Claude Code Permission Modes (2026)
What It Does
Claude Code’s permission system controls which operations the agent can perform without user approval. Each permission prompt – where the agent asks “may I run this command?” – adds overhead to the conversation context. The three permission modes (default, auto-accept with allowlists, and full auto-accept) have different token cost profiles. Choosing the right mode balances security with cost efficiency.
Installation / Setup
Permission modes are configured via Claude Code settings or command-line flags.
# Default mode: asks for permission on potentially dangerous operations
claude
# Auto-accept mode: accepts all tool calls without prompting
claude --dangerously-skip-permissions
# Recommended: allowlist-based auto-accept
# Configure in .claude/settings.json
{
"permissions": {
"allow": [
"Read",
"Glob",
"Grep",
"Bash(pnpm test*)",
"Bash(pnpm lint*)",
"Bash(git status)",
"Bash(git diff*)"
]
}
}
Configuration for Cost Optimization
The token cost of permissions comes from two sources: the permission request itself (agent generating a description of what it wants to do) and the conversation round-trip (the context is re-sent when the user responds to the permission prompt).
Token cost per permission prompt:
Agent generates permission request: ~200-500 tokens
(includes: tool name, command, explanation of what it does)
User response (approve/deny): ~5-10 tokens
Context re-send on next turn: full conversation context
(at 80K context, this re-send costs 80K input tokens)
Effective cost per permission prompt:
Direct: 200-500 tokens
Indirect: 80K context re-send (which happens anyway on the next turn)
Real overhead: 200-500 tokens per prompt
Usage Examples
Basic Usage
# Check current permission settings
# Review .claude/settings.json for permission configuration
# Common allowlist for development (safe operations auto-accepted):
{
"permissions": {
"allow": [
"Read",
"Glob",
"Grep",
"Bash(pnpm test*)",
"Bash(pnpm lint*)",
"Bash(pnpm build*)",
"Bash(git status)",
"Bash(git diff*)",
"Bash(git log*)",
"Bash(ls *)",
"Bash(cat *)",
"Bash(wc *)"
]
}
}
Advanced: Cost-Saving Pattern
Calculate the token savings from permission mode optimization for a typical session.
Typical 20-turn session with 15 tool calls:
Default mode (no allowlist):
Permission prompts: ~10 of 15 calls require permission
Overhead: 10 * 350 tokens (avg) = 3,500 tokens
Plus: 10 additional round-trips in conversation flow
Some permission denials cause retries:
Retry rate: ~5% (1 in 20 prompts denied then retried)
Retry cost: ~2,000 tokens per retry
Total permission overhead: ~5,500 tokens per session
Allowlist mode (safe operations auto-accepted):
Permission prompts: ~3 of 15 calls require permission
(only file writes, destructive bash, and unknown commands)
Overhead: 3 * 350 = 1,050 tokens
Retry rate: ~2% (fewer interruptions = fewer confused retries)
Total permission overhead: ~1,250 tokens per session
Full auto-accept:
Permission prompts: 0
Overhead: 0 tokens
Total permission overhead: 0 tokens per session
Token Usage Measurements
| Permission Mode | Prompts per Session | Token Overhead | Monthly Cost (Opus, daily) |
|---|---|---|---|
| Default (all prompts) | 8-12 | 3,500-5,500 | $1.05-$1.65 |
| Allowlist (safe auto-accept) | 2-4 | 700-1,400 | $0.21-$0.42 |
| Full auto-accept | 0 | 0 | $0.00 |
The indirect cost – interruption to the agent’s flow causing suboptimal tool call sequences – is harder to quantify but often exceeds the direct token overhead. An agent that gets interrupted mid-workflow may restart a discovery cycle, costing 2,000-5,000 tokens in redundant work.
Comparison with Alternatives
| Mode | Security | Token Cost | Workflow Efficiency |
|---|---|---|---|
| Default (all prompts) | Highest | Highest (5,500/session) | Lowest (frequent interruptions) |
| Allowlist | High (safe ops auto-approved) | Medium (1,250/session) | High |
| Full auto-accept | Lowest | Lowest (0/session) | Highest |
| Hooks-based validation | High (programmatic checks) | Low (~100/session) | High |
The recommended approach for cost-conscious developers is the allowlist mode, which provides strong security (destructive operations still require approval) with minimal token overhead.
Troubleshooting
Allowlist patterns not matching – Permission patterns use glob-style matching. Bash(pnpm test*) matches pnpm test and pnpm test src/auth.test.ts but not npx pnpm test. Verify patterns match the exact command format Claude Code generates.
Too many permission prompts despite allowlist – The agent may be using tool variations not covered by the allowlist. Check which tools trigger prompts (they appear in the conversation) and add the specific patterns.
Security concerns with auto-accept – Never use --dangerously-skip-permissions on machines with production credentials, secrets, or access to sensitive systems. The allowlist approach provides a safe middle ground.
Set it up → Build your permission config with our Permission Configurator.
Related Guides
Estimate tokens → Calculate your usage with our Token Estimator.
Try it: Estimate your monthly spend with our Cost Calculator.
- Claude Code Hooks Guide – hooks-based permission control for advanced validation
- Claude Code Token Budget: How to Set Limits – budget controls that complement permission settings
Common Questions
How do I get started with claude code permission modes?
Begin with the setup instructions in this guide. Install the required dependencies, configure your environment, and test with a small project before scaling to your full codebase.
What are the prerequisites?
You need a working development environment with Node.js or Python installed. Familiarity with the command line and basic Git operations is helpful. No advanced AI knowledge is required.
Can I use this with my existing development workflow?
Yes. These techniques integrate with standard development tools and CI/CD pipelines. Start by adding them to a single project and expand once you have verified the benefits.
Where can I find more advanced techniques?
Explore the related resources below for deeper coverage. The Claude Code documentation and community forums also provide advanced patterns and real-world case studies.