Approvals
The Approvals tab is where you decide on permission requests — Bash
commands, Edit operations, WebFetch calls, and so on — without
switching to the terminal running the agent.
Layout
The tab is a three-pane layout:
- Pending queue (left) — open requests, oldest first. Each row shows a risk pill (high / medium / low), the tool name, a command or input preview, the cwd, and creation time.
- Focused decision view (center) — the selected request in full: the originating user prompt (when available), the full tool invocation, and an optional deny-message field.
- Recent decisions (right) — the session's recent approve / deny / ask outcomes, each labelled with the source that resolved it (UI / CLI / notification / timeout / rule).
Decisions
Three actions:
| Action | Effect |
|---|---|
| Approve | The hook returns allow; the agent continues. |
| Deny | The hook returns deny with your optional message. The agent receives the message and decides what to do next. |
| Deny + interrupt | Same as deny, but also sends a session interrupt so the agent stops cleanly instead of replanning. |
Countdown
Each request has a 9-minute decision window (Claude Code's hook
timeout is 10 minutes; we cut off slightly under). The countdown is
visible in the focused view. If you don't decide in time, the daemon
falls the hook back to ask and the in-terminal prompt appears — you
never lose the session.
Risk classification
Each request gets a risk pill computed client-side from heuristics on
the tool + input — patterns like rm -rf, writes outside the project,
network egress, and so on raise the risk. This is a hint, not a
gate; the action is yours.
Keyboard shortcuts
| Key | Action |
|---|---|
| ↑ / ↓ | Move between pending requests |
| A | Approve the focused request |
| D | Move focus to the deny-reason field |
| Enter | Submit the deny (or the approve, if no field is focused) |
Modal vs. tab
A pending request can be acted on from either:
- The Approvals tab (this view).
- A modal — opened via a
ccmon://session/<id>deep link from a notification, or by clicking the pending-approval indicator on a session row.
Both surfaces share the same decision API; the modal is a focused mode for "answer one thing fast and get back to what you were doing."
From the CLI
You don't need the desktop UI — every approval is also actionable from the terminal:
ccmon approvals # list pending
ccmon approve abc12345 # 8-char prefix is enough
ccmon deny abc12345 -m "writes outside project" --interrupt
See the CLI reference for full options.