How to Approve Claude Code Permissions from Your Phone

What Are Claude Code Permissions?

Claude Code operates under a principle of explicit consent. Unlike some AI tools that silently modify your files, Claude Code asks you for permission before performing any action that changes your system. This includes:

• File edits -- modifying existing source code, configuration files, or documentation
• File creation -- writing new files to your project directory
• File deletion -- removing files from your filesystem
• Shell commands -- running terminal commands like npm install, git commit, or build scripts
• Directory operations -- creating or restructuring directories

When Claude determines it needs to perform one of these actions, it pauses and presents a permission request. In the terminal, this looks like a prompt asking you to type y or n. The session is completely blocked until you respond.

This is a good thing. It means Claude never acts without your knowledge. But it also means that if you walk away from your computer, every pending permission request freezes your entire session.

Why Permissions Matter for Security

The permission system exists for a critical reason: AI models, even sophisticated ones like Claude, can sometimes propose actions that do not align with what you intended. They might:

• Modify a file you did not expect to be changed
• Run a shell command with unintended side effects
• Delete something that should be preserved
• Write to a sensitive configuration file like .env or credentials.json

By reviewing each action before it executes, you maintain a human-in-the-loop safeguard. This is especially important in production environments, shared codebases, or projects where a single bad commit can cause outages.

The permission system is not a limitation -- it is the feature that makes it safe to give an AI agent write access to your codebase.

How CodeSail Shows Permission Requests

When a permission request is generated by Claude Code, the CodeSail CLI detects it and immediately forwards it to your iPhone over the encrypted channel. On your phone, the request appears as a prominent amber-colored card in the chat view of the active session.

Each permission card includes:

• Action type label -- a clear indicator at the top: "File Edit," "Shell Command," "New File," etc.
• Target path or command -- the exact file path being modified or the command being run, displayed in monospace font
• Context -- for file edits, you can often see what changes Claude intends to make
• Two action buttons -- a green Approve button and a gray Deny button

Permission cards are visually distinct from regular chat messages. They use an amber border and background tint so you can instantly spot them even when scrolling through a long conversation. If a session has pending permissions, the session list shows an amber badge on that row.

The Approve / Deny Workflow

Responding to a permission request is a single tap. Here is what happens for each action:

Approving a Request

1. Review the action type and target (file path or command)
2. Tap the green Approve button
3. The card updates to show a green checkmark with "Approved"
4. Claude immediately proceeds with the action on your machine
5. The results appear in the chat as the next message

Denying a Request

1. Review the action and decide it should not proceed
2. Tap the gray Deny button
3. The card updates to show a red indicator with "Denied"
4. Claude acknowledges the denial and typically suggests an alternative approach
5. The conversation continues -- Claude adapts to your decision

Denying a request does not break anything. Claude is designed to handle denials gracefully. It will either propose a different solution, ask for clarification, or move on to the next task.

Reviewing Changes Before Approving

For file edits, simply seeing the file path may not be enough. You want to understand what Claude intends to change. CodeSail provides several tools for this:

• Inline context -- the permission card often includes a summary of the proposed change
• File browser -- tap the file path to open it in CodeSail's built-in code viewer with syntax highlighting, so you can see the current state of the file
• Code changes view -- after approving, view the diff to see exactly what was added, modified, or removed
• Conversation context -- scroll up in the chat to understand why Claude is proposing this change

This review workflow is particularly valuable for remote SSH sessions where you cannot easily pull up the code on your machine.

Practical Workflow Examples

The Lunch Break Refactor

You asked Claude to refactor a service layer from callbacks to async/await. This involves modifying 15+ files. You kicked it off and went to lunch. On your phone, you watch the progress in real time. Permission requests come in one at a time as Claude works through each file. You review the file path, confirm it makes sense in the context of the refactor, and tap Approve. Fifteen minutes later, lunch is done and so is the refactor.

The Emergency Hotfix

You receive an alert that a production endpoint is returning 500 errors. You are not near your laptop, but you have CodeSail. You open an existing Claude Code session (or your teammate does on their machine, paired to your phone), describe the issue, and Claude starts diagnosing. It proposes a one-line fix to a database query. You review the change, approve it, and ask Claude to run the deployment command. Crisis resolved from the grocery store.

The Overnight Build

You set up Claude to implement a new feature before bed. Using CodeSail, you check progress from bed. When Claude asks to create new test files, you approve. When it proposes installing an unnecessary dependency, you deny and send a message suggesting a lighter alternative. The feature is ready by morning.

Permissions on Remote Servers

If you run Claude Code on a remote server through CodeSail's SSH integration, the permission system works identically to local sessions. Every file edit and shell command on the remote machine requires your explicit approval through the same amber permission cards on your iPhone.

This is particularly important for production environments. When Claude proposes running a database migration or modifying a server configuration file, you have the same review-and-approve workflow you would have locally. The only difference is the machine label on the session row, which tells you whether the action will execute on your laptop or on a remote server.

For teams managing multiple servers, each server maintains its own pairing key. A permission approval on your staging server cannot accidentally execute on production. The isolation is built into the architecture.

Combining remote SSH sessions with the permission system gives you a secure mobile DevOps workflow. You can monitor Claude Code on any server, approve or deny changes, and verify results -- all without opening a laptop.

Security Best Practices

While the permission system is inherently secure, here are practices to make the most of it:

1. Always read the file path -- do not blindly approve. Confirm the file being modified is one you expect Claude to touch.
2. Watch for sensitive files -- be extra cautious with permissions involving .env, .gitignore, CI configuration, or deployment scripts.
3. Deny shell commands you do not recognize -- if Claude proposes running a command you are unfamiliar with, deny it and ask Claude to explain what it does first.
4. Use the file browser for context -- when in doubt, open the file in CodeSail's viewer to understand the current state before approving a change.
5. Review diffs after approval -- CodeSail's code changes view lets you verify that the actual change matches what was described.
6. Trust the encryption -- all permission requests and responses are encrypted end-to-end. No one else can approve or deny on your behalf.

The combination of Claude Code's permission system and CodeSail's mobile interface gives you the best of both worlds: autonomous AI coding with human-verified execution, available from anywhere.