CC-201a · Module 2

The Four Permission Modes

4 min read

Claude Code offers four permission modes, and understanding when to use each one is the difference between a productive session and a dangerous one. Ask mode is the default — Claude requests approval before every action that modifies your system. This is safe but slow. For exploratory work, debugging in unfamiliar codebases, or working in production environments, Ask mode is the right choice. The friction is a feature, not a bug.

Auto-accept mode removes the approval step entirely. Claude executes every action — file writes, command execution, git operations — without asking. This is fast but removes your safety net. The only appropriate environments for full auto-accept are disposable containers, CI pipelines, and development environments where nothing is at risk. If you run auto-accept on a machine that matters, you will eventually regret it. The question is not if but when.

Auto-deny mode blocks specific categories of actions entirely. Claude cannot even request permission for denied actions — they are invisible to it. This is useful for hard boundaries in production: no file deletion, no git push, no network requests. Mixed mode combines all three: auto-accept safe operations, auto-deny dangerous ones, and ask for everything in between. This is the mode most experienced users converge on. It gives you speed where safe and gates where necessary.

  1. Ask Mode (Default) Every modifying action requires your approval. Best for: production environments, unfamiliar codebases, sensitive data. The friction is intentional and protective.
  2. Auto-Accept Mode No approval required for any action. Best for: throwaway environments, CI pipelines, sandboxed containers. Never use this on a machine you cannot afford to rebuild.
  3. Auto-Deny Mode Specific action categories are blocked entirely. Best for: hard boundaries (no deletion, no push, no network). Claude cannot even request permission for denied actions.
  4. Mixed Mode Combine accept, deny, and ask rules per action category. Best for: daily development. Auto-accept type checking and linting, auto-deny destructive ops, ask for everything else.