Auto-Approve

Control which agent actions execute automatically without asking for confirmation. Four categories with independent toggles and configurable command rules for hands-free building.

Categories

Auto-approve is organized into four categories. Each can be toggled independently:

CategoryWhat it coversDefault
Read FilesReading, listing, and searching files in your projectEnabled
Write FilesCreating, editing, and writing files to diskDisabled
Run CommandsExecuting terminal commands (npm, git, dotnet, etc.)Disabled
Game EngineExecuting bridge commands in Unity or GodotDisabled

A master toggle controls whether auto-approve is enabled globally. When disabled, every action requires your confirmation.

Accessing auto-approve

There are two ways to configure auto-approve:

  • Header dropdown: The chat header shows “Auto: X/4” (X enabled categories out of 4). Click it to quickly toggle categories on or off.
  • Settings: Go to Settings → Auto-Approve for full control including command rules.

You can also enable a category by clicking Always Allow on any confirmation prompt during a chat session.

Command rules

When Run Commands is enabled, you can fine-tune which commands auto-execute using allowed and denied prefix lists:

Allowed commands (default)

These command prefixes auto-execute when Run Commands is enabled:

  • npm, yarn, node, python
  • git status, git diff, git log
  • dotnet build, dotnet restore, dotnet test
  • godot, ls, mkdir, find, grep

Denied commands (default)

These are always blocked even if they match an allowed prefix:

  • rm -rf, sudo, runas, chmod
  • git push --force, git reset --hard
  • npm publish, kill, shutdown
  • curl | sh and other piped execution patterns

How matching works

The system uses a longest-prefix-match algorithm. If a command matches both an allowed and a denied prefix, the longer (more specific) prefix wins. If they are the same length, the denied prefix takes priority.

Additionally, certain dangerous patterns are always blocked regardless of your rules: shell substitution ($()), command piping to execution (| sh), and privilege escalation (sudo).

Customizing rules

In Settings → Auto-Approve, you can edit the allowed and denied command lists. Add one command prefix per line. Click Save Rules to apply, or Restore Defaults to reset to the built-in rules.

How it works with chat modes

Auto-approve only applies in Code mode where the AI takes actions. In Ask mode and Plan mode, no files are written and no commands are executed, so auto-approve has no effect.