AS-201a · Module 3

Permission Hygiene

3 min read

Good news, everyone! We have one more fundamental to cover. And this one is about the permissions you give to the AI agent itself — not just the infrastructure it runs on.

Claude Code ships with a flag called --dangerously-skip-permissions. The name is not subtle. It disables ALL permission prompts — file edits, bash commands, destructive operations, everything. Some people run it by default because they find the permission prompts annoying. Boris Chenry, the creator of Claude Code, does NOT do this. Instead, he uses /permissions to pre-allow specific commands he knows are safe while keeping guardrails for everything else. The distinction matters enormously.

Do This

  • Use /permissions to allowlist specific safe commands (npm test, git status, your formatter)
  • Check your permissions into .claude/settings.json so the whole team benefits
  • Keep truly destructive commands (rm -rf, DROP TABLE, force push) behind prompts always
  • Use the Permissions tab for fine-grained tool-by-tool control

Avoid This

  • Run --dangerously-skip-permissions as your default mode
  • Assume Claude won't run a destructive command "because it's smart enough to know better"
  • Skip permission configuration because "it's just a side project" — bad habits transfer to production
  • Let each developer configure permissions independently — inconsistency creates security gaps

The creator of Claude Code shared that his team commits their permission rules to .claude/settings.json in the repo. Every team member gets the same safety profile. This is compound engineering applied to security — one person figures out the safe permission set, commits it, and every subsequent developer inherits those guardrails automatically. No manual configuration. No inconsistency. No "I forgot to set that up on my machine."

There are four permission modes in Claude Code, and understanding them is fundamental. 'Ask Before Edits' is the default — Claude asks before any file change. 'Edit Automatically' auto-accepts edits to existing files but still asks about new files. The 'Permissions Tab' gives you fine-grained control per tool — allow bash but block file deletion, allow web search but require approval for MCP calls. And 'Bypass Permissions' (--dangerously-skip-permissions) removes all guardrails. The right choice for most teams is the Permissions Tab — granular enough to eliminate friction for safe operations while maintaining guardrails for dangerous ones.