Auto-approve
Auto-approve settings speed up your workflow by eliminating repetitive confirmation prompts, but they significantly increase security risks.
Auto-approve settings bypass confirmation prompts, giving Bob direct access to your system. This can result in data loss, file corruption, or worse. Command line access is particularly dangerous, as it can potentially run harmful operations that could damage your system or compromise security. Only enable auto-approval for actions you fully trust.
To auto-approve actions:
- Hover over the Auto-Approve toolbar above the chat input.
- Select which actions Bob can complete without asking for permission.
Available actions
When you auto-approve an action, Bob will complete the respective action without asking for permission.
| Action | Description | Risk level |
|---|---|---|
| Read | View your files and directory content | Medium |
| Write | Create, edit, and save files to your directory | High |
| Browser | Gather information from websites using an internet browser | High |
| MCP | Use MCP servers you have configured | Medium-High |
| Mode | Switch modes to complete a task | Low |
| Subtasks | Create and complete subtasks | Low |
| Execute | Run commands in your terminal | High |
| Question | After the time limit expires, select the first answer from the provided options. | Medium |
| Todo | Update the todo list | Low |
When to use auto-approve
Auto-approve is most beneficial in these scenarios:
- Repetitive development tasks: When you trust Bob's actions, such as generating basic code.
- Batch operations: When you need to process multiple files without interruption.
- Exploratory coding sessions: When you want to maintain flow without constant prompts.
- Local development environments: Where security risks are contained.
Understanding actions
Each action controls a specific workflow that Bob can complete.
Read
Bob accesses and reads files in your project without asking for permission.
This includes viewing file contents, listing directory structures, and searching through your codebase. This permission involves information gathering rather than making changes to your system.
Write
Bob creates, modifies, and deletes files without asking for permission.
Bob can apply code changes, refactor existing code, and manage file structure automatically. This directly modifies your codebase and involves high risk.
Browser
Bob can interact with websites through a headless browser without asking for permission.
Bob can navigate pages, click elements, fill forms, and capture screenshots to help with information gathering and web development tasks. Web automation can perform unexpected actions, including submitting forms, making purchases, or modifying data on websites. This action involves high risk.
MCP
Bob can use configured Model Context Protocol (MCP) servers without asking permission.
MCP servers provide additional tools and resources that extend Bob's capabilities. The risk level depends on what the specific MCP servers can access and modify.
Mode
Bob can change between different modes (Code, Plan, Ask, Advanced, Orchestrator) automatically based on task requirements.
This action involves workflow organization and does not affect system access.
Subtasks
Subtasks are separate task instances that Bob creates to break down complex work into manageable pieces. Bob can create and complete these subtasks automatically without asking for confirmation.
This permission relates to workflow organization rather than system access.
Execute
Bob can run terminal commands automatically without asking permission. This includes running build scripts, package managers, and other command-line tools.
Commands can complete system-level operations, and possibly run harmful processes. This action involves high risk.
Two-stage approval process
Execute auto-approval uses a two-stage security system:
- Top-level approval: Enable the Execute toggle in the auto-approve toolbar to allow command execution.
- Command-specific approval: Individual commands must be added to an allowed list before they can run automatically.
When Bob attempts to run a new command:
- You will get a prompt to approve or reject the command.
- You can choose to add the command pattern to your allowed list.
- Future commands matching that pattern will run automatically.
- This prevents unexpected or malicious commands from executing.
LLM risk detection
Bob includes AI-powered risk detection that analyzes commands before execution:
- The LLM evaluates each command for potential security risks.
- High-risk commands may require additional confirmation even with auto-approve enabled.
- This provides an extra layer of protection against dangerous operations.
- Risk assessment considers command structure, arguments, and potential system impact.
AST-based command validation
Bob uses Abstract Syntax Tree (AST) parsing to analyze command structure:
- Command chaining detection: Identifies attempts to chain multiple commands using
&&,||,;, or|. - Enhanced security: Prevents malicious command injection through chaining.
- Pattern matching: Validates commands against approved patterns more accurately.
- Safer auto-approval: Reduces risk of unintended command execution.
This multi-layered approach ensures that even with auto-approve enabled, dangerous or unexpected commands are caught before execution.
Question
Bob automatically selects the first suggested answer for a question after a timeout period.
This relates to workflow automation rather than system access.
Todo
Bob can automatically update the todo list without asking for permission.
This allows Bob to track progress and manage task completion as work proceeds. This permission relates to task management rather than system access.
Best practices for security
Follow these guidelines to use auto-approving actions safely:
- Start restrictive: Begin with minimal permissions and add more only as needed.
- Use project-specific settings: Customize auto-approve settings for each project based on risk tolerance.
- Disable when not needed: Turn off auto-approve when working with sensitive code or production systems.
- Review changes regularly: Periodically check what actions Bob has taken, especially file modifications.
- Never auto-approve in production: Restrict auto-approve settings to development environments only.
Chat interface
The chat interface is your main way to interact with Bob. You can open it by selecting the Bob icon beside the navigation bar. Bob understands natural language, allowing you to communicate with it as you would with a human developer, with no special commands required.
Modes
Modes are specialized personas that tailor Bob's behavior for your specific tasks. Each mode offers different capabilities and access levels to help you accomplish particular goals more efficiently.