open/claude-code-complete-agent
1
0
Fork 0
Code Activity Actions
claude-code-complete-agent/security/auto-mode-explained.md
Kjell Tore Guttormsen e8a5403f91 feat: add Computer Use, Remote Control, Auto Mode, and Cowork integration 
Major update based on Anthropic's March 24, 2026 releases:

- feature-map.md: expanded from 20 to 22 capabilities, gaps reduced
  from 2 to 1 (only Canvas/A2UI remains)
- examples/11-computer-use: desktop control via screenshots and clicks
- examples/12-remote-control: /rc and Dispatch for phone control
- examples/13-auto-mode: AI safety classifier for autonomous execution
- cowork-integration/: how Code + Cowork + Dispatch together replicate
  OpenClaw's full feature set
- security/auto-mode-explained.md: deep-dive on the new permission mode
- Updated README with broader ecosystem table and revised scores

Score: 12 full match (55%), 9 different approach (41%), 1 gap (4%)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 10:04:05 +01:00

2.6 KiB
Raw Blame History

Auto Mode

Auto Mode (v2.1.86, March 24, 2026) is a new permission mode where an AI safety classifier reviews every tool call before execution. No manual approvals. Claude runs autonomously, with a safety net.

How to enable

# From CLI launch:
claude --enable-auto-mode

# In active session:
# Press Shift+Tab to cycle through permission modes

How the classifier works

Before each tool call, a classifier (running on Sonnet 4.6) evaluates whether the action is safe:

  1. Fast filter: Quick binary decision on the action category
  2. Chain-of-thought: Detailed reasoning for borderline cases

Safe actions proceed automatically. Risky actions (mass deletion, data exfiltration, malicious code) are blocked, and Claude is redirected to an alternative approach.

Performance numbers (Anthropic's internal testing)

Metric Value
False positive rate 0.4% (safe actions incorrectly blocked)
False negative rate 5.7% (risky actions not caught)

The classifier runs on Sonnet 4.6 regardless of your session model. This means even Opus sessions get fast, consistent safety screening.

When to use Auto Mode

Good for:

  • Code refactoring across many files
  • Test-fix-test loops
  • Research and summarization tasks
  • Any workflow where constant approvals break your flow

Not recommended for:

  • First time using Claude Code (learn default mode first)
  • Sensitive environments with production data
  • Multi-agent workflows where you want explicit control

Comparison to OpenClaw security

Aspect OpenClaw Auto Mode
Default behavior Autonomous Autonomous
Safety mechanism Docker sandbox (containment) AI classifier (prevention)
Unknown threats Contained by sandbox May slip through (5.7% FN)
Known threats Depend on config Caught by classifier
User intervention /approve for flagged actions Automatic redirect
Infrastructure Requires Docker No infrastructure

All four permission modes

Mode Behavior Safety OpenClaw equivalent
Default Ask for every action Maximum control DM pairing + exec approvals
Auto-edit Pre-approved patterns Selective Tool allowlists
Auto Mode AI classifier reviews AI-enforced Autonomous + sandbox
Bypass No checks Minimal Elevated mode

Auto Mode sits between auto-edit and bypass. It gives you the autonomy of bypass with most of the safety of auto-edit.

Availability

Research preview on Team plan (March 2026). Enterprise and API coming soon.