fix: use absolute paths in --allowedTools for sensitive file editing (Refs: beans-huwr) (#166)

hmans · web-flow · commit 7eedcdc669af · 2026-03-20T16:38:29.000+01:00
## Summary - Agent sessions in act mode were still getting permission prompts when editing `.claude/rules/*` and `CLAUDE.md` files, despite the fix in #164 - **Root cause:** `--allowedTools` patterns used relative globs (e.g. `Edit(.claude/**)`) but Claude Code's Edit/Write tools operate on absolute file paths, so the patterns never matched - Fix: construct patterns using `session.WorkDir` (e.g. `Edit(/path/to/workdir/.claude/**)`) and pass each with its own `--allowedTools` flag ## Test plan - [ ] `mise build` and spawn an agent in act mode via Beans UI - [ ] Have it edit a `.claude/rules/*.md` file — should succeed without permission prompts - [ ] Verify `mise test` passes
diff --git a/.beans/beans-huwr--agent-sessions-fail-to-edit-claude-config-files-cl.md b/.beans/beans-huwr--agent-sessions-fail-to-edit-claude-config-files-cl.md
@@ -3,8 +3,20 @@
 title: Agent sessions fail to edit Claude config files (.claude/rules, CLAUDE.md)
 status: in-progress
 type: bug
+priority: normal
 created_at: 2026-03-20T14:46:47Z
-updated_at: 2026-03-20T14:46:47Z
+updated_at: 2026-03-20T15:17:40Z
 ---
 
 When a Beans UI agent (running with --dangerously-skip-permissions) tries to write to .claude/rules/*.md or CLAUDE.md, Claude Code still blocks the write because it considers these 'sensitive files (project rules)'. The agent asks the user to approve the permission, but there's no way to grant it in non-interactive mode. Fix: add --allowedTools entries for Edit and Write on these sensitive file paths.
+
+## Root Cause
+
+The initial fix (commit 7a43a18) used relative path patterns like `Edit(.claude/**)` in `--allowedTools`, but Claude Code's Edit/Write tools operate on **absolute file paths**. The glob `.claude/**` never matched because the tool calls use paths like `/full/path/to/workdir/.claude/rules/frontend.md`.
+
+Additionally, the patterns were passed as multiple values after a single `--allowedTools` flag, which could cause variadic argument parsing issues.
+
+## Fix
+
+- Use absolute paths based on `session.WorkDir` (e.g., `Edit(/path/to/workdir/.claude/**)`)
+- Pass each pattern with its own `--allowedTools` flag to avoid variadic parsing ambiguity
diff --git a/internal/agent/claude.go b/internal/agent/claude.go
@@ -820,10 +820,17 @@ func buildClaudeArgs(session *Session) []string {
 		args = append(args, "--dangerously-skip-permissions")
 		// Explicitly allow editing Claude's own config files, which are
 		// classified as "sensitive" and blocked even with --dangerously-skip-permissions.
-		args = append(args, "--allowedTools",
-			"Edit(CLAUDE.md)", "Write(CLAUDE.md)",
-			"Edit(.claude/**)", "Write(.claude/**)",
-		)
+		// Patterns must use absolute paths because Claude Code's Edit/Write tools
+		// operate on absolute file paths internally.
+		if session.WorkDir != "" {
+			dir := session.WorkDir
+			args = append(args,
+				"--allowedTools", "Edit("+dir+"/CLAUDE.md)",
+				"--allowedTools", "Write("+dir+"/CLAUDE.md)",
+				"--allowedTools", "Edit("+dir+"/.claude/**)",
+				"--allowedTools", "Write("+dir+"/.claude/**)",
+			)
+		}
 	} else if session.PlanMode {
 		args = append(args, "--permission-mode", "plan")
 	}
diff --git a/internal/agent/manager_test.go b/internal/agent/manager_test.go
@@ -770,7 +770,7 @@ func TestSetActMode_IncludedInSnapshot(t *testing.T) {
 }
 
 func TestBuildClaudeArgs_ActMode(t *testing.T) {
-	args := buildClaudeArgs(&Session{ActMode: true})
+	args := buildClaudeArgs(&Session{ActMode: true, WorkDir: "/tmp/test-project"})
 	found := false
 	for _, a := range args {
 		if a == "--dangerously-skip-permissions" {
@@ -782,34 +782,25 @@ func TestBuildClaudeArgs_ActMode(t *testing.T) {
 		t.Errorf("expected --dangerously-skip-permissions in args, got %v", args)
 	}
 
-	// Act mode should also include --allowedTools for sensitive Claude config files
-	foundAllowed := false
-	for i, a := range args {
-		if a == "--allowedTools" {
-			foundAllowed = true
-			// Verify the expected tool patterns follow
-			remaining := args[i+1:]
-			expected := []string{
-				"Edit(CLAUDE.md)", "Write(CLAUDE.md)",
-				"Edit(.claude/**)", "Write(.claude/**)",
-			}
-			for _, e := range expected {
-				found := false
-				for _, r := range remaining {
-					if r == e {
-						found = true
-						break
-					}
-				}
-				if !found {
-					t.Errorf("expected %q in --allowedTools args, got %v", e, remaining)
-				}
+	// Act mode should include --allowedTools with absolute paths for sensitive Claude config files.
+	// Each pattern must be preceded by its own --allowedTools flag.
+	expected := []string{
+		"Edit(/tmp/test-project/CLAUDE.md)",
+		"Write(/tmp/test-project/CLAUDE.md)",
+		"Edit(/tmp/test-project/.claude/**)",
+		"Write(/tmp/test-project/.claude/**)",
+	}
+	for _, e := range expected {
+		found := false
+		for i, a := range args {
+			if a == "--allowedTools" && i+1 < len(args) && args[i+1] == e {
+				found = true
+				break
 			}
-			break
 		}
-	}
-	if !foundAllowed {
-		t.Errorf("expected --allowedTools in act mode args, got %v", args)
+		if !found {
+			t.Errorf("expected --allowedTools %q in args, got %v", e, args)
+		}
 	}
 }
 
