Execution Modes & Permissions
Understanding different execution modes and when to use them
Verdent for VS Code provides multiple execution modes that control how the AI interacts with your files and executes commands. Each mode offers different trade-offs between control, speed, and safety.
What You'll Learn
- How each execution mode works and when to use it
- Permission models and safety considerations
- Mode comparison and switching strategies
- Think Hard Mode for complex reasoning tasks
Key Modes Available
Manual Accept Mode
Default mode with permission requests for every protected operation. Maximum control and oversight.
Auto-Run Mode
Automatic file operations, permission required for commands. Balances speed and safety.
Skip Permission Mode
Full autonomy for isolated environments. No permission prompts for anything.
Plan Mode
Read-only planning mode. Review complete plan before execution begins.
Execution Modes
Manual Accept Mode is the default execution mode that provides control over file modifications and command execution.
Automatic Operations:
- File reading and code analysis
- Directory browsing
Requires Permission:
- File editing (create, modify, delete)
- Command execution (terminal commands, tests, builds)
When Verdent needs to perform a protected operation, it shows what action it wants to take and which file/command is involved. You can Accept or Reject each operation.
Important: Each permission is for that specific operation only. Manual Accept Mode requires approval for every protected operation throughout the session.
When to Use
- Learning Verdent's capabilities and workflow patterns
- Working in unfamiliar codebases requiring careful oversight
- Critical changes to production code or security-sensitive areas
- Compliance requirements needing explicit approval trails
Activation
Manual Accept Mode is active by default. To switch back:
Open Permission Menu
Click "Switch Permission" button in Input Box
Select Manual Accept Mode
Choose "Manual Accept Mode" from the dropdown
Verify Activation
Button displays "Manual" to confirm mode is active
Safety Considerations
Advantages:
- First-use approval per tool type (file edits, commands, tools)
- Complete visibility before granting access
- Maximum control and transparency
Limitations:
- After first approval of a tool type, subsequent uses proceed without prompts
- Approval is per tool type, not per operation
- Start new sessions when working on critical code to reset tool approvals
Auto-Run Mode automatically approves file operations while requiring permission for commands. This reduces permission prompts for routine file work while maintaining safety for risky operations.
Automatic:
- File reading, editing, creating, deleting within workspace
- Moving, renaming, organizing files within workspace
- File search and navigation operations
Requires Permission:
- Any command involving paths outside the current workspace
- Dangerous bash commands:
rm -rf,git commit,git push, etc. - Command execution (terminal, scripts, builds)
- Package installation and system modifications
When to Use
| Use Auto-Run For | Don't Use For |
|---|---|
| Trusted codebases with version control | Unfamiliar codebase |
| Rapid prototyping and experimentation | Critical production code |
| Multi-file refactoring (15+ files = 15 prompts saved) | No version control safety net |
| Focused development minimizing interruptions | Compliance requirements |
Activation
Open Permission Menu
Click "Switch Permission" button showing current mode
Select Auto-Run Mode
Choose "Auto-Run Mode" from the dropdown
Verify Activation
Button displays "Auto" to confirm mode is active
Persists across sessions and VS Code restarts. Applies globally to all workspaces.
Example Workflow
Building a POST /api/tasks endpoint:
- Activate Auto-Run Mode
- Submit: "Create POST /api/tasks endpoint that validates category exists, saves to database"
- Verdent reads 5+ files, modifies 3 files automatically (no prompts)
- Review changes in Source Control panel
- Request tests: "Run the tests for the tasks API"
- Permission prompt for
npm testcommand - Accept - Add validation: "Add validation for empty titles"
- Verdent edits automatically (no prompt)
- Request tests again - Permission prompt - Accept
- Review diffs, commit changes
Result: 3 command prompts, 0 file prompts. Manual Accept would require 4 additional file prompts.
