← Back to videos

Safer Alternative to Bypass Permissions: Allow + Deny Lists in Claude Code

@itsmariahbrunnerCapturedClaude Code / Skills
See more in Claude Code / Skills β†’

Exact instruction

  1. Instead of enabling bypass permissions entirely:
  2. Go into Claude Code permissions settings.
  3. Build an allow list: add every command you know is safe (e.g. npm run, git status, reading files). Claude will run these instantly without asking.
  4. Build a deny list: add anything potentially destructive (e.g. rm -rf, git push --force, sudo). Claude will block these explicitly and cannot be overridden.
  5. This gives bypass-level speed for safe commands while keeping hard guardrails on dangerous ones.

Suggested prompt

Set up an allow list and deny list in this project's Claude Code permissions. Allow list: npm run, git status, git log, git diff, reading files. Deny list: rm -rf, git push --force, sudo, DROP TABLE. Show me the settings.json changes.

Adopt?

Yes: This allow/deny list pattern is directly applicable to this project right now β€” we run in bypass mode but should have explicit deny rules for rm -rf and git push --force. General Claude Code update.

Find the resource

Creator @itsmariahbrunner shares her exact allow + deny list when you comment "safety". This can also be configured via Claude Code /permissions or in settings.json under the allowedTools and blockedTools fields.

show original caption

comment "safety" and I'll send you my exact allow + deny list :) scared to turn on bypass permissions? build two lists instead: an allow list for safe stuff (npm run, git status, reading files) so it just runs a deny list for the scary stuff (rm -rf, git push β€”force, sudo) it can never cross #claude #claudeai #aitips #claudecode #aiworkflow