[FEATURE] Support TLD-level wildcard matching for WebFetch permissions
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
Currently, WebFetch permission rules only support domain-level matching (e.g., WebFetch(domain:example.com)). There is no way to permit an entire top-level domain like .edu or .org, forcing users to manually list every individual domain they want to allow.
Proposed Solution
Extend WebFetch domain permission syntax to support TLD-level wildcards:
{
"permissions": {
"allow": [
"WebFetch(domain:*.edu)",
"WebFetch(domain:*.org)"
]
}
}
Alternative Solutions
Current workaround requires explicitly listing each domain:
{
"permissions": {
"allow": [
"WebFetch(domain:mit.edu)",
"WebFetch(domain:stanford.edu)",
"WebFetch(domain:harvard.edu)"
]
}
}
Priority
Medium - Would be very helpful
Feature Category
Configuration and settings
Use Case Example
An educational institution or research organization wants Claude Code to access documentation from any accredited university domain (.edu). Instead of maintaining a list of hundreds of institutional domains, a simple WebFetch(domain:*.edu) rule would grant appropriate access with a single permission rule.
Additional Context
This feature request is related to issue #9329 (general wildcard domain matching), but focuses specifically on TLD-level matching which has distinct use cases and could be implemented independently.
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