feat: add YOLO mode (bypassPermissions)

[JoziGila]

Summary

• Add bypassPermissions mode to mode dropdown as "YOLO"
• Auto-approves ALL tool executions without prompting
• Uses flame icon to indicate danger

Changes

• ModeSelect.vue: Add 4th dropdown item + computed props for label/icon
• ChatPage.vue: Add to Shift+Tab toggle cycle

Test plan

• Verify dropdown shows 4 modes (Default, Agent, Plan, YOLO)
• Verify Shift+Tab cycles through all modes
• Verify YOLO mode auto-approves commands without prompting

Summary by Sourcery

Add a new YOLO (bypassPermissions) permission mode to the chat UI and document its design and rollout plan.

New Features:

• Expose a new YOLO mode in the permission mode dropdown that maps to the bypassPermissions behavior and uses a distinct flame icon.
• Include the YOLO mode in the keyboard-based permission mode toggle cycle on the chat page.

Documentation:

• Add design and implementation plan documents describing the YOLO (bypassPermissions) mode, its behavior, and associated trade-offs.

[sourcery-ai]

Reviewer's Guide

Adds a new bypassPermissions "YOLO" permission mode to the chat UI, wiring it into the mode dropdown, keyboard toggle sequence, and documenting the design/plan for the feature.

Sequence diagram for tool execution approval flow with YOLO mode

sequenceDiagram
  actor User
  participant ChatUI
  participant PermissionController
  participant ToolExecutor

  User->>ChatUI: Select YOLO mode in ModeSelect
  ChatUI->>ChatUI: Set permissionMode to bypassPermissions

  User->>ChatUI: Send message that triggers tool
  ChatUI->>PermissionController: requestExecutionApproval(permissionMode, toolRequest)

  alt permissionMode is bypassPermissions
    PermissionController->>PermissionController: Auto approve without prompting
    PermissionController-->>ChatUI: approvalGranted
    ChatUI->>ToolExecutor: executeTool(toolRequest)
    ToolExecutor-->>ChatUI: toolResult
    ChatUI-->>User: Display result
  else permissionMode is default or plan or acceptEdits
    PermissionController-->>User: Show approval prompt
    User-->>PermissionController: Approve or reject
    alt user approves
      PermissionController-->>ChatUI: approvalGranted
      ChatUI->>ToolExecutor: executeTool(toolRequest)
      ToolExecutor-->>ChatUI: toolResult
      ChatUI-->>User: Display result
    else user rejects
      PermissionController-->>ChatUI: approvalDenied
      ChatUI-->>User: Show canceled_execution_message
  end
  end

Loading

Flow diagram for Shift+Tab permission mode toggle order including YOLO

flowchart LR
  Start([Current mode]) --> CheckMode

  CheckMode{permissionMode}
  CheckMode -->|default + Shift+Tab| AcceptEdits
  CheckMode -->|acceptEdits + Shift+Tab| Plan
  CheckMode -->|plan + Shift+Tab| BypassPermissions
  CheckMode -->|bypassPermissions + Shift+Tab| Default

  Default["Mode default"]
  AcceptEdits["Mode acceptEdits (Agent)"]
  Plan["Mode plan"]
  BypassPermissions["Mode bypassPermissions (YOLO)"]

  Default --> CheckMode
  AcceptEdits --> CheckMode
  Plan --> CheckMode
  BypassPermissions --> CheckMode

Loading

File-Level Changes

Change	Details	Files
Expose new bypassPermissions (YOLO) mode in the permission mode dropdown.	Add a fourth DropdownItem configured with id bypassPermissions, label YOLO, a flame icon, and selection state bound to permissionMode === 'bypassPermissions'. Extend the selectedModeLabel computed property to map bypassPermissions to the user-facing label YOLO. Extend the selectedModeIcon computed property to map bypassPermissions to the codicon-flame icon.	src/webview/src/components/ModeSelect.vue
Include YOLO mode in keyboard-based permission mode cycling.	Update the togglePermissionMode function’s order array to include bypassPermissions after plan, ensuring Shift+Tab cycles through all four modes in a stable order.	src/webview/src/pages/ChatPage.vue
Document the design and implementation plan for YOLO mode.	Add a feature plan document outlining tasks, success criteria, and manual verification steps for YOLO mode. Add a design document describing context, decision, approach, and trade-offs for exposing bypassPermissions as YOLO mode in the UI.	docs/specs/2026-01-08-yolo-mode/plan.md docs/specs/2026-01-08-yolo-mode/design.md

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• The mode metadata (id/label/icon/order) is now duplicated between ModeSelect.vue and ChatPage.vue; consider centralizing the permission mode definitions in a single config to avoid drift when adding or renaming modes.
• The YOLO dropdown item uses icon: 'codicon-flame text-[14px]!' while selectedModeIcon returns just 'codicon-flame'; verify whether the extra class is needed or move sizing/styling into a shared place so the icon appearance is consistent between the dropdown and the selected state.
• Since 'YOLO' is not self-descriptive, consider adding a tooltip or secondary text that explicitly conveys the bypass-all-permissions behavior to reduce the risk of users enabling it unintentionally.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The mode metadata (id/label/icon/order) is now duplicated between `ModeSelect.vue` and `ChatPage.vue`; consider centralizing the permission mode definitions in a single config to avoid drift when adding or renaming modes.
- The YOLO dropdown item uses `icon: 'codicon-flame text-[14px]!'` while `selectedModeIcon` returns just `'codicon-flame'`; verify whether the extra class is needed or move sizing/styling into a shared place so the icon appearance is consistent between the dropdown and the selected state.
- Since 'YOLO' is not self-descriptive, consider adding a tooltip or secondary text that explicitly conveys the bypass-all-permissions behavior to reduce the risk of users enabling it unintentionally.

## Individual Comments

### Comment 1
<location> `src/webview/src/pages/ChatPage.vue:286` </location>
<code_context>
+}
+
+// ChatPage.vue - update toggle order
+const order: PermissionMode[] = ['default', 'acceptEdits', 'plan', 'bypassPermissions'];
+```
+
</code_context>

<issue_to_address>
**🚨 suggestion (security):** Re-evaluate including `bypassPermissions` in the normal toggle cycle to avoid accidental activation.

Including `bypassPermissions` in the normal `togglePermissionMode` cycle means users can end up in a relaxed-permissions state via routine toggling, without explicitly choosing that riskier mode. Consider restricting `bypassPermissions` to explicit selection only (e.g., via the dropdown) or gating it behind an extra confirmation/config flag to prevent accidental use.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

🚨 suggestion (security): Re-evaluate including bypassPermissions in the normal toggle cycle to avoid accidental activation.

Including bypassPermissions in the normal togglePermissionMode cycle means users can end up in a relaxed-permissions state via routine toggling, without explicitly choosing that riskier mode. Consider restricting bypassPermissions to explicit selection only (e.g., via the dropdown) or gating it behind an extra confirmation/config flag to prevent accidental use.