Flags
Common flags
| Flag | Description | |
|---|---|---|
--help |
Show flags and commands | |
--version |
Version | |
-p, --print "<prompt>" |
Headless: run prompt and exit | |
| `--mode text\ | json` | Print mode output (json = structured event stream) |
--yes |
Headless auto-approve within policy (not a sandbox) | |
--dangerously-permissionless |
Skip interactive confirms from start; headless gets --yes semantics |
|
--save-session |
Persist history in headless (off by default) | |
--no-checkpoint |
Disable pre-edit file snapshots | |
--subagent-max-turns <n> |
Max turns per subagent (default 500) | |
--append-system-prompt "..." |
Append to system prompt | |
--enable-sqz |
Enable sqz compression if binary available | |
--enable-bash / --use-tools |
Tool toggles (defaults on) | |
--enable-subagents |
Subagent tools (default on) | |
--enable-images |
Force image attachments for unsupported servers |
Headless exit codes
| Code | Meaning |
|---|---|
0 |
Success |
1 |
Runtime error |
2 |
Blocked by policy |
Safety notes
--yes and --dangerously-permissionless
Neither is a sandbox. Some dangerous shell patterns are still always blocked. Never use on untrusted prompts.
# Strict headless (default): confirm-needed tools rejected
ninja -p "fix tests"
# Auto within policy
ninja -p "fix tests" --yes
Preview any command:
ninja policy check "git push --force"