claude-permissions-update

Sync auto-approved permissions from all community-patterns directories (including community-patterns-2, -3, etc.) to the shared project settings. Shows new permissions for review before adding.

9 stars

Best use case

claude-permissions-update is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Sync auto-approved permissions from all community-patterns directories (including community-patterns-2, -3, etc.) to the shared project settings. Shows new permissions for review before adding.

Teams using claude-permissions-update should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/claude-permissions-update/SKILL.md --create-dirs "https://raw.githubusercontent.com/jkomoros/community-patterns/main/.claude/skills/claude-permissions-update/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/claude-permissions-update/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How claude-permissions-update Compares

Feature / Agentclaude-permissions-updateStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Sync auto-approved permissions from all community-patterns directories (including community-patterns-2, -3, etc.) to the shared project settings. Shows new permissions for review before adding.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Claude Permissions Update

**Use this skill to consolidate auto-approved permissions from all your
community-patterns workspaces.**

## Overview

When you work across multiple community-patterns directories (e.g.,
community-patterns, community-patterns-2, etc.), you accumulate different
auto-approved permissions in each directory's `.claude/settings.local.json`.
This skill helps you:

1. Find all community-patterns directories
2. Gather all auto-approved permissions
3. Compare with the project-level `.claude/settings.json`
4. **Filter out junk and path-specific permissions automatically**
5. Show new permissions for your review by category
6. Let you select which to add to the shared settings

## Important: Local Settings Contain Junk

**WARNING:** The `settings.local.json` files often contain accidentally
auto-approved garbage:

- Commit message fragments
- Shell script fragments like `Bash(do)`, `Bash(fi)`, `Bash(then ...)`
- Markdown content from heredocs
- Path-specific permissions like `Bash(../community-patterns-2/patterns/...)`

**The filtering step below is CRITICAL to avoid polluting project settings.**

## Step 1: Scan and Gather Permissions

```bash
# Find all community-patterns directories
echo "=== Scanning community-patterns directories ==="
for dir in /Users/alex/Code/community-patterns*; do
  echo "Found: $dir"
done
```

## Step 2: Extract and Filter New Permissions

```bash
# Get all local permissions (deduplicated)
ALL_LOCAL=$(for dir in /Users/alex/Code/community-patterns*; do
  jq -r '.permissions.allow[]?' "$dir/.claude/settings.local.json" 2>/dev/null
done | sort -u)

# Get project permissions
PROJECT_PERMS=$(jq -r '.permissions.allow[]?' .claude/settings.json 2>/dev/null | sort -u)

# Find new permissions - FILTER for valid patterns only
NEW_PERMS=$(comm -23 <(echo "$ALL_LOCAL") <(echo "$PROJECT_PERMS") | \
  grep -E '^(Bash\(|Skill\(|Read\(|WebFetch\(|mcp__|SlashCommand)')
```

## Step 3: Categorize for Review

**Present permissions in categories to help the user decide:**

### General Commands (with wildcards - usually worth syncing)

```bash
echo "=== General Bash commands (worth syncing) ==="
echo "$NEW_PERMS" | grep -E ':\*\)$' | grep -v '../community-patterns'
```

These have wildcards and are NOT path-specific. Good candidates to sync.

### WebFetch Domains

```bash
echo "=== WebFetch domains ==="
echo "$NEW_PERMS" | grep '^WebFetch'
```

### Skills and MCP Tools

```bash
echo "=== Skills ==="
echo "$NEW_PERMS" | grep '^Skill'

echo "=== MCP tools ==="
echo "$NEW_PERMS" | grep '^mcp__'
```

### Path-Specific (SKIP these)

```bash
echo "=== Path-specific permissions (SKIP) ==="
echo "$NEW_PERMS" | grep '../community-patterns'
```

These are specific to a particular checkout and should NOT be synced.

## Step 4: Review with User

**Use AskUserQuestion to walk through each category:**

1. Present general Bash commands one by one or in small groups
2. Present WebFetch domains (often safe to add all)
3. Present Skills and MCP tools
4. SKIP path-specific permissions automatically

**Ask about each permission individually or in logical groups.**

## Step 5: Update Project Settings

After user approval, edit `.claude/settings.json` to add the approved
permissions to the `permissions.allow` array.

