[FEATURE] Allowlist/Denylist Variable Support
Preflight Checklist
- [x] I have searched existing requests and this feature hasn't been requested yet
- [x] This is a single feature request (not multiple features)
Problem Statement
I want to set up allowlist/denylist permissions for the current working directory. I know they are JSON strings and literally interpreted, but i would like to be able to do something like "Bash(grep * $(pwd)) - or whatever the equivalent would be.
The idea is that i can allow claude code to run any bash command, or whatever is specified, in the current working directory only.
Expanding on this, it would be nice to have variable resolution/support for the settings.json - Or other options for settings file, if not possible with json.
Proposed Solution
I would like to see either variable resolution from json string values, or a setting to apply other settings file types that can interpret variables.
Possibly .env style claude settings files, or .sh scripts that return an allowlist.
e.g. ~/.claude/allowlist.sh, ~/.claude/allowlist.env with an env loader.
Alternative Solutions
I have tried setting it up with a local vs global claude settings.
This works for each new project as you go through and add settings to the allow list. But it would be nice to set up a global user config that can expand variables for new projects.
Priority
Medium - Would be very helpful
Feature Category
Configuration and settings
Use Case Example
Users who work in a multi-project monorepo structure (e.g. ~/dir/repo-a, ~/dir/repo-b) want to auto-approve commands operating within the current project directory while still requiring permission for commands that touch sibling project directories.
Without variable expansion, this is impossible to express. You either allow all paths or must hardcode
the project name, which breaks portability across machines or when the project is renamed.
Additional Context
_No response_
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