Skip to main content

Overview

Approval modes control when the AI must request permission before executing tools. They balance safety, control, and automation to match your workflow and trust level. 
# Set approval mode
qwen --approval-mode default

# Change during session
/approval-mode yolo

# Quick toggle with Shift+Tab
# (cycles through: default → auto-edit → yolo → plan → default)

The Four Modes

Plan

Read-only analysis modeAI can analyze and reason but cannot modify files or run commands.

Default

Balanced mode (recommended)Prompts for approval before file edits and shell commands.

Auto Edit

Automated editingAuto-approves file edits but still prompts for shell commands.

YOLO

Full automationAuto-approves all actions. Use with caution!

Plan Mode

Best for: Code review, architecture planning, learning about a codebase 
qwen --approval-mode plan

What’s Allowed

  • Read files
  • Search code (glob, grep, ripgrep)
  • List directories
  • Analyze code structure
  • Browse file tree
  • Fetch documentation
  • Reason and explain

Use Cases

# Safe code review
qwen --approval-mode plan --prompt "Review this PR for security issues"

# Understand codebase structure
qwen --approval-mode plan --prompt "Explain the architecture of this project"

# Learning without risk
qwen --approval-mode plan --prompt "Show me how the authentication works"
Plan mode is perfect for read-only analysis where you want insights without any risk of changes.

Default Mode

Best for: Day-to-day development, learning while building, supervised automation 
qwen --approval-mode default
# or just:
qwen

Approval Flow

1

Tool Call Initiated

AI decides to use a tool that requires approval.
2

Confirmation Prompt

You see the tool name, arguments, and preview (for edits).
3

Your Decision

  • Allow - Execute this one time
  • Reject - Skip this tool call
  • Allow All Edits - Auto-approve all future file edits
  • Always Allow [command/tool] - Remember approval for this specific tool
4

Execution

Tool runs (if approved) and AI continues with the result.

What Requires Approval

ToolRequires ApprovalReason
editYesModifies files
write_fileYesCreates/overwrites files
bashYesExecutes commands
mcp_toolYes (first use)External tool
readNoRead-only
globNoSearch only
grepNoSearch only
lsNoList only
web_fetchNoRead-only

Example Session

> Fix the bug in auth.ts

I'll analyze the file first...

✓ Executed: read("src/auth.ts")

I found the issue. I need to update line 42.

? Allow file edit?
  File: src/auth.ts
  Lines: 42
  Changes: Fix null check in validateToken
  
  [Show diff] [Allow] [Reject] [Allow All Edits]

> [You press Allow]

✓ Executed: edit("src/auth.ts", ...)

Fixed! Now let me run the tests...

? Allow shell command?
  Command: npm test
  
  [Allow] [Reject] [Always Allow npm]

> [You press Allow]

✓ Executed: bash("npm test")

All tests pass! The bug is fixed.
In default mode, you maintain full control while still getting AI assistance. Approve only what makes sense.

Auto Edit Mode

Best for: Refactoring, code generation, automated documentation 
qwen --approval-mode auto-edit

What’s Auto-Approved

  • File edits (edit)
  • File creation (write_file)
  • File reads (read)
  • Code search (glob, grep)
  • Directory listing (ls)
  • Documentation fetching

Use Cases

# Large-scale refactoring
qwen --approval-mode auto-edit \
  --prompt "Rename Component to Widget throughout the codebase"

# Code generation
qwen --approval-mode auto-edit \
  --prompt "Generate CRUD endpoints for the User model"

# Automated documentation
qwen --approval-mode auto-edit \
  --prompt "Add JSDoc comments to all exported functions"

Safety Features

Even in auto-edit mode:
  • You can press Ctrl+C to cancel mid-stream
  • Changes are applied incrementally (visible in real-time)
  • Git integration shows diffs automatically
  • Shell commands still require explicit approval
Auto-edit mode trusts the AI to modify your files. Make sure you have version control and can revert changes if needed.

