Permissions

Code CLI has a granular permission system that controls which tools the agent can use and whether they require user approval.

Permission Modes

ModeDescriptionUse When
defaultPrompt for dangerous operations, auto-approve readsInteractive development
acceptEditsAuto-approve file writes within projectTrusted codebase changes
planRead-only — agent can only read and planReviewing code, analysis
autoAuto-approve all safe operationsCI/CD, automated workflows
bypassPermissionsAuto-approve everything (dangerous)Trusted environments only

Per-Tool Rules

Each tool can be set to one of three actions:

ActionBehavior
allowAlways allow without prompting
askPrompt the user for approval
denyAlways block the operation
codecli.json
json
"permission": {
  "read": "allow",
  "glob": "allow",
  "grep": "allow",
  "list": "allow",
  "edit": "ask",
  "write": "ask",
  "bash": "ask",
  "webfetch": "allow",
  "websearch": "allow",
  "codesearch": "allow",
  "task": "ask"
}

Permission Flow

  1. Agent requests a tool call
  2. Check permission rules for the tool
  3. If allow or deny, proceed immediately
  4. If ask, prompt the user
  5. User can approve once or select "Always allow" to cache the decision
PreviousHooksNextContext & Compaction