Claude Code Permission Configurator (2026)

Build your permission settings interactively. Export as settings.json, CLI flags, or CLAUDE.md rules.

1 Permission Mode
This mode skips ALL permission checks. Only use in isolated CI/CD environments with proper sandboxing. Never use --dangerously-skip-permissions in local development or shared workstations.
2 Tool Allowlist
3 Safety Rules
Block rm -rf commands
Block git push --force
Block sudo commands
Require confirmation for production deploys
Log all auto-approved actions
Block file writes outside project directory
Restrict network access to approved domains

Unlock Unlimited Configurations

You have used your 2 free configurations. Get lifetime access to all Claude Code tools, 200+ guides, and production-ready permission templates.

Get Lifetime Access — $99

Understanding Claude Code Permissions

Claude Code is an AI-powered coding assistant that operates directly in your terminal, reading files, writing code, and executing shell commands on your behalf. Because it has real access to your filesystem and can run arbitrary commands, permissions are the primary mechanism for controlling what Claude Code can and cannot do during a session. Without proper permission configuration, you are relying entirely on Claude Code's judgment about which actions to take, which introduces unnecessary risk to your codebase, your credentials, and your production systems.

The permission system works on three levels. First, there is the interactive prompt: by default, Claude Code asks you for explicit approval before every tool invocation. Second, there is the allowlist, which lets you pre-approve specific tools and command patterns so Claude Code can use them without interrupting your workflow. Third, there is the deny list, which acts as a hard block on specific actions regardless of what is allowed elsewhere. These three levels combine to give you fine-grained control over Claude Code's behavior, from fully locked down to fully autonomous.

Permissions are configured via .claude/settings.json at the project level or ~/.claude/settings.json globally. Project-level settings override global settings, which means you can maintain strict defaults while relaxing permissions for trusted repositories. The configurator above generates valid settings files, CLI commands, and CLAUDE.md documentation so you can get started immediately.

Permission Modes Explained

Claude Code supports three distinct permission modes, each suited to different workflows and risk tolerances. Choosing the right mode depends on your experience level, the sensitivity of your codebase, and whether a human is present to review actions.

Building a Safe Permission Configuration

A well-designed permission configuration follows the principle of least privilege: grant only the access Claude Code needs for your specific workflow, and deny everything else by default. Here is a step-by-step approach to building a safe configuration:

  1. Start with read-only tools. Allow Read, Glob, and Grep first. These tools cannot modify your filesystem and are safe to auto-approve in any context.
  2. Add write tools selectively. If you trust Claude Code to edit files, add Edit (which modifies existing files) before Write (which creates new files). Edit is safer because it requires an existing file to target.
  3. Scope Bash carefully. Never allow Bash(*) without deny rules. Instead, allow specific command families: Bash(npm *), Bash(git status), Bash(git diff *), Bash(python *). Keep destructive commands like git push, rm, and sudo behind confirmation prompts.
  4. Set deny rules for dangerous patterns. Always deny Bash(rm -rf *), Bash(sudo *), and Bash(git push --force *). Deny rules override allow rules, so they act as a safety net even if your allow patterns are too broad.
  5. Test before committing. Run a few sessions with your configuration and review what gets auto-approved versus what triggers prompts. Adjust your patterns based on real usage rather than guessing.
{
  "permissions": {
    "allow": [
      "Read", "Glob", "Grep", "Edit",
      "Bash(npm *)", "Bash(git diff *)", "Bash(git status)"
    ],
    "deny": [
      "Bash(rm -rf *)",
      "Bash(sudo *)",
      "Bash(git push --force *)"
    ]
  }
}

CI/CD Permission Patterns

In continuous integration and continuous deployment pipelines, Claude Code runs without a human operator. This requires either --dangerously-skip-permissions or a carefully scoped allowlist that covers every tool the pipeline needs. The safer approach is the allowlist: it provides automation without sacrificing all safety checks.

A typical CI/CD configuration allows Bash commands for build tools (npm *, make *, docker *), file operations (Read, Edit, Write, Glob, Grep), and denies destructive operations. If you must use --dangerously-skip-permissions, ensure your CI environment is ephemeral (containers or VMs that are destroyed after each run), has no access to production credentials, and has network restrictions to prevent unauthorized deployments.

