Context

We're using the coder/claude-code registry module in our workspace templates to provide Claude Code integration. However, we're encountering friction with permission management across different usage patterns.

Current Setup

• Workspaces include the coder/claude-code module which adds MCP server permissions to ~/.claude/settings.json
• These workspaces are used in two distinct ways:
  1. Coder Tasks: Runs Claude Code with --dangerously-skip-permissions (automated execution)
  2. Interactive development: Users SSH into workspaces and run Claude Code manually (via CLI or IDE extensions like the Claude Code VS Code extension)

The Problem

When using Claude Code interactively in these workspaces, users are prompted to approve MCP server tools (specifically mcp__coder__* tools that appear to report status back to Coder).

This happens on every Claude Code invocation, which creates friction for interactive workflows.

Questions

1. Is this expected behavior? Should the ~/.claude/settings.json configuration from the module automatically approve these tools for interactive sessions too?

2. Should we maintain separate templates? Is the recommended pattern to have:

   • One template/configuration for Coder Tasks (automated)
   • A different template/configuration for regular workspaces (interactive)

3. Is there a better approach? What's the recommended way to handle workspaces that serve both use cases without requiring users to constantly approve the same MCP tools?

Additional Context

• User setup: Cursor Desktop with SSH connection to remote workspace, Claude Code extension enabled
• The permission prompts appear even though the coder/claude-code module has already configured the MCP server in settings
• For Coder Tasks, the --dangerously-skip-permissions flag works fine
• For interactive use, the constant permission prompts disrupt the workflow

Any guidance on the intended usage pattern would be greatly appreciated!