moai-cc-permission-mode
Claude Code permission configuration and policy management strategies for enterprise security. Covers permission modes, tool access control, whitelist/blacklist patterns, and enterprise deployment best practices.
Best use case
moai-cc-permission-mode is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Claude Code permission configuration and policy management strategies for enterprise security. Covers permission modes, tool access control, whitelist/blacklist patterns, and enterprise deployment best practices.
Teams using moai-cc-permission-mode should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/moai-cc-permission-mode/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How moai-cc-permission-mode Compares
| Feature / Agent | moai-cc-permission-mode | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Claude Code permission configuration and policy management strategies for enterprise security. Covers permission modes, tool access control, whitelist/blacklist patterns, and enterprise deployment best practices.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Claude Code Permission Modes
## Overview
Claude Code permission management provides fine-grained control over tool access, command execution, and system operations through comprehensive permission policies. Enables secure, controlled automation in enterprise environments.
## Permission Architecture
### Two-Layer Permission System
```
Layer 1: allowedTools (Whitelist)
├─ Read patterns: Read(**/*.{js,ts})
├─ Edit patterns: Edit(src/**)
└─ Bash patterns: Bash(git:*), Bash(npm:*)
Layer 2: deniedTools (Blacklist Override)
├─ Secrets files: .env*, .aws/**, .vercel/**
├─ Destructive: rm -rf:*, sudo:*
└─ Dangerous: chmod 777:*
```
## Permission Modes
### Whitelist Approach (Recommended)
Define explicitly allowed tool patterns:
```json
{
"permissions": {
"allowedTools": [
"Read(**/*.{js,ts,json,md})",
"Edit(**/*.{js,ts})",
"Bash(git:*)",
"Bash(npm:*)",
"Bash(uv:*)",
"Bash(pytest:*)",
"Bash(mypy:*)"
]
}
}
```
**Benefits**:
- Secure by default (deny unless explicitly allowed)
- Clear audit trail
- Easy to review
- Enterprise-ready
### Blacklist Approach (Not Recommended)
Explicitly block dangerous operations:
```json
{
"permissions": {
"deniedTools": [
"Edit(/config/secrets.json)",
"Edit(.env*)",
"Edit(.aws/**)",
"Bash(rm -rf:*)",
"Bash(sudo:*)",
"Bash(chmod 777:*)"
]
}
}
```
**Issues**:
- Requires knowing all dangerous patterns
- New vulnerabilities not covered
- Hard to maintain
- Not enterprise-recommended
## Tool Pattern Syntax
### Read Operations
```
Read(glob_pattern)
Examples:
- Read(**/*.{js,ts}) # All JS/TS files recursively
- Read(.claude/**) # All Claude files
- Read(docs/api/**/*.md) # API documentation
- Read(config/production.json) # Specific file
```
### Edit Operations
```
Edit(glob_pattern)
Examples:
- Edit(src/**/*.py) # Source code only
- Edit(src/services/*.ts) # Specific directory
```
**Never Edit**:
- `.env*` files
- `.aws/` credentials
- `.vercel/` project config
- `secrets.json`, `credentials.json`
### Bash Commands
```
Bash(command:*)
Examples:
- Bash(git:*) # All git operations
- Bash(npm:*) # NPM package management
- Bash(uv:*) # UV (Python) operations
- Bash(pytest:*) # Testing
- Bash(mypy:*) # Type checking
- Bash(ruff:*) # Python linting
Dangerous (Block):
- Bash(rm -rf:*) # Recursive delete
- Bash(sudo:*) # Superuser access
- Bash(chmod 777:*) # Permission changes
- Bash(find.*-delete:*) # File deletion
```
## Security Patterns
### Production-Grade Configuration
```json
{
"permissions": {
"allowedTools": [
"Read(**)",
"Edit(src/**)",
"Edit(tests/**)",
"Bash(git:*)",
"Bash(uv:*)",
"Bash(pytest:*)",
"Bash(mypy:*)",
"Bash(ruff:*)"
],
"deniedTools": [
"Edit(.*)",
"Edit(.env*)",
"Edit(.aws/**)",
"Edit(.vercel/**)",
"Bash(rm:*)",
"Bash(sudo:*)",
"Bash(chmod:*)"
]
},
"sandbox": {
"allowUnsandboxedCommands": false
}
}
```
### Sensitive Data Protection
Critical patterns to block:
```json
{
"deniedTools": [
"Edit(.env*)",
"Edit(.env.local)",
"Edit(.env.production)",
"Edit(.aws/**)",
"Edit(.aws/credentials)",
"Edit(.aws/config)",
"Edit(.vercel/**)",
"Edit(config/**/secrets.json)",
"Edit(**/*credentials*.json)",
"Edit(**/*password*.json)",
"Edit(**/*token*.json)"
]
}
```
## Permission Validation
Always validate permission configurations:
```bash
# Check current settings
cat .claude/settings.json | jq '.permissions'
# Verify allowedTools patterns
cat .claude/settings.json | jq '.permissions.allowedTools[]'
# Verify deniedTools patterns
cat .claude/settings.json | jq '.permissions.deniedTools[]'
