Claude CodeLesson 4 of 25

Permission Modes

Think of permission modes as a supervision dial. Turn it all the way up and Claude checks in with you before touching anything. Turn it down and Claude ploughs through a long task on its own, reporting back when finished. Knowing which setting fits each situation is one of the most useful habits you can build as a Claude Code user.

📊

The Six Modes at a Glance

Six modes, six different answers to the question: "how much should Claude check with me on this task?" The table below shows what Claude can do without stopping to ask in each one.

Mode

Auto-approves without asking

Best for

default

File reads only

Day-to-day work; anything touching production

acceptEdits

File writes + housekeeping Bash (mkdir, mv, cp⬦)

Fast iteration — you audit changes in git diff

plan

File reads only — writes are blocked entirely

Getting the lay of a new or unfamiliar codebase

auto

Everything — a classifier watches for risky actions

Long autonomous tasks where you trust the goal

dontAsk

Nothing beyond what you explicitly allow in settings

CI pipelines where the allowed toolset is predetermined

bypassPermissions

Literally everything — zero checks

Throwaway containers and VMs only

One rule holds across all modes (except bypassPermissions): Claude can never silently edit your Git history, shell config, or IDE settings. Paths like .git, .gitconfig, and .bashrc are hard-protected and will always prompt you first.
💬

What the Prompt Looks Like

In default mode, Claude pauses before every write or shell command and shows this in your terminal. Here is a mock of what a real permission prompt looks like:

Terminal
Working on: add formatPrice to src/utils/currency.ts
Claude wants to write:
src/utils/currency.ts
Do you want to create this file?
[y] Yes[n] No[a] Always (session)[!] Never (session)
y

Yes — this one time

Approves only the current action. The same prompt appears again next time Claude tries the same thing.

n

No — skip this action

Claude abandons that step and looks for an alternative route, or stops and explains the blocker.

a

Always allow (session)

Turns off the prompt for this category of action until you restart Claude Code.

!

Never allow (session)

Silently blocks this category of action for the rest of the session without prompting again.

🔄

How to Switch Modes

Important rule: you change modes through Claude Code controls, never by typing an instruction into the chat. Claude ignores requests like "switch to plan mode" — you must use one of these three methods:

1. Mid-session — press Shift+Tab

Shift+Tab steps through the three everyday modes

default

Ask on writes + Bash

acceptEdits

Auto-approve file edits

plan

Read only, no changes

→ wraps

Watch the status bar at the bottom of the terminal to see which mode is active.

auto and bypassPermissions are intentionally left out of the everyday cycle. You enter them via startup flags (see below) so you opt in consciously rather than stumbling into them.

2. At startup — pass a flag

Terminal
# Any of the six modes work here
$ claude --permission-mode plan
$ claude --permission-mode acceptEdits
$ claude --permission-mode bypassPermissions

3. As a persistent default — settings file

.claude/settings.json (or settings.local.json)
{
"permissions": {
"defaultMode": "acceptEdits"
}
}
🔍

Mode Details

The table gives you a quick snapshot, but a few things about each mode are not obvious until you actually use them. Here is what catches people off-guard.

acceptEdits

— auto-approve file edits

Claude silently creates and edits files inside your project folder without stopping to ask. On top of file writes, a handful of safe shell commands are also waved through: mkdir, touch, rm, mv, cp, sed. Anything more powerful than that still prompts. The status bar changes to ⏵⏵ accept edits on so you always know it is active.

The right move: run the task, then open your editor and run git diff to walk through everything Claude changed at your own pace.

plan

— read and propose, no writes

This is the safest starting point for an unfamiliar repo. Claude is free to grep, read files, and run exploratory shell commands — but the moment it tries to write anything, the action is blocked (not just prompted, actually refused). Claude then presents a written plan and asks you how to proceed: you can approve it and hand off to auto or acceptEdits, step through edits manually, or ask Claude to keep refining first.

Enter it by pressing Shift+Tab twice from default, or prefix any single prompt with /plan to scope just that message.

auto

— everything, with a safety classifier

Claude runs completely without stopping to ask. Behind the scenes a second AI model — the safety classifier — watches every action before it runs and pulls the plug on anything that looks out of scope: force-pushing to main, deploying to production, mass-deleting cloud storage, or sending your credentials to an unrecognised server. Routine work — local file edits, installing packages, read-only API calls — sails through automatically.

Who can use it: Claude Code v2.1.83 or later, with a Max, Team, Enterprise, or API subscription. Not on Pro. Team and Enterprise admins must switch it on in settings before users can activate it.
dontAsk

— only pre-approved tools

Think of this as the inverse of auto. Instead of a classifier deciding what is risky, you decide in advance exactly what Claude may touch by listing tools in your permissions.allow settings. Anything outside that list is silently blocked — no prompt, no fallback, just denied. This makes Claude fully non-interactive, which is exactly what you want when running it in a CI pipeline where there is nobody online to click a prompt.

$ claude --permission-mode dontAsk
bypassPermissions

— skip all checks

All guardrails removed. Every tool call fires instantly with no check. The only two commands that still pause as a last-resort circuit breaker are rm -rf / and rm -rf ~ — hard blocks against accidental filesystem wipes.

Containers and VMs only. If something goes wrong here, there is nothing standing between Claude and your files, your shell config, or your credentials. Never use this on your everyday machine. The older flag --dangerously-skip-permissions does exactly the same thing.
🔒

Protected Paths

No matter which mode you are in (except bypassPermissions), Claude cannot quietly modify your Git history, shell startup scripts, IDE config, or its own settings files. These paths are hard-wired as off-limits. In dontAsk they are outright denied; in every other mode a prompt appears.

Directories

  • .git
  • .vscode
  • .idea
  • .husky
  • .claude (config files)

Files

  • .gitconfig, .gitmodules
  • .bashrc, .bash_profile, .zshrc
  • .mcp.json, .claude.json
  • .ripgreprc

Which Mode Should I Use?

Not sure where to start? Match your current situation to the right mode.

I am getting started or working on production-connected code

default

I want Claude to code quickly and I will audit changes via git diff

acceptEdits

I want to understand the codebase before I let Claude touch it

plan

I have a large, well-defined task and trust the direction

auto

Claude is running in a CI job with a fixed allowed toolset

dontAsk

Claude is running inside a container or VM I can throw away

bypassPermissions

What You Learned

  • There are 6 modes: default, acceptEdits, plan, auto, dontAsk, bypassPermissions.
  • Shift+Tab cycles default → acceptEdits → plan in the terminal.
  • Set a mode at startup with --permission-mode or permanently in settings.json.
  • Protected paths (.git, .bashrc, etc.) always prompt — except in bypassPermissions.
  • auto mode uses a safety classifier. bypassPermissions has no safety net — containers only.
  • Next: a tour of the Claude Desktop app interface.

What's Next

Permissions are set. The next lesson integrates Claude Code with GitHub Actions — automating reviews, tests, and PRs in your CI/CD pipeline.