Terminal commands
v0 can run bash commands in your project sandbox to test, debug, and use platform CLIs. Control its autonomy with three permission modes (Ask, Auto, Full).
v0 can run bash commands inside your project's sandbox to test interactions, inspect your repo, run unit tests, and call platform CLIs like Vercel and GitHub. You control how much autonomy v0 has with a permission mode that defaults to Auto.
What v0 can do in the terminal
v0's Bash tool runs commands in the same sandbox where your project files live. Each command runs in a fresh shell starting from the project root, so v0 chains operations explicitly rather than relying on shell state.
Common use cases
- Test interactions in a browser: launch a headless browser session against your live preview to verify user flows and capture errors.
- Review commit history: run
git log,git blame, orgit diffto understand prior changes before editing files. - Write and run unit tests: execute your project's test command, read the output, and fix failures in place.
- Use platform CLIs: interact with the Vercel CLI (
vercel logs,vercel inspect) and GitHub CLI (gh pr view,gh issue list) to inspect deployments, pull requests, and issues without leaving the chat.
How to ask for it
Describe the outcome you want. For example:
- "Test the signup flow in a browser and report any failures."
- "Look at the last 10 commits on this file and summarize what changed."
- "Run the unit tests and fix any failures."
- "Check the latest deployment logs in Vercel and identify the error."
v0 picks the appropriate commands, runs them, and folds the output into its next response.
Permission modes
v0 has three permission modes that control when it asks before running a command. The setting persists across new chats.
| Mode | What v0 does | When to use |
|---|---|---|
| Ask Permissions | Asks before every command that isn't on the default read-only allow list. | Sensitive projects, production data, or work where you want to review every action. |
| Auto Permissions (default) | Runs allow-listed commands silently and asks for the rest. | Day-to-day development on non-critical projects. |
| Full Permissions | Runs any command without asking. | Advanced users on disposable or non-sensitive projects. |
System-level deny rules apply in every mode (see What's always blocked).
Auto Permissions
Auto is the default mode and fits most users. v0 silently runs commands that are on its built-in allow list, which includes:
- Read-only file inspection:
ls,find,cat,head,tail,tree,wc,cd,pwd - Search and data:
grep,rg,jq - Local git:
git status,git log,git diff,git show - Read-only GitHub CLI:
gh pr view,gh pr list,gh pr diff,gh pr checks,gh issue view,gh repo view - Read-only Vercel CLI:
vercel logs,vercel inspect,vercel list,vercel whoami,vercel activity - Output:
echo,whoami - Browser automation and timing:
agent-browser,sleep
For commands outside this list (writes, remote git, shell wrappers, package execution, network calls), v0 pauses and shows a confirmation card with the exact command before running it.
You can edit this list under Settings → Agent Permissions. See Customize the rules.
Ask Permissions
Ask mode shows a confirmation card for every command that isn't already on the read-only allow list. You approve or deny each one before v0 runs it.
Use Ask mode when you want a tight feedback loop, for example when working against a real production database or in a repo where you want to audit each step v0 takes.
Full Permissions
Full mode runs every command without asking, including shell wrappers (bash, sh, eval), package execution (pnpm dlx, npx -y), and remote git operations (git push, gh pr create).
Only use Full mode if both of these apply:
- You're working on a non-sensitive project with no production credentials or critical data.
- You're comfortable reviewing v0's command history after the fact rather than approving each command up front.
System deny rules still apply in Full mode, so destructive operations like rm -rf remain blocked.
Set the permission mode
- In the composer toolbar, open the Tools dropdown (the plus icon next to the model picker).
- Select the Permissions row. The submenu shows your current mode.
- Choose Ask Permissions, Auto Permissions, or Full Permissions.
Your selection persists across new chats until you change it.
Customize the rules
The permission mode controls how v0 reacts to unmatched commands. The rules themselves (which commands count as allowed, asked, or denied) live in your settings and can be edited directly. Open Settings → Agent Permissions to manage them.
User and Team scopes
The permissions panel has two tabs:
- User: Rules tied to your account. They apply across every project you work on.
- Team: Rules set by team owners that apply to every member of the team. Only team owners can edit this tab.
User and team rules are combined, not exclusive. A command is allowed if either scope allows it, denied if either scope denies it, and prompted if either scope marks it as ask.
Rule format
Each scope holds three JSON arrays:
| Array | Behavior |
|---|---|
allow | v0 runs the command without asking, regardless of the chat's permission mode. |
deny | v0 never runs the command, in any mode. |
ask | v0 always confirms with you before running the command, even in Auto or Full mode. |
Patterns follow the form Bash(<command pattern>). A :* suffix matches any arguments. For example:
{
"allow": [
"Bash(pnpm test:*)",
"Bash(pnpm lint:*)"
],
"ask": [
"Bash(git push:*)"
],
"deny": [
"Bash(curl:*)"
]
}Click Reset to default to discard your custom rules and restore the built-in list.
What's always blocked
Some commands are denied at the system level and can't be overridden by any permission mode. Currently:
rm -rfand other recursive force deletes. v0 routes file removal through its built-inDeletetool, which keeps the sandbox state consistent with the editor.
To remove files, ask v0 to delete them by name instead of running rm directly.
See what else v0's agent can do