Add support for dangerously bypassing permissions in sudo with new setting and patch

[brrock]

Light pr, but saw theo wanting something like this

Summary by CodeRabbit

• New Features

  • Added a miscellaneous toggle "Allow bypass permissions in sudo" in Settings (default: off) and UI to enable bypassing the permission check when intentionally used.

• Chores

  • Wired the setting into runtime configuration so the behavior can be applied when enabled.

• Documentation

  • Added Unreleased changelog entry and README sections with usage examples and security warnings.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a new boolean setting allowBypassPermissionsInSudo, a patch that removes a console.error/process.exit guard preventing --dangerously-skip-permissions when running under sudo, wires and registers the patch, exposes a toggle in the Misc UI, and documents the change in changelog/README.

Changes

Cohort / File(s)	Summary
Settings & Types src/defaultSettings.ts, src/types.ts	Add allowBypassPermissionsInSudo to DEFAULT_SETTINGS.misc (default false) and to MiscConfig (`boolean
Patch Implementation src/patches/allowBypassPermsInSudo.ts	New exported `writeAllowBypassPermsInSudo(file: string): string
Patch Registration & Wiring src/patches/index.ts	Register patch id allow-sudo-bypass-permissions in PATCH_DEFINITIONS and wire implementation to apply when settings.misc?.allowBypassPermissionsInSudo is enabled.
User Interface src/ui/components/MiscView.tsx	Add misc settings toggle for allowBypassPermissionsInSudo with getter and toggle logic using ensureMisc() and existing settings update flow.
Changelog & Docs CHANGELOG.md, README.md	Add Unreleased changelog entry and README feature section documenting sudo bypass support, warning text, usage example, and config snippet.

Sequence Diagram(s)

sequenceDiagram
  participant UI as MiscView (UI)
  participant Settings as Settings Store
  participant Patcher as Patch Engine
  participant FS as Target File

  UI->>Settings: toggle allowBypassPermissionsInSudo (true/false)
  Settings-->>UI: confirm persisted value
  UI->>Patcher: request apply customizations
  Patcher->>Settings: read misc.allowBypassPermissionsInSudo
  alt enabled
    Patcher->>FS: read file content
    Patcher->>Patcher: writeAllowBypassPermsInSudo(content)
    Patcher->>FS: write patched content
    Patcher-->>UI: report diff/result
  else disabled
    Patcher-->>UI: skip patch
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Possibly related PRs

• Support applying individual patches by ID and listing available patches #442 — Related: adds/adjusts patch implementation and registration patterns used by this change.
• Misc fixes #440 — Related: overlapping edits to patch definitions and wiring in src/patches/index.ts.

Suggested reviewers

• bl-ue
• georpar

Poem

🐇
I nudged a guard in sudo's lair,
A quiet patch, a daring hare.
A toggle flipped, the lines made thin,
Permissions bend — the changes grin.
Hop softly now; the rabbit's in. ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding support for bypassing permissions in sudo through a new setting and patch. It is concise, clear, and directly reflects the core functionality introduced across multiple files.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@CHANGELOG.md`:
- Line 32: Replace the placeholder PR number "#idkwillupdate" in the changelog
entry text with the actual PR number "#478" so the line reads "Add support for
bypassing permissions in sudo with new setting and patch (`#478`) - `@brrock`";
locate the exact string in CHANGELOG.md and update it accordingly.

In `@src/patches/allowBypassPermsInSudo.ts`:
- Around line 16-18: The error message is using the wrong patch name; update the
console.error in writeAllowBypassPermsInSudo to reference the correct patch id
and function (use "allow-sudo-bypass-permissions" or
"writeAllowBypassPermsInSudo" instead of "disableSudoBypassPermissions") so logs
match the actual patch and function names; locate the console.error call in
writeAllowBypassPermsInSudo and replace the message string to clearly identify
the patch id and function for debugging.

🧹 Nitpick comments (1)

src/types.ts (1)

130-130: Consider using boolean instead of boolean | null for consistency.

Every other simple on/off toggle in MiscConfig (e.g., autoAcceptPlanMode, enableSwarmMode, hideStartupBanner) is typed as plain boolean. The | null variant is reserved for settings where null carries distinct meaning (e.g., mcpServerBatchSize: number | null). This setting is a straightforward toggle—the UI defaults to false, and the patch condition uses !! which collapses null to false anyway.

Suggested fix

-  allowBypassPermissionsInSudo: boolean | null;
+  allowBypassPermissionsInSudo: boolean;

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@README.md`:
- Line 110: Add a new README section titled "Feature: Bypass permissions check
in sudo" that documents the new allowBypassPermissionsInSudo setting and the
--dangerously-skip-permissions flag: explain what it does (allows
--dangerously-skip-permissions to work when Claude Code is run under sudo), the
legitimate use case, explicit security warnings about bypassed protections and
risks, how to enable/disable via the tweakcc UI (npx tweakcc → Misc → Allow
bypass permissions in sudo) and via config.json
(settings.misc.allowBypassPermissionsInSudo), and provide an example usage line
(sudo claude --dangerously-skip-permissions).

[bl-ue]

@brrock Great, thank you! This patch is so simple that it actually works with CC versions all the way back to v0.2.9, the oldest version available. Please fix the linting errors and also add a little section to the bottom of the features list as CodeRabbit suggests, and we'll get this merged.

[brrock]

all done!

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@README.md`:
- Around line 458-459: Move the orphaned content block that configures
allowBypassPermissionsInSudo (the JSON snippet and the Usage example with `sudo
claude --dangerously-skip-permissions`) so it directly follows the heading "##
Feature: Bypass permissions check in sudo" (i.e., place that content immediately
after the header) and remove the duplicate block from its current location under
the "Configuration directory" section; ensure the heading and its content are
contiguous and preserve the existing formatting (code block + Usage paragraph).
- Line 503: Fix the typo and replace the placeholder by updating the README
section headed "**Why you might need this**": change "Yo might want" to "You
might want" and replace the bracketed placeholder "[Yo might want to modify
system related things]" with a concrete, professional use case (e.g., "You might
want to modify the system prompt when integrating a third‑party assistant to
ensure consistent tone and injected safety constraints — e.g., customizing
system settings to align responses with company policy as requested by a
colleague"). Ensure the new sentence clearly describes the legitimate scenario
that motivated this feature and reads like finished documentation.

[brrock]

@bl-ue friendly ping!

[bl-ue]

@brrock, merged! Who's theo?

[brrock]

t3.gg

[bl-ue]

Haha! Cool! Do you know him?

[brrock]

Haha! Cool! Do you know him?

No, I just saw him talking about wanting this feature in a video.