Strict Mode
FreshStrict Mode provides enhanced security controls for agent operation. When enabled, it enforces restrictive defaults that cannot be overridden at the conversation level.
Browser Controls
URL Allowlist / Denylist
- Controls which URLs the browser subagent can access
- Restricts external markdown images loaded by the agent
- Controls the Read URL tool's access
Enforced Settings
When Strict Mode is active, the following settings are forced regardless of user preferences:
| Setting | Enforced Value |
|---|---|
| Terminal Auto Execution | Request Review (allowlist is ignored) |
| Browser JS Execution | Request Review |
| Artifact Review | Request Review |
File System Restrictions
- The agent respects
.gitignore-- ignored files are invisible to the agent - Workspace isolation -- the agent cannot access files outside the current workspace directory
WARNING
Strict Mode is designed for environments where security is paramount. It significantly limits the agent's autonomy. Use it when working with sensitive codebases or in shared environments.