> ## Documentation Index
> Fetch the complete documentation index at: https://continue-docs-dependabot-npm-and-yarn-docs-typeorm-0-3-30.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Tool Permissions

Every tool has one of three permission levels:

| Permission | Behavior                                       |
| ---------- | ---------------------------------------------- |
| `allow`    | Runs automatically, no prompt                  |
| `ask`      | Prompts for approval before running (TUI only) |
| `exclude`  | Hidden from the agent entirely                 |

## Defaults

Read-only tools (`Read`, `List`, `Search`, `Fetch`, `Diff`, `AskQuestion`, `Checklist`, `Status`, `CheckBackgroundJob`, `ReportFailure`, `UploadArtifact`) default to `allow`. `AskQuestion` is a built-in read-only tool that lets the agent pause and ask for clarification before continuing. Write tools (`Edit`, `MultiEdit`, `Write`) and `Bash` default to `ask`. In [headless mode](/cli/headless-mode), `ask` tools are excluded since there's no one to approve them.

## Overriding with flags

Use `--allow`, `--ask`, and `--exclude` to override defaults at launch:

```bash theme={null}
# Allow file writes without prompting
cn --allow Write --allow Edit

# Exclude terminal commands
cn --exclude Bash

# Allow everything (headless automation)
cn -p "Set up the project" --allow "*"
```

Flags take precedence over all other permission sources.

## Tool matching patterns

Flags accept tool matching patterns:

* `Write` — matches any call to the `Write` tool
* `Write(*)` — same as above
* `Write(**/*.ts)` — matches `Write` calls where the primary argument matches the glob `**/*.ts`

```bash theme={null}
# Allow writing only to TypeScript files
cn --allow "Write(**/*.ts)"

# Allow bash but not for install commands
cn --allow Bash --exclude "Bash(npm install*)"
```

## `permissions.yaml`

Persistent permissions are stored in `~/.continue/permissions.yaml`. This file is updated when you choose "Continue + don't ask again" in the TUI approval prompt.

```yaml theme={null}
# ~/.continue/permissions.yaml
allow:
  - Read(*)
  - Write(**/*.ts)

ask:
  - Bash

exclude: []
```

You can edit this file directly, but it's primarily managed by the TUI. Changes take effect on the next session.

## Precedence

When multiple sources define a permission for the same tool, the highest-priority source wins:

1. **Mode policies** — `--auto` and `--readonly` override everything (see below)
2. **CLI flags** — `--allow`, `--ask`, `--exclude`
3. **`permissions.yaml`** — persistent personal settings
4. **Defaults** — built-in policies

## Modes

Modes are a shorthand for common permission sets. Switch modes with `Shift+Tab` during a TUI session, or set them at launch:

```bash theme={null}
cn --auto       # Allow all tools without prompting
cn --readonly   # Plan mode — read-only tools only, no file writes
```

| Mode                    | Effect                                            |
| ----------------------- | ------------------------------------------------- |
| **normal** (default)    | Uses configured permissions                       |
| **plan** (`--readonly`) | Excludes all write tools, allows reads and `Bash` |
| **auto** (`--auto`)     | Allows everything — `*: allow`                    |

Plan and auto modes are absolute overrides. They ignore `--allow`, `--exclude`, and `permissions.yaml` entirely.
