[docs] Update glossary - weekly full scan

[github-actions]

Summary

Adds a new glossary entry for engine.permission-mode as part of the weekly full-scan documentation maintenance cycle (2026-05-25).

What changed

docs/src/content/docs/reference/glossary.md

• New entry: engine.permission-mode — documents the four accepted string values:
  • acceptEdits — Claude honors --allowed-tools; workflow's declared tools: and mcp-servers: allowed: list is the effective tool boundary
  • bypassPermissions — Claude ignores --allowed-tools; the MCP gateway's allowed: filter is the sole boundary
  • auto — Claude selects the least-privileged mode that fits the workflow's tool configuration; default when tools.edit: false
  • plan — Claude presents changes for approval before applying them
• Documents the deprecated implicit derivation behaviour: bypassPermissions was previously derived implicitly when a workflow granted unrestricted bash access.
• Notes that explicit engine.permission-mode overrides implicit derivation and any legacy --permission-mode flag in engine.args.
• Notes compiler validation against a fixed enum at compile time.
• Includes a usage example (engine.id: claude, permission-mode: acceptEdits).

Type of change

• Documentation only — no source code modified

Impact

Dimension	Assessment
Breaking change	No
Affects runtime behaviour	No
Audience	Workflow authors referencing the glossary
Risk	Low

Notes

Routine weekly glossary scan commit (cca3fc023). No code, schema, or test changes included.

Generated by PR Description Updater for issue #34633 · sonnet46 654.2K · ◷