version` field or `claude --version` output, references to the `claude` CLI command, terminal sessions, the VS Code/JetBrains extensions, `CLAUDE.md` files, `.claude/` directories, MCP servers, Cowork, Remote Control, or the web UI at claude.ai/code. If ANY such signal is present, this IS a Claude Code issue — proceed to step 5.
-   - Only if NO Claude Code signals are present: check whether a different Anthropic product (claude.ai chat, Claude Desktop/Mobile apps, the raw Anthropic API/SDK, or account billing with no CLI involvement) is the *subject* of the complaint, not merely mentioned for context. If so, apply `invalid` and stop. If ambiguous, proceed to step 5 WITHOUT applying `invalid`.
-   - The body text is authoritative. If a form dropdown (e.g. Platform) contradicts evidence in the body, trust the body — dropdowns are often mis-selected.
+4. First, check if this issue is actually about Claude Code (the CLI/IDE tool). Issues about the Claude API, claude.ai, the Claude app, Anthropic billing, or other Anthropic products should be labeled `invalid`. If invalid, apply only that label and stop.
 
 5. Analyze and apply category labels:
    - Type (bug, enhancement, question, etc.)
@@ -70,5 +67,4 @@ GUIDELINES:
 - Be conservative with lifecycle labels — only apply when clearly warranted
 - Only apply lifecycle labels (`needs-repro`, `needs-info`) to bugs — never to questions or enhancements
 - When in doubt, don't apply a lifecycle label — false positives are worse than missing labels
-- On new issues (EVENT "issues"), always apply exactly one of `bug`, `enhancement`, `question`, `invalid`, or `duplicate`. If unsure, pick the closest fit — an imperfect category label is better than none.
-- On comment events, it's okay to make no changes if nothing applies.
+- It's okay to not add any labels if none are clearly applicable

.github/FEATURE_REQUEST_auto_mode_permission.md

@@ -0,0 +1,80 @@
+# Feature Request: Add "Enable auto-mode" to permission request options
+
+## Problem Statement
+
+When auto mode gets turned off (for various reasons like encountering a tool that requires explicit permission), users face an avalanche of back-to-back permission requests. This makes it very difficult to get the 2 seconds of uninterrupted time needed to navigate to settings and re-enable auto mode.
+
+Currently, users must either:
+1. Manually approve each permission request one-by-one, or
+2. Try to find a brief pause to navigate away and re-enable auto mode
+
+This creates a frustrating user experience, especially when multiple permission requests queue up rapidly.
+
+## Proposed Solution
+
+Add "Enable auto-mode" as a new option in permission request dialogs, alongside the existing options like:
+- Yes, allow
+- Yes, allow for this session  
+- Always allow
+- No, deny
+
+The new option would:
+1. Approve the current permission request
+2. Enable auto-mode for the remainder of the session
+3. Allow subsequent permission requests to be handled automatically by the auto-mode classifier
+
+### User Experience
+
+When a permission prompt appears, users would see something like:
+
+```
+Claude wants to run: npm test
+
+  > Yes, allow
+    Yes, allow for this session
+    Always allow
+    Enable auto-mode (approve this and future requests automatically)
+    No, deny
+```
+
+Selecting "Enable auto-mode" would:
+1. Immediately approve the current pending request
+2. Switch the session to auto-mode
+3. Continue processing any queued requests using auto-mode
+
+## Technical Context
+
+Based on CHANGELOG analysis, the relevant code areas include:
+- Permission prompt component (React/Ink-based UI)
+- `setPermissionMode` function for changing modes
+- Auto-mode classifier system
+- Session state management for permission modes
+
+The existing infrastructure supports:
+- `value:"allow_all"` for session-wide permissions
+- `value:"yes-accept-edits"` for auto-accepting edits
+- Mode transitions via keyboard shortcuts (Shift+Tab in plan mode)
+
+## Priority
+
+High - This is a significant impact on productivity, especially for users who rely on auto-mode for their workflow.
+
+## Feature Category
+
+Interactive mode (TUI)
+
+## Use Case Example
+
+1. User is working with auto-mode enabled
+2. A tool triggers that auto-mode can't classify (e.g., a sensitive operation)
+3. Auto-mode gets disabled, prompting for explicit permission
+4. User approves the operation
+5. Multiple follow-up tool calls also need permission
+6. Instead of approving each one, user selects "Enable auto-mode"
+7. Current request is approved and auto-mode handles the rest
+
+## Additional Context
+
+- Slack thread: https://anthropic.slack.com/archives/C07VBSHV7EV/p1774978648891819?thread_ts=1774978537.133329&cid=C07VBSHV7EV
+- Requested by Mark Christian
+- Related to improving the permission request UX when auto-mode is interrupted

