praisonai permissions lists, adds, removes, and shares your project’s approval rules.
Quick Start
Persist with Always allow
Press
A at the prompt to write a rule to .praisonai/permissions/rules.json.Approval prompt
CLI approval modes
| Flag | Mode | Behaviour |
|---|---|---|
--approval console | DEFAULT | Prompt for sensitive tools |
--approval plan | PLAN | Block write, edit, delete, bash, shell |
--approval accept-edits | ACCEPT_EDITS | Auto-approve edit/write tools |
--approval bypass | BYPASS | Skip all checks (dangerous) |
Non-interactive mode
| Option | Type | Default | Description |
|---|---|---|---|
--yes / -y | flag | off | Skip prompts; approval defaults to deny |
PRAISONAI_NON_INTERACTIVE=1 | env | unset | Same as --yes for CI and scripts |
Subcommands
list
List all permission rules in the current project.
allow
Add an ALLOW rule.
| Option | Type | Default | Description |
|---|---|---|---|
--agent | string | all agents | Scope rule to one agent |
--description | string | auto | Human-readable label |
--priority | int | 100 | Higher values are checked first |
deny
Add a DENY rule.
| Option | Type | Default | Description |
|---|---|---|---|
--agent | string | all agents | Scope rule to one agent |
--description | string | auto | Human-readable label |
--priority | int | 100 | Higher values are checked first |
ask
Add an ASK rule (always prompt).
| Option | Type | Default | Description |
|---|---|---|---|
--agent | string | all agents | Scope rule to one agent |
--description | string | auto | Human-readable label |
--priority | int | 50 | Higher values are checked first |
remove
Remove a rule by ID prefix (from list output).
reset
Delete all rules and approvals (requires confirmation).
export
Print rules as JSON to stdout.
import
Import rules from a JSON file.
Rule patterns
Patterns usetool_name:argument_pattern glob syntax:
| Pattern | Matches |
|---|---|
bash:git * | All git bash commands |
bash:ls * | ls commands |
read:* | All read tool calls |
write:*.env | Writes to .env files |
write:/etc/* | Truncating redirections to /etc/ (e.g. cat foo > /etc/hosts) |
external_dir:/data/* | Access to /data/ when workspace_root is set |
external_dir:* | All out-of-workspace access (use with deny to hard-block) |
external_dir: patterns
Whenworkspace_root is set on PermissionManager, any path that resolves outside the root emits an external_dir:<parent>/* sub-target defaulting to ask. Use the CLI to pre-authorise or hard-block these:
Compound shell commands (
&&, ;, |, subshells, $(...)) are decomposed and each operation is checked against your rules. A deny on bash:rm * blocks cd /tmp && rm -rf x and echo $(rm -rf x). See Command-Aware Permissions.[A] or [D], the CLI auto-generates patterns — for example bash:git * for git commands, or tool_name:* as the default.
Project storage
Rules and session approvals are stored under the current working directory:| File | Purpose | Commit to git? |
|---|---|---|
.praisonai/permissions/rules.json | Persistent allow/deny rules | Yes — share team rules |
.praisonai/permissions/approvals.json | Per-developer session approvals | No — local only |
Rules can also be declared directly in
.praisonai/config.yaml under the permissions: key — no CLI commands needed. Both approaches are fully supported and can be used together. See Single-Source Config and Declarative Permissions for details.Best practices
Commit rules.json for team alignment
Commit rules.json for team alignment
Share
.praisonai/permissions/rules.json so everyone gets the same allow/deny defaults.Never use bypass in production
Never use bypass in production
--approval bypass skips every check. Reserve it for fully trusted local sandboxes.Use plan for exploration
Use plan for exploration
--approval plan blocks writes and shell commands while you inspect a codebase.Broaden patterns with wildcards
Broaden patterns with wildcards
Use
bash:git * instead of one-off rules so related commands stay covered.Related
Single-Source Config
Declare permissions in .praisonai/config.yaml
Command-Aware Permissions
Compound command decomposition and evasion blocking
Declarative Permissions
All permission surfaces — YAML, CLI, Python
Interactive Tool Approval
User-facing approval experience
Permission Modes
Mode reference for agents and CLI
Workspace Boundary
Gate shell and file access outside your project root

