Control what Claude can do before it does it. Use Plan Mode to review an approach first, and permission rules to pre-approve safe actions while gating risky ones.
Why: Plan Mode makes Claude research read-only and propose a plan instead of editing right away — you approve the approach before any change lands. When: use it for anything non-trivial or unfamiliar, so you catch a wrong direction early. Where: enter it with Shift+Tab or start the session in it.
# Toggle Plan Mode mid-session: press Shift+Tab until it shows "plan mode"
# Or start in Plan Mode:
claude --permission-mode plan "refactor the auth flow to use sessions"
# Claude investigates, presents a plan, and waits for your approval
# before touching a single file.Why: each mode trades safety for speed differently — pick the one that matches how much you trust the task. When: use auto-accept for tight loops you are watching, default for normal work, and never leave bypass on unattended. Where: cycle them with Shift+Tab or set a starting mode with --permission-mode.
default — Asks before edits and commands. The safe default.acceptEdits — Auto-applies file edits (still asks for risky commands). Good for fast iteration you are watching.plan — Read-only. Claude proposes a plan and changes nothing until you approve.bypassPermissions — Skips all prompts. Powerful and dangerous — only in a sandbox you trust, never unattended.Speed ◄─────────────────────────────────► Safety
bypassPermissions acceptEdits default planWhy: approving every git status is tedious, so allowlist the safe stuff and let Claude move without interrupting you. When: add read-only and routine commands to allow, and put destructive ones in ask or deny. Where: /permissions opens this; it is stored in settings.json.
// .claude/settings.json
{
"permissions": {
"allow": [
"Bash(git status:*)",
"Bash(git diff:*)",
"Bash(pnpm test:*)",
"Read(./src/**)"
],
"ask": ["Bash(git push:*)"],
"deny": ["Read(./.env)", "Bash(rm -rf:*)"]
}
}