Permission philosophy
Claude Code follows the principle of least privilege: by default it asks for confirmation for any action that is potentially irreversible or affects resources outside your project. You decide when to give it more autonomy.
Tools and their permissions
Claude Code has access to these tools, each with its default risk level:
Allowing and denying operations
Configure permissions in .claude/settings.json so you don't have to confirm frequent operations:
{
"permissions": {
"allow": [
"Bash(npm run:*)",
"Bash(git:*)",
"Bash(npx:*)",
"Read(**)",
"Edit(**)",
"Write(**)",
"WebFetch(domain:api.github.com)"
],
"deny": [
"Bash(rm -rf:*)",
"Bash(sudo:*)",
"WebFetch(domain:*.evil.com)"
]
}
}Permission syntax
Permissions use the format Tool(pattern:value):
- Bash(npm:*) — allows any npm command
- Bash(git commit:*) — allows git commit with any argument
- Read(**) — allows reading any file (** = any path)
- WebFetch(domain:api.example.com) — allows fetch only to that domain
- Edit(src/**) — allows editing only files under src/
Interactive permission management
Inside Claude Code, use the command:
/permissions
This opens an interactive panel where you can view, add, or revoke permissions for the current session.
Permissions during a session
When Claude Code requests to do something you haven't pre-authorized, it will show you a dialog like this:
Claude quiere ejecutar: git push origin main ¿Permitir? [s/N/siempre/nunca] _
- s — allow only this time.
- N — deny (Claude will look for another alternative).
- siempre — add to the permanent permissions list.
- nunca — add to the permanent deny list.
No-permissions mode (dangerous)
For controlled environments (CI, Docker, sandboxes), you can disable all confirmations:
claude --dangerously-skip-permissions "implementa los tests unitarios"
Security best practices
- Use git: working in a git repository lets you revert any change Claude made with git restore .
- Limit scope in production: on production servers, don't give Claude write permissions.
- Review diffs: Claude always shows a diff before editing. Read it before accepting.
- Domain-specific permissions: if you use WebFetch, specify exact domains instead of WebFetch(*).
- Environment variables: Claude cannot read your secrets unless they are in the environment or you pass them explicitly.
Team permission configuration
Add .claude/settings.json to your repository so the entire team uses the same base permission configuration:
# .gitignore — NO ignorar settings.json del equipo # (sí ignorar settings.local.json para configs personales) .claude/settings.local.json