praisonai permissions lists, adds, removes, and shares your projectβs approval rules.
Quick Start
1
Run with interactive approval
2
Persist with always
Press
a at the prompt to write a persistent allow-rule to approvals.json.3
Re-run without prompting
Approval prompt
[o] once, [s] this session (in-memory), [a] always (persisted), [n] no. See Interactive Tool Approval for the full scope semantics.
CLI approval modes
Non-interactive mode
Subcommands
list
List all permission rules in the current project.
allow
Add an ALLOW rule.
deny
Add a DENY rule.
ask
Add an ASK rule (always prompt).
remove
Remove a rule by ID prefix (from list output).
reset
Delete all rules and approvals (requires confirmation).
export
Print rules as JSON to stdout.
import
Import rules from a JSON file.
Rule patterns
Patterns usetool_name:argument_pattern glob syntax:
external_dir: patterns
Whenworkspace_root is set on PermissionManager, any path that resolves outside the root emits an external_dir:<parent>/* sub-target defaulting to ask. Use the CLI to pre-authorise or hard-block these:
Compound shell commands (
&&, ;, |, subshells, $(...)) are decomposed and each operation is checked against your rules. A deny on bash:rm * blocks cd /tmp && rm -rf x and echo $(rm -rf x). See Command-Aware Permissions.[a] always, the CLI auto-generates a scoped pattern β for example bash:git status * for a git subcommand, or tool:<tool_name> as the default.
Project storage
Rules and session approvals are stored under the current working directory:Rules can also be declared directly in
.praisonai/config.yaml under the permissions: key β no CLI commands needed. Both approaches are fully supported and can be used together. See Single-Source Config and Declarative Permissions for details.Best practices
Commit rules.json for team alignment
Commit rules.json for team alignment
Share
.praisonai/permissions/rules.json so everyone gets the same allow/deny defaults.Never use bypass in production
Never use bypass in production
--approval bypass skips every check. Reserve it for fully trusted local sandboxes.Use plan for exploration
Use plan for exploration
--approval plan blocks writes and shell commands while you inspect a codebase.Broaden patterns with wildcards
Broaden patterns with wildcards
Use
bash:git * instead of one-off rules so related commands stay covered.Related
Single-Source Config
Declare permissions in .praisonai/config.yaml
Command-Aware Permissions
Compound command decomposition and evasion blocking
Declarative Permissions
All permission surfaces β YAML, CLI, Python
Interactive Tool Approval
User-facing approval experience
Permission Modes
Mode reference for agents and CLI
Workspace Boundary
Gate shell and file access outside your project root

