Skip to main content
HAPI provides granular control over AI agent permissions, allowing you to balance speed and safety based on your needs.

Overview

Every AI agent in HAPI can operate in different permission modes that control how much autonomy the agent has. From fully manual approval to complete automation, you decide the level of control.

Per-Agent Modes

Each agent type has its own set of permission modes

Real-Time Switching

Change modes mid-session without restarting

Approval Workflows

Get notified and approve/deny actions from any device

Safe Defaults

Default modes require approval for destructive actions

Permission Modes by Agent

Claude Code

Claude Code supports four permission modes:
ModeLabelDescriptionTone
defaultDefaultStandard approval workflow — requests permission for tool usageNeutral
acceptEditsAccept EditsAuto-approves file edits but asks for other toolsWarning
planPlan ModeCreates execution plans for review before runningInfo
bypassPermissionsYOLOFully autonomous — no permission requestsDanger

Codex / Gemini

Codex and Gemini share the same modes:
ModeLabelDescriptionTone
defaultDefaultStandard approval workflowNeutral
read-onlyRead OnlyAgent can only read files, no modificationsWarning
safe-yoloSafe YOLOAuto-approves safe operations, asks for risky onesWarning
yoloYOLOFully autonomous — no permission requestsDanger

OpenCode

OpenCode has simplified modes:
ModeLabelDescriptionTone
defaultDefaultStandard approval workflowNeutral
yoloYOLOFully autonomous — no permission requestsDanger

Cursor Agent

Cursor supports:
ModeLabelDescriptionTone
defaultDefaultStandard approval workflowNeutral
planPlan ModeCreates execution plans firstInfo
askAsk ModePrompts before every actionInfo
yoloYOLOFully autonomousDanger
The mode names come directly from each agent’s CLI. HAPI surfaces the same modes you’d use in the terminal.

Mode Descriptions

Default Mode

The balanced approach for most workflows:
  • ✅ Agent requests permission for file edits
  • ✅ Agent requests permission for bash commands
  • ✅ Agent requests permission for other tools
  • ⚠️ You approve/deny via web, PWA, or Telegram
Best for: Daily development, unfamiliar codebases, learning

Accept Edits (Claude Code)

Trust the agent with file changes:
  • ✅ Auto-approves file edits (Write, Edit)
  • ❌ Still asks for bash commands
  • ❌ Still asks for other tools
Best for: Refactoring, when you trust the agent’s coding ability

Plan Mode (Claude Code, Cursor)

Review before execution:
  • 📋 Agent creates execution plan
  • ⏸️ Pauses for your review
  • ✅ You approve the whole plan or iterate
Best for: Complex tasks, architecture changes, risky operations

Read-Only (Codex, Gemini)

Explore without risk:
  • ✅ Agent can read files
  • ✅ Agent can search codebase
  • ❌ No file modifications
  • ❌ No bash commands
Best for: Code review, analysis, exploration

Safe YOLO (Codex, Gemini)

Automation with guardrails:
  • ✅ Auto-approves “safe” operations (reads, writes to existing files)
  • ❌ Asks for risky operations (delete, network, installs)
Best for: Trusted codebases, routine tasks

YOLO Mode (All Agents)

Full autonomy:
  • ✅ Auto-approves everything
  • ✅ No interruptions
  • ⚠️ Agent has full control
Best for: Trusted agents, sandboxed environments, quick iterations
YOLO mode grants full control to the AI. Use with caution, especially in production environments.

