Use tools in Rovo Dev CLI

Rovo Dev will ask for permission on first tool use

Rovo Dev CLI gives you control over which tools Rovo Dev can use, and how it executes bash and PowerShell commands.

Tool permissions

In interactive mode, when Rovo Dev is about to use a tool for the first time, it will ask for permission. You can choose to allow or deny the tool:

  • Once - Apply permission for this single use only.

  • Session - Apply permission for the current session.

  • Always - Save permission to config file and apply to all future sessions.

Configuration

Tool permissions are configured in your configuration file (by default at ~/.rovodev/config.yml) in the toolpermissions section.

You can configure permissions for specific tools, and each tool can have one of three permission levels:

allow - The tool or command can be executed without asking for permission.

ask - The agent will prompt you for permission before executing (default for most tools).

deny - The tool or command is blocked and cannot be executed in the `tools` section.

toolPermissions:: tools: create_file: ask delete_file: ask move_file: ask find_and_replace_code: ask open_files: allow expand_code_chunks: allow expand_folder: allow grep: allow

Command patterns for bash commands

You can use regex patterns to match multiple bash commands:

toolPermissions: bash: # Default permission for bash commands not explicitly listed default: ask # List of specific bash commands with their permission settings commands: - command: ls.* permission: allow - command: cat.* permission: allow
  • Exact match: "pwd" - matches only the pwd command.

  • Pattern match: "ls.*" - matches `ls` with any arguments (e.g., ls -la, ls /tmp).

  • First word pattern: "git.*" - matches all git commands.

Compound commands

When you run compound commands (using &&, ||, or ;), each subcommand is analyzed separately. If any subcommand requires permission, you'll be prompted for each one.

For example, ls -la && cat file.txt && npm install would be split into three subcommands, and each evaluated independently.

External path access

By default, Rovo Dev can only access files within your workspace. You can allow access to external paths:

toolPermissions: allowedExternalPaths: - "/path/to/external/directory" - "/path/to/external/file.txt"

You can also manage this using the /directories command in interactive mode.

YOLO mode

Use YOLO mode with caution. It allows Rovo Dev to make changes to your workspace without asking for permission. This mode is only designed for trusted workflows.

For situations where you want to run Rovo Dev without permission prompts, enable YOLO mode.

To enable YOLO mode, run:

acli rovodev run --yolo

Or, in interactive mode, use /yolo.

When YOLO mode is enabled:

  • All file operations (create, delete, move, open, close, find and replace) are executed without confirmation.

  • All bash/PowerShell commands are executed without confirmation.

  • All workspace navigation and git tools are executed without confirmation.

  • MCP tools and other integrations continue to use their configured permissions.

Exit YOLO mode by using /yolo again. YOLO mode is restricted to your session and does not affect your configuration file.

Still need help?

The Atlassian Community is here for you.