Here is the current state of “YOLO” / auto-approve modes across the three CLI coding agents
Kimi Code CLI
Kimi Code has a native --yolo flag and a matching /yolo slash command inside the shell.
| What it does | Command / Config |
|---|---|
| One-shot YOLO session | kimi --yolo |
| Toggle during session | Type /yolo in the shell |
| Always-on by default | Set default_yolo = true in ~/.config/kimi/config.toml |
Important distinction in Kimi Code v1.40.0 (latest): --yolo only bypasses permission approvals (file edits, shell commands, tool calls). It does not auto-dismiss AskUserQuestion. If you want the agent to run fully unattended (like CI), use --afk (or /afk) instead. --afk both auto-approves actions and auto-dismisses user questions.
# Interactive but auto-approves edits/commands
kimi --yolo
# Fully unattended / CI mode
kimi --afk
OpenAI Codex CLI
Codex CLI uses --yolo as an alias for the long flag --dangerously-bypass-approvals-and-sandbox.
| Intent | Flag / Config |
|---|---|
| Default safe auto mode (edits + local commands auto-approved; network/external asks) | --full-auto |
| Read-only, no approvals | --sandbox read-only --ask-for-approval never |
| Full YOLO (no sandbox, no approvals — highest risk) | codex --yolo |
| Toggle during session | /approvals full (or /approvals auto, /approvals readonly) |
In ~/.codex/config.toml:
# Full YOLO default
approval_policy = "never"
sandbox_mode = "none"
# Or use the --yolo alias on the CLI
codex --yolo "refactor the auth module"
Sandbox note: Even with --yolo, Codex still respects the underlying OS sandbox unless you also disable it. --yolo is specifically the “dangerously bypass approvals” switch.
Claude Code (for reference)
| Intent | Command |
|---|---|
| YOLO / bypass permissions | claude --dangerously-skip-permissions (legacy) or claude --permission-mode bypassPermissions (current) |
Quick Comparison Table
| Tool | YOLO Flag | Toggle In-Session | Unattended / CI Flag | Config File Key |
|---|---|---|---|---|
| Kimi Code | --yolo |
/yolo |
--afk |
default_yolo = true |
| OpenAI Codex | --yolo |
/approvals full |
--yolo (same) |
approval_policy = "never" |
| Claude Code | --dangerously-skip-permissions |
Shift+Tab (Auto-edit) |
--permission-mode bypassPermissions |
permission_mode = "bypassPermissions" |
Safety recommendation: All three tools warn that YOLO modes should only be used in isolated environments (Docker, throwaway branches, or CI containers). Never run them with full auto-approval on production repositories with live credentials.