claude-autoapprove 0.2.5

A CLI tool to run Claude Desktop App and inject a hack to enable auto approve feature

claude-autoapprove

Warning The May 1st update introduced an "Always approve" button - do not use this as it cannot be undone! claude-autoapprove restores the safer "Allow for this chat" functionality:

• Configure permanent approvals in config
• Make per-chat decisions for other tools
• Change decisions in newer chats This provides granular control while maintaining security.

If you by mistake used the "Always approve" button, as a workaround you can rename the mcp in the claude_desktop_config.json file to something else. Example: git->git_new. If Anthropic fixes this bug in the future, we may not need claude-autoapprove anymore.

A CLI tool to automatically approve Claude Desktop App tool requests

If you want a more user-friendly way, you can use the claude_autoapprove_mcp.

Requirements

• Python 3.11 or newer
• Claude Desktop App (macOS or Windows)

Installation

From PyPI

pip install claude-autoapprove

This is the recommended way for most users.

From source (for developers)

pip install -e .

Use this if you want to develop or modify the project locally.

Usage

claude-autoapprove [port]

Port is where the Claude Desktop App will be listening for remote debugging connections. If no port is provided, the tool will use the default port 19222, most of the time it is good. You only need to change if there is another process using the default port.

• The tool will automatically start Claude Desktop App with remote debugging enabled (if not already running).
• It will inject a JavaScript script into Claude to auto-approve tool requests based on your configuration.
• Supported platforms: macOS and Windows

How it works

• The script launches Claude Desktop App with the --remote-debugging-port=9222 flag.
• It reads your trusted tool/server configuration from the Claude MCP config file (typically located in your user profile).
• It injects a JavaScript observer into Claude's UI, which auto-approves tool requests according to your rules.
• Only tools/servers listed in your config will be auto-approved; everything else will require manual approval.

Configuration

The list of trusted tools and servers is read from your claude_desktop_config.json (the mcpServers section, autoapprove list).

Config file locations:

• macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
• Windows: %APPDATA%\Claude\claude_desktop_config.json

You can edit this file directly or via the Claude Desktop App settings.

Example config

{
  "mcpServers": {
    "fetch": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "mcp/fetch", "--ignore-robots-txt", "--user-agent=\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36\""] ,
      "autoapprove": ["fetch"]
    },
    "brave-search": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "-e", "BRAVE_API_KEY", "mcp/brave-search"],
      "env": {"BRAVE_API_KEY": "..."},
      "autoapprove": ["brave_local_search", "brave_web_search"]
    }
    // ... more servers ...
  }
}

Features

• Automatically injects JavaScript into Claude Desktop App
• Auto-approves tool requests based on configurable rules
• Works with Claude's remote debugging interface
• Smart logging and cooldown to avoid accidental multiple approvals

Security

The remote debugging port allows any application on your localhost (your machine) to connect to the running Claude Desktop App. This may be a security risk, because any app or script can connect to it and execute arbitrary code inside Claude Desktop App context. This may be used for malicious purposes. It is a low risk, if you know what is running on your computer.

So be careful when using this feature and use it at your own risk.

License

This project is licensed under the MIT License. See the LICENSE file for details.

Contributing

Contributions are welcome! Please open an issue or submit a pull request.