Skip to content
My Docs My Docs Letta Docs
DiscordForumGitHubSign up
Features
Permissions

Permissions

Control what tools your agent can use

By default, Letta Code operates with human-in-the-loop - every tool call requires your approval before execution. This keeps you in control while the agent works.

Permission modes

Section titled “Permission modes”

You can adjust how much approval is required:

ModeBehavior
defaultPrompt for approval on every tool call
acceptEditsAuto-allow file edits, prompt for others
planRead-only mode, no file modifications
bypassPermissions (yolo)Auto-allow everything (use with caution)

Using permission modes

Section titled “Using permission modes”
Auto-allow edits
letta -p "Fix the type errors" --permission-mode acceptEdits
Read-only analysis
letta -p "Review this codebase" --permission-mode plan
Bypass all prompts
letta -p "Run the full test suite and fix failures" --yolo

The --yolo flag is shorthand for --permission-mode bypassPermissions.

Fine-grained control

Section titled “Fine-grained control”

Allow/deny specific patterns

Section titled “Allow/deny specific patterns”

Control permissions for specific tool invocations:

Allow specific commands
letta --allowedTools "Bash(npm run lint),Bash(npm run test)"
Block dangerous patterns
letta --disallowedTools "Bash(rm -rf:*)"

Persistent rules

Section titled “Persistent rules”

Set rules in .letta/settings.json that apply every session:

.letta/settings.json
{
  "permissions": {
    "allow": [
      "Bash(pnpm lint)",
      "Bash(pnpm test)",
      "Read(src/**)"
    ],
    "deny": [
      "Bash(rm -rf:*)",
      "Bash(git push --force:*)",
      "Read(.env)"
    ]
  }
}

Pattern syntax

Section titled “Pattern syntax”
PatternMatches
ToolNameAll uses of a tool
ToolName(pattern)Specific arguments
**Wildcard for paths
:*Wildcard for command arguments

Restricting available tools

Section titled “Restricting available tools”

Separately from permissions, you can control which tools are loaded at all using --tools:

Only load read-only tools
letta -p "Analyze this code" --tools "Read,Glob,Grep"
No tools (conversation only)
letta -p "Explain this concept" --tools ""

This removes tools from the agent’s context entirely, not just permission-gating them.

Best practices

Section titled “Best practices”
  1. Start with defaults - Human-in-the-loop is safest while learning
  2. Pre-approve common commands - Add your lint/test scripts to the allow list
  3. Use plan mode for review - Safe way to analyze code without modifications
  4. Reserve —yolo for trusted contexts - Automated pipelines, sandboxed environments