Development Mode Enhanced

Comprehensive permissions for active development allowing most tools while maintaining security boundaries.

When to Use This Setting

Apply this setting when you need to:

• Enable a productive development workflow with pre-approved access to common build tools, package managers, and runtimes
• Allow reading and editing source files across multiple languages without repetitive permission prompts
• Maintain security by blocking access to environment files, secrets, and destructive system commands Consider alternatives when:
• You are reviewing code from an untrusted source and want maximum restriction on Claude Code's capabilities
• Your development environment requires fine-grained per-tool permission control

Quick Start

Configuration

Copy
name: development-mode-enhanced
type: setting
category: permissions

Example Application

Copy
claude setting:apply development-mode-enhanced

Example Output

Setting applied. Changes:
- permissions.allow: [npm, yarn, node, git, docker, python, pip, Read/Edit/Write for js/ts/py/json]
- permissions.deny: [.env files, secrets directory, rm -rf, sudo]

Core Concepts

Development Permissions Overview

Aspect	Details
Build Tools	npm, yarn, node, python, pip, and docker are pre-approved for execution
File Access	Read, Edit, and Write permissions for JavaScript, TypeScript, Python, and JSON files
Security Boundary	Environment files, secrets, destructive rm -rf, and sudo are explicitly denied
Scope	Permissions apply to all files matching the glob patterns within the project tree

Permission Layer Architecture

+---------------------------+
|  DENY (highest priority)  |
+---------------------------+
|  .env* files              |
|  secrets/** directory     |
|  rm -rf commands          |
|  sudo commands            |
+---------------------------+
         |
         v
+---------------------------+
|  ALLOW                    |
+---------------------------+
|  Bash: npm, yarn, node,  |
|    git, docker, python,   |
|    pip                    |
|  Read: json, js, ts, py  |
|  Edit: js, ts, py, json  |
|  Write: js, ts, py       |
+---------------------------+
         |
         v
+---------------------------+
|  PROMPT (everything else) |
+---------------------------+

Configuration

Parameter	Type	Default	Description
permissions.allow	array	[]	List of tool and file patterns permitted without interactive prompts
permissions.deny	array	[]	List of tool and file patterns that are blocked entirely
Bash(npm:*)	string	N/A	Allow npm commands with any arguments for package management
Read(./.env*)	string	N/A	Deny reading environment variable files to protect credentials
Bash(rm -rf:*)	string	N/A	Deny recursive forced deletion to prevent accidental data loss

Best Practices

1. Use development mode only in trusted project directories - This setting grants broad access to build tools and file editing. Apply it only to projects where you trust the codebase and the commands Claude Code might generate.
2. Extend file type coverage as needed - The default configuration covers JavaScript, TypeScript, Python, and JSON. Add entries for other languages your project uses, such as Edit(/*.go) or Edit(/*.rs).
3. Keep the deny list strict - The deny list is your security safety net. Never remove .env or secrets protections even if it feels inconvenient. Create alternative patterns for accessing non-sensitive configuration.
4. Review docker command usage - Docker commands can have significant system impact. If your workflow does not require Docker, remove Bash(docker:*) from the allow list to reduce the attack surface.
5. Create language-specific variants - For teams working across multiple technology stacks, maintain separate development mode profiles for frontend, backend, and infrastructure work.

Common Issues

1. Cannot edit files with uncommon extensions - The allow list only covers .js, .ts, .py, and .json by default. Add Edit patterns for additional file types your project uses.
2. Docker commands blocked despite being in allow list - Docker often requires socket access. If Docker commands fail, check whether the Docker daemon is running and your user has permission to access the Docker socket.
3. Security rules feel too restrictive - If deny rules block operations you need, consider creating a temporary profile with relaxed rules rather than modifying the base development mode setting.