Security and Permissions

Claude Code presents permission prompts before running shell commands and modifying files. Responses: y (once), n (deny), a (always for this session), s (skip). Configure persistent auto-approvals via settings.json for safe operations only.

Syntax

claude-code
// Permission prompt response options:
[y]es    // Allow this one instance
[n]o     // Deny — Claude tries alternative
[a]lways // Auto-approve for rest of session
[s]kip   // Skip this step entirely

// Persistent auto-approval settings:
// ~/.config/claude-code/settings.json
{
  "allowedTools": [
    "Bash(npm test*)",
    "Bash(npm run typecheck*)",
    "Bash(git status*)",
    "Bash(git diff*)"
  ]
}

Example

claude-code
// SAFE to auto-approve:
"Bash(npm test*)"            // Test runners
"Bash(npm run typecheck*)"   // Type checking
"Bash(git status*)"          // Read-only git
"Bash(git diff*)"            // Read-only git

// REQUIRE manual approval every time:
"Bash(git commit*)"          // Review before committing
"Bash(git push*)"            // Never auto-approve
"Bash(npm install*)"         // Review new dependencies
"Bash(*--force*)"            // Any destructive flag