Claude Permissions Update
Use this skill to consolidate auto-approved permissions from all your community-patterns workspaces.
Overview
When you work across multiple community-patterns directories (e.g.,
community-patterns, community-patterns-2, etc.), you accumulate different
auto-approved permissions in each directory's .claude/settings.local.json.
This skill helps you:
- •Find all community-patterns directories
- •Gather all auto-approved permissions
- •Compare with the project-level
.claude/settings.json - •Filter out junk and path-specific permissions automatically
- •Show new permissions for your review by category
- •Let you select which to add to the shared settings
Important: Local Settings Contain Junk
WARNING: The settings.local.json files often contain accidentally
auto-approved garbage:
- •Commit message fragments
- •Shell script fragments like
Bash(do),Bash(fi),Bash(then ...) - •Markdown content from heredocs
- •Path-specific permissions like
Bash(../community-patterns-2/patterns/...)
The filtering step below is CRITICAL to avoid polluting project settings.
Step 1: Scan and Gather Permissions
# Find all community-patterns directories echo "=== Scanning community-patterns directories ===" for dir in /Users/alex/Code/community-patterns*; do echo "Found: $dir" done
Step 2: Extract and Filter New Permissions
# Get all local permissions (deduplicated) ALL_LOCAL=$(for dir in /Users/alex/Code/community-patterns*; do jq -r '.permissions.allow[]?' "$dir/.claude/settings.local.json" 2>/dev/null done | sort -u) # Get project permissions PROJECT_PERMS=$(jq -r '.permissions.allow[]?' .claude/settings.json 2>/dev/null | sort -u) # Find new permissions - FILTER for valid patterns only NEW_PERMS=$(comm -23 <(echo "$ALL_LOCAL") <(echo "$PROJECT_PERMS") | \ grep -E '^(Bash\(|Skill\(|Read\(|WebFetch\(|mcp__|SlashCommand)')
Step 3: Categorize for Review
Present permissions in categories to help the user decide:
General Commands (with wildcards - usually worth syncing)
echo "=== General Bash commands (worth syncing) ===" echo "$NEW_PERMS" | grep -E ':\*\)$' | grep -v '../community-patterns'
These have wildcards and are NOT path-specific. Good candidates to sync.
WebFetch Domains
echo "=== WebFetch domains ===" echo "$NEW_PERMS" | grep '^WebFetch'
Skills and MCP Tools
echo "=== Skills ===" echo "$NEW_PERMS" | grep '^Skill' echo "=== MCP tools ===" echo "$NEW_PERMS" | grep '^mcp__'
Path-Specific (SKIP these)
echo "=== Path-specific permissions (SKIP) ===" echo "$NEW_PERMS" | grep '../community-patterns'
These are specific to a particular checkout and should NOT be synced.
Step 4: Review with User
Use AskUserQuestion to walk through each category:
- •Present general Bash commands one by one or in small groups
- •Present WebFetch domains (often safe to add all)
- •Present Skills and MCP tools
- •SKIP path-specific permissions automatically
Ask about each permission individually or in logical groups.
Step 5: Update Project Settings
After user approval, edit .claude/settings.json to add the approved
permissions to the permissions.allow array.
Use the Edit tool to add each permission as a new line in the array.
Workflow Summary
- •Scan all community-patterns-* directories
- •Extract permissions from each
.claude/settings.local.json - •Filter - remove junk (non-permission strings) and validate format
- •Compare with
.claude/settings.jsonto find new ones - •Categorize - separate general vs path-specific
- •Present to user by category (skip path-specific automatically)
- •Update project settings with approved permissions
- •Verify JSON is valid with
jq . .claude/settings.json > /dev/null
What to Sync vs Skip
SYNC These (General Permissions)
- •
Bash(command:*)- wildcarded commands - •
Bash(git subcmd:*)- git subcommands - •
Bash(deno task:*),Bash(timeout N command:*)- tool commands - •
WebFetch(domain:example.com)- domain-specific fetch - •
Skill(skill-name)- skill invocations - •
mcp__server__tool- MCP tool permissions - •
Read(//path/**)- read patterns with wildcards
SKIP These (Junk/Path-Specific)
- •
Bash(../community-patterns-N/...)- relative paths to specific checkouts - •
Bash(do),Bash(fi),Bash(then ...)- shell fragments - •Anything that looks like a commit message or markdown
- •Anything without parentheses or proper permission format
Notes
- •This skill does NOT modify the local settings files
- •It only adds permissions to the shared project settings
- •User must approve all additions
- •After adding to project settings, the permissions will be available across all community-patterns workspaces
- •Always verify JSON validity after editing