toolingclaude-code

Configurable approval modes for background tasks

A YAML pattern for auto / review / approve workflows that scales beyond a single agent.

When you're running Claude Code agents in the background — kicking off a test suite, regenerating types, drafting a PR description — you eventually hit a question of trust. Some tasks should run unattended. Some should pause for review. Some should never proceed without an explicit OK.

Hardcoding that distinction per agent is a mess. Here's what I landed on instead.

Three modes, one config

# .claude/approval.yml
defaults:
  mode: review
 
tasks:
  - match: "test:*"
    mode: auto
  - match: "regenerate-types"
    mode: auto
  - match: "*deploy*"
    mode: approve
  - match: "delete-*"
    mode: approve
  • auto — runs to completion, posts a result
  • review — runs to completion, holds the result for me to read before applying
  • approve — pauses before any destructive action, waits for explicit OK

The matching is glob-style and order matters: first match wins.

Why YAML, not code

I wanted something I could change without redeploying anything. YAML lives next to the project, gets committed, gets reviewed in PRs. When a teammate adds a new task type they edit the same file. The agent reads it on each run.

The interesting case is review

I'd assumed I'd want most things on auto and the dangerous ones on approve. In practice I run almost everything on review — not because I distrust the agent, but because the act of reading the diff is where I learn what changed.

Auto-mode for tests, sure. Anything that touches production code, I want the diff in front of me. The 30 seconds of review beats an hour of debugging.

What I'd change

I want a fourth mode — report — that runs and posts results to a Slack channel without holding for action. Useful for nightly jobs where I want visibility but not interruption. Probably this week.