Permissions
When the assistant wants to perform potentially sensitive operations — running shell commands, writing files, or calling external APIs — it asks for your approval. You stay in control of what happens.
The permission dialog
When a tool requires approval, a dialog appears with the details of what the assistant wants to do. You have four options:
| Action | What it does |
|---|---|
| Deny | Block this specific request |
| Allow Once | Execute this request only |
| Allow All in this Conversation | Auto-approve similar requests for the rest of this conversation |
| Create Rule | Create a persistent rule for this type of operation |
Keyboard shortcuts: Press Enter to Allow Once, Esc to Deny.
Permission rules
Rules let you pre-approve or block operations automatically, so you don't have to click through repeated prompts.
Rules follow the pattern ToolName or ToolName(specifier):
| Pattern | Matches |
|---|---|
Shell | All shell commands |
Shell(npm run:*) | Shell commands starting with "npm run " |
Shell(git status) | Exactly "git status" |
Read(.env) | Reading the .env file |
Write(*.log) | Writing to any .log file |
Wildcards
| Wildcard | Behavior | Example |
|---|---|---|
:* (at end) | Prefix match with word boundary | Shell(npm:*) matches npm install but not npmx |
* (anywhere) | Glob-style wildcard | Shell(git *) matches git status, git commit |
Rule priority
- Deny rules are checked first — they always win
- Allow rules are checked second
- If no rule matches, you're prompted
This means deny rules override everything, even the "auto-approve all" toggle.
Managing rules
Go to Settings → Tool Approvals to manage your rules. You can:
- Toggle Auto-approve all tools — skips all prompts (deny rules still apply)
- Add, edit, and remove deny rules and allow rules
Common examples
Allow rules:
Shell(npm run:*) # npm run commands
Shell(git status) # git status
Shell(git diff:*) # git diff
Shell(python -m pytest:*) # pytest
Deny rules:
Shell(rm -rf:*) # block recursive delete
Shell(curl:*) # block curl
Read(.env) # block reading .env
Read(.env.*) # block reading .env.* files
Write(*.exe) # block writing executables
Creating rules from the dialog
When a permission prompt appears, click Create Rule to quickly create a rule based on the current request. The dialog suggests patterns like:
Shell(npm run:*)for shell commandsWrite(/path/to/dir/*)for file pathsRead(*.json)for file extensions
Persistence
Rules are stored in your browser and synced to the server. They persist across sessions and apply to all your conversations.