[FEATURE] Allow settings.json to prompt

Resolved 💬 3 comments Opened Feb 23, 2026 by queglay Closed Feb 26, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

Summary
Currently, Bash command permissions in Claude Code operate as a binary: commands are either auto-approved or auto-denied. There is no middle ground that allows Claude to ask the user before proceeding for specific commands or patterns.
Problem
When Bash(*) is set to allow, all Bash commands are auto-approved. The only way to restrict specific commands (e.g. rm) is to add them to the deny list — which blocks them entirely rather than prompting for confirmation.
Conversely, if Bash(*) is removed from the allow list to re-enable default "ask" behaviour for a specific command, the user loses the convenience of auto-approval for all other commands and must manually enumerate every allowed pattern.
This creates an all-or-nothing tradeoff: either trust everything or lose blanket approval.

Proposed Solution

Desired Behaviour
A third permission level — prompt — that would cause Claude to pause and ask the user for explicit confirmation before executing matching commands, without blocking them outright.
Example configuration (conceptual):
json{
"permissions": {
"allow": ["Bash(*)"],
"deny": [],
"prompt": ["Bash(rm *)"]
}
}
With this setup:

Most Bash commands run automatically (via Bash(*) allow)
rm commands pause and ask the user: "I'm about to run rm -rf ./old_logs. Proceed?"
The user can confirm or cancel per-invocation

Use Cases

Destructive commands (rm, rmdir, truncate, dd) — confirm before data loss
Network requests (curl, wget, ssh) — confirm before external communication
Package installations (npm install, pip install) — confirm before modifying dependencies
Privilege escalation (sudo) — confirm before elevated execution

Why This Matters
Power users who grant broad Bash(*) approval still want a safety net for a small class of high-risk commands. The current binary permission model forces a choice between convenience and safety. A prompt tier resolves this tension cleanly.
Proposed Implementation Notes

prompt entries should be evaluated after allow and before deny in the permission resolution order, or alternatively prompt should take precedence over allow for matched patterns
The prompt should display the exact command to be run and ask for a yes/no confirmation in the chat interface
Optionally: support a "remember for this session" checkbox to avoid repeat prompts for the same pattern

Related Behaviour
This is consistent with how Claude already handles sensitive browser actions (e.g. form submissions, purchases) — pausing to confirm rather than auto-executing or hard-blocking.

Alternative Solutions

_No response_

Priority

Critical - Blocking my work

Feature Category

CLI commands and flags

Use Case Example

_No response_

Additional Context

_No response_

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