> ## Documentation Index
> Fetch the complete documentation index at: https://docs.synti.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Permissions

> How Synti's permission modes and rules control exactly what the agent is allowed to do.

Permissions decide how much freedom the agent has in a [conversation](/core-concepts/conversations) — from strictly read-only research to fully autonomous execution. Synti gives you three permission modes you can switch between instantly, plus configurable rules for the times you want finer control. This page explains each mode, how dangerous operations are handled, and how to tailor permissions to your workflow.

## Switching modes

Cycle through the three permission modes at any time with **Shift+Tab**. The active mode is stored with the conversation, so a thread keeps its setting until you change it.

## The three modes

### Explore (read-only)

Explore restricts the agent to gathering information. It can read files, search with patterns, run read-only commands, and browse the web — but every write is blocked. File edits, mutating shell commands, and changes through external sources are all disallowed. Use Explore to research, audit, or plan without any risk of changes.

### Ask to Edit (default)

Ask to Edit is the balanced default. It lets the agent act, but keeps you in the loop with a three-tier approval system:

* **Safe operations** run automatically without prompting.
* **Regular operations** pause for your approval, offering **yes**, **no**, or **always allow** so you can pre-approve similar actions.
* **Dangerous operations** require your explicit approval every single time — "always allow" is not offered for them.

### Execute (full autonomy)

Execute removes the approval prompts and lets the agent run uninterrupted. It's ideal for trusted, well-scoped automation, but it hands the agent significant freedom.

<Warning>
  Execute mode bypasses permission prompts entirely. Only use it when you fully trust the operations the agent will perform.
</Warning>

## Dangerous operations

Some actions are treated as high-risk no matter the mode and always require individual approval — they can never be auto-approved:

| Category             | Examples             |
| -------------------- | -------------------- |
| File deletion        | `rm`, `rmdir`        |
| Privilege escalation | `sudo`, `su`         |
| System control       | `reboot`, `shutdown` |
| Remote access        | `ssh`, `scp`         |

## Customizing permissions

You can shape permissions to fit your workflow in two ways.

### Just ask

The simplest approach is to tell the agent in plain language, for example: *"Allow `npm build` in Explore mode."* Synti records the rule for you.

### Configuration rules

For precise, durable control, permissions are defined as JSON rules that cascade across three levels:

* **App** — defaults for the whole application.
* **Workspace** — overrides for a specific workspace.
* **Source** — rules scoped to an individual source.

Rules can whitelist shell command patterns, MCP tool operations, REST API endpoints, and writable paths. Because they cascade, a broad app-level default can be tightened or loosened at the workspace or source level.

<Note>
  Permissions work together with the [working directory](/core-concepts/working-directory) and sources: the mode decides *whether* an action is allowed, while those settings decide *where* and *what* the agent can reach.
</Note>

## Choosing a mode

<Tip>
  Start new or unfamiliar tasks in **Explore** to review the plan safely, move to **Ask to Edit** once you're ready for changes, and reserve **Execute** for automation you've already vetted.
</Tip>
