Permissions and Safety

Why Permissions Matter

AI agents can execute code, modify files, and run shell commands. Without guardrails, a prompt injection or mistake could delete files, leak secrets, or run malicious code. Permissions ensure you stay in control.

Claude Code's Built-in Permissions

Claude Code uses settings files to define what the agent can do:

.claude/settings.json - Project settings (shared with team)
.claude/settings.local.json - Personal project settings (gitignored)
~/.claude/settings.json - Global user settings

Each file can specify:

allow - Patterns that auto-approve
deny - Patterns that always block
additionalDirectories - Folders outside the project the agent can access

Nimbalyst supports this.

What Nimbalyst Adds

In addition, Nimbalyst adds a workspace trust layer on top of the coding agent's permissions:

Trust Gate - Projects must be explicitly trusted before the agent can do anything
Permission Modes - Choose how much autonomy to grant the agent
Inline Confirmations - Approve or deny actions as they happen

Permission Modes

Mode

Behavior

Ask (Recommended)

Agent requests permission for each action. You can approve once, for the session, or permanently.

Allow All

File operations (Read, Write, Edit) auto-approve. Bash commands still require approval based on your settings.

Bypass All

Everything auto-approves. Use only in trusted, sandboxed environments.

Allowing All Web Searches while in Allow All Edits mode

To allow your coding agent to search and fetch all websites, in the advanced settings, add . on the URL allow list. You can also use wildcard domain patterns like *.github.com to allow all subdomains of a specific site, or use the "Allow All Domains" button for quick access to permit all web fetches.

How Approval Works in Ask Mode

When the agent wants to perform an action in Ask mode:

An inline confirmation appears with the action details
You choose:

Deny - Block this request
Allow Once - Allow just this time
Session - Allow this pattern for the rest of the session
Always - Save the pattern to .claude/settings.local.json

Managing Permissions

Open Settings > Agent Permissions to:

Change your permission mode
View and remove approved patterns
Add additional directories
Reset to defaults

Pattern Examples

Bash(git:*) - Allow git commands
Bash(npm:*) - Allow npm commands
Edit - Allow file edits
WebFetch(domain:github.com) - Allow fetching from github.com

Security Notes

Sensitive paths (~/.ssh, ~/.aws, etc.) are always blocked
Compound bash commands get one-time patterns that don't persist
Untrusted projects deny all agent actions until you set a permission mode

PreviousOpen Data, Workflow, File Storage NextPrivacy

Last updated 4 days ago

hashtagWhy Permissions Matter

hashtagClaude Code's Built-in Permissions

hashtagWhat Nimbalyst Adds

hashtagPermission Modes

hashtagAllowing All Web Searches while in Allow All Edits mode

hashtagHow Approval Works in Ask Mode

hashtagManaging Permissions

hashtagPattern Examples

hashtagSecurity Notes