Permission Modes: plan vs acceptEdits
Day 26 · Week 6 · Agents — AI Personas
Slack Message — copy & paste
🤖 Tip #26 — How much do you trust the agent? 'plan' = read-only exploration, 'acceptEdits' = autonomous file changes. Default to plan.
#26 Claude Code
Two Modes, Different Trust Levels
- plan (read-only)
- › The agent can read files, search code, and analyze — but cannot modify anything
- › Perfect for code review (read and report), research (explore codebase), and analysis (understand architecture)
- acceptEdits (autonomous)
- › The agent can read AND write files, run commands, make changes
- › Needed for implementation (writing code), bug fixes (editing broken code), and automation (running builds and tests)
- Risk with acceptEdits — an agent with acceptEdits running in your working directory can modify files you're actively editing. If something goes wrong, you're dealing with merge conflicts against AI changes.
Permissions plan acceptEdits Safety
#26 Agents — AI Personas
Safety Patterns in Practice
- 1 Safety pattern — combine acceptEdits with isolation: 'worktree'. The agent works on a copy of the repo, not your active files. If it messes up, just delete the worktree.
- 2 Our practice — only one agent has acceptEdits (the step executor). All others are read-only. Default to plan unless the agent's job is to write code.
- 3 Check your agent definitions — any agent with acceptEdits that doesn't need it? Switch it to plan
- 4 Choose permission mode by agent role
- › Reviewers, analyzers, searchers → plan
- › Implementers, fixers, automators → acceptEdits + worktree
Permissions plan acceptEdits Safety
Your screenshot here Optional — add a screenshot from your own workflow