This page covers the runtime
PermissionMode enum (DEFAULT, PLAN, ACCEPT_EDITS, DONT_ASK, BYPASS). For the declarative mode: field in agent definition files (build / read-only / plan / review), see Agent Presets & Modes.How It Works
Quick Start
1
Simple Usage
2
With Configuration
Override the mode per subagent call:From the CLI:
Available Modes
default and plan modes use the pattern engine end-to-end: pattern-based deny rules both hide tools at schema-build time and enforce at call time. MCP tools are covered by the same gate. See Approval › How tools are pruned from the LLM.Configuration Options
CLI mapping:
Best Practices
Use plan for exploration subagents
Use plan for exploration subagents
Set
default_permission_mode="plan" when subagents only read and analyse code — prevents accidental file changes.Match mode to task scope
Match mode to task scope
Exploration →
plan. Refactoring → accept_edits. Interactive work → default.Never use bypass in production
Never use bypass in production
Reserve
bypass_permissions for fully trusted local development environments only.Log the active mode
Log the active mode
Record which permission mode is active for audit trails when running non-default modes.
Related
Permissions Module
Pattern-based allow, deny, and ask rules
Interactive Approval
Terminal approval experience for tool calls

