A permission mode released in research preview March 2026 as a safer alternative to –dangerously-skip-permissions (aka bypass permissions). Instead of asking for each tool call or blindly allowing everything, a classifier reviews every tool call for risky actions (deletes, sensitive data writes, prompt injection) and blocks them while allowing safe actions through. Sessions run slightly more expensive because of the per-call classification, but enable long-running tasks without babysitting.
Key points
- Launched March 2026 in research preview, team plans only at launch
- Middle ground between default ask-before-edits and dangerously-skip-permissions
- Per-tool-call classifier screens for destructive actions and prompt injection
- Slightly higher token cost due to classification overhead
- Enabled with claude –enable-auto-mode or via shift-tab in VS Code
- Risky actions are blocked and Claude must try a different approach
- Team admins must enable auto-mode organisation-wide
Related entities
Related concepts
Source references
- [src-004] Nate Herk cluster — Nate Herk — Claude Code cluster (21 videos)
– Videos referenced: pkSxISewcw8
Recommended next
Keep reading from this thread
From 494 indexed pages and articles.
- Wiki concept Claude Code Scheduled Tasks Desktop-app-only feature that lets Claude Code run agents on a cron schedule with persistent storage and catchup. Related by claude
- Wiki concept Claude Code Computer Use Research-preview feature that lets Claude Code natively control the local computer's mouse, keyboard, and screen via screenshots. Related by claude
- Insight AI Beyond POCs How enterprise AI moves beyond proofs of concept through ownership, governance, measurement, adoption, and production operating models Readers have engaged with this next