Codumentor logo Codumentor

Permissions

When the assistant wants to perform potentially sensitive operations — running shell commands, writing files, or calling external APIs — it asks for your approval. You stay in control of what happens.

The permission dialog

When a tool requires approval, a dialog appears with the details of what the assistant wants to do. You have four options:

ActionWhat it does
DenyBlock this specific request
Allow OnceExecute this request only
Allow All in this ConversationAuto-approve similar requests for the rest of this conversation
Create RuleCreate a persistent rule for this type of operation

Keyboard shortcuts: Press Enter to Allow Once, Esc to Deny.

Permission rules

Rules let you pre-approve or block operations automatically, so you don't have to click through repeated prompts.

Rules follow the pattern ToolName or ToolName(specifier):

PatternMatches
ShellAll shell commands
Shell(npm run:*)Shell commands starting with "npm run "
Shell(git status)Exactly "git status"
Read(.env)Reading the .env file
Write(*.log)Writing to any .log file

Wildcards

WildcardBehaviorExample
:* (at end)Prefix match with word boundaryShell(npm:*) matches npm install but not npmx
* (anywhere)Glob-style wildcardShell(git *) matches git status, git commit

Rule priority

  1. Deny rules are checked first — they always win
  2. Allow rules are checked second
  3. If no rule matches, you're prompted

This means deny rules override everything, even the "auto-approve all" toggle.

Managing rules

Go to Settings → Tool Approvals to manage your rules. You can:

Common examples

Allow rules:

Shell(npm run:*)           # npm run commands
Shell(git status)          # git status
Shell(git diff:*)          # git diff
Shell(python -m pytest:*)  # pytest

Deny rules:

Shell(rm -rf:*)    # block recursive delete
Shell(curl:*)      # block curl
Read(.env)         # block reading .env
Read(.env.*)       # block reading .env.* files
Write(*.exe)       # block writing executables

Creating rules from the dialog

When a permission prompt appears, click Create Rule to quickly create a rule based on the current request. The dialog suggests patterns like:

Persistence

Rules are stored in your browser and synced to the server. They persist across sessions and apply to all your conversations.