**Use the Edit tool** to add each permission as a new line in the array.

## Workflow Summary

1. **Scan** all community-patterns-* directories
2. **Extract** permissions from each `.claude/settings.local.json`
3. **Filter** - remove junk (non-permission strings) and validate format
4. **Compare** with `.claude/settings.json` to find new ones
5. **Categorize** - separate general vs path-specific
6. **Present** to user by category (skip path-specific automatically)
7. **Update** project settings with approved permissions
8. **Verify** JSON is valid with `jq . .claude/settings.json > /dev/null`

## What to Sync vs Skip

### SYNC These (General Permissions)

- `Bash(command:*)` - wildcarded commands
- `Bash(git subcmd:*)` - git subcommands
- `Bash(deno task:*)`, `Bash(timeout N command:*)` - tool commands
- `WebFetch(domain:example.com)` - domain-specific fetch
- `Skill(skill-name)` - skill invocations
- `mcp__server__tool` - MCP tool permissions
- `Read(//path/**)` - read patterns with wildcards

### SKIP These (Junk/Path-Specific)

- `Bash(../community-patterns-N/...)` - relative paths to specific checkouts
- `Bash(do)`, `Bash(fi)`, `Bash(then ...)` - shell fragments
- Anything that looks like a commit message or markdown
- Anything without parentheses or proper permission format

## Notes

- This skill does NOT modify the local settings files
- It only adds permissions to the shared project settings
- User must approve all additions
- After adding to project settings, the permissions will be available across all
  community-patterns workspaces
- Always verify JSON validity after editing

Related Skills

testing

9
from jkomoros/community-patterns

Test patterns with Playwright browser automation. Navigate to deployed patterns, interact with UI elements, verify functionality. Use when testing patterns after deployment or when debugging pattern behavior in browser.

Superstition Verification Skill

9
from jkomoros/community-patterns

Use this skill to systematically verify superstitions in

strategic-investigation

9
from jkomoros/community-patterns

Proactive recovery using plan mode and subagents. After 1-2 failed attempts, STOP trying variations. Enter plan mode and launch parallel Explore/Plan agents to find idiomatic solutions instead of spinning wheels.

session-startup

9
from jkomoros/community-patterns

Session initialization sequence for community-patterns development. Use at the start of every Claude Code session. Checks for upstream updates, loads workspace configuration, and ensures dev servers are running.

recovery-strategies

9
from jkomoros/community-patterns

Escalation path when stuck on pattern development. Use when encountering TypeScript errors, framework confusion, unexpected behavior, or blocked progress. Five-step recovery: check docs, study examples, strategic investigation (plan mode + subagents), reset and retry, ask user.

pattern-dev

9
from jkomoros/community-patterns

Day-to-day pattern development best practices. Use when actively developing patterns. Covers incremental development, commits, communication guidelines, and general development workflow.

land-branch

9
from jkomoros/community-patterns

Land a feature branch: pull from main, rebase the branch, create a PR, and merge it via rebase with automatic branch deletion. Use when ready to land a completed feature branch.

issue-filing

9
from jkomoros/community-patterns

File framework issues after exhausting other approaches. Document complex problems with multiple failed attempts for framework authors. REQUIRES user permission. Use only after checking docs, community-docs, and trying multiple approaches.

git-workflow

9
from jkomoros/community-patterns

Git operations and pull request workflows. Create PRs, rebase branches, resolve conflicts, merge to upstream. Use when ready to create PR or when working with git branches and upstream.

deployment

9
from jkomoros/community-patterns

Deploy and update patterns. Use when deploying new patterns, updating existing deployments, or testing syntax. Includes deployment commands and the first custom pattern celebration.

community-docs

9
from jkomoros/community-patterns

Community superstitions - unverified observations from pattern development. Use when encountering undocumented edge cases or framework quirks not in official docs. Verified knowledge should be upstreamed to labs docs.

securing-aws-iam-permissions

16
from plurigrid/asi

This skill guides practitioners through hardening AWS Identity and Access Management configurations to enforce least privilege access across cloud accounts. It covers IAM policy scoping, permission boundaries, Access Analyzer integration, and credential rotation strategies to reduce the blast radius of compromised identities.