Approval Workflows

Permission Request Flow

1. AI agent requests tool permission (e.g., file edit)


2. CLI sends permission request to hub


3. Hub stores request and notifies via SSE + Telegram


4. User receives notification on phone


5. User approves/denies in web app or Telegram


6. Hub relays decision to CLI via Socket.IO


7. CLI informs AI agent, execution continues

Approval Channels

You can approve permissions from:

Web App

View details, approve, or deny

PWA

Get push notifications, respond instantly

Telegram

Inline buttons in notifications

Permission Details

When reviewing a permission request, you see:
  • Tool name (e.g., “Write”, “Bash”, “Edit”)
  • Files affected (for file operations)
  • Command (for bash operations)
  • Context from the agent’s reasoning

Switching Modes

From Web Interface

1

Open Session

Navigate to the session in web app
2

Permission Mode Selector

Click the permission mode button (shows current mode)
3

Select Mode

Choose new mode from dropdown
4

Instant Switch

Mode changes immediately without restarting session

From API

curl -X POST https://your-hub/api/sessions/:id/permission-mode \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"mode": "yolo"}'

Via CLI

Start session with specific mode: 
# Claude Code with YOLO mode
hapi --permission-mode yolo

# Codex in read-only mode
hapi codex --permission-mode read-only

# Cursor in plan mode
hapi cursor --permission-mode plan

Use Cases

Exploratory Phase

Start safe, then speed up:
  1. Begin: Use default mode to understand codebase
  2. Trust building: Switch to acceptEdits for refactoring
  3. Rapid iteration: Switch to yolo for quick fixes

Production Hotfixes

Stay cautious:
  1. Always use default or plan mode
  2. Review every change carefully
  3. Never use yolo in production

Bulk Refactoring

Balance speed and safety:
  1. Use plan mode for architecture changes
  2. Review the plan
  3. Switch to acceptEdits for execution
  4. Monitor progress

Learning

Understand agent behavior:
  1. Use default mode
  2. Review every permission request
  3. Learn what the agent wants to do
  4. Adjust mode as you build trust

Real-Time Notifications

When a permission is requested:

Push Notifications (PWA)

🔔 Permission Request

Claude Code needs approval
Edit 3 files in src/

[Tap to review]

Telegram Notifications

🔔 Permission Request

Session: my-project
Agent: Claude Code

Requests permission to edit files:
- src/index.ts
- src/utils.ts

[Approve] [Deny] [View Session]

In-App

Session shows:
  • Badge count of pending requests
  • Inline approval UI in chat
  • Highlighted permission requests

Permission Mode Types

From shared/src/modes.ts: 
export const CLAUDE_PERMISSION_MODES = [
  'default', 'acceptEdits', 'bypassPermissions', 'plan'
] as const

export const CODEX_PERMISSION_MODES = [
  'default', 'read-only', 'safe-yolo', 'yolo'
] as const

export const GEMINI_PERMISSION_MODES = [
  'default', 'read-only', 'safe-yolo', 'yolo'
] as const

export const OPENCODE_PERMISSION_MODES = [
  'default', 'yolo'
] as const

export const CURSOR_PERMISSION_MODES = [
  'default', 'plan', 'ask', 'yolo'
] as const
Permission modes are validated at runtime using Zod schemas. Invalid modes are rejected.

Best Practices

  • Use default mode initially
  • Build trust with the agent over time
  • Graduate to acceptEdits after confidence
  • Reserve yolo for routine tasks
  • Always use default or plan mode
  • Review every change
  • Consider read-only for analysis
  • Never use yolo in production
  • Start with yolo for speed
  • Review changes in git diffs
  • Switch to stricter mode for refinement
  • Commit often
  • Establish team conventions
  • Document which modes to use when
  • Default to safer modes for junior devs
  • Use plan mode for shared codebases

Security Considerations

Sandboxing

HAPI does not sandbox agent actions:
  • Agent runs with your user permissions
  • Has access to all files you can access
  • Can run any command you can run
  • No containerization or virtualization
Agents have the same permissions as you. Treat yolo mode like giving someone your terminal.
For safer operation:
  1. Separate machine: Run agents on non-production machine
  2. Docker container: Run CLI in container for isolation
  3. Limited user: Run CLI as user with restricted permissions
  4. Git: Always use version control to review changes

Remote Control

Approve permissions from anywhere

Telegram

Get notified and approve via Telegram

PWA

Push notifications for permission requests

Build docs developers (and LLMs) love

Get started for freeTalk to us