How it works
Auto Approve is evaluated per tool call. When Cline is about to read a file, edit a file, run a command, or use the browser, Cline checks your Auto Approve settings for that category. A few details matter in practice:- Workspace vs outside your workspace: “Read all files” and “Edit all files” only extend the base toggle. If the base toggle is off, the “all files” option does nothing.
- Terminal commands: Cline treats terminal commands as either safe or requiring approval. “Execute safe commands” covers the first category. “Execute all commands” extends this to commands flagged as requiring approval.
- Notifications: If enabled, Cline sends OS-level notifications when approval is required, and when an auto-approved terminal command has been running for 30 seconds and may need attention.
YOLO mode bypasses these granular approvals.
Permissions
These labels match what you see in the Auto Approve menu.| Setting | What it allows | Notes |
|---|---|---|
| Read project files | Read files, list files, search in your workspace | Good default for most tasks |
| Read all files | Read files outside your workspace | Requires “Read project files” |
| Edit project files | Create and edit files in your workspace | Consider using checkpoints |
| Edit all files | Edit files outside your workspace | Requires “Edit project files” |
| Execute safe commands | Run terminal commands marked safe | Can still run long |
| Execute all commands | Run commands marked as requiring approval | Requires “Execute safe commands” |
| Use the browser | Allows use of the browser tool for web fetching and searching | Proxy issues can apply |
| Use MCP servers | Use MCP tools and access MCP resources | Some servers also have per-tool auto-approve |
| Enable notifications | Notifies you about long-running auto-approved commands | Helpful for terminal work |
Networking & proxies
If browser-based tools fail in corporate networks, this page covers the common fixes.
Safe vs approval-required command examples
Cline does not use a fixed allowlist of safe or unsafe commands. The model marks each command with arequires_approval flag based on the command and its arguments, and Auto Approve uses that flag.
These are examples, not guarantees.
Commonly treated as safe
| Example | Why it is usually safe |
|---|---|
npm run build | Build output, no direct file deletions |
npm test | Runs tests |
git status | Read-only |
ls -la | Read-only |
cat package.json | Read-only |
Commonly requires approval
| Example | Why it often needs approval |
|---|---|
npm install <pkg> | Modifies dependencies and lockfiles |
rm -rf <path> | Deletes files |
mv <a> <b> | Moves files (can overwrite) |
sed -i ... | In-place file edits |
curl https://... | Downloads and executes remote code |
Whether a command is treated as safe depends on the exact command, flags, and the current task. When in doubt, keep command auto-approval off and approve commands manually.
Enable notifications
Auto-approved actions can run for a while, especially long terminal commands. If you enable notifications, Cline can notify you when an auto-approved command has been running for a while and may need attention.Recommendations
A good default setup is:- Enable Read project files
- Leave Edit project files, Execute safe commands, Use the browser, and Use MCP servers off until you have a specific reason to enable them