SecurityCommercialFreeActiveMachine-verified· advanced · ~5 min setup

Claude Code Auto Mode: A Classifier Instead of an Allowlist

Set Auto Mode as your default so a classifier reviews each action instead of pre-listing every command.

by Shilpa Mitra· verified today· v1.0.0

Run this workflow

CI-verified, 3/3 fixtures passing.

Intended Use

Turning on Auto Mode so a classifier model reviews each action instead of pre-listing every command, for runs where a fixed allowlist is too rigid.

Not for

  • Replacing review on sensitive operations, Auto Mode is a research preview, not a safety guarantee
  • Project-level settings, which ignore defaultMode auto on purpose so a repo cannot grant itself auto mode
  • Accounts that do not meet the model, version, or admin requirements

The Stack

Claude Codeauto mode

Tested Against

claude-code@2.1.83node@20.x

Side effects & data flow

Network
none, local only
Writes
./settings.json, ./checkauto.mjs
Credentials
none required

Steps

  1. 1

    Set Auto Mode as your default

    Set it in ~/.claude/settings.json (it is ignored in project settings on purpose), or cycle to it with Shift+Tab. A separate classifier model reviews each action before it runs and blocks anything that escalates beyond your request.

    cat > settings.json <<'EOF'
{
  "permissions": {
    "defaultMode": "auto"
  }
}
EOF
echo "wrote ~/.claude/settings.json (defaultMode: auto)"
  2. 2

    What CI checks: the settings block is valid and the requirements are surfaced

    CI confirms the settings JSON is valid with defaultMode auto, and surfaces the documented availability requirements as a checklist (corrected against code.claude.com/docs). The classifier-gated run needs a live model and account, so that part is fenced.

    cat > checkauto.mjs <<'EOF'
import { readFileSync } from 'node:fs';
const cfg = JSON.parse(readFileSync('settings.json','utf8'));
const p = cfg.permissions || {};
let ok = true;
function check(label, cond){ console.log(label + ': ' + (cond ? 'yes' : 'NO')); if(!cond) ok=false; }
check('settings valid: defaultMode auto', p.defaultMode === 'auto');
if(!ok){ console.log('auto mode config check FAILED'); process.exit(1); }
console.log('Auto Mode requirements (code.claude.com/docs):');
console.log('  - Claude Code v2.1.83 or later');
console.log('  - Available on all plans');
console.log('  - Anthropic API: Opus 4.6 or later, or Sonnet 4.6');
console.log('  - Bedrock/Vertex/Foundry: Opus 4.7 or 4.8 with CLAUDE_CODE_ENABLE_AUTO_MODE=1');
console.log('  - Team/Enterprise: an admin must enable it first');
console.log('  - defaultMode auto honored only in ~/.claude, ignored in project settings');
console.log('auto mode config check OK');
EOF
node checkauto.mjs
  3. 3

    Let it run (the classifier + model step, not checked by CI)

    In Auto Mode the classifier and the agent both invoke models, which are non-deterministic and account-gated. CI verifies the config and the requirements checklist, never the live run.

Eval, 3 fixtures

Last passed: verified today
  • mode-autocontainstimeout 30s · max $0

    Expected: settings valid: defaultMode auto: yes

  • check-okcontainstimeout 30s · max $0

    Expected: auto mode config check OK

  • clean-exitexit_codetimeout 30s · max $0

    Expected: 0

Results

A research preview: a separate classifier blocks escalations like curl | bash, force pushes, and pushes to main.

Did this work for you?

Our CI checks the setup runs. You tell us if the whole thing worked. Tell us straight.

Liked this workflow?

Get new verified workflows in WebAfterAI, three issues a week (Tue, Thu, Sat).