There are two levels of auto approve, first level is auto-edit which is basic read and write, and basic bash tools (these can be configured to be any arbitrary bash command).

The second level is called auto approve and is for more complex bash commands. Generally the model will ask permission before running one of these big commands, but you can allow all. Right now, it's global across the instance, but we're working on making it more granular.

Also, there is a deny list of certain commands which you can customize to prevent bad behavior (like rm -rf, etc...)

We want to wire the approval process to imessage or whatever channel, but we need to first auth the imessage session to make sure it's coming through from the owner and not someone else communicating through the same channel.