Interactive Tool Approval

When an agent calls a sensitive or external tool, PraisonAI can pause and ask you before it runs. Your choices can be saved as project rules for next time.

Quick Start

from praisonaiagents import Agent

agent = Agent(
    name="Coder",
    instructions="Edit files as requested",
    approval=True,
)
agent.start("Refactor utils.py")

With the CLI:

praisonai --approval console run "Refactor utils.py"

You will see a prompt like:

⚠ Tool Approval Required
Tool: edit(path='utils.py', ...)
Risk: medium
Agent: Coder

Options:
  [a] Allow once
  [A] Always allow (persist rule)
  [d] Deny
  [D] Always deny (persist rule)

Your choice:

When approval is required

Approval runs when any of these apply:

The agent has approval=True (or a CLI --approval backend)
The tool is in the default dangerous-tools list (e.g. bash, write, delete)
The tool has trust_level == "external" in the tool registry

Approval modes

CLI flag	`PermissionMode`	Value	Behaviour
`--approval console`	`DEFAULT`	`default`	Prompt for each sensitive call
`--approval plan`	`PLAN`	`plan`	Block write, edit, delete, bash, shell
`--approval accept-edits`	`ACCEPT_EDITS`	`accept_edits`	Auto-approve edit/write tools
`--approval bypass`	`BYPASS`	`bypass_permissions`	Skip all checks

The CLI uses --approval bypass but the enum value is bypass_permissions.

Persistence

Press [A] or [D] to write a PermissionRule to .praisonai/permissions/rules.json (priority 100, scoped to the project directory). Manage rules with:

praisonai permissions list
praisonai permissions allow "bash:git *"

File	Shared?
`rules.json`	Yes — commit for team rules
`approvals.json`	No — local session data

Non-interactive and CI

praisonai --yes --approval console run "Check deployment"
PRAISONAI_NON_INTERACTIVE=1 praisonai --approval console run "Check deployment"

Without a TTY, prompts default to deny so CI pipelines fail closed.

Best practices

Start with plan for new repos

Use --approval plan until you trust the agent’s behaviour in a codebase.

Review external tools

Tools marked external always prompt — verify third-party integrations before allowing.

Share rules.json in git

Permissions CLI

praisonai permissions reference

Permission Modes

All modes for agents and CLI

Permissions Module

Python SDK API

​Quick Start

​When approval is required

​Approval modes

​Persistence

​Non-interactive and CI

​Best practices

​Related

Permissions CLI

Permission Modes

Permissions Module

Quick Start

When approval is required

Approval modes

Persistence

Non-interactive and CI

Best practices

Related