For power users working with Claude’s desktop application and CLI tool, managing tool approvals can become repetitive. Whether you’re using Claude in an agentic way or running long coding sessions, stopping every minute to approve a tool can interrupt your flow. This guide covers the latest methods for auto-approving trusted tools across both Claude Desktop and Claude Code.
Pro Tip: When using auto-approval features, we strongly recommend using Claude Sonnet 4.5 as your default model. It excels at maintaining conversation context and flow—critical when tools are being approved automatically. See the Model Selection section for details.
Important Security Considerations
Before implementing any auto-approval solution, consider these guidelines:
- Auto-approving removes security checkpoints – You won’t be prompted before Claude executes operations
- Start with read-only tools – Begin with non-mutating operations like file reading and searching
- Avoid auto-approving expensive operations – Be cautious with tools that can incur API costs or modify/delete important data
- Review your setup regularly – Periodically audit which tools have auto-approval enabled
- Test carefully – Manually test new tools before enabling auto-approval
- Use appropriate models – Sonnet 4.5 is recommended for better context awareness with auto-approved tools
Part 1: Claude Desktop Auto-Approval
Built-In “Always Approve” Button (Easy Method)
Status: Built into Claude Desktop as of May 2025
Claude Desktop now includes a built-in “Always approve” button directly in the tool permission dialog. This is the easiest way to enable auto-approval for trusted MCP tools.
How to Use:
- When Claude requests permission to use a tool, look for the “Always approve” button in the permission dialog
- Click “Always approve” for tools you trust
- That tool will be automatically approved in future sessions
What It Does:
- Creates permanent approval for the selected tool
- Works automatically across all chats
- No additional setup or configuration required
- Simplifies workflow for frequently-used, trusted tools
Note: The “Always approve” setting is permanent. If you need to revoke approval, you can rename the MCP server in your claude_desktop_config.json file (e.g., change git to git_new), which will reset permissions for that server.
Alternative: Per-Chat Approval with MCP Server
If you prefer more granular control and want the ability to approve tools on a per-chat basis (rather than permanently), there’s a third-party MCP server solution available.
The claude_autoapprove_mcp server offers:
- “Allow for this chat” functionality instead of permanent approvals
- Ability to change decisions in future chats
- Configurable
autoapproveandautoblocklists per MCP server
Important: We haven’t reviewed this solution ourselves. Use at your own discretion.
For more information: claude_autoapprove_mcp on GitHub
Basic setup (if you choose to try it):
{
"mcpServers": {
"claude-autoapprove-mcp": {
"command": "uvx",
"args": ["claude-autoapprove-mcp"]
},
"your-mcp-server": {
"command": "npx",
"args": ["your-server"],
"autoapprove": ["read_file", "search_files"],
"autoblock": ["write_file"]
}
}
}Part 2: Claude Code Auto-Approval and Permission Management
Claude Code (the command-line AI coding assistant) offers two distinct ways to use it, each with different permission capabilities:
Two Ways to Use Claude Code
1. Terminal/CLI Method (Full Permission Control)
Running claude directly in your terminal gives you complete control over permissions:
- Full access to all permission modes and flags
- Can use
--dangerously-skip-permissionsflag - Shift+Tab keyboard shortcut for mode switching
- Complete configuration file support
- All command-line flags work
This is the method we’ll focus on for auto-approval, as it offers the most flexibility.
2. VS Code Extension (Beta – Limited Permission Control)
The VS Code extension provides a graphical interface with a sidebar panel:
- Visual interface with inline diffs
- Has “Auto-accept edits mode” built-in
- Plan mode with editing capability
- Dialog-based permission prompts
Important Limitation: The VS Code extension does NOT support the same permission bypass options as the CLI. According to community reports and GitHub issues, the extension:
- Doesn’t respect
--dangerously-skip-permissionsflag - Has its own internal permission system with dialog prompts
- Still requires manual approval for many tool operations even in “auto-accept edits” mode
- Cannot use configuration file permission settings the same way as CLI
Quick Comparison
| Feature | CLI Method | VS Code Extension |
|---|---|---|
| Interface | Terminal-based | Graphical sidebar |
| Shift+Tab Modes | Full support | Not available |
| –dangerously-skip-permissions | Supported | Not supported |
| Configuration Files | Full support | Limited support |
| Auto-Accept File Edits | Via mode toggle | Built-in option |
| Visual Inline Diffs | In IDE with integration | Native support |
| Bypass All Permissions | Possible | Not possible |
| Dialog Prompts | Can be disabled | Always present |
| Best For | Maximum control | Visual workflows |
Our Recommendation: If you need full auto-approval control, use the CLI method in VS Code’s integrated terminal (or any terminal). The VS Code extension is great for visual workflows but more restrictive with permissions.
