Use tools in Rovo Dev CLI
Rovo Dev CLI gives you control over which tools Rovo Dev can use, and how it executes bash and PowerShell commands.
Tool permissions
In interactive mode, when Rovo Dev is about to use a tool for the first time, it will ask for permission. You can choose to allow or deny the tool:
Once - Apply permission for this single use only.
Session - Apply permission for the current session.
Always - Save permission to config file and apply to all future sessions.
Configuration
Tool permissions are configured in your configuration file (by default at ~/.rovodev/config.yml
) in the toolpermissions
section.
You can configure permissions for specific tools, and each tool can have one of three permission levels:
allow
- The tool or command can be executed without asking for permission.
ask
- The agent will prompt you for permission before executing (default for most tools).
deny
- The tool or command is blocked and cannot be executed in the `tools` section.
toolPermissions::
tools:
create_file: ask
delete_file: ask
move_file: ask
find_and_replace_code: ask
open_files: allow
expand_code_chunks: allow
expand_folder: allow
grep: allow
Command patterns for bash commands
You can use regex patterns to match multiple bash commands:
toolPermissions:
bash:
# Default permission for bash commands not explicitly listed
default: ask
# List of specific bash commands with their permission settings
commands:
- command: ls.*
permission: allow
- command: cat.*
permission: allow
Exact match:
"pwd"
- matches only thepwd
command.Pattern match:
"ls.*"
- matches `ls` with any arguments (e.g.,ls -la
,ls /tmp
).First word pattern:
"git.*"
- matches allgit
commands.
Compound commands
When you run compound commands (using &&
, ||
, or ;
), each subcommand is analyzed separately. If any subcommand requires permission, you'll be prompted for each one.
For example, ls -la && cat file.txt && npm install
would be split into three subcommands, and each evaluated independently.
External path access
By default, Rovo Dev can only access files within your workspace. You can allow access to external paths:
toolPermissions:
allowedExternalPaths:
- "/path/to/external/directory"
- "/path/to/external/file.txt"
You can also manage this using the /directories
command in interactive mode.
YOLO mode
Use YOLO mode with caution. It allows Rovo Dev to make changes to your workspace without asking for permission. This mode is only designed for trusted workflows.
For situations where you want to run Rovo Dev without permission prompts, enable YOLO mode.
To enable YOLO mode, run:
acli rovodev run --yolo
Or, in interactive mode, use /yolo
.
When YOLO mode is enabled:
All file operations (create, delete, move, open, close, find and replace) are executed without confirmation.
All bash/PowerShell commands are executed without confirmation.
All workspace navigation and git tools are executed without confirmation.
MCP tools and other integrations continue to use their configured permissions.
Exit YOLO mode by using /yolo
again. YOLO mode is restricted to your session and does not affect your configuration file.
Was this helpful?