Claude Code Permissions - DeveloPassion

# Claude Code Permissions Claude Code has a strict permission model for configuring which commands it may or may not use. Manage via `/permissions` in the REPL, or edit `settings.json` files (see [[Claude Code Configuration]]). ## Permission modes Set via `claude --permission-mode <mode>` flag, the `defaultMode` setting, or `Shift+Tab` to cycle through during a session. | Mode | Behavior | |------|----------| | `default` | Prompt for everything except read-only actions | | `acceptEdits` | Auto-approve file edits in working directory; prompt for shell/network | | `plan` | Read-only research (Read, Glob, Grep, WebSearch, WebFetch, AskUserQuestion). Edit/Write/Bash blocked. See [[Claude Code Interactive Mode]] | | `auto` | Classifier-mediated approvals. See [[Claude Code Auto Mode]] | | `bypassPermissions` | Approve nothing. Use only in isolated VMs / sandboxes | `bypassPermissions` is also reachable via the legacy flag `--dangerously-skip-permissions`. ## Settings structure ```json { "permissions": { "defaultMode": "acceptEdits", "additionalDirectories": ["../shared-lib"], "allow": ["Bash(npm run:*)", "Edit(src/**)"], "deny": ["Read(.env*)", "Bash(rm -rf:*)"], "ask": ["WebFetch", "Bash(docker:*)"] } } ``` - `allow` — auto-approve without prompting - `deny` — refuse outright (no override prompt) - `ask` — always prompt, even if covered by another rule - `additionalDirectories` — directories Claude may read/edit beyond the cwd ## Permission format Permissions are defined using: `Type(optional specifier)`. ## Permission types - `Read`: read files - `Edit`: edit files (applies to all built-in tools that edit files) - `Write`: create files (some configs split this from Edit) - `Bash`: shell commands - `WebFetch`: HTTP fetches - `Agent`: subagent spawning - `mcp`: MCP tool calls (see below) Read/Edit/Write rules follow the [gitignore specification](https://git-scm.com/docs/gitignore). Patterns are resolved relative to the directory containing `.claude/settings.json`. Use `//` for absolute paths, `~/` for home directory paths. ## Tool-specific permission rules - `Bash(npm run build)` — match the exact command - `Bash(npm run test:*)` — match commands starting with `npm run test` (Claude is aware of shell operators like `&&`, `|`, `;`) - `Edit(docs/**)` — match edits to files in `docs/` - `Write(src/**)` — match writes inside `src/` - `Read(~/.zshrc)`, `Read(.env*)` — file path patterns - `WebFetch(domain:example.com)` — match fetch requests to `example.com` - `mcp__puppeteer` — any tool from the `puppeteer` MCP server - `mcp__puppeteer__puppeteer_navigate` — a specific MCP tool - `mcp__github__*` — wildcard for all tools from a server ### Wrapper-command matching (v2.1.118+) Deny rules now match the inner command even when wrapped: `env VAR=x sudo rm -rf /` is matched by `Bash(rm -rf:*)`, `Bash(sudo:*)`, AND `Bash(env:*)`. Wrappers covered: `env`, `sudo`, `watch`, `xargs`, `time`, `nice`, `nohup`, etc. ## Recommended deny list ```json { "deny": [ "Bash(rm -rf:*)", "Bash(sudo:*)", "Bash(curl:*|wget:*)", "Bash(find -exec:*)", "Bash(git push --force:*)", "Bash(git push --force-with-lease:*)", "Read(.env)", "Read(.env.*)", "Read(**/secrets/**)", "Read(**/.aws/**)", "Read(**/.ssh/**)", "Edit(.git/**)" ] } ``` `Bash(find -exec:*)` is auto-blocked since v2.1.118 — `find` with execution flags no longer falls under `Bash(find:*)`. ## Auto mode interaction (`$defaults` sentinel) When using auto mode, the classifier ships built-in safety rules. To extend them with your own, use `$defaults` as a position marker (v2.1.118+): ```json { "autoMode": { "allow": [ "Bash(npm test:*)", "$defaults", "Bash(git push:origin/feature/*)" ] } } ``` `$defaults` expands inline at that exact position — order matters when rules conflict. ## Generating an allowlist from history Run `/less-permission-prompts` (v2.1.111+) to scan recent transcripts and propose a prioritized allowlist of common read-only Bash and MCP calls. Saves to `.claude/settings.json` after review. ## References - Permissions: https://docs.anthropic.com/en/docs/claude-code/settings#permissions ## Related - [[Claude Code]] - [[Claude Code Configuration]] - [[Claude Code Tools]]