Claude Code permission modes

Claude Code — the 4 permission modes

Cycle with Shift + Tab in any Claude Code session. The current mode shows in the input box footer.

#	Mode	Behaviour	When to use
1	Normal	Prompts for permission on every tool use.	Reviewing carefully; first time touching unfamiliar code.
2	Plan	Read-only. Claude proposes a plan; nothing executes until you accept.	Big tasks; before any destructive change; alignment check.
3	Auto-accept edits	File edits auto-approved. Shell/network/destructive tools still ask.	Trusted, scoped work; iterative refactors; well-defined tickets.
4	Bypass permissions	No prompts at all. Everything runs.	Sandboxed / containerised / RALPH-loop runs only.

  Shift+Tab →   Normal  →  Plan  →  Auto-accept edits  →  Bypass  →  (loop)

In ~/.claude/settings.json:

{
  "permissions": { "defaultMode": "default" }
}

Values: default · plan · acceptEdits · bypassPermissions (also auto in some builds — alias for accept-edits-style behaviour).

--dangerously-skip-permissions — CLI flag equivalent of mode 4. Use in containers / Docker sandbox / RALPH loops; nothing gates destructive actions.
--permission-mode acceptEdits — start a session directly in mode 3 (common for headless claude -p ... runs).

Default to mode 1 when learning a codebase or doing anything irreversible (db migrations, prod config).
Use mode 2 (Plan) as the first thing on any ticket more than a few files wide. Output a plan, then drop to mode 3 to execute.
Mode 3 is the cruise-altitude mode for engine work once the plan is set.
Mode 4 only with a safety net (container, sandbox, throwaway branch). Never on main.