Skip to content

Instantly share code, notes, and snippets.

@ryanlewis

ryanlewis/claude-permissions.json

Last active February 12, 2026 16:26
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save ryanlewis/f9e86304fd7247a7530bf0dbc4ae7e93 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save ryanlewis/f9e86304fd7247a7530bf0dbc4ae7e93 to your computer and use it in GitHub Desktop.
Download ZIP
Claude Code permissions (settings.json)
Raw
claude-permissions.json
{
"allow": [
"Bash(git status:*)",
"Bash(git log:*)",
"Bash(git diff:*)",
"Bash(git show:*)",
"Bash(git branch:*)",
"Bash(git tag:*)",
"Bash(git remote:*)",
"Bash(git stash list:*)",
"Bash(git rev-parse:*)",
"Bash(git config --get:*)",
"Bash(git config --list:*)",
"Bash(git ls-files:*)",
"Bash(git ls-remote:*)",
"Bash(git shortlog:*)",
"Bash(git describe:*)",
"Bash(git blame:*)",
"Bash(git reflog:*)",
"Bash(git cherry:*)",
"Bash(git worktree list:*)",
"Bash(gh pr list:*)",
"Bash(gh pr view:*)",
"Bash(gh pr diff:*)",
"Bash(gh pr checks:*)",
"Bash(gh pr status:*)",
"Bash(gh issue list:*)",
"Bash(gh issue view:*)",
"Bash(gh issue status:*)",
"Bash(gh repo view:*)",
"Bash(gh repo list:*)",
"Bash(gh repo clone:*)",
"Bash(gh run list:*)",
"Bash(gh run view:*)",
"Bash(gh run watch:*)",
"Bash(gh workflow list:*)",
"Bash(gh workflow view:*)",
"Bash(gh release list:*)",
"Bash(gh release view:*)",
"Bash(gh api:*)",
"Bash(gh auth status:*)",
"Bash(gh search:*)",
"Bash(gh label list:*)",
"Bash(gh variable list:*)",
"Bash(gh secret list:*)",
"Bash(gh config:*)",
"Bash(gh browse:*)",
"Bash(gh gist list:*)",
"Bash(gh gist view:*)",
"Bash(gh extension list:*)",
"Bash(cat:*)",
"Bash(less:*)",
"Bash(head:*)",
"Bash(tail:*)",
"Bash(wc:*)",
"Bash(sort:*)",
"Bash(uniq:*)",
"Bash(cut:*)",
"Bash(tr:*)",
"Bash(grep:*)",
"Bash(rg:*)",
"Bash(ag:*)",
"Bash(find:*)",
"Bash(fd:*)",
"Bash(ls:*)",
"Bash(tree:*)",
"Bash(file:*)",
"Bash(stat:*)",
"Bash(diff:*)",
"Bash(comm:*)",
"Bash(md5sum:*)",
"Bash(sha256sum:*)",
"Bash(shasum:*)",
"Bash(realpath:*)",
"Bash(readlink:*)",
"Bash(basename:*)",
"Bash(dirname:*)",
"Bash(jq:*)",
"Bash(yq:*)",
"Bash(pwd:*)",
"Bash(cd:*)",
"Bash(mkdir:*)",
"Bash(touch:*)",
"Bash(ln:*)",
"Bash(which:*)",
"Bash(whereis:*)",
"Bash(type:*)",
"Bash(echo:*)",
"Bash(printf:*)",
"Bash(node:*)",
"Bash(npx:*)",
"Bash(npm run:*)",
"Bash(npm test:*)",
"Bash(npm run test:*)",
"Bash(npm run lint:*)",
"Bash(npm run build:*)",
"Bash(npm run dev:*)",
"Bash(npm run start:*)",
"Bash(npm list:*)",
"Bash(npm ls:*)",
"Bash(npm view:*)",
"Bash(npm info:*)",
"Bash(npm outdated:*)",
"Bash(npm audit:*)",
"Bash(npm explain:*)",
"Bash(npm config list:*)",
"Bash(npm pack:*)",
"Bash(npm version:*)",
