Background
claude-queue start currently always passes --dangerously-skip-permissions to the Claude CLI. There is no way to opt out. This flag silences all confirmation dialogs, meaning Claude can modify the filesystem, run commands, and make network requests without prompting — appropriate for fully-automated unattended queues, but too broad for interactive or trusted-content use cases.
A related structural issue compounds this: main() constructs a single shared QueueManager before dispatching to any subcommand. QueueManager.__init__() calls _verify_claude_available(), which requires the claude binary to be on PATH. This means everyday commands like claude-queue add, claude-queue list, and claude-queue status fail with a misleading error if claude is not installed or not on PATH — even though those commands never invoke Claude at all.
Proposed Changes
SC1 — Add --no-skip-permissions flag to start
- Add
skip_permissions: bool = True parameter to ClaudeCodeInterface.__init__() and QueueManager.__init__().
- Build the
--dangerously-skip-permissions flag conditionally in execute_prompt().
- Add
--no-skip-permissions to the start subparser only (the flag is meaningless for other subcommands).
cmd_start() constructs its own QueueManager with skip_permissions=not args.no_skip_permissions.
E3 — Non-execution commands bypass QueueManager entirely
Commands that never invoke Claude (add, cancel, status, list, template, bank) should construct QueueStorage directly instead of going through QueueManager. This eliminates the spurious claude PATH dependency for everyday queue management operations.
Commands that still need QueueManager (because they run Claude): start, test.
The main() dispatch block becomes:
if args.command == "start":
return cmd_start(args) # constructs QueueManager internally
elif args.command == "test":
return cmd_test(args) # constructs QueueManager internally
elif args.command == "add":
return cmd_add(args) # uses QueueStorage directly
elif args.command == "cancel":
return cmd_cancel(args) # uses QueueStorage directly
# ... etc.
This also eliminates the fragile not args.no_skip_permissions if args.command == "start" else True ternary and the AttributeError risk if args.no_skip_permissions is evaluated in a non-start subparser context.
README update (companion to SC1)
Add a warning callout explaining that --dangerously-skip-permissions is passed by default and what that means operationally.
Files Affected
src/claude_code_queue/claude_interface.py — ClaudeCodeInterface.__init__(), execute_prompt()
src/claude_code_queue/queue_manager.py — QueueManager.__init__()
src/claude_code_queue/cli.py — main() dispatch, cmd_start(), all non-execution handlers
README.md — permissions warning callout
Background
claude-queue startcurrently always passes--dangerously-skip-permissionsto the Claude CLI. There is no way to opt out. This flag silences all confirmation dialogs, meaning Claude can modify the filesystem, run commands, and make network requests without prompting — appropriate for fully-automated unattended queues, but too broad for interactive or trusted-content use cases.A related structural issue compounds this:
main()constructs a single sharedQueueManagerbefore dispatching to any subcommand.QueueManager.__init__()calls_verify_claude_available(), which requires theclaudebinary to be on PATH. This means everyday commands likeclaude-queue add,claude-queue list, andclaude-queue statusfail with a misleading error ifclaudeis not installed or not on PATH — even though those commands never invoke Claude at all.Proposed Changes
SC1 — Add
--no-skip-permissionsflag tostartskip_permissions: bool = Trueparameter toClaudeCodeInterface.__init__()andQueueManager.__init__().--dangerously-skip-permissionsflag conditionally inexecute_prompt().--no-skip-permissionsto thestartsubparser only (the flag is meaningless for other subcommands).cmd_start()constructs its ownQueueManagerwithskip_permissions=not args.no_skip_permissions.E3 — Non-execution commands bypass
QueueManagerentirelyCommands that never invoke Claude (
add,cancel,status,list,template,bank) should constructQueueStoragedirectly instead of going throughQueueManager. This eliminates the spuriousclaudePATH dependency for everyday queue management operations.Commands that still need
QueueManager(because they run Claude):start,test.The
main()dispatch block becomes:This also eliminates the fragile
not args.no_skip_permissions if args.command == "start" else Trueternary and theAttributeErrorrisk ifargs.no_skip_permissionsis evaluated in a non-startsubparser context.README update (companion to SC1)
Add a warning callout explaining that
--dangerously-skip-permissionsis passed by default and what that means operationally.Files Affected
src/claude_code_queue/claude_interface.py—ClaudeCodeInterface.__init__(),execute_prompt()src/claude_code_queue/queue_manager.py—QueueManager.__init__()src/claude_code_queue/cli.py—main()dispatch,cmd_start(), all non-execution handlersREADME.md— permissions warning callout