DEV Community

Zac
Zac

Posted on

Claude Code permissions: what to lock down and what to loosen

#claudecode #productivity #security #workflow

Claude Code ships with fairly conservative defaults. Out of the box, it asks for confirmation before running shell commands, writing files, or making network requests. For exploratory sessions, that's reasonable. For autonomous work, it's friction.

Here's how to tune permissions for each context.

The three permission modes

Claude Code has three default behaviors you can configure:

  1. defaultMode — how it handles tool use without explicit approval
  2. allowedTools — which tools it can use freely
  3. disallowedTools — which tools are blocked entirely

Set these in .claude/settings.json at the project root or ~/.claude/settings.json globally.

For solo dev work on your machine 

{
  "defaultMode": "acceptEdits",
  "allowedTools": ["Read", "Write", "Edit", "Bash", "Glob", "Grep"]
}
Enter fullscreen mode Exit fullscreen mode

This lets Claude read, write, and run commands without asking each time. You watch what it does — if something looks wrong, you stop it. Speeds up the feedback loop significantly.

For autonomous agents 

{
  "defaultMode": "bypassPermissions",
  "allowedTools": ["Read", "Write", "Edit", "Bash", "Glob", "Grep", "WebFetch"]
}
Enter fullscreen mode Exit fullscreen mode

This is for sessions where Claude is supposed to work independently. You still read the output, but you're not in the loop for each step. Use this when you've set up clear task instructions and trust the scope.

What to always disallow

Regardless of context, consider disallowing:

  • Destructive operations on production data
  • Git push without explicit confirmation (add a note in CLAUDE.md)
  • Anything that affects external services you didn't explicitly scope

You can't configure every edge case — but a clear scope in CLAUDE.md handles most of it. One rule that sticks: "Do not push to remote. Commit locally and report."

The confirmation overhead is real

On a task with 20 tool calls, waiting for confirmation on each one adds minutes to what should be seconds. The default ask-every-time behavior makes sense for a first session in an unfamiliar codebase. It doesn't make sense for a routine task in your own project.

Tuning permissions isn't about recklessness — it's about removing the overhead on work you already understand well.

Per-project vs global settings

Keep ~/.claude/settings.json conservative (the global default). Use .claude/settings.json at the project level to loosen permissions for codebases where you've built trust. That way a new or unfamiliar project stays careful while your daily-driver projects stay fast.

More on setting up Claude Code for autonomous work: builtbyzac.com/agent-harness.html.

Top comments (0)