Claude Code implements a sophisticated tiered permission model to balance speed and safety:
| Tier | Actions | Approval |
|---|---|---|
| Read-Only | File reads, grep, directory listing | Auto-approved |
| Write | File edits, new file creation | Per-session or per-project approval |
| Bash/Execute | Shell commands, npm scripts | Requires explicit approval |
| Destructive | File deletion, git operations | Always requires manual approval |
Auto Mode is an AI-powered risk classifier that sits between Claude and your machine. It evaluates each proposed action for risk level and automatically approves low-risk operations while blocking dangerous ones — eliminating "permission fatigue" without sacrificing safety.
Hooks are deterministic code that executes automatically during Claude Code's lifecycle. Configure them in .claude/settings.json:
For team-based workflows, the --permission-prompt-tool CLI flag lets you route approval requests to external systems like Slack, email, or custom webhooks. This enables delegated oversight — a senior engineer can approve risky operations from their phone while Claude Code continues working.