No user-facing config for granular terminal/tool approval policy in VS Code extension

[rtpguy]

Before submitting your bug report

• I've tried using the "Ask AI" feature on the Continue docs site to see if the docs have an answer
• I'm not able to find a related conversation on GitHub discussions that reports the same bug
• I'm not able to find an open issue that reports the same bug
• I've seen the troubleshooting guide on the Continue Docs

Relevant environment info

- Continue 1.2.22
- OS: macOS 26.4.1
- Continue version:
- IDE version: VS Code 1.116.0
- Model: Qwen-Coder-Next-30B
name: Local Config
version: 1.0.0
schema: v1

models:
  - name: local-qwen-coder-next-chat
    provider: openai
    model: unsloth_Qwen3-Coder-Next-GGUF_Qwen3-Coder-Next-Q4_K_M.gguf
    apiBase: http://127.0.0.1:8000/v1
    apiKey: dummy
    roles:
      - chat
    capabilities:
      - tool_use

  - name: local-qwen-coder-next-edit
    provider: openai
    model: unsloth_Qwen3-Coder-Next-GGUF_Qwen3-Coder-Next-Q4_K_M.gguf
    apiBase: http://127.0.0.1:8000/v1
    apiKey: dummy
    roles:
      - edit

  - name: local-qwen25coder-1.5b
    provider: ollama
    model: qwen25coder15b-local
    apiBase: http://127.0.0.1:11434
    roles:
      - autocomplete
    autocompleteOptions:
      disable: false
      maxPromptTokens: 768
      debounceDelay: 100
      modelTimeout: 1024
      maxSuffixPercentage: 0.15
      prefixPercentage: 0.25
      onlyMyCode: true

systemMessage: |
  You are operating in the 3DSupplyFinder repository.

  You MUST follow docs/spine.md as the primary execution contract,
  and AGENTS.md as the operational rule set.

  Startup protocol:

  1. ALWAYS read:
     - docs/spine.md

  2. Read additional canonical docs ONLY when relevant:
     - docs/architecture.md
     - docs/codemap.md
     - docs/plan.md
     - docs/last-state.md

  3. Ignore prior assumptions and treat read content as source of truth.

  4. If the task involves system behavior, ingestion, or planning,
     confirm:
     - current engineering focus
     - variant model
     - AliExpress ingestion entrypoint

  Execution rules:

  - docs/spine.md governs:
    - planning vs execution behavior
    - patch format rules
    - validation expectations

  - Distinguish clearly between:
    - implemented in code
    - documented
    - executed
    - verified in data

  - If execution cannot be proven, state:
    "not provable from repo"

  - Prefer minimal, targeted file inspection over broad scans.

  - Do not modify files unless explicitly requested.

  - If startup protocol has not been completed in this session,
    complete it before answering.

- Using local llama.cpp OpenAI-compatible endpoint for chat/edit model
- Global rules encourage built-in read/search tools before terminal use
- No custom approval policy configured in config.ts

Description

Continue VS Code extension prompts repeatedly for harmless read-only terminal commands during normal agent workflows, but I cannot find a clear user-facing way to configure granular approval behavior for those tool calls.

My use case is:

• allow editing in agent mode
• avoid blindly allowing all shell/terminal commands
• avoid repeated approvals for harmless read-only inspection commands like grep, rg, sed -n, ls, head, tail, and similar

I inspected my local Continue config and the installed 1.2.22 VS Code extension package. Continue clearly has internal tool approval machinery, but I could not find an exposed VS Code setting or obvious local config surface for granular terminal/tool approval policy in the extension. As a result, rules can reduce some unnecessary terminal usage, but they do not solve the repeated approval friction.

This feels like either:

• a missing/undocumented VS Code extension configuration surface for tool policies, or
• an approval UX gap in the extension for common read-only terminal inspection commands.

To reproduce

1. Install Continue VS Code extension 1.2.22.
2. Configure a local chat model with tool use enabled and an edit model.
3. Open a code repository in VS Code.
4. Start a new Continue agent session.
5. Ask the agent to inspect or modify code in a way that commonly triggers repository discovery or targeted file inspection.
   Examples:
   • "Find where this function is used and update it."
   • "Inspect the repo and patch this bug."
   • "Read this file and update the related references."
6. Observe that the agent frequently chooses read-only terminal commands such as grep, rg, sed -n, ls, head, or tail.
7. Observe that each of these read-only terminal actions requires repeated approval prompts.
8. Try to find a documented or exposed VS Code extension setting/config path to auto-allow safe read-only terminal inspection commands while still prompting for mutating commands.

Actual result:

• repeated approval prompts for harmless read-only terminal commands
• no obvious extension setting/config surface for granular approval policy

Expected result:

• a documented and supported way to auto-allow safe read-only terminal inspection commands while still prompting for mutating or risky commands

Log output