Skip to content
Shellarium

Permissions

Shellarium gives you fine-grained control over what AI agents are allowed to do. Every tool call — file writes, command execution, web requests — can be approved or denied.

Permission Modes

Section titled “Permission Modes”

Each workspace can operate in one of three modes:

Normal Mode

Section titled “Normal Mode”

Every tool call requires your explicit approval. You’ll see a permission prompt in the output with:

  • The tool name (e.g., “Write file”, “Run command”)
  • The tool arguments (file path, command, etc.)
  • Allow once, Allow for session, and Deny buttons

This is the safest mode and is recommended when you want full visibility.

Auto Mode

Section titled “Auto Mode”

Auto mode behavior depends on provider:

  • Claude provider: tool calls are auto-approved, except interactive planning prompts (AskUserQuestion, ExitPlanMode), which still require approval.
  • ACP providers: mode flags do not auto-approve tool calls; only tools explicitly allowed for the current session are auto-approved.

Brave Mode

Section titled “Brave Mode”

For the Claude provider, all tool calls are automatically approved. The agent works autonomously without interruption.

Use brave mode when you trust the agent and want maximum speed. The agent can still be cancelled at any time.

AcceptEdits Mode

Section titled “AcceptEdits Mode”

Auto-approves file read and write operations, but requires explicit approval for shell commands and other tools. A good middle ground between Normal and Brave for agents that primarily modify code.

DontAsk Mode

Section titled “DontAsk Mode”

All tool calls are auto-approved without any UI prompts. Designed for CI/automation scenarios where no human is watching. Use this mode only with trusted automation tasks.

Permission Prompts

Section titled “Permission Prompts”

When a tool call requires approval, you’ll see an inline prompt showing exactly what the agent wants to do. You can:

  • Allow once — approve this specific action
  • Deny — reject this action (the agent will try an alternative)
  • Allow for session — approve this tool for the rest of the current session

Path-Based Permission Rules

Section titled “Path-Based Permission Rules”

You can define persistent project-level rules that automatically allow or deny tool calls for specific file paths. Rules are evaluated before the permission prompt appears — matching rules are applied instantly without user interaction.

Configure path rules in the workspace settings to avoid repetitive approvals for trusted directories.

Permissions Tab

Section titled “Permissions Tab”

Each workspace has a dedicated Permissions tab that shows all permission requests for the current session. Resolved permissions display a badge indicating the response. This gives you a complete audit trail of what the agent was allowed or denied during its run.

Dangerous Command Detection

Section titled “Dangerous Command Detection”

When an agent attempts to run a potentially destructive shell command (e.g., rm -rf, git reset --hard, DROP TABLE), Shellarium highlights the command with a warning before you approve it. This helps catch dangerous operations even in auto-approval modes.