Skip to main content

Overview

Permissions control which actions require approval. Configure them globally, per-tool, or per-agent.

Permission Values

ValueBehavior
"allow"Run without approval
"ask"Prompt for approval
"deny"Disable the tool

Default Permissions

Most operations are allowed by default. Exceptions:
  • doom_loop: ask
  • external_directory: ask

Global Permissions

{
  "permission": {
    "edit": "allow",
    "bash": "ask",
    "skill": "ask",
    "webfetch": "deny",
    "doom_loop": "ask",
    "external_directory": "ask"
  }
}

Bash Command Permissions

Use glob patterns to control specific commands: 
{
  "permission": {
    "bash": {
      "git push": "ask",
      "git status": "allow",
      "terraform *": "deny",
      "*": "ask"
    }
  }
}

Skill Permissions

{
  "permission": {
    "skill": {
      "*": "deny",
      "git-*": "allow",
      "frontend/*": "ask"
    }
  }
}

Per-Agent Permissions

Override global permissions for specific agents: 
{
  "permission": {
    "bash": { "git push": "ask" }
  },
  "agent": {
    "build": {
      "permission": {
        "bash": { "git push": "allow" }
      }
    }
  }
}

Markdown Agent Permissions

---
description: Code review without edits
mode: subagent
permission:
  edit: deny
  bash:
    "git diff": allow
    "git log*": allow
    "*": ask
  webfetch: deny
---

Best Practices

  1. Start restrictive, allow as needed — Deny by default for sensitive operations.
  2. Use wildcards for grouped permissionsmy-mcp* controls all tools from an MCP server.
  3. Override per-agent when appropriate — Give build agent more access than plan.
  4. Use ask for destructive operationsgit push, rm, deployment commands.

See Also