"Bash(npm ci:*)",
"Bash(npm install:*)",
"Bash(npm i:*)",
"Bash(npm uninstall:*)",
"Bash(yarn:*)",
"Bash(pnpm:*)",
"Bash(bun:*)",
"Bash(bunx:*)",
"Bash(tsc:*)",
"Bash(tsx:*)",
"Bash(ts-node:*)",
"Bash(eslint:*)",
"Bash(prettier:*)",
"Bash(vitest:*)",
"Bash(jest:*)",
"Bash(playwright:*)",
"Bash(cypress:*)",
"Bash(nvm:*)",
"Bash(fnm:*)",
"Bash(volta:*)",
"Bash(gradle:*)",
"Bash(./gradlew:*)",
"Bash(gradlew:*)",
"Bash(mvn:*)",
"Bash(./mvnw:*)",
"Bash(mvnw:*)",
"Bash(java:*)",
"Bash(javac:*)",
"Bash(kotlin:*)",
"Bash(kotlinc:*)",
"Bash(jar:*)",
"Bash(jps:*)",
"Bash(jstack:*)",
"Bash(jmap:*)",
"Bash(jcmd:*)",
"Bash(jinfo:*)",
"Bash(python:*)",
"Bash(python3:*)",
"Bash(pip:*)",
"Bash(pip3:*)",
"Bash(pip install:*)",
"Bash(pip list:*)",
"Bash(pip show:*)",
"Bash(pip freeze:*)",
"Bash(pipenv:*)",
"Bash(poetry:*)",
"Bash(uv:*)",
"Bash(pytest:*)",
"Bash(mypy:*)",
"Bash(ruff:*)",
"Bash(black:*)",
"Bash(isort:*)",
"Bash(pyenv:*)",
"Bash(docker ps:*)",
"Bash(docker images:*)",
"Bash(docker image ls:*)",
"Bash(docker inspect:*)",
"Bash(docker logs:*)",
"Bash(docker stats:*)",
"Bash(docker top:*)",
"Bash(docker port:*)",
"Bash(docker history:*)",
"Bash(docker diff:*)",
"Bash(docker volume ls:*)",
"Bash(docker volume inspect:*)",
"Bash(docker network ls:*)",
"Bash(docker network inspect:*)",
"Bash(docker info:*)",
"Bash(docker version:*)",
"Bash(docker system df:*)",
"Bash(docker compose ps:*)",
"Bash(docker compose logs:*)",
"Bash(docker compose config:*)",
"Bash(docker-compose ps:*)",
"Bash(docker-compose logs:*)",
"Bash(docker-compose config:*)",
"Bash(aws sts get-caller-identity:*)",
"Bash(aws s3 ls:*)",
"Bash(aws s3api:*)",
"Bash(aws cloudformation describe:*)",
"Bash(aws cloudformation list:*)",
"Bash(aws ec2 describe:*)",
"Bash(aws ecs describe:*)",
"Bash(aws ecs list:*)",
"Bash(aws ecr describe:*)",
"Bash(aws ecr list:*)",
"Bash(aws logs describe:*)",
"Bash(aws logs get:*)",
"Bash(aws logs filter:*)",
"Bash(aws lambda list:*)",
"Bash(aws lambda get:*)",
"Bash(aws iam list:*)",
"Bash(aws iam get:*)",
"Bash(aws ssm get-parameter:*)",
"Bash(aws ssm describe:*)",
"Bash(aws secretsmanager list:*)",
"Bash(aws rds describe:*)",
"Bash(aws dynamodb describe:*)",
"Bash(aws dynamodb list:*)",
"Bash(aws sqs list:*)",
"Bash(aws sns list:*)",
"Bash(aws configure list:*)",
"Bash(kubectl get:*)",
"Bash(kubectl describe:*)",
"Bash(kubectl logs:*)",
"Bash(kubectl top:*)",
"Bash(kubectl config:*)",
"Bash(kubectl cluster-info:*)",
"Bash(kubectl api-resources:*)",
"Bash(kubectl explain:*)",
"Bash(kubectl version:*)",
"Bash(helm list:*)",
"Bash(helm status:*)",
"Bash(helm get:*)",
"Bash(helm show:*)",
"Bash(env:*)",
"Bash(printenv:*)",
