diff --git a/src/hooks/useSSEStream.ts b/src/hooks/useSSEStream.ts
index 79df5882..1cb42ad8 100644
--- a/src/hooks/useSSEStream.ts
+++ b/src/hooks/useSSEStream.ts
@@ -10,6 +10,7 @@ interface ToolUseInfo {
 interface ToolResultInfo {
   tool_use_id: string;
   content: string;
+  is_error?: boolean;
 }
 
 export interface SSECallbacks {
@@ -73,6 +74,7 @@ function handleSSEEvent(
         callbacks.onToolResult({
           tool_use_id: resultData.tool_use_id,
           content: resultData.content,
+          is_error: resultData.is_error,
         });
       } catch {
         // skip malformed tool_result data
diff --git a/src/lib/bridge/permission-broker.ts b/src/lib/bridge/permission-broker.ts
index 2e343a1d..81434b58 100644
--- a/src/lib/bridge/permission-broker.ts
+++ b/src/lib/bridge/permission-broker.ts
@@ -13,7 +13,7 @@ import type { PermissionUpdate } from '@anthropic-ai/claude-agent-sdk';
 import type { ChannelAddress, OutboundMessage } from './types';
 import type { BaseChannelAdapter } from './channel-adapter';
 import { deliver } from './delivery-layer';
-import { insertPermissionLink, getPermissionLink, markPermissionLinkResolved, getSession, getDb } from '../db';
+import { insertPermissionLink, getPermissionLink, markPermissionLinkResolved, getSession, getDb, getSetting } from '../db';
 import { resolvePendingPermission } from '../permission-registry';
 import { escapeHtml } from './adapters/telegram-utils';
 
@@ -36,6 +36,14 @@ export async function forwardPermissionRequest(
   suggestions?: unknown[],
   replyToMessageId?: string,
 ): Promise<void> {
+  // Check if auto-approval is enabled globally — auto-approve without IM notification
+  const globalAutoApprove = getSetting('dangerously_skip_permissions') === 'true';
+  if (globalAutoApprove) {
+    console.log(`[bridge] Auto-approved permission ${permissionRequestId} (tool=${toolName}) due to global auto-approval setting`);
+    resolvePendingPermission(permissionRequestId, { behavior: 'allow' });
+    return;
+  }
+
   // Check if this session uses full_access permission profile — auto-approve without IM notification
   if (sessionId) {
     const session = getSession(sessionId);
diff --git a/src/lib/claude-client.ts b/src/lib/claude-client.ts
index d31b7ac8..0e28c902 100644
--- a/src/lib/claude-client.ts
+++ b/src/lib/claude-client.ts
@@ -19,6 +19,7 @@ import { registerPendingPermission } from './permission-registry';
 import { registerConversation, unregisterConversation } from './conversation-registry';
 import { captureCapabilities, isCacheFresh, setCachedPlugins } from './agent-sdk-capabilities';
 import { getSetting, updateSdkSessionId, createPermissionRequest } from './db';
+// Auto-approval is now handled at the CodePilot level, not via SDK bypassPermissions
 import { resolveForClaudeCode, toClaudeCodeEnv } from './provider-resolver';
 import { findClaudeBinary, findGitBash, getExpandedPath, invalidateClaudePathCache } from './platform';
 import { notifyPermissionRequest, notifyGeneric } from './telegram-bot';
@@ -317,14 +318,26 @@ export async function generateTextViaSdk(params: {
   const queryOptions: Options = {
     cwd: os.homedir(),
     abortController,
-    permissionMode: 'bypassPermissions',
-    allowDangerouslySkipPermissions: true,
+    permissionMode: 'acceptEdits',
     env: sanitizeEnv(sdkEnv),
     settingSources: resolved.settingSources as Options['settingSources'],
     systemPrompt: params.system,
     maxTurns: 1,
   };
 
+  // Add auto-approval handler for this simple query
+  const globalAutoApprove = getSetting('dangerously_skip_permissions') === 'true';
+  if (globalAutoApprove) {
+    queryOptions.canUseTool = async (toolName, _input, opts) => {
+      console.log(`[claude-client] Auto-approved ${toolName} (auto-approval enabled)`);
+      return {
+        behavior: 'allow',
+        updatedInput: _input,
+        ...(opts.suggestions ? { updatedPermissions: opts.suggestions } : {}),
+      };
+    };
+  }
+
   if (params.model) {
     queryOptions.model = params.model;
   }
@@ -456,18 +469,15 @@ export function streamClaude(options: ClaudeStreamOptions): ReadableStream<strin
           console.warn('[claude-client] No API key found: no active provider, no legacy settings, and no ANTHROPIC_API_KEY/ANTHROPIC_AUTH_TOKEN in environment');
         }
 
