Claude CLI Bypass Mode
Autonomous agent execution via your Claude Max subscription — no API key, no approval prompts.
Bypass Mode passes --dangerously-skip-permissions to your locally
installed claude CLI. Every tool call — read, write, edit, run_command,
MCP — executes without an approval prompt, fully autonomous.
Inference is billed to your Claude Max subscription via OAuth, not to
a Hypex API key.
Why use it?
- Free inference — your Max plan covers it. No per-token Hypex Managed credits, no BYOK costs.
- End-to-end autonomy — agent runs without clicking "Approve" on every file edit.
- Dev-tuned system prompt — Claude Code's CLI is built for developers. Combined with Hypex's Systems / Kernel-mode / Research / Game research agent profiles, the model handles every legitimate professional workflow without the false refusals you sometimes see on vanilla API (your-own reverse engineering, security research PoCs, single-player game modding, scrapers on public data).
- Local memory + tools sync — Hypex spawns the CLI in your workspace folder, so it inherits your
~/.claude/CLAUDE.md, custom skills, MCP servers, and project-level steering files automatically.
Prerequisites
- Install Claude Code CLI:
npm install -g @anthropic-ai/claude-code(Hypex offers a one-click "Install via npm" terminal flow when you switch to theclaude-cliprovider). - Authenticate once: run
claudein a terminal and follow the OAuth flow. Logs you into your Claude Max account. - In Hypex, switch provider: Ctrl+Shift+P →
Hypex: Select Model Provider→ Claude Code CLI.
Enabling Bypass Mode
Three entry points, pick whichever feels closest:
- Ctrl+Alt+H → $(zap) Toggle Claude CLI Bypass
- Command palette: Ctrl+Shift+P →
Hypex: Toggle Claude CLI Bypass Mode - Click the $(zap) Bypass status bar badge once it appears (it only shows when claude-cli is the active provider AND bypass is on)
A modal pops up the first time you enable it explaining the trade-off. Accept and the next agent turn runs autonomously. Disable any time — the same toggle flips it back to approval mode.
Status bar badge
Whenever Bypass is ON and claude-cli is selected, a yellow $(zap) Bypass
badge appears on the left of the status bar. Click to disable. The badge intentionally
uses the warning background so it's never invisible — autonomous mode should always be
a deliberate choice.
What gets bypassed exactly?
- Tool call approvals — read_file, write_file, edit_file, run_command, MCP tool calls all run without confirmation.
- Permission prompts — Claude Code's own permission gates (workspace boundaries, sensitive files) are skipped for this session.
What does NOT change
- Anthropic safety — Bypass is tool-level, not model-level. Claude still won't generate CSAM, malware targeting real victims, or weapons systems regardless of which interface you use.
- Workspace boundary — Hypex's
resolveInsideWorkspacestill rejects path traversal on tools that go through Hypex's sandbox. Bypass only affects the CLI side. - Your subscription quotas — Bypass doesn't lift Claude Max's daily / weekly limits.
How does it compare to other autonomous agents?
| Typical agentic IDE | Hypex + CLI Bypass | |
|---|---|---|
| Inference billing | Per-token, Anthropic API | Your Max subscription (flat) |
| Tool approval | Auto | Bypassed via CLI |
| System prompt permissiveness | Dev-tuned | Dev-tuned + Hypex profile layered |
| Custom MCP / skills / memory | Configurable | Inherits your ~/.claude/ automatically |
| Driver / kernel build chain | — | Built-in WDK toolchain (docs) |
Safety guidance
- Trusted workspaces only. Don't enable Bypass when reviewing a repo you don't trust — a hostile prompt or steering file could trigger destructive tool calls before you see them.
- Pair with Hypex Checkpoints. Every agent edit is a rollback point — Ctrl+Alt+Z to undo. Bypass + Checkpoints = autonomous but reversible.
- Use restrictive profiles when needed. Even with Bypass on, you can set
agent.profiletodefaultortesterfor a less permissive framing.