Permission mode is the policy that decides which actions an agent can take by itself and which ones need your sign-off. It is the setting behind every permission request: how many appear, and for what.
A spectrum, not a switch
Think of it as a dial from strict to loose:
- Ask every time. Every command and file write pauses for approval. Safest, slowest, and prone to prompt fatigue.
- Auto-approve a category. Reads happen freely, say, while writes and shell commands still ask.
- Full auto. The agent runs the whole loop without stopping, which is what makes real agent mode work feel autonomous.
Match the mode to the stakes
The right setting depends on trust and blast radius. Poking at a throwaway branch inside a sandbox? Loosen it and let the agent move. Editing production config or touching a shared database? Tighten it and read every step. The mode you choose is really a bet about where the model is likely to go wrong and how much a wrong move would cost.
Related terms
Permission request
A permission request is the moment an agent stops and asks you to approve a consequential action, such as running a command or writing a file, before it happens. It is the seam where a human can catch a mistake before it lands.
Read definition →Agent mode
Agent mode is a setting where the model runs the loop autonomously, planning and acting on its own, rather than giving a single chat reply or edit. More capable, and it needs more trust.
Read definition →Sandbox
A sandbox is an isolated environment that limits what an agent can touch, such as the filesystem and network, so a mistake stays contained and cannot damage the real system.
Read definition →