YOLO Mode

Best for: Trusted environments, CI/CD, automation scripts, rapid prototyping 
qwen --approval-mode yolo

What’s Auto-Approved

Everything. No prompts, no confirmations.
  • File operations (read, write, edit, delete)
  • Shell commands
  • MCP tools
  • System operations
  • Network requests
  • All other tools

Use Cases

# .github/workflows/ai-fix.yml
- name: Auto-fix Issues
  run: |
    qwen --approval-mode yolo \
      --prompt "Fix all linting errors" \
      --output json

Safety Considerations

YOLO mode is powerful and dangerous.The AI can:
  • Execute any shell command
  • Modify or delete any file
  • Make network requests
  • Change system configuration
  • Install packages
  • Deploy code
Only use in:
  • Isolated environments (containers, VMs)
  • Non-production systems
  • With version control
  • When you understand the prompt’s implications

Cancellation

Even in YOLO mode, you can:
  • Press Ctrl+C to abort immediately
  • Use --max-turns to limit iterations
  • Set timeouts to prevent runaway processes
# Safe YOLO with limits
timeout 300 qwen \
  --approval-mode yolo \
  --max-turns 10 \
  --prompt "Deploy to staging"

Switching Modes Mid-Session

Interactive Mode

# Use slash command
/approval-mode auto-edit

# Or use Shift+Tab to cycle
# (default → auto-edit → yolo → plan → default)
When you switch modes:
  • Pending approvals are auto-resolved based on new mode
  • In-flight operations continue with original mode
  • Future operations use the new mode

Headless Mode

Mode is set at startup and cannot be changed: 
qwen --approval-mode yolo --prompt "Task"

Configuration

Settings File

// .qwen/settings.json
{
  "approvalMode": "default",
  "tools": {
    "bash": {
      "alwaysAllow": ["npm test", "git status"]
    },
    "mcp": {
      "trustedServers": ["filesystem", "github"]
    }
  }
}

Environment Variable

export QWEN_APPROVAL_MODE=auto-edit
qwen

Per-Tool Configuration

You can customize approval behavior per tool: 
{
  "tools": {
    "bash": {
      "approvalMode": "prompt",
      "alwaysAllow": ["git status", "npm test"],
      "neverAllow": ["rm -rf", "sudo"]
    },
    "edit": {
      "approvalMode": "auto"
    },
    "mcp_tool": {
      "approvalMode": "prompt",
      "trustedServers": ["filesystem"]
    }
  }
}

Advanced Features

Persistent Approvals

When you choose “Always Allow”, approvals are saved: 
// ~/.qwen/approvals.json
{
  "bash": {
    "npm test": true,
    "npm run build": true
  },
  "mcp_servers": {
    "github": true
  }
}
Clear persistent approvals: 
/permissions
# Opens dialog to manage saved approvals

Conditional Approval

Configure approval based on context: 
{
  "approvalMode": "default",
  "approvalRules": [
    {
      "when": { "tool": "bash", "args.command": "npm test" },
      "then": "allow"
    },
    {
      "when": { "tool": "edit", "args.filePath": "tests/**" },
      "then": "allow"
    },
    {
      "when": { "tool": "bash", "args.command": "rm*" },
      "then": "deny"
    }
  ]
}

Approval Hooks

Run custom logic before approval: 
// .qwen/hooks/before-approval.ts
export async function beforeApproval(tool: ToolCall) {
  if (tool.name === 'bash' && tool.args.command.includes('rm')) {
    // Extra confirmation for dangerous commands
    return {
      require: 'explicit',
      message: 'This command will delete files. Are you sure?'
    };
  }
  return { require: 'default' };
}

Comparison Table

FeaturePlanDefaultAuto EditYOLO
Read files
Search code
Edit filesPrompt
Shell commandsPromptPrompt
MCP toolsPromptPrompt
Delete filesPromptPrompt
Safety levelHighestHighMediumLowest
AutomationLimitedGoodFull
Best forReviewDevelopmentRefactorCI/CD

Best Practices

Begin with default mode to understand what the AI wants to do. Graduate to higher automation as you build trust.
When reviewing code or learning, use plan mode to explore safely without accidental changes.
Switch to auto-edit for large refactorings where you’d approve every edit anyway.
Use yolo mode in Docker containers or VMs where mistakes are isolated and easily reversed.
Always commit your work before switching to auto-edit or yolo modes. You can revert if needed.
For complex prompts, run in plan mode first to verify the AI understands correctly before allowing execution.

Troubleshooting

Problem: In headless mode with default, tools requiring approval fail.Solution: Use --approval-mode yolo or --approval-mode auto-edit for headless automation.
Problem: Constantly approving the same operations.Solution:
  • Choose “Always Allow” for trusted operations
  • Switch to auto-edit for file operations
  • Add commands to alwaysAllow in settings
Problem: In plan mode, AI can’t complete the task.Solution: Switch to default or higher. Plan mode is read-only by design.
Problem: Stuck in YOLO mode.Solution:
  • In interactive: /approval-mode default
  • In headless: Restart with --approval-mode default
  • Check settings file for persistent configuration

Next Steps

Interactive Mode

Use approval modes in the interactive UI

Headless Mode

Automate with YOLO mode

Session Commands

Learn the /approval-mode command

Configuration

Configure approval settings