.github/workflows/auto-close-duplicates.yml

@@ -18,7 +18,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Bun
-        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 (sha-pinned)
+        uses: oven-sh/setup-bun@v2
         with:
           bun-version: latest
 

.github/workflows/backfill-duplicate-comments.yml

@@ -32,7 +32,7 @@ jobs:
         uses: actions/checkout@v4
       
       - name: Setup Bun
-        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 (sha-pinned)
+        uses: oven-sh/setup-bun@v2
         with:
           bun-version: latest
       

.github/workflows/claude-dedupe-issues.yml

@@ -38,11 +38,10 @@ jobs:
         if: always()
         env:
           STATSIG_API_KEY: ${{ secrets.STATSIG_API_KEY }}
-          ISSUE_NUMBER: ${{ github.event.issue.number || inputs.issue_number }}
-          REPO: ${{ github.repository }}
-          TRIGGERED_BY: ${{ github.event_name }}
-          WORKFLOW_RUN_ID: ${{ github.run_id }}
         run: |
+          ISSUE_NUMBER=${{ github.event.issue.number || inputs.issue_number }}
+          REPO=${{ github.repository }}
+          
           if [ -z "$STATSIG_API_KEY" ]; then
             echo "STATSIG_API_KEY not found, skipping Statsig logging"
             exit 0
@@ -52,8 +51,7 @@ jobs:
           EVENT_PAYLOAD=$(jq -n \
             --arg issue_number "$ISSUE_NUMBER" \
             --arg repo "$REPO" \
-            --arg triggered_by "$TRIGGERED_BY" \
-            --arg workflow_run_id "$WORKFLOW_RUN_ID" \
+            --arg triggered_by "${{ github.event_name }}" \
             '{
               events: [{
                 eventName: "github_duplicate_comment_added",
@@ -62,7 +60,7 @@ jobs:
                   repository: $repo,
                   issue_number: ($issue_number | tonumber),
                   triggered_by: $triggered_by,
-                  workflow_run_id: $workflow_run_id
+                  workflow_run_id: "${{ github.run_id }}"
                 },
                 time: (now | floor | tostring)
               }]

.github/workflows/issue-lifecycle-comment.yml

@@ -15,7 +15,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Bun
-        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 (sha-pinned)
+        uses: oven-sh/setup-bun@v2
         with:
           bun-version: latest
 

.github/workflows/sweep.yml

@@ -19,7 +19,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Setup Bun
-        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0 (sha-pinned)
+        uses: oven-sh/setup-bun@v2
         with:
           bun-version: latest
 

SECURITY.md

@@ -5,8 +5,8 @@ Thank you for helping us keep Claude Code secure!
 
 The security of our systems and user data is Anthropic's top priority. We appreciate the work of security researchers acting in good faith in identifying and reporting potential vulnerabilities.
 
-Our security program is managed on HackerOne and we ask that any validated vulnerability in this functionality be reported through their [submission form](https://hackerone.com/4f1f16ba-10d3-4d09-9ecc-c721aad90f24/embedded_submissions/new).
+Our security program is managed on HackerOne and we ask that any validated vulnerability in this functionality be reported through their [submission form](https://hackerone.com/anthropic-vdp/reports/new?type=team&report_type=vulnerability).
 
-## Anthropic Bug Bounty
+## Vulnerability Disclosure Program
 
-Our Bug Bounty Program Guidelines are defined on our [HackerOne program page](https://hackerone.com/anthropic).
+Our Vulnerability Program Guidelines are defined on our [HackerOne program page](https://hackerone.com/anthropic-vdp).