Safety Considerations
Advantages:
- Changes immediately visible in VS Code
- Workspace-scoped (cannot affect system files)
- Git provides rollback safety
Risks:
- No file operation oversight
- Unexpected scope ("Rename User to Account" might modify dozens of files)
- File deletion possible during cleanup
- Could modify sensitive files if prompted
Mitigation:
- Use clear, specific prompts
- Review Source Control panel after completions
- Commit frequently for clean checkpoints
- Use Plan Mode for complex operations first
- Configure .gitignore to protect sensitive files
Skip Permission Mode bypasses all permission prompts, allowing complete autonomy. Only use in isolated, disposable environments.
All Operations Automatic:
- File operations
- Command execution
- Package installation
- System-level operations
This mode removes all safety guardrails. Only use in completely isolated, disposable environments where mistakes have no consequences. Never use in production or any codebase you care about.
When to Use
| Use Skip Permission For | NEVER Use For |
|---|---|
| Automated CI/CD pipelines in isolated containers | Production environments |
| Disposable development containers (deleted after experimentation) | Development environments with important code |
| Sandbox environments with no production connections | Any codebase you care about |
| Scripted workflows where human approval defeats purpose | Shared repositories |
| Environments with sensitive data |
Activation
Open Permission Menu
Click "Switch Permission" button
Select Skip Permission Mode
Choose "Skip Permission Mode" from the dropdown
Verify Activation
Button displays "Skip" to confirm mode is active
Safety Check Before Activating:
- Is this a disposable container or VM?
- Can this environment be deleted without consequences?
- Is there any production or important code here?
If "no" to first two or "yes" to third, do NOT activate.
Safety Warnings
ALL safety guardrails removed:
- Commands execute immediately with system permissions
- Files can be modified or deleted without warning
- Database operations, Git operations (including force push) proceed without approval
- Could install malicious packages or expose credentials
Only Safe When:
- Environment is completely disposable
- No important code or data exists
- No connection to production systems
- You accept anything can be destroyed
Plan Mode
Plan Mode is a read-only interaction mode where Verdent analyzes code, creates detailed plans, and asks clarifying questions, but cannot modify files or execute commands until you approve.
How It Works
- Analysis - Reads files automatically
- Planning - Creates structured plan with todo list
- Clarification - Asks questions to remove uncertainty
- Approval - You review and decide to proceed
- Execution - Switches to your permission mode to execute
Plan shows files to modify, implementation steps, dependencies, and verification strategy.
When to Use
- Complex multi-file changes (understand scope before committing)
- Unfamiliar codebases (safe exploration without risk)
- Architectural decisions (review approach before implementation)
- Avoiding Manual Accept fatigue (review once vs 50 individual prompts)
- High-stakes production changes (full visibility before execution)
Activation
Open Mode Menu
Click "Switch Mode" button in Input Box
Select Plan Mode
Choose "Plan Mode" from the dropdown
Verify Activation
Mode indicator changes to "Plan" to confirm mode is active
When active, Verdent analyzes and creates plans but won't modify files or execute commands until you approve. After approval, switches to your default permission mode (Manual Accept or Auto-Run).
Safety Considerations
Advantages:
- Zero execution risk during planning
- Full visibility before committing
- Interactive clarification removes uncertainty
- Safe for production analysis
Limitations:
- Approval doesn't guarantee correctness (plans can have logical errors)
- Execution safety depends on chosen permission mode after approval
- Plan quality depends on prompt clarity
Best Practices:
- Review plans for logical errors or misunderstandings
- Ask follow-up questions if unclear
- Refine prompts before approving execution
- Consider which permission mode will execute (Manual Accept for oversight, Auto-Run for speed)
Think Hard Mode
Think Hard Mode allocates maximum computational resources for complex reasoning tasks. The model explores multiple approaches and provides more thorough solutions.
