Support git-aware permission rules for destructive operations

Resolved 💬 2 comments Opened Feb 27, 2026 by j0hnm4r5 Closed Mar 27, 2026

Feature Request

Problem

The current permission system (allow, ask, deny in settings.json) uses string pattern matching on command names and arguments. This means there's no way to distinguish between destructive operations on git-tracked files (recoverable via git checkout) versus untracked files (permanently lost).

For example, Bash(rm:*) in the ask list prompts for all rm commands equally, even though deleting a tracked file is low-risk while deleting an untracked file could cause permanent data loss.

Proposed Solution

Add support for git-aware context in permission rules. Some possible syntax ideas:

{
  "allow": [
    "Bash(rm:*):git-tracked",
  ],
  "ask": [
    "Bash(rm:*):git-untracked"
  ]
}

Or a higher-level option:

{
  "permissions": {
    "gitAwareMode": true
  }
}

When enabled, destructive file operations (rm, mv, overwriting via Write/Edit) on untracked files would automatically escalate from allow to ask, ensuring the user is prompted before permanently deleting or overwriting files that aren't recoverable from version control.

Use Case

Users who want Claude Code to operate with minimal friction on version-controlled code while maintaining safety for untracked files (scripts, local configs, generated artifacts, etc.).

Related issues: #1585, #6608

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