Skip to main content
Manage interactive tool-approval rules from the CLI β€” praisonai permissions lists, adds, removes, and shares your project’s approval rules.

Quick Start

1

Run with interactive approval

When a sensitive tool runs, you see the approval prompt.
2

Persist with always

Press a at the prompt to write a persistent allow-rule to approvals.json.
3

Re-run without prompting

Matching rules are applied automatically.

Approval prompt

The four keys choose how long the approval lasts β€” [o] once, [s] this session (in-memory), [a] always (persisted), [n] no. See Interactive Tool Approval for the full scope semantics.

CLI approval modes

The CLI flag bypass maps to PermissionMode.BYPASS, whose value is bypass_permissions.

Non-interactive mode

Subcommands

list

List all permission rules in the current project.

allow

Add an ALLOW rule.

deny

Add a DENY rule.

ask

Add an ASK rule (always prompt).

remove

Remove a rule by ID prefix (from list output).

reset

Delete all rules and approvals (requires confirmation).

export

Print rules as JSON to stdout.

import

Import rules from a JSON file.

Rule patterns

Patterns use tool_name:argument_pattern glob syntax:

external_dir: patterns

When workspace_root is set on PermissionManager, any path that resolves outside the root emits an external_dir:<parent>/* sub-target defaulting to ask. Use the CLI to pre-authorise or hard-block these:
See Workspace Boundary for full details on what triggers the gate and how to configure it.
Compound shell commands (&&, ;, |, subshells, $(...)) are decomposed and each operation is checked against your rules. A deny on bash:rm * blocks cd /tmp && rm -rf x and echo $(rm -rf x). See Command-Aware Permissions.
When you choose [a] always, the CLI auto-generates a scoped pattern β€” for example bash:git status * for a git subcommand, or tool:<tool_name> as the default.

Project storage

Rules and session approvals are stored under the current working directory:
Rules can also be declared directly in .praisonai/config.yaml under the permissions: key β€” no CLI commands needed. Both approaches are fully supported and can be used together. See Single-Source Config and Declarative Permissions for details.

Best practices

Share .praisonai/permissions/rules.json so everyone gets the same allow/deny defaults.
--approval bypass skips every check. Reserve it for fully trusted local sandboxes.
--approval plan blocks writes and shell commands while you inspect a codebase.
Use bash:git * instead of one-off rules so related commands stay covered.

Single-Source Config

Declare permissions in .praisonai/config.yaml

Command-Aware Permissions

Compound command decomposition and evasion blocking

Declarative Permissions

All permission surfaces β€” YAML, CLI, Python

Interactive Tool Approval

User-facing approval experience

Permission Modes

Mode reference for agents and CLI

Workspace Boundary

Gate shell and file access outside your project root