How It Works
Auto Approve is evaluated per tool call. When Cline is about to read a file, edit a file, run a command, or use the browser, he checks your Auto Approve settings for that category. A few details matter:- Workspace vs outside workspace: “Read all files” and “Edit all files” only extend the base toggle. If the base toggle is off, the “all files” option does nothing.
- Terminal commands: Cline treats commands as either safe or requiring approval. “Execute safe commands” covers safe commands. “Execute all commands” extends to commands flagged as requiring approval.
- Notifications: If enabled, Cline sends OS-level notifications when approval is required, and when an auto-approved terminal command has been running for 30 seconds.
Permissions
| Setting | What It Allows |
|---|---|
| Read project files | Read files, list files, search in your workspace |
| Read all files | Read files outside your workspace (requires base toggle) |
| Edit project files | Create and edit files in your workspace |
| Edit all files | Edit files outside your workspace (requires base toggle) |
| Execute safe commands | Run terminal commands marked safe |
| Execute all commands | Run commands requiring approval (requires base toggle) |
| Use the browser | Browser tool for web fetching and searching |
| Use MCP servers | MCP tools and resources |
| Enable notifications | Notifies you about long-running commands |
Safe vs Approval-Required Commands
Cline does not use a fixed allowlist. The model marks each command with arequires_approval flag based on the command and arguments. These are examples, not guarantees.
Commonly treated as safe:
npm run build,npm test- Build/test outputgit status,ls -la,cat package.json- Read-only commands
npm install <pkg>- Modifies dependenciesrm -rf <path>- Deletes filesmv <a> <b>- Moves files (can overwrite)sed -i ...- In-place file edits
Recommendations
A good default setup:- Enable Read project files
- Leave edits, commands, browser, and MCP off until you have a specific reason
YOLO Mode
YOLO mode is Auto Approve on steroids. Check the box and Cline auto-approves everything: file changes, terminal commands, browser actions, MCP tools, even mode transitions.Warning: This is dangerous. YOLO mode disables all safety checks. Cline executes whatever he decides without asking permission.
What Gets Auto-Approved
When YOLO mode is enabled:- All file operations anywhere on your system
- All terminal commands including potentially destructive ones
- Browser actions
- MCP server tools
- Mode transitions (Plan to Act)
When to Use YOLO Mode
Rapid prototyping where you want zero friction and don’t care about potential mistakes. Perfect for throwaway experiments. Trusted, repetitive tasks where you’ve validated Cline’s approach and want to eliminate approval overhead. Demonstration purposes where you want to show Cline’s capabilities without interruptions.What Could Go Wrong
Cline could:- Delete important files without warning
- Execute commands that modify system settings
- Make network requests to external services
- Overwrite configuration files
- Install or uninstall packages
- Commit and push changes to version control
Best Practices for YOLO Mode
- Start with isolated environments. Use throwaway projects or sandboxed environments first.
- Be specific with requests. Vague instructions + unlimited permissions = unpredictable results.
- Monitor the output. Cline still shows what he’s doing. Watch the terminal and file changes.
- Keep version control handy. Git becomes your safety net.