Support git-aware permission rules for destructive operations
Feature Request
Problem
The current permission system (allow, ask, deny in settings.json) uses string pattern matching on command names and arguments. This means there's no way to distinguish between destructive operations on git-tracked files (recoverable via git checkout) versus untracked files (permanently lost).
For example, Bash(rm:*) in the ask list prompts for all rm commands equally, even though deleting a tracked file is low-risk while deleting an untracked file could cause permanent data loss.
Proposed Solution
Add support for git-aware context in permission rules. Some possible syntax ideas:
{
"allow": [
"Bash(rm:*):git-tracked",
],
"ask": [
"Bash(rm:*):git-untracked"
]
}
Or a higher-level option:
{
"permissions": {
"gitAwareMode": true
}
}
When enabled, destructive file operations (rm, mv, overwriting via Write/Edit) on untracked files would automatically escalate from allow to ask, ensuring the user is prompted before permanently deleting or overwriting files that aren't recoverable from version control.
Use Case
Users who want Claude Code to operate with minimal friction on version-controlled code while maintaining safety for untracked files (scripts, local configs, generated artifacts, etc.).
Related issues: #1585, #6608
This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