Terminal/CLI: Permission Management
The following permission features apply to the terminal/CLI method of using Claude Code:
Quick Permission Toggle: Shift+Tab
The fastest way to control permissions in Claude Code is the Shift+Tab keyboard shortcut, which cycles through three modes:
- Normal Mode (default) – Prompts for all operations
- Auto-Accept Mode (shows “accept edits on”) – Auto-approves all file edits and operations
- Plan Mode (shows “plan mode on”) – Read-only research and planning mode
Usage:
- Press
Shift+Tabto cycle through modes - Current mode displays at bottom of terminal
- Switch modes anytime during a session
Auto-Accept Mode Details
When Auto-Accept Mode is enabled:
- File modifications proceed without confirmation
- Bash commands run immediately
- All operations execute seamlessly
- Risk: Potentially destructive operations occur without pause
Best For:
- Uninterrupted workflow when you trust Claude’s direction
- Repetitive tasks like refactoring
- Long agentic sessions (10-40+ minutes)
- Bulk modifications across multiple files
Enable Methods:
- During a session: Press
Shift+Tabuntil you see “accept edits on” - Via command:
claude --permissionMode acceptEdits - In settings: Set
defaultModetoacceptEditsinsettings.json
Plan Mode
Plan mode is perfect for:
- Code exploration before making changes
- Interactive development with iterative planning
- Understanding complex codebases
- When you want to review plans before execution
Enable Methods:
- During a session: Press
Shift+Tabtwice (Normal → Auto-Accept → Plan) - Start in Plan Mode:
claude --permissionMode plan - In settings:
{
"permissions": {
"defaultMode": "plan"
}
}VS Code Extension: Auto-Accept Edits Mode
If you’re using the VS Code Extension (not the CLI), you have a more limited but still useful “Auto-accept edits mode”:
How to Enable:
- Open the Claude Code panel in VS Code (Spark icon in sidebar)
- Look for the “Auto-accept edits” toggle in the interface
- Enable it to automatically apply Claude’s file changes
What It Does:
- Automatically applies file edits without confirmation
- Shows changes in real-time with inline diffs
- Still uses dialog prompts for some operations
What It Doesn’t Do:
- Cannot bypass all permission checks like CLI’s
--dangerously-skip-permissions - Still prompts for many tool operations
- Doesn’t support CLI permission configuration files
When to Use the Extension:
- You prefer graphical interfaces over terminal
- You mainly need auto-approval for file edits (not bash commands)
- You want visual inline diffs
- You’re comfortable with dialog prompts for tool operations
When to Use CLI Instead:
- You need full permission bypass capabilities
- You want to use configuration files for permission rules
- You need
--dangerously-skip-permissionsflag - You want complete control via Shift+Tab modes
Configuration-Based Permissions
For persistent, fine-grained control, configure permissions in .claude/settings.json:
Permission Levels:
allow– Auto-approve without promptingdeny– Block without promptingask– Always prompt for approval
Example Configuration:
{
"permissions": {
"allow": [
"Bash(npm run lint)",
"Bash(npm run test:*)",
"Bash(git log:*)",
"Bash(git diff:*)",
"Read(~/.zshrc)",
"Read"
],
"deny": [
"Bash(curl:*)",
"Bash(wget:*)",
"Bash(rm -rf:*)",
"Bash(sudo:*)",
"Read(./.env)",
"Read(./.env.*)",
"Read(./secrets/**)",
"Read(./config/credentials.json)",
"WebFetch"
],
"ask": [
"Bash(git push:*)",
"Write(./production/**)",
"Edit"
]
}
}Pattern Syntax:
ToolName– Matches any use of that toolToolName(pattern)– Matches specific patternsBash(command:*)– Prefix matching for bash commandsRead(./path/**)– Glob patterns for file paths- Wildcards only work at the end of patterns
Command-Line Flags
allowedTools Flag:
# Allow specific tools without prompting
claude --allowedTools "Bash(git log:*)" "Bash(git diff:*)" "Read" "Write"disallowedTools Flag:
# Block specific tools without prompting
claude --disallowedTools "Bash(rm:*)" "Bash(sudo:*)" "WebFetch"Bypass All Permissions (Use with Extreme Caution):
# Skip all permission prompts - equivalent to "YOLO mode"
claude --dangerously-skip-permissionsWarning: This completely bypasses all safety checks. Use only in trusted environments.
