Permissions and YOLO Mode

TatsuCode is conservative by default — sensitive operations like running shell commands, deleting files, or modifying your system require explicit approval. v0.9.107 adds two related features that give you finer control: a /permissions overlay for granular per-tool approvals, and YOLO mode for power users who want to bypass prompts during a focused session.

/permissions

/permissions

The new overlay lets you allow individual command-line tools (and other tool calls), including unknown tools the agent has never run before. You can grant access two ways:

• For this session only — clears when you start /new or close TatsuCode
• Permanently — saved to your config so it sticks across sessions

This means you can grant npm, dotnet, cargo, pytest, or whatever your project actually uses, once — and stop being prompted for them every turn — without lowering your overall safety posture.

Granular Per-Tool

The previous permission model was category-based (Allow/Deny/Ask per category like FileWrite, TerminalCommand). The new overlay sits alongside that and gives you specific approvals at the tool level. So you can:

• Permanently allow git status and git diff (read-only) but keep git push on Ask
• Allow npm run test for the session but keep npm install gated
• Approve a custom CLI tool the agent discovered without trusting every shell command

When You'll See the Overlay

It opens automatically the first time the agent reaches for a tool you haven't permitted. You can also open it any time to review or revoke.

YOLO Mode

/yolo

YOLO mode is a session-scoped permission bypass for power users who already know what they're doing — auditing a project end-to-end, working through a known-good codebase, or running an agent loop where prompts would just slow you down.

When YOLO is active:

• Permission prompts are bypassed for non-destructive operations
• A status-bar badge shows YOLO is on
• Safety guardrails that protect your system stay on regardless (more on this below)

First-Time Acknowledgement

The first time you toggle YOLO, TatsuCode shows an acknowledgement modal explaining what's bypassed and what isn't. You acknowledge once; subsequent toggles just flip the badge.

Toggle

/yolo

…or click the badge in the status bar. YOLO is per-session by design — close TatsuCode and it's off again.

When to Use It

Good fit:

• Running an audit or analysis pass on a codebase you already trust
• A focused agent loop on your own machine where you're actively watching
• Demos / video recordings where prompts would interrupt the flow

Bad fit:

• Working in a repository you don't fully trust
• Running an unknown skill or plugin for the first time
• Anything you wouldn't be comfortable with the agent doing without asking

If in doubt, leave YOLO off and use /permissions to approve specific tools.

Safety Guardrails (Always On)

Some guardrails stay on even in YOLO mode, because they protect things outside the scope of "this project":

• System / OS folder protection. TatsuCode refuses to create or open projects in Windows system directories, drive roots, Program Files, the Windows folder, or other locations that could damage the operating system if the agent makes a mistake. This includes preventing writes inside protected paths and outright refusing to spawn tatsu.exe from a system folder.
• Destructive shell command list. A curated list of dangerous commands (e.g., rm -rf /, format, registry-wide writes) is blocked regardless of permission state.
• Read-before-edit. The agent must Read a file before editing or overwriting it — this prevents accidental data loss when the agent hasn't seen the current contents.

YOLO doesn't disable these. They're not "annoying prompts" — they're hard guardrails on operations that would cause real damage.

Recommended Setup

For most users:

1. Leave YOLO off.
2. Use /permissions to permanently allow the small set of tools you trust — your build commands, your test runner, read-only git, your project's CLI.
3. Keep destructive operations (deletes, force pushes, system config writes) on Ask so you see them before they happen.

For power users on trusted projects:

1. Configure your permanent allowlist via /permissions.
2. Toggle /yolo for focused sessions where you're actively watching the agent.
3. Toggle it back off when you step away or change context.

Next Steps

• Settings — broader permission policy
• Commands — /permissions, /yolo
• Tools Reference — what each tool does and when permission is required