e8a5403f91
Major update based on Anthropic's March 24, 2026 releases: - feature-map.md: expanded from 20 to 22 capabilities, gaps reduced from 2 to 1 (only Canvas/A2UI remains) - examples/11-computer-use: desktop control via screenshots and clicks - examples/12-remote-control: /rc and Dispatch for phone control - examples/13-auto-mode: AI safety classifier for autonomous execution - cowork-integration/: how Code + Cowork + Dispatch together replicate OpenClaw's full feature set - security/auto-mode-explained.md: deep-dive on the new permission mode - Updated README with broader ecosystem table and revised scores Score: 12 full match (55%), 9 different approach (41%), 1 gap (4%) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
78 lines
2.6 KiB
Markdown
78 lines
2.6 KiB
Markdown
# Auto Mode
|
|
|
|
Auto Mode (v2.1.86, March 24, 2026) is a new permission mode where
|
|
an AI safety classifier reviews every tool call before execution.
|
|
No manual approvals. Claude runs autonomously, with a safety net.
|
|
|
|
## How to enable
|
|
|
|
```bash
|
|
# From CLI launch:
|
|
claude --enable-auto-mode
|
|
|
|
# In active session:
|
|
# Press Shift+Tab to cycle through permission modes
|
|
```
|
|
|
|
## How the classifier works
|
|
|
|
Before each tool call, a classifier (running on Sonnet 4.6)
|
|
evaluates whether the action is safe:
|
|
|
|
1. **Fast filter:** Quick binary decision on the action category
|
|
2. **Chain-of-thought:** Detailed reasoning for borderline cases
|
|
|
|
Safe actions proceed automatically. Risky actions (mass deletion,
|
|
data exfiltration, malicious code) are blocked, and Claude is
|
|
redirected to an alternative approach.
|
|
|
|
## Performance numbers (Anthropic's internal testing)
|
|
|
|
| Metric | Value |
|
|
|--------|-------|
|
|
| False positive rate | 0.4% (safe actions incorrectly blocked) |
|
|
| False negative rate | 5.7% (risky actions not caught) |
|
|
|
|
The classifier runs on Sonnet 4.6 regardless of your session model.
|
|
This means even Opus sessions get fast, consistent safety screening.
|
|
|
|
## When to use Auto Mode
|
|
|
|
**Good for:**
|
|
- Code refactoring across many files
|
|
- Test-fix-test loops
|
|
- Research and summarization tasks
|
|
- Any workflow where constant approvals break your flow
|
|
|
|
**Not recommended for:**
|
|
- First time using Claude Code (learn default mode first)
|
|
- Sensitive environments with production data
|
|
- Multi-agent workflows where you want explicit control
|
|
|
|
## Comparison to OpenClaw security
|
|
|
|
| Aspect | OpenClaw | Auto Mode |
|
|
|--------|----------|-----------|
|
|
| Default behavior | Autonomous | Autonomous |
|
|
| Safety mechanism | Docker sandbox (containment) | AI classifier (prevention) |
|
|
| Unknown threats | Contained by sandbox | May slip through (5.7% FN) |
|
|
| Known threats | Depend on config | Caught by classifier |
|
|
| User intervention | /approve for flagged actions | Automatic redirect |
|
|
| Infrastructure | Requires Docker | No infrastructure |
|
|
|
|
## All four permission modes
|
|
|
|
| Mode | Behavior | Safety | OpenClaw equivalent |
|
|
|------|----------|--------|-------------------|
|
|
| Default | Ask for every action | Maximum control | DM pairing + exec approvals |
|
|
| Auto-edit | Pre-approved patterns | Selective | Tool allowlists |
|
|
| Auto Mode | AI classifier reviews | AI-enforced | Autonomous + sandbox |
|
|
| Bypass | No checks | Minimal | Elevated mode |
|
|
|
|
Auto Mode sits between auto-edit and bypass. It gives you the
|
|
autonomy of bypass with most of the safety of auto-edit.
|
|
|
|
## Availability
|
|
|
|
Research preview on Team plan (March 2026). Enterprise and API
|
|
coming soon.
|