"Bash(date:*)",
"Bash(cal:*)",
"Bash(whoami:*)",
"Bash(id:*)",
"Bash(hostname:*)",
"Bash(uname:*)",
"Bash(uptime:*)",
"Bash(df:*)",
"Bash(du:*)",
"Bash(free:*)",
"Bash(top:*)",
"Bash(htop:*)",
"Bash(ps:*)",
"Bash(lsof:*)",
"Bash(ss:*)",
"Bash(netstat:*)",
"Bash(ip:*)",
"Bash(ifconfig:*)",
"Bash(ping:*)",
"Bash(dig:*)",
"Bash(nslookup:*)",
"Bash(host:*)",
"Bash(traceroute:*)",
"Bash(mtr:*)",
"Bash(tar:*)",
"Bash(zip:*)",
"Bash(unzip:*)",
"Bash(gzip:*)",
"Bash(gunzip:*)",
"Bash(zcat:*)",
"Bash(bzip2:*)",
"Bash(xz:*)",
"Bash(7z:*)",
"Bash(* | grep:*)",
"Bash(* | sort:*)",
"Bash(* | uniq:*)",
"Bash(* | head:*)",
"Bash(* | tail:*)",
"Bash(* | wc:*)",
"Bash(* | jq:*)",
"Bash(* | awk:*)",
"Bash(* | sed:*)",
"Bash(* | cut:*)",
"Bash(* | tr:*)",
"Bash(* | tee:*)",
"Bash(* | xargs:*)",
"Bash(* | less:*)",
"Read",
"Edit",
"MultiEdit",
"Write",
"Glob",
"Grep",
"LS",
"WebFetch",
"WebSearch",
"TodoRead",
"TodoWrite",
"Task"
],
"deny": [
"Bash(rm -rf /*)",
"Bash(rm -rf ~/*)",
"Bash(rm -rf ./*)",
"Bash(rm -r /*)",
"Bash(rm -r ~/*)",
"Bash(rm -f /*)",
"Bash(rm -f ~/*)",
"Bash(shred:*)",
"Bash(find * -delete)",
"Bash(find * -exec rm:*)",
"Bash(sudo rm:*)",
"Bash(sudo su:*)",
"Bash(sudo -i:*)",
"Bash(sudo -s:*)",
"Bash(sudo bash:*)",
"Bash(sudo sh:*)",
"Bash(mkfs:*)",
"Bash(dd:*)",
"Bash(fdisk:*)",
"Bash(parted:*)",
"Bash(shutdown:*)",
"Bash(reboot:*)",
"Bash(halt:*)",
"Bash(poweroff:*)",
"Bash(init:*)",
"Bash(systemctl stop:*)",
"Bash(systemctl disable:*)",
"Bash(systemctl mask:*)",
"Bash(iptables:*)",
"Bash(ip6tables:*)",
"Bash(ufw:*)",
"Bash(passwd:*)",
"Bash(useradd:*)",
"Bash(userdel:*)",
"Bash(usermod:*)",
"Bash(groupadd:*)",
"Bash(groupdel:*)",
"Bash(visudo:*)",
"Bash(chown:*)",
"Bash(chgrp:*)",
"Bash(chmod 777:*)",
"Bash(chmod 000:*)",
"Bash(chmod -R:*)",
"Bash(* > /etc/*)",
"Bash(* > /dev/*)",
"Bash(* > /sys/*)",
"Bash(* > /proc/*)",
"Bash(* > /boot/*)",
"Bash(* >> /etc/*)",
"Bash(* >> /dev/*)",
"Bash(git push --force:*)",
"Bash(git push -f:*)",
"Bash(git reset --hard:*)",
"Bash(git clean -f:*)",
"Bash(git clean -fd:*)",
"Bash(git clean -fdx:*)",
"Bash(git branch -D:*)",
"Bash(git reflog expire:*)",
"Bash(npm publish:*)",
"Bash(yarn publish:*)",
"Bash(twine upload:*)",
"Bash(docker push:*)",
"Bash(docker system prune:*)",
"Bash(docker volume rm:*)",
"Bash(docker kill:*)",
"Bash(crontab -r:*)",
"Bash(crontab -e:*)",
"Bash(at:*)",
"Read(**/.env)",
"Read(**/.env.*)",
"Read(**/secrets/**)",
"Read(**/.ssh/**)",
"Read(**/.aws/credentials)",
"Read(**/.aws/config)",
"Read(**/.git-credentials)",
"Read(**/.netrc)",
"Read(**/.kube/config)",
"Read(**/.docker/config.json)",
"Read(**/.gnupg/**)"
]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment