Permissions
Claude Code permission rules that Coding Friend needs to run its skills and hooks.
Overview
Claude Code uses a permission system to control which tools and commands can run without prompting. When you use Coding Friend skills like /cf-commit, /cf-fix, or /cf-research, Claude Code may ask for permission each time a tool is invoked — for example, running git add, npm test, or searching the web.
To avoid repeated prompts, Coding Friend can add permission rules to your project-local settings (.claude/settings.local.json). These rules tell Claude Code which operations are pre-approved for this project.
☝️ The permissions are scoped to the current project only — they do not affect other projects or global Claude Code settings.
Quick Setup
# Run the interactive permission manager
cf permission
# Or apply all recommended permissions at once
cf permission --all
# Choose scope: project (default) or user
cf permission --all --project
cf permission --all --user
You can also configure permissions during initial setup via cf init (Step 8), or from cf config → Permissions.
Permission Categories
Core Utilities
These permissions power the session-init hook, statusline hook, memory-capture hook, and are used by multiple skills for file searching, text processing, and directory creation.
| Rule | What it enables |
|---|---|
Bash(cat *) | Session-init hook reads the bootstrap context file. ⚠️ System-wide scope — Claude Code's own project scoping restricts actual access. |
Bash(grep *) | Session-init hook extracts config values and ignore patterns. /cf-fix, /cf-ask, /cf-review use grep for frontmatter and sensitive path searches. ⚠️ System-wide scope. |
Bash(sed *) | Session-init hook parses JSON config values and escapes output. |
Bash(tr *) | Session-init hook converts ignore patterns into regex alternation. |
Bash(wc *) | /cf-review counts changed files/lines for review depth. cf-verification verifies test output completeness. |
Bash(mkdir *) | /cf-learn, /cf-remember, /cf-ask, /cf-research create output directories on first use. |
Bash(find *) | /cf-learn lists existing learning files. |
Bash(ls *) | Statusline hook and session-init hook list files. |
Bash(jq *) | Statusline hook, session-init hook, and memory-capture hook parse JSON. |
Bash(date *) | Statusline hook formats timestamps. |
Bash(pwd) | Session-init hook and /cf-learn get current directory. |
Bash(stat *) | Statusline hook checks cache freshness. |
Bash(node -e *) | Memory-capture hook parses JSON inline. |
Bash(touch /tmp/coding-friend/*) | /cf-review creates temp marker files for mark-reviewed tracking. |
Git Operations
These permissions control what Coding Friend can do with your git repository. They range from read-only inspection to remote operations that push code.
| Rule | What it enables |
|---|---|
Bash(git status *) | Read-only. /cf-commit, /cf-review, cf-verification check working tree status. |
Bash(git diff *) | Read-only. /cf-commit reads staged/unstaged diffs and scans for secrets. /cf-review performs 5-layer code review. cf-verification checks for uncommitted changes. |
Bash(git log *) | Read-only. /cf-commit matches commit style. /cf-review reads context. cf-sys-debug finds when bugs were introduced. |
Bash(git branch *) | Read-only. /cf-ship and cf-sys-debug list/manage branches. |
Bash(git rev-parse *) | Read-only. Hooks and /cf-commit check git repo state. |
Bash(git add *) | Modifies staging area. /cf-commit stages individual files (never git add . or -A). |
Bash(git reset HEAD *) | Modifies staging area. /cf-commit unstages files when secrets are detected in staged content. |
Bash(git commit *) | Creates commits. /cf-commit creates conventional commits. /cf-ship calls /cf-commit as part of its flow. |
Bash(git push *) | Pushes to remote. /cf-ship pushes your branch. Only /cf-ship uses this. |
Bash(git pull *) | Pulls from remote. /cf-ship pulls with rebase only when push fails due to newer remote commits. |
GitHub CLI
| Rule | What it enables |
|---|---|
Bash(gh pr *) | Creates GitHub PRs. /cf-ship runs gh pr create after pushing. Only creates a PR if you're not on main/master. |
Testing & Build
These permissions let Coding Friend run your project's test suite and build scripts.
| Rule | What it enables |
|---|---|
Bash(npm test *) | cf-tdd runs tests in the RED-GREEN-REFACTOR cycle. cf-verification runs the full test suite. /cf-fix runs failing tests to reproduce and confirm fixes. |
Bash(npm run *) | cf-verification runs npm run build and npm run lint as completion gates. Also used for npm run format. |
Bash(npx *) | cf-verification runs tools like eslint and tsc directly via npx. |
MCP Memory
These permissions control access to Coding Friend's memory system. All tools are namespaced to mcp__coding-friend-memory__*.
