### Why Permissions Matter
AI agents can execute code, modify files, and run shell commands. Without guardrails, a prompt injection or mistake could delete files, leak secrets, or run malicious code. Permissions ensure you stay in control.
### Claude Code's Built-in Permissions
Claude Code uses settings files to define what the agent can do:
* **`.claude/settings.json`** - Project settings (shared with team)
* **`.claude/settings.local.json`** - Personal project settings (gitignored)
* **`~/.claude/settings.json`** - Global user settings
Each file can specify:
* `allow` - Patterns that auto-approve
* `deny` - Patterns that always block
* `additionalDirectories` - Folders outside the project the agent can access
Nimbalyst supports this.
### What Nimbalyst Adds
In addition, Nimbalyst adds a **workspace trust layer** on top of the coding agent's permissions:
1. **Trust Gate** - Projects must be explicitly trusted before the agent can do anything
2. **Permission Modes** - Choose how much autonomy to grant the agent
3. **Inline Confirmations** - Approve or deny actions as they happen
### Permission Modes
| Mode | Behavior |
| --------------------- | -------------------------------------------------------------------------------------------------------------- |
| **Ask** (Recommended) | Agent requests permission for each action. You can approve once, for the session, or permanently. |
| **Allow All** | File operations (Read, Write, Edit) auto-approve. Bash commands still require approval based on your settings. |
| **Bypass All** | Everything auto-approves. Use only in trusted, sandboxed environments. |
### Allowing All Web Searches while in Allow All Edits mode
To allow your coding agent to search and fetch all websites, in the advanced settings, add *.* on the URL allow list. You can also use wildcard domain patterns like `*.github.com` to allow all subdomains of a specific site, or use the **"Allow All Domains"** button for quick access to permit all web fetches.
### How Approval Works in Ask Mode
When the agent wants to perform an action in **Ask** mode:
1. An inline confirmation appears with the action details
2. You choose:
* **Deny** - Block this request
* **Allow Once** - Allow just this time
* **Session** - Allow this pattern for the rest of the session
* **Always** - Save the pattern to `.claude/settings.local.json`
### Managing Permissions
Open **Settings > Agent Permissions** to:
* Change your permission mode
* View and remove approved patterns
* Add additional directories
* Reset to defaults
### Pattern Examples
* `Bash(git:*)` - Allow git commands
* `Bash(npm:*)` - Allow npm commands
* `Edit` - Allow file edits
* `WebFetch(domain:github.com)` - Allow fetching from github.com
### Security Notes
* Sensitive paths (`~/.ssh`, `~/.aws`, etc.) are always blocked
* Compound bash commands get one-time patterns that don't persist
* Untrusted projects deny all agent actions until you set a permission mode
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.nimbalyst.com/open-safe-private-secure/permissions-and-safety.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.