> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tryvoss.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Permission modes

> Understand plan, edit, and auto modes in the Voss harness.

Permission modes define what kind of tools Voss may run. Each [role](/orchestration/team-config) in a team declares its own mode, so a reviewer can be locked to `plan` while a backend worker gets scoped `edit`.

| Mode   | Intended use                      | Mutating tools                                         |
| ------ | --------------------------------- | ------------------------------------------------------ |
| `plan` | Read-only inspection and planning | Denied                                                 |
| `edit` | Scoped file changes               | File writes allowed through scope checks; shell denied |
| `auto` | Higher-trust execution            | Allowed through lower-level safeguards                 |

## Plan mode

Plan mode is the default for `voss`, `voss chat`, and `voss do`. It is for reasoning, inspection, and architecture work.

Use plan mode when you want:

* A repo summary
* A change plan
* A risk assessment
* A pull request description
* A no-mutation investigation

## Edit mode

Edit mode is the default for `voss edit`. It allows reads and scoped file writes, but denies `shell_run`.

Use edit mode when you know which files or directories Voss should work on.

## Auto mode

Auto mode is for higher-trust flows where the agent may need to run more tools. It still depends on lower-level safeguards such as cwd jailing, shell allowlists, timeouts, and project policy.

<Warning>
  Use auto mode only when you are comfortable with the broader execution surface. Voss v0.1 is intentionally conservative by default.
</Warning>
