Promote Permissions
Promote useful permissions from ephemeral settings.local.json files to versioned settings (user-level, project-level, or both).
Your Task
- •Detect current directory and check if it's a git repo with
.claude/settings.json - •Read ephemeral permissions from BOTH:
- •
~/.claude/settings.local.json(user-level ephemeral) - •
$CWD/.claude/settings.local.json(current project ephemeral, if exists)
- •
- •Read versioned permissions from:
- •
~/dev/claude/config/settings.json(user-level versioned, symlinked to ~/.claude/settings.json) - •
$CWD/.claude/settings.json(project-level versioned, if exists)
- •
- •Find new permissions that exist in local files but not in versioned
- •Present each permission with category and recommended destination (see below)
- •Use AskUserQuestion to let user select which permissions to promote AND where
- •Update the appropriate settings.json file(s) with approved permissions
- •Create commits and PRs for each repo with changes (see Commit Workflow below)
Promotion Destinations
For each permission, recommend where it should go:
User-Level (~/dev/claude/config/settings.json)
Permissions that are useful across ALL projects:
- •General git operations:
git status,git log,git stash,git diff,git add,git commit,git push - •GitHub CLI:
gh pr,gh issue,gh repo,gh api - •Safe read-only:
ls,tree,which,pwd - •General dev tools:
node --version,python --version,uv --version
Project-Level ($CWD/.claude/settings.json)
Permissions specific to THIS project:
- •Project-specific scripts:
npm run <script>,pnpm <command>, project Makefile targets - •Project build tools:
uv run pytest,uv run ruff,eas build(if specific to project) - •Project-specific paths: commands referencing project directories
- •MCP tools:
mcp__*permissions (usually project-configured) - •WebFetch for project APIs: domains specific to project services
Both (User + Project)
Sometimes a permission makes sense in both places:
- •Common tool patterns that you also want versioned with the project for team sharing
- •Example:
Bash(uv run pytest:*)- useful globally AND should be in project for teammates
Output Format
For each permission found, show:
Permission: Bash(uv run pytest:*) Source: ~/dev/samm/.claude/settings.local.json Category: Build tool (test runner) Recommendation: BOTH - useful globally + share with project team
Then use AskUserQuestion with options for each permission:
- •"User settings only"
- •"Project settings only"
- •"Both user and project"
- •"Skip (don't promote)"
Group permissions by recommended destination when presenting.
Files to Check
Always check:
- •
~/.claude/settings.local.json(user ephemeral) - •
$CWD/.claude/settings.local.json(current project ephemeral, if exists)
Versioned targets:
- •
~/dev/claude/config/settings.json(user-level versioned) - •
$CWD/.claude/settings.json(project-level versioned, if exists and is a git repo)
Known project directories (mention if CWD matches):
- •
~/dev/samm - •
~/dev/episto - •
~/dev/claude
Commit Workflow
IMPORTANT: Always create a PR for every repo with changes. Do not ask whether to create PRs.
For User-Level Changes (~/dev/claude)
- •Create branch
claude/promote-permissions-YYYY-MM-DD - •Stage and commit changes to
config/settings.json - •Push and create PR
For Project-Level Changes ($CWD)
- •Create branch
chore/promote-permissions-YYYY-MM-DD - •Stage and commit changes to
.claude/settings.json - •Push and create PR
If promoting to BOTH, create commits and PRs in both repos.
Commit Message Format
chore(claude): promote permissions from local settings Promoted to [user/project/both]: - Bash(command1:*) - Bash(command2:*) - WebFetch(domain:example.com)
PR Format
Branch: [claude|chore]/promote-permissions-YYYY-MM-DD
Title: chore(claude): promote permissions from local settings
Body: List the promoted permissions, their categories, and why they were promoted to this location