open/claude-code-complete-agent
1
0
Fork 0
Code Activity Actions
claude-code-complete-agent/security/permission-modes-explained.md
Kjell Tore Guttormsen 2491f5c732 feat: initial companion repo for OpenClaw vs Claude Code article 
40 files demonstrating every major OpenClaw capability using Claude Code:
- 3 agents (researcher, writer, reviewer)
- 3 skills (daily-briefing, slack-message, web-research)
- 2 security hooks (pre-tool-use blocker, post-tool-use logger)
- 10 self-contained examples with copy-paste prompts
- Complete feature map (20 capabilities, 11 full match, 7 different, 2 gap)
- Security docs including NemoClaw comparison
- Automation, messaging, browser, memory documentation

Zero dependencies. Clone and run.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 09:47:29 +01:00

74 lines
1.8 KiB
Markdown
Raw Blame History

# Permission Modes
Claude Code has three permission modes that control how much
autonomy the agent has. This is the first line of defense.
## The three modes
### 1. Default mode (recommended for learning)
Claude Code asks permission before every potentially dangerous
action: writing files, running shell commands, making web requests.
You approve or deny each one.
```
Claude wants to run: npm install express
Allow? [y/n/always]
```
**OpenClaw equivalent:** DM pairing with exec approvals enabled.
### 2. Auto-edit mode (`--allowedTools`)
You pre-approve specific tools and patterns. Claude Code runs
those without asking but still prompts for everything else.
Configured in `.claude/settings.json`:
```json
{
"permissions": {
"allow": [
"Read",
"Write",
"Bash(npm test)",
"Bash(ls:*)"
]
}
}
```
**OpenClaw equivalent:** Tool allowlists per agent/session.
### 3. Bypass mode (`--dangerously-skip-permissions`)
No permission checks at all. Claude Code executes everything.
**Never use this for:**
- Untrusted code or repos
- Automated pipelines without hooks
- Any environment with sensitive data
**Only appropriate for:**
- Isolated sandbox environments
- Testing with expendable data
- CI/CD with compensating controls (hooks)
**OpenClaw equivalent:** Elevated mode with Docker sandbox.
## How permission modes interact with hooks
Hooks run regardless of permission mode. Even in bypass mode,
a PreToolUse hook can block dangerous commands. This is your
safety net.
```
Permission mode: decides IF Claude Code can use a tool
Hooks: decide HOW the tool can be used
Settings deny list: decides WHICH tools exist at all
```
## Recommendation
Start with default mode. Move to auto-edit mode once you
understand which operations you trust. Never use bypass mode
outside of sandboxes.
View git blame Copy permalink