Why Permissions Matter
Agents with unrestricted access can:- Execute dangerous commands
- Modify critical files
- Access sensitive data
- Make irreversible changes
Permission Models
Allowlist (Recommended)
Only explicitly permitted actions are allowed:Denylist
Everything allowed except explicitly denied:Hybrid
Combine both for fine-grained control:Configuration by Tool
- Claude Code
- Cursor
- OpenCode
File:
.claude/settings.jsonPermission Categories
File Operations
Shell Commands
Network Access
MCP Tools
Permission Patterns
Read-Only Agent
Safe for exploration and analysis:Development Agent
Standard development workflow:CI/CD Agent
Deployment with safeguards:Confirmation Prompts
Require human approval for sensitive actions:Audit Logging
Track all permission-related events:Best Practices
- Start with minimal permissions, expand as needed
- Use allowlists over denylists
- Scope file access to project directories
- Never allow
sudoorrm -rf - Require confirmation for destructive actions
- Enable audit logging in production
- Review permissions when adding new agents
Related
Security
Comprehensive security practices
Hooks
Add permission checks via hooks