# Test specific operation
# Try Read(test_file.md) → allowed?
# Try Edit(.env) → denied?
# Try Bash(git status) → allowed?
```
## Best Practices
### Security-First Approach
- ✅ Use whitelist (allowedTools) instead of blacklist
- ✅ Protect secrets files (.env*, .aws/, .vercel/)
- ✅ Block destructive commands (rm -rf, sudo, chmod)
- ✅ Enable sandbox mode
- ✅ Regularly review permissions
- ✅ Audit permission violations
- ✅ Document permission decisions
### Team Collaboration
- ✅ Document permission changes in commit
- ✅ Explain security rationale
- ✅ Test with different roles
- ✅ Keep audit log of changes
## Common Patterns by Use Case
### Development Environment
```json
{
"allowedTools": [
"Read(**)",
"Edit(src/**)",
"Edit(tests/**)",
"Edit(.claude/**)",
"Bash(git:*)",
"Bash(uv:*)",
"Bash(pytest:*)",
"Bash(mypy:*)",
"Bash(ruff:*)"
],
"deniedTools": [
"Edit(.env*)",
"Edit(.aws/**)",
"Bash(rm -rf:*)",
"Bash(sudo:*)"
]
}
```
### CI/CD Pipeline
```json
{
"allowedTools": [
"Read(src/**)",
"Read(tests/**)",
"Read(.github/workflows/**)",
"Bash(git:*)",
"Bash(uv:*)",
"Bash(pytest:*)",
"Bash(mypy:*)"
],
"deniedTools": [
"Edit(**)",
"Bash(sudo:*)",
"Bash(rm:*)"
]
}
```
### Read-Only Analysis
```json
{
"allowedTools": [
"Read(**)",
"Bash(git:log)",
"Bash(git:show)"
],
"deniedTools": [
"Edit(**)",
"Bash(git:push)",
"Bash(git:pull)"
]
}
```
## TRUST 5 Compliance
- **Test-First**: Permission patterns tested with actual Claude Code usage scenarios
- **Readable**: Clear permission naming and organization, documented rationale
- **Unified**: Consistent permission approach across all environments
- **Secured**: Whitelist-based, blocking all dangerous operations
- **Trackable**: Audit trail of permission modifications and changes
## Related Skills
- `moai-cc-hooks` - Hook execution for pre/post-tool validation
- `moai-core-env-security` - Environment variable security
- `moai-cc-sandbox-isolation` - Sandbox mode configuration
---
**Last Updated**: 2025-11-19
**Version**: 4.0.0
**Enterprise Production Ready**: Yes ✅
**Maturity**: StableRelated Skills
react-modernization
Upgrade React applications to latest versions, migrate from class components to hooks, and adopt concurrent features. Use when modernizing React codebases, migrating to React Hooks, or upgrading to...
permission-patterns
Rules for evaluating, classifying, and deduplicating AI tool permissions
multi-model-validation
Run multiple AI models in parallel for 3-5x speedup with ENFORCED performance statistics tracking. Use when validating with Grok, Gemini, GPT-5, DeepSeek, or Claudish proxy for code review, consensus analysis, or multi-expert validation. NEW in v3.1.0 - SubagentStop hook enforces statistics collection, MANDATORY checklist prevents incomplete reviews, timing instrumentation examples. Includes dynamic model discovery via `claudish --top-models` and `claudish --free`, session-based workspaces, and Pattern 7-8 for tracking model performance. Trigger keywords - "grok", "gemini", "gpt-5", "deepseek", "claudish", "multiple models", "parallel review", "external AI", "consensus", "multi-model", "model performance", "statistics", "free models".
modern-web-creator
Creates distinctive, human-quality websites using 2025 design philosophy—anti-design aesthetics, bold minimalism, organic shapes, and intentional imperfection. Specializes in React/TypeScript with Tailwind CSS, shadcn/ui, and custom micro-interactions. Prevents generic AI templates through specific constraints, asymmetric layouts, and brand-aligned creative direction. Use for portfolios, marketing sites, SaaS interfaces, or any project requiring unique visual identity beyond cookie-cutter designs.
modern-python-standards
Strict adherence to modern (3.11+), idiomatic, and type-safe Python development.
modern-python
Modern Python tooling best practices using uv, ruff, ty, and pytest. Mandates the Trail of Bits Python coding standards for project setup, dependency management, linting, type checking, and testing. Based on patterns from trailofbits/cookiecutter-python.
modern-javascript-patterns
Master ES6+ features including async/await, destructuring, spread operators, arrow functions, promises, modules, iterators, generators, and functional programming patterns for writing clean, effici...
modern-java-backend-playbook
Enforces backend Java/Quarkus project standards including architecture layers, design patterns, code reuse, Lombok, TDD, exception handling, and modern Java features. Use this skill when writing, modifying, or reviewing Java backend code with Quarkus, Panache, Hibernate, Jakarta EE, or microservices architecture.
moai-workflow-testing
Comprehensive development workflow specialist combining TDD, debugging, performance optimization, code review, PR review, and quality assurance into unified development workflows
moai-workflow-templates
Enterprise template management with code boilerplates, feedback templates, and project optimization workflows
moai-security-threat
Enterprise Skill for advanced development
moai-security-identity
Enterprise Skill for advanced development