Skip to main content

Permission Mode Tied to Blast Radius

In one line: Auto-approve only low-blast-radius actions; destructive or outward-facing actions require explicit confirmation.

Do this: Calibrate permission mode to what an action can break. Read-only and local, low-stakes operations may auto-approve; anything that deletes, force-pushes, deploys, spends money, or reaches outside the workspace (network calls, sending mail, opening PRs) requires confirmation — even when the agent is mid-flow and even when ingested content (15.1) prompted it.

Mechanism: .claude/settings.json permission modes (plan / ask / allowlist) + the confirm-before-destructive rule (Section 14, "Permission mode is a security control, not a preference"): promptless agent action against production-reaching surfaces is a stated team decision with a default of plan/ask mode, not an individual preference.