[FEATURE] Support TLD-level wildcard matching for WebFetch permissions

Resolved 💬 3 comments Opened Mar 6, 2026 by sanjeevpenupala Closed Apr 22, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

Currently, WebFetch permission rules only support domain-level matching (e.g., WebFetch(domain:example.com)). There is no way to permit an entire top-level domain like .edu or .org, forcing users to manually list every individual domain they want to allow.

Proposed Solution

Extend WebFetch domain permission syntax to support TLD-level wildcards:

{
  "permissions": {
    "allow": [
      "WebFetch(domain:*.edu)",
      "WebFetch(domain:*.org)"
    ]
  }
}

Alternative Solutions

Current workaround requires explicitly listing each domain:

{
  "permissions": {
    "allow": [
      "WebFetch(domain:mit.edu)",
      "WebFetch(domain:stanford.edu)",
      "WebFetch(domain:harvard.edu)"
    ]
  }
}

Priority

Medium - Would be very helpful

Feature Category

Configuration and settings

Use Case Example

An educational institution or research organization wants Claude Code to access documentation from any accredited university domain (.edu). Instead of maintaining a list of hundreds of institutional domains, a simple WebFetch(domain:*.edu) rule would grant appropriate access with a single permission rule.

Additional Context

This feature request is related to issue #9329 (general wildcard domain matching), but focuses specifically on TLD-level matching which has distinct use cases and could be implemented independently.

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