Hierarchical Settings
Claude Code uses a tiered settings system:
- Managed settings (highest priority) – Enterprise/org policies
- macOS:
/Library/Application Support/ClaudeCode/managed-settings.json - Linux/WSL:
/etc/claude-code/managed-settings.json - Windows:
C:\ProgramData\ClaudeCode\managed-settings.json
- macOS:
- Project local settings – Personal, not checked in
.claude/settings.local.json
- Project settings – Team-shared, checked into git
.claude/settings.json
- User settings – Global personal preferences
~/.claude/settings.json
- Programmatic options – CLI flags and SDK options (override filesystem settings)
Keyboard Shortcuts Reference
| Shortcut | Action |
|---|---|
Shift+Tab | Toggle permission modes (Normal → Auto-Accept → Plan) |
Ctrl+C | Cancel current operation |
Ctrl+D | Exit Claude Code |
Ctrl+L | Clear screen (keeps history) |
Esc + Esc | Edit previous message |
Tab | Toggle extended thinking on/off |
? | Show available shortcuts |
MCP Tool Permissions in Claude Code
Claude Code also supports MCP servers with auto-approval configuration:
claude mcp add github -e GITHUB_TOKEN=token -- npx @modelcontextprotocol/server-githubConfigure MCP permissions in settings:
{
"permissions": {
"allow": [
"mcp__github__create_issue",
"mcp__github__list_issues"
],
"deny": [
"mcp__github__delete_repository"
]
}
}Note: MCP permissions do NOT support wildcards. List each tool explicitly.
Choosing the Right Model for Auto-Approval
When using auto-approval features, model selection becomes even more critical since you’re giving Claude more autonomy.
Claude Sonnet 4.5 (Recommended)
Best for: General use, tool calling, and auto-approval workflows
Why Sonnet 4.5:
- Excellent at maintaining conversation context and flow
- Reliably remembers details discussed earlier in the session
- Superior understanding of implicit context when calling tools
- Handles complex multi-step operations with proper context awareness
Example: If you’re discussing a specific GitHub issue and then decide on a command, Sonnet 4.5 will remember which issue you’re working on and use that context appropriately. It won’t lose track and ask you to specify the issue again.
