Claude Code Auto Mode: Safer Alternative to Skipping Permissions
What Auto Mode Does
Auto mode provides a middle path between Claude Code's default conservative permissions (which require approval for every file write and bash command) and the risky --dangerously-skip-permissions flag. It lets you run longer tasks with fewer interruptions while introducing less risk than skipping all permissions.
How It Works
Before each tool call runs, a classifier reviews it for potentially destructive actions like mass deleting files, sensitive data exfiltration, or malicious code execution. Actions deemed safe proceed automatically, while risky ones get blocked, redirecting Claude to take a different approach. If Claude insists on taking actions that are continually blocked, it eventually triggers a permission prompt to the user.
Limitations and Considerations
Auto mode reduces risk compared to --dangerously-skip-permissions but doesn't eliminate it entirely. The classifier may still allow some risky actions if user intent is ambiguous or if Claude lacks enough context about your environment. It may also occasionally block benign actions. Auto mode may have a small impact on token consumption, cost, and latency for tool calls.
Getting Started
Auto mode is available in Claude Code as a research preview for Claude Team users today, with rollout to Enterprise and API users coming soon. It works with both Claude Sonnet 4.6 and Opus 4.6.
For developers: Run claude --enable-auto-mode to enable auto mode, then cycle to it with Shift+Tab. On Desktop and in the VS Code extension, first toggle auto mode on in Settings → Claude Code, then select it from the permission mode drop-down in a session.
For admins: Auto mode will soon be available for all Claude Code users on Enterprise, Team, and Claude API plans. To disable it for the CLI and VS Code extension, set "disableAutoMode": "disable" in your managed settings. Auto mode is disabled by default on the Claude desktop app, and can be toggled on using Organization Settings → Claude Code.
📖 Read the full source: HN AI Agents
👀 See Also
Graphthulhu MCP Server Gives AI Agents Knowledge Graph Memory for Logseq/Obsidian
Graphthulhu is an open-source MCP server that provides AI agents with read-write access to Logseq or Obsidian vaults, storing memory as structured pages with properties and links instead of vector embeddings. After one month, the system generated 404 pages with 1,451 cross-references.
Layerkit: AI Image Editor with Editable Layers Built with Claude Code
A developer built Layerkit, a browser-based AI image editor that generates scenes with editable layers to avoid constant re-prompting. The tool uses a multi-stage AI pipeline where one LLM plans composition, an image model generates the scene, and another LLM analyzes the actual image to place readable text.
RTX 5060 Ti 16GB Local LLM Benchmarks: 30B Models Still Lead for Coding
Benchmarks on an RTX 5060 Ti 16GB show Unsloth Qwen3-Coder-30B UD-Q3_K_XL achieving 76.3 tok/s on Ubuntu with quality score 8.14, making it the recommended default coding model. The Unsloth Qwen3.5-35B UD-Q2_K_XL hits 80.1 tok/s but with lower quality scores.
Agent Safehouse: macOS-native sandboxing for local AI coding agents
Agent Safehouse is a macOS-native sandboxing tool that prevents local AI agents from accessing files outside your project directory using kernel-level enforcement. It's a single shell script with no dependencies that works with Claude Code, Codex, OpenCode, Amp, Gemini CLI, Aider, Goose, Auggie, Pi, Cursor Agent, Cline, Kilo, Code Droid, and other agents.