Command allow / deny
How agent actions get approved before they run.
Proliferate doesn't have an organization-wide list of allowed or denied shell commands today. What exists instead is a per-session Permissions control that decides how much an agent can do before it has to stop and ask.
This page previously described an org-wide command allow/deny list. That control doesn't exist yet. What's below is the real mechanism: a per-session permission mode, set by whoever is running the session.
Permissions modes
Every session picks a mode from the composer's Permissions control. Options come from the coding agent itself, so they differ by agent:
Claude Code
| Mode | Behavior |
|---|---|
| Default | Asks before each action. |
| Accept Edits | Auto-approves file edits; still asks before running commands. |
| Auto | Uses a model classifier to approve or deny permission prompts automatically. |
| Plan | Plans without executing anything. |
| Don't Ask | Auto-approves most actions. |
| Bypass | Skips permission checks entirely. |
Codex
| Mode | Behavior |
|---|---|
| Read Only | Inspects and plans without editing anything. |
| Auto | Auto-approves standard edits. |
| Full Access | Allows unrestricted changes. |
Permissions control
Chat composer: the Permissions dropdown showing the current mode and the list of modes available for the active coding agent.
Cowork and plan-handoff sessions default to the most permissive mode for each agent (Bypass for Claude Code, Full Access for Codex) since they run inside a workspace already scoped to one managed checkout. You can change the mode for any session at any time from the composer.
What this doesn't give you yet
This is a per-session choice made by whoever is running the agent, not an organization policy. There's currently no admin screen to lock a repo, a workspace, or the whole organization to a specific permission mode, and no way to allow or deny specific commands by name.
If you need to constrain what an agent can reach rather than what it asks permission for, see Data boundaries for the controls that do work at the organization level today.