The Gemini CLI provides flexible control over how tool calls are authorized, balancing developer velocity with safety.
Approval Modes
The --approval-mode flag determines when the agent needs your permission to act:
- Default: The safest mode. The agent asks for confirmation before every tool execution (file writes, shell commands, etc.).
- auto_edit: Automatically approves file modification tools (like
replaceorwrite_file) but still requires confirmation for shell commands or other potentially side-effect-heavy actions. Ideal for rapid refactoring where you trust the file operations but want to gate execution. - yolo: "You Only Look Once". Automatically approves all tool calls. This provides the fastest feedback loop but requires the highest trust. Use with caution!
Restricting Capabilities
To mitigate risk, especially in automated modes, use the --allowed-tools flag. For example, --allowed-tools read_file,search_file_content creates a read-only agent, safe to run in YOLO mode for analysis tasks.
Safety Best Practices
Always use git to version your code before running in auto_edit or yolo mode. If the agent makes a mistake, you can simply git checkout . to revert.