Skip to main content
Back to Blog
Comparison7 min read

AI Agent Permissions: Built-in Controls vs. Remote Approval

Every AI coding agent has some form of permission control. Claude Code has the most granular built-in system. The others range from sandboxed execution to simple yes/no prompts. This article compares how all five agents handle permissions, then covers how remote approval works as an alternative layer.

Permission Models Across All Five Agents

AgentPermission ModelConfigurationAudit Trail
Claude CodeGranular allowlists with deny rules.claude/settings.jsonSession log only
CodexSandboxed cloud execution, approve network/file accessPer-session in the Codex UIOpenAI dashboard
Gemini CLITerminal prompt for each actionLimited config optionsTerminal history only
OpenCodeSettings file with allowed operationsProject-level configNone built-in
AiderGit-based safety (auto-commits before changes)CLI flags and config fileGit history

Claude Code has the most configurable system. Codex takes a different approach by sandboxing execution entirely. Aider relies on git as its safety mechanism. The others fall somewhere in between.

Claude Code's Built-in Permission Model

By default, Claude Code asks for confirmation before running commands, editing files outside the project directory, or making network requests. You approve or deny each action in your terminal.

For automation, Claude Code supports allowlists in .claude/settings.json:

{
  "permissions": {
    "allow": [
      "Read",
      "Write",
      "Bash(npm run test)",
      "Bash(npm run build)"
    ],
    "deny": [
      "Bash(rm -rf *)",
      "Bash(curl *)"
    ]
  }
}

The --dangerously-skip-permissions flag disables all permission checks. It is designed for CI/CD pipelines and headless environments where interactive approval is impossible.

Strengths of the Built-in Approach

  • Zero latency. Approvals happen locally, no network round trip.
  • No dependency on external services. Works offline.
  • Granular allowlists. You can approve specific commands by exact pattern.
  • No additional cost. Included with Claude Code.

Limitations

  • Requires terminal access. If you walk away from your machine, the agent blocks on pending approvals.
  • Allowlists are static. You define them before the session starts and cannot adjust them mid-session without editing the config file.
  • No audit trail beyond the session log. Permission decisions are not separately tracked.

Styrby's Remote Approval Model

Styrby intercepts permission requests and routes them to your mobile device as push notifications. Each request shows what the agent wants to do, classified by risk level:

  • Green (low risk). Read operations, running tests, builds. Things that do not modify state.
  • Yellow (medium risk). File writes within the project directory, installing dependencies.
  • Red (high risk). Deleting files, running arbitrary shell commands, network requests, anything touching credentials.

You tap approve or deny on your phone. The decision is logged in Styrby's audit trail with timestamp, device, and the exact command that was requested.

Strengths of Remote Approval

  • Approve from anywhere. You do not need to be at your terminal.
  • Risk classification. Visual risk badges help you make faster decisions about unfamiliar commands.
  • Audit trail. Every approval and denial is logged for later review.
  • Works across agents. The same approval flow for Claude, Codex, Gemini, and others.

Limitations

  • Network latency. Approval requires a round trip to Styrby servers and your phone. This adds 2-5 seconds per approval.
  • Requires connectivity. If your phone is offline, approvals queue and the agent blocks until you reconnect.
  • Additional cost. Requires a Styrby subscription for full features.
  • Parser dependency. Styrby parses agent output to detect permission requests. If an agent changes its output format, there may be a delay before Styrby updates its parser.

When to Use Each Approach

Use Built-in Permissions When:

  • You are sitting at your terminal and actively supervising
  • You have a well-defined allowlist for your project
  • Latency matters (real-time pair programming with the agent)
  • You only use Claude Code

Use Remote Approval When:

  • You run agents overnight or while away from your desk
  • You want an audit trail of all permission decisions
  • You use multiple agents and want consistent approval flow
  • You want risk classification to speed up approval decisions

Using Both Together

The two approaches are not mutually exclusive. A practical setup: use Claude Code's allowlist for common operations (read, test, build) and route everything else through Styrby's remote approval. This reduces notification noise while keeping high-risk actions gated behind explicit approval.

# .claude/settings.json - approve safe operations locally
{
  "permissions": {
    "allow": ["Read", "Bash(npm run test)", "Bash(npm run build)"]
  }
}

# Styrby CLI - route remaining permissions to mobile
styrby connect --agent claude --remote-approval

This hybrid approach gives you the speed of local allowlists for routine operations and the security of remote approval for everything else.

Ready to manage your AI agents from one place?

Styrby gives you cost tracking, remote permissions, and session replay across five agents.

Start FreeView Pricing