Characteristics:
- Extended reasoning time
- Deeper analysis of multiple solution approaches
- Better handling of complex logic, edge cases, architectural decisions
- Higher credit cost per request
When to Use
| Use Think Hard Mode For | Don't Use For |
|---|---|
| Complex architectural decisions with multiple trade-offs | Simple, straightforward tasks |
| Sophisticated debugging with multiple potential causes | Time-sensitive requests |
| Algorithm design requiring optimization analysis | Limited credit budget |
| Critical business logic where correctness is paramount | When standard mode is adequate |
| Performance optimization of complex bottlenecks |
Activation
Include thinking keywords in your prompt:
Think: Design the optimal database schema for this multi-tenant SaaS applicationOr for maximum reasoning:
Ultrathink: Analyze the trade-offs between different authentication approaches"Think" and "ultrathink" are Claude model-specific capabilities. These keywords activate deeper reasoning in Claude models (Sonnet, Opus) but may not work with other AI providers (GPT-5, MiniMax).
Per-request activation only - not persistent like Manual Accept or Auto-Run.
Mode Comparison
| Mode | Control | Speed | Best For | Avoid When |
|---|---|---|---|---|
| Manual Accept | Maximum | Slowest | Learning, unfamiliar code, critical changes | Trusted projects, rapid iteration |
| Auto-Run | Moderate | Fast | Trusted codebases, prototyping, multi-file work | Unfamiliar code, no version control |
| Skip Permission | None | Fastest | CI/CD, disposable containers, sandboxes | Production, important code |
| Plan Mode | Review-First | N/A | Complex changes, architectural decisions | Simple tasks |
| Think Hard | Per-Request | Slower | Complex reasoning, algorithms, critical logic | Simple tasks, time-sensitive |
When to Use Each Mode
| Scenario | Manual Accept | Auto-Run | Skip Permission | Plan Mode |
|---|---|---|---|---|
| Learning Verdent | ✓ | |||
| Unfamiliar codebase | ✓ | ✓ | ||
| Trusted codebase with Git | ✓ | |||
| Critical/production code | ✓ | ✓ | ||
| Rapid prototyping | ✓ | |||
| Multi-file refactoring | ✓ | |||
| Complex architectural planning | ✓ | |||
| CI/CD pipelines (isolated) | ✓ | |||
| Disposable containers | ✓ | |||
| Compliance requirements | ✓ |
Safety Best Practices
Safety Hierarchy (Most to Least Safe)
Understanding the safety ranking of each mode helps you choose appropriately for different risk levels.
- Plan Mode - Read-only until approved. Zero execution risk during planning.
- Manual Accept Mode - Per-operation control with first-use approval per tool type.
- Auto-Run Mode - File autonomy with command approval. Git safety net required.
- Skip Permission Mode - Full autonomy. Isolated environments only.
Match your mode to the risk level: critical code uses safest modes (Plan, Manual Accept), trusted code uses faster modes (Auto-Run), disposable environments use fastest mode (Skip Permission).
General Best Practices
Essential practices that apply regardless of which execution mode you're using.
For All Modes:
- Use Version Control - Initialize Git before using permissive modes, commit frequently, review diffs before committing
- Write Clear Prompts - Be specific about scope, specify file boundaries explicitly, use @-mentions for context
- Review Before Committing - Check Source Control panel after completions, review all diffs carefully, test changes
- Start Fresh Sessions - Clear context between major tasks, reset tool approvals for sensitive work, avoid context contamination
- Match Mode to Risk - Critical code → Manual Accept or Plan Mode, trusted code → Auto-Run, experiments → Auto-Run with Git, disposable → Skip Permission only
Security Reminders:
- Never commit sensitive files (.env, credentials)
- Configure .gitignore before using Auto-Run
- Review command permissions carefully
- Use Plan Mode for changes affecting security
- Fresh sessions reset tool approvals in Manual Accept
Progressive Permission Model
Understanding how Verdent's permission system works helps you use it effectively.
How it works:
- First use - System requests permission when you first use each tool type (file edits, command executions, tool usage)
- Subsequent uses - After initial approval, that tool type proceeds without prompts for the rest of the session
- New session - Starting a new session resets all approvals, allowing you to start fresh
Key principle: This model balances security with productivity. You review and approve tool types once, then work efficiently within that approval context. For sensitive work, start a new session to reset approvals.
To reset approvals: Start a new session