Tool Permissions
Every tool has one of three permission levels:
| Permission | Behavior |
|---|---|
allow | Runs automatically, no prompt |
ask | Prompts for approval before running (TUI only) |
exclude | Hidden from the agent entirely |
Defaults
Read-only tools (
Read, List, Search, Fetch, Diff) default to allow. Write tools (Edit, MultiEdit, Write) and Bash default to ask. In headless mode, ask tools are excluded since there's no one to approve them.Overriding with flags
Use
--allow, --ask, and --exclude to override defaults at launch:# Allow file writes without prompting
cn --allow Write --allow Edit
# Exclude terminal commands
cn --exclude Bash
# Allow everything (headless automation)
cn -p "Set up the project" --allow "*"
Flags take precedence over all other permission sources.
Tool matching patterns
Flags accept tool matching patterns:
Write— matches any call to theWritetoolWrite(*)— same as aboveWrite(**/*.ts)— matchesWritecalls where the primary argument matches the glob**/*.ts
# Allow writing only to TypeScript files
cn --allow "Write(**/*.ts)"
# Allow bash but not for install commands
cn --allow Bash --exclude "Bash(npm install*)"
permissions.yaml
Persistent permissions are stored in
~/.continue/permissions.yaml. This file is updated when you choose "Continue + don't ask again" in the TUI approval prompt.# ~/.continue/permissions.yaml
allow:
- Read(*)
- Write(**/*.ts)
ask:
- Bash
exclude: []
You can edit this file directly, but it's primarily managed by the TUI. Changes take effect on the next session.
Precedence
When multiple sources define a permission for the same tool, the highest-priority source wins:
- Mode policies —
--autoand--readonlyoverride everything (see below) - CLI flags —
--allow,--ask,--exclude permissions.yaml— persistent personal settings- Defaults — built-in policies
Modes
Modes are a shorthand for common permission sets. Switch modes with
Shift+Tab during a TUI session, or set them at launch:cn --auto # Allow all tools without prompting
cn --readonly # Plan mode — read-only tools only, no file writes
| Mode | Effect |
|---|---|
| normal (default) | Uses configured permissions |
plan (--readonly) | Excludes all write tools, allows reads and Bash |
auto (--auto) | Allows everything — *: allow |
Plan and auto modes are absolute overrides. They ignore
--allow, --exclude, and permissions.yaml entirely.