Claude CodeIntermediate

How to Set Up a Permissions Allowlist in Claude Code

Pre-approve safe commands and block dangerous ones so the agent stops asking about routine actions but still pauses before risky ones.

9 minIntermediate

By default Claude Code asks permission before running shell commands or editing files. That is safe but noisy. A permissions allowlist lets you pre-approve harmless commands like the test runner while keeping a deny list for anything destructive. This guide configures both.

What you need

  • Claude Code installed in a project
  • A sense of which commands you run constantly (tests, lint, git status)
  • About 10 minutes

Step 1: See what you keep approving

Work for a session and notice which prompts repeat. Read-only commands like the ones below are safe to allow permanently.

Claude Code - permission prompt
Claude wants to run: npm test
(y) allow once (a) always allow (n) deny
Claude wants to run: git status
(y) allow once (a) always allow (n) deny
The same routine commands keep asking for approval.

Step 2: Add an allow list

In your project settings, add a permissions block. Each rule names a tool and an optional argument pattern. Below allows the common safe commands and all edits within the project.

.claude/settings.json
{
  "permissions": {
    "allow": [
      "Bash(npm test:*)",
      "Bash(npm run lint)",
      "Bash(git status)",
      "Bash(git diff:*)",
      "Edit",
      "Read"
    ]
  }
}

Step 3: Add a deny list for dangerous actions

A deny rule always wins over an allow rule. Block the commands you never want run unattended, even by accident.

.claude/settings.json
{
  "permissions": {
    "allow": [
      "Bash(npm test:*)",
      "Bash(git status)",
      "Edit"
    ],
    "deny": [
      "Bash(rm -rf:*)",
      "Bash(git push:*)",
      "Bash(curl:*)"
    ]
  }
}
Deny beats allow
If a command matches both lists, it is denied. Keep destructive patterns like rm -rf and force pushes on the deny list so no allow rule can ever override them.

Step 4: Confirm the rules work

Start a session and trigger an allowed command and a denied one. The allowed command should run silently; the denied one should be refused.

Claude Code - rules applied
> run the tests
Running npm test ... (auto-approved)
> push to origin
Blocked: git push is on the deny list. I won't run it.
Allowed runs silently; denied is refused outright.
Allow read-only, gate write
A good default is to allow read-only and test commands freely but keep anything that writes to a remote, deletes files, or hits the network behind a prompt.

Result: routine work flows without interruption while the riskiest commands stay blocked, giving you speed without giving up the safety rail.

Watch related tutorials

Claude Code - Full Tutorial for Beginners1:42:18
Claude Code - Full Tutorial for Beginners
freeCodeCamp.org
Full Claude Code Tutorial for Non-Technical Beginners in 2026 (step-by-step)28:14
Full Claude Code Tutorial for Non-Technical Beginners in 2026 (step-by-step)
AI LABS
FULL Claude Code Tutorial for Beginners in 2026! (Step-By-Step)41:09
FULL Claude Code Tutorial for Beginners in 2026! (Step-By-Step)
Tech With Tim
Claude Code Tutorial #1 - Introduction & Setup9:47
Claude Code Tutorial #1 - Introduction & Setup
Net Ninja
800+ hours of Learning Claude Code in 8 minutes (2026 tutorial / unknown tricks)8:23
800+ hours of Learning Claude Code in 8 minutes (2026 tutorial / unknown tricks)
AI Jason
FULL Claude Tutorial For Beginners in 2026! (FULL COURSE)52:31
FULL Claude Tutorial For Beginners in 2026! (FULL COURSE)
Skill Leap AI
Tags
#permissions#settings#security#allowlist#config
All how-to guides