Tool approvals
In Normal interaction mode, Ironspire gates tool execution behind an approval step. The agent proposes a tool call, and you decide whether to allow it.
How approvals work
When an agent wants to use a tool, the SDK calls a canUseTool callback. Seven read-only tools are auto-approved by default:
- Read
- Glob
- Grep
- WebSearch
- WebFetch
- LS
- ListDir
All other tools (Write, Edit, Bash, etc.) require your explicit approval.
Approval states
| State | Description |
|---|---|
| Pending | Tool is waiting for your decision. The agent is paused. |
| Approved | You approved the tool. It executes with a green status indicator. |
| Denied | You denied the tool. It is skipped and the agent continues without it. |
| Auto-approved | The tool was on the safe list and executed automatically. |
The approval UI
When a tool is pending, a block appears in the chat showing:
- The tool name
- A preview of the tool's input (file path, command, etc.)
- Approve button (green)
- Deny button (red)
The agent remains paused until you make a decision.
Bypassing approvals
Two ways to skip the approval flow entirely:
- Auto-Accept mode: switch the agent's interaction mode to Auto-Accept. All tools execute immediately.
- Full Access permission mode: set the agent's permission mode to Full Access (Bypass). This disables all permission checks at the CLI level.
Full Access mode bypasses all safety checks, not just UI approvals. Only use it when you fully trust the agent's task and working directory.