Agent Mode

Let your agents autonomously execute multi-step tasks with tools, skills, and file operations

What is Agent Mode?

Agent Mode is an enhanced execution mode for the existing Agents feature. While a regular agent is a preset conversation configuration (system prompt, default model, parameters), Agent Mode lets that agent go beyond chatting and autonomously complete more complex tasks.

When Agent Mode is enabled, the assistant can:

Read files to understand a project or gather context
Write and edit files to make the changes you ask for
Run shell commands in a working directory
Load Skills that give it extra abilities
Continue step by step, using each tool result to plan its next action

Agent vs. Agent Mode

An Agent is a preset conversation configuration. Agent Mode is that agent's enhanced autonomous execution mode. Enabling Agent Mode does not create a new agent — it changes how the current agent works.

What tasks is it suited for?

Agent Mode works best for tasks with a clear goal and scope, such as:

Reading several documents in a project and summarizing their differences
Reviewing the code related to a specific feature
Investigating the root cause of a problem inside a given directory
Making file changes according to your instructions

Use it where you trust it

Agent Mode has elevated permissions, especially once Auto Execute is turned on. Only use it in projects and directories you trust, and keep the scope of each task tight.

Enabling Agent Mode

The Agent Mode controls live in the chat input area, so you can turn the feature on or off without leaving the conversation.

Find the Agent Mode Button

At the bottom of the chat input area, next to the Think button, you'll find the Agent Mode button.

Toggle It On or Off

Click the button to enable or disable Agent Mode. When it's off, the agent behaves as a normal chat assistant.

Open the Config Panel

Hover over the button to open the Agent Mode configuration panel, where you can adjust Auto Execute and the Working Directory.

Settings are per-agent

The Agent Mode toggle, Auto Execute, and Working Directory are stored separately for each agent. Switching to a different agent loads that agent's own settings, so you configure each one independently.

Recommended Workflow

Select an Agent

Choose the agent you want to use for the task. Its system prompt and parameters still apply in Agent Mode.

Enable Agent Mode

Turn on the Agent Mode button in the chat input area.

Set the Working Directory

Set the working directory to your current project or the directory relevant to the task. This keeps the agent's operations focused.

Decide on Auto Execute

Based on how risky the task is, decide whether to enable Auto Execute. For analysis-only or unfamiliar tasks, leave it off so you can confirm each step.

Write a Clear Task

Describe the goal, scope, and any limits clearly. Constraints like "read only, do not modify" reduce the chance of unwanted actions.

Good Prompt Examples

The clearer your prompt, the more reliable the result. State the scope, the goal, and any restrictions.

Set boundaries in the prompt

Constraints such as "read only", "do not run install commands", or "only check the docs directory" help the agent stay on task and avoid mistakes.

Common Settings

These settings live in the Agent Mode config panel (hover the Agent Mode button) and are saved per agent.

When off, the agent is a normal chat assistant. When on, the agent can call tools to complete tasks.

Auto Execute

Auto Execute off: every tool call requires your confirmation before it runs.
Auto Execute on: the agent runs tool calls directly by default.

First-time risk confirmation

The first time you enable Auto Execute, OllaMan shows a high-risk warning that you must acknowledge before it takes effect. Unless you clearly understand what you're doing, leaving Auto Execute on for long periods is not recommended.

Working Directory

The working directory limits the main scope of Agent Mode operations. Set it to your current project or the directory relevant to the task.

The more precise the working directory, the less likely the agent is to read files or run commands in unrelated locations.

Built-in Tools

Agent Mode ships with four built-in tools. Any argument error, execution failure, or security rejection is returned to the model as a tool error so it can adjust and continue.

read

Reads a local text file so the agent can gather context.

write

Writes to a file, supporting overwrite, append, and create modes.

edit

Edits a file by exact text replacement. By default the old text must match exactly once — if it matches zero times or multiple times, the tool returns an error instead of silently changing the wrong place. Batch replacement requires explicitly enabling replaceAll.

bash

Runs shell commands inside the configured working directory.

Global Agent Settings

Open Settings → Agent to manage configuration shared by all agents. Unlike the per-agent toggle, Auto Execute, and Working Directory, these settings are global.

