datasette-agent 0.3a0 ships one consequential addition: execute_write_sql, a tool that gates database writes behind explicit user approval. Before any INSERT, UPDATE, or DELETE runs, the agent surfaces a confirmation card showing the exact SQL statement, the target database, the affected table, and the specific permissions required. The user clicks Yes or No. Nothing executes without that confirmation.
The terminal mode gets the same treatment. The datasette agent chat command now handles approval flows natively, with three new flags controlling trust level: --root runs as root, --yes auto-approves all prompts, and --unsafe combines both. That last flag is the one worth understanding fully, because datasette agent chat content.db -m gpt-5.5 --unsafe lets a model rewrite your database schema and data from plain English with zero friction and zero guardrails.
The release notes are brief but the design decisions embedded in them are not. Read the full changelog and linked issues, particularly issue 27 on write permissions and issue 30 on terminal approval flows, to understand how the approval mechanism actually threads through the tool call architecture. The --unsafe flag is the obvious headline. The permission model underneath it is the real story.
[READ ORIGINAL →]