How to Configure Gemini CLI Permissions and Tool Approvals

To configure Gemini CLI to bypass confirmations for safe commands while remaining protected against dangerous ones, you should use the Policy Engine and adjust your Approval Settings.

This guide walks you through setting up a frictionless yet secure development environment.

Open Table of contents

1. Enable Global Automatic Approvals
2. Create a “Safe” Policy for Common Commands
3. Explicitly Block Dangerous Commands
4. Enable Permanent Approvals
5. Trust Your Workspace

1. Enable Global Automatic Approvals

First, set the CLI to automatically approve non-destructive actions by default. Run the following command in the CLI:

/settings set general.defaultApprovalMode auto_edit

auto_edit: Automatically approves file reads/writes but still prompts for shell commands.
yolo: If you want to skip all prompts (not recommended), you can start the CLI with the --yolo or -y flag.

2. Create a “Safe” Policy for Common Commands

To allow specific shell commands (like git or ls) to run without prompts, create a policy file.

Navigate to (or create) ~/.gemini/policies/.
Create a file named safe-commands.toml:

# Allow all git commands automatically
[[rule]]
toolName = "run_shell_command"
commandPrefix = "git "
decision = "allow"
priority = 100

# Allow listing files
[[rule]]
toolName = "run_shell_command"
commandPrefix = "ls"
decision = "allow"
priority = 100

3. Explicitly Block Dangerous Commands

In the same policy file, you can ensure dangerous commands always prompt you by setting their priority higher than your “allow” rules:

# Always ask before deleting anything
[[rule]]
toolName = "run_shell_command"
commandPrefix = "rm "
decision = "ask_user"
priority = 999

# Always ask before force-pushing
[[rule]]
toolName = "run_shell_command"
commandPrefix = "git push --force"
decision = "ask_user"
priority = 999

4. Enable Permanent Approvals

To “whitelist” tools as you use them, enable permanent approvals in /settings:

/settings set security.enablePermanentToolApproval true

Once enabled, whenever a tool prompts you, you can select “Allow for all future sessions” to automatically generate a rule for that specific tool or command.

5. Trust Your Workspace

If the CLI keeps prompting you despite these settings, the folder may not be “Trusted.” Run this command in your project root:

/permissions trust

This moves the folder out of “Safe Mode” (where everything is prompted) into your custom global configuration.