Skills Paths

Skills are extra capability instructions for the assistant. You can add one or more Skills directories, and OllaMan loads the enabled Skills when Agent Mode is active. When Agent Mode starts, it scans the enabled Skills paths and reads each skill's SKILL.md.

By default, two paths are added and enabled:

~/.claude/skills/
~/.agents/skills/

If a path is invalid, disable or remove it — this does not affect the other paths. If a single skill fails to load, it is skipped without blocking the rest.

MCP

MCP is not directly supported yet

Agent Mode does not use MCP directly at this time. You can convert MCP tools into Skills with MCP2Skill and then use them as Skills.

Bash Execution

You can set the maximum runtime for a single command (default 300 seconds). A Bash command that exceeds this time is terminated and returns a timeout result, preventing long-running or endlessly-outputting commands from blocking the session.

Command Blacklist

The command blacklist intercepts high-risk commands. When a command matches an enabled blacklist pattern, it always requires your confirmation — even when Auto Execute is on.

By default, the following patterns are added and enabled:

rm -rf
dd
mkfs
truncate
sudo
su

You can add, remove, enable, or disable individual patterns. Plain text is matched by shell command position; entries written as /pattern/ are matched as regular expressions.

The blacklist reduces risk, it does not eliminate it

The blacklist only lowers risk and cannot guarantee that every dangerous command is intercepted. Stay cautious when Auto Execute is enabled.

Tool Approval

When an action needs confirmation, an approval panel appears above the chat input. You can review exactly what will run, then choose to approve or reject it.

Review carefully in cases like these:

The command modifies, deletes, or overwrites files
The command requires administrator privileges
The operation involves system directories
You're unsure what the command does

Rejecting an action does not end the conversation. The agent sees the rejection result and can continue with a different approach.

Always-Confirmed Operations

Some operations force confirmation regardless of the Auto Execute setting — this protection cannot be bypassed:

Critical path protection: writes or edits to system-critical paths always require a second confirmation. These include /System, /usr, /bin, /sbin, and /etc on macOS/Linux, and C:\Windows, C:\Program Files, C:\Program Files (x86), and C:\ProgramData on Windows. Read-only access is not blocked.
Blacklist match: any Bash command matching an enabled blacklist pattern always requires confirmation.

Viewing Execution

Agent Mode shows its execution inline within the chat reply, in the same message flow as a normal AI response. You can follow what the agent intends to do, which actions are waiting for confirmation, what each tool returned, and the final conclusion.

Tool calls appear as cards (tool name plus an argument summary) in the text flow.
Tool results are inserted right after the corresponding call.
Long commands or results are collapsed by default — click to expand.
The whole reply scrolls naturally with the chat; there's no separate timeline panel.

You can stop anytime

Agent Mode has no automatic step limit or total-time cutoff, and it keeps running when you switch agents, sessions, or close the window. If you spot something wrong, use the chat's stop control to end the task manually.

Best Practices

1. Set the Working Directory First

Configure the working directory before starting a task so the agent stays scoped to the right location.

2. Analyze Before Modifying

For unfamiliar projects, ask the agent to analyze first instead of modifying files right away.

3. Disable Auto Execute for Dangerous Ops

For operations that delete, overwrite, install, or escalate privileges, turn Auto Execute off and confirm each step.

4. Verify Skills Sources

Confirm that third-party Skills come from a trustworthy source before using them — a skill can run arbitrary high-risk flows.

5. Reject Unknown Commands

If the agent is about to run a command you don't understand, reject it.

FAQ

Need Help?

Get Support

Learn the basics in the Agents guide
Check the Quick Start guide for setup
Browse Features for more capabilities
Submit feedback on GitHub Issues

Agent Mode

Analysis with a clear scope

Read-only documentation review

Investigate without modifying

read

write

edit

bash

1. Set the Working Directory First

2. Analyze Before Modifying

3. Disable Auto Execute for Dangerous Ops

4. Verify Skills Sources

5. Reject Unknown Commands

Why didn't I get an immediate answer?

Why am I still asked to confirm with Auto Execute on?

How do I get more stable results?

Table of Contents