Permissions

Features

Control what tools your agent can use

By default, Letta Code operates with human-in-the-loop. Every tool call requires your approval before execution. This keeps you in control while the agent works.

Permission modes

You can adjust how much approval is required:

Mode	Behavior
`default`	Prompt for approval on every tool call
`acceptEdits`	Auto-allow file edits, prompt for others
`plan`	Read-only mode, no file modifications
`bypassPermissions` (`yolo`)	Auto-allow tool calls except `ExitPlanMode`, which still requires manual approval

Using permission modes

letta -p "Fix the type errors" --permission-mode acceptEdits

letta -p "Review this codebase" --permission-mode plan

letta -p "Run the full test suite and fix failures" --yolo

The --yolo flag is shorthand for --permission-mode bypassPermissions. ExitPlanMode still requires manual approval so you can explicitly approve or reject the plan.

In letta server, permission mode is tracked per conversation and restored after server restarts.

Fine-grained control

Allow/deny specific patterns

Control permissions for specific tool invocations:

letta --allowedTools "Bash(npm run lint),Bash(npm run test)"

letta --disallowedTools "Bash(rm -rf:*)"

Persistent rules

Set rules in .letta/settings.json that apply every session:

{
 "permissions": {
 "allow": [
 "Bash(pnpm lint)",
 "Bash(pnpm test)",
 "Read(src/**)"
 ],
 "deny": [
 "Bash(rm -rf:*)",
 "Bash(git push --force:*)",
 "Read(.env)"
 ]
 }
}

Pattern syntax

Pattern	Matches
`ToolName`	All uses of a tool
`ToolName(pattern)`	Specific arguments
`**`	Wildcard for paths
`:*`	Wildcard for command arguments

Restricting available tools

Separately from permissions, you can control which tools are loaded at all using --tools:

letta -p "Analyze this code" --tools "Read,Glob,Grep"

letta -p "Explain this concept" --tools ""

This removes tools from the agent’s context entirely, not just permission-gating them.