Configured Allow Profile

Comprehensive permission allow-list defining exactly which tools and operations Claude Code can perform.

When to Use This Setting

Apply this setting when you need to:

• Establish a detailed whitelist of permitted operations for a controlled development environment
• Onboard new team members with a pre-configured set of safe operations that match your workflow
• Create a reusable permission profile that can be applied consistently across multiple projects Consider alternatives when:
• You want maximum flexibility and prefer to approve operations on a case-by-case basis
• Your project has unique permission requirements that do not fit a standardized profile

Quick Start

Configuration

Copy
name: configured-allow-profile
type: setting
category: permissions

Example Application

Copy
claude setting:apply configured-allow-profile

Example Output

Setting applied. Changes:
- permissions.allow: [Bash(npm:*), Bash(git:*), Bash(node:*), Read(**/*), Edit(**/*.ts), Edit(**/*.js)]
- Operations matching patterns execute without prompts

Core Concepts

Allow Profile Strategy Overview

Aspect	Details
Tool Patterns	Permissions are defined per tool type: Bash, Read, Edit, Write, Glob, Grep
Wildcard Matching	The :* suffix matches any arguments, ** matches any directory depth
File Globs	Read and Edit permissions support file extension filtering like **/*.ts
Layering	Allow profiles stack with deny rules, where deny takes precedence over allow

Permission Evaluation Architecture

+---------------------------+
|  Operation Request        |
+---------------------------+
         |
         v
+---------------------------+
|  1. Check Deny List       |
|  (highest priority)       |
+---------------------------+
         |
    denied / not denied
         |         |
         v         v
      BLOCK    +---------------------------+
               |  2. Check Allow List      |
               +---------------------------+
                    |
               allowed / not found
                    |         |
                    v         v
                Execute    Prompt
                directly   user

Configuration

Parameter	Type	Default	Description
permissions.allow	array	[]	List of tool and command patterns permitted without interactive confirmation
Bash(npm:*)	string	N/A	Allow all npm commands including install, run, and test
Bash(git:*)	string	N/A	Allow all git commands with any arguments
Read(**/*)	string	N/A	Allow reading any file in any subdirectory
Edit(**/*.ts)	string	N/A	Allow editing TypeScript files in any subdirectory
Edit(**/*.js)	string	N/A	Allow editing JavaScript files in any subdirectory

Best Practices

1. Build profiles for each role - Create separate allow profiles for frontend developers, backend developers, and DevOps engineers. Each role needs different tool access patterns.
2. Use file extension restrictions - Rather than allowing Edit(**/) for all files, restrict edits to specific extensions like **/.ts and **/*.js. This prevents accidental modification of configuration or binary files.
3. Always pair with a deny list - An allow list without a deny list still permits everything not listed through the interactive prompt. Add explicit deny rules for operations that should never be auto-approved.
4. Version control your profiles - Store permission profiles in your repository so they are versioned, reviewed, and consistent across the team.
5. Start restrictive and expand - Begin with a minimal allow list covering only the most frequent operations. Track which operations trigger prompts most often and selectively add them.

Common Issues

1. Allow rule not matching expected commands - Verify the exact syntax of your allow patterns. Bash(npm:*) matches npm with arguments, but not npx. Add separate entries for each command prefix.
2. Deny rule overriding allow - If an operation is in both the allow and deny lists, deny takes precedence. Review both lists for conflicting entries.
3. Profile too permissive for shared environments - A generous allow list is fine for trusted solo development but may be too permissive for shared or production-adjacent environments. Create separate profiles for each context.