Hacker News new | ask | show | jobs
by tomaytotomato 10 hours ago
Not a criticism, but why would I use this instead of locking down my Claude using the allow/deny permissions list?

    "permissions": {
    "allow": [
      "Bash(npm run lint)",
      "Bash(npm run test *)",
      "Read(~/.zshrc)"
    ],
    "deny": [
      "Bash(curl *)",
      "Read(./.env)",
      "Read(./.env.*)",
      "Read(./secrets/**)"
    ]
  },
2 comments
softie123 8 hours ago
Idea is not to deny permissions to everything but just keep a log on what the agents are doing thats not in line with our permissions and also you have to know what they are bypassing so we can put them in deny list later. Very useful when you spawn many agents working in parallel. This is more of an observability tool.
link
tenuousemphasis 7 hours ago
Well at least you'll know why your data was exfiltrated or your systems compromised, even if you can't stop it...
link
softie123 4 hours ago
thats exactly what i went for. also I am keeping all the logs compressed so may be i can build something to build later
link
FishAngular12 10 hours ago
Where would one put this? In AGENTS.md?
link
abirch 10 hours ago
Your settings file: User settings are defined in ~/.claude/settings.json

or /permissions

https://code.claude.com/docs/en/permissions

link