AI Modes & Safety
Lino AI provides three distinct execution modes. These allow you to adjust the balance between execution speed and editing safety, fitting different workflows.
The Three Modes
You can toggle the mode selector in the AI panel header to switch between:
1. Plan Mode
- How it works: In this mode, Lino AI behaves in a strictly read-only manner. It cannot generate proposals or modify any data.
- Best for: Outlining complex plans, researching your codebase or Obsidian notes, brainstorming concepts, and deciding on structural architecture.
- Outcome: The AI will output a detailed, step-by-step checklist of proposed canvas/file modifications, but leaves the execution entirely to you (or waits for you to switch modes).
2. Review Mode (Default)
- How it works: The AI can research, plan, and prepare proposals, but every write operation is held in a bundle card in chat.
- Best for: Standard day-to-day writing, importing large batches of notes, connecting ideas, or generating code/whiteboards.
- Outcome: Modifications are only written to your workspace after you review the list and click Apply.
3. Auto-Edit Mode
- How it works: Safe, low-risk changes are applied automatically to keep your momentum, while high-risk changes still prompt for permission.
- Risk Gating:
- Low-Risk (Auto-Applied): Editing a paragraph inside a card, fixing typos, formatting lists, or updating metadata properties.
- High-Risk (Requires Approval): Deleting workspace cards, altering complex database tables, creating new system folders, or running terminal commands.
- Best for: Rapid, hands-free collaborative writing sessions where stopping to click "Apply" on every minor typo correction disrupts your flow.
Permission Gates for Local OS access
Lino AI runs inside a secure local sandbox. Any operations touching your actual operating system are subject to strict permission policies:
- Sandbox Seatbelt: The AI's sandboxed environment prevents code execution from reaching your local filesystem, private networks, or system processes unless explicitly configured.
- Terminal Execution: When the AI runs scripts or terminal commands, you will always be prompted with a clear seatbelt warning to approve or deny the process.
- SSRF Protections: Web search and web reading tools are restricted from accessing local addresses (
localhost,127.0.0.1, private ranges), protecting your local infrastructure from untrusted external content.