# Safe CI/CD command with scoped permissions
claude --allowedTools "Edit,Write,Read,Glob,Grep,Bash(npm *),Bash(make *)" \
       --deniedTools "Bash(rm -rf *),Bash(sudo *),Bash(git push --force *)" \
       --print "Run the test suite and fix any failures"

Common Questions

What does --dangerously-skip-permissions do?
The --dangerously-skip-permissions flag disables all permission prompts in Claude Code, allowing it to execute any tool (file edits, shell commands, network requests) without asking for confirmation. This flag is intended exclusively for isolated CI/CD environments where no human is present to approve actions. Using it in development is strongly discouraged because Claude Code could modify or delete files, run arbitrary commands, or make network requests without any safety checks.
Is it safe to use YOLO mode in development?
No. YOLO mode (--dangerously-skip-permissions) should never be used during local development. Without permission prompts, Claude Code can execute destructive commands like rm -rf, push to production branches, or overwrite critical files without warning. For development, use Allowlist mode instead: auto-approve safe tools like Read, Grep, and Glob while keeping confirmation prompts for Bash and Write operations.
How do I allow specific bash commands?
In your .claude/settings.json file, add pattern-matched entries to the allow array. For example, Bash(npm *) allows all npm commands, Bash(git status) allows only git status, and Bash(python *.py) allows running Python scripts. Glob-style wildcards (*) are supported. You can combine multiple patterns in the allow array to build a comprehensive set of auto-approved commands.
Can I set different permissions per project?
Yes. Claude Code supports project-level permissions via a .claude/settings.json file in your project root, which overrides the global settings at ~/.claude/settings.json. This lets you have strict permissions for a production repository while using relaxed permissions for a personal side project. Team-shared permissions can be committed to version control so every contributor uses the same safety rules.
How do I block dangerous commands?
Add patterns to the deny array in your settings.json. Common deny rules include: Bash(rm -rf *) to block recursive deletion, Bash(sudo *) to block privilege escalation, Bash(git push --force *) to block force pushes, and Bash(chmod 777 *) to block overly permissive file modes. Deny rules always take precedence over allow rules, so even if Bash(*) is in your allow list, denied patterns will still be blocked.
What's the difference between allow and deny lists?
The allow list specifies tools that Claude Code can use without asking for confirmation. The deny list specifies tools and commands that Claude Code must never execute, even if they match an allow pattern. Deny rules always win: if Bash(git *) is allowed but Bash(git push --force *) is denied, Claude Code will auto-approve git status but block git push --force. Anything not in either list triggers a confirmation prompt.
How do permissions work with MCP servers?
MCP (Model Context Protocol) server tools follow the same permission system. Each MCP tool appears with a server prefix, like mcp__github__create_issue. You can allow or deny specific MCP tools in your settings.json using the same pattern syntax. For example, mcp__github__* allows all GitHub MCP tools while mcp__filesystem__write_file could be denied to prevent MCP-based file writes.
Can I audit what Claude Code does automatically?
Yes. Claude Code logs all actions in its session history. You can review what tools were called, what commands were run, and what files were modified after each session. For CI/CD environments, redirect output to a log file and use the --output-format json flag to get structured logs. Some teams also configure their deny list to prevent destructive actions while keeping a broad allow list, then review session transcripts periodically.
What permissions does Claude Code need for CI/CD?
For CI/CD pipelines, Claude Code typically needs: Bash for running build and test commands, Read and Glob for file access, Edit and Write for making changes, and Grep for searching code. In CI/CD you can use --dangerously-skip-permissions since the environment is isolated and ephemeral. However, the safer approach is to use an allowlist that permits only the specific commands your pipeline needs, combined with deny rules for destructive operations.
How do I reset permissions to default?
To reset permissions to the default (ask-every-time) mode, delete or empty your .claude/settings.json file. Running rm .claude/settings.json removes project-level overrides, falling back to global settings. To reset global settings, remove ~/.claude/settings.json. You can also start a new session without saved settings. The default mode prompts for confirmation on every tool use.

Related guides: Claude Code Configuration Guide | Best Practices | Commands Reference

Need production-ready permission templates for teams, CI/CD, and enterprise deployments?

Production permission templates → Claude Code Mastery Playbook ($99)