-
-        // Check if dangerously_skip_permissions is enabled globally or per-session
-        const globalSkip = getSetting('dangerously_skip_permissions') === 'true';
-        const skipPermissions = globalSkip || !!sessionBypassPermissions;
+        // Check if auto-approval is enabled globally or per-session
+        const globalAutoApprove = getSetting('dangerously_skip_permissions') === 'true';
+        const shouldAutoApprove = globalAutoApprove || !!sessionBypassPermissions;
 
         const queryOptions: Options = {
           cwd: resolvedWorkingDirectory.path,
           abortController,
           includePartialMessages: true,
-          permissionMode: skipPermissions
-            ? 'bypassPermissions'
-            : ((permissionMode as Options['permissionMode']) || 'acceptEdits'),
+          permissionMode: (permissionMode as Options['permissionMode']) || 'acceptEdits',
           env: sanitizeEnv(sdkEnv),
           // Load settings so the SDK behaves like the CLI (tool permissions,
           // CLAUDE.md, etc.). When an active provider is configured in
@@ -477,10 +487,6 @@ export function streamClaude(options: ClaudeStreamOptions): ReadableStream<strin
           settingSources: resolved.settingSources as Options['settingSources'],
         };
 
-        if (skipPermissions) {
-          queryOptions.allowDangerouslySkipPermissions = true;
-        }
-
         // Find claude binary for packaged app where PATH is limited.
         // On Windows, npm installs Claude CLI as a .cmd wrapper which cannot
         // be spawned directly without shell:true. Parse the wrapper to
@@ -617,10 +623,20 @@ export function streamClaude(options: ClaudeStreamOptions): ReadableStream<strin
           queryOptions.resume = sdkSessionId;
         }
 
-        // Permission handler: sends SSE event and waits for user response
+        // Permission handler: auto-approve if enabled, or sends SSE event and waits for user response
         queryOptions.canUseTool = async (toolName, input, opts) => {
           const permissionRequestId = `perm-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`;
 
+          // If auto-approval is enabled, approve immediately without user interaction
+          if (shouldAutoApprove) {
+            console.log(`[claude-client] Auto-approved ${toolName} (auto-approval enabled)`);
+            return {
+              behavior: 'allow',
+              updatedInput: input,
+              ...(opts.suggestions ? { updatedPermissions: opts.suggestions } : {}),
+            };
+          }
+
           const permEvent: PermissionRequestEvent = {
             permissionRequestId,
             toolName,
@@ -916,6 +932,9 @@ export function streamClaude(options: ClaudeStreamOptions): ReadableStream<strin
                         is_error: block.is_error || false,
                       }),
                     }));
+                    if (block.is_error) {
+                      console.warn(`[claude-client] Tool ${block.tool_use_id} failed: ${resultContent}`);
+                    }
 
                     // Deferred TodoWrite sync: only emit task_update after successful execution
                     if (!block.is_error && pendingTodoWrites.has(block.tool_use_id)) {
diff --git a/src/types/index.ts b/src/types/index.ts
index 33d1cda7..1915df77 100644
--- a/src/types/index.ts
+++ b/src/types/index.ts
@@ -916,6 +916,7 @@ export interface ToolUseInfo {
 export interface ToolResultInfo {
   tool_use_id: string;
   content: string;
+  is_error?: boolean;
 }
 
