open/claude-code-complete-agent
1
0
Fork 0
Code Activity Actions
claude-code-complete-agent/security/permission-modes-explained.md
Kjell Tore Guttormsen e8a5403f91 feat: add Computer Use, Remote Control, Auto Mode, and Cowork integration 
Major update based on Anthropic's March 24, 2026 releases:

- feature-map.md: expanded from 20 to 22 capabilities, gaps reduced
  from 2 to 1 (only Canvas/A2UI remains)
- examples/11-computer-use: desktop control via screenshots and clicks
- examples/12-remote-control: /rc and Dispatch for phone control
- examples/13-auto-mode: AI safety classifier for autonomous execution
- cowork-integration/: how Code + Cowork + Dispatch together replicate
  OpenClaw's full feature set
- security/auto-mode-explained.md: deep-dive on the new permission mode
- Updated README with broader ecosystem table and revised scores

Score: 12 full match (55%), 9 different approach (41%), 1 gap (4%)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-26 10:04:05 +01:00

2.6 KiB
Raw Blame History

Permission Modes

Claude Code has four permission modes that control how much autonomy the agent has. This is the first line of defense.

The three modes

1. Default mode (recommended for learning)

Claude Code asks permission before every potentially dangerous action: writing files, running shell commands, making web requests. You approve or deny each one.

Claude wants to run: npm install express
Allow? [y/n/always]

OpenClaw equivalent: DM pairing with exec approvals enabled.

2. Auto-edit mode (--allowedTools)

You pre-approve specific tools and patterns. Claude Code runs those without asking but still prompts for everything else.

Configured in .claude/settings.json:

{
  "permissions": {
    "allow": [
      "Read",
      "Write",
      "Bash(npm test)",
      "Bash(ls:*)"
    ]
  }
}

OpenClaw equivalent: Tool allowlists per agent/session.

3. Auto Mode (--enable-auto-mode)

An AI safety classifier (Sonnet 4.6) reviews every tool call before execution. Safe actions proceed automatically. Risky actions are blocked and Claude is redirected.

claude --enable-auto-mode
# Or press Shift+Tab in a session to cycle to Auto Mode

Performance: 0.4% false positive rate, 5.7% false negative rate.

Best for:

  • Autonomous coding workflows
  • Test-fix-test loops
  • Any task where constant approvals break flow

OpenClaw equivalent: Default autonomous mode with Docker sandbox. Different philosophy: Auto Mode prevents dangerous actions before execution. OpenClaw's sandbox contains damage after execution.

See auto-mode-explained.md for the full deep-dive.

4. Bypass mode (--dangerously-skip-permissions)

No permission checks at all. Claude Code executes everything.

Never use this for:

  • Untrusted code or repos
  • Automated pipelines without hooks
  • Any environment with sensitive data

Only appropriate for:

  • Isolated sandbox environments
  • Testing with expendable data
  • CI/CD with compensating controls (hooks)

OpenClaw equivalent: Elevated mode with Docker sandbox.

How permission modes interact with hooks

Hooks run regardless of permission mode. Even in bypass mode, a PreToolUse hook can block dangerous commands. This is your safety net.

Permission mode: decides IF Claude Code can use a tool
Hooks: decide HOW the tool can be used
Settings deny list: decides WHICH tools exist at all

Recommendation

Start with default mode. Move to auto-edit once you understand which operations you trust. Graduate to Auto Mode when you want autonomous execution with AI safety. Never use bypass mode outside of sandboxes.