Security & Permissions Simple

Permission Modes Comparison

Choose the right permission mode for your use case: default, acceptEdits, plan, dontAsk, or bypassPermissions

Command

"color:#9CA3AF;font-style:italic"># Interactive development (default)
$ "color:#7C5CFC">claude
  
"color:#9CA3AF;font-style:italic"># Trusted editing sessions
$ "color:#7C5CFC">claude "color:#d97757">--permission-mode acceptEdits
  
"color:#9CA3AF;font-style:italic"># Safe code review (read-only)
$ "color:#7C5CFC">claude -p "Review code" "color:#d97757">--permission-mode plan "color:#d97757">--output-format json
  
"color:#9CA3AF;font-style:italic"># CI/CD pipelines (no prompts)
$ "color:#7C5CFC">claude -p "Task" "color:#d97757">--permission-mode bypassPermissions "color:#d97757">--output-format json

Response

| Mode              | File edits | Shell commands | Use case           |
|-------------------|-----------|---------------|--------------------|
| default           | Ask       | Ask           | Interactive dev    |
| acceptEdits       | Auto      | Ask           | Trusted editing    |
| plan              | Blocked   | Blocked       | Code review        |
| dontAsk           | Deny*     | Deny*         | Lockdown           |
| bypassPermissions | Auto      | Auto          | CI/CD only         |

Parsing Code

059669">">// Set permission mode programmatically
059669">">const data = JSON.parse(execFileSync(059669059669">">'claude', [
  059669059669">">'-p', prompt,
  059669059669">">'--permission-mode', 059669059669">">'plan', 059669">">// or 059669059669">">'bypassPermissions'
  059669059669">">'--output-format', 059669">'json'
], opts));

Gotchas

! bypassPermissions should ONLY be used in isolated environments (CI, containers, VMs)

! dontAsk silently denies tools with no matching allow rule — designed for headless operation

Command

Response

Parsing Code

Gotchas

Related Recipes