Auto-Approving Actions
⚠️ SECURITY WARNING: Auto-approve settings bypass confirmation prompts, giving Kilo Code direct access to your system. This can result in data loss, file corruption, or worse. Command line access is particularly dangerous, as it can potentially execute harmful operations that could damage your system or compromise security. Only enable auto-approval for actions you fully trust.
Auto-approve settings speed up your workflow by eliminating repetitive confirmation prompts, but they significantly increase security risks.
Quick Start Guide
- Click the Auto-Approve Toolbar above the chat input
- Select which actions Kilo Code can perform without asking permission
- Use the master toggle (leftmost checkbox) to quickly enable/disable all permissions
Auto-Approve Toolbar
Prompt box and Auto-Approve Toolbar showing enabled permissions
Click the toolbar to expand it and configure individual permissions:
Prompt text box and Expanded toolbar with all options
Available Permissions
| Permission | What it does | Risk level |
|---|---|---|
| Read files and directories | Lets Kilo Code access files without asking | Medium |
| Edit files | Lets Kilo Code modify files without asking | High |
| Execute approved commands | Runs whitelisted terminal commands automatically | High |
| Use the browser | Allows headless browser interaction | Medium |
| Use MCP servers | Lets Kilo Code use configured MCP services | Medium-High |
| Switch modes | Changes between Kilo Code modes automatically | Low |
| Create & complete subtasks | Manages subtasks without confirmation | Low |
| Retry failed requests | Automatically retries failed API requests | Low |
| Answer follow-up questions | Selects default answer for follow-up questions | Low |
| Update todo list | Automatically updates task progress | Low |
Master Toggle for Quick Control
The leftmost checkbox works as a master toggle:
Master toggle (checkbox) controls all auto-approve permissions at once
Use the master toggle when:
- Working in sensitive code (turn off)
- Doing rapid development (turn on)
- Switching between exploration and editing tasks
Advanced Settings Panel
The settings panel provides detailed control with important security context:
Allow Kilo Code to automatically perform operations without requiring approval. Enable these settings only if you fully trust the AI and understand the associated security risks.
To access these settings:
- Click in the top-right corner
- Navigate to Auto-Approve Settings
Complete settings panel view
Read Operations
Setting: "Always approve read-only operations"
Description: "When enabled, Kilo Code will automatically view directory contents and read files without requiring you to click the Approve button."
Risk level: Medium
While this setting only allows reading files (not modifying them), it could potentially expose sensitive data. Still recommended as a starting point for most users, but be mindful of what files Kilo Code can access.
Write Operations
Setting: "Always approve write operations"
Description: "Automatically create and edit files without requiring approval"
Delay slider: "Delay after writes to allow diagnostics to detect potential problems" (Default: 1000ms)
Risk level: High
This setting allows Kilo Code to modify your files without confirmation. The delay timer is crucial:
- Higher values (2000ms+): Recommended for complex projects where diagnostics take longer
- Default (1000ms): Suitable for most projects
- Lower values: Use only when speed is critical and you're in a controlled environment
- Zero: No delay for diagnostics (not recommended for critical code)
Write Delay & Problems Pane Integration
VSCode Problems pane that Kilo Code checks during the write delay
When you enable auto-approval for writing files, the delay timer works with VSCode's Problems pane:
- Kilo Code makes a change to your file
- VSCode's diagnostic tools analyze the change
- The Problems pane updates with any errors or warnings
- Kilo Code notices these issues before continuing
This works like a human developer pausing to check for errors after changing code. You can adjust the delay time based on:
- Project complexity
- Language server speed
- How important error detection is for your workflow
Browser Actions
Setting: "Always approve browser actions"
Description: "Automatically perform browser actions without requiring approval"
Note: "Only applies when the model supports computer use"
Risk level: Medium
Allows Kilo Code to control a headless browser without confirmation. This can include:
- Opening websites
- Navigating pages
- Interacting with web elements
Consider the security implications of allowing automated browser access.
API Requests
Setting: "Always retry failed API requests"
Description: "Automatically retry failed API requests when server returns an error response"
Delay slider: "Delay before retrying the request" (Default: 5s)
Risk level: Low
This setting automatically retries API calls when they fail. The delay controls how long Kilo Code waits before trying again:
- Longer delays are gentler on API rate limits
- Shorter delays give faster recovery from transient errors
MCP Tools
Setting: "Always approve MCP tools"
Description: "Enable auto-approval of individual MCP tools in the MCP Servers view (requires both this setting and the tool's individual 'Always allow' checkbox)"
Risk level: Medium-High (depends on configured MCP tools)
This setting works in conjunction with individual tool permissions in the MCP Servers view. Both this global setting and the tool-specific permission must be enabled for auto-approval.
Mode Switching
Setting: "Always approve mode switching"
Description: "Automatically switch between different modes without requiring approval"
Risk level: Low
Allows Kilo Code to change between different modes (Code, Architect, etc.) without asking for permission. This primarily affects the AI's behavior rather than system access.
Subtasks
Setting: "Always approve creation & completion of subtasks"
Description: "Allow creation and completion of subtasks without requiring approval"
Risk level: Low
Enables Kilo Code to create and complete subtasks automatically. This relates to workflow organization rather than system access.
Command Execution
Setting: "Always approve allowed execute operations"
Description: "Automatically execute allowed terminal commands without requiring approval"
Command management: "Command prefixes that can be auto-executed when 'Always approve execute operations' is enabled. Add * to allow all commands (use with caution)."
Risk level: High
This setting allows terminal command execution with controls. While risky, the whitelist feature limits what commands can run. Important security features:
- Whitelist specific command prefixes (recommended)
- Never use * wildcard in production or with sensitive data
- Consider security implications of each allowed command
- Always verify commands that interact with external systems
Interface elements:
- Text field to enter command prefixes (e.g., 'git')
- "Add" button to add new prefixes
- Clickable command buttons with X to remove them
Follow-Up Questions
Setting: Always default answer for follow-up questions
Description: Automatically selects the first AI-suggested answer for a follow-up question after a configurable timeout. This speeds up your workflow by letting Roo proceed without manual intervention.
Visual countdown: When enabled, a countdown timer appears on the first suggestion button, showing the remaining time before auto-selection. The timer is displayed as a circular progress indicator that depletes as time passes.
Timeout slider: Use the slider to set the wait time from 1 to 300 seconds (Default: 60s).
Override options: You can cancel the auto-selection at any time by:
- Clicking a different suggestion
- Editing any suggestion
- Typing your own response
- Clicking the timer to pause it
Risk level: Low
Use cases:
- Overnight runs where you want Roo to continue working
- Repetitive tasks where the default suggestions are usually correct
- Testing workflows where interaction isn't critical
Update Todo List
Setting: "Always approve todo list updates"
Description: "Automatically update the to-do list without requiring approval"
Risk level: Low
This setting allows Roo to automatically update task progress and todo lists during work sessions. This includes:
- Marking tasks as completed
- Adding new discovered tasks
- Updating task status (pending, in progress, completed)
- Reorganizing task priorities
Benefits:
- Maintains real-time task progress visibility
- Reduces interruptions during multi-step workflows
- Keeps project status accurately reflected
- Helps track complex task dependencies
Use cases:
- Long-running development sessions
- Multi-step refactoring projects
- Complex debugging workflows
- Feature implementation with many subtasks
This is particularly useful when combined with the Subtasks permission, as it allows Roo to maintain a complete picture of project progress without constant approval requests.