examples/mdm/README.md

@@ -1,28 +0,0 @@
-# MDM Deployment Examples
-
-Example templates for deploying Claude Code [managed settings](https://code.claude.com/docs/en/settings#settings-files) through Jamf, Iru (Kandji), Intune, or Group Policy. Use these as starting points — adjust them to fit your needs.
-
-All templates encode the same minimal example (`permissions.disableBypassPermissionsMode`). See the [settings reference](https://code.claude.com/docs/en/settings#available-settings) for the full list of keys, and [`../settings`](../settings) for more complete example configurations.
-
-
-## Templates
-
-> [!WARNING]
-> These examples are community-maintained templates which may be unsupported or incorrect. You are responsible for the correctness of your own deployment configuration.
-
-| File | Use with |
-| :--- | :--- |
-| [`managed-settings.json`](./managed-settings.json) | Any platform. Deploy to the [system config directory](https://code.claude.com/docs/en/settings#settings-files). |
-| [`macos/com.anthropic.claudecode.plist`](./macos/com.anthropic.claudecode.plist) | Jamf or Iru (Kandji) **Custom Settings** payload. Preference domain: `com.anthropic.claudecode`. |
-| [`macos/com.anthropic.claudecode.mobileconfig`](./macos/com.anthropic.claudecode.mobileconfig) | Full configuration profile for local testing or MDMs that take a complete profile. |
-| [`windows/Set-ClaudeCodePolicy.ps1`](./windows/Set-ClaudeCodePolicy.ps1) | Intune **Platform scripts**. Writes `managed-settings.json` to `C:\Program Files\ClaudeCode\`. |
-| [`windows/ClaudeCode.admx`](./windows/ClaudeCode.admx) + [`en-US/ClaudeCode.adml`](./windows/en-US/ClaudeCode.adml) | Group Policy or Intune **Import ADMX**. Writes `HKLM\SOFTWARE\Policies\ClaudeCode\Settings` (REG_SZ, single-line JSON). |
-
-## Tips
-- Replace the placeholder `PayloadUUID` and `PayloadOrganization` values in the `.mobileconfig` with your own (`uuidgen`)
-- Before deploying to your fleet, test on a single machine and confirm `/status` lists the source under **Setting sources** — e.g. `Enterprise managed settings (plist)` on macOS or `Enterprise managed settings (HKLM)` on Windows
-- Settings deployed this way sit at the top of the precedence order and cannot be overridden by users
-
-## Full Documentation
-
-See https://code.claude.com/docs/en/settings#settings-files for complete documentation on managed settings and settings precedence.

examples/mdm/macos/com.anthropic.claudecode.mobileconfig

@@ -1,56 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-	<key>PayloadDisplayName</key>
-	<string>Claude Code Managed Settings</string>
-	<key>PayloadDescription</key>
-	<string>Configures managed settings for Claude Code.</string>
-	<key>PayloadIdentifier</key>
-	<string>com.anthropic.claudecode.profile</string>
-	<key>PayloadOrganization</key>
-	<string>Example Organization</string>
-	<key>PayloadScope</key>
-	<string>System</string>
-	<key>PayloadType</key>
-	<string>Configuration</string>
-	<key>PayloadUUID</key>
-	<string>DC3CBC17-3330-4CDE-94AC-D2342E9C88A3</string>
-	<key>PayloadVersion</key>
-	<integer>1</integer>
-	<key>PayloadContent</key>
-	<array>
-		<dict>
-			<key>PayloadDisplayName</key>
-			<string>Claude Code</string>
-			<key>PayloadIdentifier</key>
-			<string>com.anthropic.claudecode.profile.BEFD5F54-71FC-4012-82B2-94399A1E220B</string>
-			<key>PayloadType</key>
-			<string>com.apple.ManagedClient.preferences</string>
-			<key>PayloadUUID</key>
-			<string>BEFD5F54-71FC-4012-82B2-94399A1E220B</string>
-			<key>PayloadVersion</key>
-			<integer>1</integer>
-			<key>PayloadContent</key>
-			<dict>
-				<key>com.anthropic.claudecode</key>
-				<dict>
-					<key>Forced</key>
-					<array>
-						<dict>
-							<key>mcx_preference_settings</key>
-							<dict>
-								<key>permissions</key>
-								<dict>
-									<key>disableBypassPermissionsMode</key>
-									<string>disable</string>
-								</dict>
-							</dict>
-						</dict>
-					</array>
-				</dict>
-			</dict>
-		</dict>
-	</array>
-</dict>
-</plist>

examples/mdm/macos/com.anthropic.claudecode.plist

@@ -1,11 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
-<plist version="1.0">
-<dict>
-	<key>permissions</key>
-	<dict>
-		<key>disableBypassPermissionsMode</key>
-		<string>disable</string>
-	</dict>
-</dict>
-</plist>

examples/mdm/managed-settings.json

@@ -1,5 +0,0 @@
-{
-  "permissions": {
-    "disableBypassPermissionsMode": "disable"
-  }
-}

examples/mdm/windows/ClaudeCode.admx

@@ -1,28 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<policyDefinitions xmlns:xsd="http://www.w3.org/2001/XMLSchema"
-                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-                   xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions"
-                   revision="1.0" schemaVersion="1.0">
-  <policyNamespaces>
-    <target prefix="claudecode" namespace="Anthropic.Policies.ClaudeCode" />
-    <using prefix="windows" namespace="Microsoft.Policies.Windows" />
-  </policyNamespaces>
-  <resources minRequiredRevision="1.0" />
-  <categories>
-    <category name="Cat_ClaudeCode" displayName="$(string.Cat_ClaudeCode)" />
-  </categories>
-  <policies>
-    <policy name="ManagedSettings"
-            class="Machine"
-            displayName="$(string.ManagedSettings)"
-            explainText="$(string.ManagedSettings_Explain)"
-            presentation="$(presentation.ManagedSettings)"
-            key="SOFTWARE\Policies\ClaudeCode">
-      <parentCategory ref="Cat_ClaudeCode" />
-      <supportedOn ref="windows:SUPPORTED_Windows_10_0" />
-      <elements>
-        <text id="SettingsJson" valueName="Settings" maxLength="1000000" required="true" />
-      </elements>
-    </policy>
-  </policies>
-</policyDefinitions>

