[FEATURE] Read-Only Auto Mode
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
Summary
The Claude Code VS Code extension currently supports four main operating modes: Ask before edits, Edit automatically, Plan mode, and Auto mode. This feature request proposes adding a new "Read-Only" (or "Auto-Read") mode. This mode would allow the agent to autonomously browse, view, and read any necessary files within the workspace to diagnose bugs or build context, while strictly guaranteeing that it will not make edits, execute code, or create commits.
When working with complex, multi-file codebases, developers often need Claude to map out dependencies or hunt down elusive bugs across dozens of files. Currently, developers face an inefficient dilemma:
Using standard modes: The user must manually approve every single file-read tool call (slowing down context building), or switch to Auto mode.
Risks of Auto mode: Full Auto mode gives the agent permission to autonomously write code and execute commands. If a developer needs to step away from their desk, they cannot safely leave the agent running in Auto mode out of fear it might make unvetted, messy structural changes or premature commits.
Proposed Solution
Problem
Introduce an Auto-Read / Read-Only mode in the extension settings and command palette.
When enabled, the agent is granted full autonomy to use file-viewing tools (view_file, grep, list_dir, etc.) without prompting the user for permission.
All file-modifying, terminal-executing, or git-committing tools are strictly blocked or require explicit authorization.
Warning Banner: Similar to the existing Auto mode warning, the extension should display a prominent banner warning the user that the agent will act on its own and may consume a significant number of tokens if it enters a large reading loop.
Alternative Solutions
Technical Considerations
Tool Permission Scoping: The extension will need to dynamically adjust the permission levels passed to the underlying Claude Code CLI, effectively hard-locking write-capable tools while granting auto-approve status to read-capable tools.
Token Consumption Mitigation: Because an autonomous reading agent can easily eat up context window tokens in massive repositories, the implementation should include a configurable safety threshold (e.g., maximum files read per session or a prompt warning when a directory contains too many tokens).
UI Indication: The VS Code status bar or Claude panel should clearly display a distinct state (e.g., a lock or eye icon) indicating that the workspace is currently protected by a Read-Only execution policy.
Priority
Medium - Would be very helpful
Feature Category
CLI commands and flags
Use Case Example
Scenario: A developer is troubleshooting a subtle bug across 10+ tightly coupled files. They want Claude to ingest all relevant files, build a mental map of the system, and pinpoint the root cause—but they absolutely do not want it rewriting code yet.
Current workflow (suboptimal): The developer triggers a search and must sit at their desk, hovering over the screen to repeatedly click "Allow" on every file-read request. Alternatively, they risk turning on full Auto mode before stepping away for a meeting or a restroom break, risking unintended autonomous edits.
Proposed workflow (optimal): The developer switches the extension to Read-Only Auto Mode, asks Claude to locate the bug, and steps away from their desk. Claude autonomously navigates the codebase, reads what it needs, and presents a complete diagnostic report when the developer returns, with zero changes made to the source control.
Additional Context
This feature fills a critical gap between slow, manual prompting and full autonomous execution. It provides a "safe background mode" that maximizes Claude's analytical strengths (deep context gathering) while entirely eliminating the risk of destructive or unwanted automated code changes.
Technical Considerations
Tool Permission Scoping: The extension will need to dynamically adjust the permission levels passed to the underlying Claude Code CLI, effectively hard-locking write-capable tools while granting auto-approve status to read-capable tools.
Token Consumption Mitigation: Because an autonomous reading agent can easily eat up context window tokens in massive repositories, the implementation should include a configurable safety threshold (e.g., maximum files read per session or a prompt warning when a directory contains too many tokens).
UI Indication: The VS Code status bar or Claude panel should clearly display a distinct state (e.g., a lock or eye icon) indicating that the workspace is currently protected by a Read-Only execution policy.
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