diff --git a/docs/tools/clink.md b/docs/tools/clink.md index 67a577d..14336a3 100644 --- a/docs/tools/clink.md +++ b/docs/tools/clink.md @@ -4,7 +4,7 @@ The `clink` tool transforms your CLI into a multi-agent orchestrator. Launch isolated Codex instances from _within_ Codex, delegate to Gemini's 1M context, or run specialized Claude agents—all while preserving conversation continuity. Instead of context-switching or token bloat, spawn fresh subagents that handle complex tasks in isolation and return only the results you need. -> **CAUTION**: Clink launches real CLI agents with their safety prompts disabled (`--yolo`, `--dangerously-skip-permissions`, `--dangerously-bypass-approvals-and-sandbox`) so they can edit files and run tools autonomously via MCP. If that’s more access than you want, remove those flags—the CLI can still open/read files and report findings, it just won’t auto-apply edits. You can also tighten role prompts or system prompts with stop-words/guardrails, or disable clink entirely. Otherwise, keep the shipped presets confined to workspaces you fully trust. +> **CAUTION**: Clink launches real CLI agents with relaxed permission flags (Gemini ships with `--yolo`, Codex with `--dangerously-bypass-approvals-and-sandbox`, Claude with `--permission-mode acceptEdits`) so they can edit files and run tools autonomously via MCP. If that’s more access than you want, remove those flags—the CLI can still open/read files and report findings, it just won’t auto-apply edits. You can also tighten role prompts or system prompts with stop-words/guardrails, or disable clink entirely. Otherwise, keep the shipped presets confined to workspaces you fully trust. ## Why Use Clink (CLI + Link)? @@ -139,7 +139,7 @@ then codereview to verify the implementation" Clink configurations live in `conf/cli_clients/`. We ship presets for the supported CLIs: - `gemini.json` – runs `gemini --telemetry false --yolo -o json` -- `claude.json` – runs `claude --print --output-format json --permission-mode bypassPermissions --dangerously-skip-permissions` +- `claude.json` – runs `claude --print --output-format json --permission-mode acceptEdits --model sonnet` - `codex.json` – runs `codex exec --json --dangerously-bypass-approvals-and-sandbox` > **CAUTION**: These flags intentionally bypass each CLI's safety prompts so they can edit files or launch tools autonomously via MCP. Only enable them in trusted sandboxes and tailor role prompts or CLI configs if you need more guardrails.