// Section 3 — Environment · 2 MIN READ

[✓] VERIFIED MANUAL ENTRY — This concept has been rewritten from primary sources and is legally cleared for production.

Permission Request

A checkpoint in an agent loop that prompts the developer for approval before executing a sensitive tool call.

A permission request is a security gate in an agent's execution loop. When the model requests a sensitive action (like running a terminal command or writing to a file), the client harness pauses execution and prompts you to approve, modify, or reject the tool call.

You trigger permission requests when:

  • Running terminal agents that ask Run command 'git push'? [y/N].
  • IDE assistants ask for permission to write modifications to a file.
  • Security configurations block network calls by default.

Balancing Autonomy and Safety

Permission requests solve the security issues of agent systems. If an agent loops autonomously, it could execute destructive actions. By introducing a Human-in-the-loop (HITL) checkpoint, you limit the blast radius:

[Tool Call: delete_file] ──► Harness Pauses Loop ──► Console Prompt: "Approve?" ──► [User Types 'Y'] ──► Execution Completed

However, permissions introduce interruptions. If an agent asks for approval on every read-only command (e.g. listing directories or reading files), it wastes your time and slows development.

Field Applications

1. Fullstack Developers (Implementing Approval Gates)

Developers configure permission gates in their tool execution routing scripts, bypassing prompts for safe tools (reads) and prompting for unsafe tools (writes/executes):

  • Code Example:
    async function executeToolWithPermission(toolCall) {
  const isSensitive = ["run_command", "write_file", "delete_file"].includes(toolCall.name);
  
  if (isSensitive) {
    // Pause loop and prompt developer via terminal CLI
    const approved = await promptUserForApproval(toolCall);
    if (!approved) {
      return "Error: Action rejected by the user.";
    }
  }
  
  // Execute function locally
  return runLocalFunction(toolCall.name, toolCall.args);
}

# AVOID

Do not auto-approve terminal shell commands or credential writes when running agents in un-sandboxed environments.

  • Avoid: Letting an agent run rm -rf commands or database drops without user confirmation on your local machine.
  • Write: Set permission rules that require explicit human approval for shell scripts and file creations.

# USAGE

Developer A: "Our agent is sitting idle, not outputting any code." Developer B: "Check the terminal. It generated a tool call to run a shell command and is waiting on a permission request. You need to type 'y' in the console to let it proceed."

// SEE_ALSO

Permission ModeThe configuration tier (Bypass, Ask, or Strict) that dictates which tool classes run automatically and which require developer approval.
Tool CallThe structured request generated by a model during inference, specifying a tool name and arguments it wants the client harness to run.
Human-in-the-loopA working pattern where the developer actively monitors, redirects, and collaborates with the agent in real time, catching mistakes before they build up.
Agent EngineeringAn architectural design pattern where an LLM is embedded within a stateful loop, allowing it to deconstruct goals, invoke tools, inspect environment feedback, and self-correct.

// SOCRATIC_VALIDATION

Interactive Concept Quiz

QUESTION 1 OF 3SCORE: 0/3

[EDIT_THIS_TERM_ON_GITHUB ↗]