C
Docs

Permission System

Control how the agent executes tools with flexible permission modes.

Overview

C3 gives you fine-grained control over what the agent can do autonomously versus what requires your approval. This balance lets you work efficiently while staying in control of important changes.

The permission system operates at two levels:

  • Permission Mode — Global behavior setting for the session
  • Allowed Tools — Specific tool patterns that auto-approve

Permission Modes

Choose a permission mode that matches your workflow:

Default Mode

The safest option. The agent asks permission for most tool executions, giving you full visibility into every action.

  • File reads: Usually auto-approved
  • File writes/edits: Require approval
  • Command execution: Require approval
  • Best for: Learning, reviewing, sensitive projects

Accept Edits Mode

The agent can make file changes without approval, but still asks for command execution. Good for active development when you trust the agent's edits.

  • File reads: Auto-approved
  • File writes/edits: Auto-approved
  • Command execution: Require approval
  • Best for: Active coding, feature development

Checkpoint Safety Net

Even in Accept Edits mode, you can use checkpoints to revert any changes the agent makes. This provides a safety net for autonomous operations.

Plan Mode

The agent only proposes changes without executing them. Perfect for code review or when you want to understand the approach before implementation.

  • File reads: Auto-approved
  • All writes/commands: The agent proposes but doesn't execute
  • Best for: Code review, learning, planning

Bypass All (YOLO) Mode

Maximum autonomy — the agent executes all tools without asking. Use with caution and only on non-critical projects.

  • All tools: Auto-approved
  • Best for: Experiments, disposable environments, trusted tasks

Use Bypass All Carefully

In Bypass All mode, the agent can delete files, run arbitrary commands, and make significant changes without your review. Only use this when you're comfortable with full autonomy.

Changing Modes

Change the permission mode from the session toolbar:

  1. Tap the permission mode indicator in the toolbar
  2. Select your desired mode from the popup
  3. The change takes effect immediately

Allowed Tools

Beyond permission modes, you can specify patterns for tools that should always auto-approve. This gives you granular control over which specific actions the agent can perform without asking.

Configuration Locations

Allowed tools are configured in a settings.local.json file within the .claude folder. There are two levels:

  • Project levelPROJECT_ROOT/.claude/settings.local.json
  • Home directory level~/.claude/settings.json

Project-level settings take precedence and apply only to that specific project. Home directory settings apply globally across all projects.

Configuration Format

The settings file uses JSON format with a permissions.allow array:

.claude/settings.local.json
{
  "permissions": {
    "allow": [
      "Bash(npm test)",
      "Bash(npm run build)",
      "Bash(git status)",
      "Bash(git diff)",
      "Bash(grep:*)",
      "Edit(/src/components/*)",
      "Read(/src/*)"
    ]
  }
}

Permission String Format

Tools are specified using the format ToolName(parameter):

  • Bash(command) — Allow specific bash commands (e.g., Bash(npm install))
  • Edit(file_path) — Allow editing specific files or patterns
  • Write(file_path) — Allow writing to specific paths
  • Read(file_path) — Allow reading specific files
  • WebFetch(url) — Allow fetching from specific URLs

Using Wildcards

Use * for flexible pattern matching:

Wildcard Examples
{
  "permissions": {
    "allow": [
      "Bash(grep:*)",
      "Bash(npm *)",
      "Edit(/src/**/*)",
      "Read(*)"
    ]
  }
}

Adding Tools via the App

The easiest way to add allowed tools is through C3's permission prompts:

  1. When the agent requests permission for a tool, review the action
  2. If you want to always allow this specific action, tap "Allow & Don't Ask Again"
  3. The tool pattern is automatically added to your project's settings.local.json

Manual Editing

You can also manually edit the .claude/settings.local.json file directly to add or remove allowed tools. Changes take effect on the next tool execution.

Best Practices

Start Conservative

Begin with Default mode and gradually increase autonomy as you build trust. It's easier to grant more permissions than to undo unintended changes.

Use Plan Mode for Review

When reviewing the agent's approach or working on critical code, switch to Plan mode. You'll see exactly what the agent wants to do before any execution.

Leverage Allowed Tools

Instead of using Bypass All, configure specific allowed patterns for tools you trust. This gives you autonomy where safe while maintaining control elsewhere.

Trust but Verify

Even with auto-approval enabled, periodically expand tool cards to review what the agent is doing. This helps you stay informed and catch any issues early.

Permission Mode Persistence

Your permission mode is saved per-session. Each session can have its own mode based on the sensitivity of that particular task.

PreviousTool VisualizationNextContext Window