[FEATURE] trusted scripts that have read/write capabilities can be run w/o permissions if read only

Resolved 💬 4 comments Opened Mar 26, 2026 by gyngve Closed Apr 26, 2026

Preflight Checklist

  • [x] I have searched existing requests and this feature hasn't been requested yet
  • [x] This is a single feature request (not multiple features)

Problem Statement

People are writing scripts to do CRUD on various things, to be used by claude. It could be a bunch of different scripts or a mega-script with a bunch of subcommands. It's hard for individual users to manage which subcommands are safe, e.g., read-only, or not. Instead, users are admitting defeat on the friction and living dangerously.

Proposed Solution

Rather than per-script having to enumerate which subcommands are safe or not in your claude, it would be great if we could design an interface where the script has a --read-only or --safe-only flag that blocks writes within the script, and then you allowlist the script to claude, without having to worry about subcommands. If claude thinks it is doing a read-only op, it passes the flag, basically delegating safety to trusted scripts.
Bonus if you can expose something similar for bash/php/python that is doing just text parsing/processing and consider certain writes safe, like maybe a subfolder of /tmp.

Alternative Solutions

_No response_

Priority

High - Significant impact on productivity

Feature Category

CLI commands and flags

Use Case Example

I'm asking claude to investigate an alert by giving it the corresponding task. It uses the task CLI to read the contents. It should know that reading the task is safe and delegate safety to the trusted task CLI. It then queries logs to RCA the task. Again, reading. The logs need to be parsed, so it writes some python to do that. Ideally there would be some sort of sandbox mode for python where you can trust that the only syscalls python is making involve stdin/stdout. Claude could then save the results to a new file in /tmp without asking either. Then claude asks you for permissions to comment on the task with findings, because that is a write.

Additional Context

_No response_

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