examples/mdm/windows/Set-ClaudeCodePolicy.ps1

@@ -1,28 +0,0 @@
-<#
-Deploys Claude Code managed settings as a JSON file.
-
-Intune: Devices > Scripts and remediations > Platform scripts > Add (Windows 10 and later).
-  Run this script using the logged on credentials: No
-  Run script in 64 bit PowerShell Host: Yes
-
-Claude Code reads C:\Program Files\ClaudeCode\managed-settings.json at startup
-and treats it as a managed policy source. Edit the JSON below to change the
-deployed settings; see https://code.claude.com/docs/en/settings for available keys.
-#>
-
-$ErrorActionPreference = 'Stop'
-
-$dir = Join-Path $env:ProgramFiles 'ClaudeCode'
-New-Item -ItemType Directory -Path $dir -Force | Out-Null
-
-$json = @'
-{
-  "permissions": {
-    "disableBypassPermissionsMode": "disable"
-  }
-}
-'@
-
-$path = Join-Path $dir 'managed-settings.json'
-[System.IO.File]::WriteAllText($path, $json, (New-Object System.Text.UTF8Encoding($false)))
-Write-Output "Wrote $path"

examples/mdm/windows/en-US/ClaudeCode.adml

@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<policyDefinitionResources xmlns:xsd="http://www.w3.org/2001/XMLSchema"
-                            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-                            xmlns="http://schemas.microsoft.com/GroupPolicy/2006/07/PolicyDefinitions"
-                            revision="1.0" schemaVersion="1.0">
-  <displayName>Claude Code</displayName>
-  <description>Claude Code policy settings</description>
-  <resources>
-    <stringTable>
-      <string id="Cat_ClaudeCode">Claude Code</string>
-      <string id="ManagedSettings">Managed settings (JSON)</string>
-      <string id="ManagedSettings_Explain">Configures managed settings for Claude Code.
-
-Enter the full settings configuration as a single line of JSON. The value is stored as a REG_SZ string at HKLM\SOFTWARE\Policies\ClaudeCode\Settings and is applied at the highest precedence; users cannot override these settings.
-
-Example:
-{"permissions":{"disableBypassPermissionsMode":"disable"}}
-
-For the list of available settings keys, see https://code.claude.com/docs/en/settings.
-
-If your configuration is large or you prefer to manage a JSON file directly, deploy C:\Program Files\ClaudeCode\managed-settings.json instead (see Set-ClaudeCodePolicy.ps1).</string>
-    </stringTable>
-    <presentationTable>
-      <presentation id="ManagedSettings">
-        <textBox refId="SettingsJson">
-          <label>Settings JSON:</label>
-        </textBox>
-      </presentation>
-    </presentationTable>
-  </resources>
-</policyDefinitionResources>

examples/settings/README.md

@@ -1,6 +1,6 @@
 # Settings Examples
 
-Example Claude Code settings files, primarily intended for organization-wide deployments. Use these as starting points — adjust them to fit your needs.
+Example Claude Code settings files, primarily intended for organization-wide deployments. Use these are starting points — adjust them to fit your needs.
 
 These may be applied at any level of the [settings hierarchy](https://code.claude.com/docs/en/settings#settings-files), though certain properties only take effect if specified in enterprise settings (e.g. `strictKnownMarketplaces`, `allowManagedHooksOnly`, `allowManagedPermissionRulesOnly`).
 
@@ -26,10 +26,6 @@ These may be applied at any level of the [settings hierarchy](https://code.claud
 - Before deploying configuration files to your organization, test them locally by applying to `managed-settings.json`, `settings.json` or `settings.local.json`
 - The `sandbox` property only applies to the `Bash` tool; it does not apply to other tools (like Read, Write, WebSearch, WebFetch, MCPs), hooks, or internal commands
 
-## Deploying via MDM
-
-To distribute these settings as enterprise-managed policy through Jamf, Iru (Kandji), Intune, or Group Policy, see the deployment templates in [`../mdm`](../mdm).
-
 ## Full Documentation
 
 See https://code.claude.com/docs/en/settings for complete documentation on all available managed settings.