Protected Paths - Claude Code
Auto-guarded directories like .git, .claude, and .vscode.
Protected paths are directories Claude Code refuses to modify without explicit, targeted approval - even in bypass mode.
What it does
.git, .claude, .vscode, and similar metadata directories are guarded by default. Edits or writes to anything inside them require a specific permission grant, not a blanket allow. It's a structural safety net - you can't accidentally rewrite your git history or clobber your Claude config by running a wide prompt.
When to use it
- Always. Protected paths are on by default and you should leave them on.
- Add your own sensitive paths to the guard list for project-specific safety.
- Pair with audit logging to catch attempts even when denied.
- Keep the guard in place even for trusted agents - the defense layers compound.
Gotchas
- Some legitimate workflows need to touch
.git(tools that rewrite hooks, for example). Grant tightly scoped rules for those. - Protected paths don't prevent reads. Claude can still see what's there.
- Custom protected paths live in settings. Changes apply on session restart.
Official docs: https://code.claude.com/docs/en/permission-modes.md#protected-paths
Technical content at the intersection of AI and development. Building with AI agents, Claude Code, and modern dev tools - then showing you exactly how it works.
Get the weekly deep dive
Tutorials on Claude Code, AI agents, and dev tools - delivered free every week.
Was this helpful?
Related Guides
Related Tools
Claude Code
Anthropic's agentic coding CLI. Runs in your terminal, edits files autonomously, spawns sub-agents, and maintains memory...
View ToolCodeburn
Interactive TUI dashboard that shows exactly where your Claude Code and Cursor tokens are going, in real time.
View ToolClaude Opus 4.7
Anthropic's flagship reasoning model. Best-in-class for coding, long-context analysis, and agentic workflows. 1M token c...
View ToolConductor
Mac app for running parallel Claude Code, Codex, and Cursor agents in isolated workspaces. Watch every agent work at onc...
View ToolRelated Videos
Nimbalyst: The Open-Source Visual Workspace for Building with Codex and Claude Code
Nimbalyst Demo: A Visual Workspace for Codex + Claude Code with Kanban, Plans, and AI Commits Try it: https://nimbalyst.com/ Star Repo Here: https://github.com/Nimbalyst/nimbalyst This video demos N...
Composio: Connect OpenClaw & Claude Code to 1,000+ Apps via CLI
Composio: Connect AI Agents to 1,000+ Apps via CLI (Gmail, Google Docs/Sheets, Hacker News Workflows) Check out Composio here: http://dashboard.composio.dev/?utm_source=Youtube&utm_channel=0426&utm_...
Claude Code Channels in 8 Minutes
Anthropic has released Channels for Claude Code, enabling external events (CI alerts, production errors, PR comments, Discord/Telegram messages, webhooks, cron jobs, logs, and monitoring signals) to b...
Related Posts
Claude Opus 4.8 Is an Agent Honesty Release
Claude Opus 4.8 looks like a benchmark bump, but the developer story is better honesty, dynamic workflows, and effort co...
Anthropic Sonnet 4.5 in Claude Code
Anthropic's Claude Sonnet 4.5 isn't just another model increment. The company claims they've observed it maintaining foc...
Claude Agent SDK vs Claude Code: When to Build and When to Drive
Claude Agent SDK vs Claude Code explained: same engine, two surfaces. Here is the concrete decision line, plus where Man...
Claude Agent SDK vs LangGraph: Choosing Your Agent Stack in 2026
Claude Agent SDK vs LangGraph head-to-head: architecture, state handling, multi-agent patterns, and real pricing - plus...
Claude Agents vs Skills: Which One Do You Actually Need?
Claude agents vs skills, untangled: agents are workers with their own context window, skills are instructions loaded on...
Claude Code Auto Mode Explained: Permissions Without the Prompts
Auto mode replaces permission prompts with a background safety classifier - here is how the Shift+Tab cycle, hard_deny r...
