open/claude-code-complete-agent
1
0
Fork 0
Code Activity Actions
claude-code-complete-agent/security/permission-modes-explained.md
Kjell Tore Guttormsen e8a5403f91 feat: add Computer Use, Remote Control, Auto Mode, and Cowork integration 
Major update based on Anthropic's March 24, 2026 releases:

- feature-map.md: expanded from 20 to 22 capabilities, gaps reduced
  from 2 to 1 (only Canvas/A2UI remains)
- examples/11-computer-use: desktop control via screenshots and clicks
- examples/12-remote-control: /rc and Dispatch for phone control
- examples/13-auto-mode: AI safety classifier for autonomous execution
- cowork-integration/: how Code + Cowork + Dispatch together replicate
  OpenClaw's full feature set
- security/auto-mode-explained.md: deep-dive on the new permission mode
- Updated README with broader ecosystem table and revised scores

Score: 12 full match (55%), 9 different approach (41%), 1 gap (4%)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 10:04:05 +01:00

99 lines
2.6 KiB
Markdown
Raw Blame History

# Permission Modes
Claude Code has four permission modes that control how much
autonomy the agent has. This is the first line of defense.
## The three modes
### 1. Default mode (recommended for learning)
Claude Code asks permission before every potentially dangerous
action: writing files, running shell commands, making web requests.
You approve or deny each one.
```
Claude wants to run: npm install express
Allow? [y/n/always]
```
**OpenClaw equivalent:** DM pairing with exec approvals enabled.
### 2. Auto-edit mode (`--allowedTools`)
You pre-approve specific tools and patterns. Claude Code runs
those without asking but still prompts for everything else.
Configured in `.claude/settings.json`:
```json
{
"permissions": {
"allow": [
"Read",
"Write",
"Bash(npm test)",
"Bash(ls:*)"
]
}
}
```
**OpenClaw equivalent:** Tool allowlists per agent/session.
### 3. Auto Mode (`--enable-auto-mode`)
An AI safety classifier (Sonnet 4.6) reviews every tool call
before execution. Safe actions proceed automatically. Risky
actions are blocked and Claude is redirected.
```bash
claude --enable-auto-mode
# Or press Shift+Tab in a session to cycle to Auto Mode
```
Performance: 0.4% false positive rate, 5.7% false negative rate.
**Best for:**
- Autonomous coding workflows
- Test-fix-test loops
- Any task where constant approvals break flow
**OpenClaw equivalent:** Default autonomous mode with Docker sandbox.
Different philosophy: Auto Mode prevents dangerous actions before
execution. OpenClaw's sandbox contains damage after execution.
See `auto-mode-explained.md` for the full deep-dive.
### 4. Bypass mode (`--dangerously-skip-permissions`)
No permission checks at all. Claude Code executes everything.
**Never use this for:**
- Untrusted code or repos
- Automated pipelines without hooks
- Any environment with sensitive data
**Only appropriate for:**
- Isolated sandbox environments
- Testing with expendable data
- CI/CD with compensating controls (hooks)
**OpenClaw equivalent:** Elevated mode with Docker sandbox.
## How permission modes interact with hooks
Hooks run regardless of permission mode. Even in bypass mode,
a PreToolUse hook can block dangerous commands. This is your
safety net.
```
Permission mode: decides IF Claude Code can use a tool
Hooks: decide HOW the tool can be used
Settings deny list: decides WHICH tools exist at all
```
## Recommendation
Start with default mode. Move to auto-edit once you understand
which operations you trust. Graduate to Auto Mode when you want
autonomous execution with AI safety. Never use bypass mode
outside of sandboxes.
View git blame Copy permalink