Skip to main content

Permissions & Staying Safe with Claude Code

Claude3 min read
A shield with a checkmark and allow, ask, deny labels

The single biggest worry beginners have is reasonable: *"It can run commands on my machine — what stops it from doing something destructive?"* The answer is a permission system you control. By default Claude Code asks before risky actions, and you can tune that from "ask me about everything" to "let it run" depending on how much you trust the task.

How permissions work by default#

Out of the box, Claude Code distinguishes between low-risk and higher-risk actions. Reading files and searching are generally allowed freely. Editing files, running shell commands, and other actions with consequences trigger a prompt: Claude shows you what it wants to do, and you approve or deny.

When prompted, you typically get options like: allow once, allow for the rest of the session, or deny. Allowing for the session is how you avoid being asked the same thing repeatedly once you trust it.

Permission modes#

You can shift the overall posture with permission modes. The ones you will use:

  • Default — asks before edits and commands. The safe starting point.
  • Plan mode — Claude can only read and explore; it cannot edit files. It produces a plan and waits for your go-ahead. Perfect for "tell me what you would do" before committing.
  • Accept edits — auto-approves file edits so Claude can move quickly, while still gating the riskier stuff. Good once you trust a task.
  • Bypass / "yolo" style — approves everything. Powerful and fast, but only appropriate in a sandbox or throwaway environment where mistakes cannot hurt you.

You can cycle modes mid-session with `Shift+Tab`, or start in a specific mode from the command line. Plan mode in particular is worth making a habit for anything non-trivial.

Allow and deny rules#

Beyond modes, you can write precise rules so common safe commands never prompt and dangerous ones are always blocked. These live in your settings (.claude/settings.json for a project, ~/.claude/settings.json for you globally) under a permissions key, with allow and deny lists.

.claude/settings.json
{
  "permissions": {
    "allow": [
      "Bash(npm run test:*)",
      "Bash(git status)",
      "Bash(git diff:*)"
    ],
    "deny": [
      "Bash(rm -rf:*)",
      "Bash(git push:*)"
    ]
  }
}

With rules like these, Claude can run your tests and inspect Git without nagging you, while destructive deletes and pushes are blocked outright. You can manage these interactively too — the /permissions command opens the rule editor.

Protected paths#

Some files should never be touched or read by an automated agent — secrets, key files, credentials. Claude Code treats sensitive files (like .env files and private keys) carefully, and you can mark additional protected paths so even an allowed tool will not modify them. Keep your secrets in the usual ignored files and out of the repo, and you have a strong second line of defense.

The safety habits that matter most#

  1. Commit before big changes — your Git checkpoint is the ultimate undo.
  2. Use plan mode for anything unfamiliar — see the plan before any edits happen.
  3. Review diffs — read what changed with git diff before you commit Claude’s work.
  4. Keep destructive commands on the deny listrm -rf, force pushes, prod deploys.
  5. Bypass mode only in sandboxes — never on a machine or repo you cannot afford to break.

What’s next#

You now know how to keep Claude Code on a safe leash. Next we make it genuinely *useful* on your specific project by teaching it your conventions — the first of two posts on memory and `CLAUDE.md`.

Share: