Auto-approving actions in SourceCraft Code Assistant
Warning
This feature is only available in Visual Studio Code.
Enabling action auto-approval accelerates your workflow by eliminating repetitive confirmation prompts, but also significantly increases security risks.
Alert
Auto-approval settings bypass confirmation requests, granting Code Assistant direct access to your system, which could lead to data loss, file corruption, or even greater damage. Terminal access involves most risks, as Code Assistant may run potentially malicious operations that interfere with your system or compromise security. Only enable auto-approval for actions you deem fully credible.
Quick start
- Click the Auto-approve panel in the chat toolbar.
- Select which actions Code Assistant can perform without requesting permission.
- Use the toggle to the left of Auto-approve to quickly enable or disable permissions.
API request limit
In the Auto-approve settings, use the Max Requests input field to set the maximum number of API requests Code Assistant can execute automatically.
This helps prevent excessive API usage and unforeseen costs, e.g., when using high-priced models, testing new workflows, or running Code Assistant autonomously for extended periods.
By default, no limit is set.
Tip
Set a reasonable limit based on task complexity; e.g., 50 to 100 requests is sufficient for most tasks.
When the limit is exceeded, Code Assistant stops and displays a dialog allowing you to reset the counter and continue.
Available permissions
| Permission | Description | Risk level |
|---|---|---|
| Read | Allows Code Assistant to access files without requesting approval | Medium |
| Write | Allows Code Assistant to modify files without requesting approval | High |
| Execute | Automatically runs terminal commands from the whitelist | High |
| Browser | Allows access to the browser without requesting approval | Medium |
| MCP | Allows Code Assistant to use configured MCP servers | Medium to high |
| Mode | Automatically switches Code Assistant modes | Low |
| Subtasks | Manages subtasks without requesting confirmation | Low |
| Retry | Automatically retries failed API requests | Low |
Quickly enabling or disabling permissions
- Click the Auto-approve panel in the chat toolbar.
- Select which actions Code Assistant can perform without requesting permission.
- Use the toggle to the left of Auto-approve to quickly enable or disable permissions.
Permission settings are preserved when toggling.
For example, you can quickly disable auto-approval when working with sensitive code or enable it when rapidly iterating on a code change. This is also helpful when switching between code analysis and editing.
Note
Opening the Auto-approve menu temporarily disables auto-approval.
Advanced settings panel
- In the chat's top panel, click Settings.
- In the left-hand panel, navigate to Auto-approve.
- Select which actions Code Assistant can perform without requesting permission:
Read
When enabled, Code Assistant automatically scans directory contents and reads files without prompting you to click Approve. Risk: medium.
The additional Include files outside workspace option allows Code Assistant to read files you have access to outside the current working directory. Risk: medium.
Although this setting only allows reading (not modifying) files, it could potentially expose sensitive data. We recommend this practice as a starting point for most users; yet, be mindful of which files Code Assistant can access.
This option is disabled by default, i.e., Code Assistant can only read files within your current working directory.
Tip
Keep Include files outside workspace disabled unless you specifically need to grant access to external files.
Write
When enabled, Code Assistant automatically creates and edits files without prompting you to click Approve. Risk: high.
Additional options:
-
Include files outside workspace: Allows Code Assistant to modify files you have access to outside the current working directory.
-
Include protected files: Allows Code Assistant to modify files normally protected by
.codeassistantignoreand the.codeassistant/directory, as well as Code Assistant configuration files, e.g.,package.json,tsconfig.json, etc., if they contain Code Assistant settings. -
Delay after writes: Introduces a delay after writes to diagnose potential issues:
1000 ms: Default value, suitable for most projects with active diagnostics.2000 ms or more: Recommended for complex projects where diagnostics take longer.0 ms: Use when speed is critical.1000 ms: Use only in controlled environments.
When you enable auto-approval for file writes, the delay timer integrates with the Problems panel in VS Code:
- Code Assistant makes changes in your file.
- VS Code diagnostic tools analyze the changes.
- The Problems panel updates with any errors or warnings.
- Code Assistant detects these issues before proceeding.
This brings a pause for the developer to review errors after code changes. You can adjust the delay based on:
- Project complexity.
- Language server performance.
- Criticality of error detection for your workflow.
Browser
When enabled, Code Assistant automatically performs browser actions without prompting you to click Approve, including opening websites, navigating pages, and interacting with web elements. Risk: medium.
Note
This setting only applies if supported by the AI model.
Retry
When enabled, Code Assistant automatically retries failed API requests without prompting you to click Approve if the server returns an error. Risk: low.
The additional Delay before retrying the request option sets the wait time before a retry attempt. The default value is 10 seconds.
The retry mechanism uses exponential backoff:
- The Delay before retrying the request value is the initial delay.
- Subsequent delays follow this formula:
min(baseDelay * 2^retryAttempt, 600). - The maximum delay is 600 seconds.
Here is an example retry sequence with an initial delay of ten seconds:
- Retry 1: 10 seconds
- Retry 2: 20 seconds
- Retry 3: 40 seconds
- Retry 4: 80 seconds
- Retry 5: 160 seconds
- Retry 6: 320 seconds
- Retry 7 and subsequent retries: 600 seconds
This helps prevent API overload while recovering from transient errors.
MCP
When enabled, Code Assistant automatically uses individual tools from configured MCP servers without prompting you to click Approve. Risk: medium to high, depending on the configured MCP tools.
For security, this setting requires two-step approval:
- On the Auto-approve panel, enable MCP.
- Expand the required MCP server's menu and select the Auto-Run option for the relevant tools.
The system will save your permissions and apply them the next time Code Assistant uses MCP tools.
Mode
When enabled, Code Assistant automatically switches between different modes without prompting you to click Approve. Risk: low.
Subtasks
When enabled, Code Assistant automatically creates and completes subtasks without prompting you to click Approve. Risk: low.
Execute
When enabled, Code Assistant automatically runs allowed terminal commands without prompting you to click Approve. Risk: high.
Under Allowed Auto-Execute Commands, add the prefix of a command you want to auto-execute and click Add. Repeat this for all commands you want to run automatically. Add the * prefix to allow all commands (use this with extreme caution).
To remove a command prefix, click to its right.
Tip
- Use a whitelist with specific command prefixes.
- Never use the
*prefix in production environments or when handling sensitive data. - Carefully evaluate the security implications of each command you allow.
- Always review commands that interact with external systems.
- Be very specific with prefixes, e.g., instead of allowing all
pythoncommands, restrict topython -m pytestfor test execution only.
Here is an example of a command whitelist:
git: Running version control operations.npm run: Running scripts frompackage.json.python -m pytest: Running Python tests.cargo test: Running Rust tests.go test: Running Go tests.docker ps: Listing Docker containers.ls: Listing directory contents.cat: Displaying file contents.