search

Auto-Approval Mode

Running Locus in full-auto mode with Docker sandbox isolation, safety controls, and resumable execution.

Auto-approval mode is the high-automation operating style in Locus:

  • Provider execution runs in full-auto mode (claude --dangerously-skip-permissions or codex exec --full-auto)

  • Issue lifecycle labels are auto-managed (agent.autoLabel)

  • PRs are auto-created after successful execution (agent.autoPR)

  • Interrupted runs resume from saved state (locus run --resume)

hashtag
Sandboxing: Safe Full-Auto Execution

Full-auto mode gives AI agents unrestricted access to your codebase. Docker sandbox isolation is the key safety mechanism that makes this safe for teams.

hashtag
What Sandboxing Protects

spinner

When sandboxed:

  • AI agents execute inside an isolated Docker container

  • Only files allowed by .sandboxignore rules are visible to the agent

  • .env, *.pem, *.key, cloud credential directories are excluded by default

  • Agents cannot access host-level paths, credentials, or system resources

hashtag
Running with Required Sandbox

For maximum safety, require sandboxing so execution fails if Docker is unavailable:

This is recommended for CI environments and team workflows where accidental unsandboxed execution should be prevented.

hashtag
Sandbox Modes

Mode
Flag
Behavior

Auto (default)

(no flag)

Use sandbox if available, warn and fall back if not

Required

--sandbox=require

Fail if sandbox is unavailable

Disabled

--no-sandbox

Run unsandboxed (shows safety warning)

Full setup guide: Sandboxing Setup

hashtag
Safety Controls

Control
Default
Purpose

agent.autoLabel

true

Keep GitHub status labels in sync during execution

agent.autoPR

true

Automatically create PRs for successful tasks

sprint.stopOnFailure

true

Stop sprint on first failure instead of cascading

agent.rebaseBeforeTask

true

Detect base-branch drift/conflicts between tasks

agent.maxParallel

3

Bound concurrent standalone issue execution

--dry-run

off

Preview execution without writes

--resume

off

Continue from failed/interrupted checkpoint

hashtag
When to Use Auto-Approval

Use auto-approval when:

  • Tasks are well-scoped with explicit acceptance criteria

  • Strong CI and branch protections are enforced

  • Docker sandboxing is enabled

  • The team is comfortable with AI-generated PRs

Prefer manual approval when:

  • Changes touch auth, payments, migrations, or production-critical paths

  • Requirements are ambiguous or expected to change during execution

  • A one-off issue needs human checkpoints before any PR is opened

hashtag
Scenario 1: Sprint Autopilot with Resume

What happens:

  • Task labels update automatically (queued → in-progress → done/failed)

  • Sprint halts on failure (by default), then resumes from checkpoint

  • PRs are created automatically for successful tasks

  • All execution is sandboxed

hashtag
Scenario 2: Parallel Backlog Sweep

What happens:

  • Independent issues execute in bounded parallel batches

  • Each issue gets its own git worktree and branch

  • Successful tasks open PRs automatically

  • Failed tasks remain visible via locus:failed labels

hashtag
Manual-Approval Profile

If you need tighter control, disable PR automation:

hashtag
Safety Checklist

Before any auto-approval run:

hashtag
Rollback

If auto-approval is too risky for the current work:

  1. Stop execution (Ctrl+C)

  2. Disable auto PR: locus config set agent.autoPR false

  3. Check status: locus status and locus logs --level error --lines 200

  4. Close automation PRs if needed:

  1. Continue with manual gating (locus run --dry-run, targeted locus run <issue>)

hashtag
Related Docs

PreviousBuilt-In Orchestration ToolsNextHow Locus Works

Last updated