name: permission-patterns description: Guide for configuring Claude Code permissions effectively. Use when setting up security policies, configuring allow/deny patterns, managing tool permissions, or implementing team security standards. Covers permission modes, sandboxing, and settings.json configuration. allowed-tools: ["Read"]

Permission Patterns

Configure Claude Code permissions for security, productivity, and team compliance.

Quick Reference

Permission Modes

For detailed mode behaviors and switching, see MODES.md.

Permission Rule Precedence

Rules are evaluated in this order (highest to lowest):

1. Deny - Blocks tool use (highest priority)
2. Ask - Requires confirmation
3. Allow - Permits without prompting

Settings file precedence:

1. Managed settings (enterprise)
2. Command line arguments
3. .claude/settings.local.json (local project)
4. .claude/settings.json (shared project)
5. ~/.claude/settings.json (user)

Basic Configuration

{
  "permissions": {
    "allow": [
      "Bash(git status)",
      "Read"
    ],
    "deny": [
      "Bash(rm -rf *)"
    ]
  },
  "defaultMode": "default"
}

Common Permission Patterns

Git Operations

{
  "permissions": {
    "allow": [
      "Bash(git status)",
      "Bash(git diff:*)",
      "Bash(git log:*)",
      "Bash(git branch:*)",
      "Bash(git checkout:*)"
    ],
    "ask": [
      "Bash(git push:*)",
      "Bash(git commit:*)"
    ]
  }
}

Package Managers

{
  "permissions": {
    "allow": [
      "Bash(npm run *)",
      "Bash(npm test:*)",
      "Bash(bun *)",
      "Bash(yarn *)"
    ]
  }
}

File Operations

{
  "permissions": {
    "allow": [
      "Edit(/src/**/*.ts)",
      "Edit(/tests/**)",
      "Read"
    ],
    "deny": [
      "Edit(/.env)",
      "Edit(/secrets/**)"
    ]
  }
}

For comprehensive patterns including Bash, file paths, and MCP tools, see PATTERNS.md.

Tool Permission Categories

Sandboxing

Enable sandboxing for filesystem and network isolation:

/sandbox

Benefits:

• Filesystem isolation (writes restricted to project)
• Network access controls
• Reduced permission prompts
• Maintained security boundaries

Claude Code restricts writes to the project directory and subdirectories by default. Parent directories are protected.

Security Essentials

Always Deny

{
  "permissions": {
    "deny": [
      "Bash(curl *)",
      "Bash(wget *)",
      "Bash(rm -rf *)",
      "Edit(/.env)",
      "Edit(/secrets/**)"
    ]
  }
}

Principle of Least Privilege

Start restrictive, add permissions as needed:

{
  "defaultMode": "dontAsk",
  "permissions": {
    "allow": [
      "Read",
      "Bash(git status)",
      "Bash(npm test)"
    ]
  }
}

For comprehensive security guidance, see SECURITY.md.

CLI Permission Flags

Example:

claude --permission-mode plan
claude --allowedTools "Bash(git:*)" "Read"
claude --tools "Bash,Edit,Read"

Managing Permissions

View and manage permissions interactively:

/permissions

Shows:

• All permission rules
• Source settings file for each rule
• Current permission mode

Workflow: Setting Up Project Permissions

Prerequisites

• Identify tools needed for the project
• Determine security requirements
• Check for enterprise managed settings

Steps

1. Create project settings

   • Create .claude/settings.json
   • Set appropriate defaultMode
   • Add allow rules for common operations

2. Configure sensitive operations

   • Add ask rules for risky operations
   • Add deny rules for blocked operations

3. Test configuration

   • Run Claude Code with /permissions
   • Verify expected prompts appear
   • Adjust rules as needed

Validation

• Common operations work without excessive prompts
• Sensitive operations require confirmation
• Blocked operations are denied

Reference Files