Announcing Warp University: short video tutorials to go from zero to Warp speed.
Learn More.

Agent Profiles & Permissions

Agent Profiles let you customize how your Agent behaves, from its models and autonomy to the tools and permissions it can use.

Agent Profiles

Agent Profiles let you configure how your Agent behaves in different situations. Each profile defines the Agent's autonomy, base and planning models, and tool access. You can create multiple profiles and edit them directly in Settings > AI > Agents > Profiles.

  • Default profile: Every user starts with a default profile, you can edit it at any time, and new profiles will copy its settings as a starting point.

  • Other profiles: Set up different profiles for different workflows (e.g., "Safe & cautious", "YOLO mode", etc.). Manage them in the Profiles settings menu.

Agent Profiles in Settings: define how your Agent operates.

In each Agent Profile, you can configure:

  • The name of the profile

  • Base and planning models

    • Base model: The core engine for your Agent. It handles most interactions and invokes other models when needed (e.g. for planning or code generation).

    • Planning model: Responsible for breaking down complex tasks into actionable steps. It generates structured execution plans and decides how to route work between models.

  • Agent Permissions

Agent Profiles in Settings: editting a Profile.

Agent Permissions

Agent Permissions let you define how your Agent in a specific Profile operates — control its autonomy, choose what tools or MCP servers it can access, and set when it should act independently or ask for approval.

You can control how much autonomy the Agent has when performing different types of actions under Settings > AI > Agents > Profiles > Permissions . Agent permission types:

  • Apply code diffs

  • Read files

  • Create plans

  • Execute commands

Fine-tuning agent control: This permissions panel lets users customize how much autonomy the Agent has when applying code diffs, reading files, creating plans, and executing commands.

Each permission has different levels of autonomy:

Autonomy level
Description

Agent Decides

Agent will act autonomously when it's confident, but prompt for approval when uncertain. This option balances speed with control, allowing the Agent to go ahead with common workflows while keeping you in the loop for more complex or risky steps.

Always ask

Agent will request explicit user approval before taking any action. Choose this for sensitive actions.

Always allow

Agent will perform the action without ever requesting explicit conformation. Use this for tasks you fully trust the Agent to handle on its own.

Never

Agent will not ever take the action (i.e. Create plans).

When all Agent permissions are set to Always allow, the Agent gains full autonomy (“YOLO mode”); however, any denylist rules will still override these settings.

Command allowlist

The Warp Agent lets you define an allowlist of commands that run automatically without confirmation. It’s empty by default, but users often add read-only commands such as:

  • which .* - Find executable locations

  • ls(\s.*)? - List directory contents

  • grep(\s.*)? - Search file contents

  • find .* - Search for files

  • echo(\s.*)? - Print text output

You can add your own regular expressions to this list in Settings > AI > Agents > Command allowlist. Commands in the allowlist will always auto-execute, even if they are not read-only operations.

Command allowlist and denylists as part of an Agent Profile.

Command denylist

For safety, the Agent always prompts for confirmation before executing potentially risky commands. The default denylist includes several examples, such as:

  • wget(\s.*)? - Network downloads

  • curl(\s.*)? - Network requests

  • rm(\s.*)? - File deletion

  • eval(\s.*)? - Shell code execution

The denylist takes precedence over both the allowlist and Agent decides. If a command matches the denylist, user permission will always be required, regardless of other settings. You can add your own regular expressions to this list in Settings > AI > Agents > Command denylist.

MCP permissions

MCP servers let you extend the Agent with custom tools and data sources using standardized, plugin-like modules.

In this settings menu, you can configure which MCP servers the Agent is allowed to call:

  • Use the MCP allowlist to give the Agent permission to call specific servers without asking.

  • Use the MCP denylist to require approval before calling certain servers, even if they’re also in the allowlist.

  • Or set the Agent to “decide” — it will act autonomously when confident, and ask for confirmation when uncertain.

Customize how the Agent interacts with MCP servers by choosing between “Agent decides,” allowlist, or denylist settings.

To learn how to build and configure your own MCP server, check out the MCP feature docs.

Run until completion

During an Agent interaction, you can give the Agent full autonomy for the current task. When auto-approve is on, every suggested command runs immediately until the task finishes, or you stop it with Ctrl + C.

Auto-approve all Agent actions with: CMD + SHIFT + I

A button overlay in the lower-right corner lets you enable auto-approve or end the Agent interaction.

Run until completion ignores the denylist entirely. It’s the purest form of “YOLO” mode and essentially a fully “autonomous mode” where the Agent proceeds without asking for confirmation.

PreviousManaging AgentsNextAgent Task Lists

Last updated

Was this helpful?