Claude CodeLesson 4 of 25

Permission Modes

Permission modes control how much Claude checks with you before acting. Turn supervision up and Claude asks before every write or shell command. Turn it down and Claude works through longer tasks on its own. Picking the right mode for each situation is one of the most useful habits you can build.

The six modes

Six modes answer one question: how much should Claude check with me? The table shows what Claude can do without stopping to ask in each one.

Mode	Auto-approves	Best for
default	File reads only	Day-to-day work; anything touching production
acceptEdits	File writes + housekeeping Bash (mkdir, mv, cp)	Fast iteration — audit with git diff
plan	File reads only — writes blocked	Exploring a new or unfamiliar codebase
auto	Everything — a classifier watches for risky actions	Long tasks where you trust the goal
dontAsk	Nothing beyond what you allow in settings	CI pipelines with a fixed toolset
bypassPermissions	Everything — zero checks	Throwaway containers and VMs only

Across all modes except bypassPermissions, Claude cannot silently edit Git history, shell config, or IDE settings. Paths like .git, .gitconfig, and .bashrc always prompt you first.

The permission prompt

In default mode, Claude pauses before every write or shell command and shows a prompt like this:

Terminal

Working on: add formatPrice to src/utils/currency.ts

Claude wants to write:

src/utils/currency.ts

Do you want to create this file?

[y] Yes[n] No[a] Always (session)[!] Never (session)

Permission prompt in default mode

Key	Action	Effect
y	Yes — this one time	Approves only the current action. Same prompt appears next time.
n	No — skip this action	Claude abandons that step or stops and explains the blocker.
a	Always allow (session)	Turns off prompts for this category until you restart.
!	Never allow (session)	Silently blocks this category for the rest of the session.

How to switch modes

Change modes through Claude Code controls — not by typing "switch to plan mode" in chat. Claude ignores that. Use one of these three methods:

1. Mid-session — press Shift+Tab

Shift+Tab cycles through everyday modes

default

Ask on writes + Bash

→

acceptEdits

Auto-approve file edits

→

plan

Read only, no changes

→ wraps

Watch the status bar at the bottom of the terminal to see which mode is active.

auto and bypassPermissions are left out of the everyday cycle. Enter them via startup flags so you opt in consciously.

2. At startup — pass a flag

Terminal

# Any of the six modes work here

$ claude --permission-mode plan

$ claude --permission-mode acceptEdits

$ claude --permission-mode bypassPermissions

3. Persistent default — settings file

.claude/settings.json (or settings.local.json)

{

"permissions": {

"defaultMode": "acceptEdits"

}

Mode details

A few things about each mode are not obvious until you use them.

acceptEdits — Auto-approve file edits

Claude silently creates and edits files inside your project. Safe shell commands (mkdir, touch, rm, mv, cp, sed) also pass through. Anything more powerful still prompts. Run git diff after the task to review changes.

plan — Read and propose, no writes

Claude can grep, read files, and run exploratory commands — but writes are blocked, not just prompted. It presents a plan and asks how to proceed. Enter via Shift+Tab twice from default, or prefix a prompt with /plan.

auto — Everything, with a safety classifier

Claude runs without stopping. A second model watches for risky actions — force-pushing to main, production deploys, mass deletes. Requires Claude Code v2.1.83+, Max/Team/Enterprise/API subscription. Not on Pro.

dontAsk — Only pre-approved tools

Inverse of auto: you list allowed tools in permissions.allow. Anything else is silently denied — no prompt. Use in CI where nobody is online to click approve.

bypassPermissions — Skip all checks

All guardrails removed. Only rm -rf / and rm -rf ~ still pause as a circuit breaker. Containers and VMs only — never on your everyday machine. --dangerously-skip-permissions does the same thing.

Protected paths

No matter which mode you use (except bypassPermissions), Claude cannot quietly modify Git history, shell startup scripts, IDE config, or its own settings. In dontAsk these are denied outright; in other modes a prompt appears.

Type	Paths
Directories	.git, .vscode, .idea, .husky, .claude (config files)
Files	.gitconfig, .gitmodules, .bashrc, .bash_profile, .zshrc, .mcp.json, .claude.json, .ripgreprc

Which mode should I use?

Situation	Mode
Getting started or production-connected code	default
Fast coding — audit changes with git diff	acceptEdits
Understanding a codebase before edits	plan
Large, well-defined task you trust	auto
CI job with a fixed allowed toolset	dontAsk
Disposable container or VM	bypassPermissions

Before you continue

Six modes: default, acceptEdits, plan, auto, dontAsk, bypassPermissions.
Shift+Tab cycles default → acceptEdits → plan in the terminal.
Set a mode at startup with --permission-mode or in settings.json.
Protected paths (.git, .bashrc, etc.) always prompt — except in bypassPermissions.
auto uses a safety classifier; bypassPermissions has no safety net — containers only.

What's Next

Permissions are set. The next lesson integrates Claude Code with GitHub Actions automating reviews, tests, and PRs in your CI/CD pipeline.

← PREVIOUS

Settings and Configuration

GitHub Actions