A permission request is the moment an agent stops and asks before it does something that matters. It has decided to make a tool call, run a shell command, or overwrite a file, and instead of just doing it, it shows you what it is about to do and waits for a yes or no.
Why the pause matters
An agent that acted on every impulse would be alarming. One wrong command can delete files, drop a table, or push broken code. The permission request is the point where a person gets to catch the mistake before it happens. It is the concrete way an agent keeps a human in the loop.
What usually triggers one:
- Running a command that changes the system: installs, deletes, network calls.
- Writing or overwriting files outside a safe scratch area.
- Anything the tool's policy has flagged as too risky to auto-approve.
Read them, do not rubber-stamp
The whole value of a permission request disappears if you approve on autopilot. Read what the command actually does. Notice the rm -rf, the unfamiliar URL, the write to the wrong path. The prompt only protects you if you are actually looking.
The flip side is real too: too many prompts and you stop reading them. That tension is exactly what the permission mode exists to manage.
Related terms
Permission mode
Permission mode is the policy that decides which actions an agent can take on its own and which ones need your approval, ranging from ask-every-time to full auto. It trades safety for flow.
Read definition →Tool call
A tool call is the model’s request to use a tool: it names the tool and supplies the arguments, then pauses. It has not run anything. Your harness is what actually executes the action.
Read definition →Human in the loop
Human in the loop means keeping a person in the agent's decision path to approve, steer, or verify its work. It is the deliberate counterweight to full autonomy.
Read definition →