Skip to content

No deny lists in Claude Code permissions

forge/.claude/settings.json runs defaultMode: bypassPermissions with an allow list only. Do not add a deny block. Even patterns that look obviously safe to deny (rm -rf /, git push --force, shutdown, pct destroy, etc.) are off the table.

Why: Justin tried it once on 2026-05-01 (Nate Herk's "32 Tricks" hack #5, see memory/handoffs/claude-md-and-mcp-audit-2026-05-01.md) and immediately reverted. He doesn't like limiting permissions, period. He'd rather trust Claude + the doctrine + manual review than maintain a blocklist that could surprise a bot, /spawn worker, or interactive session.

How to apply: - Don't propose deny patterns when reviewing settings, security audits, or permission-related work. - If a destructive action is genuinely risky, ask before running it (per Claude Code's standing "actions with care" rules); don't try to engineer it out of the harness. - The other hacks from the same video (worktrees, sub-agents + Haiku, CLAUDE.md routing, MCP-vs-direct-API audit) remain applied as forge patterns. Only hack #5 is explicitly rejected.