Approving Commands

Learn how to safely approve AI actions and configure auto-approve settings.

Why Approvals Exist

AI coding assistants are powerful, but they can make mistakes. The approval system gives you:

  • Safety: Review destructive operations before they run (deleting files, running scripts, git operations)
  • Control: You decide what the AI can do autonomously and what needs your approval
  • Awareness: See exactly what's happening on your system, even when you're not at your desk

What Needs Approval?

By default, these actions require your approval:

ActionWhy It Needs ApprovalRisk Level
Bash commandsCan run any shell command on your systemHigh
File editsModifies existing code (configurable)Medium
File creationCreates new files in your projectLow
Git operationsCommits, pushes, or modifies git historyHigh
Package installsnpm install, pip install, etc.Medium
Destructive opsrm, unlink, truncate, etc.Critical
Read-only operations are auto-approved
Tools like Read, Search, and Glob don't modify anything, so they run automatically without asking. This keeps the flow smooth while you stay safe.

The Approval Card

When the AI wants to do something that needs your approval, you'll see a card like this:

Permission Required
The AI wants to run a shell command
git add . && git commit -m "Fix login bug"

Card Elements

ElementDescription
Warning iconIndicates this action needs your review
Title"Permission Required" or similar
DescriptionWhat the AI wants to do
DetailsThe exact command, diff preview, or file path
Deny buttonReject the action (AI will be told you denied it)
Approve buttonAllow the action to proceed

Diff Preview for File Edits

For file edits, the approval card shows a diff preview so you can see exactly what will change:

Edit: src/utils.ts
export function formatDate(date: Date) {
- return date.toString()
+ return date.toISOString().split('T')[0]
}

How to Respond

1
Review the request

Read what the AI wants to do. For commands, check the exact syntax. For edits, review the diff.

2
Make your decision

If it looks correct and safe, tap Approve. If something seems wrong, tap Deny.

3
AI continues or adapts

After approval, the action runs. After denial, the AI is notified and may suggest an alternative.

When to deny
  • • Command looks suspicious or unfamiliar
  • • Diff changes code you didn't expect
  • • Operation seems too broad (e.g., rm -rf)
  • • You want to do it differently

Always Allow (Auto-Approve)

For trusted tools you use frequently, you can enable auto-approve:

Permission Modes

ModeDescriptionBest For
defaultAsk for all potentially dangerous operationsNew users, careful workflows
planAuto-approve planning/analysis toolsWhen you trust the AI to explore
auto-editAuto-approve file edits (still asks for bash)Faster coding, you review via git
allowAllAuto-approve everything (use with caution!)Trusted, isolated environments

Configuring Permissions

In the app:

  1. Go to Settings → AI Backend → Permissions
  2. Choose your permission mode
  3. Optionally, enable/disable specific tools

Per-Tool Settings

You can also configure individual tools:

ToolRecommendation
Read, Glob, GrepAlways auto-approve (read-only)
EditAuto-approve if you review via git, otherwise ask
WriteAuto-approve for new files, review for overwrites
BashAlways ask (can run any command)
TaskAsk if you want control over sub-agents

Security Best Practices

Do:
  • ✓ Review bash commands before approving
  • ✓ Check diffs to understand what's changing
  • ✓ Use git to track changes (easy to revert)
  • ✓ Start with default mode, loosen as you gain trust
  • ✓ Deny anything that looks suspicious
Don't:
  • ✗ Use "allowAll" mode on production systems
  • ✗ Approve commands you don't understand
  • ✗ Ignore the details in approval cards
  • ✗ Give the AI access to sensitive directories
  • ✗ Approve broad delete operations without review
Pro tip: Use git
Keep your project in a git repository. Even if you approve something by mistake, you can always git checkout or git reset to undo changes.

What Happens When You Deny

When you deny a request:

  1. The action is not executed
  2. The AI receives a "permission denied" response
  3. The AI typically acknowledges and may suggest an alternative
  4. You can explain why you denied (helps the AI understand)
Denying is safe
Denying never breaks anything. The AI is designed to handle denials gracefully. If you're unsure, it's always safer to deny and ask for clarification.

Permission Notifications

When a permission request comes in while you're not looking at the app:

  • Push notification: Your phone notifies you (if enabled)
  • Badge count: App icon shows pending requests
  • Session status: Session shows "Waiting for approval"

Enable notifications in Settings → Notifications to never miss a permission request.