Too scared to let Claude Code run on its own? Build an allow list and a deny list. You get the full speed of autopilot, with guardrails it can never cross. Here is exactly how, plus my copy-paste lists.
If you use Claude Code, you have probably hit this wall. You want it to just run, building, testing, fixing, without stopping to ask permission for every single step. But the only way most people know to do that is "bypass permissions" mode, where Claude can run any command, including ones that could delete files or break your project. So you either babysit every click, or you hold your breath and hope.
There is a smarter middle, and it is built right into Claude Code. You tell it ahead of time which commands are always safe, and which ones it is never allowed to touch. Do that once and you get the speed of autopilot with a wall it physically cannot cross. Let me show you exactly how it works, then give you my lists to copy.
Quick Note On What This Is
This is for Claude Code, the version of Claude that lives in your computer's terminal and can actually run commands, edit files, and build things, not the regular chat app. "Permissions" are just the rules for what it is allowed to do on your machine. If you are not in Claude Code yet, save this for when you are.
Claude Code lets you write three kinds of rules: allow, deny, and ask. Think of it like a bouncer with a list.
List One
The Allow List (Green Light)
Every command on your allow list runs instantly, with no pop-up asking you to approve it. This is where you put the stuff you do a hundred times a day and know is harmless, like running your app, checking your files, or saving your work with git. This is what kills the constant "can I do this?" pop-ups that make Claude feel slow.
List Two
The Deny List (Hard Wall)
Every command on your deny list is blocked, full stop. This is where you put the genuinely dangerous stuff, like deleting folders, force-pushing over your code, or anything with sudo. Claude cannot run these, and it cannot talk its way around them.
The Magic Part
Deny Always Wins
Here is the detail that makes this bulletproof: the deny list beats everything else. Even if you turn on full bypass permissions, a command on your deny list still gets blocked. There is no override, no "are you sure," no way for Claude to push past it. So you can let it run wide open on the safe stuff while the dangerous stuff stays locked behind a door that does not open.
There is also a third list, ask, for the in-between commands you want to approve case by case (like publishing something live). Anything you do not put on a list just behaves normally and asks before running.
Here is a complete, safe starting point you can copy straight into your settings. It allows the everyday commands so Claude stops nagging you, denies the truly destructive ones so it can never wreck your project, and asks before anything that goes live. Read the comments next to each line so you understand what you are turning on.
permissions block for .claude/settings.json
{
"permissions": {
"allow": [
"Read", // let it read any file in the project
"Edit", // let it edit files in the project
"Write", // let it create new files
"Bash(npm run:*)", // run any npm script (npm run dev, build, etc.)
"Bash(npm test:*)", // run your tests
"Bash(npm install)", // install dependencies
"Bash(npx:*)", // run npx tools
"Bash(node:*)", // run node scripts
"Bash(python:*)", // run python scripts
"Bash(python3:*)",
"Bash(pip install:*)",
"Bash(ls:*)", // list files
"Bash(cat:*)", // read a file in the terminal
"Bash(pwd)", // show current folder
"Bash(mkdir:*)", // make folders
"Bash(cp:*)", // copy files
"Bash(mv:*)", // move/rename files
"Bash(echo:*)",
"Bash(git status)", // safe, read-only git
"Bash(git diff:*)",
"Bash(git log:*)",
"Bash(git add:*)",
"Bash(git commit:*)", // saving work is safe; pushing is not (see ask)
"Bash(git pull)",
"Bash(git branch:*)",
"Bash(git checkout:*)",
"Bash(git stash:*)"
],
"deny": [
"Bash(rm -rf:*)", // never let it bulk-delete folders
"Bash(rm -f:*)",
"Bash(sudo:*)", // never run as system admin
"Bash(git push --force:*)", // never overwrite shared history
"Bash(git push -f:*)",
"Bash(git reset --hard:*)", // never throw away your work
"Bash(git clean:*)",
"Bash(chmod 777:*)", // never make files world-writable
"Bash(curl:*)", // no pulling scripts off the internet
"Bash(wget:*)",
"Bash(:(){ :|:& };:)", // classic system-crashing command
"Bash(mkfs:*)", // never format a disk
"Bash(dd:*)",
"Read(./.env)", // keep your secret keys private
"Read(./.env.*)",
"Read(./**/.env)",
"Read(./secrets/**)",
"Read(./**/id_rsa)" // keep your private keys private
],
"ask": [
"Bash(git push:*)", // ask before pushing code live
"Bash(npm publish:*)", // ask before publishing a package
"Bash(npm run deploy:*)", // ask before deploying
"Bash(vercel:*)",
"Bash(netlify deploy:*)",
"WebFetch" // ask before it goes out to the web
]
}
}
How To Read These Rules
Each rule is a tool name with the command in parentheses. The :* at the end means "and anything after this," so Bash(npm run:*) covers npm run dev, npm run build, and any other npm script. A bare name like Read or Edit allows that whole tool. You do not need to memorize the format, you can also add rules through a menu, which I will show you next.
A list does nothing sitting in this guide. Here are two ways to add it. Pick the one that matches how comfortable you are, then test it so you can see it actually working.
The Easy Way
Use The Menu
Inside Claude Code, type /permissions and hit enter. A menu opens where you can add allow and deny rules by hand, no file editing required. The fastest habit: every time Claude asks to run a command you know is safe, choose "always allow." Over a week, your allow list builds itself around the exact way you work.
The Paste Way
Drop It In Settings
In your project folder, open (or create) the file .claude/settings.json and paste the block above inside it. Save it, and the rules apply to this project for you and anyone else on it. Want the same rules in every project? Put it in ~/.claude/settings.json in your home folder instead. Tip: strip the little // comments before pasting if your editor complains, they are here to teach, not required.
Prove It Works
Test The Wall
Turn on bypass permissions, then ask Claude to do something harmless that is on your deny list, like "run rm -rf on a test folder." Watch it refuse, even in bypass mode. That is the whole point: now you can let it run free, knowing the wall holds. Once you have seen it block, you will actually trust the autopilot.
The Honest Part
This makes Claude Code dramatically safer, but no setup is a free pass to stop paying attention. Keep your important work in git so anything can be undone, start new projects in a folder that does not hold your whole life, and add to your deny list the moment you think of a command you would never want run. The lists do the heavy lifting. You just stay the adult in the room.
The Real Win
Speed and safety stop being a trade-off. You set the rules once, and from then on Claude flies through the busywork while the dangerous stuff stays locked away. That is how you actually get hours back without ever holding your breath.
The Only AI Masterclass You Need
If this guide helped, but you’re looking to go deeper, I got you!! My 30-Day Challenge takes you from saving AI tips you never use to actually building with AI, step-by-step.
I show you exactly how I automated two e-commerce brands, my social media, and most of my personal life, then hand you the agents, workflows & systems to do the same. I’m teaching you every single thing I know with one lesson and one build a day.
Join the AI Masterclass →© 2026 Mariah Brunner. All rights reserved.