Permissions

Tarsk includes permission gates that keep the agent from running dangerous or unexpected operations without your approval.

Shell Command Approval

When the agent calls the bash tool, Tarsk may pause and show an approval prompt before executing the command. Review the full command, then choose Allow or Deny.

Shell commands run in the thread’s working directory with the project’s environment variables applied. See Project Settings for command approval configuration.

Web Fetch Approval

When the agent calls the fetch tool to retrieve a URL, Tarsk may show a permission prompt listing the URL and domain. Pre-approved domains (configured in Tarsk) may skip the prompt.

You can allow or deny each fetch individually. Denied fetches return an error to the agent so it can try an alternative approach.

Project Command Approval

Each project has a Command approval setting in Project Settings:

Setting	Behaviour
Allow all commands	Bash and skill scripts run without per-command approval (default)
Require approval	Each bash command and skill script requires explicit approval

When approval is required, you can also toggle Confirm commands from the chat mode selector menu (hammer icon next to the input). This lets you temporarily require approval for the current session without changing project settings.

Allowed Command Patterns

When command approval is enabled, you can define allowed command patterns — shell commands matching these patterns run automatically without prompting. Useful for safe, repetitive commands like npm test or git status.

Skill Script Permissions

Scripts in skill scripts/ directories run through the same approval gate as bash commands when command approval is enabled.

Project Settings — configure command approval and env vars
Chat — where approval prompts appear
Skills — skill scripts subject to the same gates