Local sandbox permissions settings not respected #437
Description
I'm using the built in sandbox feature in Claude Code, and have detailed permissions settings specified in the global settings.json (fully disable access to most folders outside of the working directory, but allow reading from some). In the Claude Code CLI, these lead to automatically skipping permission prompts based on the settings. In my agent-shell session, they were not respected though. The agent was able to read folders that should be forbidden globally, either automatically or with an interactive prompt depending on the mode.
The Agent SDK docs imply that this needs to be explicitly set:
"You can also configure allow, deny, and ask rules declaratively in .claude/settings.json. The SDK does not load filesystem settings by default, so you must set setting_sources=["project"] (TypeScript: settingSources: ["project"]) in your options for these rules to apply. See Permission settings for the rule syntax." (from https://platform.claude.com/docs/en/agent-sdk/permissions)
Checklist
- I agree to communicate with the author myself (not AI-generated).
- I've read the README's Filing issues section.
- I'm running the latest versions (fill in below).
- agent-shell version: 0.50.1
- acp.el version: acp
20260320.8 - ACP package (e.g. claude-agent-acp) version: claude-agent-acp 0.22.2
- Agent CLI (e.g. claude, gemini) version: claude 2.1.79
- For requesting new agent support, I'm including a link to the ACP-capable agent or related ACP package.
- For issues, I'm including ACP traffic (as per README). -> can add if needed, but this is more of a feature request