From 36fca4d9d2b9fb3f528f8f20be453f4396f967e8 Mon Sep 17 00:00:00 2001
From: Devansh Jain <31609257+devanshrj@users.noreply.github.com>
Date: Wed, 18 Mar 2026 12:06:45 -0700
Subject: [PATCH] fix(permissions): require approval for ExitPlanMode in bypass
 mode (#1431)

Co-authored-by: Letta Code <noreply@letta.com>
---
 src/permissions/mode.ts            |  6 ++++-
 src/tests/permissions-mode.test.ts | 36 ++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/src/permissions/mode.ts b/src/permissions/mode.ts
index 4957316..29908df 100644
--- a/src/permissions/mode.ts
+++ b/src/permissions/mode.ts
@@ -266,7 +266,11 @@ class PermissionModeManager {
         : this.getPlanFilePath();
     switch (effectiveMode) {
       case "bypassPermissions":
-        // Auto-allow everything (except explicit deny rules checked earlier)
+        // ExitPlanMode always requires human approval, even in yolo mode
+        if (toolName === "ExitPlanMode" || toolName === "exit_plan_mode") {
+          return null;
+        }
+        // Auto-allow everything else (except explicit deny rules checked earlier)
         return "allow";
 
       case "acceptEdits":
diff --git a/src/tests/permissions-mode.test.ts b/src/tests/permissions-mode.test.ts
index b3c6bf3..b31dbc0 100644
--- a/src/tests/permissions-mode.test.ts
+++ b/src/tests/permissions-mode.test.ts
@@ -66,6 +66,42 @@ test("bypassPermissions mode - allows all tools", () => {
   expect(writeResult.decision).toBe("allow");
 });
 
+test("bypassPermissions mode - ExitPlanMode always requires approval", () => {
+  permissionMode.setMode("bypassPermissions");
+
+  const permissions: PermissionRules = {
+    allow: [],
+    deny: [],
+    ask: [],
+  };
+
+  // ExitPlanMode should NOT be auto-approved in yolo mode
+  const exitResult = checkPermission(
+    "ExitPlanMode",
+    {},
+    permissions,
+    "/Users/test/project",
+  );
+  expect(exitResult.decision).toBe("ask");
+
+  const exitSnakeResult = checkPermission(
+    "exit_plan_mode",
+    {},
+    permissions,
+    "/Users/test/project",
+  );
+  expect(exitSnakeResult.decision).toBe("ask");
+
+  // EnterPlanMode should still be auto-approved
+  const enterResult = checkPermission(
+    "EnterPlanMode",
+    {},
+    permissions,
+    "/Users/test/project",
+  );
+  expect(enterResult.decision).toBe("allow");
+});
+
 test("bypassPermissions mode - does NOT override deny rules", () => {
   permissionMode.setMode("bypassPermissions");