Split external_directory permission into read vs write #5395
Description
Currently, external_directory is a single permission that controls all file operations (read, write, edit, patch, bash workdir) outside the working directory. This makes it impossible to allow reading external files while blocking writes.
Use case
I want the agent to be able to read reference files, configs, or documentation outside the project directory without prompts, but still block (or prompt for) any writes to external locations. Currently I must choose between:
"allow"- permits both reads and writes (too permissive)"ask"- prompts for every read (too noisy)"deny"- blocks all external access (too restrictive)
Proposed solution
Split into two permissions:
{
"permission": {
"external_directory_read": "allow",
"external_directory_write": "ask"
}
}Or alternatively, add a mode qualifier:
{
"permission": {
"external_directory": {
"read": "allow",
"write": "ask"
}
}
}Implementation notes
Looking at the source, this would require:
- Update config schema in
config/config.tsandagent/agent.ts - Modify permission checks in
tool/read.ts,tool/write.ts,tool/edit.ts,tool/patch.ts,tool/bash.tsto use the appropriate permission type - For backwards compatibility, the existing
external_directorycould be kept as a shorthand that sets both read and write
Note: This issue was drafted with Claude Opus 4.5
Metadata
Metadata
Assignees
Labels
No labels