Choose a permission mode

When Claude wants to edit a file, run a shell command, or make a network request, it pauses and asks you to approve the action. Permission modes control how often that pause happens.

Available modes

In every mode except bypassPermissions, writes to protected paths are never auto-approved.

Modes set the baseline. Layer permission rules on top to pre-approve or block specific tools in any mode except bypassPermissions.

Switch permission modes

CLI: Press Shift+Tab to cycle default → acceptEdits → plan. Optional modes (auto, bypassPermissions) appear when enabled.

At startup:

claude --permission-mode plan

As a default in settings:

{
  "permissions": {
    "defaultMode": "acceptEdits"
  }
}

VS Code: Click the mode indicator at the bottom of the prompt box. Labels: Ask before edits (default), Edit automatically (acceptEdits), Plan mode (plan), Auto mode (auto), Bypass permissions (bypassPermissions).

claudeCode.initialPermissionMode sets the VS Code default. defaultMode: "auto" in project/local settings is ignored; use user settings for auto as default.

Auto-approve file edits with acceptEdits mode

acceptEdits lets Claude create and edit files without prompting. Status bar shows ⏵⏵ accept edits on.

Also auto-approves common filesystem Bash commands: mkdir, touch, rm, rmdir, mv, cp, sed, and safe wrappers like timeout, nice, nohup — only inside your working directory or additionalDirectories.

claude --permission-mode acceptEdits

Analyze before you edit with plan mode

Plan mode tells Claude to research and propose changes without making them. Enter with Shift+Tab or prefix a prompt with /plan.

When the plan is ready you can:

• Approve and start in auto mode
• Approve and accept edits
• Approve and review each edit manually
• Keep planning with feedback

Press Ctrl+G to edit the plan in your text editor. Approving exits plan mode and switches to the mode you chose.

Project default:

{
  "permissions": {
    "defaultMode": "plan"
  }
}

Eliminate prompts with auto mode

Auto mode requires Claude Code v2.1.83 or later.

Auto mode lets Claude execute without permission prompts. A separate classifier reviews actions before they run, blocking scope escalation, unknown infrastructure, and hostile-content-driven actions.

Auto mode is a research preview. Requirements include supported models (e.g. Sonnet 4.6, Opus 4.6/4.7) and Anthropic API for full availability.

defaultMode: "auto" in .claude/settings.json is ignored — move it to ~/.claude/settings.json.

What the classifier blocks by default

Blocked by default (examples): curl | bash, sending sensitive data to unknown endpoints, production deploys, mass cloud deletion, IAM changes, force push to main.

Allowed by default (examples): local file ops in working directory, deps from lockfiles, read-only HTTP, push to current branch.

Boundaries you state in conversation ("don't push") are treated as block signals until you lift them in a later message.

If the classifier blocks 3 times in a row or 20 times total, auto mode pauses and resumes prompting.

Allow only pre-approved tools with dontAsk mode

dontAsk auto-denies every tool call that would otherwise prompt. Only permissions.allow rules and read-only Bash can execute.

claude --permission-mode dontAsk

Skip all checks with bypassPermissions mode

bypassPermissions disables permission prompts. Removals targeting / or ~ still prompt as a circuit breaker. Only use in isolated containers/VMs. Linux/macOS refuses this mode when running as root.

claude --permission-mode bypassPermissions

Administrators can set permissions.disableBypassPermissionsMode to "disable" in managed settings.

Protected paths

Writes to these are never auto-approved except in bypassPermissions:

Directories: .git, .vscode, .idea, .husky, .claude (except .claude/commands, .claude/agents, .claude/skills, .claude/worktrees)

Files: .gitconfig, .gitmodules, .bashrc, .bash_profile, .zshrc, .zprofile, .profile, .ripgreprc, .mcp.json, .claude.json