Skip to main content
Permission modes set how subagents handle tool approval — read-only exploration, auto-accept edits, or full bypass.
This page covers the runtime PermissionMode enum (DEFAULT, PLAN, ACCEPT_EDITS, DONT_ASK, BYPASS). For the declarative mode: field in agent definition files (build / read-only / plan / review), see Agent Presets & Modes.
The user delegates exploration; permission mode controls whether subagents can edit or must stay read-only.

How It Works

Quick Start

1

Simple Usage

2

With Configuration

Override the mode per subagent call:
From the CLI:

Available Modes

default and plan modes use the pattern engine end-to-end: pattern-based deny rules both hide tools at schema-build time and enforce at call time. MCP tools are covered by the same gate. See Approval › How tools are pruned from the LLM.
BYPASS skips all permission checks. For Claude Code backend, set both ClaudeCodeBackend(unsafe=True) and PRAISONAI_CLAUDE_BYPASS_PERMISSIONS=1.

Configuration Options

CLI mapping:

Best Practices

Set default_permission_mode="plan" when subagents only read and analyse code — prevents accidental file changes.
Exploration → plan. Refactoring → accept_edits. Interactive work → default.
Reserve bypass_permissions for fully trusted local development environments only.
Record which permission mode is active for audit trails when running non-default modes.

Permissions Module

Pattern-based allow, deny, and ask rules

Interactive Approval

Terminal approval experience for tool calls