Permission Model
Clew Code provides 7 permission modes with granular allow/deny rules for safe AI-assisted development.
Permission Modes
| Mode | Description |
|---|---|
default | Ask for every tool execution. Maximum safety. |
ask | Prompt for confirmation on each action. |
plan | Full-access planning with bypass permissions. Read, write, edit freely during planning. |
auto | Auto-approve safe tools (read, grep, glob). Ask for destructive operations. |
acceptEdits | Auto-approve file edits within allowed patterns. |
bypassPermissions | Full access — all tools approved automatically. |
dontAsk | Execute everything without prompting. Use with caution. |
Switching Modes
Use the /permissions command in the REPL:
❯ /permissions plan # enter full-access plan mode
❯ /permissions auto # auto-approve safe operations
❯ /permissions default # back to asking for each action
Allow/Deny Rules
Configure granular rules in .clew/settings.json:
{
"allow": [
"bash: npm run dev",
"bash: git status",
"write: src/**"
],
"deny": [
"bash: rm -rf",
"bash: git push --force"
]
}
Rules support glob pattern matching against tool names and arguments.
Safety Gates
The safetyGate system validates:
- Command paths — prevents execution of dangerous commands
- File paths — blocks writes outside project boundaries
- Destructive operations — requires explicit approval
- Bash output cap — 100 MB limit to prevent runaway processes
Plan Mode
Plan mode is a special full-access mode for architectural work:
- Read, write, and edit files without permission prompts
- Plan files persist to
.clew/plans/with progress snapshots - Exit with
ExitPlanModeto present the plan for approval