Switching modes
Cycle through the three permission modes at any time with Shift+Tab. The active mode is stored with the conversation, so a thread keeps its setting until you change it.The three modes
Explore (read-only)
Explore restricts the agent to gathering information. It can read files, search with patterns, run read-only commands, and browse the web — but every write is blocked. File edits, mutating shell commands, and changes through external sources are all disallowed. Use Explore to research, audit, or plan without any risk of changes.Ask to Edit (default)
Ask to Edit is the balanced default. It lets the agent act, but keeps you in the loop with a three-tier approval system:- Safe operations run automatically without prompting.
- Regular operations pause for your approval, offering yes, no, or always allow so you can pre-approve similar actions.
- Dangerous operations require your explicit approval every single time — “always allow” is not offered for them.
Execute (full autonomy)
Execute removes the approval prompts and lets the agent run uninterrupted. It’s ideal for trusted, well-scoped automation, but it hands the agent significant freedom.Dangerous operations
Some actions are treated as high-risk no matter the mode and always require individual approval — they can never be auto-approved:Customizing permissions
You can shape permissions to fit your workflow in two ways.Just ask
The simplest approach is to tell the agent in plain language, for example: “Allownpm build in Explore mode.” Synti records the rule for you.
Configuration rules
For precise, durable control, permissions are defined as JSON rules that cascade across three levels:- App — defaults for the whole application.
- Workspace — overrides for a specific workspace.
- Source — rules scoped to an individual source.
Permissions work together with the working directory and sources: the mode decides whether an action is allowed, while those settings decide where and what the agent can reach.