Ideal scenarios:
- Auto-Accept Mode in Claude Code for coding sessions
- MCP auto-approval with multiple connected services
- Long agentic workflows where context matters
- Complex projects requiring nuanced understanding
Claude Haiku 4.5
Best for: Fast, focused tasks with explicit instructions
Characteristics:
- Very fast performance
- Cost-effective for high-volume operations
- Requires much stricter and more explicit instructions
- Less reliable at maintaining conversation flow and context
Limitations with auto-approval:
- May lose track of conversation context
- Could ask for clarifications on things already discussed
- Example: After discussing a GitHub issue, might still ask “Which issue should I work on?” despite the context being clear
- Needs commands to be more explicit and self-contained
When to use Haiku 4.5:
- Simple, repetitive tasks with clear instructions
- Operations that don’t rely on conversation history
- Budget-conscious scenarios where context isn’t critical
- Short, focused sessions with explicit parameters
Model Selection by Scenario
| Scenario | Recommended Model | Why |
|---|---|---|
| Auto-Accept Mode coding | Sonnet 4.5 | Context awareness crucial |
| Plan Mode exploration | Sonnet 4.5 | Complex reasoning needed |
| MCP tool chains | Sonnet 4.5 | Multi-step context retention |
| Simple file operations | Haiku 4.5 | Speed matters, context simple |
| Batch processing | Haiku 4.5 | Repetitive, explicit tasks |
| Interactive debugging | Sonnet 4.5 | Conversational flow essential |
Setting Your Model
Claude Code:
# Use Sonnet 4.5 (default and recommended)
claude --model sonnet
# Use Haiku 4.5 (for speed)
claude --model haikuSwitch models mid-session:
/model sonnet
/model haikuOur Recommendation
For auto-approval workflows, always start with Sonnet 4.5. The superior context awareness and conversation flow make it far more reliable when tools are being approved automatically. Only switch to Haiku 4.5 if:
- You’re doing simple, repetitive tasks
- Speed is critical and context doesn’t matter
- You’re willing to provide extremely explicit instructions for each operation
- You can afford potential context-loss issues
The peace of mind from Sonnet 4.5’s better context handling is worth the slight speed/cost difference, especially when auto-approving tool usage.
Security Best Practices
- Always review auto-approved tools periodically
- Never auto-approve tools that can delete or modify production systems
- Use isolated environments (VMs, containers) when testing
- Keep auto-approval lists minimal and specific
- Monitor tool usage through console logs
- Consider using hooks for additional validation
- Choose Sonnet 4.5 for complex workflows where context matters
Troubleshooting
Claude Desktop:
- Want to revoke “Always approve” for a tool: Rename the MCP server in your
claude_desktop_config.json(e.g.,git→git_new) to reset its permissions - MCP server issues (if using alternative method): Restart Claude Desktop after config changes
- Tools not auto-approving: Verify you clicked “Always approve” in the permission dialog
Claude Code (CLI):
- Repeated approval prompts: Configure
allowedToolsin settings or use flags - Permissions not applying: Check settings file hierarchy and precedence
- Auto-Accept not working: Verify you’re in the correct mode (check terminal bottom)
- Plan Mode stuck: Press
Shift+Tabto cycle back to Normal Mode
Claude Code (VS Code Extension):
- Still seeing permission prompts: This is expected – the extension doesn’t support full permission bypass
- Want fewer prompts: Enable “Auto-accept edits mode” for file changes
- Need full permission control: Use the CLI in VS Code’s integrated terminal instead
- Extension not responding: Check VS Code version is 1.98.0 or higher
- Can’t find Spark icon: Ensure the extension is installed from the VS Code Marketplace
Resources
Official Documentation:
- Claude Code Official Documentation
- Claude Code VS Code Extension
- VS Code Extension Marketplace
- Claude Code Permission System
- Model Context Protocol Docs
Community Resources:
Conclusion
Auto-approval capabilities vary significantly across Claude’s different interfaces:
Claude Desktop now has auto-approval built in with the “Always approve” button—the easiest way to streamline your workflow with trusted tools. For those wanting per-chat control, third-party MCP solutions exist but haven’t been reviewed by us.
Claude Code CLI excels with its built-in permission modes accessible via Shift+Tab, combined with hierarchical configuration files for team and enterprise settings. This is the most powerful option for developers who need full control.
Claude Code VS Code Extension offers a visual interface with “Auto-accept edits mode” for file changes, but has more limited permission bypass capabilities compared to the CLI. For maximum flexibility, use the CLI in VS Code’s integrated terminal.
Model Selection is critical when using auto-approval. Sonnet 4.5 is the clear choice for most workflows due to its superior context awareness and conversation flow. Only use Haiku 4.5 for simple, explicit tasks where speed matters more than context.
Choose the method that fits your security requirements and workflow, and always prioritize safety over convenience. Start with the most restrictive settings and gradually expand your auto-approve lists as you gain confidence with the tools.
Remember: Auto-approval is powerful, but responsibility for the outcomes rests with you.
Leave a comment