| Rule | What it enables |
|---|---|
mcp__coding-friend-memory__memory_search | Read-only. Search project memories. Used by: cf-explorer agent, all skills. |
mcp__coding-friend-memory__memory_list | Read-only. List all memories. Used by: /cf-scan. |
mcp__coding-friend-memory__memory_retrieve | Read-only. Get a specific memory by ID. Used by: skills. |
mcp__coding-friend-memory__memory_store | Write. Create new memory. Used by: /cf-remember, /cf-scan, /cf-ask. |
mcp__coding-friend-memory__memory_update | Modify. Update existing memory. Used by: /cf-remember, /cf-scan. |
mcp__coding-friend-memory__memory_delete | Modify. Delete a memory. Used by: /cf-scan. |
Web & Research
Used exclusively by /cf-research. These are not recommended by default — enable them only if you use the research skill.
| Rule | What it enables |
|---|---|
WebSearch | /cf-research searches the web for up-to-date information. Subagents perform focused searches on different aspects. |
WebFetch(domain:*) | /cf-research fetches web pages. Content from external sources is treated as untrusted data; embedded prompt injections are discarded and flagged. |
External Learn Directory
These rules are only needed when /cf-learn is configured to write to a directory outside your project (e.g., ~/notes/learn). They are generated dynamically based on your configured learn.outputDir path. If your learn directory is inside your project (the default docs/learn/), you do not need these.
| Rule | What it enables |
|---|---|
Read(~/path/**) | /cf-learn reads existing markdown files in the external directory to check for duplicates before creating new notes, and to append to existing files when a topic already has a note. |
Edit(~/path/**) | /cf-learn edits existing learning notes — e.g., appending new sections to an existing topic file rather than creating a duplicate. |
Write(~/path/**) | /cf-learn creates new markdown files with YAML frontmatter (title, description, tags, date) for topics that don't have an existing note. |
Bash(cd ~/path && git add *) | Only if learn.autoCommit is enabled in config. /cf-learn stages newly created or updated learning notes in the external directory's git repo. |
Bash(cd ~/path && git commit *) | Only if learn.autoCommit is enabled in config. /cf-learn commits the staged learning notes with a conventional commit message in the external directory's git repo. |
Manual Setup
If you prefer to manage permissions manually, edit .claude/settings.local.json (project) or ~/.claude/settings.json (user):
{
"permissions": {
"allow": [
"Bash(cat *)",
"Bash(grep *)",
"Bash(git add *)",
"Bash(git commit *)",
"Bash(npm test *)"
]
}
}
Project vs User Scope
cf permission supports both scopes:
- Project (
.claude/settings.local.json) — applies only to this project, gitignored. Default when running interactively. - User (
~/.claude/settings.json) — applies to all projects. Useful if you use Coding Friend across many repos.
Use --project or --user to skip the interactive scope prompt.
Permission Tiers
- Tier 1 (Static) — Path-independent rules: shell utilities (
cat,grep,jq,ls...), git operations, npm test/build, MCP memory tools, web research. These never change between plugin versions. - Tier 2 (Plugin Scripts) — Four rules that cover all Coding Friend plugin scripts across all versions. Two Bash rules handle quoted and unquoted path invocations:
Bash(bash $HOME/.claude/plugins/cache/coding-friend-marketplace/coding-friend/*)andBash(bash "$HOME/.claude/plugins/cache/coding-friend-marketplace/coding-friend/*). Two Read rules allow reading plugin files and global config:Read(~/.claude/plugins/cache/coding-friend-marketplace/coding-friend/**)andRead(~/.coding-friend/**). All are version-independent — permissions survive plugin updates automatically.
Security Notes
- All Tier 1 rules use granular patterns (e.g.,
Bash(git add *)instead ofBash(git *)) to minimize the scope of each rule. - The Tier 2 plugin script rule is scoped to the Coding Friend plugin cache directory only — it cannot execute scripts outside of
~/.claude/plugins/cache/coding-friend-marketplace/coding-friend/. - MCP memory tools are namespaced:
mcp__coding-friend-memory__*— only Coding Friend's memory MCP server is affected. - ⚠️ Some Core rules (
Bash(cat *),Bash(grep *)) are system-wide in scope — they allow the command on any path. Claude Code's own project-scoping feature restricts actual access to the current project directory. - Web permissions (
WebSearch,WebFetch) are not recommended by default — they are opt-in for users of/cf-research. cf permissiononly manages rules it knows about. Your existing custom rules are never modified or removed.- See Security for more on Coding Friend's security model.
See Also
cf permission— CLI command for managing these permissionscf init— initial setup wizard (Step 8 configures permissions)cf config— edit settings including permissions- Security — security model and threat protection