 export type StreamPhase = 'active' | 'completed' | 'error' | 'stopped';
diff --git a/start.sh b/start.sh
new file mode 100755
index 00000000..b5fdf1eb
--- /dev/null
+++ b/start.sh
@@ -0,0 +1,269 @@
+#!/bin/bash
+
+# CodePilot 后台启动脚本
+
+APP_DIR="$(cd "$(dirname "$0")" && pwd)"
+LOG_FILE="$APP_DIR/app.log"
+PID_FILE="$APP_DIR/app.pid"
+
+# 显示菜单
+show_menu() {
+  clear
+  echo "========================================"
+  echo "      CodePilot 管理菜单"
+  echo "========================================"
+  echo ""
+  
+  # 检查状态（使用 ss 更可靠）
+  local port_info=$(ss -tlnp 2>/dev/null | grep ":3000 ")
+  local port_pid=$(echo "$port_info" | sed -n 's/.*pid=\([0-9]*\).*/\1/p')
+  
+  if [ -f "$PID_FILE" ] && kill -0 "$(cat "$PID_FILE")" 2>/dev/null; then
+    echo "  当前状态: 运行中 (PID: $(cat "$PID_FILE"))"
+  elif [ -n "$port_pid" ]; then
+    echo "  当前状态: 端口被占用 (PID: $port_pid) - 异常"
+  else
+    echo "  当前状态: 未运行"
+  fi
+  
+  echo ""
+  echo "  [1] 启动服务"
+  echo "  [2] 停止服务"
+  echo "  [3] 重启服务"
+  echo "  [4] 查看实时日志"
+  echo "  [5] 查看状态"
+  echo "  [6] 查看日志 (最后50行)"
+  echo "  [0] 退出"
+  echo ""
+  echo "========================================"
+}
+
+# 启动服务
+do_start() {
+  # 先检查端口是否已被占用
+  local port_info=$(ss -tlnp 2>/dev/null | grep ":3000 ")
+  if [ -n "$port_info" ]; then
+    local port_pid=$(echo "$port_info" | sed -n 's/.*pid=\([0-9]*\).*/\1/p')
+    echo "端口 3000 已被占用 (PID: $port_pid)"
+    echo "请先运行 ./start.sh stop 停止服务"
+    return 1
+  fi
+  
+  if [ -f "$PID_FILE" ] && kill -0 "$(cat "$PID_FILE")" 2>/dev/null; then
+    echo "服务已在运行 (PID: $(cat "$PID_FILE"))"
+    return 0
+  fi
+  
+  cd "$APP_DIR" || exit 1
+  
+  # 启动服务并等待端口监听
+  nohup npm run start > "$LOG_FILE" 2>&1 &
+  local npm_pid=$!
+  echo $npm_pid > "$PID_FILE"
+  
+  echo "正在启动服务..."
+  
+  # 等待端口监听（最多等待 30 秒，使用 ss 检测）
+  local waited=0
+  while [ $waited -lt 30 ]; do
+    sleep 1
+    waited=$((waited + 1))
+    local check_info=$(ss -tlnp 2>/dev/null | grep ":3000 ")
+    if [ -n "$check_info" ]; then
+      local server_pid=$(echo "$check_info" | sed -n 's/.*pid=\([0-9]*\).*/\1/p')
+      echo "启动成功 (PID: $server_pid)"
+      return 0
+    fi
+  done
+  
+  echo "启动超时，请检查日志: $LOG_FILE"
+  return 1
+}
+
+# 停止服务
+do_stop() {
+  local stopped=0
+  
+  # 1. 先尝试停止 PID 文件中的进程及其子进程
+  if [ -f "$PID_FILE" ]; then
+    PID=$(cat "$PID_FILE")
+    if kill -0 "$PID" 2>/dev/null; then
+      # 杀掉整个进程组（包括子进程）
+      kill -TERM -"$PID" 2>/dev/null || kill -TERM "$PID" 2>/dev/null
+      sleep 2
+      # 如果进程还在，强制杀掉
+      if kill -0 "$PID" 2>/dev/null; then
+        kill -9 -"$PID" 2>/dev/null || kill -9 "$PID" 2>/dev/null
+      fi
+      echo "已停止 (PID: $PID)"
+      stopped=1
+    fi
+    rm -f "$PID_FILE"
+  fi
+  
+  # 2. 强制清理占用端口 3000 的所有进程（使用 ss 更可靠）
+  local port_pids=$(ss -tlnp 2>/dev/null | grep ":3000 " | sed -n 's/.*pid=\([0-9]*\).*/\1/p' | sort -u)
+  if [ -n "$port_pids" ]; then
+    echo "清理端口 3000 残留进程: $port_pids"
+    for pid in $port_pids; do
+      kill -9 "$pid" 2>/dev/null && echo "  已杀掉 PID: $pid"
