Permission Rules - Claude Code
Granular allow/ask/deny rules per tool with wildcard patterns.
Permission rules are how you codify "yes, always run pnpm test" and "no, never touch this directory" without answering prompts each session.
What it does
Each rule pairs a tool pattern with an action: allow, ask, or deny. Patterns can match Bash commands, file paths, MCP servers, and more - with wildcards for flexibility. Rules live in settings.json (project-level) or settings.local.json (per-user) and combine with admin-managed rules for teams.
When to use it
- Allowlisting common commands (
npm run *,git status,ls *). - Denying sensitive paths (production config, secret files).
- Locking Claude to a specific MCP server for a given project.
- Building up a session-to-session baseline of trusted patterns.
Gotchas
- Order matters. More specific rules should come before broad ones.
- Wildcards can over-grant. Audit your allow list periodically.
- Project rules commit to the repo, so don't put user-specific prefs there. Use
settings.local.json.
Official docs: https://code.claude.com/docs/en/permissions.md
Technical content at the intersection of AI and development. Building with AI agents, Claude Code, and modern dev tools - then showing you exactly how it works.
Get the weekly deep dive
Tutorials on Claude Code, AI agents, and dev tools - delivered free every week.
Was this helpful?
Related Guides
Related Tools
Claude Code
Anthropic's agentic coding CLI. Runs in your terminal, edits files autonomously, spawns sub-agents, and maintains memory...
View ToolCodeburn
Interactive TUI dashboard that shows exactly where your Claude Code and Cursor tokens are going, in real time.
View ToolClaude Opus 4.7
Anthropic's flagship reasoning model. Best-in-class for coding, long-context analysis, and agentic workflows. 1M token c...
View ToolZed
High-performance code editor built in Rust with native AI integration. Sub-millisecond input latency. Built-in assistant...
View ToolRelated Videos
Nimbalyst: The Open-Source Visual Workspace for Building with Codex and Claude Code
Nimbalyst Demo: A Visual Workspace for Codex + Claude Code with Kanban, Plans, and AI Commits Try it: https://nimbalyst.com/ Star Repo Here: https://github.com/Nimbalyst/nimbalyst This video demos N...
Composio: Connect OpenClaw & Claude Code to 1,000+ Apps via CLI
Composio: Connect AI Agents to 1,000+ Apps via CLI (Gmail, Google Docs/Sheets, Hacker News Workflows) Check out Composio here: http://dashboard.composio.dev/?utm_source=Youtube&utm_channel=0426&utm_...
Claude Code Channels in 8 Minutes
Anthropic has released Channels for Claude Code, enabling external events (CI alerts, production errors, PR comments, Discord/Telegram messages, webhooks, cron jobs, logs, and monitoring signals) to b...
Related Posts
Anthropic Sonnet 4.5 in Claude Code
Anthropic's Claude Sonnet 4.5 isn't just another model increment. The company claims they've observed it maintaining foc...
Claude Code Token Burn Is an Observability Problem
The latest Claude Code cache-burn debate is not just a quota complaint. It is a reminder that coding agents need cache-h...
Claude Code 2.1.128 Is an Ops Release, Not a Feature Drop
Claude Code 2.1.128 is full of small fixes around MCP, worktrees, OTEL, plugins, and permissions. That is exactly why it...
Codex Loops: What Boris Cherny Gets Right About Managing Agent Work
Boris Cherny's loop-heavy Claude Code workflow points at the next Codex content lane: recurring agents that babysit PRs,...
Free Claude Code Is Really a Model Gateway Bet
The trending Free Claude Code repo is not just about avoiding API bills. It points at a bigger developer-tool pattern: m...
Agent Skills Need Exit Criteria, Not More Prompt Lore
Addy Osmani's agent-skills repo is trending because it turns vague AI coding advice into reusable engineering checklists...
