AgentSkillsCN

permission

通过预先允许安全命令来管理Claude Code权限,减少权限提示。

SKILL.md
--- frontmatter
name: permission
description: Manages Claude Code permissions by pre-allowing safe commands to reduce permission prompts.
argument-hint: "[show|suggest|add]"

Permission Management

จัดการ permissions สำหรับ Claude Code ตามแนวทางของ Boris Cherny - pre-allow commands ที่ปลอดภัยแทนการใช้ --dangerously-skip-permissions

Usage

code
/permission              # แสดง permissions ปัจจุบัน + แนะนำ
/permission show         # แสดง permissions ทั้งหมด
/permission suggest      # แนะนำ permissions ตาม project type
/permission add [type]   # เพิ่ม permissions ตาม preset

Instructions

Step 1: Detect Project Type

bash
echo "=== Project Detection ==="

# Check for package managers and build tools
[ -f "package.json" ] && echo "Node.js project detected"
[ -f "bun.lockb" ] && echo "Bun detected"
[ -f "pnpm-lock.yaml" ] && echo "pnpm detected"
[ -f "yarn.lock" ] && echo "Yarn detected"
[ -f "go.mod" ] && echo "Go project detected"
[ -f "Cargo.toml" ] && echo "Rust project detected"
[ -f "requirements.txt" ] || [ -f "pyproject.toml" ] && echo "Python project detected"
[ -f "Makefile" ] && echo "Makefile detected"
[ -f "docker-compose.yml" ] || [ -f "docker-compose.yaml" ] && echo "Docker Compose detected"
[ -f "Dockerfile" ] && echo "Dockerfile detected"

echo ""
echo "=== Current Settings ==="
cat .claude/settings.local.json 2>/dev/null || echo "No local settings found"

Step 2: Show Current Permissions

แสดง permissions ที่มีอยู่:

bash
echo "=== Global Settings ==="
cat ~/.claude/settings.json 2>/dev/null | jq '.permissions' || echo "No global settings"

echo ""
echo "=== Local Settings ==="
cat .claude/settings.local.json 2>/dev/null | jq '.permissions' || echo "No local settings"

Step 3: Suggest Permissions Based on Project

แนะนำ permissions ตาม project type:

Node.js / Bun / pnpm / Yarn

json
{
  "permissions": {
    "allow": [
      "Bash(npm run build:*)",
      "Bash(npm run test:*)",
      "Bash(npm run lint:*)",
      "Bash(npm test:*)",
      "Bash(npm install:*)",
      "Bash(npx:*)",
      "Bash(bun run build:*)",
      "Bash(bun run test:*)",
      "Bash(bun run lint:file:*)",
      "Bash(bun run typecheck:*)",
      "Bash(bun test:*)",
      "Bash(bun install:*)",
      "Bash(bunx:*)",
      "Bash(pnpm run:*)",
      "Bash(pnpm test:*)",
      "Bash(pnpm install:*)",
      "Bash(yarn run:*)",
      "Bash(yarn test:*)",
      "Bash(yarn install:*)"
    ]
  }
}

Go

json
{
  "permissions": {
    "allow": [
      "Bash(go build:*)",
      "Bash(go test:*)",
      "Bash(go run:*)",
      "Bash(go mod:*)",
      "Bash(go fmt:*)",
      "Bash(go vet:*)",
      "Bash(golangci-lint:*)",
      "Bash(go generate:*)"
    ]
  }
}

Python

json
{
  "permissions": {
    "allow": [
      "Bash(python:*)",
      "Bash(python3:*)",
      "Bash(pip install:*)",
      "Bash(pip3 install:*)",
      "Bash(pytest:*)",
      "Bash(poetry run:*)",
      "Bash(poetry install:*)",
      "Bash(uv run:*)",
      "Bash(uv pip:*)",
      "Bash(ruff:*)",
      "Bash(black:*)",
      "Bash(mypy:*)"
    ]
  }
}

Rust

json
{
  "permissions": {
    "allow": [
      "Bash(cargo build:*)",
      "Bash(cargo test:*)",
      "Bash(cargo run:*)",
      "Bash(cargo fmt:*)",
      "Bash(cargo clippy:*)",
      "Bash(cargo check:*)"
    ]
  }
}

Make / Build Tools

json
{
  "permissions": {
    "allow": [
      "Bash(make:*)",
      "Bash(make test:*)",
      "Bash(make build:*)",
      "Bash(make lint:*)",
      "Bash(make clean:*)"
    ]
  }
}

Docker

json
{
  "permissions": {
    "allow": [
      "Bash(docker build:*)",
      "Bash(docker run:*)",
      "Bash(docker compose up:*)",
      "Bash(docker compose down:*)",
      "Bash(docker compose build:*)",
      "Bash(docker ps:*)",
      "Bash(docker logs:*)"
    ]
  }
}