+    done
+    sleep 1
+    stopped=1
+  fi
+  
+  # 3. 备用方式：使用 lsof
+  local lsof_pids=$(lsof -ti:3000 2>/dev/null)
+  if [ -n "$lsof_pids" ]; then
+    echo "清理残留进程 (lsof): $lsof_pids"
+    echo "$lsof_pids" | xargs kill -9 2>/dev/null
+    sleep 1
+    stopped=1
+  fi
+  
+  if [ "$stopped" -eq 0 ]; then
+    echo "服务未运行"
+  fi
+  
+  # 最终确认
+  if ss -tlnp 2>/dev/null | grep -q ":3000 "; then
+    echo "警告: 端口 3000 仍被占用"
+    ss -tlnp | grep ":3000 "
+  else
+    echo "端口 3000 已释放"
+  fi
+}
+
+# 查看状态
+do_status() {
+  local has_pid=0
+  local has_port=0
+  
+  # 检查 PID 文件
+  if [ -f "$PID_FILE" ] && kill -0 "$(cat "$PID_FILE")" 2>/dev/null; then
+    has_pid=1
+    echo "PID 文件: 运行中 (PID: $(cat "$PID_FILE"))"
+  else
+    echo "PID 文件: 未运行"
+    [ -f "$PID_FILE" ] && rm -f "$PID_FILE"
+  fi
+  
+  # 检查端口占用（使用 ss 更可靠）
+  local port_info=$(ss -tlnp 2>/dev/null | grep ":3000 ")
+  if [ -n "$port_info" ]; then
+    has_port=1
+    local port_pid=$(echo "$port_info" | sed -n 's/.*pid=\([0-9]*\).*/\1/p')
+    echo "端口 3000: 被占用 (PID: $port_pid)"
+  else
+    echo "端口 3000: 空闲"
+  fi
+  
+  # 综合状态
+  echo ""
+  if [ "$has_pid" -eq 1 ] && [ "$has_port" -eq 1 ]; then
+    echo ">>> 服务正常运行"
+  elif [ "$has_pid" -eq 0 ] && [ "$has_port" -eq 1 ]; then
+    echo ">>> 异常: 端口被占用但 PID 文件不存在"
+    echo ">>> 建议: 运行 ./start.sh stop 清理残留进程"
+  elif [ "$has_pid" -eq 1 ] && [ "$has_port" -eq 0 ]; then
+    echo ">>> 异常: PID 存在但端口未监听"
+  else
+    echo ">>> 服务未运行"
+  fi
+}
+
+# 查看日志
+do_log() {
+  tail -f "$LOG_FILE"
+}
+
+# 菜单模式
+menu_mode() {
+  while true; do
+    show_menu
+    read -p "请选择操作 [0-6]: " choice
+    
+    case $choice in
+      1)
+        echo ""
+        do_start
+        read -p "按回车键继续..."
+        ;;
+      2)
+        echo ""
+        do_stop
+        read -p "按回车键继续..."
+        ;;
+      3)
+        echo ""
+        do_stop
+        sleep 1
+        do_start
+        read -p "按回车键继续..."
+        ;;
+      4)
+        echo ""
+        echo "按 Ctrl+C 退出日志查看"
+        do_log
+        ;;
+      5)
+        echo ""
+        do_status
+        read -p "按回车键继续..."
+        ;;
+      6)
+        echo ""
+        if [ -f "$LOG_FILE" ]; then
+          tail -n 50 "$LOG_FILE"
+        else
+          echo "暂无日志文件"
+        fi
+        read -p "按回车键继续..."
+        ;;
+      0)
+        echo ""
+        echo "再见！"
+        exit 0
+        ;;
+      *)
+        echo ""
+        echo "无效选项"
+        read -p "按回车键继续..."
+        ;;
+    esac
+  done
+}
+
+# 命令行模式
+case "${1:-menu}" in
+  start)
+    do_start
+    ;;
+  stop)
+    do_stop
+    ;;
+  restart)
+    do_stop
+    sleep 1
+    do_start
+    ;;
+  status)
+    do_status
+    ;;
+  log)
+    do_log
+    ;;
+  menu)
+    menu_mode
+    ;;
+  *)
+    echo "用法: $0 {start|stop|restart|status|log|menu}"
+    echo ""
+    echo "  start  - 后台启动服务"
+    echo "  stop   - 停止服务"
+    echo "  restart- 重启服务"
+    echo "  status - 查看运行状态"
+    echo "  log    - 查看实时日志"
+    echo "  menu   - 显示交互菜单（默认）"
+    ;;
+esac