Skip to main content
Every tool has one of three permission levels:
PermissionBehavior
allowRuns automatically, no prompt
askPrompts for approval before running (TUI only)
excludeHidden from the agent entirely

Defaults

Read-only tools (Read, List, Search, Fetch, Diff) default to allow. Write tools (Edit, MultiEdit, Write) and Bash default to ask. In headless mode, ask tools are excluded since there’s no one to approve them.

Overriding with flags

Use --allow, --ask, and --exclude to override defaults at launch: 
# Allow file writes without prompting
cn --allow Write --allow Edit

# Exclude terminal commands
cn --exclude Bash

# Allow everything (headless automation)
cn -p "Set up the project" --allow "*"
Flags take precedence over all other permission sources.

Tool matching patterns

Flags accept tool matching patterns:
  • Write — matches any call to the Write tool
  • Write(*) — same as above
  • Write(**/*.ts) — matches Write calls where the primary argument matches the glob **/*.ts
# Allow writing only to TypeScript files
cn --allow "Write(**/*.ts)"

# Allow bash but not for install commands
cn --allow Bash --exclude "Bash(npm install*)"

permissions.yaml

Persistent permissions are stored in ~/.continue/permissions.yaml. This file is updated when you choose “Continue + don’t ask again” in the TUI approval prompt. 
# ~/.continue/permissions.yaml
allow:
  - Read(*)
  - Write(**/*.ts)

ask:
  - Bash

exclude: []
You can edit this file directly, but it’s primarily managed by the TUI. Changes take effect on the next session.

Precedence

When multiple sources define a permission for the same tool, the highest-priority source wins:
  1. Mode policies--auto and --readonly override everything (see below)
  2. CLI flags--allow, --ask, --exclude
  3. permissions.yaml — persistent personal settings
  4. Defaults — built-in policies

Modes

Modes are a shorthand for common permission sets. Switch modes with Shift+Tab during a TUI session, or set them at launch: 
cn --auto       # Allow all tools without prompting
cn --readonly   # Plan mode — read-only tools only, no file writes
ModeEffect
normal (default)Uses configured permissions
plan (--readonly)Excludes all write tools, allows reads and Bash
auto (--auto)Allows everything — *: allow
Plan and auto modes are absolute overrides. They ignore --allow, --exclude, and permissions.yaml entirely.