Skip to content

Permissions

Tarsk includes permission gates that keep the agent from running dangerous or unexpected operations without your approval.

When the agent calls the bash tool, Tarsk may pause and show an approval prompt before executing the command. Review the full command, then choose Allow or Deny.

Shell commands run in the thread’s working directory with the project’s environment variables applied. See Project Settings for command approval configuration.

When the agent calls the fetch tool to retrieve a URL, Tarsk may show a permission prompt listing the URL and domain. Pre-approved domains (configured in Tarsk) may skip the prompt.

You can allow or deny each fetch individually. Denied fetches return an error to the agent so it can try an alternative approach.

Each project has a Command approval setting in Project Settings:

SettingBehaviour
Allow all commandsBash and skill scripts run without per-command approval (default)
Require approvalEach bash command and skill script requires explicit approval

When approval is required, you can also toggle Confirm commands from the chat mode selector menu (hammer icon next to the input). This lets you temporarily require approval for the current session without changing project settings.

When command approval is enabled, you can define allowed command patterns — shell commands matching these patterns run automatically without prompting. Useful for safe, repetitive commands like npm test or git status.

Scripts in skill scripts/ directories run through the same approval gate as bash commands when command approval is enabled.

  • Project Settings — configure command approval and env vars
  • Chat — where approval prompts appear
  • Skills — skill scripts subject to the same gates