Git (Safe Operations)

json
{
  "permissions": {
    "allow": [
      "Bash(git status:*)",
      "Bash(git diff:*)",
      "Bash(git log:*)",
      "Bash(git branch:*)",
      "Bash(git checkout:*)",
      "Bash(git switch:*)",
      "Bash(git add:*)",
      "Bash(git commit:*)",
      "Bash(git push)",
      "Bash(git pull:*)",
      "Bash(git fetch:*)",
      "Bash(git stash:*)",
      "Bash(git rebase:*)",
      "Bash(git merge:*)"
    ]
  }
}

GitHub CLI

json
{
  "permissions": {
    "allow": [
      "Bash(gh issue:*)",
      "Bash(gh pr:*)",
      "Bash(gh repo:*)",
      "Bash(gh api:*)",
      "Bash(gh run:*)"
    ]
  }
}

Common Safe Commands

json
{
  "permissions": {
    "allow": [
      "Bash(ls:*)",
      "Bash(cat:*)",
      "Bash(head:*)",
      "Bash(tail:*)",
      "Bash(wc:*)",
      "Bash(grep:*)",
      "Bash(find:*)",
      "Bash(which:*)",
      "Bash(echo:*)",
      "Bash(date:*)",
      "Bash(pwd:*)",
      "Bash(tree:*)",
      "Bash(jq:*)",
      "Bash(curl:*)"
    ]
  }
}

Step 4: Create/Update Settings File

ถามผู้ใช้ว่าต้องการเพิ่ม permissions อะไรบ้าง:

markdown
## Permission Presets

เลือก preset ที่ต้องการ (สามารถเลือกหลายอัน):

1. **node** - npm, bun, pnpm, yarn
2. **go** - go build, test, mod
3. **python** - pip, pytest, poetry, uv
4. **rust** - cargo commands
5. **make** - make commands
6. **docker** - docker, docker-compose
7. **git** - safe git operations
8. **gh** - GitHub CLI
9. **common** - ls, cat, grep, find, etc.

เลือก: (เช่น "node,git,gh,common")

Step 5: Generate Settings File

สร้างหรือ update .claude/settings.local.json:

bash
mkdir -p .claude

ตัวอย่าง output สำหรับ Node.js + Git + GH + Common:

json
{
  "permissions": {
    "allow": [
      "Bash(npm run build:*)",
      "Bash(npm run test:*)",
      "Bash(npm run lint:*)",
      "Bash(npm test:*)",
      "Bash(bun run build:*)",
      "Bash(bun run test:*)",
      "Bash(bun test:*)",
      "Bash(git status:*)",
      "Bash(git diff:*)",
      "Bash(git log:*)",
      "Bash(git add:*)",
      "Bash(git commit:*)",
      "Bash(git push)",
      "Bash(gh issue:*)",
      "Bash(gh pr:*)",
      "Bash(ls:*)",
      "Bash(cat:*)",
      "Bash(grep:*)",
      "Bash(find:*)",
      "Bash(jq:*)"
    ]
  }
}

Step 6: Verify & Commit

bash
echo "=== New Settings ==="
cat .claude/settings.local.json | jq .

echo ""
echo "=== Git Status ==="
git status .claude/settings.local.json

แนะนำให้ commit settings:

bash
git add .claude/settings.local.json
git commit -m "chore: add Claude Code permission presets"

Dangerous Commands (Always Deny)

ควรใส่ใน ~/.claude/settings.json (global):

json
{
  "permissions": {
    "deny": [
      "Bash(git push -f:*)",
      "Bash(git push --force:*)",
      "Bash(git push --force-with-lease:*)",
      "Bash(git reset --hard:*)",
      "Bash(git clean -f:*)",
      "Bash(rm -rf:*)",
      "Bash(rm -f:*)",
      "Bash(mv -f:*)",
      "Bash(cp -f:*)",
      "Bash(chmod 777:*)",
      "Bash(sudo:*)"
    ]
  }
}

Best Practices

PracticeReason
ใช้ settings.local.json สำหรับ project-specificShare กับ team ได้
ใช้ ~/.claude/settings.json สำหรับ global denyป้องกัน dangerous commands
ใช้ wildcard :* สำหรับ argumentsยืดหยุ่นกว่า
Review permissions เป็นระยะลบ permissions ที่ไม่ใช้

Permission Syntax

code
Bash(command:arguments)
Bash(command:*)          # Allow any arguments
Bash(command)            # Exact match, no arguments
Skill(skill-name)        # Allow skill

Examples

json
{
  "permissions": {
    "allow": [
      "Bash(npm run test:*)",
      "Bash(git push)",
      "Bash(make:*)",
      "Skill(tdg:atomic-commit)"
    ],
    "deny": [
      "Bash(rm -rf:*)"
    ]
  }
}

Related Commands

CommandPurpose
/permissionsBuilt-in Claude Code command (UI)
/permissionThis helper command

Reference