The update also expands the agent chat terminal to support approval flows and adds --root, --yes and --unsafe options for CLI control.
AI Quick Take
- execute_write_sql prompts users and then performs writes using the user's database permissions.
- Agent chat now supports approval flows and offers CLI flags (--root, --yes, --unsafe) to change approval behavior.
Simon Willison published datasette-agent 0.3a0, introducing a new execute_write_sql tool that requests user approval before writing to a database and executes those writes under the requesting user's permissions.
The release extends the agent’s prior approval mechanism to actual database mutations and enhances the agent chat terminal to handle approval flows. The chat CLI gains three new options---root to run as root, --yes to approve all prompts, and --unsafe to combine both behaviors-plus support for plain-text alternatives to HTML when tools return content for the CLI. Examples in the notes show the agent inserting pelican sightings and allow commands like chatting directly with a specific database (e.g., content.db) to create tables or add notes.
For developers embedding agents with Datasette, these changes convert approval interactions from a gating UX feature into actionable write capabilities, enabling practical workflows that modify data with explicit user consent. The new flags provide convenience for scripted or automated runs but also surface security trade-offs around auto-approval and elevated privileges. The release documentation does not detail auditing, logging, or broader access controls, so teams should treat --unsafe and --root with caution until organizational controls are clarified.
Readouts to watch next include any subsequent additions for auditability or role-based restrictions, community feedback on real-world safety implications, and whether contributors add finer-grained policy hooks to let operators control which agent tools can request writes.